CHAPTER 5
Emerging Issues in Forensic Accounting
Executive Summary
Existence and persistence of high-profile financial statement fraud (FSF) can be detrimental to the integrity and soundness of the financial markets and adversely affect the quality and reliability of public financial information. Forensic accountants are well-trained and equipped to detect FSF, and thus contribute to the improvement in quality and reliability of financial reports. This chapter presents emerging issues and challenges in fraud investigation, including revenue recognition, fair value estimation, collusion and conspiracy, bribery and money laundering, and cyberattacks.
Introduction
Forensic accounting has advanced as a rewarding and exiting profession with a focus on fraud and nonfraud investigation. The area of fraud investigation has made significant progress in the past decade. However, there are still many opportunities and challenges in forensic accounting as presented in this chapter. Forensic accounting job opportunities have increased sustainability. Technological advances enable forensic accountants to use Big Data and data analytics in performing digital forensics. Challenges presented in this chapter are forensic accountants’ practices in areas of proper revenue recognition, fair value estimation, bribery, money laundering, Ponzi schemes, collusion, and cybercrimes.
Fraud Investigation Challenges
This section presents many challenges associated with fraud investigation dimension of forensic accounting practices.
Forensic Accountants and Revenue Recognition
Revenue manipulation is the most common type of fraud, even though it can be very costly because of litigation, restatements, unfavorable audit reports, increased audit fees, negative market reactions, and investigations and sanctions by SEC. Any recorded revenues that do not meet the following three criteria can be alleged as fraudulent and fictitious:
1. The recorded revenues do not meet the definition of revenue as defined in Financial Accounting Standards Board (FASB) Concepts Statement 3 as “actual or expected cash inflows (or the equivalent) that have occurred or will eventually occur as a result of the enterprise’s ongoing major or central operations during the period.”1
2. They are not measurable and/or cannot be reliably measured.
3. They are not verifiable or cannot be easily verified.
In summary, firms have incentives to manipulate revenues, even though the cost of revenue manipulation may be high. Knowing the characteristics of firms that will take the chance of getting caught is important as investors, auditors, and regulators determine the riskiness attached to particular types of firms. Looking specifically at revenues and the attempts by managers to increase earnings through revenue manipulations contributes to earnings management findings by looking at the costliest form of earnings management and the characteristics of firms that are willing to suffer the high costs of this type of manipulation. These costs include litigation by shareholders, investigation and sanctions by the SEC, restatements, unfavorable audit reports with increased audit fees, and negative market reactions. In summary, empirical evidence from lawsuits, SEC enforcement actions, restatements, and audit fees show that revenue manipulations can be the costliest form of earnings management, which leads to the importance of determining the characteristics of firms that are willing to take the risks of these significant costs by manipulating revenues. The high costs associated with these firms increase the importance of these characteristics to auditors, regulators, and investors so that they can more easily determine the firms that may be tempted to increase earnings through revenue manipulations.
There are several methods of engaging in fictitious revenues. The most common method is to use fake or phantom customers in recoding fictitious revenue. The second method is to use legitimate customers and intentionally alter or inflate invoices reflecting higher amounts or quantities than actually sold. Forensic accountants can assist public companies to detect and prevent improper revenue recognition.
Fair Value Estimation
The goal of fair value accounting is to enable companies to choose whether or not to invest by showing not what the asset cost in the past, but what it would cost to buy today. The subprime scandals of 2008 can be attributed to many factors, including the improper application of fair value estimates by the real estate appraising industry. The conflicting interest between real estate appraisal firms and real estate brokerage firms provided incentives and opportunities for the appraisals to provide fair value estimates above and beyond reasonable and realistic fair value to get financing needs to close the deal. Banks had all the incentives and opportunities to get the highest fair value estimates to provide subprime loans to customers and then sell the mortgages to mortgage buyers such as Freddie Mac and Fannie Mae, quasi-government corporations established to buy up mortgages from banks. The other factor is banks’ securitization vehicles of variable interest entities (VIESs) or special-purpose entities (SPEs). The appropriate tone set at the top by management regarding corporate culture within which financial reports are produced is vital to the integrity of financial reporting process. When the tone set at the top is lax, fraudulent financial reporting is more likely to occur and cannot be prevented.
The Financial Accounting Standards Board (FASB) has recently promoted the implementation of fair value principles, with no set definition for fair value. SFAS 157 defined fair value as the exchange price in an orderly transaction between market participants to sell an asset or transfer a liability in the market in which the reporting entity would transact for the asset or liability.2 The focus is on the exit price, which is the price that would be received to sell the asset or paid to transfer the liability. SFAS 157 did not require any new fair value measurements but did provide guidance for determining the fair values of assets and liabilities and required the disclosure of information about the following: (1) the use of fair value to measure assets and the extent to which companies measure assets and liabilities at fair value; (2) the information used to measure fair value; and (3) the effect that fair value measurements have on earnings.
SFAS 157 also established a three-tiered framework for measuring fair value and dictated that the fair value of all assets and liabilities be disclosed into one of the following categories on the basis of inputs. It does, however, provide the methods for developing it. According to Financial Accounting Statement 157, information relating to the development of fair value is classified into three tiers. Level 1 inputs include prices for identical assets selling in active markets. Examples of Level 1 inputs include “US government and agency securities, foreign government debt, listed equities, and money market securities.”3 Level 2 inputs are defined as observable information on similar assets that are actively trading. Some types of Level 2 inputs are “corporate bonds (investment grade, high yield), mortgage-backed securities, bank loans, loan commitments, less liquid listed equities, municipal bonds, and certain over-the-counter derivatives.”4 Level 3 inputs are unobservable information that has been either calculated or estimated and should have the least bearing on defining the fair value of the asset. The use of the fair value method for asset valuation is an attempt by the SEC and FASB to increase the transparency and relevance of accounting information. Forensic accountants should use accounting and auditing guidelines in estimating fair values of assets and liabilities in performing valuation and economic dispute services.
Collusion and Conspiracy
Fraud often occurs because of collusion among fraudsters. Collusion can occur between executives and the board of directors and other corporate gatekeepers to mislead investors. Forensic accountants can be hired to discover collusions and conspiracy that cause fraudulent activities. Forensic accountants should ask very detailed questions to figure out whether a hint of wrongdoing is present. These questions are particularly addressed to finance and accounting-related sections of the company. The reason for this is the day-to-day responsibilities and ultimate preparation of financial data is left with these sections, and the CEO and CFO simply must approve the statements. If forensic accountants decide that the answers to the questions are suspicious, the team should discuss the issues with the board and other members of the management, especially executives.5 Forensic accountants can use red flags to detect collusion. Common red flags include errant payments, change in behavioral patterns, and drastic changes in financial statement accounts. Collusion can also be conveyed by whistle-blowing, auditing, and electronic systems.
Money Laundering
Money laundering can be defined as obtaining money from illegal activity but passing it off as having been obtained from sources of legal and legitimate business transactions. Money laundering is the means by which criminals, as a necessity, disguise the origin of their money so that they may avoid the risk of prosecution. Whoever transports, transmits, or transfers a monetary instrument or funds from a place in the United States to or through a place outside the United States or to a place in the United States from or through a place outside the United States as follows:
1. with the intent to promote the carrying on of specified unlawful activity; or
2. knowing that the monetary instrument or funds involved in the transportation, transmission, or transfer represent the proceeds of some form of unlawful activity and knowing that such transportation, transmission, or transfer is designed in whole or in part; and
3. to conceal or disguise the nature, the location, the source, the ownership, or the control of the proceeds of specified unlawful activity.6
To accomplish the above-mentioned, money laundering usually falls into the three stages of placement, layering, and integration. Placement occurs when unlawfully obtained money is put into financial institutions. Layering occurs when layers of complex transactions are used to separate the unlawfully obtained money from their origin. Integration occurs when legitimate transactions are used to disguise unlawfully obtained money as legitimately obtained money.7
To combat these stages, anti-money laundering efforts such as Suspicious Activity Reports (SARs) and Form 8300 have been put into place. SARs require financial institutions to fill out a form that brings to the IRS’ attention deposits that may be irregular, or seem to intentionally avoid crossing the $10,000 threshold that would require Form 8300. Form 8300 requires that deposits of $10,000 and above be reported to the IRS. Money laundering has a corrosive effect on a country’s economy, government, and social well-being. The practice distorts business decisions, increases the risk of bank failures, takes control of economic policy away from the government, harms a country’s reputation, and exposes its people to drug trafficking, smuggling, and other criminal activity.8
The National Money Laundering Strategy was published by the U.S. Department of the Treasury, in 2000, which dictates the required government actions upon those committing money laundering.9 These actions include identifying the seven high-risk areas, known as High-Risk Money Laundering and Financial Crimes Areas (HIFCAs), a local grant program to fund the pursuance of fraud cases in this schema.10 A crime map is present in the financial crimes enforcement network website. The seven regional areas of high risk are California northern district, California southern district, the Southwest border, Chicago, New York, Puerto Rico, and South Florida. Each region lists specific counties or cities that have swaths of money laundering. In the Northern California district, San Francisco, Santa Cruz, and Napa are a few locations to monitor. Outside of the area map, the bill itself lists several ways to develop a framework to combat fraud. A creation of support program in high crime areas, interconnect between federal, state, and local law enforcement, and administration of grants to assist in operations are main components of the bill.11 Forensic accountants are well-trained and have skill sets necessary to investigate money laundering.
The Foreign Corrupt Practices Act (FCPA) of 1977 discussed in previous chapters made it illegal for U.S. companies to bribe foreign official and political parties for the purpose of advancing their business. The FCPA regulates all business conducted in the U.S. markets, regarding of country of origin. Unlike other cases of fraudulent behavior, both the public and the government feel it is necessary for companies to take direct responsibility for the occurrence of bribery. Forensic accountants can be employed to assess compliance with provisions of the FCPA in detecting and preventing corporate bribery.
In detecting bribery, risk assessment procedures, and forensic accountants can identify risk factors that may constitute the presence of bribery and fraudulent behavior. These factors include previous findings, internal control weaknesses, timing differences, geographic location, and management policies. The list of factors can be found in the source attached here.12 After concluding that fraud may be present, substantive procedures are performed to address these risk factors. The accountant must design a strategy that can be used to change the nature and extent of further investigation. Tests are then conducted to find out specifics about detected bribery. These tests include examination of contracts, transactions, and fees; FCPA compliance; and contributions. After, the procedures have been completed, the material needs to be prepared for court. Forensic accountants use quantitative methods to measure that impact and usability of trial evidence in litigation. The forensic accounting practice is gaining in popularity due to auditor’s not being able to satisfy the demand of investors and stakeholders. This has created an expectation gap that allows the growth of sophisticated fields, such as forensic accounting.13
Ponzi Schemes
Ponzi schemes, according to the Association of Certified Fraud Examiners (ACFE), is an illegal activity that use new investors’ money to satisfy older investor’s desires.14 “Ponzi” schemes promise high financial returns or dividends not available through traditional investments. Instead of investing the funds of victims, the con artist pays “dividends” to initial investors using the funds of subsequent investors. The scheme generally falls apart when the operator flees with all the proceeds or when a sufficient number of new investors cannot be found to allow the continued payment of “dividends.” This type of fraud is named after its creator Charles Ponzi of Boston, Massachusetts. In the early 1900s, Ponzi launched a scheme that guaranteed investors a 50-percent return on their investment in postal coupons. Although he was able to pay his initial backers, the scheme dissolved when he was unable to pay later investors (FBI).15
The best-known example of a Ponzi scheme was Bernie Madoff, a stockbroker who committed the largest Ponzi scheme in ever, estimated at a value of approximately $65 billion. Forensic accountants can assist in providing an early signal of Ponzi schemes and other fraudulent activities. Ponzi schemes are enforced by the Federal Trade Commission (FTC) and the SEC. Forensic accountants identify red flags in Ponzi schemes. The red flags include pressure tactics, little to no segregation of duties, and vows of high return and low risk. Red flags are used during investigations to alert forensic accountants to potential fraud.
Fraud and Information Technology
Organizations of different types and size invest in information technology (IT) and related resources to meet their goals and objectives. The ever-increasing use of IT and block-chain platforms and computers in data processing and the application of various enterprise systems have had significant effects on business processes and internal controls and financial reporting processes. The potential IT failure and associated business risk may cause organizations to misjudge or overlook the risk of material misstatement if they do not understand IT systems and their potentials and challenges.
Block-chain technology brings smart contracts, smarter supply chains, and the end of identity fraud. Smart contracts create “if/then” contracts between a buyer and seller. This results in one step of the selling process not being fulfilled until another step has been verified. An example of this would be purchasing an item on eBay, and having the money withdrawn from your account, but held in limbo until the item in question has been marked shipped. Then the money is released to the seller. This removes risk for the buyer in not receiving a product (service) and losing their money as well as removing risk for the seller of not getting paid after delivering a product (rendering a service).16
When looking at supply chains, companies can fight fraud by verifying every part of the process. For example, a diamond can be tracked from its place of origin to every hand that touches it along the way, along with serial numbers, photos, details, and documents of authenticity. As it pertains to fraud, block-chain can serve as a third-party mediator of sorts that can work in any interaction imaginable. Because a constantly reconciled ledger exists that is only updated when verified by all parties, an essential part of the fraud triangle is severely hampered—opportunity.17 Forensic accountants should use IT platforms in performing fraud and nonfraud services.
Advancements in technology require the adoption of new skill sets by forensic accountants. Digital forensics, which includes subcategories of computer and network forensics, is an area forensic accountants work in. Digital forensics involves the use of software to analyze computer evidence. Accountants must decide what evidence is beneficial, how to protect the evidence, and how not to violate an individual’s right to due process, or the Fourth Amendment of the United States Constitution. Laboratories are often used to analyze evidence and conduct substantive procedures. The evidence is used during litigation proceedings to assist to jury decisions. The rise of the Internet has led to the investigation of crimes such as intellectual property usage, child pornography, and terrorism.18 An example of digital forensics being used to aid in capture of a criminal is the Craigslist killer, Philip Markoff. The killer hired a masseuse, Julissa Brisman, and killer her. He died in his jail cell. The police department assigned to the case tracked his IP address through Craigslist to identify him. The department also navigated his e-mail exchange between him and the masseuse. Another example of digital forensic being used to catch a criminal is Dr. Conrad Murray. He was the doctor for Michael Jackson, who died from an overdose of the drug Propofol. The forensic team investigated Dr. Murray’s computer and found evidence of lethal amounts of prescriptions given to Michael Jackson. This resulted in 2 years and prison and forfeiture of his medical license.19
Digital forensics has seen many advances in the past 10 years. Several universities have developed curricula to teaching students the changing accounting field. West Virginia has a computer forensics program funded by Microsoft that teaches knowledge pertinent to law enforcement. The program is designed to protect against technology attacks.20 La Salle University offers a certificate in fraud and forensic accounting. The courses required include fraud examination, occupational fraud, and cyber fraud, to name a few. Lastly, Stevenson University offers a Master’s in Forensic Accounting with classes in mock trial, investigation, business valuation, and IT.
Cyberattacks and Cybercrime
A growing incident of cyber-hacking and cybersecurity breaches of information systems (e.g., Sony, Targets, JPMorgan Chase, Home Depot, and Equifax) threats sustainability of many firms and cost the U.S. economy more than $100 billion annually.21 The Equifax cyber breach is considered as the largest data breaches in history and expected to affect nearly half of the population in the United States (about 143 million Americans).22 Hackers were able to hack Equifax system, one of the three major consumer credit agencies, between May and July 2017 because of the weak points in its website software.23 These initiatives and guidelines suggest that board risk oversight function, managerial strategies, and adequate IT investment and cybersecurity infrastructure could ensure the integrity of IT systems and effectiveness of cyber-infrastructure in dealing with potential cyberattacks and cybersecurity breaches. Prior research addresses several research issues of the link between IT governance, board risk oversight and managerial risk strategies, and risk management and informed risk-taking. On one hand, IT governance, board risk oversight, and managerial risk strategies can improve risk assessment and management, thus reducing cyberattacks. The International Standards Organization (ISO) 31000 defines risk as an uncertainty that has an effect on objectives. Thus, the effective board risk oversight and managerial risk strategies are expected to improve cyberattacks risk management, reducing cyber-hacking incidents that benefit the firm and its stakeholders.
Managerial risk strategies and practices can effectively reduce the incidents of cyberattacks. However, recent centralization of operations and information system Internet-based technologies to improve cost efficiency and effectiveness across supply chain creates security risks and high exposure to and dependency on the Internet that provide opportunities for cyber hackers to engage in rewarding cyberattacks. Centralization across organization functions requires the use of sophisticated operations technology (OT) and IT with related network infrastructure to connect geographically diverse functions. Thus, managerial risk strategies pertaining to both OT and IT securities and controls are become increasingly important under centralized system to prevent hackers to penetrate the system and engage in costly cyberattacks. However, many OT and IT security programs are old, underdeveloped, and outdated that give incentives and opportunities to cyber attacker to perpetrate these programs and engage in costly cyber-hacking activities. Managerial risk strategies and programs are initially designed to identify the emerging cyber-hackings or information security threats and implement risk assessment and internal control procedures to immediately respond to such hackings and security breaches. Any outdated and underdeveloped OT and IT can provide incentives and opportunities to cyber attackers to perpetrate business systems and programs and cause costly cyber-hacking activities.
Given the importance of the cybersecurity and IT risks, it is likely that corporate board either already has a director who is well-versed in IT and data security or is looking for one to help better understand the company’s IT risk profile. The Information Security Booklet of the Federal Financial Institutions Examination Council (FFIEC) suggests several cybersecurity oversight and management activities including the following: (1) existence of a risk compliance board committee or executive position such as chief information officer (CIO); (2) implementation and management of the information security and business continuity programs by the designated executive or board committee; (3) annual report to the board of directors or designated board committee by management on the overall status of the business continuity programs and information security; and (4) the existence of budgeting process for information security investments and related expenses and annual review and approval by the board of directors.24
Implemented OT and IT security programs are designed to identify security threats and cyberattacking information and assess their risk and related internal controls to effectively respond to any security breaches and hackings. Any risk associated with cyberattacks should be effectively and timely assessed, and proper information security strategies should be designed and implemented to combat cyberattacks. Establishing tone at the top of effective oversight by the board of directors and management strategies is vital in combatting cyberattacks. The board can oversee managerial risk strategies and practices and obtain an understanding of risks inherent in managerial strategies for risk appetite and access timely information on risk appetite, risk response strategies, and effective risk assessment and management. Forensic accountants can assist the board of directors and management in their proper risk assessment and management.
Fraud risk assessment is the process of using a framework to identify risks that can lead to fraud. Organizations such as COSO have released models that aid in assessing and managing fraud risk. Fraud risk assessment contains three main elements: inherent risk, assess inherent risk, and response to inherent and residual risk. Identifying inherent risk surveys the fraud triangle (incentives, pressures, opportunities) specific to the organization and its connection to fraud schemes and internal control. Second, assess the chance of fraud occurring from observation of data and business processes. Interviews of staff and management occur during this phase. Lastly, an appropriate response to the assessed risk should be chosen after analysis is done. The analysis weighs cost and benefit of implementing corrective controls to the apparent risks. All the above-mentioned elements should appear within a fraud risk assessment framework. This framework is designed by the organization and can include categories such as identified risks, effectiveness of controls, response, and impact. The risk assessment is often done across departments to fill out an entire portfolio view of the business and maintain full integration with business processes.25
Fraud risk assessment processes include the following steps:
Step 1. Identify your business processes
The possibility for fraud starts with business processes. In order to properly assess fraud risk, processes must be identified.
Step 2. Consider differences in those processes in foreign operations, as well as among subsidiaries or decentralized divisions
Step 3. Identify the “Process Owner” for each of the identified processes
Step 4. Review fraud experience within the company and by process
Step 5. Process Owners identify how fraud may occur in each process at each location using Fraud Brainstorming Techniques
Step 6. Identify the Parties who have the ability to commit the potential fraud
Step 7. Process Owners evaluate the likelihood that each of the identified frauds could occur
Step 8. Determine the level of mitigation so as to prevent, detect, and deter fraud
Step 9. Investigate the characteristics of potential fraud manifestations within each process identified
Step 10. Quantify Fraud Risk
Despite being clearly outlined, fraud risk assessment has its pitfalls. Approximately 25 percent of companies still use the 1992 framework or have not revealed which framework they have followed. As a result, the SEC has issued the statement saying, “The longer [corporate] issuers continue to use the 1992 framework, the more likely they are to receive questions from the [SEC] staff about whether the issuer’s use of the 1992 framework satisfies the SEC’s requirement to use a suitable, recognized framework.”26 Some organizations underestimate the time and effort required to properly plan for a fraud risk assessmen (FRA)t. Companies should be weary of not planning ahead to allow for an adequate amount of time and should ensure that relevant stakeholders are involved in the FRA process. Companies often invest a significant amount of time identifying controls for relevant fraud schemes, without noticing that those schemes are of minor impact to the organization even if they occur repeatedly. Companies should note that FRA is not a one-shot item. The landscape is constantly evolving and they must reassess to keep up. Insufficient documentation may make it difficult for a company to show to regulators or auditors that they have adequately met the requirements of the 2013 COSO framework.27
Ever-increasing incidents of cyberattacks are devastating to business organizations’ operations, governance, financial reporting, and audit processes. Cyberattacks at companies such as Sony, Targets, Yahoo, JPMorgan Chase, Uber, Home Depot, Equifax, Facebook threaten their business sustainability. Regulatory initiatives and guidelines are being developed in assisting public companies and their directors and officers to understand, identify, assess, and manage risks of corporate cybersecurity. For example, the Securities and Exchange Commission (SEC) established several initiatives of guidelines on cybersecurity disclosures, enforcement actions against several public companies for cyber-related hacking, and an investigatory report concerning internal control failures relevant to cyberattacks.28 The growing cyberattacks create opportunities for forensic accountants to assist business organizations in assessing their cybersecurity risks and design proper internal controls to prevent, detect, and correct cyberattacks. Forensic accountants can also engage in damage controls and appropriate disclosure of cyberattacks.
Conclusion
Forensic accounting has made significant progress in the past decades and will continue to add value in many aspects of business, particularly in the areas of fraud and nonfraud investigation. This chapter presents challenges and opportunities in providing fraud investigation. Forensic accounting is a rewarding and exciting career with many opportunities for advancements as discussed in this chapter. Forensic accountants should turn challenges into job opportunities in providing fraud and nonfraud investigation services.
Action Items
1. Forensic accounting career is rewarding and exiting with superb job opportunities.
2. Forensic accounting challenges are significant in the areas of fraud investigation.
3. Demand for and interest in fraud and nonfraud forensic accounting investigation services are expected to continue.
4. Forensic accountants should turn the challenges into job opportunities in fraud investigation services.
1. Financial Accounting Standards Board (FASB). 1980. Status of Concepts Statements No.3. https://www.fasb.org/status/statpg-con3.shtml
2. Financial Accounting Standards Board (FASB). 2006. Statement of Financial Accounting Standards No. 157: Fair Value Measurements (September, 2006). https://www.fasb.org/summary/stsum157.shtml
3. Statement of Financial Accounting Standards No. 157. Financial Accounting Standards Board. 2006.
4. Ibid.
5. G.D. Moore, and S.R. Mark. April, 2016. “Fraud, Collusion and the Financial Statements-A Refresher for Practicing Professionals,” Journal of Global Business Management 12, no. 1. http://www.jgbm.org/page/16%20Gail%20D%20Moore.pdf
6. Federal Deposit Insurance Corporation (FDIC). 2009. Bank Secrecy Act and Anti-Money Laundering. https://www.fdic.gov/regulations/examinations/bsa/index.html
7. J. McDowell, and G. Novis. 2001. The Consequences of Money Laundering and Financial Crime. https://www.hsdl.org/?view&did=3549, (accessed July 18, 2018).
8. Ibid.
9. US Department of the Treasury. January 1, 2001. Guidance on Enhanced Scrutiny for Transactions That May Involve the Proceeds of Foreign Official Corruption. https://www.treasury.gov/press-center/press-releases/Pages/guidance.aspx
10. HSDL. March 2, 2000. The National Money Laundering Strategy for 2000. https://www.hsdl.org/?view&did=439771
11. Congress. 1998. H.R. 1756—Money Laundering and Financial Crimes Strategy Act of 1998. https://www.congress.gov/bill/105th-congress/house-bill/1756
12. Ibid.
13. Ibid.
14. ACFE. n.d. Ponzi Schemes. http://www.acfe.com/ponzi-schemes.aspx
15. FBI. n.d. Scams and Safety. http://www.fbi.gov/scams-safety/fraud
16. Forbes. 2018. 3 Ways Blockchain Can Help Combat Fraud. https://www.forbes.com/sites/danielnewman/2018/04/17/3-ways-blockchain-can-help-combat-fraud/#4f46c76a92a4
17. Ibid.
18. M.A. Crain, W.S. Hopwood, C. Pacini, and G.R. Young. 2015. Essentials of Forensic Accounting (New York, NY: AICPA).
19. Rasmussen College. 2018. Cracking Cases with Digital Forensics. https://www.rasmussen.edu/degrees/justice-studies/blog/cracking-cases-with-digital-forensics/, (accessed September 18, 2018).
20. West Virginia. 2018. Computer Forensics. https://graduateadmissions.wvu.edu/academics/graduate-programs/computer-forensics-gc
21. Center for Strategic and International Studies (CSIS). July 7, 2013. The Economic Impact of Cyber Crime and Cyber Espionage. Available at https://www.csis.org/analysis/economic-impact-cybercrime
22. L.J. SternbergJ. September 14, 2017. “Surviving the Equifax Data Breach,” AICPA Insights. http://blog.aicpa.org/2017/09/[email protected]&cm_mmc=AICPA:CheetahMail-_-NewsUpdate-_-SEP17-_-AICPANewsUpdate_A17SP136_IMTA#sthash.JuRiR7ZH.dpbs
23. Ibid.
24. Federal Financial Institutions Examination Council (FFIEC). June, 2015. IT Examination Hand Book InfoBase.http://ithandbook.ffiec.gov/it-booklets/information-security.aspx; https://www.ffiec.gov/cyberassessmenttool.htm
25. AICPA. n.d. Managing the Business Risk of Fraud: A Practical Guide. https://www.aicpa.org/forthepublic/auditcommitteeeffectiveness/auditcommitteebrief/downloadabledocuments/managing_the_business_risk_of_fraud.pdf, (accessed September 18, 2018).
26. Deloitte. 2015. Fraud Risk Assessments and COSO’s 2013 Internal Control Framework: Opportunities and Common Pitfalls. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/finance/us-fas-fra-coso-article.pdf, (accessed July 19, 2018).
27. Ibid.
28. Securities and Exchange Commission (SEC). (2018). Commission Statement and Guidance on Public Company Cybersecurity Disclosures. Release Nos. 33-1059; 34-82746, February 26, 2018. https://www.sec.gov/rules/interp/2018/33-10459.pdf