Past few years have seen massive change in the way the business is conducted which is a substantial shift from paper form to Digital platform. The COVID situation has further forced the corporate to rely on the digital world. Today almost all the transactions take place in the digital platform. The digital world is growing rapidly and in the process is generating high-volume of digitized documents. The digital landscape is also connecting the world in a manner which could not have been imagined few decades back.
With ability to store unlimited amount of data than the conventional method of storing of data and getting connected to the world using the digital world more and more businesses from banking, manufacturing, agriculture as well as the public sector prefer to run their business from the digital platform.
When the corporate world is changing in a drastic manner and adopting the digital technology, it is imperative that the auditors who audits the financial statement of an enterprise cannot use conventional method for the purpose of audit of the financial statement. The auditors of the financial statement need to address the cyber attacks which has increased manifolds and the losses suffered by the organizations due to the cyber-attack. The method the data is stored and protected and the controls that are built has to be analyzed as per the auditing standard 300 – Planning an Audit of Financial Statement and SA 315 Identification of risk of material misstatement.
Further, the Companies Act, 2013 Section 143 subsection 12 places responsibility on the auditors to report fraud committed by its officers or employees. Thus, while doing the audit of the financial statement, the auditor should be aware of any reported fraud. Since the employees are becoming tech savvy and generally tend to use digital means to commit fraud, it becomes imperative for the auditors auditing the financial statement to collaborate with experts in digital forensics externally or internally in conducting the audit. The other method could be that the auditor of financial statement gains the requisite skills and knowledge and adopt them during the audit of the financial statement.
What is digital forensics?
Before we deal further, it is important to analyze the meaning of the term "Digital forensics". In a very plain language, the term digital forensics which is also known as computer forensics or cyber forensics, is a branch of digital science with main focus on the investigation and analytics to gather and preserve the digital information. A more structured definition by the Ec-council is "Digital forensic science is a branch of forensic science that focuses on the recovery and investigation of material found in digital devices related to cybercrime".
Digital Evidence / Cyber Evidence
One of the important considerations in the audit is the audit evidence through which the auditor generally draws conclusion on the financial statement. As per SA 500 & SA 501 relating to audit evidence and audit evidence for selected items respectively, it is important to consider the appropriateness and sufficiency of the audit evidence. In a digital world where the data is stores digitally, it becomes handle the digital evidence as these evidences are volatile in nature and prone to changes. It becomes utmost important to keep the digital evidence in its original state as during the time of the incident. This particularly is a challenge for the digital forensic specialist or the auditor during the acquisition that evidence. Following are the areas where the digital evidences can be obtained
- Internet history files
- Temporary internet files
- Slack / unallocated space
- Buddy lists, personal chat room records, P2P, other saved areas
- News group / club listings / posting
- File storage dates
- Software / hardware added
- File sharing ability
- Emails
Digital Forensics Procedure
Procedure followed in Digital Forensics includes:
1. Identifies the crime along with computer and other tools used to commit the fraud
- Needs to have proper authorization
- Review organization's policies and laws and build a team for investigation
2. Gathers evidence and builds suitable chain of custody
- Identify potential sources of data and acquire forensics data from them.
- A plan is developed to acquire data according to their importance
- Identification of the evidence must be preserved to maintain its integrity
3. On recovery of the data, he has to image, duplicate and replicate it and then analyze the duplicate evidence.
- Trace, filter and extract hidden data during the process
4. Expert evidence and then present the evidence in court
- Records the evidence of the data found out by each analysis component
- It records the time and provides the hash values of the collected evidence for the Chain of custody
Step by step method used to obtain digital evidence
- Shutdown the computer
- Document the hardware configuration of the system
- Transport the computer system to a secure location
- Make bit stream backup of the Hard disks and Floppy disks
- Mathematically verify the data on all storage device
- Document the system date and time
- Make a list of key search words
- Evaluate the windows swap file
- Evaluate file slack
- Evaluate unallocated Space
- Document file name, date and time
- Identify file, program and storage anomalies
- Evaluate program functionality
- Document your findings
Conclusion
With the fast-changing business environment and the fast-paced change in the technology and the way business is being conducted, it becomes important for the auditors to also keep in pace with the rapid changes taking place and adopt technology while conducting audits. The role of experts or gaining expertise knowledge has become imperative for the conduct of audit. SA 620 - Using the work of an Auditor's expert gains paramount importance while auditing the financial statement to dive deep into and move beyond the figures in the financial statements.