Forensic PPT - Use of CAAT in Forensic Review

USE OF CAAT IN FORENSIC REVIEW
FAFD
Nashik Branch
CA. Satyaprakash R. Jaiswal
Dec. 21-22, 2019 FCA, DISA (ICAI), FAFD (ICAI), CFE (USA)
A GENDA
 Introduction
 Use of CAAT in Analysis
 Models for Data analysis
 Beneish Model
 Benford’s Law Analysis
 Relative Size Factor Analysis (RSF)
 Luhn Algorithm
 CAAT - Other Data Analysis Software
 Scenarios for Discussion
 Data Analysis Checklist
Use of CAAT in forensic review 2
W HAT IS F INANCIAL S TATEMENT F R AUD ?
✓ Financial statement fraud is “the deliberate misrepresentation of
the financial condition of an enterprise accomplished through the
intentional misstatement or omission of amounts or disclosures in the
financial statements in order to deceive financial statement users.”
✓ Most common forms of Financial statement fraud :
− Fictitious revenues, Timing differences, Concealed liabilities or expenses,

Improper disclosure, Related party transactions and Improper asset
valuations.
✓ Improper revenue recognition, including fictitious revenues and

timing differences, accounts for approx. half of all financial statement
frauds.
✓ From an accounting perspective, revenues, profits, or assets are

typically overstated, while losses, expenses, or liabilities are typically
understated.

D ETECTION OF E ARNING M ANIPULATION
✓ The probability of manipulation increases with:
 Unusual increases in receivables
 Deteriorating gross margins
 Decreasing asset quality
 Sales growth and
 Increasing accruals.
✓ The systematic relation between the likelihood of manipulation and

financial statement variables suggests that accounting data are useful
in detecting manipulation and assessing the reliability of accounting
earnings.

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
U SE OF CAAT IN A NALYSIS
Frequently used Excel functions:
1) Filter
2) Duplicates
3) IF Function
4) Lookup Function
5) Formula Auditing
6) PivotTable

U SE OF CAAT IN A NALYSIS
Frequently used Idea functions:
1) Summarisation
2) Stratification
3) Aging
4) Join & Visual connector
5) Gap detection
6) PivotTable
7) Benford’s Law
8) Field statistics

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
A GENDA
 Introduction
 Beneish Model

 Luhn Algorithm
B ENEISH M ODEL
✓ Beneish model (popularly known as M-Score) was modelled by
Professor M. Beneish in 1999. It is a mathematical model that adopts
financial metrics to identify the extent of manipulation in company’s
earnings.
✓ The variables are constructed from the data in the company's

financial statements and, once calculated, create an M-Score to
describe the degree to which the earnings have been manipulated.
✓ The M-Score is composed of eight ratios that capture either financial

statement distortions that can result from earnings manipulation or
indicate a predisposition to engage in earnings manipulation.

B ENEISH M ODEL – E QUATIONS
✓ There are 2 equations:
✓ 5 Variable Equation (M)

= − 6.065+ 0.823 ∗ DSRI + 0.906 ∗ GMI + 0.593 ∗ AQI + 0.717 ∗ SGI +
0.107 ∗ DEPI
✓ 8 Variable Equation (M)

= − 4.84 + 0.920 ∗ DSRI + 0.528 ∗ GMI + 0.404 ∗ AQI + 0.892 ∗ SGI +
0.115 ∗ DEPI − 0.172 ∗ SGAI + 4.679 ∗ Accrual to TA − 0.327 ∗
Leverage
✓ An M-Score of less than − 2.22 suggests that the company is not an

accounting manipulator. (Example: −5 is less than − 2.22)
✓ An M-Score of greater than − 2.22 signals that the company is likely

an accounting manipulator. (Example: − 2 is greater than − 2.22)

B ENEISH M ODEL – 8 R ATIOS
Ratio Formula Description

Days Sales = Account Receivable • Disproportionate increases in the
in [CY]/ Sales [CY] receivables relative to sales may be
Receivables Divided by Account suggestive of revenue inflation.
Index (DSRI) Receivable [CY-1]/ • > 1 means % of A/c Receivable to
Sales [CY-1] sales is higher compared to PY.
• Large increase in days sales in
receivables to be associated with a
higher likelihood that revenues and
earnings are overstated.
Gross = (Sales-Cost of • > 1 means Gross Margin worsened in
Margin Sales) [CY-1]/ Sales CY with consequence that the
Index (GMI) [CY-1] Divided by company is likely to manipulate.
(Sales-Cost of Sales) • Positive relation between GMI and the
[CY]/ Sales [CY] probability of earnings manipulation.

B ENEISH M ODEL – 8 R ATIOS ( CONT.)
Asset = 1-[Current Assets • > 1 means Company has potentially
Quality in CY + Net Fixed increased its cost deferral or increase its
Index (AQI) Assets in CY]/ Total intangible assets & created earnings
Assets in CY Divided manipulation; may represent additional
By 1-[Current Assets expenses being capitalised to preserve
in [CY-1] + Net profitability
Fixed Assets in [CY- • Positive relation between AQI and the
1]/ Total Assets in probability of earnings manipulation.
[CY-1]
Depreciatio = Depreciation [CY- • > 1 indicates that the rate at which
n Index 1]/ (Depreciation + assets are depreciated has slowed down
(DEPI) net PPE)[CY-1] - raising the possibility that the firm has
divided by revised upwards the estimates of assets
Depreciation[CY]/(D useful lives or adopted a new method
epreciation + net that is income increasing.
PPE)[CY] • There is positive relation between DEPI
and the probability of manipulation.

Sales = Sales [CY] / Sales • >1 means positive growth and <1
Growth [CY-1] represents negative growth
Index (SGI) • Growth does not imply manipulation,
but growth firms are viewed by
professionals as more likely to commit
financial statement fraud because their
financial position and capital needs put
pressure on managers to achieve
earnings targets.
• If growth firms face large stock prices
losses at the first indication of a
slowdown, they may have greater
incentives to manipulate earnings.
Leverage = Total debts[CY] • > 1 indicates an increase in leverage.
Index (LVGI) /Total Assets[CY] • The variable is included to capture debt
divided by Total covenants incentives for earnings
debts[CY-1]/Total manipulation.
Assets[CY-1]

Sales General & = • An increase in Sales General &
Administrative SGA[CY]/Sales[CY] Administrative Expenses Index (SGAI)
Expenses Index divided by may suggest possible cover-ups of
(SGAI)
SGA[CY- fraudulent transactions related to
1]/Sales[CY-1] expense reimbursement schemes, such
as fictitious or multiple expense
reimbursements, overstating expense
reimbursements, and commission
schemes.
• Disproportionate increase in sales as
compared to SGAI = negative indication
Total Accruals = (Change in WC • > 1 means Accruals possibly used to

to Total Assets - Change in Cash) manipulate earnings
(TATA) Divided by Change • Increasing degree of accruals as part
in Total Assets of total assets indicate higher chance of
manipulation

B ENEISH M ODEL – L IMITATIONS
✓ Analysis done based on limited information provided in the financial
statements and the footnotes to the accounts.
✓ It can not be applied on Financial Companies (Banks) due to

unavailability of all variables required for analysis.
✓ The model is based on index variables. There is a chance that for

certain companies – the growth is extremely high for some years
which may not be due to earnings manipulation.

B ENEISH M ODEL – C ONCLUSION
✓ Absolute care must be taken by fraud detection experts when making
conclusive decision on the years with M-scores signifying No
manipulation tendency.
✓ This is because, this could possibly lead them to commit either

type 1 error (possibility of viewing a manipulator company as a
non manipulator) or type 2 error (possibility of viewing a non
manipulator company as a manipulator).

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
B ENFORD ’ S L AW A NALYSIS
✓ In 1881, Simon Newcomb, an astronomer and mathematician,
observed that library copies of books of logarithms were considerably
more worn in the beginning pages which dealt with low digits and
progressively less worn on the pages dealing with higher digits. He
inferred that fellow scientists used those tables to look up numbers
which started with the numbers one more often than those starting
with 2, 3 and so on.
✓ 50 years later, Mr. Benford, also noticed that first few pages of his
logarithm books are more worn than the last few. He came to the
same conclusion Newcomb had arrived that people more often
looked up numbers that began with low digits rather than high ones.
He attempted to test his hypothesis by collecting and analysing data.

B ENFORD ’ S L AW A NALYSIS ( CONT.)
✓ Mr. Benford found that Nos. consistently fell into a pattern with
low digits occurring more frequently in the first position than larger
digits. The mathematical tenet defining the frequency of digits is
known as Benford’s Law.
✓ In Benford’s Law, number patterns are used to detect potential fraud,

possible errors, manipulative biases, irregularities, etc.

Formulas for expected digital frequencies:
✓ For First digit of the number:

✓ Probability (D1= d1) = log10 (1+(1/d1)) ; d1=(1,2,3,…..9)
✓ Example: P(D1= 3) = log10 (1+(1/3)) = 0.12494
✓ For Two digit combinations:

✓ Probability (D1D2= d1d2) = log10 (1+(1/d1d2))
✓ Example: P(D1D2= 32) = log10 (1+(1/32)) = 0.01336
Where,
 D1 represents the first digit of a number

 D2 represents the second digit of a number, etc.

✓ Expected digital frequencies based on Benford’s Law
Position in no.
Digit 1st 2nd 3rd 4th
0 0.11968 0.10178 0.10018
1 0.30103 0.11389 0.10138 0.10014
2 0.17609 0.10882 0.10097 0.10010
3 0.12494 0.10433 0.10057 0.10006
4 0.09691 0.10031 0.10018 0.10002
5 0.07918 0.09668 0.09979 0.09998
6 0.06695 0.09337 0.09940 0.09994
7 0.05799 0.09035 0.09902 0.09990
8 0.05115 0.08757 0.09864 0.09986
9 0.04576 0.08500 0.09827 0.09982
Source: “A Taxpayer Compliance Application of Benford’s Law,” by M. Nigrini,

1996, Journal of the American Taxation Association.

8
Year Amount Year Amount Year Amount
7
1 1,100 21 7,400 41 49,785
2 1,210 22 8,140 42 54,764 6
3 1,331 23 8,954 43 60,240 5

4 1,464 24 9,850 44 66,264 4
5 1,611 25 10,835 45 72,890 3
6 1,772 26 11,918 46 80,180 2
7 1,949 27 13,110 47 88,197 1
8 2,144 28 14,421 48 97,017 0
9 2,358 29 15,863 49 1,06,719 1 2 3 4 5 6 7 8 9
10 2,594 30 17,449 50 1,17,391 Count of 1st Digit Exp. Frequency
11 2,853 31 19,194 51 1,29,130
Count of Exp.
12 3,138 32 21,114 52 1,42,043 No. Log
1st Digit Frequency
13 3,452 33 23,225 53 1,56,247 1 7 0.30103 7.22
14 3,797 34 25,548 54 1,71,872 2 4 0.17609 4.23
15 4,177 35 28,102 55 1,89,059 3 3 0.12494 3.00
16 4,595 36 30,913 56 2,07,965 4 2 0.09691 2.33
5 2 0.07918 1.90
17 5,054 37 34,004 57 2,28,762
6 2 0.06695 1.61
18 5,560 38 37,404 58 2,51,638 7 1 0.05799 1.39
19 6,116 39 41,145 59 2,76,801 8 2 0.05115 1.23
20 6,727 40 45,259 60 3,04,482 9 1 0.04576 1.10
Grand Total 24 24
Investment: ₹ 1,000/- @ 10% Interest

When Benford analysis is likely to be Examples
useful
Sets of numbers that results from mathematical • Accounts Receivable

combination of numbers – results comes from (Qty. * Price)
two distributions • Accounts Payable
(Qty. * Price)
Transactions level data – No need to sample Disbursements, Expenses,
Sales
On large data sets – the more observations the Full year’s transactions
better
Practical Application:
✓ Sales / Purchases ✓ Non-arm’s-length transactions

✓ Accounts payable (Expenses) data ✓ Customer refunds
✓ Estimations (accruals) in General Ledger ✓ Bad debts

When Benford analysis is not likely to be Examples
useful
Data sets are comprised of assigned numbers Cheque no.s, Invoice no.s,
Zip codes
No.s that are influenced by human thoughts Prices set at psychological
thresholds (99, 199), ATM
withdrawals, Retirement age,
etc.
Accounts with a built in maximum and minimum Set of assets that must meet
a threshold / ceiling to be
recorded
Where no transaction is recorded Theft, Kickbacks,
Contract rigging

Major Digit Tests (using IDEA Software)
✓ 1st Digit Test
✓ 2nd Digit Test
✓ First Two Digit Test
✓ First Three Digit Test
✓ Last Two Digit Test
✓ Second Order Test

Limitations:
✓ Effectiveness of digital analysis drops if the no. of contaminated

entries drops and not all accounts which contain fraud contain a
large no. of fraudulent transactions.
✓ In many instances, accounts identified as non-conforming do not

contain fraud.
Conclusion:
✓ While Benford analysis by itself might not be “surefire” way to catch
fraud, it can be useful tool to help identify some accounts for further
testing and therefore, should assist auditors in their quest to detect
fraud in financial statements.

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
R EL ATIVE S IZE FACTOR (RSF)
✓ The relative size factor test is a powerful test for detecting errors.
✓ The test identifies subsets where the largest amount is out of line with
the other amounts for that subset. The large difference could be
because the record either (a) actually belongs to another subset, or
(b) belongs to the subset in question, but the numeric amount was
incorrectly recorded.
✓ It highlights all unusual fluctuations, which may be routed from fraud

or genuine errors. RSF is measured as the ratio of the largest number
to the second largest number of the given set.

R EL ATIVE S IZE FACTOR (RSF) ( CONT.)
Largest Record in a Subset

✓ Relative Size Factor =
Second Largest Record in a Subset
✓ The test identifies records that are outliers to the rest of the amounts
within the subset groups.
✓ Large differences may be an indication of fraudulent activity, such as

occupational accounts payable fraud, falsified invoices, offset money
laundering revenue, or product sales to related companies (offshore
transfer pricing, etc.).

✓ The RSF test was developed as a result of a case where a company
wired a large amount of money to the bank account of a charity in
error. The funds were supposed to go to a vendor. The amount was
significantly more than any amount that had been donated to the
charity before.
✓ Had the company run a reasonableness test before initiating the

transfer, it would have seen that the amount was way out of line with
any amount previously sent to the charity.
✓ This test has led to large recoveries in accounts payable audits. The
test has also found interesting forensic results in an investigation of
sales numbers, insurance claim payments and inventory numbers.

✓ The RSF test identifies subsets where one amount is significantly
larger than the other items in the subset. The formula identifies the
largest amount in a subset and divides it by the second largest
amount.
✓ The RSF report usually includes

(a) the subset name or number,
(b) the largest amount for the subset,
(c) the second largest amount for the subset,
(d) the record count for the subset, and
(e) the relative size factor.
This test has most often been run using the largest and second
largest numbers in the various subsets.

✓ Investigators can adapt this formula to
(a) the largest amount divided by the average amount,
(b) the largest divided by the average where the average excludes
the largest number, and
(c) the smallest number divided by the average (which is used when
looking for understatements).

R EL ATIVE S IZE FACTOR - A PPLICATION
✓ Data entry mistakes
✓ Alterations in decimals
✓ Wrong coding with masters (Vendors, Customers, Employees, etc.)
✓ Revenue items charged to capital accounts and vice versa
✓ Excess payments in payroll
✓ Inventory Valuation

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
LUHN A LGORITHM
✓ The Luhn algorithm or Luhn formula, also known as the “Modulus 10"
or "Mod 10" algorithm, is a simple checksum formula used to validate
a variety of identification numbers, such as credit card numbers, IMEI
numbers, National Provider Identifier numbers in the United States,
Canadian Social Insurance Numbers, Israel ID Numbers and Greek
Social Security Numbers (ΑΜΚΑ).
✓ It was created by IBM scientist Hans Peter Luhn and described in
U.S. Patent No. 2,950,048, filed on January 6, 1954, and granted on
August 23, 1960.

LUHN A LGORITHM ( CONT.)
✓ The algorithm is in the public domain and is in wide use today.
✓ It is specified in ISO/IEC 7812-1.
✓ It is not intended to be a cryptographically secure hash function; it
was designed to protect against accidental errors, not malicious
attacks.
✓ Most credit cards and many government identification numbers use
the algorithm as a simple method of distinguishing valid numbers
from mistyped or otherwise incorrect numbers.

✓ Assume, 12345674 is a valid card number, of which first 7 digits,
1234567 is the main original number and 4 is the checksum.
✓ Example: If a user enter 13245674 (2 and 3 are switched), then the
program calculates the checksum for 1324567 and finds 5 instead
of 4 expected.
✓ Hence, the number is invalid and so has been badly typed.

✓ How to verify a number with Luhn? (Validity check)
 The algorithm starts by the end of the number, from the last right
digit to the first left digit.
 Realize a sum of digits by multiplying by 2 all digits of even rank.
 If the double is equal or superior to 10, replace it by the sum of
its digits. (viz., 12 as 1+2=3)
 The control digit number is equal to (10-sum % 10) % 10.

✓ Say when we validate the number – 12345678911against Luhn’s
Algo, we get a zero as modulo10 of the sum of the Sum digits.
✓ Sum of Sum digits =1+4+3+8+5+3+7+7+9+2+1 = 50

✓ Modulo 10 of Sum of Sum digits = 50/10
Modulus 10 of Sum digits 0

✓ Strengths and weaknesses
 The Luhn algorithm will detect any single-digit error, as well as
almost all transpositions of adjacent digits.
 It will not, however, detect transposition of the two-digit
sequence 09 to 90 (or vice versa). It will detect 7 of the 10
possible twin errors (it will not detect 22 ↔ 55, 33 ↔ 66 or 44
↔ 77).

✓ Strengths and weaknesses (Cont.)
 Because the algorithm operates on the digits in a right-to-left
manner and zero digits affect the result only if they cause shift in
position, zero-padding the beginning of a string of numbers does
not affect the calculation.
 Therefore, systems that pad to a specific number of digits (by
converting 1234 to 0001234 for instance) can perform Luhn
validation before or after the padding and achieve the same
result.

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
C OMPUTER A SSISTED A UDIT T ECHNIQUES
Computer Assisted Audit Techniques (CAATs) are computer programs that
the auditor uses as part of the audit to process data of audit significance
to improve the effectiveness and efficiency of the audit process.
Six key questions that data analytics can address:
Past Present Future

Information What happened? What is happening What will happen?
now?
(Reporting) (Alerts) (Extrapolation)
Insight How and why did What’s the next best What’s the best / worst
it happen? action? that can happen?
(Modelling, (Recommendation) (Prediction,
experimental optimization,
design) simulation)

CAAT - O THER DATA A NALYSIS S OFTWARE
Some of the commonly used commercial applications (other than Excel) :
a) IDEA (Interactive Data Extraction and Analysis)

(www.casewareanalytics.com)
b) ACL (www.acl.com)
c) Arbutus Analyser (www.arbutussoftware.com)
d) SAS (www.sas.com/software)
e) Active Data for Excel (www.informationactive.com)
f) Auto Audit (risk.thomsonreuters.com)
g) Datawatch Corporation’s Monarch for Windows (www.datawatch.com)
h) Oversight Systems (www.oversightsystems.com)

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
S CENARIOS FOR D IS CUSSION
1) Sales Analysis
2) Payroll

S CENARIO – 1 : S ALES A NALYSIS
The following are typical examples of data analysis queries that can be
performed to detect fraud through examination of sales information:
a) Create a report of all system overrides and sales exceptions.
b) Analyse returns and allowances by store, department, or other

areas.
c) Summarise trends by customer type, products, salesperson, etc.
d) Compare ratios of current sales to outstanding receivables or other

variables
e) Generate reports on a correlation between product demand or

supply and sales prices

S CENARIO – 2 : P AYROLL
The following are examples of data analysis queries that can be

performed to help detect fraud through examination of payroll records:
a) Summarise payroll activity by specific criteria for review.
b) Identify changes to payroll or employee files.
c) Compare timecard and payroll rates for possible discrepancies.
d) Prepare cheque amount reports for amounts over a certain limit.
e) Check proper supervisory authorisation on payroll disbursements.

A GENDA
 Introduction
 Beneish Model
 Luhn Algorithm
D ATA A NALYSIS C HECKLIST
a) Ensure data validity and data integrity
b) Consider data format and structure
c) Count the zeros
d) Consider the spectrum of distinct level of aggregation at which fraud

monitoring is required
e) Begin with the end in mind
Always “think like a thief” when you’re examining written policies and
procedures and when you are interviewing subjects to identify
weaknesses or inadequate internal controls.

O NE QUESTION ALWAYS TO ASK –
“ Will this algorithm/calculation/working hold up -

under the intense scrutiny of a court of Law ?
”

CA. Satyaprakash R. Jaiswal S. R. Jaiswal & Associates
FCA, DISA (ICAI), FAFD (ICAI), CFE (USA) Chartered Accountants
satyaprakash@srjaiswalassociates.com
contact@srjaiswalassociates.com
+91-9930 535 851 / +91-7021 667 076
* All product names, logos, and brands are property of their respective owners. All
company, product and service names used in this presentation are for information
purposes only. Use of these names, logos, and brands does not imply endorsement.

Forensic PPT - Use of CAAT in Forensic Review

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Forensic PPT - Use of CAAT in Forensic Review

Uploaded by

Copyright:

Available Formats

USE OF CAAT IN FORENSIC REVIEW

✓ Most common forms of Financial statement fraud :

− Fictitious revenues, Timing differences, Concealed liabilities or expenses,

✓ Improper revenue recognition, including fictitious revenues and

✓ From an accounting perspective, revenues, profits, or assets are

Use of CAAT in forensic review 3

 Unusual increases in receivables

 Deteriorating gross margins

 Decreasing asset quality

 Sales growth and

✓ The systematic relation between the likelihood of manipulation and

Use of CAAT in forensic review 4

Use of CAAT in forensic review 6

Use of CAAT in forensic review 7

 Benford’s Law Analysis

✓ The variables are constructed from the data in the company's

✓ The M-Score is composed of eight ratios that capture either financial

Use of CAAT in forensic review 10

✓ 5 Variable Equation (M)

✓ 8 Variable Equation (M)

✓ An M-Score of less than − 2.22 suggests that the company is not an

✓ An M-Score of greater than − 2.22 signals that the company is likely

Use of CAAT in forensic review 11

Ratio Formula Description

Use of CAAT in forensic review 12

Use of CAAT in forensic review 13

Use of CAAT in forensic review 14

Total Accruals = (Change in WC • > 1 means Accruals possibly used to

Use of CAAT in forensic review 15

✓ It can not be applied on Financial Companies (Banks) due to

✓ The model is based on index variables. There is a chance that for

Use of CAAT in forensic review 16

✓ This is because, this could possibly lead them to commit either

Use of CAAT in forensic review 17

Use of CAAT in forensic review 19

✓ In Benford’s Law, number patterns are used to detect potential fraud,

Use of CAAT in forensic review 20

✓ For First digit of the number:

✓ Example: P(D1= 3) = log10 (1+(1/3)) = 0.12494

✓ For Two digit combinations:

 D1 represents the first digit of a number

Use of CAAT in forensic review 21

Source: “A Taxpayer Compliance Application of Benford’s Law,” by M. Nigrini,

Use of CAAT in forensic review 22

3 1,331 23 8,954 43 60,240 5

Use of CAAT in forensic review 23

Sets of numbers that results from mathematical • Accounts Receivable

✓ Sales / Purchases ✓ Non-arm’s-length transactions

Use of CAAT in forensic review 24

Use of CAAT in forensic review 25

✓ 1st Digit Test

✓ 2nd Digit Test

✓ First Two Digit Test

✓ First Three Digit Test

✓ Last Two Digit Test

✓ Second Order Test

Use of CAAT in forensic review 26

✓ Effectiveness of digital analysis drops if the no. of contaminated

✓ In many instances, accounts identified as non-conforming do not

Use of CAAT in forensic review 27

✓ It highlights all unusual fluctuations, which may be routed from fraud

Use of CAAT in forensic review 29

Largest Record in a Subset