Data‐driven auditing: A predictive modeling approach to fraud detection and classification
| Published date | 01 July 2019 |
| Author | T. C. Edwin Cheng,Nitin Singh,Kee‐hung Lai,Markus Vejvar |
| DOI | http://doi.org/10.1002/jcaf.22389 |
| Date | 01 July 2019 |
BLIND PEER REVIEW
Data-driven auditing: A predictive modeling approach to fraud
detection and classification
Nitin Singh
1
| Kee-hung Lai
2
| Markus Vejvar
2
| T. C. Edwin Cheng
2
1
Department of Operations Management,
India Institute of Management Kashipur,
India
2
Department of Logistics and Maritime
Studies, Faculty of Business, The Hong
Kong Polytechnic University, Hung Hom,
Kowloon, Hong Kong
Correspondence
Kee-hung Lai, Faculty of Business, The
Hong Kong Polytechnic University, Hung
Hom, Kowloon, Hong Kong, People's
Republic of China.
Email: mike.lai@polyu.edu.hk
Abstract
This article develops and empirically tests a predictive model for audit of fraud
detection with practical applications for audit operations. By analyzing real-life
accounting data, the proposed model can identify anomalous transactions and
directly focus on exceptions for further investigation in real time, thus offering a
significant reduction in manual intervention and processing time in audit opera-
tions. Our approach is a highly desirable supplement to the existing rule-based
models, given the growing use of information technology for analytics in auditing.
The proposed approach is based on classification. Following the tenets of the prin-
cipal agency theory, we discuss how our approach can help to reduce monitoring
and contracting costs, disincentivize fraud, improve auditor efficiency and indepen-
dence, and increase audit quality. We contribute to the current literature by dis-
cussing the implications of data-driven audit on the moderating role of auditors in
principal-agent relationships and providing practical insights into the operational
aspects of financial reporting and auditing, modeling of fraud-detection classifica-
tion models, and benefits, barriers, and enablers of implementing data driven audit
in companies.
KEYWORDS
accounting, business analytics, data driven audit, fraud detection
1|INTRODUCTION
Let us first state the purpose and role of audits. Audits are
ways to detect fraudulent behavior within organizations, and
the importance of deploying proper auditing techniques and
tools has significantly increased over the last few years due
to a rise in fraud (e.g., asset misappropriation, corruption, or
financial statement fraud). Association of Certified Fraud
Examiners (ACFE) maintains that corporate fraud has
become a major issue worldwide and is rapidly increasing in
both scale and scope (ACFE, 2016). This is the case for the
auditor's opinion on the annual financial statements, only if
fraud causes accounting numbers not to be found reliable.
However, fraud committed by employees is detected but in
the context of the financial numbers of the company it is not
material, the auditor will still provide a clean opinion on the
financial statements. He/she might make a reference to the
system of internal control. While technological break-
throughs in information technology and data analytics open
up new methods to detect fraud, issues like audit efficiency,
data driven audit and the operational aspects of a data driven
audit process have a potential to be discussed more in the lit-
erature, particularly when it comes to practical applications
with real-life data.
The two critical mechanisms to improve audit efficiency
are technological interventions and audit analytics. Audits
serve the basic purpose of reinforcing trust in financial infor-
mation. An actor is motivated by being monitored if the
benefits exceed the related costs when delegating decision-
making power to one party. Furthermore, audit services are
Received: 27 September 2018 Revised: 2 April 2019 Accepted: 3 April 2019
DOI: 10.1002/jcaf.22389
64 © 2019 Wiley Periodicals, Inc. wileyonlinelibrary.com/journal/jcaf J Corp Acct Fin. 2019;30:64–82.
required to reduce information risk for financial statement
recipients. As management is exposed to liability, the ability
to shift the financial responsibility of the reported data to an
auditor reduces the expected losses from litigation and settle-
ments to various stakeholders (Wallace, 1980). Hayes,
Dassen, Schilder, and Wallage (2005) discussed four theo-
ries of auditing, namely the policeman, lending credibility,
inspired confidence, and agency theories. In this regard, the
agency theory is an insightful and powerful theoretical lens
to better understand and analyze audits and audit processes,
as it is most relevant for analyzing situations of information
asymmetry. The typical relationship in the agency theory is
that between a principal (owner) and an agent (manager), in
which the former hires the latter and gives them the authority
to manage decisions. Agents engage in an employment con-
tract with principals who are less/not actively involved in the
company operations, thus trading their management exper-
tise and skills for financial compensation. There is the likeli-
hood of conflicts of interest caused by the separation of
ownership (principal) and control (manager; Eisenhardt,
1989). Both parties are assumed to be inherently self-interest
seeking, and the agency theory postulates that the principals
are unable to perfectly observe the behavior of their agents
(Davis, 1991; Jensen & Meckling, 1976). The agents then
become less interested in protecting the assets of the princi-
pals and lose efficiency in their work at the expense of their
principal. Therefore, it is suggested that in view of informa-
tion asymmetry and self-interest seeking behaviors, the prin-
cipals have little reason to trust their agents.
The principals then attempt to address these issues by
using mechanisms so that the interests of both the principals
and agents parallel and minimize the capacity for informa-
tion asymmetry and self-interest in their relationship. Thus,
audits are placed within this principal-agent relationship as a
mechanism to counter the mistrust, but auditors themselves
are also inherently agents too. Therefore, this arrangement
raises concerns of their objectivity, thus constituting the
need to find other approaches or mechanisms that would
align the interests of the principals and agents involved;
i.e., shareholders (principals), managers/directors (agents),
and auditors (agents). Contractual clauses (e.g., incentives or
penalties [Fama & Jensen, 1983; Gibbons, 2005]) are there-
fore necessary to align interests, and produces the need for
external auditing services for independent assurance and to
govern the conduct of corporate management (Baiman,
1990; Cohen, Krishnamoorthy, & Wright, 2002). While tra-
ditional auditing usually performs this role, the surge in cor-
porate fraud and asset thefts has gradually increased the
importance of forensic auditing techniques (Carnes &
Gierlasinski, 2001). Consequently, the ACFE
1
was
established in 1992, and while forensic auditing is still in its
infancy compared to the more traditional auditing methods
(Carnes & Gierlasinski, 2001), technological progress and
gradual increasing demand for forensic auditing skills drive
the further development of the field (Bierstaker, Brody, &
Pacini, 2006; Roberts & Whited, 2012). In this regard, a data
driven approach in auditing is a viable way to achieve more
efficiency and increase objectivity of the process. Forensic
auditing is a small subpart of the general audit literature and
also has a very specific purpose. The articles that we refer in
the literature relate to audit, specifically on external auditing.
External audit refers to the audit of financial statements
whereby the external auditor provides an opinion as to
whether the financial statements provide a true and fair view
in accordance with IFRS Standards (Europe) or represent the
situation in a faithful way according to US GAAP (United
States). This type of external or “traditional”audit is not
equal or synonyms to forensic auditing and the focus of the
former is on whether or not the accounting numbers repre-
sent the underlying economic situation in a faithful way. A
forensic audit has the purpose to detect fraud and can be exe-
cuted in the frame of a general external audit. This is the
case only for all US listed companies that need to comply
with Sarbanes-Oxley. For all other companies, being the
large majority of companies in the world, forensic audits are
more likely to be conducted on a regular basis by the man-
agement or the internal control or audit function in a com-
pany to detect fraud committed by top managers as well as
by employees.
The accounting and audit failure at Enron and WorldCom
in the early 2000s witnessed substantial shareholder value
adversely affected due to fraud and loss. As a consequence,
the question remained whether more efficient audit opera-
tions would have prevented such massive economic damage.
While these incidents have aroused increasing practical and
academic interest in finding ways to identify and prevent
management fraud (Benston & Hartgraves, 2002; Shen,
Tong, & Deng, 2007), a comparably small part of the litera-
ture focuses on the operational aspects of the fraud detection
process; or, more specifically, what differentiates a “good”
fraud detection process from a “bad”fraud detection process
(Bonchi, Giannotti, Mainetto, & Pedreschi, 1999; Kirkos,
Spathis, & Manolopoulos, 2007). The implementation of
fraud detection systems opens up a multitude of operational
problems: Based on which criteria should transactions be
flagged as fraudulent? How could loopholes that allow
fraudulent exploitation be detected and closed? How can
principals ensure that their fraud detection systems are
appropriate and efficient? And how would these systems be
implemented without compromising the efficiency of other
operations?
In this regard, an important research stream discusses the
role of audits in fraud detection and prevention (Francis,
2004) with particular attention on the role of audit quality
SINGH ET AL.65
To continue reading
Request your trial