Investigation-oriented forensic audit must become mainstream practice, says cyber security expert
Mysore/Mysuru: Forensic audit investigations are important as they help uncover the modus operandi of corporate misdoings such as embezzlement, bribes, extortion, fictitious transactions, kickbacks and conflict of interest, said Sanjay Sahay, Founder and Director, TechConPro Pvt Ltd., Bengaluru. He is a former IPS officer who served in the rank of ADGP, pro-public speaker, cyber security guru, thought leader and writer.
He was delivering a lecture on ‘cybercrime and forensic auditing: A new avenue of collaboration with digital forensics’ yesterday at the two-day 30th Annual State Conference of Karnataka Medico-Legal Society (KAMLSCON 2022). The conference, with the theme ‘Collaborative Forensics’ was inaugurated yesterday at Sri Rajendra Auditorium, JSS College of Pharmacy. The event was organised by the Department of Forensic Medicine and Toxicology, JSS Medical College.
Getting hacked is new normal
Forensic audits can also help locate or identify potential fraud and they are crucial as India has seen a rapid rise in cases related to fraud and white-collar crimes, he said. “Over 97 percent of the Fortune 500 companies have been hacked. Getting hacked is the new normal. Human factor is the weakest link in cybercrime. And digital battlefront will remain the real battle in days to come,” he explained. As ADGP, Sanjay Sahay created an Enterprise Resource Planning (ERP) software for Police Department, the Police IT, for Karnataka State Police and headed the Crime and Criminal Tracking Network and Systems (CCTNS) project since its inception. He single-handedly created all professional documentation pertaining to the project.
He also headed Communication and State Crime Records Bureau and has headed UN, Recruitment and Selection, for Kosovo Police Service at Pristina, Kosovo and was as a Regional Commander in the UN Peacekeeping Mission in Sudan. Sahay resigned from Police service in March 2020 and launched his own private enterprise.
Criticality of forensic audit
“The regular statutory audits brought us to a crossroad where the most important of the financial lapses went under the rug never to come out. Given insufficient time with a reasonably average workforce proved disastrous in the process of statutory audit and we all have seen what the audit did to global companies and the economy. Hence was born the science, art and commerce of forensic audit,” he explained.
Digital forensics is the process of storing, analysing, retrieving, and preserving electronic data that may be useful in an investigation. Digital medium includes (data from) hard drives in computers, mobile phones, smart appliances, vehicle navigation systems, electronic door locks, and other digital devices. Digital forensics is a well-established tool of cybercrime investigation and now also crimes, given the massive presence of this medium in every sphere, he said.
Data at the core of all operations
Data is at the core of all our modern-day company operations. Digital forensics is a branch of forensic science encompassing the recovery, investigation, examination and analysis of material found in digital devices, often in relation to mobile devices and computer crime. Collaboration with digital forensics is a necessity, not a choice, he said.
Digital forensics includes computer forensics, mobile device forensics, network forensics, database forensics, Internet Of Things forensics and cloud. Its features include evidence-based reasoning, objective and evidence seeking, reconstructing the story through complex data sources and there is no assumptions in digital investigation, he said.
Essential mainstream practice
“Forensic audit needs to become a mainstream practice and cannot be used as an umbrella when it rains. Otherwise, the scams of the day will never be out. There is forensics in everything in the technological age. Investigation-oriented forensic audit has done yeoman service to the profession and recognised the third eye of audit and also the technology needed to make it happen,” he noted.
The domain expertise with data tools applied on financial documents will reveal the frauds. As all information and data are digital, the gaps, patterns and clues exist in the cracks and crevices of databases and in digital storage and communication mediums on a variety of gadgets, tools and platforms including the cloud, Sanjay Sahay added.
Billions at stake
Global cyber crime is worth 1.5 trillion dollars a year; 860 billion dollars from illicit / illegal online markets; 500 billion dollars from intellectual property thefts; 160 billion dollars from data trading; 1.6 billion dollars from crimeware-as-a-service; 1 billion dollars from ransomware. —Sanjay Sahay, Cyber Security Guru and former IPS officer
This post was published on November 26, 2022 6:41 pm