ACCOUNTANCY PROFESSION
Compiled by Allaam Ousman
DIGITAL ACCOUNTABILITY
Ashane Jayasekara delves into forensic accounting and digital forensics
Q: What are the key features and differences between forensic accounting and digital forensics? And are these areas interrelated?
A: Yes, these areas are interrelated. When forensic accounting investigations are carried out, digital forensic tools and techniques may be utilised in collecting and analysing evidence in electronic form.
Moreover, forensic accounting involves the use of one’s professional accountancy, audit and investigative skills to examine financial records to collect information or evidence that can be used in court proceedings.
On the other hand, digital forensics entails the preservation, acquisition, extraction, analysis and presentation of information obtained from digital media.
It refers to the use of scientifically tested tools, techniques and methodologies in identifying forensic digital artefacts that can be used as evidence in court proceedings. This involves the use of forensic hardware and software tools.
Q: Forensic accounting has two major components – namely, litigation support and investigative accounting. What is more prevalent in Sri Lanka, based on your experience?
A: Both these components are prevalent in the local context to a certain extent.
However, I believe that forensic audits are carried out mainly to support investigations and assist lawyers in court hearings.
Given the increase in fraudulent financial reporting to mislead stakeholders, the demand for forensic accounting services has increased over the past few years.
Q: Could you shed light on the latest trends in the digital forensics sphere? And in what ways have technological advances impacted this area?
A: Digital forensics is greatly impacted by advances in technology such as cloud computing, the internet of things (IoT), AI, big data and so on.
Over the past few years, we’ve seen many companies shift to cloud environments. This is because cloud computing offers many benefits such as scalability, cost effective solutions and business continuity.
As such, cloud forensics has gained significant interest.
Traditional IT environments had their infrastructure on the premises. Data processing, storage and internal incident management processes were carried out on premises and incident responses were handled by an internal team. In cloud settings, IT infrastructure is managed and controlled by cloud service providers.
This poses numerous challenges for digital forensic experts.
The victimised company may not have access to the infrastructure, and could be entirely dependent on its cloud service provider to collect and extract relevant evidence. However, the service provider may not provide the log reports required to recreate and analyse the sequence of events when a security breach or attack occurs.
Apart from these challenges, there are also issues regarding a high degree of virtualisation, data duplication and jurisdictional aspects. Data stored across multiple jurisdictions reduces the control and visibility of forensic experts.
From a legal perspective, it’s important to develop agreements and regulations to ensure that digital forensics methods don’t breach regulations and laws. And from a technical perspective, some of the challenges posed by advances in technology involve complex encryption algorithms, large volumes of data and incompatibility among tools.
The IoT is defined as a network of interconnected electronic devices that have senses and are used to execute numerous tasks. Key IoT devices include wearables, smart home appliances and devices in vehicles. These digital media provide a rich source of evidence.
IoT systems are also subjected to attacks like the destruction of IoT networks, denial of service (DoS) and ransomware. Therefore, IoT forensics is carried out by digital forensic experts.
The preservation and extraction of data from IoT enabled services and devices can present numerous challenges to the forensic expert, in terms of capacity, security, protocol, data formats and physical interface challenges, which complicates the evidence extraction process.
Q: How do forensic accountants gather evidence – and what are the limitations they face in this endeavour?
A: To gather evidence, the first step would be identifying potential sources of evidence. Once this is done, the forensic auditor must acquire the data lawfully – and follow the correct protocols to extract, analyse the data and present the evidence.
A lack of access to relevant data for accurate fact finding as well as to individuals – especially third parties – poses significant limitations for the forensic auditor.
There’s also a challenge in finding the right people with the advanced skills sets required for digital forensics.
Q: And what are the skills required to pursue a career as a forensic accountant?
A: To be a good forensic accountant, you need to be very thorough in accountancy and auditing.
A professionally qualified accountant with an audit and investigative background would suit this role. The ability to analyse data and think critically is also very important.
