Treat any audit as a combination of science and art, rather than totally rely on standardised checklists and set procedures, advises Chetan Dalal.
In his ‘Novel and Conventional Methods of Audit, Investigation and Fraud Detection’ (www.cchindia.co.in). Since checklists can at times nurture closed minds, the author recommends customisation of checklists to audit situations.
“This can be accomplished by examining checklists for relevance, completeness and correctness of all the questions built in. In simple words, does the checklist ensure that all questions posed are relevant, and whether all the right questions have been asked.”
Relevance and completeness are important because audit environments are dynamic and therefore what may have been relevant a few years ago may be redundant today, Dalal explains. He, therefore, calls for viewing audit as a creative process, and for considering the findings both microscopically and macroscopically. “Audit procedures must be suitably extended or modified to highlight illogical trends, patterns or mismatches of facts or other red flags latent or glaring in given situations.”
Among the many methods discussed in the book is TTT or tiger team test. This uses decoys, as in governance and war, to carry out penetration tests in any system to test its robustness and resilience as well as compliance with prescribed corporate guidelines, the author elaborates.
Tiger team tests are similar to ethical hacking, except that they cover a much larger domain, including tests of physical security, and accounting controls, he adds. “They include deliberate acts of ‘ethical’ stealing, financial manipulations, bribing, and attempting other methods of wrongdoing, with prior management consent, to evaluate the strength of the preventive control environment and identify any potential vulnerabilities and risks.”
For the auditors’ shelf.