1 / 29

Information Technology Audit and Fraud Prevention Among Commercial Banks in Kenya

Information Technology Audit and Fraud Prevention Among Commercial Banks in Kenya. By Joel K. Lelei , Dr. Peterson Obara Magutu , and Julia M. Ndungu AIBUMA 2014 Conference- 11 th July, 2014. Introduction.

tana
Télécharger la présentation

Information Technology Audit and Fraud Prevention Among Commercial Banks in Kenya

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Technology Audit and Fraud Prevention Among Commercial Banks in Kenya By Joel K. Lelei, Dr. Peterson ObaraMagutu, and Julia M. Ndungu AIBUMA 2014 Conference- 11th July, 2014

  2. Introduction In recent years, there has been an increase in technological innovation in Kenya commercial banks. Significant milestones that have been achieved in the Kenyan banking industry include: • Cheque Truncation System • Real Time Gross Settlement Scheme • Automation of the Clearing House • Sharing of data through Credit Reference Bureaus • Sharing of Automated Teller Machine (ATM) networks between banks • Mobile Banking • Internet Banking (www.kba.co.ke)

  3. Why is there an increase in technological innovation? Use of technology has resulted in: Pros • Increase in the speed of transacting • Convenience • Enhanced operational efficiencies • Competitive advantage Cons • Surge in electronic fraud • There is more dependency on vendors due to outsourced IT services • A lot of integration resulting to complex systems

  4. Why a study in Electronic Fraud? The Banking Industry has more cases of frauds as compared to other industries (www.acfe.org). Definition: Electronic fraud occurs where: • IT equipment is used to manipulate programs or data dishonestly. • An IT system becomes a substantial factor in the perpetration of fraud. (KRAAC Policy, 2006)

  5. What is the Magnitude of Fraud among Kenyan Commercial Banks? - Banking fraud had tripled between 2009 and 2010, and banks had lost Kes 3B through fraud (Deloitte, 2011). In December 2010 alone, Kes 500M was lost (Mukinda, 2011). - In 2012, Kes 1.12B was stolen (BFIU).

  6. Study Objectives • Determine the extent of IT related fraud in Kenyan commercial banks. • Establish the countermeasures implemented in preventing fraud through IT auditing in Kenyan commercial banks. • Establish the challenges faced during IT auditing by the IS auditor in Kenyan commercial banks. • Determine the relationship between IT auditing and fraud prevention in Kenyan commercial banks.

  7. Is Electronic Fraud Rampant in Kenya? Pricewaterhouse Coopers – Year 2011 survey on fraud in the Kenyan market indicated: • 9% increase in levels of computer related fraud in 2011 as compared to 2009. • 34% of the respondents had a experienced a computer network related fraud. BFIU report for the period April to June 2013 indicated that electronic crimes continue to be widespread compared to other types of fraud.

  8. Findings from the Study… Extent of IT Related Frauds in Kenya: All the respondents (83.72% of the population) had encountered IT related fraud, as follows:

  9. Extent of IT Related Frauds in Kenya……(cont’d)

  10. Extent of IT Related Frauds in Kenya……(cont’d) These data was subjected to factor analysis and resulted into 4 main factors, as follows:

  11. Extent of IT Related Frauds in Kenya……(cont’d)

  12. Extent of IT Related Frauds in Kenya……(cont’d)

  13. How are Banks Addressing IT Related Fraud? CBK Risk Management Guidelines- January 2013 • IT Risk Management Framework - Documentation of ICT risk management strategies and policies - Effective IT audit of ICT Risk Management

  14. IT Auditing - It is both a detective and preventive measure against fraud. - Involves collecting and evaluating audit evidence by the IS auditor to determine whether IT systems are designed to preserve data integrity and safeguarding of organization’s assets (INTOSAI, 2008).

  15. Detective Approaches Employed by the IS Auditor

  16. Detective Approaches Employed by the IS Auditor…….(cont’d)

  17. Detective Approaches Employed by the IS Auditor…….(cont’d) These data was subjected to factor analysis and resulted into 3 main factors, as follows:

  18. Detective Approaches Employed by the IS Auditor…….(cont’d)

  19. Preventive Audit Strategies Employed by the IS Auditor

  20. Preventive Audit Strategies Employed by the IS Auditor (cont’d)

  21. Preventive Audit Strategies Employed by the IS Auditor (cont’d) These data was subjected to factor analysis and resulted into 5 main factors, as follows:

  22. Preventive Audit Strategies Employed by the IS Auditor (cont’d)

  23. Preventive Audit Strategies Employed by the IS Auditor (cont’d)

  24. Challenges faced by the IS Auditor while Auditing

  25. Challenges faced by the IS Auditor while Auditing….(cont’d)

  26. Is there a relationship between IT Auditing and Fraud Prevention? Great Extent- 61% of the respondents Very Great Extent- 39% of the respondents IS auditors further advised that if the challenges they faced were addressed, then IT related fraud would decrease. Regression analysis was performed on the data collected to establish if this was correct, which resulted to the following equation.

  27. Is there a relationship between IT Auditing and Fraud Prevention? There is a relationship between the extent of fraud prevention on one hand and on the other hand management support, skills, time allocated and use of tools in IT audit.

  28. Conclusion • Commercial banks in Kenya have encountered IT related fraud. • Banks should therefore continue enforcing detection and preventive approaches in curbing IT related fraud. • There is a significant relationship between IT auditing and fraud prevention. • Challenges faced by the IS auditors that hinder their effectiveness in early detection and prevention of fraud, need to be addressed.

  29. Suggestion for Further Studies Further research needs to be done in other industries such as: • Forex Bureaus • Mortgage Banks • Micro Finance Institutions • Pension Funds Thank You

More Related