Forensic Auditing

By

G. S. Msukwa

Intended learning outcome

By the end of the course, students should be able to:
a) Identify the general regulatory framework within which forensic audit is carried out.
b) Understand the forensic audit planning process to carry out an effective audit.
c) Learn various techniques and procedures employed to obtain required evidence in
the engagement.
d) Understanding how to perform specific assignments required by the clients.
e) Prepare forensic audit reports showing how various findings and conclusions are
reflected in them, and in a manner usable by courts of law.

Table of Contents

1. Scope and Regulatory Framework

i. The scope and purpose of forensic audits
ii. Professional and legal and regulatory framework
iii. The engagement process and parties responsibilities

2. Planning Forensic Audit Engagement Work

i. Understanding the client entity and its environment
ii. Understanding the nature and scope of the engagement and client
expected deliverables.
iii. The engagement hypothesis and risk assessment.
iv. Drawing the audit plans and audit program.

3. Obtaining Forensic Audit Evidence

i.The nature of forensic audit evidence
 Documentary evidence
 Hearsays
  Inferences and other evidence
ii.Techniques and procedures of obtaining evidence
 Internal controls and flow charts evaluations
 Substantive tests and analytical procedures
 Enquiries, interviews and interrogations
 Observations and witnessing
iii.Selected areas of forensic audit consideration
 Fraud investigations
 Money laundering investigations
 Authentication of insurance claims
 Damages claims validation
 Insolvency and bankruptcy
iv.Review of evidence for validity

4. Forensic Audit Reporting

i.Reporting to intended users
 The role and responsibility of the forensic auditor and intended users
 Types, formats and contents of the reports
ii.Tendering evidence in courts of law (court proceedings)
 The general criterion and court standards for expert witnesses
 The legal role of expert witnesses
 Effective tactics and procedures for expert witnesses
 Admissibility of forensic audit evidence in courts of law.
Part One
Scope and Regulatory Framework

1.1 The Scope and Purpose of Forensic Audits

Forensic audit is the examination and evaluation of an entity or individual’s financial and
other records and information to gather evidence to prove or disprove a phenomenon,
claim or belief of existence or occurrence of such phenomenon, that could be
potentially be used legal settlements or legal proceedings. It covers a wide range of
investigative activities, but the main or common area of focus is uncovering fraudulent
activities and other financial crimes.

Where the client intends to use such evidence to prosecute the culprits, in the legal
process, the forensic investigator may be called upon to serve as an expert witness
during the court proceedings.

Forensic audits may also involve other matters apart from fraud and other financial
crimes investigations. Such areas include dispute related cases such as; bankruptcy and
business closure, verification of insurance claims, divorce proceedings etc, to offer
concrete, reliable and objective information which can be used by concerned parties to
settle their disputes or proceed with legal proceedings where necessary.

Related services and terms to forensic audits are; forensic accounting, which is the
application of investigative and analytical skills and reporting to be used in dispute
settlements or legal proceedings. It includes quantitative assessments and
communicating or reporting such matters.

Organizations normally have other regular audits carried out on their financial
statements and other records. These include statutory audits carried out in accordance
with relevant laws (ie, the Companies Act, for registered companies, or the Public
Finance Act and other legislations for the public sector bodies in Malawi), and various
other regulations (ie, the ISA and INTOSAI, respectively). Different organizations also
engage professional individuals or firms to carry out other assurance engagements on
need basis.

Forensic audits are engaged instead of regular audits and other assurance engagements
if there is a chance that or intention to use the evidence in courts of law. In some cases,
it is actually the regular audits or other assurance engagements which upon their
discovery of certain matters, may recommend a forensic investigation , because their
respective engagements may be limited in scope of work to be performed. Otherwise,
interested parties engage forensic auditors upon suspicion of occurrence or existence of
certain matters to discover or confirm them, or for them to analyse, evaluate and report
an certain actual or potential dispute related issues to produce a strong case which can
stand the high legal standard test.

1.2 Professional and Legal and Regulatory Framework

The Professional Framework

Financial forensic investigations are largely falling within the accountancy professional
framework, though not entirely, since there are some areas which lie outside the
profession, such as legal issues. This implies that practitioners involved in offering these
services are largely bound by the accountancy professional pronouncements in their
professional work and expected behavior.

The International Federation of Accountants (IFAC) is the international accountancy

professional regulator and an umbrella body within which various national and regional
bodies focusing on different aspects of the professional services register and regulate
their individual members (ie, financial reporting and audits, management accounting,
tax and other services). Through its various boards, it has issued various
pronouncements. Financial forensic investigations are largely guided by the
International Standards on Related Services (ISRS) and the International Standards on
Review Engagements (ISRE) issued by the International Audit and Assurance Standards
Boards (IAASB) under it.

The pronouncements also require that the practitioners, in whatever capacity, should
comply with relevant ethical requirements. In conducting audit and related services,
they are required to plan and perform their engagements with professional skepticism
and exercise judgment (ISRE 2,400). Specific ethical principles issued by the
International Ethical Standards Board for Accountants (IESBA) include; integrity,
objectivity and independence, competence and due skill and care, confidentiality and
appropriate professional behavior.

The Legal Framework

Since the nature of the assignments involve gathering evidence, analyzing and reporting
it to meet legal standards of admissibility as evidence in a court of law, such as when
dealing with fraud and other financial crimes, it requires the practitioner to be familiar
with the country’s criminal and evidence codes and other laws. These include; the
Criminal Procedures and Evidence Code (or the Evidence Code, in short), the Penal
Code, and the Courts Act as primary legislature. The practitioner also needs to be
familiar with other relevant laws within which particular assignments may fall, such as;
o Financial Crimes Act
o Corrupt Practices Act
o Financial Services Act
o Taxation Act, VAT Act and Customs and Excise Duties Act
o Securities Exchange Act
o Insurance Act
o Companies Act
o ICT relevant laws etc.

o Other relevant national laws and regulations and international pronouncements and
guidelines such as the FATF and OECD guidelines on financial and related crimes.

1.3 The engagement process and parties’ responsibilities

Appointment

The forensic investigations practitioner may be appointed by a client in various ways;

o In some cases the client may float an invitation for tenders for the provision of the
forensic audit services in the media, to which firms or individuals may respond by
submitting proposals to carry out the services. The client would then select a
preferred firm or individual practitioners according to its selection criteria.
o In most cases the client simply single-sources or simply approaches a preferred firm
of individual practitioner directly, to which the practitioner also responds by
submitting a proposal for the client’s assessment. Due to the nature of the services,
to avoid alerting the potential culprits through formal advertisements, this method
os more preferred.

The client would thereafter make a formal offer of appointment to the firm or individual
practitioner, to which if satisfied and upon fulfilling all other ethical issued, the
practitioner accepts by submitting an engagement letter for the purpose of agreeing
terms of the engagement in accordance with professional requirements. The terms in
the engagement letter would include;
o The nature and scope of the assignment
o Respective responsibilities and expectations to either parties to the engagement
o Set communication channels and intervals during the engagement.
o Expected Deliverables (ie, the main report, assessment of internal control
weaknesses and suggestions for improvements, expert witnessing etc)
o Conflict resolution channels and mechanisms, including termination of engagement.

Termination of engagement

Most forensic audits engagements (if not terminated pre-maturely), come to a logical
conclusion upon completion of work and submission of the report by the practitioner to
the client and payment of fees thereon.

However, the practitioner would in some cases be required to tender their report
findings or opinions in a court of law as expert witnesses if the client or the law requires
appropriate legal proceedings. In such cases termination of the agreement may be
extended (or open ended) until such cases are concluded by the courts, whose period is
determined by the courts themselves, and beyond either parties to the agreement’s
control.
Part Two
Planning Forensic Audit Engagement Work

Proper planning of work helps the practitioner assess and direct proper attention to
various issues and areas relevant to the nature and scope of the engagement.
It will also help the practitioner allocate appropriate resources such as the right
combination of manual and electronic techniques and skilled individual/team to help
gather and analyse appropriate information for the effectiveness of the assignment.

Because of the diversity of the forensic audits assignments (even if we narrowed down
to fraud investigations), which also have varied types and techniques, the practitioner
needs to be flexible in the approach, treating each assignment depending on the
uniqueness of its nature. However, broadly, the practitioner needs to approach the
work within the following framework, with appropriate professional judgement.

2.1 Understanding the client entity and its environment, the nature and objective of
the assignment.
Understand the client’s business, industry, operational activities and information flows.
Assess its regulatory environment and other factors pertinent to the operations.
Familiarize oneself with the general control environment and activities and monitoring
systems, including the level of ICT integration and use.
Identify the nature and objectives of this particular forensic audit engagement.
Obtain sufficient understanding of circumstances and events surrounding the
engagement and the context within which the engagement is to be conducted. (ie, any
relevant laws and regulations underpinning this particular engagement.
Identify any limitation of scope of the engagement. For instance, in fraud investigation
information may not be available or deliberately destroyed or concealed.
Evaluate the resources required to complete the work and identify suitable engagement
teams.

2.2 The engagement hypothesis and risk assessment.( red flags and green flags).
o The investigator should develop an appropriate hypothesis to address the
circumstances and the context of the engagement. For instance, in fraud detection,
the forensic investigator should not start the work without a hypothesis/prediction.
o ‘The totality of circumstances that would lead a reasonable, professionally trained
and prudent individual to believe that fraud has occurred, is occurring or will occur’
– ACFE. This forms a basis for which the fraud examination and its steps.
o Identify the risk factors and red flags that would point to the possible occurrence of
such matters identified in the hypothesis/prediction.
o Identify all needs, and design an appropriate strategy which can be done from two
perspectives;
 Moving from general to the specifics.
 Use of the fraud theory approach – use of hypothesis (analysis of available to
create a hypothesis, and testing the hypothesis and/or refining the hypothesis
where necessary).

Note;
There is need for the forensic investigator to adopt a high level of professional
skepticism attitude towards all information provided since it may be biased, false or
incomplete as fraudsters would conceal or destroy evidence.

2.3 Drawing the audit plans and audit program.

The following chart (by ACFE) sets up steps to follows to resolved fraud allegations.

Once all evidence is gathered it would be analysed to support or refute the hypothesis.
The finds would be presented in a report.

Each investigation assignment should be conducted with an assumption that the case
will end up in litigation. This will ensure that the investigation maintains compliance
with proper rules of evidence and remains well within the guidelines established by the
legal systems such as the Evidence Code and the Penal Code.
Part Three
Obtaining Forensic Audit Evidence

3.1 The Nature of Forensic Audit Evidence

Forensic audit evidence should be gathered with an assumption that it should meet the legal
standards of evidence, or that the case being investigated will end up in litigation.
Practitioners/investigators will apply various techniques to gather the right evidence. The legal
standard of evidence is anchored by various national and international laws and regulations and
pronouncements which are largely similar to ensure harmonization in dealing with and
transferability of legal cases.

In Malawi evidence standards are provided for in the Criminal Procedures and Evidence Code (or
the Evidence Code, in short), and the Penal Code which spells out various criminal offenses.
Under s.2, the Evidence Code defines evidence as information of any description which facts
tend to be proved, and includes aural, documentary, artifact and any other information which
can prove it.

Facts include;
o Anything, state of thing, or in relation to things capable of being perceived by the senses (ie,
the five human senses)
o Any mental condition of which a person is conscious of.

Fact in issue, means any fact from which (either by itself or in connection with other facts) the
existence/non-existence, nature or extent of any right, liability or disability, asserted or derived
in any proceedings necessarily follow.

The burden of proof of any particular fact, under s.18(1), lies on the person who wishes the
court or jury to believe in its existence, unless it is provided by any written law that the proof of
such facts shall be on a particular person.

Under s.187(2), the burden of proving any fact necessary to be proved in order to enable to give
evidence of another’s fact is on the person who wishes to give such evidence, and s,188(1)(a),
such burden shall be deemed to be discharged if the court or jury is satisfied by the evidence
given by the prosecution that evidence or facts exist.

Admissibility of the Reports of Experts

Whenever any facts ascertained by any examination by any person or body (firm) requiring
skills, body of knowledge, or experience sufficiently organized or recognized as reliable body of
knowledge, and the facts are relevant to the issues in a criminal proceedings, reports on such
facts by that person or body(firm) referred to as an expert, be admissible as evidence to prove
the fact in the proceedings (s.180(1)) subject to s.180(3),
o The other parties to the proceedings consent,
o The party proposing to tender the report has served copies on other parties, and none of
them has objected within 7 days of being served.

Further to that, the party who served the report may call upon the author to give evidence
(ss.4), and the court or jury on its own right, may also summon the expert to give oral evidence,
or the court may refuse to admit the report for failure to attend, for circumstances it considers
unreasonable.

The court or jury may also seek expert’s opinion or interpretations on matters of expertise in
any recognized and recognized body of knowledge such as science, finance, art or any other
recognized body of knowledge (s.190(1)) after examination of relevant issues requiring
specialized skills and giving opinions on them.

Experts witnesses are also subject to; examination, cross-examination and re-examination
according to s.13 & 14 ( and complete the Bond to Give Evidence; Form XXIII, and should also
read the accused Charge Sheet/Summons, Form VI).

Attributes of Evidence; Sufficiency

Under s.169, a fact is said to be proved when the court or jury either believes it exists or to have
existed, or considers its existence so probable to a prudent person under circumstances in that
particular case; otherwise it is disproved. A court or jury may regard or presume a fact proved
unless disproved (s.178), but not both.

Attributes of Evidence; Relevance

o Facts are relevant which are the occation, cause-effect, immediate or ether-wise, or fact in
issue, or which contribute to the state of things under which they happened or which
afforded an opportunity for their occurrence or transactions.
o Facts show or contribute a motive or preparation for any fact in issue.
o Facts are necessary to explain or introduce the fact in issue.

Other attributes of Evidence

o Facts are consistent with any fact in issue, and make the existence of the fact in issue highly
probably.
o Facts show the existence of any state of mind of a particular person such as; intention,
knowledge, good faith etc, on one hand, and/or negligence, ill-will, deception etc, on the
other hand.
Impeaching Credit of Witness
The credit of witnesses may be impeached upon the following;

o If evidence provided by a person known to be unworthy credit,

o There is proof that the witness has been compromised (received bribes or other
inducements)
o By proof of former statements inconsistencies with any part of his evidence which is liable
to be contradicted.

3.2 Techniques and Procedures of Obtaining Evidence

Specific techniques and procedures performed in specific forensic audit assignments

depend on the nature of the assignment. However, forensic investigators use the
framework of broad approaches to guide them to ensure exhaustive means of gathering
evidence which is sufficient and reliable have been applied. There are basically two
categories of evidence used in courts; direct evidence and circumstantial evidence.
Some procedures are carried out to gather the required while other procedures may be
carried to understand the circumstance or lead the investigator to appropriate sources
of evidence.

3.2.1 Assessments of Systems and Internal Controls

The investigator needs to verify the existence and nature of systems and internal controls in the
areas of focus of the assignments. The investigator uses his understanding the client’s nature of
business, industry and business environment, the general control environment. This is followed
by the nature, objectives and circumstances and event surrounding the engagement. He needs
to identify relevant systems and internal controls and assess them to identify any weaknesses
which could be exploited by people to perpetrate financial crimes such as fraud. The investigator
should record his understanding of the systems and internal controls in the following forms;

Narrative Notes
These aim at describing and explaining the system, such as;

o What functions are performed and by who

o What documents are used, where do they originate from, what are their destination and
what sequence are they moved and filed

Organizational Charts and Flow Charts

Firstly, the investigator obtains an organizational chart showing individual managers and other
employees’ positions, responsibilities and the line and flow of authority amongst them. (see
illustration below)
The investigator also assesses and maps the flow charts using various symbols and lines/arrows
to indicate the documents and the direction of flow of information and documents. There are
two main methods of flow charting in regular use.
Document flow chart…
Information flow chart…
Other symbols; (see illustration attached; symbols and typical flow charts)

In the document flow chart document flow runs from top to bottom of the chart. Each symbol
represents an operation applied to the operation during the processing cycle.
In information flow chart, information is transferred from one document to another during the
course of the processing cycle.

Division of Duties
The structure of the chart shows the division of duties by dividing the chart into vertical
columns, and where there are crossing of lines, use of “bridging”, while where a document has
been carried forward to another chart, or when it is eventually necessary to split up a previously
single document into various related documents then “ghosting” technique is used. (See
illustrative flow chart below)

Advantages and disadvantages of flow charts

o They can be prepared quickly to describe the system.

o Information is presented in standard forms and this makes them to be easy to follow.
o It records the system in its entirety since all documents are appropriately traced from the
beginning to the end.
o They eliminate the need for extensive narrations and can be of use in highlighting salient
points of controls and weaknesses in the systems.
o However, they are only suitable for describing standard systems.
o It is also difficult to make major amendments to the flow charts once prepared.

Assessments
The investigator should the confirm the actual operations of the system and controls and assess
their effectiveness in achieving their intended purpose for establishment.

Walk-through Tests
The investigator picks transactions and traces them or follows them through the recorded (ie,
flow charts) systems to confirm that the system indeed operates in the manner ecorded.

Compliance Tests
This involves checking by the investigator whether the systems and controls are being applied
and are in line with management’s policies and procedures.
This is followed by the evaluation of their effectiveness whether they achieve their intended
purposes (ie, to prevent, detect and control fraud and errors and ensure smooth operations in
the organization etc), such as by use of systems and controls evaluation questionnaires (ICEQ)

Where they are strong and effective, the risk of occurrence of fraud will be reduced, and the
investigator can place some reliance on them. However, in fraud investigation assignment, the
investigator should remain alert and apply appropriate professional skepticism that fraud may
occur anywhere, since even strong systems and controls can still be circumvented by carefully
planned fraud, including concealing or elimination of any tracks/trails and destruction of
evidence.

3.2.2 Documentary Evidence, Substantive tests and analytical procedures

Court cases are proved through evidence. In general, evidence can be classified into two
categories, direct evidence and circumstantial evidence. Evidence can be also be classified
according to its nature, such as; testimonial evidence from witnesses in courts, statements
obtained during investigations referred to as documentary evidence (ie, bank statements,
emails communication etc), and demonstrative evidence such as summary schedules, charts;
and physical objects (artifacts) including gadgets or other instruments used, finger prints etc,
referred to as real evidence.

The composition of evidence types can differ depending on the nature of the issues being
investigated. Financial crimes investigation rely very much on documentary evidence than other
types, which to prove, may require going through large volumes of documents.

The investigator would read through some documents to obtain their understanding and use
information to built a case, while other documents would have to be actually extracted to form
part of the evidence presented ever, where all evidence submitted to prove a claim must be
original (or show why the original is not available and proof that the offered evidence copy is
accurate).

Sources of Documents
Documents from the client or victim ie;

o Statement of complaint relevant documents obtained

o Compile schedules and statements;

from available information (sometimes the complaint may be reluctant to release some
documents such as a sensitive financial data or trade secrets information, but the practitioner
should assure the client their importance in the case, and that their security is assured in the
hands of the practitioner/investigator.
Types of documents include;

o Signed statements
o Transactional paper work
o Intranets (quasi-public)
o E-mails communication

Documents from third parties

o Statements from their bank account on financial transactions

o Meta-data generated by each transactions can help reconstruct a suspect’s movement and
profile.
o Professional contracts with whom the suspect has dealt, industry contacts ie, persons with
whom the suspects does business, government contacts, etc.

Documents from the suspects

These documents include the suspects own representations on the matter at hand, such as a
written and signed statement.

It should be noted that to obtain some of these documents the investigator may require search
orders/warrants or the concerned person’s subpoena.

The investigator should organize all relevant documents and provide appropriate storage,
identifying the most important (to avoid information overload.

3.2.3 Enquiries, Interviews and Interrogations

The forensic investigator would also obtain some information from general enquiries on
operations, responsibilities and general conduct of affairs, which can provide the context within
which an issue under investigation arose. The investigator would use his own previous
knowledge and understanding to make appropriate judgements.

In addition to the general enquiries about various pieces of information and knowledge, the
investigator would also conduct more detailed or targeted interviews with specified individual
such as managers/section managers in the relevant functions within which the issue under
investigation arose or is concerned, with appropriate court order or subpoena interrogate the
suspect on such issues. When planning the targeted interviews or interrogations, the
investigator should determine;

Who;
The financial crimes often involve witnesses and evidence that are not routinely encountered in
other non-financial crimes. In preparing a list of potential interview subjects and those to
interrogate, the investigator should keep in mind that there are relatively few eye witnesses, if
any, in financial crimes. For instance, fraud is a surreptitious crime involving concealment and
stealth. The lest should consider the following;
Victims
Co-workers, including supervisors and subordinates,
Suppliers and customers
Spouses (or former spouses), relatives, close friends, etc
Professionals (such as lawyers, bankers, accountants etc), the suspect deals with.

Investigators should be aware of the presence of possible falsifications from interviewees,

including deception from sympathizers, or fabrications from the suspects adversaries emanating
from animosity. Investigators should always seek corroborative information to clear such
possibilities.

What;
This involves figuring out what information you are likely to seek from each interview or
interrogation subject and fill up the gaps where necessary.

Why;
This requires you figuring out why you need to interview/interrogate this particular
person/witness, including considering the order in which your interviews/interrogations are to
be taken, and why now(ie, to start with A before B)

Where
Whether it should be at the business or work place or at some neutral place, and in what kind of
settings. This will also depend the time available or period within which the results are required
by the client or the court. In an interrogation, for instance, it could wherever the suspects could
be located at the material time.

When;
What time of the day/say of the week would be most appropriate? At what level of the
investigation (preliminary or advanced level)? This will also depend the time available or period
within which the results are required by the client or the court. In an interrogation, for instance,
it could immediate to avoid losing the suspects if they were any delays.

How;
It terms of logistics, would we ask for an audio or tape recording or video tape?

The last issue is particularly critical when interrogating a suspect because the recordings would
be critical in the case proceedings.
3.2.4 Observations, Hearsays and other Evidence

It is very unlikely for the investigator to have observed or eye-witnessed a financial crime under
investigation. However, investigators can obtain some clues through some observation of some
red flags and other conduct of some suspects. These observation may not be tendered in court
as evidence for the proceedings.

According to s.184 of the Evidence Code, hearsay evidence is not permissible in courts,
however, oral evidence is permissible but must be in all case direct;

o If it refers to a fact which could be perceived by human senses. It should be the evidence of
a witness who perceived it through those senses.
o If oral evidence refers to a condition of any material thing other than documents, the court
may, if it deems fit, require the production of such material thing for inspection.

3.3 Forensic Evidence Analytical Tool

From evidence collected the forensic investigator should analyse it using various tools and
techniques towards proving the hypothesis. Court cases are mostly proved through inference
such as;
Evidence – inference – proof/conclusion
Proof of guilt is based on inference which in turn relies on logically linked facts. This calls for the
relevance of the facts to the case being proved. Analysis uses tools which can be basically be
classified into quantitative and qualitative categories, depending on the nature of evidence and
its category.

3.3.1 Quantitative Analysis

This involves determination and analysis of quantitative and amounts and methods used in
various financial and related crimes. The forensic accounting component of the investigation is
used to assess, discover trends and other interrelationships between financial and non-financial
data to discover areas of suspicious financial crimes (ie, how much were the crimes
proceeds/loss the victims, and how was it obtained?)

Various models, methodologies and techniques can be used for this purpose depending on the
nature of the suspected financial crime(determine the method used by the suspect and possible
amounts involved). The forensic investigator can use intuition and appropriate professional
skepticism to follow up on various types of transactions, covered under the forensic accounting
techniques.
Since there are currently many advancements in ICT which are also used by financial criminals to
successfully carry out and conceal their illicit acts, investigators have also developed forensic
techniques which also use advancements in ICT with appropriate methodologies to be able to
track both quantitative information and their movements and links amongst those involved by
establishing patterns and identities. Such ICT enabled models and techniques include use of
regression functions, decision trees and neuralnets, using artificial intelligence (AI).

Various software can be used to achieve this, such as the general software such as the MS Excel
& Access, specialized software such as CAATs, CAINs, Autospy, Wire shark, and others.

Other more advanced conformity tests and other models used include the Benford
curve, the z-statistic, the X2 (Chi-squared) test, and the Kolmogorov-Simirnoff test of
conformity and other statistical distributions tests and the second order summation
tests. (see illustrations below)

3.3.2 Qualitative and other Analyses

In addition to the quantitative analysis and tools identified above, the investigator
should also use qualitative analysis, especially when dealing with a lot of information
and difficult cases which may involve an interconnection or a network of suspects.

Qualitative analysis tools help in revealing relationships and visual time based data. This
helps to graphically visualize relationships under observations, between people,
businesses and transactions. These include;

Associational analysis which use matrices and link diagrams and aliases. (see
illustrations below)

One can also use transaction and process flow diagrams (TPFD) and program evaluation
and review techniques (PERT) and visual investigative analysis (VIA) charts.

Inferential Analysis

This used where the mass of evidence available to conclude a case is incomprehensible,
and the logic of proving a case is composed of several interlocking and conjunctive lines
of arguments formed in a proposition of alternatives.
It involves deconstruction of the legal theory of a case into the ultimate probandum
and penultimate probanda. (note; an ultimate probandum is the main issue to be
proved, while penultimate probanda are alternative propositions each of which should
be proved in order to prove the ultimate probandum).

It also uses inference networks such as the Bayesian networks, and investigative
inference analysis (IA) to construct an investigative inference chart using various
symbols, through a key list construction (see illustrations below)

Logical and Legal Arguments

To understand fully how to build a chain of logic, the investigator needs to understand
legal arguments as follows;

Deductive Arguments/Reasoning

These work from top to bottom. Given two or more assertions, they should
automatically lead to a conclusion or flow naturally to a conclusion (Arstotle’s syllogistic
arguments). They provide mathematically or logical precision (conformity) between
propositions and conclusions.

Inductive Arguments/Reasoning

These on the other hand work from the specific observations towards generalization
(bottom-up reasoning). These arguments are not designed to produce certainty as
deductive arguments but the likelihood or probability of the outcome from the premise.

A forensic investigator will encounter both forms of logical reasoning. Offering evidence
in a legal system most often exposes the investigator to inductive logic. In the process of
proof it is common to allege and prove specific isolated facts and build a general
conclusion. However, the legal systems are mostly dealing with probabilities than
certainties, ie, proof beyond reasonable doubt, because it involves reasoning from
specifics (ie, evidence) towards generalization (ie, guilt or culpability).

Therefore, induction is the more natural form of legal argument (though deductive is
still relevant), weighing on the strength or weakness of evidence provided.

3.4 Selected Areas of Forensic Audit Consideration

3.4.1 Fraud Investigations

Definition of fraud and other financial crimes

Financial crimes include all crimes committed with an aim to gain unlawful property. These
include fraud of various types and forms, money laundering, terrorism financing, forgery and
counterfeiting money and consumer goods, violent crimes such as robbery or murder; carried
out by individuals, corporations and 0rganised crime groups (criminal syndicates) for that
purpose, and white colar and other violent crimes with an aim to gain undeserved property.

Fraud is a deceptive act carried out by an individual or group or organization, intended to result
into a gain for themselves or on behalf of third parties, financially or otherwise. Victims of
financial crimes may be individuals, corporate sectors organization and public sector bodies.

Cressy (1953), developed a fraud triangle which identifies key determining factors of fraud (ref,
illustration below),

Classification of Fraud
The Association of Certified Fraud Examiners (ACFE) developed a comprehensive fraud
classification in form of a fraud tree, illustrated below;

Classification of Fraud by Fraud Perpetrators/Victims;

Fraud committed by business organizations (corporate fraud

o Perpetrating construction fraud

o Dealing in sub-prime and predatory lending by financial institutions
o Non-remittance of employees PAYE (tax fraud) and pensions funds, used in business
operations instead.
o Taking advantage of employees.

Fraud committed against business organizations and other private institutions

o Employee misappropriations of assets, espionage,

o Data/information theft (ie, hacking of information) by outsiders etc,
o Vendor and customer frauds
o Insurance fraud

Bilking the government and its agencies

o Contract fraud and corruption (bribery and economic extortions etc)

o Tax fraud by individuals and businesses (ie, tax evasion in many forms including smuggling
etc.)
o Medicare and medical aid fraud
o Social security fraud

The Ponzi fraud

o Perpetrated by individuals or organized criminal syndicates, such as investments and

securities fraud (purpodely promising high rates of returns with little risk involved, with an
aim to eventually disappear with investors’ money).

3.4.2 Fraud Risk Assessment, Red Flags and Oxioms

In business and other organizations management need to establish appropriate policies and
procedures of indentifying fraud and other risks factors and establish preventive measures
against their occurrences.
Management also need to institute ad hoc and regular reviews and checks to ensure any fraud
and other mal-practices are discovered and corrected. Apart from appreciating that certain
types of organizations, sections or assets are more inherently vulnerable to fraud because of
their nature, managers should particularly look for red flags as pointers to possible fraud
occurrences in their organisations.

The ACFE identifies common behavioural red flags exhibited by individuals involved in
fraudulent schemes or organization as follows;
Living beyond one’s means, where they would acquire wealth whose source cannot be properly
explained.
Facing constant financial difficulties which require assistance to bail out could make an
individual be attempted to commit fraud.
Recent divorce or other family problems the person is facing.
Unusual close association between the entity’s employee with a supplier of certain
goods/services or a customer of the client’s goods/services.
A general wheeler-dealer attitude of a person which may involve shrewd or unscrupulous
behavior.

On the other part, the forensic or fraud investigator need to be astute at fraud oxioms, which
give an edge on fraud detection when carrying out their investigations as follows;
Professional skepticism
Professional skepticism;
This is an attitude which includes questioning mind and critical assessment of evidence, and
being alert to any possible indication of fraud and other financial crimes.

Toe in the water (or trial and error);

It is believed that some fraudsters start with a small test of the system, and if discovered they
can always apologise as an error. But if it works they will exploit it. Forensic investigators should
pursue such issues with suspicion.

Escalation of crimes;
Following the ‘success’ of the test above, the fraudster would try to attempt to defraud more
from the victim, committing more fraudulent activities within a shorter time period, or taking
larger amounts.

Tip of the iceberg theory;

Accidental small scale discoveries could lead to or be indicators of more serious frauds.

Data mining
This is more prevellent through IT audits. It involves close look, analysis of bits and pieces of
data/information which could lead to discovery of patterns , interrelationships or trends which
could help the investigator to examine them further where necessary.

3.4.3 Detection of Fraud

Fraud can be detected through techniques summarized in the following diagrams;

Because ant discovered fraud by an organization or individual victims may compel them to take
the matter up in the courts of law, the immediate factors to determine are whether fraud had
occurred and whether there is;

1) A criminal law covering it (ie, relevant sections in the Corrupt Practice Act for corruption
charges, or sections in the Taxation Act for tax fraud etc.)
2) An apparent breach of that law (ie, which sections criminalize the act in question)
3) Identification of the perpetrators (ie, the 5W & H)
4) Moving the courts by the victims or parties representing the victims, since courts act on
cases brought before them.

3.4.4 Other Financial Crimes Investigations

Money laundering investigations

Authentication of insurance claims
Damages claims validation
Insolvency and bankruptcy
Part Four
Forensic Audit Reporting
When all the gathering and analysis of evidence and other corroborative information
have been used to form a conclusion on the hypothesis, the forensic investigator’s duty
is to present his findings and conclusions in a report to the client.

4.1 Reporting to Intended Users

The role and responsibility of the forensic auditor is to gather appropriate evidences to prove
the occurrence or non occurrence of a phenomenon. The forensic auditor has to present the
report to the client according to agreements in the engagement letter.

The report should be presented in appropriate formats wit all relevant and sufficient details
according to the terms of the engagement. Presentation of the report normally assumes the
client may use it to pursue the matters raised through the legal system, in which case the
investigators may be required to testify in courts of law as expert witnesses.
Forensic investigators should create a system of organizing their evidence for ease of retrieval
and quicker and more accurately within the mass of evidence. This is usually done through
establishment of the case book system.

4.1.1 The Case book System

This should be well organized to provide ease of implementation or successful presentation and
coordination of all evidence, which gives;

Flexibility; through deligent indexation of evidence,

Scalability; should depend on the complexity of the case (ie, from as simple as an index note
book, to as complex as several filing cabinets)

It should have a direct and easily identifiable link between the model information to provide a
strong correlative and robust cross-referencing capacity

Components of the Case book System

Administrative section
o Contains important documents about the case itself (ie, underlying legal premises on which
the case is based, including voluntary acts – actus reus, causation and resulting harm)
o A synopsis of facts written based on what is being alleged, not what the investigator believes
to avoid tunnel vision effects.

Investigative section
o This should contain all paperwork and other pieces of information pertaining directly to the
investigation (ie, the original initiation report and all other investigative narrative)
o It should also contain master chronology and clarify the chain of events under investigation.
o There is also a detailed list of witnesses (ie, with unique identifiable numbers) in order to
locate or link witnesses quickly to particular evidence.

Evidential section
This can take various forms depending on the case. In simple cases, only copies of documents
will constitute the entire section, while in complex cases it will be in itself an index of folders
within the filing cabinet. It locates discrete items of evidence using numbering system.

4.1.2 Contents of the Report

The actual report should include as much details necessary to document the investigation
without being overly burdensome.
The investigator should also be aware that, in case the matter is brought be the court, trials may
occur a considerably longer long time after the investigation such that it may be difficult to recall
some details accurately if one did not include them in the report. The investigator may have lost
some memory by the cross-examination time.
The length and complexity of the report differs depending on the nature and complexity of the
matter under investigation. However, a typical report which may run from tens of pages to
hundreds of them, should contain the following key components;

o Title and addressees of the report

o The Background
o Executive summary
o Scope of work (and deliverables)
o Forensic investigation findings
o Internal controls findings (optional)
o Investigation approach (may be also part of, or come immediately after Scope of work
above)
o The report is appropriately signed off by the forensic investigator
o Appendices, such as; the investigators’ profiles, detailed schedule and documents and
reports, recorded statements etc.

Note;
The findings on internal controls are optional but essential. Their inclusion depends on the
agreement terms.
Internal controls evaluation use the COSO Framework or other comprehensive analyses.
Internal control evaluations help to identify red flags, which then directs the investigation to the
most crucial areas.

4.2 Expert Witnessing

Usually the forensic auditors’ responsibility ends when the reports have been submitted to their
clients and all when all accompanying requirement from both parties have been fulfilled. It is
also not the forensic investigator’s responsibility to decide upon the course of action to be taken
against the culprits. It is the client would use the findings to take appropriate actions against the
them.

Because of the criminal nature of fraud and other financial crime, clients may have little choice
other than the issues ending up in prosecution. Upon taking that route, the forensic audit report
and other relevant information, such as testimonies will form the back-borne of evidence
brought by the victim/client in courts of law.

The courts, in their own right, may also require or call upon experts’ work, reports or opinions
on specific matters in the hearing process.

Therefore expert witnessing involves experts tendering evidence in courts of law in areas of
their expertise where relevant, through reports and/or testimonies. In this case a forensic
auditor would be used as an expert in investigating financial crimes, whose work/findings would
be used to prosecute suspected financial criminals such as fraudsters.

The role of the Expert Witness

Neutrality
The expert should testify from a neutral position rather than to influence the court through
emotions, but rather through the facts presented.

Education
The financial crimes evidence often tends to be highly technical and somewhat complicated.
This requires the witness to approach his role as financially focused and should educate the
court only about the facts of the case, which requires him to be appropriately qualified in
financial matters.

Communication
The forensic auditor should appropriately prepare to communicate or educate the court about
complex financial matters into understandable content, especially within the legal context.
Appendices

1. Expert Witness Report (Expert Witness Institute – UK)

2. The Art of Testifying

3. Mars Minick, Financial Crimes Consulting Services

4. ACFE Quick Facts on Fraud

References
Bologne, J. (2010), Fraud Auditing and Forensic Accounting (4th Ed), J Wiley Sons Publishing,
New Jersey.

Wagner, M. J. & Frank, P. B. (2010), Litigation Services Handbook; The Role of Financial Experts
(4th Ed), J Wiley Sons Publishing, New Jersey.

Wells, J. (2013), Corporate Fraud Handbook; Prevention and Detection (5th Ed), J Wiley Sons
Publishing, New Jersey.

Madinger, J. (2012), Money Laundering; Guide for Criminal Investigations (3rd Ed), CRC Press,
New York

Buckoff, T. A. & Pangano, W. J. (2005), Expert Witnessing in Forensic Accounting (3rd Ed) RT
Edwards, Philadephia PA, USA

Zack, G. M. (2013), Financial Statements Fraud; Strategies for Detection and Investigation, J
Wiley Sons Publishing, New Jersey

Christopher, E., Peter, D. (2013), Cases in Forensic Accounting and Auditing, (2nd Ed), e-books

Vona, L. W. (2011), The Fraud Audit; Responding to the Risk of Fraud in Core Business Systems, J
Wiley Sons Publishing, New Jersey.

Cascarino, R. (2013),Corporate Fraud and Internal Workbook; A Framework for Prevention, J

Wiley Sons Publishing, New Jersey.

Aghili, S. (2019), Fraud Audit Using CAATT; A Manual for Auditors and Forensic Accountants, CRC
Press, USA.