Usually, I’m the one doing the auditing, but this time, I (Mack) was the one who was audited.
It was a great experience for me.
Well, sort of. No one likes being audited (ahem). But it gave me a fresh perspective of how others feel when I audit them.
This is the first of 3 posts; this post contains some background info on the project that was audited, and the second one discusses the audit and the results, and in the third post, I describe my perspective on the whole thing, and some takeaways.
Quiz yourself to discover how much you know about fraud investigations.
While you may not be tasked with leading an investigation, you might need to work with those working on such an investigation. Either way, do you know the basics?
This quick, 5-question quiz from the Journal of Accountancy will indicate what you know AND what you don’t. And whether you get each answer right or wrong, the answers provide additional information. Continue reading
Filed under Audit, fraud, Free
The Association of Certified Fraud Examiners recently posted an infographic entitled: Profile of a Fraudster.
Filed under Audit, Security
Frank Abagnale, the real-life con artist depicted in the Catch Me if You Can movie, talks about his life as a fraudster in a free video.
Back in the 1960s, Abagnale posed as an Pan Am airline pilot, a pediatrician, an FBI agent, and a lawyer. He was a master at conning people and passing bad checks. He even conned his dad (see ‘First Con’ heading).
Here’s my list of the top 10 reasons to be an IT auditor:
10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.
9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).
Free ACL tutorials are available on YouTube, along with a lot of videos with talking heads. The tutorials walk you through how to do a couple tests, but I found the video resolution to be rather poor. Maybe it’s my equipment, maybe it’s the result of a company trying to adapt some tutorials they already have to another delivery method.
Remember the Security Scout adventure where I roamed the basement of a major bank and found questionable security issues? If you missed it or need a refresher, read Major Bank Invites Hackers In?
Guess what happened at the bank?
Check out the 10-question quiz at The Journal of Accountancy regarding internal control. You don’t need to be a CPA to take it, as only 1 question leans toward the financial realm. Like most good quizzes, the answers are provided at the end, along with an explanation.
Most auditors and security analysts have never performed a wastebasket audit. Why do a trashcan audit?
I was rummaging around and found some old articles by David G. Coderre, one of the gurus of data analytics (I mentioned him in my Teach Yourself ACL post). Even though this articles are old, I found some rich history, interesting facts, and some audit ideas.
Richard Chambers, the president and CEO of the IIA, noted 5 defining events and their impact on internal auditing in the 90’s decade.
- Adoption of the Professional Practices Framework (2002)
- Financial Fraud and the Ensuing Corporate Failures (2002)
- Cynthia Cooper Named a Time Magazine “Person of the Year” (2002) – whistleblower at WorldCom (I had to look it up myself)
- Release of The PCAOB’s Auditing Standard Number 2 (2004) – which was then superseded by AS 5
- Global Economic Crisis (2008-2009)
Catch all his comments here. I think #2 is going to keep occurring with surprising regularity.
Is PCI still relevant? Some are proclaiming that PCI is irrelevant due to the recent, high-profile breaches. David Mortman disagrees, and I’m on his side.
Filed under Audit, Security
You can teach yourself how to use Audit Command Language (ACL), the data analytics software from www.highbond.com. ACL is used by internal auditors and others to: