AYB341 Full Set of Course Notes

77 Pages

Course Code

This preview shows pages 1,2,3,4. Sign up to view the full 77 pages of the document.
AYB341 – Financial Forensics and Business Intelligence Notes Lecture 1 – Introduction to Financial Forensics and Business Intelligence Data vs. Information  Data are the raw pieces of information– such as a transaction record, a click stroke on an Internet site etc.  Information is data to which business context and meaning has been added o It is data, which has been filtered, sorted, summarised, prioritised and presented, often in summary format. Example report of transactions by division o Reports provide information – for example an exception report o Information has value  Value of information is constantly changing due to the large quantities of information collected by organisations today  The value of information to an organisation is dependent on how each organisation changes its data into information to assist day to day business decision making  Managers require information to assist them to make accurate and timely decisions o Businesses regard information as a commodity and the possession of it as an asset o Today, successful people and businesses are those who control the information, its development, access, analysis and presentation o Information is a commodity but has no value in itself  Its value is derived from its understanding and subsequent application Value of Information  Factors affecting the value of information in organizations: o Completeness (if not complete wrong decisions can be made) o Accuracy (correct information- need to judge information on reputation of source, bias, what you already know) o Timeliness (available when its needed, all information has a use by date) o Consistency (doesn’t contradict itself) o Validity (unbiased, representative, verifiable) o Appropriateness (meaningful and relevant to suit users) o Uniqueness (no competitor has it) o Relevance (relevant to person who needs it or can use it or otherwise worthless) o Usability (user understanding of information) Growth of Forensics  Fraud is the largest crime (in $ value) in Australia  Two reasons its expanding: o Population increase o Easier access to technology  There has been an associated growth in the profession of business intelligence and analytics Page 1 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  The fraud triangle – why is fraud increasing? Definitions  Business intelligence o A popularised, umbrella term used to describe a set of concepts and methods to improve business decision making by using fact-based support systems. o Business intelligence is now widely accepted as being concerned with Information technology solutions for transforming the output from large Data collections into Intelligence. o The knowledge derived from analysing an organisation’s information.  Forensic Intelligence definition o Forensic intelligence is the accurate, timely and useful product of logically processing (analysis of) forensic case data (information) for investigation and/or intelligence purposes. o Getting information on fraud “court ready”. o Forensic intelligence can be viewed as comprising two parts:  Intelligence delivery in forensic casework (including computer forensics)  Performance aspects of forensic work (business intelligence) Page 2 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Decision Making  A decision is a reasoned choice among alternatives that is part of a broader context called problem solving  Each decision is made up of: o A decision statement o A set of alternatives o A set of decision making criteria  Like data, decisions can be structured or unstructured: o Structured – where the decision is based on facts in a situation of certainty o Unstructured – where a decision has to be made without all the facts in an uncertain situation  5 Step decision making process  7 Step decision making process 1. Focus on your goal and results. This will allow decision makers to see exactly what they are trying to accomplish and keep them in a specific path. 2. Collect Data. This will help decision makers obtain reliable proof to help them reach a solution. 3. Develop alternative ideas. Coming up with more than one solution to see which one can actually work. 4. List the pros and cons of each idea. Write a list of pros and cons. 5. Make a decision. After analysing each solution, choose the one that has the most advantages, and is a solution that everyone can agree. 6. Take action. Once the decision is chosen, you should implement it immediately. 7. Learn and reflect on the decision-making. This step allows you to see what you did right or wrong when it comes up, and put the decision to use. Page 3 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Decision maker classifications o Individual decision makers can be a single person or a computer system. o Multiple decision makers can be:  Groups where all members have a say in the decisions,  Teams where members support a single decision maker, or  Organizational where global agreement is needed.  Decision styles o Style is the manner in which a manager makes decisions o The effect of a particular style depends on:  Problem context  Perceptions of the decision maker  Own set of values o These elements intertwine in the formation of decision style o It also depends on what information they have  Good decisions o Good decisions are related to long term success of the organisation o Need to consider the forces which impact on the decision making process  There are 6 forces: personal needs, organisational, emotional, emergent, contextual, and economic/environmental o The four key areas that determine the relative difficulty of a decision are: 1. Structure – in general, the more structure, the less information required 2. Cognitive limitations – the human mind is limited to handling 5 to 9 distinct pieces of information 3. Uncertainty – the amount is based on how complete and accurate the information is 4. Alternatives and multiple objectives – the selection of one alternative may impede the progress towards  Group decision making o A group is a decision structure where multiple decision makers completely interact o A team is the decision structure where members advise one decision maker but do not interact o A committee is decision structure with a single decision maker and member interaction Page 4 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Lecture 2 – Data and its Role in Decision Making Data in Decision Making  Data, especially large amounts of individual transactions, are not a lot of use in business intelligence decision making unless management can drill down to a specific transaction within summary information to understand the higher level (summarised data)  Summarising data in a form that can be compared is the key to business intelligence  Being able to drill down into the detail and find transactions which are not appropriate is the key with forensic intelligence  Summarised data examples: o Dashboards o Formal reporting o ‘The process’ (Data -> databases -> transformation -> warehouse -> mining / reporting)  Types of information o Data: Raw (from a TPS) o Information: Data organised to convey meaning for example, Tables (Excel and Access) o Knowledge: Data items organised and processed to convey understanding, experience, accumulated learning, and expertise (formal reports with visualisations) Why do we need Databases?  To gather and store data  To build a history of business events  To store knowledge  To support e-commerce  To keep track of customers, sales, orders, payment receipts, suppliers, tax information, transaction data, general company knowledge, employees, external information (government, industry, research)  To save trees  To conduct our own research  Basic Data management concepts o Database (big)  A collection of data organised to meet users’ needs o Database management system (bigger)  Software used to access database o Database system (biggest)  Comprised of database, DBMS, and application programs Page 5 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Data Hierarchy  Field (smallest) o Name, number, or combination of characters that describes some aspect of an object  Record (bigger) o Collection of related fields  File (larger) o Collection of related records  Database (largest) o Collection of integrated and related files  Data entities, attributes and keys o Entity (students, clients, item information)  Generalised class of people, places, or things for which data is collected, stored, and maintained o Attribute (things about the entity)  Characteristic of an entity  For example, employee number or last name o Key (identifier – e.g. student ID)  Field in a record used to identify the record  Primary key  Uniquely identified the record  Foreign key  Critical in linking tables Page 6 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Relational Databases  In the relational model, all data elements are placed in two-dimensional tables or relations  As long as tables share at least one common element, those relations can be linked to produce useful information  Terms o Selecting (specific files)  Eliminating rows according to certain criteria o Projecting (to be what you want only)  Eliminating columns in a table o Joining (to process data into useful information)  Combining two or more tables Database Design and Creation  Field Types o Numeric field (cost of an item, postcode): contains numbers that can be used in making calculations o Alphanumeric (address): characters or numbes that will not be manipulated o Dates: can be sorted or even used in computations o Logical piece of data: contains items, such as “yes” or “no” o Computed field (calculate total sales): determined from other fields  Front-end applications o One that directly interacts with people or users (MS Access, SAS, Oracle)  Back-end applications o Interacts with other programs or applications (e.g. MIS, DSS, GDSS, Website Content) Page 7 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Datasets in Access and SAS  Understanding data o Field = columns  A basic fact is listed above each column (such as ‘First Name’) o Record = rows  A record is an entire row of information (e.g. Student Details) o Example table view in SAS  Relationships within data o A relationship is an association between filed within a database o Three most common types of relationships  One-to-one (1:1)  One student has one home address  One-to-many (1:N) & Many-to-one (N:1)  One student has many units  Many-to-many (M:N)  Many customers have many orders o Normalisation  Normalisation is the process of examining and arranging file data in a way that helps avoid problems when these files are used or modified later  The objective is to produce a set of tables that are in third normal form (3NF)  This reduced data redundancy in storage (excessive/repetitive columns or rows)  Why is there a need to normalise / the problems of storing data in one table:  Redundancy where the same data would be recorded many times in each row.  Update anomalies where a change in one row might not be affected in other rows that need to be updated.  Insert anomaly where it is impossible to record certain data until a transaction occurs.  Delete anomaly where deleting a row might delete the only reference to other important data. Page 8 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Joining Files  To be able to join filed you need to know the primary key of each file and be able to join using that primary key o A primary key can never be duplicated  It is unique  E.g. Student ID  Data sources o Internal  Specific to each organisation  Covers main divisions of an organisation  Accounting Info Sys – form the main part of data  Usually structured data o External  Commercial databases, internet, other sources o Personal  Employee expertise and knowledge for future use o Social Networking Sites  Usually unstructured data Data Preparation  Which data do we need? o Need to determine what actual variables we need to undertake the task  Where is it going to come from? o Is it all going to come from the one data set in SAS (or Excel etc) or do we have to join data sets to get the entire variable we need?  Need to be able to understand the structure of data to be able to use it o Need to think about what format each variable has and how that can assist us with our analysis o Go into a dataset in MS Access or SAS and right click on the column name to see the structure of each variable before you start working with the data o Are there other variables in a databases or data files we are unaware of that could be useful?  Need to get business and IT people together in an organisation to make best use of data o Need IT staff to provide you with a list and formats of all the variables in the data files you are interested in and an extract of the data so you can do some test analyses to see if this will produce the analysis you need (often called a data dictionary)  Need to consider how we are going to deal with anomalies in the data (cleaning the data) o We will discuss this further in the semester  How can we get data from a Data Warehouse to our modeling program in the format that we need it o Need to consider whether you can use your program (Access, Excel, SAS) to link directly to your database program and convert data into data sets, or o Whether you need to export data from a database and then import into your program Page 9 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  How does data become information? o We need to manipulate and massage data to become information and then subsequently knowledge o When you summarise data it is easier to compare between data sets and therefore it has become information o Knowledge is achieved when you analyse the information you have produced and make decisions on how ‘Sales Performance’, for example, could be improved in the future and what other information could be used to make the information more meaningful  Role of data in decision making o Once data has become information we can use it to make decisions about the organisation. o Whilst it is still in data format, it is too voluminous to assist with decision making unless the decision is just about one transaction  If you were given 30,000 lines of transaction data in a spreadsheet, where would you start? Page 10 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Lecture 3 – Resolving Data Issues Data Structures and Quality  Understanding variables and what they mean o Knowing whether you have had access to all the variables and not just some of them o Do you know how to access date (primary and foreign keys)? o Do you know how this data fits into overall organisational data (what is its relevance)?  Data quality issues o When transferring data from one program to another (i.e. from Excel to Access), you need to consider the following:  Uniformity. Data has transferred in the same manner for all the records in a file  Version. Ensure format of original data and variables has not changed when data was transformed  Completeness check. All records are transferred in the file  Conformity check. Does the data look right  Spot check. Trace some records back to their course file (e.g. 10 random records to see they have transferred correctly) Cleaning Data, Converting Data and Data Quality Issues  One of the first and most important steps in data analysis is to verify that your data values are correct, or conform to a set of rules o For example, a variable called Gender would be expected to have only 2 values (M or F)  You need to consider the variables and their values firstly to see they are appropriate for the data they contain o MS Access and SAS have a number of ways you can use to check for missing or inappropriate data (queries and data manipulation) o In MS Access, if you were looking for records that were incomplete (e.g. missing data), you can search for records with “Null” values o Another example: if you run query on a gender variable you would expect to see the output is only M for Male or F or Female. If you see other data entries (e.g. Z) then this data is inaccurate and must be cleaned o Further, you may note that some data is incorrect as it is “out of the ordinary”  This could be fraud or business intelligence  Example query to clean data o SELECT ORDER.CustName, ORDER.SalespName, ORDER.SalespName o FROM [ORDER] o WHERE (((ORDER.CustName)="Abernathy Construction") AND ((ORDER.SalespName) Is Null)); o This query is asking the database to find customers with the name ‘Abernathy Construction’ AND where there is no Salesperson’s name listed against this customer. Page 11 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Once you determine a missing value you need to think about what you are going to do with it o Are you going to enter the value you think it should be?  Can you guess it accurately? o Are you going to enter an average value for the field?  If not, what are the alternatives in dealing with the missing data (decision-making)? o Are you going to eliminate those rows from the data set?  Is the missing data important? Data Storage  Five types of data storage: 1. Data warehouses 2. Corporate portals 3. Business intelligence portals 4. Portable devices 5. The cloud Data Warehousing  For large amounts of data, data warehouses are the most  Goals of a data warehouse: o Must make an organisation’s information easily accessible o Must present an organisation’s information consistently o Must be adaptive and resilient to change o Must be a secure bastion (place, maintaining particular principles) that protects our information o Must serve as a foundation for improved decision making  Primary functions of a data warehouse o Direct reflection of organisation business rules o Collection point for integrated, subject-oriented strategic information o Historical store of strategic information o Source of information that is delivered to data marts o Source of stable data  Data storage – getting data into a data warehouse o Stages to move form operation data to data warehouse data  Extraction  Some data elements of operation data is useful to decision making  Others are not as valuable for this purpose  Need therefore to extract only useful data from an operation database before brining it into the DW  Ensures only valuable data forms part of DW (to create business intelligence)  Transformation (a process of dealing with inconsistencies)  Inconsistencies between operational databases leads to poor quality in DW  Multiple input sources to a DW mean this inconsistency is more likely to happen (this is the reason why SAP, PeopleSoft are such a nightmare!)  Different names given to same data field in different operational databases o Need to only input this field once to DW  Need also to ensure format of fields is consistent (text, numeric, date etc). Page 12 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Cleansing  Ensures better information quality  Key consideration in determining the value of the information  DW set up to improve quality of decisions, therefore need to ensure quality of DW input information  Cleansing involved making data as error free as possible o I.e. missing data, incorrect data, inconsistent data (difficult process)  Loading  Once prior steps are successfully performed then it is possible to load the new data into the DW databases  Loading implies physical movement of the data from the computers but this would have happened in the extraction  Can be a complete data load or just an updating of DW records  Summarisation  Summaries are created from loaded data to ensure that queries can be answered more easily (like reports from MS access)  Common queries can be answered from summary data, but ad-hoc queries will still need to be made, perhaps on an overnight basis  You can summarise sales data based on countries, sates, store locations, highest to lowest sales, age of business etc. o These are examples of summarisation  Data warehousing benefits o Increase in knowledge worker productivity o Supports all decision makers’ data requirements o Provides ready access to critical data o Insulates operation databases from ad hoc processing o Provides high-level summary information o Provides drill down capabilities Page 13 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Corporate Portals  Definition: a collection of technologies, software and infrastructure that work together to aggregate a selected subset of information into a central location  Employees can then access this central location to retrieve information that is relevant to their roles or business and personal requirements.  Corporate portals are usually structured around organisational roles.  An enterprise portal extends the corporate portal to include customers, vendors and other external parties.  Features of corporate portals o Consistent view of the organisation o Information organisation and search capabilities o Direct access to corporate knowledge and resources o Direct links to reports, analysis, queries o Direct links to relative data and knowledge experts o Individual identity and personalised access to content Business Intelligence Portals  Many business intelligence vendors are now producing BI portals for use by management within the organisation  These portals aim to provide boards and executive management with drillable business intelligence data applicable to their area of management  These portals are more specialised depending on the person or groups’ needs Portable Devices and Security  Data can be transferred to portable devices fairly easily including mobile phones, PDAs, iPads and other portable storage devices  A problem with these devices is that they may not have sufficient electronic or physical security to protect them  Many examples of large amounts of sensitive data being lost on portable devices The Cloud  Provides applications from a server that are executes and managed by a client’s web browser  Any computer or web-friendly device connected to the Internet may access the same pool of computing power, applications and files in a cloud-computing environment  Users remotely store and access personal files such as music, pictures, videos, and bookmarks; and use apps such as word processing on a remote server  Data is centrally stored, so the user does not need to carry a storage medium such as a DVD or thumb drive  Memory allocated to the client system's web browser is used to make the application data appear on the client system display, but all computations and changes are recorded by the server, and final results including files created or altered are permanently stored on the cloud servers  Performance of the cloud application is dependent upon the network access, speed and reliability as well as the processing speed of the client device Page 14 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  A service provider may pool the processing power of multiple remote computers in a cloud to achieve routine tasks such as backing up of large amounts of data, word processing or computationally intensive work  Consumers now routinely use data-intensive applications driven by cloud technology that may have been previously unavailable due to cost and deployment complexity  Private companies may also make use of their own customized cloud email servers for their employees  Fraud investigators may need to access a suspect’s cloud Page 15 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Lecture 4 – Data Mining, Web Intelligence and Performance Dashboards Data Structures and Quality  Data mining: The Process of selecting, exploring, modifying, modeling and assessing (SEMMA) large amounts of data to uncover previously unknown patterns that can be utilised as a business advantage  Data mining is the set of activities used to find new, hidden or unexpected patterns in data  Using information contained in the DW, DM can often provide answers to questions about an organisation that a decision maker has previously not thought to ask  Business questions o For data mining to be successful, it must be driven by an appropriate business question o Examples:  Which customers are most likely to fail in repaying their personal loan?  Which customers are most likely to take up an increase in credit card limit?  Which providers are most likely to claim fraudulent services on a health insurance company? o Without an appropriate business question, often the DM process goes off on a tangent and does not really answer the question. o It is no use modelling or data mining unless you have a clear focus on what you want to find out ie. Clearly structure the problem or issue you want to resolve. SEMMA Data Mining Process  Steps o Sample the data by creating one or more data tables o Explore the data by searching for anticipated relationships o Modify the data by creating, selecting and transforming the variables to focus the model selection process o Model the data by using the analytical tools to search for a combination of the data, which reliably predicts a desired outcome o Assess the data by evaluating the usefulness and reliability of the findings from the DM process  You do not always use all of these steps and you may have to repeat one or more of the steps before you are happy with the results.  The results of the process enable you to determine the answer to your original business question. The model would be reworked after the results of each use of the model are feed back into the model building process, that is, the model is iterative. Page 16 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Data Mining’s Growth in Popularity 1. One reason is that we keep getting more and more data and need tools to understand it 2. We also are aware that the human brain has trouble processing multidimensional data 3. A third reason is that machine-learning techniques are becoming more affordable and more refined at the same time Multidimensional and Relational OLAP  Data can be viewed across several dimensions  A fourth dimension could be added by using several graphs – perhaps at different time points  Most analyses have many more dimensions than this o MOLAP handles data as an n-dimensional hypercube  Here sales are arrayed by region and product 0.7 0.6 0.5 Sales 0.4 4 0.3 3 1 2 Product 2 1 Region 3 Techniques used to mine data Data-mining techniques tend to fall into four major categories: 1. Classification o The goal is to discover rules that define whether an item belongs to a particular subset or class of data o For example, if we are trying to determine which households will respond to a direct mail campaign, we will want rules that separate the “probables” from the “not probables” o These IF-THEN rules often are portrayed in a tree-like structure (see next page) Page 17 of 77 AYB341 – Financial Forensics and Business Intelligence Notes 2. Association o These techniques search all transactions from a system for patterns of occurrence o For example: A common method is market basket analysis, in which the set of products purchased by thousands of consumers are examined o Results are then portrayed as percentages; for example, “30% of the people that buy steaks also buy charcoal” o Provides excellent business intelligence 3. Sequencing o These methods are applied to time series data in an attempt to find hidden trends o If found, these can be useful predictors of future events o For example, customer groups that tend to purchase products tied-in with hit movies would be targeted with promotional campaigns timed to release dates 4. Clustering o Clustering techniques attempt to create partitions in the data according to some distance metric. o The clusters formed are data grouped together simply by their similarity to their neighbors. o By examining the characteristics of each cluster, it may be possible to establish rules for classification. o Not dissimilar to “Group by” in Access Data mining technologies  Decision Trees o These technologies are conceptually simple and have gained in popularity as better tree growing software was introduced o Because of the way they are used, they are perhaps better called “classification” trees o Example right Page 18 of 77 AYB341 – Financial Forensics and Business Intelligence Notes o Decision trees are beneficial in a number of ways:  Forces you to formally identify the actual decisions to be made  It is difficult to overlook an integral step in the decision process  Forces you to consider the sequence of decisions o Problems with decision trees:  A decision tree for a complex system with many sequences and combinations of conditions will be unwieldy  A large number of branches with many paths will ‘cloud’ the situation rather than make it clear  The analyst may not be able to determine which business policy or practice guides the formulation of specific decisions  Where these problems arise, decision tables provide a better alternative  New applications for data mining o As the technology matures, new applications emerge, especially in two new categories, text mining and web mining. o Some text mining examples are:  Distilling the meaning of a text  Accurate summarization of a text  Explication of the text theme structure  Clustering of texts  Examples: user documents, contents of an email. Uses UNSTRUCTURED DATA. Often used in fraud investigations, also used for BI  Limitations to Data Mining o Despite the potential power and value, data mining is still a new field. Some things that thus far have limited advancement are:  Identification of missing information – not all knowledge gets stored in a database.  Data noise and missing values – future systems need better ways to handle this.  Large databases and high dimensionality – future applications need ways to partition data into more manageable chunks Web Intelligence  Web mining is a special case of text mining where the mining occurs over a website  It enhances the website with intelligent behavior, such as suggesting related links or recommending new products  It allows you to unobtrusively learn the interests of the visitors and modify their user profiles in real time  They also allow you to match resources to the interests of the visitor  Examples: Social Networking sites, email, web pages Page 19 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Business Analytics  Business Analytics is another term for analysis of data  Business Analytics focuses on effective use of data and information to drive positive business actions. o Includes concepts of performance management, definition and delivery of business metrics, data visualization, and deployment and use of technology solutions such as OLAP, dashboards, scorecards, analytic applications, and data mining  Dashboard reporting o A performance dashboard is a multilayered application built on a business intelligence and data integration infrastructure that enables organisations to measure, monitor and manage business performance more effectively o Dashboard reporting is the best way for executives, business managers and knowledge workers to stay on top of all key performance indicators (KPIs) involved in day-to-day operations. o Humans work better with VISUAL information, not tens or hundreds of pages of written information! o Types of dashboards  Operational Dashboards – enable front line workers and supervisors to track core operational processes. o These dashboards tend to use diagnostic metrics to measure output of ongoing processes such as calls per hour. o They also compare this performance to recent history ie last week, last month, last year o Alerts may be triggered on certain events and may flash on screen to indicate the need for urgent attention. o Updated hourly, daily  Tactical Dashboards – help managers and analysts track and analyse departmental activities, processes and projects o Main benefit is self-service access to information by the user instead of having to rely on IT to create a custom report for them. o Allows business managers to use tactical dashboards to improve their understanding of the processes and activities for which they are accountable. o The dashboard allows measurement of performance against predefined goals, forecasts etc. o Updated daily or weekly  Strategic Dashboards – let executives and staff chart their progress toward achieving strategic objectives o These dashboards measure and evaluate performance against strategic objectives and goals set by key executives. o May deploy scorecards to every group at every level of the organisation o Aims to measure, monitor and manage an organisation’s strategy which is designed to support all stakeholders. o Updated monthly or quarterly  Each dashboard delivers functionality – monitoring, analysis and management but in different degrees Page 20 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Benefits of dashboard reporting o Better access to information  Easily bring disparate data together  Improve access to real-time line-of-business data  More complete information enables better decision-making  Personalized view of indicators that matter most to individual analysts and managers o Immediate interactive analysis  Improve end user satisfaction through integration with preferred, familiar applications such as Excel  Provide real-time visibility into corporate performance  Analyze business from your desktop using full Excel functionality and live data o Improved accuracy and relevance of data  Direct access to data—no need for copying or re-keying  More efficient teamwork through central data location  More consistent reports through easily accessible data  Designing a dashboard o You need to know what different user groups want from the dashboard and the data that is available to support this process o Aim is to build a robust performance dashboard that users will want to use o Need to see what they currently use to improve them at operational, tactical and strategic levels o Also need to consider power user requirements o It is important to keep the design of the dashboard simple  Although graphics and charts sell dashboards, the users want information that is useful to decision making  Display only critical metrics and information  If screen is too busy, may not be as useful to users  Customise it to different user levels  Allow users to personalise it  Pay attention to position and placement  Pay attention to colours o Data quality is an issue as it may provide wrong metrics to users Page 21 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Lecture 5 – Information Quality and ICT Governance Information Quality  Quality of information is important as decisions made using this information will affect organisational operations and strategy o Quality of information also impacts on customer service and marketing decisions related to customer information o Quality of information impacts on your ability to produce useful BI Information Governance ICT Governance is the strategic alignment of ICT with the business such that maximum business value is achieved through the development and maintenance of effective ICT control and accountability, performance management and risk management. – Webb, Pollard, & Ridley  Lack of adequate corporate IT governance is a major contributor to fraud because o There are inadequate controls in place (access) o Weak Security o No clear policy, rules or guidelines o Lack of communication o Lack of guidelines on ethics, moral responsibility o Inadequate risk management o Inadequate contingency planning  Need to decide within an organisation how data will be accessed by employees o Information Dictatorship: Will data be controlled with only a few having access? o Information Anarchy: Will data be available to everyone for all purposes from a data warehouse / corporate portal o Information Democracy: Will data be available to everyone for most purposes and only limited for data which is sensitive in nature  Problems with data overload can lead to fruitless data searches and poor governance o More than 52% of companies say “ineffective communication of policies and procedures regarding information management challenges remains a major roadblock to executing an information governance strategy effectively” Value of Information  Enterprises are moving from information dictatorships to information democracies as they realise each piece of information in the organisation has value to someone  Value is not related to data itself, but by how the organisations use it to assist with decision making  The value of data is not possessing it, but the use the organisation and its employees put the information to (e.g. BI and BA) Page 22 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Improving business efficiency can be achieved by allowing staff to have better access to information relating to their own department o This will assist in keeping employees informed and allow them to make better decisions using this information o There are also benefits in allowing other departments to access information as it allows the sharing of information across the organisation and allows each department to feel part of the overall enterprise o Extending data access to trading partners and external organisations may also be beneficial to the operational efficiency of the organisation Governance of ICT Systems  Need to consider the issues associated with ensuring: o Data is secure o Data is kept private o Data is used for the correct purposes o Data is stored long term in appropriate facilities o Data is not transferred to other departments etc. without permission of customer o Data is available to those that need it  Six principles of ICT governance to aid in overcoming ITG issues: o Principle 1: Establish clearly understood responsibilities for IT o Principle 2: Plan IT to best support the organization o Principle 3: Acquire IT validly (not pirated copies) o Principle 4: Ensure that IT performs well, whenever required (reliability/flexibility/performance) o Principle 5: Ensure IT conforms with formal rules o Principle 6: Ensure IT use respects human factors (needs) Page 23 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Model for corporate ITG  How to govern ICT o Directors should govern ICT through three main tasks:  Evaluate the use of ICT  Direct preparation and implementation of plans and policies  Monitor conformance to policies, and performance against the plans o Need to govern ICT systems to ensure that data is protected from internal and external intrusion and misuse o Five key focus areas of ICT governance  Risk management  Value delivery  Strategic alignment  IT resource management  Performance management  Governance focus (CobiT 4.1) o Control Objectives for Information and related Technology (COBIT)  Is regarded as the world’s leading IT governance and control framework  CobiT provides a reference model of IT processes typically found in an organisation Page 24 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Risk management o Identify the risks associated with storage of data and use of data on an enterprise wide basis o Identify the risks associated with use of data in an operational situation o Determine how to reduce or mitigate the risks associated with use of data by implementing better storage facilities, increasing security over data, training staff about privacy legislation o Monitor risks and regularly report on risks to a CEO/Board level  Value delivery o Need to try and gauge whether data/information in the organisation is delivering value o Need to consider the benefits/costs associated with turning data into information o Need organisation users to indicate the worth of information systems such as corporate portals or data warehouses to their operations via surveys, focus groups etc.  Strategic Alignment o Need to determine that data/information produced is aligned with the business objectives of the organisation. o No use producing analyses etc. that are of no use to users o Data should be collected and analysed to improve the business operations  IT Resource Management o IT Resource Management is about making sure that physical IT assets are kept maintained, and accounted for to ensure that data is not lost through system crashes, theft of equipment etc. o Need to also ensure the security of systems, machines, networks to protect data  Performance Measurement o Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting Regulatory Issues  Need to consider issues regarding privacy of data, intellectual property considerations, and any other laws affecting the use or transfer of data  The governance of information and who can access information is the key to ensuring privacy of information.  Need to consider the issues of globalisation and how data may be used all over the world where privacy laws etc. are different o E.g. Mobile devices o With the explosion of mobile device usage (laptops, smart phones), and growing popularity of The Cloud, organisations have to be aware and create policy for their use and the protection of data stored on them. Page 25 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Data Governance Issues  The risks o People leave their laptops in airports! o People leave their smart phones in taxis. o People have their mobile devices stolen. o People drop or damage their mobile devices. o Clouds have been breached! o If you were to have your smart phone or laptop stolen, what would be the implications for you? For your company?  Enterprise data transparency o The ideal is to encourage organisations to reach data transparency where all data is entered and stored centrally and is available to all parts of the organisation for use subject to any regulatory issues o This reduces redundancy of data issues and improves the quality of data and thus information o Data transparency will also assist with ensuring 360-degree view of customers and suppliers and their relationships with the organisation  Controlling data overload o The volume of data that organisations capture and store is rapidly increasing o Complexity of data is also increasing o Need to create data processes that extend across enterprise and governed by the enterprise o Need to ensure that data silos in particular divisions are not been created o Even e-business data can end up being a silo if you are not careful o Need to consider issues of globalisation of organisations and the impact on data (e.g. mobile devices) o Data overload can lead to lack of data quality  2006 Survey of Legal Developments in Data Management, Privacy and Information Security o Power & Trope (2006) in The Business Lawyer identify the following emerging risks in relation to IT and data governance o Laptops – careless handling of portable laptops create opportunities for the easy theft and misuse of data held on such devices  May 3 2006 – burglary of the home of a VA employee and the consequent theft of a computer and external hard drive containing personal information on 26 million veterans and active US military personnel highlight this concern  Solution – encrypt all data on portable devices o De-Perimeterization  Companies find that their reliance on security to protect sensitive data has been eroded  Issues as technology and business continue to align closer to an open internet-driven world it will be harder to protect business information  The risk of data loss and problems grows greater as “insider” categories keep expanding  E.g. Social Networking sites such as Facebook, MySpace, Twitter, LinkedIn, The Cloud Page 26 of 77 AYB341 – Financial Forensics and Business Intelligence Notes o Online social networking  Social networking is common among persons entering the workforce  These postings risk including sensitive data about the organisation that is obtainable only by employee  Mining of social networking data is now used extensively for:  Business Intelligence  Fraud Investigation  Ernst & Young Information Security Survey (2008) – 10 Key findings 1. Protecting reputation and brand has become a significant driver for information security 2. Despite economic pressures, organisations continue to invest in information security 3. International information security standards are gaining greater acceptance and adoption 4. Many organisations still struggle to achieve a strategic view of information security 5. Privacy is now a priority, but actions are falling short 6. People remain the weakest link for information security 7. Growing third party risks are not being addressed 8. Business Continuity is still bound to IT 9. Most organisations are unwilling to outsource key information security activities 10. Few companies hedge information security risks with cyber insurance  Many breaches still occurred in recent years, some of them very large o In March and April 2005 DSW disclosed theft of credit card, checking account and drivers license data stored on its computer networks at 108 stores  Personal data from 1,438,281 credit cards and 96,385 cheque accounts and drivers license numbers were stolen o Article about millions of records nearly lost in the USA  Summary of governance: “How far should we go, and is the cost justified by the benefit?” Page 27 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Lecture 6 – IT Governance, COBIT 4.1 & Control Measures Introduction  4 Domains of COBIT  Management questions o The domain of planning and organising answers these types of management questions:  Are IT and the business strategy aligned?  Is the enterprise achieving optimum use of its resources?  Does everyone in the organisation understand the IT objectives  Are IT risks understood and being managed?  Is the quality of IT systems appropriate for business needs? o Why is a clear IT strategy necessary?  Developing a clear IT strategic plan (both long-term and short-term) helps to define how IT supports the business objectives of the organisation.  It helps to find an optimum balance between IT opportunities (many) and business goals and objectives.  Takes into account risk, new ITs (eg. Cloud) and emerging problems  Therefore, with all of these types of considerations to take on board, COBIT helps an organisation to sort out the complex nature of INFORMATION SYSTEMS, identify the best ARCHITECTURE for the business, IDENTIFY and MANAGE RISK and assign RESPONSIBILITY, MANAGEMENT and PERFORMANCE indicators. Page 28 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Plan & Organize (PO1 – PO9)  PO1 Define a strategic IT plan o Focuses on incorporating IT and business management in the translation of business requirements into service offerings, and the development of strategies to deliver these services in a transparent and effective manner. o For this process to be effective, we need to see evidence that the controls (thus meeting the control objectives) are in place and that the process is carried out in a mature manner:  PO1.1: IT Value Management  PO1.2: Business-IT Alignment  PO1.3: Assessment of Current Capability and Performance  PO1.4: IT Strategic Plan  PO1.5: IT Tactical Plans  PO1.6: IT Portfolio Management  PO2 Define the information architecture o Focuses on the establishment of an enterprise data model that incorporates a data classification scheme to ensure the integrity and consistency of all data.  PO2.1: Enterprise Information Architecture Model  PO2.2: Enterprise Data Dictionary and Data Syntax Rules  PO2.3: Data classification scheme  PO2.4: Integrity Management o Part of long term planning processes o IT senior management in conjunction with the IT strategy committee define the vision of the organisation’s information architecture for the future o This vision will provide an overview of how all the corporate data model and associated information systems will be structured to form the overall organisational information architecture  PO3 Determine technological direction o Focuses on defining and implementing a technology infrastructure plan, architecture and standards that recognise and leverage technology opportunities. o Senior IT management in conjunction with the IT strategy committee must also determined the technological direction of the organisation. o This involves creating a plan of how new technologies can be included into the long-term business plans for the organisation o Includes:  PO3.1: Technological Direction Planning  PO3.2: Technology Infrastructure Plan  PO3.3: Monitor Future Trends and Regulations  PO3.4: Technology Standards  PO3.5: IT Architecture Board Page 29 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  PO4 Define the IT processes, organisation and relationships o Focuses on establishing transparent, flexible and responsive IT organisational structures and defining and implementing IT processes with owners, roles and responsibilities integrated into business and decision processes o The board must decide how the IT division will fit into the organisational structure  Who will the IT division report to and be monitored by?  How will they relate to other sections of the organisation?  Will they drive the strategies the organisation undertakes or will they support these strategies?  Will the IT division be staffed by innovative and creative staff? o For this process to be effective, we need to see evidence that the controls (thus meeting the control objectives) are in place and that the process is carried out in a mature manner:  PO4.1 IT Process Framework  PO4.2 IT Strategy Committee  PO4.3 IT Steering Committee  PO4.4 Organisational Placement of the IT Function  PO4.5 IT Organisational Structure  PO4.6 Establishment of Roles and Responsibilities  PO4.7 Responsibility for IT Quality Assurance  PO4.8 Responsibility for Risk, Security and Compliance  PO4.9 Data and System Ownership  PO4.10 Supervision  PO4.11 Segregation of Duties  PO4.12 IT Staffing  PO4.13 Key IT Personnel  PO4.14 Contracted Staff Policies and Procedures  PO4.15 Relationships  Planning is important o Planning ensures that IT does what the business needs to be done, not just what seems to ‘need’ to be done o Developing a clear IT strategic plan (both long-term and short-term) helps to define how IT supports the business objectives of the organisation o It helps to find an optimum balance between IT opportunities (many) and business goals and objectives  PO5 Manage the IT Investment o Focuses on controlling the annual IT operating expenditure and ensuring that the IT systems are providing value for the dollars invested in their operation. o Achieved by forecasting and allocating budgets, defining formal investment criteria, and measuring and assessing business value against forecast.  PO5.1: Financial management framework  PO5.2: Prioritisation within IT budget  PO5.3: IT Budgeting  PO5.4: Cost management  PO5.5: Benefit management Page 30 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  PO6 Communicate Management Aims and Direction o This process focuses on providing accurate, understandable and approved policies, procedures, guidelines and other documentation to stakeholders, embedded in an IT control framework o Executives are interested not only in disseminating policy but also seeing that policy has been implemented and monitoring compliance o It is achieved by defining an IT control framework, developing and rolling out IT policies, and enforcing those IT policies o Control objectives:  PO6.1: IT Policy and Control Environment  PO6.2: Enterprise IT Risk and Control Framework  PO6.3: IT Policies Management  PO6.4: Policy, Standard and Procedures Rollout  PO6.5: Communication of IT Objectives and Direction  PO7 Manage the Human Resources o The focus here is on hiring and training staff, clear career paths, assigning roles to match skills, a good performance review process, position descriptions, and being aware of dependency on key individuals. o The aim is to acquire competent and motivated people to create and deliver IT services. o This is achieved by reviewing staff performance, hiring and training IT personnel to support IT tactical plans, mitigating the risk of overdependence on key resources. o Control objectives:  PO7.1: Personnel Recruitment and Retention  PO7.2: Personnel Competencies  PO7.3: Staffing of Roles  PO7.4: Personnel Training  PO7.5: Dependence Upon Individuals  PO7.6: Personnel Clearance Procedures  PO7.7: Employee Job Performance Evaluation  PO7.8: Job Change and Termination  PO8 Human Resources and IT Strategic Planning o It is important to ensure the right people are employed in the organisation’s IT division in order to achieve the overall IT planning aims and objectives o In addition to having appropriately skilled staff it is also important to have sufficient numbers of qualified staff as a lack of resources can severely hamper IT development projects  PO8.1 Quality Management System  PO8.2 IT Standards and Quality Practices  PO8.3 Development and Acquisition Standards  PO8.4 Customer Focus  PO8.5 Continuous Improvement  PO8.6 Quality Measurement, Monitoring and Review Page 31 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Risks and IT strategic planning o This area of IT planning is about assessing the risks associated with the IT systems within the organisation o Every activity in a business engenders some risk o A business that does not take on risk does not move forward – remember the focus on ‘value’ and ‘risk’ o Risk requires a mature approach & a comprehensive understanding of ‘risk appetite’  PO9 Assess the Risks o Control objectives:  PO9.1: IT Risk Management Framework  PO9.2: Establishment of Risk Context  PO9.3: Event Identification  PO9.4: Risk Assessment  PO9.5: Risk Response  PO9.6: Maintenance and Monitoring of a Risk Action Plan o The assessment should identify the risks and how the organisation will deal with these risks cost effectively o An organisation needs to understand clearly its risks in relation to its IT systems and how the introduction of new technologies will affect the organisation’s risk profile o It is important that risk assessments occur at all levels of the organisation not just at the top level. Need to consider risk at an operational level o Fraud risk, security risk, continuity risk would all be important in the assessment process  Risk management in practice: fraud risk management o Despite an enormous focus on corporate governance and risk management over the past 20 years, corporate collapses still occur due to fraud o Two areas where fraud risk strategy can improve:  Look at controls & procedures from a fraudster’s viewpoint and ask whether they can be bypassed by a particular method of fraud  Assess fraud risk on the probability of an organisation resisting fraud attempts – “What is the likelihood of this method of fraud succeeding today if attempted either by an dishonest internal or external person?” Page 32 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Deliver & Support (DS2, DS4, DS6, DS11)  DS2 Manage Third-Party Services o Managing third party services is commonly referred to outsourcing of IT resources or processes o Cloud Computing is the most recent example o Outsourcing of processes tends to relate to payroll, IT processes such as networking, hardware etc o Many businesses have had poor experiences with this approach, at least partly due to poor governance processes around the management of the outsourced IT function o Control objectives:  DS2.1 Identification of All Supplier Relationships  DS2.2 Supplier Relationship Management  DS2.3 Supplier Risk Management  DS2.4 Supplier Performance Monitoring  DS4 Ensure Continuous Service o Continuous service is often referred to as continuity planning o The aim is to ensure minimal business impact in the event of an IT service interruption o This is achieved by developing and maintaining (improving) IT contingency, training on and testing IT contingency plans, and storing copies of contingency plans and data at offsite locations (hot and cold sites) o Control objectives:  DS4.1 IT Continuity Framework  DS4.2 IT Continuity Plans  DS4.3 Critical IT Resources  DS4.4 Maintenance of the IT Continuity Plan  DS4.5 Testing of the IT Continuity Plan  DS4.6 IT Continuity Plan Training  DS4.7 Distribution of the IT Continuity Plan  DS4.8 IT Services Recovery and Resumption  DS4.9 Offsite Backup Storage  DS4.10 Post-resumption Review o Do we need contingency in Australia? Business continuity  The Australian, September 9 2008:  20% of businesses had to invoke their disaster-recovery (DR) plan due to computer system failures during the past year  Internationally, this is 33%  Virtualisation of servers means DR planning is even more critical  Government Finance Review, December 2007:  Training is a crucial part of preparing for disaster recovery Page 33 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  DS6 Identify and Allocate Costs o This area of planning is about identifying the costs associated with operational and capital acquisition of IT resources ensuring they are appropriately allocated to the areas of the business where they are being used. o DS6.1 Definition of Services o DS6.2 IT Accounting o DS6.3 Cost Modelling and Charging o DS6.4 Cost Model Maintenance  DS11 Manage Data o This is about identifying data requirements. It’s the establishment of effective procedures to manage the media library, backup and recovery of data, and proper disposal of media. Ensures quality, timeliness & availability of business data. o Control objectives:  DS11.1: Business Requirements for Data Management  DS11.2: Storage and Retention Arrangements  DS11.3: Media Library Management System  DS11.4: Disposal  DS11.5: Backup and Restoration  DS11.6: Security Requirements for Data Management o Online business risk evaluation  Protection of IP (Intellectual Property)  Copyright theft  Identity theft  Brand theft  Downtime  Hackers and crackers  Malware, Virus, Worms, Trojans  Contract issues with customers/suppliers  Illegal downloads (music/video/pictures/content) Monitor and Evaluate (ME1, ME2, ME3, ME4)  IT resources need to be regularly assessed over time for their quality and compliance with controls requirements  ME1 Monitor and Evaluate IT Performance o This process includes defining relevant performance indicators, systematic and timely reporting of performance, and prompt acting upon deviations. o Effective IT performance management requires a monitoring process, which includes:  Monitoring approach  Definition and Collection of Monitoring Data  Monitoring Method  Performance Assessment  Board and Executive Reporting  Remedial Actions Page 34 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  ME2 Monitor and Evaluate Internal Control o This process includes the monitoring and reporting of control exceptions, results of self- assessments and third-party reviews. Includes compliance with applicable laws and regulations eg. medical industry, online trading, copyright. o Includes:  Monitoring of Internal Control Framework  Supervisory Review  Control Exceptions  Control Self-assessment  Assurance of Internal Control  Internal Control at Third Parties  Remedial Actions  ME3 Ensure Compliance with External Requirements o A review process to ensure compliance with laws, regulations and contractual requirements. Includes identifying compliance requirements, optimising and evaluating the response, obtaining assurance that requirements have been compiled with. o The effective oversight of compliance requires the establishment of a review process and includes:  ME3.1: Identification of external Legal, Regulatory and Contractual Compliance Requirements.  ME3.2: Optimisation of Response to External Requirements  ME3.3: Evaluation of Compliance with External Requirements  ME3.4: Positive Assurance of Compliance  ME3.5: Integrated Reporting  ME4 Provide IT Governance o This is about establishing an effective governance framework that includes defining organisational structures, processes, leadership, roles and responsibilities to ensure IT investments are aligned with corporate strategies and objectives. o This includes:  ME4.1: Establishment of an IT Governance Framework  ME4.2: Strategic Alignment  ME4.3: Value Delivery  ME4.4: Resource Management  ME4.5: Risk Management  ME4.6: Performance Measurement  ME4.7: Independent Assurance Page 35 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Summary  Consider o Opportunities to commit fraud o Data availability o Identifying risks (all risks) o Contingency planning (in the event that an identified risk/threat should eventuate Page 36 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Lecture 7 – Forensic Accounting Forensics and Forensic Investigation  Forensic accounting or forensics is defined as: “Provides an analysis that is suitable to the court which will form the basis for discussion, debate and ultimately dispute resolution”  Forensic investigation refers to the utilisation of specialised investigative skills in carrying out an inquiry conducted in such a manner that the outcome will have application to a court of law o A forensic investigation may be grounded in accounting, computing etc. o Forensics is focused on the evidence of economic transactions and reporting and the legal framework that allows such evidence to be suitable for establishing accountability and or valuation o A forensic investigation may be undertaken for many different types of reasons Goals of Forensic Investigation  Conduct a structured investigation  Preserve and secure electronic data  Obtain all data potentially relevant to the reason you have been appointed  Minimise cost and business disruption  Obtain relevant information  Document every step  Product an expert report for litigation purposes Forensic Analysis  There is more to forensic analysis than fraud Page 37 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Australian forensic accounting services – embedded within the CA/CPA Australia that this study identified differs to the US model , as described by the AICPA (figure 1) . Specialised Forensic Services Forensic Accountant : Forensic Accountant: Personal Attribute s Knowledge-Base Personal Expert Injury Witness  Interpersonal Calculations Services  Written Communication  Analytical Business  CriticalThinking  Inquisitive Litigation & Family  Technical Accounting skills  Intelligent/Intuitive Dispute Law  Attention to Detail  Engaging/Confident Advisory CPA/CA  Auditing/Industry  Resilient Core Experience Skills Corporate  Common Sense Business Misconduct  Diagnostic  Measured/Calm Intelligence  ConceptualThinking  Methodical & Business  Technology Skills  Collegiality Analytics Fraud, Business  Legal Knowledge  Flexibility Detection &  Interview/Investigations  Integrity Valuation  Financial/Numeracy skills Risk  Commercial/Business Management Advisory Optional Specialised Certification (CFE/CFF etc) Figure 2: The Australian Forensic Accountant – Services, Skills and Attributes  What does forensic analysis entail? o Forensics covers the following key areas of analysis and is still growing:  Dispute resolution (commercial litigation, personal injury, family law, valuation)  Fraud prevention and detection/investigation or Fraud Risk Management  Computer Forensics  Data Analysis, data conversion, data recovery, BI, BA  Electronic discovery, analytical insights  Criminal Defence Dispute Resolution  Commercial Disputes o Commercial disputes. When they arise, forensic analysis is used to provide independent expert advice in financial, auditing and accounting matters by analysing complex financial data to accurately quantify damages and provide expert opinions. o This may include actions such as  Breach of contract, class actions  Business interruption disputes  Shareholder and valuation disputes  Competition and pricing disputes Page 38 of 77 AYB341 – Financial Forensics and Business Intelligence Notes  Post-acquisition disputes  Defamation actions  Employment disputes  Intellectual property infringements and royalty disputes  Loss of profits  Quantification of economic loss of an action  Trade practices.  Identification of financial and accounting issues relating to loss or damage  Reconstruction of financial statements to ensure clarity of accounting issues in the dispute  Clearly communicating findings through expert accounting reports  Family Law o Forensic analyses help lawyers to advise their clients on the financial aspects of their case in the lead-up to the trial or during settlement negotiations. This may involve appointment as either consultants or expert witness for one party, or as a single expert witness acting on behalf of both parties to the proceedings. o Family law solutions include:  Asset tracing and financial investigations involving convoluted company and trust structures  Critiques of reports prepared by other experts  Data recovery and retrieval  Forensic analysis of all forms of electronic storage media in the course of legal discovery  Investigations and advice on complex financial matters  Taxation advice in relation to the financial aspects of a valuation or of proposed settlement terms  Valuation of businesses and other financial interests  Insurance o Independent and objective quantification of loss or damage from an insurance perspective o Insurance dispute solutions for all types of claims including:  Aviation, marine and transport  Business interruption and loss of profits  Industrial special risks  Motor accident  Product liability  Professional indemnity  Public liability  Workplace accidents  Valuations o Valuation advice and expert opinion on  Business acquisitions & divestments  Minority interest valuations  Restructuring  Shareholder & partnership disputes  Succession planning  Valuation of companies and businesses  Valuation of executive options  Valuation of shares and other interests Page 39 of 77 AYB341 – Financial Forensics and Business Intelligence Notes Fraud Detection, Prevention and Management  Fraud detection may centre on the following: o Financial statement fraud o Allegations of corruption and conflicts of interest o Occupational fraud and misconduct by directors, management and employees o Theft of intellectual property or market sensitive information o Breaches of Corporations law and ASX disclosure guidelines o Malicious emails and communications o Inside trading o Tracing funds and or assets  There is a growing link between fraudulent behaviour by directors, managers and employees and an organisation’s control environment o If problems with internal controls are not identified and fixed, then likelihood of fraud is greater  Fraud can severely damage an organisation’s profitability and also its reputation  Especially a problem for Not for Profit organisations who rely on donations for income  Fraud prevention o This may also include fraud awareness training for employees, management and directors o Fraud risk assessments may also be performed by forensic analysts o Fraud controls strategies must also be developed and communicated to organisational staff  Forensics staff may assist with this Computer Forensics  One aspect of forensic accounting  Identification, collection and forensic analysis of electronic data from a wide range of electronic sources  One technique is to identify, acquire, authenticate, analyse, document and produce information from electronic resources that may be used in court (e.g. data warehouse)  Sources of data may be email servers, file servers, backup tapes/devices, desktop and notebook computers, PDA’s, mobile phones, portable storage devices (USBs etc.)  Sources of information may be emails, financial records, documents, spreadsheets, databases, presentations, images and activity/transaction logs (including key loggers)  Problem is that computer data is fragile and complex but must be preserved and authenticated  Computer forensics focuses on data found by common tools and also the additional data found by encase and other computer forensic tools that identifies deleted, renamed, hidden and difficult to locate information (see video on pho
More Less
Unlock Document

Only pages 1,2,3,4 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.