Weekly Blog #5 - Criminal Fraud and the Law

Q: What process or strategies could you implement, if engaged as a forensic accountant expert witness, to make sure you are not partisan? You can consider this question generally or you can focus on one aspect of the process, e.g. report writing.

As an independent expert appointed to the court it is critical that evidence provided is objective and independent of the parties involved (Coenen, 2014).  The expert role is governed by APES215 which states the expert witness duty is to the court and not to either party involved in the conflict (CPA, 2014).

To assist in maintaining impartiality as an expert witness, a number of strategies are available to assist in providing transparency in approach and support conclusions reached.  I believe the most effective strategies include, bi-partisan involvement in discussions and clarifications and transparency of methodology.  If both parties cannot be present at the same time, full disclosure and clear documentation must be completed (Bawaneh, 2011). 

If I was to experience a similar situation, I would also recommend commencing with a clearly defined scope of work, from the court, regarding the expert role and requirements.  Strategies from a report writing perspective would include clearly stating the scope and any limitations that may impact conclusions reached, ensure any methodology adopted in reaching conclusions is fully documented, transparent and repeatable. Reports should be written clearly and concisely, be jargon free and any conclusions or opinions should be clearly stated with detailed reasoning and any supporting evidence noted (Barrera, 2015).

References

Barrera, G., & Elam, D. (2015). The accountant's role in supporting A legal prosecution. Journal of Service Science (Online), 8(1), 7. Retrieved from http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/1733566228?accountid=13380

Bawaneh, S. S. (2011). Forensic accountants in the digital age. Interdisciplinary Journal of Contemporary Research in Business, 3(3), 75-86. Retrieved from http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/887725434?accountid=13380

Coenen, T. L. (2014). THE FORENSIC ACCOUNTANT AS CONSULTANT. Family Advocate, 36(3), 22-24. Retrieved from http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/1474194218?accountid=13380

CPA Australia. (2014). APES 215: Forensic Accounting Services Fact Sheet. Retrieved from:http://www.cpaaustralia.com.au/~/media/corporate/allfiles/document/professional-resources/ethics/apes-215.pdf

Additional links and relevant information:

http://www.forensicmag.com/articles/2011/06/how-be-effective-expert-witness-court-part-1

http://www.forensicmag.com/articles/2010/02/expert-witness-effective-courtroom-testimony

Weekly Blog #4 - Criminal Fraud and the Law

Q: There are a number of crimes that can be committed in the business world that fall under the banner of fraud, bribery and corruption and the Corporations Act 2001 (Cth) attempts to address these criminal matters.  However, strict or vicarious liability is really what matters in attempts by legislators and the courts to address this continuing problem in the corporate world.

I agree with the statement above because the nature of the Corporations Act 2001 forces organisational action in controlling activities (ComLaw, 2012).  In simple terms, Chief Executive Officers (CEO) and Directors may be liable for their employees’ actions thus needing appropriate policies in place to minimise these risks. 

The major crimes categories in the business world (white-collar crime, organised crime, computer crime and regulatory crime) often involve misuse or manipulation of organisational resources.  Extension of liability allows the legislators to ensure proper code of conduct (Wattford, 2011) policies are embedded in organisations. These extensions encourage the company to implement and monitor compliance controls to govern activities and minimise risk of these crimes occurring (Stewart, 2006).

Thinking ahead as a CEO or Director, liability for the actions of employee’s could threaten my own livelihood or freedom.  Ensuring that governance controls within the organisation, aligned with protecting the organisation from such risks, would also protect myself. Implementation of appropriate code of conduct, operational controls and training policies will minimise risk and the potential liability. My recommendations would include implementation of: (Dundas Lawyers, 2012);

1.      Code of conduct.  

2.      Pre-employment screening checks.

3.      Electronic activity monitoring.

4.      Regular audits and review of policies. 

References

ComLaw. (2012). Australian Government: Federal Register of Legislation. Corportations Act 2001. Retrieved from https://www.legislation.gov.au/Details/C2015C00336

Dundas Lawyers. (2012). Can employees be vicariously liable for the criminal acts of employees? Retrieved from https://www.dundaslawyers.com.au/can-employers-be-vicariously-liable-for-the-criminal-acts-of-employees/

 

Stewart, J. (2006). White collar crime: Fraud, bribery and corruption - all alive and well? Credit Control, 27(4), 50-60. Retrieved from http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/208172593?accountid=13380

Wofford, J. (2011, Oct 03). Major crimes drop in September, data show. McClatchy - Tribune Business News Retrieved from http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/895862966?accountid=13380


Additional links to relevant information regarding strict and vicarious liability for stakeholders:

http://www.inc.com/articles/1999/11/15396.html

http://law.jrank.org/pages/2255/Vicarious-Liability.html

Weekly Blog #3 - Introduction to legal framework

Q: The Honourable Kirby AC CMG considers that changing the regulatory environment will strengthen the profession of forensic accounting.  The challenge for forensic accountants, practising in the profession, is to keep up with the changes.  At paragraph 1.2 of APES215 (page 3) reference is made to "APES215 [setting] the standard for members in the provision of quality and ethical Forensic Accounting Services. Why is it important that forensic accountants understand and keep up with the development of this new "regulatory environment"?

It is crucial for forensic accountants to understand and keep up with the development of the new ‘regulatory environment’.  The regulatory environment consists of laws and regulations that have been developed by federal, state and local governments in order to exert control over business practices (DiGabriele, 2009).

As per APES 215 (2013), forensic accountants have a duty to the court (CPA, 2014). To properly perform this duty, they must be aware, understand and ably apply any new regulations.  In a recent discussion with a forensic investigator from KPMG, an example of a possible change to APES 215 was raised.  Should changes to key terms and requirements, including things such as amendments to expert witness reporting (APES 215, 2014, slides 4-5), occur, a forensic accountant who was unaware of these changes could fail in their duty to the court.  According to paragraph 1.2 of APES 215 (2013), presenting a forensic report to the court guided by out-of-date regulations would be a violation.

Courts function in accordance with a ridged framework of rules and regulations. Forensic accountants who understand and effectively apply these changes will be highly beneficial for the organisation they work for (DiGabriele, 2009)

References

Accounting Professional & Ethical Standard Board (APESB). (2014). Revised APES 215 Forensic Accounting Services.  Retrieved from:http://www.apesb.org.au/development/APESBCMS/ver1.3/uploads/news/speeches_presentation/25112014025238_APESB_Presentation_-_CAANZ_Forensic_Accounting_Conference_-_29_Oct_2014.pdf

Accounting Professional and Ethical Standards Board (APESB). (2013).  APES 215: Forensic Accounting Services.  Retrieved from:http://www.apesb.org.au/~apesborg/development/APESBCMS/ver1.3/uploads/news/media_release/11122014051214_revised-apes-215-december-2013.pdf

CPA Australia. (2014). APES 215: Forensic Accounting Services Fact Sheet. Retrieved from:http://www.cpaaustralia.com.au/~/media/corporate/allfiles/document/professional-resources/ethics/apes-215.pdf

DiGabriele, J. A. (2009). Implications of regulatory prescriptions and audit standards on the evolution of forensic accounting in the audit process. Journal of Applied Accounting Research, 10(2), 109-121. doi:http://dx.doi.org/10.1108/09675420910984673

Additional links to relevant information such as APES215 and keeping up with regulatory environment:

 https://www.cpaaustralia.com.au/~/media/corporate/allfiles/document/professional-resources/ethics/apes-215.pdf?la=en

 http://pwc.blogs.com/fraud_academy/2015/09/event-011015-the-regulatory-environment-recent-changes-and-how-they-impact-you.html

Weekly Blog #2 - COBIT 5, Products and their Enablers

Q: There is an exaggerated reaction by business in general on the need for information security to minimise fraud, bribery and corruption.  These days, with virus, adware and malware protection, along with other information and security software, passwords and user IDs, the need for addressing security in 2016 has been minimised.

I disagree with the statement because information technology continues to evolve rapidly.  Looking through the lens of the COBIT 5 framework, it is important to continually update and maintain IT security to an acceptable level (COBIT 5, 2007).  Hardly a day goes by without news of a new exploit or data theft somewhere around the world.  As an enabler of fraud, bribery and corruption, new technology provides criminals with a rich opportunity to constantly revise and modify behaviour to bypass increased security.  The idea of ‘set and forget’ security as a means of protection is a myth as such security measures quickly become obsolete (Tibken, 2012).

I understand how one could rely too much on computer software to protect them, especially if one does not consider the data held to be of much value or when there have been no attempts or instances of fraud or corruption detected by the business. 

Reflecting on my own experience, I have relied on software to detect every virus and malicious software. I was playing a computer game online and after downloading ‘maintenance patches’, I later found one of them consisted of an embedded key logger. Thankfully it was a segregated computer only used for gaming.  Now as I consider my own online activity, I realise the value that my personal information assets hold for other people.  Working in a Doctors Surgery, I can only imagine the value of our patients health records, should they be stolen or unlawfully accessed.  

I think that in a business environment, it is vital to make sure correct Information security policies are both in place, and constantly revised and updated, in order to minimise these risks. Working with information technology is inevitable in the current day and age.  I am now more aware of the value of COBIT 5 enablers as a control measure to assist in minimising business risk.

References

COBIT 5 Executive Summary and Framework.  IT Governance Institute (2007). (pp5-28, 29-32)

Tibken, S. (2012, Apr 02). Leadership: Information technology (A special report) --- the enemy within: For the IT staff, the biggest security risk is...the IT staff.Wall Street Journal Retrieved from http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docview/963476250?accountid=13380



Additional links and relevant information on why security cannot be minimised and why we must be aware of cyber criminals:

 http://www.kpmg.com/us/en/issuesandinsights/articlespublications/press-releases/pages/81-of-healthcare-organizations-have-been-compromised-by-cyber-attacks-in-past-2-years-kpmg-survey.aspx

https://www.kpmg.com/Global/en/IssuesAndInsights/.../cyber-crime.pdf

Weekly Blog #1 - IT Governance Frameworks

Q: It is of the utmost importance to separate management from governance policy-making, which is usually undertaken by the board of directors. Without this structure in place, fraud, bribery and corruption are very high risks.

Yes I agree with the above statement. Consideration of the statement has given me cause to reflect on the need for separation of management and governance policy as one of the key COBIT 5 framework principals.  I have come to better understand the critical need to maintain segregation between governance and management as two fundamentally different disciplines.  Segregation ensures that management of the overall organisation, as driven by the CEO and executives, is in line with the broader governance requirements as set by the board (COBIT 5, 2007).

I believe if governance and management were not separated, the organisation opens itself up to fraud and corruption risk as it removes key monitoring and control measures which guide behaviour (De Haes, 2009). We provide employees with a framework to encourage appropriate behaviour in line with expectations.  I feel that the loss of these checks and balances provides opportunity, and with the right motive, people may be tempted into fraud, corruption or misconduct.

Understanding the principals of the COBIT 5 framework has helped me define the different roles of governance and management and the associated risks that result.  Either in an employee or management role, I would feel more comfortable with a proper segregated framework to work within.

References

COBIT 5 Executive Summary and Framework.  IT Governance Institute (2007). (pp5-28, 29-32)

De Haes, Steven and Van Grembergen, Wim (2009) ‘An Exploratory Study into IT Governance: Implementations and its Impact of Business/IT Alignment’, Information Systems Management, 26:2, 123-137.

Additional links to more relevant information and in-depth research on how COBIT 5 helps seperate management and governance policy making:

http://www.isaca.org/cobit/focus/pages/using-cobit-5-to-deliver-information-and-data-governance.aspx

https://www.isaca.org/COBIT/Documents/COBIT5-Introduction.ppt