Guide to Forensic Auditing – Insights, Techniques, and Case Studies in Fraud Investigation

By Shrenik Shah – Founder & Partner | SN & Co.

Table of Contents

1. What is Fraud?
2. Classification of Fraud
3. Conventional Approach v/s Forensic Approach
4. Four Phase Fraud Cycle
5. Types of Trigger
6. Preventive Technique
7. Practical Case Studies
8. Digital Forensic – Walkthrough
9. Interrogation Techniques
10. Care to Cure
11. Forensic – Prospects
12. Directories

1. What is Fraud?

Universal  Our Belief
Financial – Fair
Reward – Recovery
Acquired – Acquired
Under – Unfair
Deception – Doctrine

Maths on Fraud = MQ < (O + P) R
MQ – Moral Quotient = (W * IQ)
O – OPPORTUNITY,
P – Pressure,
R – Rationalisation

1.1 Separating Truth From Fiction: Unveiling the Common Myths of Forensic Audit

Fiction

• Only CA’s are capable to conduct financial fraud investigation
• Financial Frauds investigation happens only on financial records
• Forensic can be conducted by any tools & protocols
• Any and all Data Can Be Recovered In case of digital forensics
• Pressing whistle involves identity Risk
• Fraudster commits fraud as a One Day Affair
• Forensic Auditor can recover money from fraudster
• Once Forensic Report issued can’t be challenged

Facts

• Anyone with a skeptical eye can conduct an investigation with adequate credentials
• Fraud investigations extend beyond numbers i.e. Covert Operations, Social Media profiling
• The tools used for forensic shall be admissible in court of law
• When the storage medium is extremely damaged, this is not always possible
• There are numerous whiste-hotlines that help safeguarding whistleblower’s identity
• Fraudster commits fraud over a period of time encompassing a series of red flags
• Recovery of money invites legal attention
• Alleged -party can issue a counter report as well to question the forensic report

1.2 Statistics

2. Classification of Fraud

3. Conventional Approach v/s Forensic Approach

Conventional Audit Approach

• Implementation and Testing of financial controls
• Overall risk assessment
• Ensuring compliance
• Financial Statement preparation
• Identification of process lapses

Forensic Approach

• Data mining with skeptical eye
• Deep Dive Approach to identify hidden frauds
• Red Flag Identification
• Pattern analysis
• 7 eye approach

3.1 Atypical Approach– 7 Eye Theory

Your Eye

• Skeptical Attitude
• Connecting Dots Perspective
• Investigative approach

Data Eye

• Data analytics – To identify duplications, irregularities, trends & patterns, Link Analysis, Joining Files, Fund Trail etc

Digital Eye

Digital Forensic is scanning of emails, hard disk, mobile phones and recovery of deleted files, password cracker & so on

Network Eye

• Market Intelligence
• Surveillance & Covert Operations

Evidence Eye

• Without Evidence entire exercise is futile
• Need to be proven in court of law

Theory Eye

• Gun Powder Theory
• Time Bomb Theory
• Inverse Logic Theory
• RSF Theory
• Benford’s Law Theory

Tool Eye

• Tools play an important role while using investigative techniques
• GST, Logistics Tracking Tool, Background Verification Tool etc.

4. Four Phase Fraud Cycle

Prevention

• Red Flag & Green Flag Identification & Monitoring
• Implementation & Testing of controls
• Vendor, Employee & Third Party Due Diligence – Scan Theory & Pyschometric Test
• Anti Fraud Framework
• Implementation of whistle blow & vigil mechanism

Detection

• Lifestyle & Background check
• Forensic examination of documents
• Tailing, Spying, Hacking & Screening, Social Media Profiling
• Digital Forensic
• Market research, Covert Uncovered Operation, pretext calling
• Vendor Vigilance

Correction

• Interrogation Techniques
• Indemnification Techniques
• Risk Appetite Redefinition
• Control Deficiency Correction

Reporting

• Compliance with legal, regulatory and other requirements
• Evidence
• Conclusion – Report

5. Types of Trigger

Red flags

• Living Beyond means (Lifestyle of employees)
• Financial difficulties
• Unusually close association with Vendor/Customer
• Control issues, unwillingness to share duties
• Divorce/family problems
• Wheeler-dealer attitude
• Refusal to take leave
• Behaviour of the person – Unfriendly and an introvert

Green flags

• Not asking for increment for a very long time
• Gift to employees
• First to enter the office last to leave
• Budget v/s Actual – at par/low
• No claims on reimbursement
• Payment done through Personal account/Credit card
• Sudden profit in an otherwise loss making business
• Excessive Supporting Documentations
• Excess Stock as compared to that recorded in books of accounts

6. Preventive Technique

Core Vigilance Committee – Proprietary

• Scanning of emails and hard disk
• Surprise intelligence check of employees
• Surprise vendor and customer visit
• Astound expense verification

Whistle Blow Technique

• Exposition of illicit activities being executed by fellow mate
• Communication via ethical helpline and email
• Independent committee to work on whistle blow

Test – Entry & Exit

• Entry Window – Eq test assuring intent, Background check
• Exit Window – Check on employee activities during notice period serving in the
  organisation

7. Practical Case Studies

Disclaimer: Names in following examples have either been masked or renamed for confidentiality purposes

7.1 Project Mars – Research Company

7.2 Document Fabrication

Disclaimer: Names in following examples have either been masked or renamed for confidentiality purposes

7.3 Rotten Fruit Case

Disclaimer: Names in following examples have either been masked or renamed for confidentiality purposes

1. Purchase and Sale – Related Party & Credit Note Raised

7.4 Vendor Reonboarding Case

Disclaimer: Names in following examples have either been masked or renamed for confidentiality purposes

Blocked vendor opening another company and re-onboarded twice

1. JJ Advertising was identified earlier as a suspected vendor due to multiple malpractices and was blacklisted
2. Onboarding of new vendor – Bakshi Media with same owner
3. Social Media Search for JJ Advertising shows Bakshi Media as a new brand of JJ Advertising
4. Mr Sharma is identified as the owner of JJAdvertising & Bakshi Media
5. On verification of the invoices, it was pertinent to note that contact numbers on both the invoices were same & authorized signatory for both the invoices is Mr Ketu
6. The nature of services provided by both the vendors is similar
7. Post blacklisting of Bakshi, same owner opened another company “XYZ Limited”

Evidence proving relation and common links between JJ Advertising & Bakshi Media

Modus Operandi/Detection Method used

8. Digital Forensic – Walkthrough

8.1 Workflow

Stage 1 – Disk Imaging

• It involves entire system imaging including system files.
• Data Imaging happens on the basis of Binary codes created in the system.

Stage 2 – Processing of Data

• System creates hash value for each data so as to maintain the originality & enables to submit in court of law. If any of the contents of original files are changed after processing of data, new hash value is created.
• Also recovers deleted files by user.

Stage 3 – Carving

• Carving allows to recover all formatted files which were once a part of the system even if the computer has been formatted multiple times.

Stage 4 – Indexing

• An Index is like a data base of text strings extracted from files or space on an evidence image

Stage 5 – Review

• Review is based on keyword search which are general as well as specific to the ongoing project
• Unique searches of min 250 key words having minimal multiplier of 4
• Manual review of the files populated by the tool

8.1 Report – Digital Forensic (Web Nexus)

Disclaimer: Names in following examples have either been masked or renamed for confidentiality purposes

9. Interrogation Techniques

10. Care to Cure

10.1 Companies Act, 2013

Section 143(12) – Reporting by Auditors: If during the course of audit, the auditor has reason to believe that an offence of fraud involving an amount exceeding Rs. 1 crore or more is being or has been committed against the company by the officers or employees of the company, then the auditor shall report the matter to the Central Government.

If the amount involved in fraud is less than Rs. 1 crore, the auditor shall report the matter to the audit committee or Board within a period of 2 days from the date of his knowledge of fraud.

10.2 CARO 2020

CARO 2020 provides for specific requirements for reporting of fraud under clause 11.

1. Has there been any fraud by the company or any fraud done on the company. If any such fraud has been noticed or reported any time of the year. If yes, nature and amount involved have to be reported.
2. Whether the auditors of the company have filed a report in Form ADT-4 with the Central Government as prescribed under the Companies (Audit and Auditors) Rules, 2014.

10.3 Other Compliances

(Depends on industry and Company Composition)

• SEBI Reporting
• RBI Reporting
• Whistle-blow cases – mandatory status reporting by statutory auditor
• Regulatory bodies outside India, if requirement so persists
• Adherence to AML guidelines & ABAC guidelines
• EOW Reporting – ₹6 crore and above

11. Forensic – Prospects

11.1 Forecasting the Future – Emerging Trends in Forensic

Key insights

• The global Forensic Accounting Services market is estimated to grow annually at a CAGR of around 6.5% over the forecast period (2023-2030).
• In terms of revenue, the global Forensic Accounting Services market size was valued at around USD 16.5 billion in 2022 and is projected to reach USD 27.3 billion, by 2030.
• The global Forensic Accounting Services market is being driven by the growing number of frauds in the BFSI sector.

12. Directories

12.1 Current trends Directory

• GDPR- Revolutionary Regulation
• SEBI tightens norms for Forensic Audit
• Introduction of Forensic Standards
• AI and Data mining in forensic

12.2 Theory Directory

• Men to men marking theory
• Cluster Theory
• Un-orthodox Theory
• Connect the dot theory
• Confirmation Bias Theory
• Time Bomb Theory
• Corporate Espionage
• Hydro Theory
• Orphan Fund Theory

12.3 Our Directory

• Maths on fraud
• 7 Eye’s on fraud detection
• CVC technique for fraud prevention
• In-house Tools like – Mail Scanning, SCAN, Mind Muneem
• Whistle–blow mechanism – Whistle-Eye

12.4 Take-Way

• Aura of forensic audit
• Practical Knowledge
• Point of View- General Auditor V/s Forensic Audit
• Forensic Readiness