SIRC OF ICAI

IS GLAD TO ANNOUNCE - TWO DAYS INTENSIVE WORKSHOP ON FORENSIC AUDIT & FRAUD DETECTION

(conducted by THE CORPORATE GOVERNANCE COMMITTEE)

HOST : BANGALORE CANTONMENT CPE CHAPTER OF SIRC OF ICAI

PROGRAM DETAILS :

VENUE : HOTEL CHANCERY PAVILION, RESIDENCY ROAD, BANGALORE – 1.

DATE & DAY : Tuesday the 2nd & Wednesday the 3rd FEBRUARY 2010.

TIMINGS : MORNING 9.30 AM TO 5.30 PM

Fees : Rs.15,000 (per participant) – Cheques to be drawn in favour of “ Secretary, SIRC of ICAI”.

Group Discounts are available on request.

CPE : 12 hours CPE CREDIT

Title: Workshop on Fraud Detection, Investigation and Prevention

Introduction:

This course combines fraud accounting with digital forensics and explains to the participants the nature of financial fraud, how to detect fraudulent activities, and most importantly how to investigate any type of financial fraud. It also explores the various possible avenues of computer-based investigations. The training focuses on audit techniques, fraud detection techniques, accounting and law,practically auditing and investigation of frauds, collection of evidence/documentation which can stand the test of legal scrutiny and write succinct, factual reports.

It is power-packed with case studies designed to give participants a clear idea of real-world frauds and how investigative techniques can be deployed to nail the fraudsters and determine the extent and exact nature of the fraud. The course has been designed by two of the leading experts in this field – Mr. Chetan Dalal who brings unparalleled expertise in the domain of financial fraud investigation and Mr. K. K. Mookhey who is one of the leading computer forensic experts. Also, Mr. V. C. Mishra a leading handwriting analysis and document forgery expert will conduct a session on his area of expertise.

Specific Objectives :

·  Understanding nature of fraud and fraudster

·  Purpose of Investigation

·  How to Detect Large Value Frauds

·  Evidence Collection Techniques

·  Forensic Auditing Techniques

·  Computer-based Forensics

·  Data Analytics for Fraud Detection and Investigation

·  Evidence Presentation

·  Report Writing and Articulation

Who should attend:

·  CXOs

·  Chief Internal Auditors

·  Heads of Internal Audit

·  Chief Security Officers

·  Heads of Risk Management

·  Heads of Legal Department

·  Heads of Regulatory Compliance

·  Heads of Legal

·  In-house Legal Counsel

·  Accountants

·  Internal, External Auditors

Day One :


Session 1: Introduction to Financial Frauds

·  Nature of corporate fraud

·  Statistics on fraud

·  Techniques and psychology of a fraudster

Session 2: Identifying the Red-Flags of Fraud

·  Tools and Techniques to Identify Fraudulent Activities

·  Fraud Perpetrated for the Benefit of the Individual

·  Fraud Perpetrated for the Benefit of the Company

·  Fraud Perpetrated for the Benefit of a Third Party

·  Fraud Perpetrated for the Benefit of Key Shareholders

·  Fraud Perpetrated through Override of Existing Controls

·  Fraud Perpetrated through Absence of Proper Accounting Documentation

Session 3: Fraud Auditing Creative Techniques

·  Case Studies of Fraud Investigations

·  Auditing Techniques

·  Auditing method 1- “Tiger Team Test”

·  Auditing method 2- “Application of Benford’s Theorem”

·  Auditing method 3- “Use of Barium test”

·  Auditing method 4- “ Use of Birbal tricks and traps”

·  Auditing method 5- “Application of inverse logic”

·  Auditing method 6- “Use of Space-time dimension in data evaluation”

Exercises & Case Studies
Day Two
Session 1: Overview of the Nature and Purpose of Forensic Interviews

·  The Nature and Purpose of Forensic Interviews

·  The difference between Interviews and Interrogations

·  Types of Witnesses

·  The Environment of the Interview Room

·  The Use of Video and Audio Recording

Session 2: Handwriting Analysis & Document Forgery

Session 3: Digital Forensics – Overview & Introduction

·  Forensic Imaging

·  Analyzing the Data

·  Development of "Exhibits" for Use in Court

Developing the Forensic Report and Related Exhibits

·  The Forensic Report as Evidence in a Court of Law

·  Approaches for the Development of the Forensic Report

·  Various Formats of the Forensic Report

Data Analytic

·  Introduction to Excel as an Audit Tool

·  Advantages of Using Excel for Data Analysis

·  Vendor Master Analysis

·  Detect Duplicate Vendors

·  Detect Vendors with same PO box, tel, email but different name

·  Detect Vendor Accounts opened on Holidays

·  Detect Vendors that have different name in Bank Payment Maste

Case Studies
Detect Money Laundering by Stock Brokers
Payroll Analysis - Detect Ghost Employees
Exercises
Q&A – Conclusion

Faculties : Renowned International Trainers :

Mr. Chetan D. Dalal, AGED 49
1.FCA :Fellow Chartered Accountant- (The Institute of Chartered Accountants of India (ICAI)),
2.CFE : Certified Fraud Examiner (Association of Fraud Examiners, ?USA)
First CFE in Mumbai and one out of a total of about 20 in India.
3. CIA : Certified Internal Auditor (Institute of Internal Auditors-USA)
4. CISA : Certified Information and Systems Auditor (Information Systems Audit and Control Association -USA)
Specialisation in Internal Audit, Fraud Detection and Investigations
Presently an investigation specialist operating from Mumbai, India. Served on the Board of the India Chapter of the Association of Certified Fraud Examiners during 2000-2004. Served in the past as a member of the Managing Committee of the India Merchants Chamber Banking Finance and Insurance Committee, and was also on the editorial board of the UK based magazine- Inside Fraud
Also provides Training for Fraud Detection and Investigation. Conducted workshops for the Institute of Chartered Accountants of India and Bombay Chartered Accountants Society.

Has completed BS 7799 Implementation Course in Apr’05 delivered by BSI Management Systems
Other Scholastic Achievements and additional areas of specialisation:
1. Tarneja Award for the best article on fraud in BMA in 2003
2. BCAS- P M Trivedi for the best feature on Standard Auditing Practice in 2002
3. First Rank and ?Excellence? grade in NIIT C Basic computer course, 1983
4. Economic Theory: Winner of merit award in Economic Theory in Bombay University, 1979

5. Winner of the Dinesh Himmatlal Shah Prize awarded by the ICAI India for the BEST PAPER IN AUDIT, November 1980 for Intermediate C.A. examination.
Research work and Authored Publications:
1.For Institute of Chartered Accountants of India (ICAI) (released by its Research Committee, New Delhi):
-Guidelines on detection of fraud

-Guidelines on Internal Audit of enterprises engaged in Advertising and Publicity
-Study on audit and certification in circumstances of Incomplete Records
-Detection of Frauds: Some case studies
-Novel and Unconventional methods for special audits and investigations

-Guidelines for Internal Audit of enterprises travel business
-Continuing professional education-research papers on Debtors and stocks
2.Western India Regional Council: Institute of Chartered Accountants of India:
Audit Practice and Procedures with special emphasis on detection of frauds and compliance with Accounting Standards
3. Bombay Chartered Accountants Society:
Use of Software in Audit

4. Novel and Conventional Methods in audit and investigation

- For internal publisher CCH- Wolters Kluwer

Training, presentations and research Papers, Articles and contributions by Chetan Dalal
(Articles on audit, audit tools and frauds)
Training in Forensic Accounting and Fraud Investigation

-  Khimji Ramdas Muscat

-  Marcus Evans Mumbai

-  Workshops for ICAI, BCAS

International presentations

-  Las Vegas- 2008 for the WVU

-  Chicago for the IIA

-  Abu Dhabi 2004 for the ICAI

-  Dubai, Muscat, Abudhabi for the respective chapters in 2004, 2007

Research papers released outside India

1. IT Audit Forum: USA: A global publication for internal auditors (www.itaudit.org)
Inside Fraud Fraud bulletin published from London, Geneva and New York.
2. Accountantsledger Canada : A global publication for accountants
3. Inside Fraud UK- UK based periodical on frauds and white collar crime
4. Internal auditing UK: A UK based journal for internal auditors
5. The white paper Journal of the US Association of Fraud Examiners
6. Fraud Newsletter London-UK (Management Audit school)

In India:

1. Business India: A corporate world information magazine, Monthly column entitled Accountancy , but articles on fraud
2. Bombay Chartered Accountants Society Journal, BCAS, A prestigious publication of the chartered accountants of Bombay, widely respected all over the country Monthly column for articles on Standard Auditing Practices
3. Saket Industrial Digest, An industrial information magazine covering a wide range of topics Column on Finance
Articles contributed on invitation:
4.The Chartered Accountant, Journal of the Institute of Chartered Accountants of India (ICAI) Article on Trojan Horse Frauds
5. The Newsletter (WIRC of the ICAI) Article on Inventory Frauds
6. Internal Audit Communique, A journal of the Institute of Internal Auditors , India Articles on Frauds
7. Economic Times, A daily economic and financial newspaper Article on White collar crime

K. K. Mookhey – Principal Consultant
Summary / Kanwal K. Mookhey (CISA, CISSP, CISM) is the Director – IT Services at CDIMS. He is an internationally well-regarded expert in the field of IT governance, information risk management, forensic fraud investigations, compliance, and business continuity. He has more than a decade of experience in this field, having worked with prestigious clients such as the The Indian Navy, United Nations, Abu Dhabi & Dubai Stock Exchanges, State Bank of India, Atos Origin, Saudi Telecom, World Customs Organization, Capgemini, Royal & Sun Alliance, and many others.
His skills and know-how encompass risk management, compliance, business continuity, application security, computer forensics, and penetration testing. He is well-versed with international standards such as COBIT, ISO 27001, PCI DSS, BS 25999, and ITIL / ISO 20000.
He is the author of two books (Linux Security And Controls by ISACA, and Metasploit Framework, by Syngress Publishing), and of numerous articles on information security. He has also presented at conferences such as OWASP, Blackhat, Interop, IT Underground and others.
Certifications / ·  Certified Information Systems Security Professional (CISSP)
·  Certified Information Systems Auditor (CISA)
·  Certified Information Security Manager (CISM)
·  BS 7799 Lead Implementor from BSI
Areas of Expertise / ·  IT Governance, Risk Management & Compliance
·  Penetration Testing
·  Fraud Investigations
·  Digital Forensics & Cyber Laws
·  Compliance
·  Security Architecture
·  Business Continuity and Disaster Recovery
·  Security Evangelism
·  Telecom and BFSI Security
Technical Skills / ·  Cryptography
·  TCP/IP Security
·  Telecom Security
·  Application Security & Secure Coding
·  Well-versed with security of numerous
o  Operating Systems
o  Databases
o  Firewalls
o  IDS/IPS
o  Security Event Management solutions
o  Data Leakage Prevention solutions
o  Identity Management solutions
o  Network Access Control solutions
o  Unified Threat Management solutions
o  Anti-virus and Anti-spam solutions
·  Digital forensics tools and techniques
·  Commercial and open-source security assessment tools
Other skills / ·  Strong communication and inter-personal skills
·  Strong project management skills and know-how
·  Public speaking and presentation skills
Training skills / Well-recognized as a trainer, and have won numerous accolades for hundreds of workshops conducted for prestigious clients such as
·  Reserve Bank of India
·  The Indian Navy
·  Institute of Chartered Accountants of India
·  ISACA Mumbai Chapter
Books / ·  Linux Security, Audit and Control Features, published by ISACA
·  Metasploit Framework – Syngress Publishing
·  The Ultimate Startup Guide
Security Articles & Research / Ø  Articles and Publications
·  Auditing IT Project Management
http://www.theiia.org/itaudit/features/in-depth-features-5-1-08/auditing-it-project-management/
IT Audit, by the Institute of Internal Auditors, May 2008
·  Key Strategies for Implementing ISO 27001
http://www.theiia.org/ITAuditArchive/?aid=2047&iid=440
IT Audit, by the Institute of Internal Auditors, February 2006
·  Evaluating Application Security Controls
http://www.theiia.org/ITAuditArchive/?aid=2682&iid=541
IT Audit, by the Institute of Internal Auditors, June 2007
·  Penetration Testing of IPSec VPNs
http://www.securityfocus.com/1821
·  Common Criteria – an overview
Information Systems Control Journal by ISACA, Volume 1, 2005
·  The Metasploit Framework (3-part article)
http://www.securityfocus.com/1789
·  Common Security Vulnerabilities in e-commerce systems
http://www.securityfocus.com/infocus/1775
·  Detection of SQL Injection and Cross-site Scripting Attacks
http://www.securityfocus.com/infocus/1768
·  Auditing Oracle Security
http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5509
·  Open Source Tools for Security and Control Assessment
Information Systems Control Journal by ISACA, Volume 1, 2004
·  Apache Security Controls and Auditing
Information Systems Control Journal by ISACA, Volume 5, 2003
Conferences / ·  “Penetration Testing vs. Source Code Review” at OWASP Asia 2009 – New Delhi
·  “Risk-based Penetration Testing” at OWASP Asia 2008 – Taiwan
·  Interop India 2009 – Wireless Security and Chair of Session on Network Access Control
·  “Cyber security for Netizens” at Bangalore Cyber Security Summit, 2009
·  “Digital Forensics in Fraud Investigation” at Seminar on Fraud and Forensic Accounting, Mumbai 2009
·  “Business Web Application Testing”, OWASP Asia 2008, Taiwan
·  “Web Application Security”, Networld+Interop, Las Vegas 2005
·  “Evasion and Detection of Web Application Attacks”, BlackHat USA, 2004
·  “VPN Security Assessment”, IT Underground 2005, Prague, Czech Republic
·  “Computer Forensics”, Seminar on “Fraud Management”, by Marcus Evans 2004, 2008, 2009
Press and Interviews / ·  Linux Security, Audit and Control Guidance Featured In New Book from Information Systems Audit and Control Association
·  “Neo has a new business model”, Economic Times, Front Page, 11th September 2004
a  http://infotech.indiatimes.com/articleshow/msid-847169,flstry-1.cms
·  “Tips for ferreting out vulnerable code”, Loop, August 2004
a  http://loop.interop.com/comments.php?id=217_0_1_0_C
·  “Security Assessment Methodology – Cover Story”, Network Magazine, December 2001
a  http://www.networkmagazineindia.com/200112/cover2.htm
·  “Linux Based Firewall Case Study”, March 2004
http://www.cxotoday.com/cxo/jsp/printstory.jsp?storyid=709
Testimonials / “KK and his team did a brilliant job in guiding us towards the 27001 certification. Their approach was very methodical and systematic right from the stage of gathering requirements in the initial stages to the documentation work and then trainings and audit readiness stages. In fact what I liked the most about KK's approach was that he focused on transferring his knowledge to us which has enabled us to sustain the improvements even without his involvement. They never restricted themselves to the scope of the contract. They were willing to that extra mile to make sure that it added business value to us.”
Prabhanjan Pandurang, Director Quality and Continuous Improvement, Integreon
“KK is a smart security professional and a great presenter as well.”
Anton Chuvakin, Director of PCI Compliance Solutions, Qualys
“Working with KK is a real pleasure. He has excellent management and analytical skills. He knows his job very well and is really good at managing customer expectations in a complex project environment.”
Hasan Qutbi, Partner, Solution Intelligence FZ LLC
“Kanwal is one of the most dynamic, innovative and hardworking induviduals I have met in the Information Security space. His past work and achievements speak for himself.”
Kartik Shinde, Manager, KPMG

CA P.R. Suresh CA. M. Devaraja Reddy

Secretary – SIRC of ICAI & Chairman – SIRC of ICAI

Chairman – Corporate Governance Committee