Article Ashleigh Butler

The Forensic Audit Procedure


A forensic audit is an examination of a company’s financial records in order to derive evidence which can be used in legal proceeding. Forensic accounting, forensic auditing or financial forensics is “the specialty practice area of accounting that describes engagements that result from actual or anticipated disputes or litigation”.

Forensic investigations and forensic auditing have become an important tool for the business and legal environment, to ensure the integrity of company finances. 

Unlike a regular audit, where the objective is to ensure the true and fair presentation of financial statements, a forensic audit involves accounting skills to investigate fraud, misappropriation, embezzlement, or theft and to analyse the financial information in relation thereto. 

Thus, a forensic audit includes additional steps which are required to be performed by the auditor, in addition to the regular audit procedures. 

Financial forensic audits fall into several categories, including damages calculations, whether suffered through delict or breach of contract, post-acquisition disputes such as earn-outs or breaches of warranties, insolvency and reorganization.

Forensic audits may also be performed to investigate specific frauds, such as tax-fraud, money laundering, business valuation and computer forensics or e-discovery. 

Certain forensic accountants specialise further in forensic analytics, which is the procurement and analysis of electronic data to reconstruct, detect or otherwise support a claim of financial fraud.


During the process of investigating and whilst conducting a forensic audit, an auditor is appointed for purposes of identifying fraud patterns and trends through reviewing electronic, digital and other evidence. 

Accordingly, an auditor would look out for, inter alia, the following: 

Conflict of interests – When a person uses his/her influence for personal gains which are detrimental to the company. For example, if an employee allows or approves inaccurate expenditure. 

Bribery – Offering money to get things done or influence a situation in favour of someone else.

Extortion – Where a person or entity demands money in order to award a contract or a benefit.

Asset Misappropriation – Misappropriation of cash, creating fake invoices, payments made to non-existing suppliers or employees or entities, misuse of assets, or theft of Inventory.

Financial statement fraud – Fraud is committed when a company fraudulently portrays their financial position and performance as better than what it actually is, or by failing to apply the requisite financial reporting standards. The aim of presenting fraudulent accounting records is to improve liquidity, ensure top management, continue receiving bonuses, or to deal with pressure for market performance.


A forensic accountant typically holds the following qualifications: 

CA (SA) – Chartered Accountant, registered in accordance with the South African Institute of Chartered Accountants (SAICA), which is the pre-eminent accountancy body in South Africa;

Certified Forensic Accounting, accredited by the Institute of Commercial Forensic Practitioners, the South African Institute of Chartered Accountants and the Chartered Institute of Management Accountants, in terms of SAICA and CIMA;

Certified Public Accountant (CPA) qualification. They may be involved into both litigation support (providing assistance on a given case, primarily related to the calculation or estimation of economic damages and related issues) and investigative accounting, namely looking into illegal activities;

LLB- Bachelor of Laws.


A forensic auditor is required to have special training in forensic audit techniques and in the legalities of accounting issues.

A forensic audit has additional steps that need to be performed in addition to regular audit procedures, including the following:

Planning the investigation – The auditor is required to understand what the focus of the audit is. For example, possible fraud may be suspected. The forensic auditor will plan their investigation to achieve objectives such as:

  • Identify what fraud, if any, is being carried out;
  • Determine the time period during which the fraud has occurred;
  • Discover how the fraud was concealed;
  • Identify the perpetrators of the fraud;
  • Quantify the loss suffered due to the fraud;
  • Gather relevant evidence that is admissible in the court;
  • Suggest measures that can prevent such frauds in the company in future.

Collecting Evidence – By the conclusion of the audit, the forensic auditor is required to understand the possible type of fraud that has been carried out and how it has been committed. The evidence collected should be adequate enough to prove the identity of the accused, the details of the fraud scheme, and document the amount of financial loss suffered and the parties affected by the fraud.

A logical flow of evidence will help the court in understanding the fraud and the evidence presented. 

Forensic auditors are required to take precautions to ensure that documents and other evidence collected are not damaged or altered by anyone.

Common techniques used for collecting evidence in a forensic audit include the following:

  • Substantive techniques – For example, doing a reconciliation, review of documents, etc
  • Analytical procedures – Used to compare trends over a certain time period or to get comparative data from different segments
  • Computer-assisted audit techniques – Computer software programs that can be used to identify fraud
  • Understanding internal controls and testing them so as to understand the loopholes which allowed the fraud to be perpetrated.
  • Interviewing the suspect(s)

Reporting – A report is required so that same can be presented to the court, detailing the fraud. The report should include the findings of the investigation, a summary of the evidence, an explanation of how the fraud was perpetrated, and suggestions on how internal controls can be improved to prevent such frauds in the future.

Court Proceedings – The forensic auditor needs to be present during court proceedings to explain the evidence which was collected and how such information was identified. An Auditor must be able to simplify the complex accounting issues and explain in layman’s terms to the court, so that any persons who have no or little understanding of the accounting terms can still understand the fraud that was carried out.


In light of the above, it is evident that a forensic audit is a detailed engagement which requires the expertise of both accounting and auditing procedures, as well as expert knowledge regarding the legal framework. 

A forensic auditor is required to have a detailed understanding of various frauds that can be carried out and of how evidence needs to be collected, interpreted and presented in court.

Article Justin Sloane Tayla Bruce

The Role of Forensic Evidence in Court Proceedings


Fraud and corruption continue to threaten the success of business entities within South Africa. To add to this, the ever-evolving advancements of information technology contribute to the ease in which perpetrators perform fraudulent activities and conceal their transgressions. This leaves entities susceptible to exploits and crimes that are bound to have damaging financial effects on the functioning and continuation of the business.

Forensic auditing thus contemplates an investigation into an entity’s financial and legal affairs, in an effort to uncover suspicious fraudulent activities that may have taken place within such entity. 1  

Such investigations and the findings that transpire, may thereafter be used in legal proceedings instituted in order to prosecute a party for the financial crimes and/or fraudulent conduct perpetrated and recover the funds through the civil courts.

1 Van Wyk, A. C.; Vorster, J. Legal Challenges Facing Forensic Auditing. Available from: (03/08/2020)


It is vital that the collection of evidence in a forensic audit be considered admissible by a court of law, should the entity decide to prosecute the perpetrator/s of such fraudulent conduct. The forensic auditor is thus obliged to ensure that the methods used in the conduct of its investigation falls within the confines of the law of evidence. Accordingly, the role of a forensic auditor may be summarised to include the: 2

  1. identification of offenders;
  2. identification of the means used and time period of the fraud;
  3. determination of the financial impact of such fraud on the entity;
  4. collection of evidence to allow the entity to take action against the perpetrator/s; and 
  5. advising the entity on the corrective action that may be taken in respect of the failed controls of the entity. 

2 Barlow, P. Helberg, S. Large, N. Le Roux, K. 1995. The Business Approach To Internal Auditing. Juta & Co, Ltd. Kenwyn Pg. 37 – 38)

While information technology may be used in the commission and concealment of fraud, it may also be effectively used by a forensic auditor in an attempt to detect possible fraud in an organisation. Technology allows for data analysis to be computerised and applied across an entity’s entire company database, in order to detect transgressions. The reports that are generated by such technology progresses a forensic auditor’s understanding of the business of an entity. This automated method contributes to the conservation of time, resources and audit costs contemplated in the forensic audit. 3


The admissibility of evidence, as discovered through a forensic audit, is imperative to the success or failure in the prosecution of perpetrators. Computer generated evidence is considered as ‘hearsay’ evidence in South African courts and, as such, is considered as inadmissible, unless the person upon whose credibility the probative value of such evidence depends, testifies at such proceedings. 4

3 Lanza, R. “How to Use a New Computer Audit Fraud Prevention and Detection Tool“.
4 Section 3(1) of the Law of Evidence Amendment Act 45 of 1988

Accordingly, unless the forensic evidence can be attested to by the individual responsible for generating the data, the courts will deem such evidence inadmissible. It is common that information technology professionals who assist forensic auditors will be required to attest to the accuracy and dependability of the computer-generated evidence in a court of law.

Furthermore, section 3(1) of the Law of Evidence Amendment Act 45 of 1988 (“the Act”) provides that hearsay evidence shall not be admitted as evidence at civil or criminal proceedings, unless the court regards the admission of same to be within the interests of justice. The Electronic Communications and Transactions Act 25 of 2002 (“the ECTA”), which also governs computer evidence in South Africa, provides that the reliability of evidence is largely dependent on the following factors:

  1. the manner in which the evidence was generated, stored or communicated;
  2. the reliability of the manner in which the veracity of the evidence was maintained; 
  3. the identification of the originator; and
  4. other relevant factors.

Additionally, a court is likely to take into account the interference in the custody of such forensic evidence, in assessing whether the admission of same could be prejudicial to a litigating party.

It is evident that a litigating party will need to establish one of the above exceptions, in order to render forensic evidence admissible before a court. However, notwithstanding the general inadmissibility of computer evidence, it is submitted that electronic data is often extremely steadfast and should be conferred the appropriate weight by the South African courts. 


The boom in technological development undoubtedly caters for the success of an entity’s business, but also contributes heavily to the ease in which fraudulent activities may be conducted in such entity.

Employing the services of a forensic auditor, who is well-versed in the intricacies of information technology can only assist in the expedited prosecution of perpetrators and the subsequent recovery of any financial losses suffered as a result of their conduct. However, as evidenced above, it is crucial that a forensic auditor is kept abreast of the South African laws of evidence, in order to ensure that the discovered evidence may be effectively used in a court of law. 

This is the very basis upon which Schindlers Forensics is established. As such, it is advisable that, when requiring assistance in forensic investigations, that you employ a multidisciplinary team, who understands the workings of auditing, accounting and law, in order to propose tailored solutions and recommendations to ensure compliance and prevent commercial crime within your entity. 

Article Jarrod Van Der Heever Justin Sloane

Digital Forensics: An Overview


Technology, the internet, data it has all become inextricably linked to the majority of our lives. The rise of technology has revolutionized and molded the world in which we live today whilst simultaneously creating new obstacles and threats businesses and individuals should be aware of. 

Digital forensics can be defined as:

The use of scientifically derived and proven methods toward the preservation, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.1 

1 Gary L Palmer. (2001). A Road Map for Digital Forensic Research. Technical Report DTR-T0010- 01, DFRWS.

To put this simply, digital forensics involves the investigation of electronic devices including computers, mobile phones, storage devices (hard drives and memory cards), which have been utilized in an illegal or unauthorized manner. The purpose of this article is to provide some insight into what digital forensics is, why it has become so important in the modern world and an overview of digital forensic procedures.


The emergence of the internet and technology has led to the emergence of new crimes and has prohibited practices which can be committed in the online world. Similarly, electronic devices, such as, cellphones and laptops have been used to store data, which has either been obtained illegally (through hacking or phishing scams for example) or which proves an offence has been committed (video footage of an incident).

The importance of digital forensics includes, but is not limited to, the following: 

  • Digital forensics may act as a preventative tool against certain malicious events being committed against an individual or company;
  • It assists in identifying those involved in the commission of an offence and assists in tracing the events which lead to the commission of an offence;
  • Digital forensics assist in securing convictions against those who have committed “cybercrimes”; and
  • Digital Forensics assists in educating individuals and improving awareness about the risks and vulnerabilities posed within the online world.

    Digital forensics acts not only as an important reactive tool which may be employed once an offence has been committed but it further acts as a proactive tool which may be used by companies and individuals to ensure they are adequately protected from any malicious digital conduct.

Digital forensics has become an important tool in the prosecution of criminal offences, where once the relevant data has been extracted and analysed, it may be presented as evidence in court. This will often take the form of a report compiled by the forensic investigator and may even require the investigator to give oral evidence during the trial, wherein they will explain the report and how they came to their findings. 

Companies and individuals store majority of their sensitive information, such as, banking details, trade secrets and intellectual property information on electronic platforms. Digital forensics has and will continue to become increasingly important as this information needs to be protected from falling into the wrong hands. 


Currently, there exists no standardized procedure which is adopted uniformly when digital forensic investigations are being conducted. Although, there exists a need for a standardized procedure, it may be better that a more flexible approach is adopted due to the rapid advancements in technology over the years. 

There are, however, certain procedures which have been adopted over the years incorporating various phases within the forensic procedure to ensure optimum results are achieved. In general, the process of digital forensics incorporates four stages, namely:

  1. Preservation – this stage is primarily aimed at preventing any conduct which may prevent digital information being collected. It entails certain activities such as preventing individuals from using electronic devices, preventing and halting deletion processes and identifying the safest manner in which the relevant data may be collected.
  2. Collection – this stage includes both the physical removal of electronic devices as well as the extraction of data from these devices. It is important that this is done in a manner which maintains the integrity of the data.
  3. Examination – this stage consists of a search which is conducted on the electronic devices in a manner which systematically identifies and extracts the data which may be relevant to the investigation. This will entail the extraction of log files, relevant data files, etc.
  4. Analysis – this stage, in essence, involves an analysis of the information which has been extracted and drawing conclusions therefrom in relation to the specific investigation being conducted.
  5. Reporting – this is the final stage, which requires the forensic investigator to prepare a report which details their findings and conclusions, drawn from their forensic investigation and, if necessary, presenting such evidence in court. 

The above outlines the general investigative process which is found in digital forensic investigations; however, certain specific digital forensic procedures may incorporate variations to the stages outlined above or certain additions thereto. By way of example, the Integrated Digital Investigation Model consists of various phases, such as: 

  1. Readiness Phase;
  2. Deployment Phase;
  3. Physical Crime Scene Investigation Phases; 
  4. Digital Crime Scene Investigation Phases; and 
  5. Review Phase. 

    Whilst the process adopted in each unique digital forensic procedure exceeds the bounds of this article the above serves to show the variety of procedures which may be adopted during a digital forensic investigation.


Nobody can be certain what the future may hold, however, it is expected that digital forensics may become even more prevalent in South Africa in the years to come. In 2017 the Cybercrime and Cybersecurity Bill B6 (“the Bill”) was presented which seeks to give effect to a number of cybercrimes. 

The Bill primarily deals with crimes involving data such as the unlawful accessing and obtaining of data which becomes a criminal offence under the Bill. Unlawfully acquiring another individual’s password and using data for unlawful purposes will further become a criminal offence.

The Bill proposes procedures and seeks to enable the South African Police Services to investigate, as well as search and seize data and devices, which have been used in cybercrimes. Cybercrimes are currently investigated in accordance with the Criminal Procedure Act 51 of 1997, however, this position will change when/if the Bill becomes legislation. 

Whilst the Bill is only draft legislation currently, should the Bill be enacted digital forensics will become increasingly important in giving effect to the Bill. Digital forensics will be utilized to investigate the crimes which have been perpetrated in terms of the Bill. This will undoubtedly increase the prevalence of digital forensics not only within the private sphere but also within the public sphere as government develops and adopts their own digital forensic investigation procedures. 

COVID-19 has forced many individuals to work remotely where possible, communicating with their colleagues exclusively through electronic platforms, such as, emails, Zoom, Microsoft teams etc. It has been speculated that many businesses may seek to adopt remote working measures even once a vaccine or cure for COVID-19 has been found. 

This will create an even greater reliance on technological means of communicating, and transfer data and so this may create further risks and security requirements for such communications of transfers. Digital forensics will allow one to test and identify weaknesses in a company’s online systems and ensure they are protected to the fullest extent. 

Finally, given the rapid increase in technology which has occurred in recent history and which will continue in the future, the developments of such technology will require adequate digital forensic mechanisms to ensure all measures are taken for the safety of a company/individual’s data. The importance of digital forensics cannot be understated and as can be seen from the above this importance will likely continue to grow in the near future. 


As technology advances, so too will digital forensics which will become more advanced, accurate and prevalent in our society. As the importance of digital forensics increases individuals will be required to gain a knowledge into the practice to ensure they are adopting the most effective measures within their organizations or personal lives. 

Digital forensics will further become an increasingly important tool in investigating crimes and other malicious practices which have been committed against an individual or company. 

The purpose of this article is to shed some light on digital forensics and the practices which are utilized in this process in an attempt to provide the reader with a basic knowledge as to what digital forensics entails. 

Schindlers Forensics has a wide array of experience which will prove to be essential in conducting in any digital forensic investigation which investigation will be tailored to your own personal needs. Should you require assistance please do not hesitate to contact us.