Order Now
Uncategorized

Auditing, Authentication, And System Analysis And Design

12 min read
Posted on 
April 23rd, 2025
Home Uncategorized Auditing, Authentication, And System Analysis And Design

Fraud Detection in Auditing

Auditors are required to enter expanded arena of the procedures for detecting fraud. Auditors are required to gather information for identifying risks associated with material misstatement owing to fraud and assess the risks after analysing the company’s controls and programmes. Further, the auditors are required to overcome the natural tendencies like overreliance on the representation made by the client and approach the audit procedures with questioning mind and sceptical attitude (Donelson, McInnis and Mergenthaler 2016).

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

 In the given case, it is determined that management of the company Heavy Earth-Moving Vehicles Resales do not comply with the policy made by its Head office that requires that the sealed bids shall be used for selling obsolete vehicles. Though the management assured that negotiating with the knowledgeable buyers led to better sales price, in most of the cases it is found that the vehicles were sold to the employees at significantly low value as compared to the market (Louwers et al. 2015).  

a. List of the fraud symptoms 

  • The company was not following established policy that required using sealed bids systems for selling obsolete vehicles. Under the sealed bids system bids are not disclosed to the competitors. Under this system, the sales are more transparent as compared to open sales.
  • Vigorous justification provided by the management regarding un-following the established policy. The management must adhere to the established policies by the company. Where any violation takes place the management shall provide valid proof of the reasons why it is being violated (Brazel and Schmidt 2018)
  • Repairing the vehicles before selling the assets as salvage

b. Audit procedures required to be followed

  • The auditor shall have reviewed all the documentation related to sales that will help in identifying the purchaser of the vehicles and at what prices. It will further help in comparing buyers with the list of the company employees.
  • Sales register and associated documents should have been checked for determining that the company received the fair values from the sales of vehicles. Comparisons can be done with the help of comparing the ‘blue book’ with the sales price and sales proceeds received from sealed bids. Further, actual values of the vehicles and their appraised values shall be checked (Public Company Accounting Oversight Board (PCAOB) 2016).
  • Reviewing the maintenance records for the salvaged vehicles and must look for the recent changes that may indicate that the vehicles are repaired before they were sold.
  • Asks the management to provide valid proof for not adhering to the established policy. As the management told that they got better prices through selling to the knowledgeable buyers, proof shall be there that shows the comparison of prices through sealed bids and to knowledgeable buyers (DeZoort and Harrison 2018).  

a. Types of authentication

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Three factor authentications (3FA) is use of the identity that confirms the credentials from 3 different categories for authentication factors including inherence, possession and knowledge. Authentication is the 1st step while accessing control and 3 common factors those are used for authentication are – (i) something that is known by the person accessing control like password (ii) something that the person accessing control has like smart card and (iii) something the person accessing control is like biometric method or fingerprint.

Identification takes place while the user acknowledges the identity like providing username and authentication takes place while the user proves the identity (Singh, Agrawal and Khan 2018). Users are authenticated upon providing both username as well as the password. After that the rights, privileges and permissions are granted to the users on the basis of the proven identity. Multifactor authentication provides security as the attackers is unlikely to steal or fake 3 elements included under 3FA as these are more secure for logging in. However, the 3 factor authentication is generally used in government and business agencies requiring higher security degree.

  • Something that is known by the person accessing control – Knowledge factor is most common factor that includes pin (personal identification number) or passwords. However, this method is the easiest one to beat. While using the passwords it is crucial to use the strong one. Strong password generally is the mixture of lower case, upper case, special characters and numbers (Kiran, Mohapatra and Swamy 2015).
  • Something that the person accessing control has – possession is referred to the items like hand-held tokens or smart card. Smart card comes in the size of credit card that has embedded certificate that can be used for identifying the holder. Card can be inserted by the user into the reader for authentication of the individual.
  • Something the person accessing control is – It is also called as inherence factors. Whereas the biometric system provides “Something you are”factor, some of the biometric systems use fingerprints, iris or retinal scans, hand geometry, voice analysis and handwriting for authentication. Handprints and fingerprints are most commonly used methods among all (Yin et al. 2016).

b. Advantages and disadvantages of various authentication systems

“Something you know” –

Advantages –

  • It is easy to use as the operating system provides the user with the user accounts and the password, no additional configuration is required.
  • Application is universal as no special hardware is required for applying password
  • It is recoverable as the user can cancel and create new credentials if required.

Disadvantages –

  • Security is completely based on the password strength and confidentiality
  • It does not offer strong check for identity and based on the password only.
  • Likelihood is there that the user may forget the password and keep on guessing
  • It is not verifiable who is actually providing credentials
  • Compromise may not be noticed immediately (Song et al. 2016).

“Something you have” –

Advantages –

  • This is more secure as compared to those using the encryption technology
  • It is adaptable as the smart card reader can be plugged into the machines through USB supported machine that can be operated seamlessly with the inventory and sales software. It also allows easier tracking of time for the customer purchases. Further, the card can be linked with the customer database for carrying out research on the customer’s purchase and figuring out which items are in demand.
  • It is easy to use as the operating system provides the user with the user accounts and the password, no additional configuration is required (Kuballa et al. 2016).
  • It is recoverable as the user can cancel and new credentials can be re-issued, if required.
  • If the card is stolen or lost that can be noticed quickly.

Disadvantages –

  • It may require the special hardware for reading the card. For instance, if the card is not USB token then card reader will be required for reading the card.  
  • It is not verifiable who is actually providing credentials
  • As the card stores large amount of the sensitive information, if it is lost or stolen security issues will be there
  • Cost involvement is high as the smart card readers are somewhat costly.

“Something you are” –

Advantages –

  • It provides strong proof regarding who is providing the credentials
  • This type of authentication is almost impossible to copy or mimic
  • Medium used for this type of authentication cannot be forgotten, stolen or lost

Disadvantages –

  • Cost involvement is high as the smart card readers are somewhat costly
  • Requires special hardware and hence are not applicable universally
  • It may create threat to the privacy. For example, scan of retina may reveal the conditions of health
  • It is user resistance. For instance, some persons may object in using the fingerprints or particular cultural group may decline to face recognition (Gage et al. 2016).
  • It may lead to false rejection owing to change in the biometric character. For instance, fingerprint may not be matched if there is a cut in the finger or voice may not be recognised if the person has cold.
  • If biometric template is anyway compromised, it will not be possible to reissue it. For instance, a person cannot be assigned new voice or fingerprint.

As per the given case study the security officers at local government offices file out the paper forms for processing the reports regarding the range of security violations. However, they have no experience or very little experience regarding the usage of computers. Local governments decided to implement the relational database systems which is capable of processing large amount of the data for giving the officers required information for identifying targeted perpetrators of the violations (Arasu et al. 2016).

a. System analysis and design problems

  • The officers were not properly trained on new system to their satisfaction level. Further, they were not comfortable in using the system as they did not understand the way to use the system. Training is required for any kind of new system implementation as it involves various changes like business process, job responsibilities and utilization of technological devices. In absence of proper training the project may get delays, lower the effectiveness of the system, increase the manual process, increase the project costs and loss of the ability for maintaining the software (Hughes 2015).
  • Approval from the supervisors was complicated and it involved multiple screens. Time consumption in approval system will lead to delay of the sequential jobs and delays in the project accomplishment. Apparently, officers were not satisfied as they were not getting what they were asking from the new system. For instance, they required to open multiple screens while going through the approval process.

b. Steps that should be taken for improving system performance and the user acceptance

  • If before implementing the system the department involved the officers in the early planning, design and analysis stage it could have helped the system analysts to identify their preferences, designing new system and providing constructive feedback regarding the new system (Colombo and Ferrari 2014).
  • The department shall increase competence of information system group. As they had a good team but lacked in training aspects for managing the project to its magnitude, proper training shall be provided to the officers so that they can be well versed with the new system. Further the people with correct experience and skills can be recruited for using the systems successfully (Elmasri and Navathe 2016).
  • Training for all the professional starting from the entry level developers to the senior managers shall be provided.
  • The system shall be sent to field for at least 6 weeks for documenting the user’s problems and issues.
  • Instituted design sessions for joint application with the teams including users, technical staffs and management shall be conducted
  • Existing officers shall be used for providing training in the same field that will made huge difference to the new employees (Krishnamurthy et al. 2014)
  • Approval system shall be simple so that officers can get the approval in less time interval in case the approval is required in urgent basis.

References

Arasu, A., Babcock, B., Babu, S., Cieslewicz, J., Datar, M., Ito, K., Motwani, R., Srivastava, U. and Widom, J., 2016. Stream: The stanford data stream management system. In Data Stream Management (pp. 317-336). Springer, Berlin, Heidelberg.

Brazel, J.F. and Schmidt, J.J., 2018. Do Auditors and Audit Committees Lower Fraud Risk by Constraining Inconsistencies between Financial and Nonfinancial Measures?. Auditing: A Journal of Practice and Theory.

Colombo, P. and Ferrari, E., 2014. Enforcement of purpose based access control within relational database management systems. IEEE Transactions on Knowledge and Data Engineering, 26(11), pp.2703-2716.

DeZoort, F.T. and Harrison, P.D., 2018. Understanding auditors’ sense of responsibility for detecting fraud within organizations. Journal of Business Ethics, 149(4), pp.857-874.

Donelson, D.C., McInnis, J. and Mergenthaler, R.D., 2016. The effect of governance reforms on financial reporting fraud. Journal of Law, Finance, and Accounting, 1(2), pp.235-274.

Elmasri, R. and Navathe, S., 2016. Fundamentals of database systems. London: Pearson.

Gage, J., Slak, A. and Ting, D.M., Imprivata Inc, 2016. Device-agnostic user authentication. U.S. Patent 9,246,902.

Hughes, B., Oracle International Corp, 2015. Temporal relational database management system. U.S. Patent 9,015,107.

Kiran, S., Mohapatra, A. and Swamy, R., 2015, August. Experiences in performance testing of web applications with Unified Authentication platform using Jmeter. In Technology Management and Emerging Technologies (ISTMET), 2015 International Symposium on (pp. 74-78). IEEE.

Krishnamurthy, S., Thombre, N., Conway, N., Li, W.H. and Hoyer, M., Cisco Technology Inc, 2014. Addition and processing of continuous SQL queries in a streaming relational database management system. U.S. Patent 8,812,487.

Kuballa, T., Brunner, T.S., Thongpanchang, T., Walch, S.G. and Lachenmeier, D.W., 2018. Application of NMR for authentication of honey, beer and spices. Current Opinion in Food Science, 19, pp.57-62.

Louwers, T.J., Ramsay, R.J., Sinason, D.H., Strawser, J.R. and Thibodeau, J.C., 2015. Auditing & assurance services. McGraw-Hill Education.

Public Company Accounting Oversight Board (PCAOB), 2016. Consideration of Fraud in a Financial Statement Audit. AS 2401.

Singh, N., Agrawal, A. and Khan, R.A., 2018. Voice Biometric: A Technology for Voice Based Authentication. Adv. Sci, 10, pp.1-6.

Song, C., Wang, A., Ren, K. and Xu, W., 2016, April. Eyeveri: A secure and usable approach for smartphone user authentication. In Computer Communications, IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on (pp. 1-9). IEEE.

Yin, D.B.M., Kamal, M.I., Azmanuddin, N.S., Ali, S.H.S., Othman, A.T. and Wan-Chik, R.Z., 2016, January. Electronic Door Access Control using MyAccess Two-Factor Authentication Scheme featuring Near-Field Communication and Eigenface-based Face Recognition using Principal Component Analysis. In IMCOM (pp. 1-1).

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now