– sees need for Cyber-security Faculty in Guyana

THE Institute of Internal Auditors, Guyana Chapter, in collaboration with BDO Forensic Accounting Limited of Trinidad and Tobago, last week conducted its third and final Seminar/Workshop for the year on ‘IT Auditing’, moving progressively closer to developing a cadre of auditors and others who will be well versed in digital forensics and cyber-security.The workshop was held at Regency Suites, Hadfield Street, Georgetown, over two days – November 27 and 28 – and brought together more than 70 enthusiastic participants from more than 25 public service and public sector organizations, for an inspiring and brain-storming forum, on ‘Audting IT in Digital Forensics Environment’.

Computer forensics is basically a new concept in most of the Caribbean Islands where it has been introduced over the last five years. He said, whereas, previously financial fraud was committed, ‘on book’ today everything is put into a computerized system… “So we just have to be equipped with the tools to go into a computerized system to conduct the audits, and not just on paper anymore.” – Stephon Grey

The resource persons were BDO Director Stephon Grey, CFE, CICA and Sean Hoyte, MSc Forensic Information Technology, both of Trinidad and Tobago. The Trinidad BDO Forensic Accounting Ltd is a member of the UK-based BDO International Ltd.

In brief remarks to the gathering, Mr. John Seeram, Immediate past President of the IIA Guyana Chapter, said that as part of the Global IIA, the Guyana Chapter is required to engage in staff development training, as part of its education delivery programme.
He reminded the practising internal auditors that the Chapter has a major role to play in the development of their professional practice.
The first seminar conducted here for the year was on ‘Communication Skills for Auditors’, presented by Mr. Larry Kowlessar of the Trinidad and Tobago IIA Chapter. The second which addressed two-fold topics on “Forensic and Investigative Accounting” and “The Role of the Internal Auditor in detecting money laundering transactions”, was presented by Mr. Stephon Grey, Director, BDO Forensic Accounting, Trinidad and Tobago.
Meanwhile, Seon Hoyte, a cyber-security and anti-crime consultant private sector representative, was the presenter at this most recent seminar/workshop. Hoyte is also Managing Director of Cyber-Security and Anti-Crime Services Ltd (CSACS), a cycber-security and law enforcement training and investigations agency that provides training and consultancy services throughout Trinidad and Tobago.
BDO Forensic Accounting Ltd. provides customized in-house training for all personnel involved in accounting, auditing, compliance, investigations and anti-fraud duties. Its methodology is not limited to only identifying financial discrepancies, but also determining – who, what, where, when and how of each white collar crime, among other things.
Giving a brief synopsis of the programme, Director Stephon Grey, in an invited comment told the Guyana Chronicle: “What we are seeking to do is to guide them [the participants] through basic investigative steps in the IT and computerized environment, looking at cyber-crime, fraud and systems expertise.

‘On-book’ Auditing
Grey said computer forensics is basically a new concept in most of the Caribbean Islands where it has been introduced over the last five years. He said, whereas, previously financial fraud was committed, ‘on book’, today everything is put into a computerized system… “So we just have to be equipped with the tools to go into a computerized system to conduct the audits, and not just on paper anymore.”
With auditing, a sampling activity done by firms, auditors have been trained to conduct, more or less ‘on book’ exercises, so that the auditors might not necessarily pick up all or just any of the discrepancies. “But in most frauds, there is ‘on book’ and ‘off book’ elements involved,” he reasoned.
Grey said that since in auditing, the accountants work with just books, where a person having committed a crime would have ‘doctored’ the books to get the results they wanted, on paper, it may look as though that person is innocent. But if you interview them you might realize that they are telling a lie. Forensic auditing on the other hand looks at both ‘on book’ and ‘off book’ elements.

Forensic Auditing
Forensic accounting goes into the system, and based on an allegation or a hint – the forensic auditors go after everything, holistically, to find whether fraud has taken place.
Grey also made reference to computerized crimes, pointing to the use of the server to store information, and added that even such technology is being surpassed by what is known as ‘cloud computing’. Cloud computing is a a new paradigm that offers a huge amount of computer and storage resource to the masses. It offers internet-based storage for files, applications and infrastructure.
“But most firms now are going ‘cloud computing’. They don’t need a server to store their information, but send the information to cyberspace to store it. So if there is no server, you now have to know how to go to the Cloud to retrieve the information. So those are some of the new concepts, and technology is moving very fast. So it is all these technological advances that are causing the upsurge in cyber crimes. Thus we now have to teach the auditors the technology,” Grey said.

Cyber-security
And cyber-space security and anti-crime consultant, Sean Hoyte who conducted the seminars summed up: “The objective really is to sensitize people on cyber-crime and cyber-security. Crime is not only the police business; It is everybody’s business, so that is the aim today – to widen everyone’s scope on computer crimes, and have them understand how terrorists use technology to commit crimes, etc.”
Expressing satisfaction with the response by the participants, Hoyte said even though some participants would have been exposed to such concepts, they never went to the extent of the courtroom.
“A lot of persons know about IT; they know about auditing, but what we brought to the table today, is the forensic side of auditing, and IT. And when we say forensics, we mean ‘to the courts’. Forensics always ends up in court. It entails: How do we prepare and package evidence for court purposes; explaining it to a jury in a terms they would understand so we can secure conviction. So all this is in the aim of combating cyber-terrorism; white collar-crime, computer fraud, etc.”
And the next step for the participants: Hoyte noted that, as is the case with his students in Trinidad, he would recommend certain programmes they can pursue, but invariably, these will have to be done overseas. But the aim is to set up a Cyber-security Faculty in Guyana, which should be affordable and reachable to all the students/participants of the seminar.

Participants’ response
Meanwhile, participants have expressed being highly satisfied with the seminar/workshop and commented:
* “ This seminar/workshop is timely indeed for the country and for us as auditors because right now the country needs legislation concerning these cyber-crimes. People commit these crimes which might be considered ‘white collar crimes’ and naturally should be prosecuted.
* The seminar is so informative and it helps us so much – how to take care of the evidence; how to present it in court. So at the end of the day you can have results from whatever fraud is committed.
* The course is in direct response to the need for tracking down cyber- crimes. It is helpful because we are having a lot of these crimes, in regards to money laundering, money transfer, etc.
* Even though we would have discovered the fraud, while we may think you have enough evidence to take them to court, without the legislation we cannot.