Forensic and Investigative Accounting Chapter 1

advertisement
Forensic and Investigative Accounting
Chapter 13
Computer Forensics:
A Brief Introduction
© 2005, CCH INCORPORATED
4025 W. Peterson Ave.
Chicago, IL 60646-6085
http://tax.cchgroup.com
A WoltersKluwer Company
Definition of Computer Forensics
Computer forensics is the analysis of electronic
data and residual data for the purposes of its
recovery, legal preservation, authentication,
reconstruction, and presentation to solve or aid in
solving technology-based crimes.
Chapter 13
Forensic and Investigative Accounting
2
SAS 31 – Evidential Matter
Provides guidelines for audit engagements
encountering electronic documents.
 It may not be practical or possible to reduce
detection risk to an acceptable level using
only substantive tests. In these cases, must
perform tests of system controls to show
they are strong enough to mitigate the risks
inherent in electronic audit evidence.
 May require use of CAATs or GAS.

Chapter 13
Forensic and Investigative Accounting
3
SAS 80 – Amendment to SAS 31




Under situations where detection risk cannot be
satisfactorily reduced by substantive testing,
requires auditor to use tests of systems controls.
Defines evidential matter as written and electronic
documents.
Notes that time lapse is important as electronic
evidence can be quickly destroyed or is not
retrievable after a certain time.
Auditor needs an understanding of how
information is extracted from the network.
Chapter 13
Forensic and Investigative Accounting
4
SAS No. 99 Guidelines for
Testing Digital Data
SAS No. 99 states:
In an IT environment, it may be necessary
for the auditor to employ computer-assisted
audit techniques (for example, report
writers, software or data extraction tools, or
other system-based techniques) to identify
the journal entries or other adjustments to
be tested.
Chapter 13
Forensic and Investigative Accounting
5
Sarbanes-Oxley 2002

If there are design failures or weaknesses in
the financial reporting of digital data, it may
mean there is a significant deficiency or
material weakness.
Chapter 13
Forensic and Investigative Accounting
6
PCAOB
Has taken over setting audit standards for
auditors.
 Supports Auditing Standard No. 2 – An
Audit of Internal Control Over Financial
Reporting in Conjunction with An Audit of
Financial Statements.
 A company’s use of information technology
in its IS affect the company’s internal
control over financial reporting.

Chapter 13
Forensic and Investigative Accounting
7
IT Guidelines under COSO Framework
Guidelines have been established for these areas:
1.
Internal control environment
2.
Objective setting
3.
Event identification
4.
Risk assessment
5.
Risk response
6.
Control activities
7.
Information and communication
8.
Monitoring
Chapter 13
Forensic and Investigative Accounting
8
COBIT’s Goals
COBIT’s goals are to set control objectives
for IT compliance using a strategic planning
perspective and at the same time to outline, in
detail, the proper procedures to be followed
for specific compliance measures.
Chapter 13
Forensic and Investigative Accounting
9
Restrictions
Computer and database searches may come
under First Amendment privileges and
protection.
 Restrictions on wide seizures are protected
by the Fourth Amendment.
 Cautions must be performed when
electronic evidence is collected (13-14).

Chapter 13
Forensic and Investigative Accounting
10
Chapter 13
Forensic and Investigative Accounting
11
Technical Skills for Digital
Evidence Collection
Necessary skills are based on the following requirements:
1.
Understanding of various operating systems
2.
Quickly identifying pertinent digital data
3.
Properly preserving data
4.
Properly securing data
5.
Properly collecting data
6.
Maintaining a proper chain of custody
Chapter 13
Forensic and Investigative Accounting
12
Forensic Investigative Tools
Imaging software:
 EnCase
 SafeBack
Data extraction or data mining software:
 ACL
 Data Extraction and Analysis (IDEA)
Chapter 13
Forensic and Investigative Accounting
13
Chapter 13
Forensic and Investigative Accounting
14
Chapter 13
Forensic and Investigative Accounting
15
Chapter 13
Forensic and Investigative Accounting
16
Chapter 13
Forensic and Investigative Accounting
17
Chapter 13
Forensic and Investigative Accounting
18
Chapter 13
Forensic and Investigative Accounting
19
Download