Essentials of

Internal Auditing
Section VI
 Section VI: Fraud Risks
• Topic A: Fraud Risks and
Types of Fraud
• Topic B: Potential for Fraud
Occurrence
• Topic C: Controls to Prevent/
Detect Fraud and Education
to Improve Fraud Awareness
• Topic D: Forensic Auditing

www.LearnCIA.com
v6.0 Part 1, Section VI VI-2
 Standards Glossary
Definition of Fraud
“Any illegal act characterized by deceit, concealment,
or violation of trust. These acts are not dependent
upon the application of threat of violence or of
physical force. Frauds are perpetrated by parties and
organizations to obtain money, property, or services; to
avoid payment or loss of services; or to secure
personal or business advantage.”

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-3
 Auditor’s Responsibilities Related
to Detecting Fraud
• Consider fraud risks when assessing controls and
determining audit steps.
• Have sufficient knowledge to identify red flags of fraud.
• Be alert to fraud opportunities, like control weaknesses.
• Determine if any suspected fraud merits investigation.
• Recommend an investigation to internal authorities
given determination that fraud has occurred.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-4
 Two Major Types of Fraudulent Acts
Fraud That Injures Fraud Intended to
Organization Benefit Organization
• Asset misappropriation • Financial statement fraud
• Skimming • Information misrepresentation
• Disbursement fraud • Corruption
• Expense reimbursement fraud • Bribery
• Payroll fraud • Related-party activity
• Conflict of interest • Tax evasion
• Diversion

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-5
 Fraud Categories
Financial • Fictitious revenues; wrong asset values; no disclosure
statement fraud • Expenses in wrong period; concealing liabilities
• Bad transfer pricing or off-balance-sheet accounting
Cash theft • Skimming, lapping, deposit theft, money for scrap
Fraudulent • “Ghost employees” or vendors (or colluding on bills)
disbursement • False refunds, expense reports, or bills of lading
Misuse or theft • Selling fake assets or credit card numbers, equipment, or
of assets intellectual property
• Falsifying records or not recording events or transactions
Bribery and • Not arm’s length; illegal; deliberate errors; bid rigging
corruption

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-6
 Practice Question
Which is an indicator of fraud in a purchasing area
engagement?
A. Liabilities incurred are recorded properly but are updated
after cash disbursement and purchasing-related adjustment.
B. The cost of routine purchases is rising quickly right along with high
inflation.
C. Some vendors have dramatic increases in orders, but there were no
changes in production specifications or new bids collected.
D. Turnover among purchasing area buyers is significantly less than in
other areas.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-7
 Practice Question
Which is an indicator of fraud in a purchasing area
engagement?
A. Liabilities incurred are recorded properly but are updated
after cash disbursement and purchasing-related adjustment.
B. The cost of routine purchases is rising quickly right along with high
inflation.
C. Some vendors have dramatic increases in orders, but there were no
changes in production specifications or new bids collected.
D. Turnover among purchasing area buyers is significantly less than in
other areas.
Answer: C. The specific nature of the engagement can help to identify the
relevant types of fraud and red flags for inquiry.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-8
 Guidelines for Assessing Fraud Risk
• Use the organization’s enterprise risk management model
(if one exists).
• Otherwise:
– Understand fraud schemes that pose threats.
– Use a risk model (e.g., COSO ERM) to map and assess
vulnerability.
– Consider whether fraud could be committed by an individual or
requires collusion.
– Consider potential negative effects of unjust suspicions.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-9
 COSO Fraud Risk Management Guide
Maps to COSO’s Internal Control—Integrated Framework components
Principle 1: Control Establish/communicate fraud risk management program.
environment
Principle 2: Risk Do comprehensive fraud risk assessments; assess fraud
assessment controls/gaps.
Principle 3: Control Select, develop, implement preventive and detective fraud
activities controls.
Principle 4: Ensure potential fraud reporting process, timely/coordinated
Information and investigation.
communication
Principle 5: Evaluate fraud risk management program.
Monitoring

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-10
 Effective Fraud Risk Assessment
• Perform on systematic and • Assess exposure from each
recurring basis. fraud risk category.
• Consider possible fraud • Involve appropriate
schemes and scenarios. personnel.
• Assess risk across multiple • Consider management
levels. override of controls.
• Evaluate likelihood, • Update when special
significance, pervasiveness. circumstances arise.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic A VI-11
 Fraud Red Flags
Fraud Indicators
• Signs indicating: • Audit planning: direct
– Inadequacy of audit attention/scope
controls in place to to questionable areas/
deter fraud. activities.
– Possibility that some • Only warning signs;
perpetrator has not proof.
committed fraud.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-12
 Sawyer’s Fraud Condition Examples
• Loose internal controls • Lack of background checks
• Poor management on new hires
philosophy • Lack of employee support
• Poor financial position programs
• Low employee morale • General conditions—high
• Ethics confusion turnover, mergers, excess
trust in key employees

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-13
 Potential for Fraud
• Opportunity
Is there a window of opportunity
for fraud, or can someone create one?
• Motive
Rationalization
Do people want power or money?
Is there an incentive/pressure like addiction or stress?
• Rationalization
Does someone feel entitled, are they amoral, or do they
rationalize desperation such as “just borrowing”? Does the
culture make some unacceptable behavior common anyway?
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-14
 Categorizing Red Flags
Audit cycle These are characterized by the point in the audit cycle in
red flags which they are observed.
Environmental These are characterized by the environments in which they
red flags occur.
Industry- The nature of certain industries creates the opportunity
specific red for certain types of fraudulent activity that have their own
flags red flags.
Perpetrator These are tied to the perpetrators—whether they are
red flags employees or managers.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-15
 Discussion Question
What are some examples of audit
cycle red flags?

Revenue
cycle
Expenditures
cycle
Production
cycle
Financing
cycle
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-16
 Discussion Question
What are some examples of audit
cycle red flags?
Sample answers:
Revenue Unusual increases; sales to shipments discrepancies; slow
cycle collections
Expenditures High turnover among purchasers or in payroll area;
cycle inordinate amount of purchasing from a vendor
Production Consistent overruns; excessive waste or write-
cycle offs; uncontrolled access to warehouse
Financing Changes to key figures pre-financing; sales and
cycle receivables discrepancies
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-17
 Discussion Question
What are some examples of
environmental red flags?

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-18
 Discussion Question
What are some examples of
environmental red flags?
Sample answers:
• Stiff, unfair competition
• Lax regulation
• Industry or cultural trend toward dishonesty and disregard of law
and regulation
• Loss of contracts; reorganization that disrupts control policies;
poor ethics training
• International organizations and organizations dependent on
computer technology
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-19
 Discussion Question
What are some examples of industry-
specific red flags in these areas?

Financial services

Insurance

Manufacturing

Energy

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-20
 Discussion Question
What are some examples of industry-
specific red flags in these areas?
Sample answers:
Financial services Misstatement of sales and earnings; diversion of
cash from accounts; loans to fictitious entities
Insurance Fraudulent claims; payouts to nonexistent clients;
misevaluation of underwritten properties
Manufacturing Cost overruns and discrepancies, less scrap
reported than expected
Energy False valuation of assets; misstatement of
profits; bribes and cover-ups

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-21
 Perpetrator Red Flags
• Opportunity
– Won’t take breaks, promotions, or vacations
– Volunteers for jobs with access to cash/assets Rationalization
– Cultivates close associations with certain customers
– Crisis atmosphere; failure to reconcile/investigate; many overrides

• Motive
– Possessions or lifestyle inconsistent with family income; boasting; high debts or
creditor calls
– Pressure to meet company or family goals; plays stock market

• Rationalization
– Poor ethics or history of rule breaking; attributing irregularities to harmless bad
habits (dislike for task); personal grievances

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-22
 Discussion Question
What are some more examples of
perpetrator red flags?

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-23
 Discussion Question
What are some more examples of
perpetrator red flags?
Sample answers:
• Pattern of complaints
• Decline in morale or attendance
• Abrupt resignations
• Evasive answers; adversarial attitude; lack of cooperation during audit
• Unexplained variances; unusual shortages in cash or inventories; missing
or altered documents
• Managers who are poor in other ways (late with reports)

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-24
 Discussion Question
What are some examples of financial
statement red flags?

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-25
 Discussion Question
What are some examples of financial
statement red flags?
Sample answers:
• Fictitious revenues (e.g., complex transactions, odd
timing, sales to unknown companies)
• Improper asset valuation (e.g., inventory count changes,
fictitious assets and accounts)
• Concealed liabilities (e.g., less than expected)
• Improper disclosures (e.g., ineffective board)
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-26
 Determining if Suspected Fraud
Merits Investigation
If significant control weaknesses are detected, internal auditors
should:
• Recognize that presence of more than one indicator increases
probability that fraud has occurred.
• Evaluate indicators of fraud and decide whether further action or
investigation is necessary.
• Notify appropriate authorities.
• Support further investigation by providing sound data and ensuring
that suspected perpetrators are not alerted.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-27
 Objectives of a Fraud Investigation
• Protect the innocent, establish • Identify behavior patterns.
facts, and resolve the matter. • Determine motives and
• Quickly stop loss. suspects.
• Support successful • Provide factual basis for
prosecution. discipline, etc.
• Identify, gather, and protect • Account for and recover
evidence. assets.
• Identify and interview • Identify control weaknesses.
witnesses.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-28
 Role of Internal Audit
• Define in charter and fraud policies and procedures.
• Proficiency: fraud schemes, investigation skills, laws.
• In-house/out-source/non-audit staff to assemble team quickly.
• If not investigating, recommend control improvements:
– Process follows policy/procedure and laws.
– Locate/secure misappropriated assets.
– Support legal proceedings or insurance claims.
– Post-investigation reporting.
– Monitor implementation of recommended control enhancements.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-29
 Conducting the Investigation
Create an Interview
Obtain
investigation and
evidence
plan interrogate

Report Resolve Evaluate

Communicate
investigation fraud lessons
results
results incidents learned

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-30
 Practice Question
What should an investigation plan include to ensure that
evidence gathered on potential fraud involving a supplier
will be useful?
A. Interrogations are limited to one-on-one discussions.
B. Vendor information should be restricted to internal
sources for verifiability.
C. A knowledgeable purchasing department employee
should conduct the interrogation.
D. In gathering evidence, the legal rules and business uses
of the evidence should be considered.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-31
 Practice Question
What should an investigation plan include to ensure that
evidence gathered on potential fraud involving a supplier
will be useful?
A. Interrogations are limited to one-on-one discussions.
B. Vendor information should be restricted to internal
sources for verifiability.
C. A knowledgeable purchasing department employee
should conduct the interrogation.
D. In gathering evidence, the legal rules and business uses
of the evidence should be considered.
Answer: D. Investigation plans should provide training on documenting and
preserving evidence to ensure that the evidence is admissible.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-32
 Practice Question
A fraud defendant’s lawyer claims that a record could have
been created later than when the prosecution claims it was.
What should exist to disprove this, given proper evidence
gathering?
A. Refer to the inventory or log chronology.
B. The second interrogator can act as a witness.
C. Produce the electronic version of the record.
D. Chain-of-custody should exist solely in the computer-
assisted data analysis.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-33
 Practice Question
A fraud defendant’s lawyer claims that a record could have
been created later than when the prosecution claims it was.
What should exist to disprove this, given proper evidence
gathering?
A. Refer to the inventory or log chronology.
B. The second interrogator can act as a witness.
C. Produce the electronic version of the record.
D. Chain-of-custody should exist solely in the computer-
assisted data analysis.
Answer: A. All reports, documents, and evidence obtained should be
recorded chronologically in an inventory or log. Chain-of-custody is not
restricted to computer-assisted data analysis.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-34
 Practice Question
Which is an important step in resolution of a fraud
investigation?
A. Provide closure to suspects found innocent.
B. Enter into civil litigation for attempted but unsuccessful
criminal acts.
C. Encourage law enforcement to prosecute the wrongdoer
even if management disagrees.
D. Make a statement to the press after discussing with legal
counsel.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-35
 Practice Question
Which is an important step in resolution of a fraud
investigation?
A. Provide closure to suspects found innocent.
B. Enter into civil litigation for attempted but unsuccessful
criminal acts.
C. Encourage law enforcement to prosecute the wrongdoer
even if management disagrees.
D. Make a statement to the press after discussing with legal
counsel.
Answer: A. Civil litigation is typically used to recover funds. Management decides
whether to prosecute wrongdoers, but internal auditors should advise on the
consequences of not doing so. Management decides who is an authorized
spokesperson.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic B VI-36
 Process Review
Internal Auditor Responsibility:
• Review risk assessment to identify risks.
• Assess whether controls are in place.
• Gather evidence to establish whether fraud controls
are operating as defined.
• Propose ways to improve fraud controls in the
program, audited area, or process.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-37
 Five Principles to Manage Fraud Risk
Key Principles Description
Principle 1: A fraud risk management program should be in place.
Principle 2: Assess fraud risk exposure periodically.
Principle 3: Establish prevention techniques to avoid potential key
fraud risk events.
Principle 4: Establish detection techniques.
Principle 5: Use a reporting process and a coordinated approach to
investigation and corrective action.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-38
 Fraud Risk Management
Framework Controls
• Discourage fraud. • Establish anti-fraud controls.
• Limit fraud exposure when it • Provide independent
occurs. assurance that anti-fraud
• Set strong safeguarding controls are effectively
controls and run overseen by operational
anti-fraud programs. management and any relevant
• Create control environment compliance functions.
that strongly promotes ethics
and honesty.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-39
 COSO Fraud Prevention and Control
Control Elements Internal Auditing Responsibilities
Control environment • Assess control environment.
• Code of conduct; ethics, fraud policies • Conduct proactive fraud audits.
• Hiring/promotion guidelines • Communicate fraud audit results.
• Oversight • Support remediation.
• Investigation/remediation
Risk assessment • Evaluate management’s fraud risk
• Assess fraud-related risk, control assessment.
activities, how to close gaps.
Control activities • Assess fraud-related control design and
• Establish and implement control effectiveness, whether audit plans
practices. address fraud risk, facility design, and
• Establish an affirmation or impact on controls of changes to laws,
certification process. regulations, systems.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-40
 COSO Fraud Prevention and Control
Control Elements Internal Auditing Responsibilities
Information and communication • Assess operating effectiveness of
• Policies, guidance, results information and communication
• Ethical dilemmas dialogue systems and practices.
• Communication channels
• Training
• Impact and use of technology
Monitoring • Assess monitoring activities/software,
• Ongoing and periodic performance timeliness of investigations,
assessments communication of deficiencies.
• Computer technology for deterrence • Support audit committee oversight and
fraud indicator development.
• Hire and train employees.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-41
 Analytical Tools for Fraud Tests
What’s the ratio of A to B?
(proportional analysis)
Condition
A Does this change in a trend have a reasonable
explanation? (trend analysis)

Will computer analysis make testing

more efficient and effective? (verifying
transactions with computers)

Outcome B

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-42
 Types of Computer Analysis
Numerical Study of number sequences (e.g., check amounts)
analysis for unlikely patterns, often using Benford’s Law

Regression Computer analysis of relationship between

analysis variables—one dependent on the other(s)

Enterprise Mining data in enterprise-wide systems to identify

auditing suspicious patterns

Continuous Comparison of transactions as (or soon after) they

online auditing occur against predefined acceptable patterns

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-43
 Practice Question
Which is a good example of continuous auditing?
A. Research to identify a root cause for too many
items that start with 9
B. An application that compares vendor payment
addresses against employee addresses
C. Testing a representative sample for identical
entries
D. Correlating expense claims with travel events

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-44
 Practice Question
Which is a good example of continuous auditing?
A. Research to identify a root cause for too many
items that start with 9
B. An application that compares vendor payment
addresses against employee addresses
C. Testing a representative sample for identical
entries
D. Correlating expense claims with travel events
Answer: B. Continuous auditing (or continuous monitoring) uses
computerized techniques to perpetually audit the processing of
business transactions.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-45
 Whistleblower Hotline Features
• Confidentiality or • Naming the hotline
anonymity • Communicate the
• Accessibility existence
• Staffing • Organizational
• Use of third-party responses to
vendors hotline reports

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-46
 Discussion Question
True or false?
Whistleblower hotline anonymity implies
that the caller’s name and identity will be
communicated only to those with an
essential or authorized need to know.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-47
 Discussion Question
True or false?
Whistleblower hotline anonymity implies
that the caller’s name and identity will be
communicated only to those with an
essential or authorized need to know.
Answer: False. This statement describes confidentiality.
Confidentiality can be promised only within the limits allowed by
law, and callers should know who might learn their identity.
Anonymity provides both secrecy and nondisclosure of the caller’s
identity.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic C VI-48
 Forensic Audit Team
What Is a Forensic Audit Team?
• Gathers evidence suitable for use in court—and can present it in
court.
• May be certified by Association of Certified Fraud Examiners (ACFE).
• Pieces together the fraud narrative from experience, knowledge,
and intuition.

Internal auditors should be able to identify fraud indicators but are

not expected to have the special skills needed to gather evidence
for court. This expertise belongs to fraud investigations team.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-49
 Interrogation/Investigation Techniques

Attribute Standard
1210.A1
“The CAE must obtain competent advice and
assistance if the internal auditors lack the
knowledge, skills, or other competencies needed
to perform all or part of the engagement.”

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-50
 Interviewing vs. Interrogating
• Terms are often used interchangeably, but they are not
the same; they occur in different contexts.
• In interviewing, most answers to questions are not
known; in interrogation, most answers to questions are
already known.
• Different goals, different techniques to achieve goals.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-51
 Interviewing vs. Interrogating
Interviewing Interrogating
Goals Uncover information. Secure confession, evidence.
Interviewees Suspect, witnesses, victims, those Will probably focus on suspected
who aided perpetrator, providers perpetrators and accomplices.
of background information.
Questioning • Comfort level. • Repetitive to note explanation
strategy • Don’t use word “fraud.” changes.
• Logical and sequential manner • May change direction suddenly.
for questions.
Atmosphere • Cooperative, open tone. • Confrontational at times.
• At interviewee’s workplace. • Neutral ground, free of
• Low visibility of interview. distractions.
• Presence of security.

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-52
 Discussion Question
What are some interview behaviors
that could be considered possible
indicators of fraud?

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-53
 Discussion Question
What are some interview behaviors
that could be considered possible
indicators of fraud?
Sample answers:
• Restlessness • Anxiety
• No eye contact • Attitude change
• Inappropriate attitudes • Changing answers

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-54
 Interviewing Model
Prepare
• Define goals.
• Gather background
Document information. Conduct
• Complete report. • Plan questions,
• Follow plan.
• Don’t transcribe; strategies.
summarize. • Verify fact/hearsay.
• Include attitude, Agree • Take notes.
next steps. • Summarize key
points.
• Confirm/correct
points.
www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-55
 Computer Forensics
• Recovering deleted • Performing investigations
emails after employment
• Monitoring emails termination
for indicators of • Recovering evidence
potential fraud after formatting a hard
drive

www.LearnCIA.com
v6.0 Part 1, Section VI, Topic D VI-56
 End of Section VI

Questions?

www.LearnCIA.com
v6.0 Part 1, Section VI VI-57