* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter 10
Survey
Document related concepts
Transcript
Chapter 10 Using Information Technology for Fraud Examination and Financial Forensics Critical Thinking Exercise A married couple goes to a movie. During the movie the husband strangles the wife. He is able to get her body home without attracting attention. How is this possible? The Digital Environment • “Garbage-in, garbage-out” • Maintain data integrity • Be able to prove origins and credibility of the data Overview of Information Technology Controls • IT audit – Planning – Tests of controls – Substantive tests • Computer-Aided Audit Tools and Techniques (CAATT) • Application controls – – – – – – Source documents Data coding controls Batch controls Validation controls Record validation Examination of application input system Overview of Information Technology Controls • Processing controls – Ensure processed data maintains its integrity as it moves within the system • Output controls – Spooling – Print programs and bursting – Monitor waste – Identify responsibility Overview of Information Technology Controls • General framework for viewing IT risks and controls – IT operations – Data management systems – New systems development and integration – Systems maintenance – Systems back-up and contingency planning – Electronic commerce – Control over computer operations IT Audits and Assurance Activities • Black box approach – Develop understanding of the system – Test integrity of data and system • White box approach – System walk-throughs (tracing) – Authenticity – Accuracy – Completeness – Redundancy – Access audit trail – Rounding error test IT Audits and Assurance Activities • IT systems personnel may be colluding to conceal fraud • Few understand information technology • IT professional may substitute inappropriate version of software to alter data • IT auditor must ensure entire control environment is examined Digital Evidence • Digital evidence analysis helps sift through, organize and analyze large amounts of evidence – Must be examined with speed and accuracy • Electronic Imaging • Computer forensics • Warrant or subpoena required to obtain digital evidence – Probable cause • Initial acquisition • Maintain good work papers Tools Used to Gather Digital Evidence • Road MASSter – Portable computer forensic lab – Acquire and analyze electronic data – Preview and image hard drives – Completely remove and erase stored files and programs from hard drives • EnCase – Investigate and analyze data in multiple platforms – Identify information despite efforts to hide, cloak or delete data – Manage large volumes of computer evidence Recovering Deleted Files • Deleted files aren’t removed from hard drive • Until computer reuses space where file resides, the data in the file will remain intact • Defrag command – Reorganize hard drive for more efficient data storage • Undelete software – Searches for clues as to the locations of the disk space where the deleted file resides – Examine unallocated disk space Recovering Deleted Email • Emails are stored in mail folders • Each folder is considered a separate file • Prior to compaction, deleted emails may be recovered using software • E-discovery rules require organizations to provide electronic files going back in time – Probability of deleted email recovery is greatly enhanced Restoring Data • More sophisticated approach • Restore lost files under more challenging circumstances • Stop writing to drive to increase probability of recovering data • High security or privacy software make the chance of restoring files non-existent • Manual restoration is sometimes needed – Cost-benefit analysis Detection and Investigation in a Digital Environment • Must have understanding of what could go wrong • Targeted approach required • “Flat file” – Sequential, indexed, hashing and pointer file structures • “Hierarchical and network database” – Relational • “Rifle shot approach” Data Extraction and Analysis Software Functions • • • • • • • • • • • • • Sorting Record selection and extraction Joining files Multi-file processing Correlation analysis Verifying multiples of a number Compliance verification Duplicate searches Vertical ratio analysis Horizontal ration analysis Date functions Recalculations Transactions and balances exceeding expectations Data Extraction and Analysis Software • Choose based on individual case • Which is most appropriate for current investigation? • Two categories of data mining and knowledge discovery software – Public domain/shareware/freeware – Commercial applications IDEA data Analysis Software • • • • Interactive Data Extraction & Analysis Generalized audit software Imports data in differing file formats Examine file statistics and observe raw data values underlying those statistics • Bender’s Law analyses • Compare and recalculate invoices • Helps organize work ACL • • • • • • • Audit Control Language Audit analytics and continuous monitoring software Ensure internal controls compliance Investigate and detect fraudulent activity Continuous auditing Independent verification of transactional data ACL uses in digital environment – – – – – Audit analytics Continuous auditing and monitoring Fraud detection and investigation Regulatory compliance Secure data access Picalo • Data extraction and analysis tools • Used to analyze – – – – – – Financial information Employee records Purchasing systems Accounts receivable and payables Sales Inventory systems • Can be programmed to – – – – analyze network activities web server logs system login records import email into relational or text-based databases Graphics and Graphics Software • Most people are overwhelmed by a page of numbers • Three roles in an investigation – Investigative tool – Identify holes – Communicate investigative findings, conclusions and results • Types of graphics software – – – – The association matrix Link charts Flow Diagrams Time Lines The Association Matrix • Identifies major players who are central to an investigation • Identify linkages between those players • Starting point for reflecting important data in a simplified format • Helps investigator visually see important links The Association Matrix Link Charts • More complex than association matrices • Graphically represent important relationships – Linkages between people, businesses and “organizations” • Create graphic representation of known and suspected associations that are involved in criminal activity Link Charts Flow Diagrams • Analyze movement of events, activities and commodities • Discover meaning of activities and their importance to the investigation Flow Diagram Timeline • Chronologically organize information about events or activities • Help determine what has or may have occurred and the impact those actions had Timeline Other Graphical Formats Case Management Software • Manage cases and case data • Organize case data in meaningful ways • Present information for use in reports or during testimony • Used to initiate investigations • Case management software tools – Analyst’s Notebook i2 – Lexis-Nexis CaseMap Analyst’s Notebook i2 • Visualize complex schemes • Organize and analyze large volumes of seemingly unrelated data • Bring clarity to complex investigations, schemes and scenarios • Increase evidence management efficiency Lexis-Nexis CaseMap • Central repository for case knowledge • Organize information, facts, evidence, documents, people, case issues and applicable law • Evaluates relationships between different attributes of the case information • TimeMap • TextMap • NoteMap • DepMap