Commission on Audit

FORENSIC AUDIT MANUAL

09 SEPTEMBER 2011
Fraud - Forensic Audit Manual Preamble

TABLE OF CONTENTS

PREAMBLE .................................................................................................................. v
Key Terms ...................................................................................................... vii
INTRODUCTION ......................................................................................................... 1
GENERAL PROCEDURES ............................................................................................ 7
Chapter 1. FRAUD RISK ASSESSMENT ................................................................ 11
1.1 Plan the Fraud Risk Assessment .............................................................. 13
1.2 Understand the Agency .......................................................................... 16
1.3 Identify all Potential Fraud Risks.............................................................. 17
1.4 Assess the Likelihood and Impact of all Potential Fraud Risks ..................... 20
1.5 Identify and Evaluate Key Fraud Risks ..................................................... 21
1.6 Document Audit Responses for the Results of the Fraud Risk Assessment ... 23
Chapter 2. PROACTIVE GUIDELINES ................................................................... 24
Test of Controls .............................................................................................. 27
2.1 Identify Agency-Level Controls ................................................................ 27
2.2 Evaluate Design of Agency-Level Controls ................................................ 27
2.3 Test Effectiveness of Agency-Level Controls ........................................... 29
2.4 Identify Process-Level Controls................................................................ 30
2.5 Evaluate Design of Process-Level Controls ................................................ 30
2.6 Test Effectiveness of Process-Level Controls ............................................. 32
Detection Procedures ...................................................................................... 33
2.7 Design Response to Address Identified Fraud Risks ................................... 33
2.8 Execute Fraud-Specific Detection Procedures ........................................... 37
2.9 Reporting of Results ............................................................................... 41
2.10 Case Samples ........................................................................................ 42
Chapter 3.0 REACTIVE GUIDELINES ...................................................................... 46
3.1 Preliminary Investigation ........................................................................ 47
3.2 Full-Blown Investigation ........................................................................ 48
3.2.1 Plan the Fraud Investigation......................................................... 50
3.2.2 Execute - Investigation Fieldwork ................................................. 56
3.2.3 Evaluate Results of Fraud Investigation ......................................... 71
3.2.4 Reporting Results of Fraud Investigation ....................................... 75

ii
Fraud - Forensic Audit Manual Preamble

ATTACHMENTS ......................................................................................................... 78
1 : FoAM Form-01 Fraud Risk Assessment Planning Template .......................... 78
2 : Fraud Scheme Categories ........................................................................ 82
3 : Sample FRA Template ............................................................................. 94
4 : FoAM Form-02 Fraud Risk Assessment Template ...................................... 96
5 : Sample Procedures for Evaluating Design of ALC ....................................... 99
6 : FoAM Form-03 Agency-Level Controls Design Evaluation Template ............105
7 : Sample Procedures for Testing Operating Effectiveness of ALC ..................107
8 : FoAM Form-04 Agency-Level Controls Effectiveness Testing Template........112
9 : FoAM Form-05 Process-Level Controls Design Evaluation Template ............115
10: FoAM Form-06 Process-Level Controls Effectiveness Testing Template .......117
11: FoAM Form-07 Detection Responses Template .........................................120
12: FoAM Form-08 Red Flags Internal Memorandum Template ........................123
13: FoAM Form-09 Preliminary Investigation Results Template ........................125
14: FoAM Form-10 Investigation Work Plan Template .....................................127
15: Rules of Evidence...................................................................................129
16: FoAM Form-11 Evidence Matrix Template.................................................135
17: Guidelines in Conducting Fraud Investigation ...........................................137

iii
Fraud - Forensic Audit Manual Preamble

LIST OF DIAGRAMS

Diagram 1. Linkage of IRRBA and FoA Framework .................................................... 3

Diagram 2. Relationship between Fraud Risks and COA Services ................................ 4
Diagram 3. Fraud- Forensic Audit Framework ........................................................... 5
Diagram 4. Procedures in Fraud- Forensic Audit Framework ....................................... 6
Diagram 5. COA Responsibilities in conducting Fraud-Forensic Audit ........................... 7
Diagram 6. Proactive Phase Procedures.................................................................... 9
Diagram 7. FRA linkage to IRRBA Framework ......................................................... 12
Diagram 8. FRA Process Flow ................................................................................ 13
Diagram 9. Fraud Risk Universe ............................................................................. 18
Diagram 10. Fraud Triangle .................................................................................... 19
Diagram 11. Matrix for KFR Overall Assessment ........................................................ 21
Diagram 12. Proactive Phase Linkage to IRRBA Framework ....................................... 25
Diagram 13. Proactive Phase Process Flow ............................................................... 26
Diagram 14. ALC Testing ........................................................................................ 28
Diagram 15. PLC Testing ........................................................................................ 31
Diagram 16. Reactive Phase Process Flow ................................................................ 49
Diagram 17. Execution of Full-blown Investigation .................................................... 56
Diagram 18. Responsibilities of Special Audit Team ................................................... 72
Diagram 19. Linking/Networking ............................................................................. 74

iv
Fraud - Forensic Audit Manual Preamble

PREAMBLE

It is the vision of the Philippine Government to reduce fraud within government agencies
and instrumentalities. Fraud in government results in inability to achieve mandate or
objective for the pursuit of good governance.

As stated in Section 2 Article IX of the 1987 Philippine Constitution,

1. The Commission on Audit (COA) shall have the power, authority, and duty to examine, audit,
and settle all accounts pertaining to the revenue and receipts of, and expenditures or uses of
funds and property, owned or held in trust by, or pertaining to, the Government, or any of its
subdivisions, agencies, or instrumentalities, including government-owned or controlled
corporations with original charters, and on a post- audit basis:
a. Constitutional bodies, commissions and offices that have been granted fiscal
autonomy under this Constitution;
b. autonomous state colleges and universities;
c. other government-owned or controlled corporations and their subsidiaries; and
d. such non-governmental entities receiving subsidy or equity, directly or indirectly,
from or through the Government, which are required by law or the granting
institution to submit to such audit as a condition of subsidy or equity.

However, where the internal control system of the audited agencies is inadequate, the
Commission may adopt such measures, including temporary or special pre-audit, as are
necessary and appropriate to correct the deficiencies. It shall keep the general accounts of
the Government and, for such period as may be provided by law, preserve the vouchers and
other supporting papers pertaining thereto.

2. The Commission shall have exclusive authority, subject to the limitations in this Article, to
define the scope of its audit and examination, establish the techniques and methods required
therefore, and promulgate accounting and auditing rules and regulations, including those for
the prevention and disallowance of irregular, unnecessary, excessive, extravagant, or
unconscionable expenditures or uses of government funds and properties.

As can be understood from the above Section 2, the authority and powers of the
Commission shall extend to and comprehend all matters relating to auditing procedures,
systems and controls, the keeping of the general accounts of the Government, the
preservation of vouchers pertaining thereto for a period of ten years, the examination and
inspection of the books, records, and papers relating to those accounts; and the audit and
settlement of the accounts of all persons respecting funds or property received or held by
them in an accountable capacity, as well as the examination, audit, and settlement of all
debts and claims of any sort due from or owing to the Government or any of its
subdivisions, agencies and instrumentalities. The said jurisdiction extends to all government-
owned or controlled corporations, including their subsidiaries, and other self-governing
boards, commissions, or agencies of the Government, and as herein prescribed, including

v
Fraud - Forensic Audit Manual Preamble

non-governmental entities subsidized by the government, those funded by donations

through the government, those required to pay levies or government share, and those for
which the government has put up a counterpart fund or those partly funded by the
government. (Section 26 PD 1445).

The World Bank, consistent with this mandate, entered in a joint undertaking to develop a
Fraud-Forensic Audit Manual (FoAM or the Manual) in order to strengthen the capacity,
effectiveness, and consistency of state auditors in preventing and detecting fraud within the
Government.

The COA has commissioned SyCip Gorres Velayo and Company (SGV & Co.) to provide
technical assistance in preparing the FoAM to help the COA combat fraud in the
government. The purpose of this is to increase the effectiveness of COA auditors in
detecting fraud during the course of their regular audit and to provide consistency in the
conduct of fraud (forensic) audit.

The FoAM provides guidance not only on fraud investigation but also on fraud prevention
and detection.

The Manual is a living framework, and the COA should update the Manual at least annually
to sustain its relevance to COA auditors and consider emerging trends of new frauds or
techniques and tools to combat fraud.

This Manual is intended for use of all COA state auditors, whether they are in the National,
Corporate, Local Sectors, Regional Sectors or other sectors.

vi
Fraud - Forensic Audit Manual Preamble

KEY TERMS

Agency/ies Government bodies or offices

ACD Assistant Cluster Director

ALC Agency-Level Controls

AOM Audit Observation Memorandum

ATL Audit Team Leader

BAC Bids and Awards Committee

CAATTs Computer-assisted audit tools and techniques

CD Cluster Director

COA Commission on Audit

CGS Corporate Government Sector

FAIO Fraud Audit and Investigation Office

FRA Fraud Risk Assessment

FoAM Fraud/Forensic Audit Manual

GWSPA - Government-wide and Sectoral Performance Audit

INCOSAI - International Congress of Supreme Audit Institutions

INTOSAI - International Organization of Supreme Audit Institutions

IRRBAF - Integrated Results and Risk Based Audit Framework

IRRBAM - Integrated Results and Risk Based Audit Manual

ISA - International Standards on Auditing

ISSAI International Standards of Supreme Audit Institutions

ITO Information Technology Office

ITGC - Information Technology General Controls

KFR Key Fraud Risk

LGS Local Government Sector

LS Legal Services

vii
Fraud - Forensic Audit Manual Preamble

ML Management Letter

NGS National Government Sector

NGICS National Guidelines on Internal Control Systems

PD Presidential Decree

PLC Process-Level Controls

RD Regional Director

RO Regional Office

SA Supervising Auditor

SAT Special audit team

TS Team Supervisor/s

TSO Technical Services Office

UTA Understanding the Agency

WB World Bank

viii