**2.1 Risk analysis**

Auditing begins with the identification and evaluation of risks associated with fraud and corruption in the organization. Factors such as organizational culture, internal controls, procurement and purchasing processes, and financial transactions are examined to determine the areas of greatest vulnerability. For fraud analysis, the risk of fraudulent activities in an organization is evaluated. Areas of repetitive risk are identified, existing controls are evaluated, transactions and unusual patterns are analyzed, and fraud indicators and other risk factors are considered. Risk is quantified, risk treatment is performed, mitigation strategies are developed, and additional controls are implemented for subsequent application. The process is continuous and requires periodic review and updating. "Audit risks focus on material misstatement," as stated by Cruz [5], emphasizing that risks focus on material misstatement, which is part of the analysis identifying and generating indications of fraud because of failed processes.

## **2.2 Compliance testing**

Auditing focuses on verifying compliance with policies, procedures, and relevant laws to prevent fraud and corruption. Documents, contracts, accounting records, and other records are reviewed to identify possible irregularities. To achieve compliance, it is necessary for corporate governance to have the willingness to establish a policy that allows, if necessary, the hiring of a compliance officer who trains personnel and ensures the periodic enforcement of deficient processes that repeatedly lead to fraud. Without this commitment, little can be achieved by solely evaluating control. This compliance activity is part of the responsibility of how managers promote control as a policy for change.

### **2.3 Substantive testing**

Substantive testing is conducted to detect unusual or fraudulent transactions. This may involve a detailed review of invoices, receipts, bank statements, and other documentary evidence to identify possible deviations or manipulations. Substantive testing is a tool used in fraud detection. It is applied to identify transactions or events that could indicate the existence of fraudulent activities. These tests are based on the identification of significant deviations, anomalous patterns, or unusual discrepancies in financial or operational data. By performing these tests, the goal is to highlight elements that cannot be explained by normal circumstances or random fluctuations. Careful interpretation of the results of these tests can help focus on more detailed investigations and reveal possible hidden frauds.

## **2.4 Data analysis**

The use of data analysis tools can help identify suspicious patterns and trends that may indicate the existence of fraud or corruption. By analyzing large volumes of financial and operational data, anomalies, duplications, fictitious transactions, or other indications of irregularities can be detected. It is important to focus on standards in the case of processes and on the organization's historical data. Data analysis is a powerful tool in auditing that allows for the efficient and effective examination of large volumes of information. By applying data analysis techniques such as statistical sampling, trend analysis, anomaly detection, and data mining, auditors can

identify patterns, irregularities, and potential frauds. These tools help improve the accuracy and thoroughness of audits while enabling a more proactive and data-driven approach. Data analysis in auditing provides greater confidence in detecting errors and fraud, and facilitates timely, informed decision-making.

### **2.5 Training and awareness**

Auditing may include training and awareness programs on fraud and corruption targeted at the organization's audit staff, becoming an integral part of the control activity. These preventive educational programs help promote a culture of integrity and ethics and provide guidance on the detection and prevention of fraudulent behavior. Training and awareness are fundamental tools in auditing to strengthen internal controls and prevent fraud [6]. Through training, employees are provided with the necessary skills and knowledge to recognize warning signs, understand associated risks, and comply with established policies and procedures. Additionally, ethics and compliance awareness promote an organizational culture based on values and transparency [7]. This encourages early detection of irregularities, fosters collaboration with internal and external auditors, and promotes greater accountability and commitment from all members of the organization in fraud prevention and detection. Finally, it is important to emphasize that auditing applied to fraud and corruption should be carried out by professionals specialized in forensic investigations and regulatory compliance. Additionally, it is essential to have an organizational environment that supports the auditing process and does not hinder its work. Similarly, transparency and accountability should be promoted within the organization.
