Transcript Chapter 10

Chapter 10
Using Information Technology
for Fraud Examination and
Financial Forensics
Critical Thinking Exercise
A married couple goes to a movie. During the
movie the husband strangles the wife. He is
able to get her body home without attracting
attention. How is this possible?
The Digital Environment
• “Garbage-in, garbage-out”
• Maintain data integrity
• Be able to prove origins and credibility of the
data
Overview of
Information Technology Controls
• IT audit
– Planning
– Tests of controls
– Substantive tests
• Computer-Aided Audit Tools and Techniques (CAATT)
• Application controls
–
–
–
–
–
–
Source documents
Data coding controls
Batch controls
Validation controls
Record validation
Examination of application input system
Overview of
Information Technology Controls
• Processing controls
– Ensure processed data maintains its integrity as it
moves within the system
• Output controls
– Spooling
– Print programs and bursting
– Monitor waste
– Identify responsibility
Overview of
Information Technology Controls
• General framework for viewing IT risks and
controls
– IT operations
– Data management systems
– New systems development and integration
– Systems maintenance
– Systems back-up and contingency planning
– Electronic commerce
– Control over computer operations
IT Audits and Assurance Activities
• Black box approach
– Develop understanding of the system
– Test integrity of data and system
• White box approach
– System walk-throughs (tracing)
– Authenticity
– Accuracy
– Completeness
– Redundancy
– Access audit trail
– Rounding error test
IT Audits and Assurance Activities
• IT systems personnel may be colluding to conceal
fraud
• Few understand information technology
• IT professional may substitute inappropriate version
of software to alter data
• IT auditor must ensure entire control environment is
examined
Digital Evidence
• Digital evidence analysis helps sift through,
organize and analyze large amounts of evidence
– Must be examined with speed and accuracy
• Electronic Imaging
• Computer forensics
• Warrant or subpoena required to obtain digital
evidence
– Probable cause
• Initial acquisition
• Maintain good work papers
Tools Used to Gather Digital Evidence
• Road MASSter
– Portable computer forensic lab
– Acquire and analyze electronic data
– Preview and image hard drives
– Completely remove and erase stored files and
programs from hard drives
• EnCase
– Investigate and analyze data in multiple platforms
– Identify information despite efforts to hide, cloak
or delete data
– Manage large volumes of computer evidence
Recovering Deleted Files
• Deleted files aren’t removed from hard drive
• Until computer reuses space where file
resides, the data in the file will remain intact
• Defrag command
– Reorganize hard drive for more efficient data
storage
• Undelete software
– Searches for clues as to the locations of the disk
space where the deleted file resides
– Examine unallocated disk space
Recovering Deleted Email
• Emails are stored in mail folders
• Each folder is considered a separate file
• Prior to compaction, deleted emails may be
recovered using software
• E-discovery rules require organizations to
provide electronic files going back in time
– Probability of deleted email recovery is greatly
enhanced
Restoring Data
• More sophisticated approach
• Restore lost files under more challenging
circumstances
• Stop writing to drive to increase probability of
recovering data
• High security or privacy software make the
chance of restoring files non-existent
• Manual restoration is sometimes needed
– Cost-benefit analysis
Detection and Investigation
in a Digital Environment
• Must have understanding of what could go
wrong
• Targeted approach required
• “Flat file”
– Sequential, indexed, hashing and pointer file
structures
• “Hierarchical and network database”
– Relational
• “Rifle shot approach”
Data Extraction and Analysis
Software Functions
•
•
•
•
•
•
•
•
•
•
•
•
•
Sorting
Record selection and extraction
Joining files
Multi-file processing
Correlation analysis
Verifying multiples of a number
Compliance verification
Duplicate searches
Vertical ratio analysis
Horizontal ration analysis
Date functions
Recalculations
Transactions and balances exceeding expectations
Data Extraction and
Analysis Software
• Choose based on individual case
• Which is most appropriate for current
investigation?
• Two categories of data mining and knowledge
discovery software
– Public domain/shareware/freeware
– Commercial applications
IDEA data Analysis Software
•
•
•
•
Interactive Data Extraction & Analysis
Generalized audit software
Imports data in differing file formats
Examine file statistics and observe raw data
values underlying those statistics
• Bender’s Law analyses
• Compare and recalculate invoices
• Helps organize work
ACL
•
•
•
•
•
•
•
Audit Control Language
Audit analytics and continuous monitoring software
Ensure internal controls compliance
Investigate and detect fraudulent activity
Continuous auditing
Independent verification of transactional data
ACL uses in digital environment
–
–
–
–
–
Audit analytics
Continuous auditing and monitoring
Fraud detection and investigation
Regulatory compliance
Secure data access
Picalo
• Data extraction and analysis tools
• Used to analyze
–
–
–
–
–
–
Financial information
Employee records
Purchasing systems
Accounts receivable and payables
Sales
Inventory systems
• Can be programmed to
–
–
–
–
analyze network activities
web server logs
system login records
import email into relational or text-based databases
Graphics and Graphics Software
• Most people are overwhelmed by a page of
numbers
• Three roles in an investigation
– Investigative tool
– Identify holes
– Communicate investigative findings, conclusions and
results
• Types of graphics software
–
–
–
–
The association matrix
Link charts
Flow Diagrams
Time Lines
The Association Matrix
• Identifies major players who are central to an
investigation
• Identify linkages between those players
• Starting point for reflecting important data in
a simplified format
• Helps investigator visually see important links
The Association Matrix
Link Charts
• More complex than association matrices
• Graphically represent important relationships
– Linkages between people, businesses and
“organizations”
• Create graphic representation of known and
suspected associations that are involved in
criminal activity
Link Charts
Flow Diagrams
• Analyze movement of events, activities and
commodities
• Discover meaning of activities and their
importance to the investigation
Flow Diagram
Timeline
• Chronologically organize information about
events or activities
• Help determine what has or may have
occurred and the impact those actions had
Timeline
Other Graphical Formats
Case Management Software
• Manage cases and case data
• Organize case data in meaningful ways
• Present information for use in reports or
during testimony
• Used to initiate investigations
• Case management software tools
– Analyst’s Notebook i2
– Lexis-Nexis CaseMap
Analyst’s Notebook i2
• Visualize complex schemes
• Organize and analyze large volumes of
seemingly unrelated data
• Bring clarity to complex investigations,
schemes and scenarios
• Increase evidence management efficiency
Lexis-Nexis CaseMap
• Central repository for case knowledge
• Organize information, facts, evidence,
documents, people, case issues and applicable
law
• Evaluates relationships between different
attributes of the case information
• TimeMap
• TextMap
• NoteMap
• DepMap