This article is written by Shristi Borthakur, of Symbiosis Law School, NOIDA, where she discusses the meaning and process of forensic audit.
Contrary to the name, a forensic audit has got nothing to do with forensic sciences, or criminology for that matter. A forensic audit, also known as forensic accounting, refers to the application of accounting methods for detection and gathering evidence of frauds, embezzlement, or any other such white-collar crime. It is the application of accounting skills to legal questions. As of now, it has taken up an important role in both public and private organisations, especially in advanced economies.
What is the difference between a financial audit and forensic audit?
Engaging an audit is an important strategy to run a business, and all business-owners should know to identify the times when an audit is needed. However, forensic auditing is not the same as financial audit, both in terms of objective and procedure, leaving no scope for overlap. A financial audit is aimed at mere examination of the entity’s financial statement, and adds credibility to the reported financial position and performance of a business. For example, sometimes, lenders and suppliers ask for an audited financial statement before they are willing to carry forward with the end of the deal. However, the object of a forensic audit is much beyond that. Forensic audit/accounting is a specialised branch of accounting, that requires a specialized skill set for fraud detection. A forensic auditor examines a company’s system of internal controls to identify any weaknesses in the controls designed to safeguard assets and to determine whether anyone in the company has exploited control weaknesses to misappropriate assets for personal gain, including corruption, bribery, extortion, embezzlement, misappropriation, etc. It adds a legal substance to the auditing procedure. Thus, where a financial audit is done, and there is a suspect-asset-fraud, a forensic audit is done to identify that.
Who are forensic auditors and what are their roles?
Forensic auditors/accountants do not differ from other financial accountants. However, they possess special skills to detect fraud, and ways to document it. Their role goes beyond just looking into statements, that includes investigation, bringing out evidence, writing reports, understanding the legal scope of the evidence, and ways to prove it in court. Thus, a forensic auditor is need of a little more professional scepticism and has to conduct critical assessment throughout the audit of all essential material, which is known as forensic thinking. It can be understood that the work of a forensic auditor is two-phased.
- Investigation Services – At first the auditor begins with an investigation; looking into the accounts and statement, and identifying defects in it. It then moves on to find ways to deal with such defects, which is a reactionary function.
- Litigation Services – It is entirely possible the frauds detected be resolved within the company itself. However, there are times when they need to be resolved through legal channels. During such situations, forensic auditors give litigation support to the advocates. Their advice and consultation about the legalities of commercial disputes are very essential. Moreover, they also provide research assistance by giving relevant documents and facts to support a legal claim, and also help decide the extent of damage that is required. They are also called up by the Court as an expert witness for further investigation.
Are all chartered accountants equipped to conduct a forensic audit?
Analysing the above roles and responsibilities of a forensic auditor, not all chartered accounts are equipped to conduct a forensic audit, as it is a specialised field within accountancy, requiring a distinct skill-set. In light of this, CAs need to take up special training in order to qualify as a forensic auditor. The key point to note here is that the work of a forensic auditor extends beyond the mere concepts of accountancy. It includes the understanding of different tools and software to analyze the goals of an audit, along with knowledge of fraud psychology, criminal laws, legal documentation, etc. Moreover, a forensic auditor also plays a crucial role in the court proceedings and is often called on to given expert testimony on issues and questions which may not also be easily answerable by a CA. Thus, becoming a forensic auditor requires expert training, to that point that there are specialised courses and degrees available in this regard.
What are the things that are investigated in a forensic audit? (Types of Investigation)
Corruption is a major obstacle at corporate levels, and also to socio-economic development. It has far-reaching consequences, even total closure of the company. It can have ill-effects on the image of the business/company and jeopardize it drastically. It includes any illegitimate use of the office and its resources, or dishonest behaviour. In such instances, a forensic auditor tries to look for accounts of bribery and extortion, or anything that will amount to a conflict of interest.
- Bribery – It refers to dishonestly influencing one’s role/ position to receive something, and at the same time promising something favourable to the party proving such benefit. The problem with bribery arises due to the fact, that not always does on stand in such a position to offer anything. It hampers the interest and profits of the company when one acts beyond his authority. It is also illegal to do so.
- Extortion – Taking a step ahead from bribery, extortion involves the use of threat, force or violence to extract money from another party/person. This may be done on the pretence of ‘protection money’ for small businesses, sophisticated schemes of cyber extortion, etc. the identification of extortion in company finances reduces its credibility in the eyes of its clients, suppliers, etc. which is the primary reason for having a solid financial statement.
- Conflict of interest – On a related note, anything, including bribery, that is done with the intention to gain personal benefit, and which is detrimental to the company, forms the objective of a forensic audit.
This is the most common form of fraud that is prevalent in company finances. This included misappropriation of cash, raising fake invoices, payments made to non-existing suppliers or employees, misuse of assets or theft of Inventory. It happens when people who are entrusted to manage the assets of a company/organisation, steal from it. The biggest possible detriment of such an act is that it may lead to infiltration by other organisations to take control over the control of the victim organisation. The direct hit is on the cash flow of the organisation.
Financial Statement Fraud (FSF)
Financial statement fraud is the deliberate misrepresentation, misstatement or omission of financial statement data for the purpose of misleading the reader and creating a false impression of an organization’s financial strength. The most common practice here is deferring revenues or expense in a different time period to give the appearance of consistent earnings or growth. Towards the other extreme, it includes overstating of revenues. It diminishes the confidence of capital markets and market participants in the reliability of financial information and decreases the effectivity of the capital market.
Most of the times, corruption and fraud in a company can be regulated and eradicated, without having to go for a forensic audit, and taking drastic legal steps thereafter. The easiest way to ensure this is to implement Anti-Money Laundering (AML) courses among employees, and also harbour an honest work environment. It is pertinent that there exists expressed reliability and accountability mechanisms to help foster such work environment, along with an environment of control. Such techniques reduce the probability of corruption in a company and its ill-effects. Prevention can be considered even at the time of recruitment by way of thorough background checks and vetting processes.
How is forensic auditing investigation conducted?
Step 1 – Accepting the Investigation
A forensic audit is always assigned to an independent firm/group of investigators in order to conduct an unbiased and truthful audit and investigation. Thus, when such a firm receives an invitation to conduct an audit, their first step is to determine whether or not they have the necessary tools, skills and expertise to go forward with such an investigation. They need to do an assessment of their own training and knowledge of fraud detection and legal framework. Only when they are satisfied with such considerations, can they go ahead and accept the investigation.
Step 2 – Planning the Investigation
Planning the investigation is the key step in a forensic audit. The auditor(s) must carefully ascertain the goal of the audit so being conducted, and to carefully determine the procedure to achieve it, through the use of effective tools and techniques. Before planning the investigation, they should be clear on the final categories of the report, which are as follows,
- Identifying the type of fraud that has been operating, how long it has been operating for, and how the fraud has been concealed
- Identifying the fraudster(s) involved
- Quantifying the financial loss suffered by the client
- Gathering evidence to be used in court proceedings
- Providing advice to prevent the recurrence of the fraud.
Fraud Triangle and Fraud Risk
A fraud triangle is a tool used in forensic auditing that explains three interrelated elements that assist the commission of fraud- Pressure (motive), opportunity (ability to carry out the fraud) and rationalization (justification of dishonest intentions). Fraud risk is the vulnerability a company/organisation has to those who are capable of overcoming the three elements in the fraud triangle. Fraud risk assessment is the identification of fraud risks that exist in the company/organisation. The planning involves the formulation of techniques and procedures that align with the fraud risk and fraud risk management.
Planning also includes the identification of the best way/mode to gather evidence. Thus, it is necessary that ample research is done regarding certain investigative, analytical, and technology-based techniques, and also related legal process, with regard to the outcome of such investigation.
Step 3 – Gathering Evidence
In forensic auditing specific procedures are carried out in order to produce evidence. Audit techniques and procedures are used to identify and to gather evidence to prove, for example, how long have fraudulent activities existed and carried out in the organization, and how it was conducted and concealed by the perpetrators. In order to continue, it is pertinent that the planning stage has been thoroughly understood by the investigating team, who are skilled in collecting the necessary evidence.
The investigators can use the following techniques to gather evidence,
- Testing controls to gather evidence which identifies the weaknesses, which allowed the fraud to be perpetrated
- Using analytical procedures to compare trends over time or to provide comparatives between different segments of the business
- Applying computer-assisted audit techniques, for example, to identify the timing and location of relevant details being altered in the computer system
- Discussions and interviews with employees
- Substantive techniques such as reconciliations, cash counts and reviews of documentation.
Forensic Data Analysis (FDA)
FDA is the technology used to conduct fraud investigations; the process by which evidence is gathered, summarized and compared with existing different sets of data. The aim here is to detect any anomalies in the data and identify the pattern of such anomalies to indicate fraudulent activity. Such an analysis requires three kinds of expertise,
- Data analyst to perform the technical steps and write the queries
- Team member with extensive experience of the processes and internal controls in the relevant area of the investigated company
- A forensic scientist who is familiar with patterns of fraudulent behaviour
Step 4 – Reporting
The reporting stage is the most obvious element in a forensic audit. After investigating and gathering evidence, the investigating team is expected to give a report of the findings of the investigation, and also the summary of the evidence and conclusion about the loss suffered due to the fraud. It should also include the plan of the fraud itself, and how it unfolded, basically the whole trail of events, and suggestions to prevent such fraud in the future.
Step 5 – Court Proceedings
The last stage expands over those audits that lead to legal proceedings. Here the auditors will give litigation support as mentioned above. The auditors are called to Court, and also included in the advocacy process. The understanding here is that they are called in because of their skill and expertise in commercial issues and their legal process. It is important that they lay down the facts and findings in an understandable and objective manner for everyone to comprehend so that the desired action can be taken up. They need to simplify the complex accounting processes and issues for others to understand the evidence and its implications.
What is the regulatory stance on forensic audits?
Reserve Bank of India
The Reserve Bank of India has made forensic audits mandatory for large advances and restructuring of accounts. In light of this, the RBI recently came up with the concept of creating a ‘forensic audit pool.’ It was reported that it wants banks to create a common pool of forensic audit firms so that they can pick one of them quickly whenever a high-value fraud needs to be investigated. The aim was to ensure that there wasn’t any wastage of time in the garb of evaluating the eligibility criteria of auditing firms. It was seen that such a step could pave way for Banks to investigate instances of high-value frauds is that banks can quickly take appropriate action, including fixing staff accountability, lodge complaints with law enforcement agencies, and invoke penal measures, such as debarring fraudulent borrowers from availing bank finance or raising funds from capital markets, explained the official.
Also, by mandating forensic audits, the RBI operationalised a Central Fraud Registry (CFR), a web-based searchable database of frauds containing data for the last 13 years, in January 2016. This was aimed at timely identification and mitigation of frauds and also serve as a potent tool for banks in making informed business decisions. Determined to ‘clean up’ the Indian banking system, the RBI also directed a self-conducted forensic audit for 10 defaulters, on top of the audits done by the Banks, ‘to know whether lenders followed established practices and processes while sanctioning those loans.’
Enforcement Directorate (ED)
The ED is a law enforcement agency and economic intelligence agency responsible for enforcing economic laws and fighting economic crime in India. It is part of the Department of Revenue, Ministry of Finance. It comprises officers of the Indian Revenue Service, Indian Police Service and the Indian Administrative Service. The ED along with the Serious Fraud Investigation Office has increasingly depicted the need for and importance of forensic audits following the rise in money laundering and wilful default cases that are plaguing the banking system. The recent probe into the Mallya PMLA case by the ED to conduct forensic audits is a stunning example in this regard. This was declared in May, 2016 when the ED declared the possibility of conducting a forensic audit of the electronic platforms on which the accounts and transactions of the group companies of liquor baron Vijay Mallya were being conducted in order to take forward its money laundering probe against him in the alleged Rs 900-crore IDBI bank loan fraud case.
In another recent case, the ED seized mutual funds valued at Rs 10.35 crore under the FEMA law of a company “controlled” by businessman and former IPL Chairman Chirayu Amin in the Panama Papers Case.
How can forensic audits prevent generation of non-performing assets in banks?
“A non-performing asset (NPA) refers to a classification for loans on the books of financial institutions that are in default or are in arrears on scheduled payments of principal or interest. In most cases, debt is classified as non-performing when loan payments have not been made for a period of 90 days.” The problems that a bank face while dealing with NPA can be summed up as follows,
- It reduces the cash flow of that particular bank, as it all depends on the cycle of lending and repayment.
- The reduction in cash flow directly hits on the overall capital that is available to the bank to give subsequent loans.
- Also, the earnings of the bank are solely based on the repayment of loans it has lent. The loss caused by NPAs are set off against the earning, ultimately reducing the earning and credibility of the bank.
To deal with NPAs, the banks are always expected to bring about change in their policies to stop classification of NPAs, by restructuring the loans. However, a proactive role that a bank can play in this regard is to conduct forensic audits on loan-taking entities to ensure the security of payment. This may be the only effective way to discover financial discrepancies at the time of giving a loan, and throughout the period of repayment. This is also a safety-net that is available to banks. It is not uncommon to discover companies with huge cash reserves being identified as NPAs. This was also conceptualised on the authority level wherein the rise in the numbers of NPAs was termed as a “potential damage to the growth story” of the Indian economy. Keeping this in the background, the Finance Standing Committee of Parliament has called for an immediate forensic audit of all restructured loans that had turned into bad debts, earlier this year. The panel also asked the apex bank to form empowered committees at the level of RBI, banks and borrowers to monitor large loans.
What are the legal consequences that a person will attract if he/she is caught in a forensic audit?
In order to understand the legal consequences that a person attracts on being caught in a forensic audit, it is necessary to know about the various statutes that talk about the implementation of forensic audits in India.
- Sections 235 and 237 of the Companies Act, 1956- Empowers the Central Government to inspect the books of accounts of a company, to direct special audit, to order an investigation into the affairs of a company and to launch prosecution for violation of the provisions of the Act.
- Provisions of Sick Industrial Companies Act incorporated into the Companies Act, 1956-
- The Section 424A(5) of the Companies Act, 1956 empowers National Company Law Tribunal (NCLT) to examine as a preliminary issue whether the company is a sick industrial company u/s. 2(46AA).
- Section 424B of the Companies Act, 1956 empowers the tribunal to make such inquiry as it may deem fit for determining whether any industrial company has become a sick industrial company.
- SEBI Act, 1992- Regulation 11 C of the SEBI Act, 1992 empowers the SEBI to direct any person to investigate the affairs of intermediaries or brokers associated with the securities market whose transactions in securities are being dealt with in a manner detrimental to the investors or the securities market.
- Insurance Act, 1938- Section 33 of the Act empowers the IRDA to direct any person (Investigating Authority) to investigate the affairs of any insurer.
- Prevention of Money-Laundering Act, 2002– Section 3 of the Act defines the offence of money laundering as the involvement of a person in any process or activity connected with the proceeds of crime and projecting it as untainted property, where the scope of integrating forensic audits can be clearly seen.
- The Companies (Auditor’s Report) Order, 2003- The Act requires the auditor to report to the effect that if a substantial part of fixed assets have been disposed of off during the year, whether it has affected the going concern status.
Refer to this link to understand in detail.
In light of these statutory authorities, the following penalties may be faced by a person, if he/she is caught in a forensic audit, by way of white-collar penalties.
- Penalty under the Prevention of Corruption Act, 1988 (PC Act)
- S. 168 of the IPC- Public servant unlawfully engaging in trade
“Whoever, being a public servant, and being legally bound as such public servant not to engage in trade, engages in trade, shall be punished with simple imprisonment for a term which may extend to one year, or with fine, or with both.”
- S. 171 B- Bribery, read with S. 7 of the PC Act
“Whoever commits the offence of bribery shall be punished with imprisonment of either description for a term which may extend to one year, or with fine, or with both. Provided that bribery by treating shall be punished with fine only” as per S. 171E.
- S. 403- Dishonest Misappropriation of property
- S. 405- Criminal Breach of Trust
“Whoever commits criminal breach of trust shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both” according to S. 406.
- S. 417- Cheating
- S. 463- Forgery
- Punishment for fraud u/s 477 of the Companies Act, 2003
“Whoever commits forgery shall be punished with imprisonment of either description for a term which may extend to two years, or with fine or with both” according to S. 465.
- Penalties under Prevention of Money Laundering Act, 2002
- Penalties under the Income Tax Act, 1961 for tax evasions.
- Section 43 and 44 of the IT Act- lays down penalty for the following
- Unauthorised copying of an extract from any data.
- Unauthorised access and downloading files.
- Introduction of viruses or malicious programmes.
- Damage to a computer system or computer network.
- Denial of access to an authorised person to a computer system.
- Providing assistance to any person to facilitate unauthorized access to a computer.
Refer to the following links
How can you reduce liability and instances of fraud?
The increasing instances of white collar crimes in India stem out of two basic ideas of greed and an attitude of “not a crime”. Thus, the courts take a strict view of such instances to decide on such matters and eradicate the rising rates of such crimes, which are also a major hindrance to the growing state of the economy. In order to decrease the possibility of such crimes, and also eventually reduce liability, companies can keep the following points in mind for mitigating fraud risk.
- It is highly recommended that companies harbour a “stop before it starts policy” by creating a transparent working environment.
- Employ teams to conduct a frequent analysis of the fraud triangle keeping in view the working atmosphere in the company.
- Come up with policies to work on the ‘rationalisation’ aspect of the fraud triangle to strike at the root of the problem.
- Follow a dynamic approach while defining fraud in the company transactions keeping in mind the ongoing scenario of white collar crimes.
- The institution of strong internal controls and anti-fraud technologies in the electronic platform.
- Thorough and frequent evaluation of the company’s code of conduct.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: