Home
About Us
Contact Us
Feedback
 
 
  Login | Register Now

Quick Link

Research

Investigation

Payroll & HR

Internal Audit

3D Vision
   
 

The concept of 3-D vision and its application in audits and investigations

Evaluation of information and decision making can be more effective when information from different sources is viewed comprehensively. A few people are gifted with a vision called three-dimensional vision (3-D vision). They have the ability to comprehend the actual depth of a picture. An average person normally is guided not by what he sees, but what he perceives or, what he thinks he sees. Compared to such an average person, people, who have developed a 3 D vision, see and understand much more than what the picture apparently reveals. This three-dimensional vision, in a certain sense, can be applied to risk diagnosis by corporate management with incredible results.

The Scientific Principle of 3 D Vision

How does the three-dimensional effect take place? Scientifically speaking, the two eyes of a human being see the same object from slightly different angles. Therefore, although the object is the same, the brain receives two slightly different images, which are infused. The viewer thus perceives solidity and depth of the object studied. In much the same manner, top management receives corporate reports and information from several sources: Internal reviews, assessments, reports from internal auditors, external auditors, consultants, staff, etc. In spite of such abundance of information, time and resource constraints prevent management from exploiting the wealth of such information by viewing it on one platform. Unless a meaningful evaluation of the information is done, even if tons of data are available, they are nothing but a mass of clutter.

Relevance to Auditors

SAP 4 requires auditors to apply modified or extended procedures where situations of fraud or error appear to exist. How then does the auditor come to the conclusion that there could exist frauds or errors which could materially impair the information in the financial statements available for audit? Well, developing a vigilant approach using the principle of the 3 D vision explained above, could be one of the tools which might be effective. By collecting information from as many sources as is possible, and by applying the 3-D vision, one can easily see the underlying features of the information, which otherwise may not be comprehendible, This is because, collusion between employees can lead to fraud even in the best of systems. No amount of internal control, security, and precautionary measures can eliminate fraud based on collusion. Therefore, extremely powerful tools are required to detect, combat, and tackle fraud arising out of collusion. The key point is that information must be collated and digested from various sources to be of value. This is the essence of the principle of 3 D vision.

Case studies on 3 D vision

Case study 1. Simple application of 3 D vision A trading company, dealing in various types of spares, accessories for certain types of engineering, chemical and pharmaceutical companies was undergoing risk evaluation. The risk evaluating consultant, an investigator, observed that the company received information from various sources such as internal review reports from its senior managers, internal audit reports, and statutory audit reports periodically. It took action on their findings in a timely manner on a one to one basis, but it never occurred to the company to view the findings collectively. The latest reports revealed the following (very simplified) findings which the investigator tabulated as follows :

Summary of Internal Review Reports :

  • Investments made in contravention of policy guidelines
  • Customer credit procedural lapses
  • Use of unlicensed software
  • Data access security breaches in address databases


Summary of the external auditors had comments regarding:

  • Investments made in contravention of policy guidelines
  • Unreasonably high salary, overtime and allowance payments to Information Systems (IS) department
  • Excessive cash payments
  • Non-compliance with certain statutory provisions relating tax deductions at source
  • Weakness and delays in material receiving, rejection and acceptance procedures


Summary of internal auditors’ reports

  • Stale cheques reversals not carried out
  • Vendors’ challans not preserved; payments were effected on Goods Received Notes certified by the stores keeper.
  • Excessive cash payments
  • Sales discounts in Delhi branches excessive and in contravention of policies
  • Several unsupported cash expense vouchers



As per routine practice, the management took a one-for-one routine action regarding each of the findings. Obtaining explanations, reprimands, and modifying control procedures as and where required was done. Management did not view the reports together. However during a risk evaluation carried out, it was revealed that point 4 of the internal review report was closely related to point 2 of the external auditor’s report and point 2 of the internal auditor’s report. It was a very interesting fraud and had damaged the company to the tune of almost 2 crores of rupees in the past five years. The investigator felt that each of these points had a connection and he obtained the consent of the company to make further inquiries. In relation to the external auditors’ comment regarding delays in accepting the ,material, he observed that the pre purchase procedures relating to vendor selection such as floatation of inquiries, receiving of sealed quotations, vendor selection in consultation with financial managers, were complied with. However material receiving was done very slowly and sometimes it took several days before the material was accepted and recorded in stocks. He was explained that quality control necessitated weeding out of rejections from the materials supplied. If they exceeded 3 percent, a debit note was sent to the vendor. With respect to point 4 of the internal review report, he learnt that there was a database of all external parties who were associated with the company. It contained party code, name, address, nature of relationship (eg vendor, customer, depositor etc) items supplied or sold, rates currently in force, partners’ names, etc. He reviewed the database access logs What surprised the investigator was that, during security breaches only the address fields were altered or modified. The explanation given was that in case of a change in address or telephone numbers or such other non financial data field, the process of access control authorisation not disciplinarily implemented, but would be done in the future. The investigator was not satisfied; he scrutinised the access logs for the last six months and tabulated all records which had changes in the address fields. He got the results which he was expecting. 90 % of the changes were in address field relating to certain vendors. The logs clearly showed that the changes were made twice; once for a change of the old address to a new one and then a change back to the old one. On digging further he found that the address changes were always effected when material from those vendors was received. The vendor’s cheque was posted to the changed temporary address. After posting of the cheques the address would be returned back to the old address. Realising that there was something seriously wrong, he made a personal visit to one of the vendors to check out the truth. He found that the vendors had never asked for any change of address. He was further shocked when he learnt that the vendors had a near zero rejection rate for materials supplied. He was explained that in the last 5 years the process of manufacturing certain items had been changed from hand made process to total electronic automated machining. If at all there was any quality defect, (highly unlikely) the vendor could be debited for that value. The earlier 3 percent rejection percentage had ceased to be in force for 5 years. The auditor began to see light. A full investigation revealed that the purchase manager in collusion with the database systems administrator would have the address temporarily changed which would enable the cheque to get posted to an address of an accomplice. The accomplice would encash the cheque clandestinely through accounts opened in the cloned vendor names. The accomplice would then send the net cheque for 97 percent to the original vendor. The delay in accepting the material provided the time for this rerouting of cheques to take place. What further helped the purchase manager was that the purchase invoicing was done by the vendor at the end of each month on the basis of quantity supplied during the month. This was an appropriate system five years ago when a high rate of rejections was common. The purchase manager had insisted with the vendors to continue with this system because it helped him to make payments on the basis of goods receipt notes and consequently to reroute the cheques to his accomplice. More facts fell into place when the auditor visited the stores clerk who certified quantity of materials received. The store keeper explained that he had been instructed to destroy vendor’s challans since the company relied upon its own goods receipt notes only. He also confirmed that some of the items (ones supplied by these vendors) never had any significant rejections but were just kept aside till the final inspection was carried out by the purchase manager himself. All that the clerk was required to do was to certify the accepted quantity on the goods received notes, which he honestly carried out. Nevertheless the purchase manager siphoned out about 2 crores of rupees on the strength of a rejection rate which was not really applicable. The company paid for the 3 percent rejections which never existed at all. Both the internal review and the auditors’ report did in their own way point out control deficiencies, but did not reveal the depth of the underlying fraud. Each report presented only a part of the picture — just like a part of an object visible through one eye. Explanations given in respect of weaknesses seemed satisfactory when viewed in the context of the individual assignments. However the risk assessment clearly revealed the fraud using this marvelous tool called the 3 D vision.

It is evident in this case that such collusion would have been very difficult to detect. However 3-D vision enabled the investigator to focus on the information and results of the other sources to unearth the fraud. Fraud by collusion can be overcome to some extent by using this 3 D vision combination.


For any assistance kindly contact support@chetandalal.com
 
© 2001-2006 Chetandalal.com
Home | About us | Investigation | IT Audit | Contacts Us
 
 Dedicated Server, Web Hosting, Web Promotion & Web Design by Version-Next.com