Log in / Register
Home arrow Business & Finance arrow Fraud and fraud detection
< Prev   CONTENTS   Next >

Sampling Is Not Enough

While sampling is mandated for certain audit procedures and is very suitable to provide assurances of accuracy formally or for the auditor's own comfort, the inherent limitation is that sampling only examines a small segment of the population or dataset and not all transactions are tested. Sampling may be a practical approach due to the number of transactions; but detecting fraud is looking for needles in haystacks. In sampling, there are so many transactions that are never touched by the auditor. There is a high probability that certain transactions of interest would not be selected as part of the sample and therefore not reviewed in detail.

If MUS is selected as the sampling type and larger amounts are more likely to be randomly selected, smaller anomalies may escape attention. Some frauds consist of a number of lower-dollar transactions that may total to a significant amount. Regardless of the dollar amount, any fraud is serious and may indicate a weakness in the control system. Fraudulent transactions do not typically appear in data sets randomly. There is usually a pattern. The fraudster exploits that same control weakness over and over or may be limited to certain dollar amounts. The limit may be due to the control system or by design of the fraudster to escape attention. Very often, fraudsters are aware of auditors' concepts of materiality and scope.

Sampling works well when transactions are relatively consistent throughout the data set. If sampling is not effective to detect fraud, what are the measures or tests that can be applied? There are numerous analytical techniques and tests that are available, and ad hoc, repetitive, and continuous monitoring procedures can be used.

Ad hoc allows you to explore and seek out fraud or opportunity for potential fraud. You develop a theory of an area of fraud or that may lead to fraud. For example, you believe that there may be opportunity for vendor-payment fraud in the accounts payable department. One test might be in reviewing inactive vendors that suddenly start having payments made to them again. Did the company actually start using that vendor again or is it possible that payments are being made to a phantom company with a similar name? An employee who can issue payments but has no authority to create accounts may be using the inactive vendor account.

Suppose that you found payments posted to the formerly inactive account of ABC Co. but the checks were made out to ABC Inc. and mailed to a post office box. Obviously further investigation would be necessary. Regardless whether the discovered anomaly was indeed fraud, it is an area for potential fraud.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science