june 21, 2007andrea st. rose & associates fraud risk & the audit committee presented by...
Post on 19-Dec-2015
215 Views
Preview:
TRANSCRIPT
June 21, 2007 Andrea St. Rose & Associates
FRAUD RISK & THE AUDIT COMMITTEE
Presented by Andrea St.Rose, LLB(Hons),
FCIS,CFE,MBA,CGA,CABay Gardens Hotel – JUNE 22, 2007
21/06/2007
FRAUD RISK & THE AUDIT COMMITTEE
1. The Internal Audit Function1. The Internal Audit Function
2. Risk Management and Internal Audit2. Risk Management and Internal Audit
3. Fraud – An Overview3. Fraud – An Overview
4. Categories of Occupational Fraud and Abuse4. Categories of Occupational Fraud and Abuse
Agenda
21/06/2007
FRAUD RISK & THE AUDIT COMMITTEE
5. Fraud Red Flags5. Fraud Red Flags
6. Fraud Prevention Programs 6. Fraud Prevention Programs
8. Conclusion 8. Conclusion
Agenda
7. ACFE’ s Annual Fraud Check Up
21/06/2007
FRAUD RISK & THE AUDIT COMMITTEE
9. Case Studies in Detection and Prevention9. Case Studies in Detection and Prevention
10. ACFE’s Annual Fraud Check Up10. ACFE’s Annual Fraud Check Up
11. Wrap up – Questions and Answers11. Wrap up – Questions and Answers
Agenda
21/06/2007
Fraud Risk & The Audit Committee
What is Internal Audit?
Internal Audit is an independent, objective, assurance and consulting activity designed to add value and improve the operations of an organization. ( The IIA)
21/06/2007
FRAUD RISK & THE AUDIT COMMITTEE
How is value added?
Conducts risk-based reviews of an organization’s business activities providing assessments and comments on risk management techniques/ internal controls and governance processes.
Works consultatively with management to ensure risk management issues are addressed.
Provides constructive recommendations.
21/06/2007
Risk Management and Internal Audit
The Institute of Internal Auditors
ECCB Guidelines
Sarbanes-Oxley Act - USA
21/06/2007
Risk Management and Internal Audit
The IIAIIA Performance Standard 2100
“The internal audit activity should evaluate and contribute to the improvement of risk management, control and governance processes using a systematic and discipines approach” ( Source: The IIA).
21/06/2007
Risk Management and Internal Audit
The IIA IIA Performance Standard 2110
“The Internal Audit activity should assist the organisation by identifying and evaluating significant exposures to risk”.
(Source: The IIA)
21/06/2007
Risk Management and Internal Audit
ECCB - Guidelines For Internal Auditing of Institutions Licensed Under The Banking Act (Sec.7.0)
“ An Internal Audit function in the financial institution assists management in evaluating and improving the risk management, control and governance systems”.
(Source: ECCB)
21/06/2007
Risk Management and Internal Audit
RISK Management
Decisions to accept exposure or to reduce vulnerabilities by either mitigating the risks or applying cost effective controls.(Source: www.utmb.edu/is/security/glossary.htm )
21/06/2007
Risk Management and Internal Audit
What are some of the vulnerabilities that an organisation faces?
Business Continuity Liquidity Risk Market Risk Fraud Risk
21/06/2007
Risk Management and Internal Audit
The IIA Standards and Fraud Risk
Sec 1210.A.2
The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. (Source: The IIA)
21/06/2007
Risk Management and Internal Audit
Standard External Auditors’ Report
Management’s Responsibilities – ( paragraph)
“ this responsibilities include designing,implementing,and maintaining internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to FRAUD or ERROR….”
21/06/2007
Risk Management and Internal Audit
Sarbanes –Oxley Act ( USA)
Section 404
As a deterrence to fraudulent financial reporting, the Act requires CFO and CEO of public companies to personally certify their quarterly and annual Sec filings.
21/06/2007
FRAUD – AN OVERIEW
FRAUD – What is it?
There are 4 basic elements:
1. A false representation of a material nature.
2. Knowledge that the representation is false
3. Reliance – the person receiving the represenation reasonably relied on it.
4. Damages – financial, resulting from above .
(source: A Guide to Forensic Investigation – Golden,Skalak and Clayton)
21/06/2007
FRAUD AN OVERVIEW
Why Fraud is commited:
“Trusted persons become trust violators when they conceive of themselves as having a financial problem which is nonsharable, are aware that this problem can be secretely resolved by violation of the position of financial trust and are able to apply their own conduct in that situation,…”(Cressey)
21/06/2007
FRAUD AN OVERVIEW
Nonshareable Problems: Inability to meet debt obligations Bad judgement resulting in losses Status Ambitions – cont’d associations Relations with Employer – working conditions
etc. Drug abuse
21/06/2007
CATEGORIES OF OCCUPATIONAL FRAUD AND ABUSE
Asset misappropriation
Fraudulent statements
Corruption
21/06/2007
ASSET MISAPPROPRIATION
According to ACFE in its 2006 report to the Nation :
Asset Misappropriation- Any scheme that involves the theft or misuse of an organizations assets. e.g. payroll fraud
21/06/2007
ASSET MISAPPROPRIATION
Most common form of fraud
Target – cash, cheques, money orders (87% of reported cases in 2006)
Non cash – 23% of reported cases in 2006
21/06/2007
ASSET MISAPPROPRIATION
CASH Larcency – cash stolen after recorded Skimming – cash stolen before recorded Fraudulent disbursements – non bona fide
payments
Other Assets Misuse Larcency – outright stealing e.g theft of
inventory
21/06/2007
FRAUDULENT FINANCIAL STATEMENTS
What happened at Enron?
Creation of SPE’s to hide losses
Questionable accounting treatments
21/06/2007
FRAUDULENT STATEMENTS
Manipulation of financial statements : Overstatement of revenues
Understatement of expenses/ liabilities
Timing differences
Asset valuations
Non disclosure of material transactions
21/06/2007
FRAUDULENT STATEMENTS
DETECTION:
Disgruntled EmployeeEmployee Hot LineInternal AuditExternal Audit
21/06/2007
FRAUDULENT STATEMENTS
PREVENTION
Apply the Fraud Triangle:
Reduce Pressures - How?Reduce Opportunities – How?Reduce rationalisation - How?
21/06/2007
FRAUDULENT STATEMENTS
REDUCE PRESSURES
Tone at the top organisationSet realistic targetsPay system - fair – Performance SystemsReduce pressure from stock brokers
21/06/2007
FRAUDULENT STATEMENTS
REDUCE OPPORTUNITIES Background checks for prospective employees KYE Proper system Internal Controls
Segregation of incompatible duties Physical security for assets Procedures manual – clear Accounting policies and procedures clear Monitoring Controls – internal audit Protect whistleblowers
Job rotation – vacation policy
21/06/2007
FRAUDULENT STATEMENTS
REDUCE RATIONALIZATION Code of Conduct clearly communicated Communication of Values – Zero tolerance Clear communication regarding non
compliance with accounting polices/procedures
Promote Integrity throughout the organisation Training
21/06/2007
FRAUDULENT STATEMENTS
DETECTION
Financial Statement Analysis Ratio Analysis Trend Analysis Horizontal Analysis – yr to yr Vertical Analysis – analyzing relationships
Surprise Audits
21/06/2007
FRAUDULENT STATEMENTS
RED FLAGS Weak internal control environment Unsupported adjusting journal entries – near
end of financial period Missing support for disbursements/purchases Forgery of supporting documentation No background checks performed for
employees Bonuses tied to profitability
21/06/2007
CORRUPTION
Corruption – “Any scheme in which a person uses his or her influence in a business transaction to obtain an unauthorised benefit contrary to that person’s duty to his employer” (source: ACFE 2006 Report to the Nation)
21/06/2007
CORRUPTION
Conflicts of interest: Employee or executive has not disclosed an
interest in a transaction that negatively impacts on the entity.
e.g. Employee A, the purchasing manager of Company B enters into a contract with Company C, however Company C is owned by Employee A. The costs incurred are 10 per cent above market rates.
21/06/2007
CORRUPTION
BRIBERY Usually takes the form of a gift/kickback which
is geared at influencing a party – the employer has not consented. Includes Offers.
e.g. Employee A disloses to Company B that the terms of a contract out for tender will change. Company B submits a low bid, gets the contract. Variation orders submitted eventually increase the cost of the contract. Company B pays $5,000 to employee A’s Offshore Bank account for awarding the contract.
21/06/2007
CORRUPTION
ILLEGAL GRATUTIES The giving of a gift as a result of securing a
favourable business decision – the principal has no knowledge.
Company A offers an all expenses paid vacation to Loan Officer B of Int’L Bank C. Company A is a delinquent debtor of the Bank.
21/06/2007
CORRUPTION
EXTORTION “The coercion of another to enter into a
transaction or deliver property based on wrongfuluse of actual or threatened force, fear or economic duress” – (source: ACFE)
Company A, a large company is the major purchaser of furniture manufactured by B, a sole proprietor. Purchasing manager Peter indicates that quality is poor and the company will discontinue purchases unless B hires a Quality consultant – who happens to be Peter’s Mistress.
21/06/2007
CORRUPTION
DETECTION: - BRIBERY General purchasing Prebid solicitation Bid Solicitation Bid or Contract Acceptance Behaviour profile of recipient
( source: Corporate Fraud Handbook – J.T. Wells -299)
21/06/2007
CORRUPTION
PREVENTION - BRIBERY
Bribery prevention policy Gift Acceptance Policy Entertainment Policy
(Source: Corporate Fraud Handbook – J.T.Wells 302)
21/06/2007
CORRUPTION
DETECTON - CONFLICT OF INTEREST Tips and complaints Comparison of Vendor addresses with
employee addresses Vendor ownership review Interview Purchasing Staff
21/06/2007
CORRUPTION
PREVENTION – Conflicts of interests Annual disclosures Independence Statements Vendor “Right to Audit Clauses” Code of Ethics – clearly communicated
21/06/2007
FRAUD RED FLAGS – FRAUD AGAINST ORGANISATION
Major Signs: Inconsistencies in financial reports Lifestyles that are not in keeping with income
levels Unwarranted organisational structure – e.g.
outsourcing arrangements Unusually large dollar value of transactions Significant amount of large cash transactions Discontinued control structure – expanded
span of control – reduced chain of command
21/06/2007
FRAUD AGAINST THE ORGANISATION – RED FLAGS
KPMG Personal financial pressure Vices such as drug abuse Grievances against the company Internal budgetary pressures Short vacations Extravagent life styles
21/06/2007
FRAUD RED FLAGS- FRAUDULENT STATEMENTS
RED FLAGS Weak internal control environment Unsupported adjusting journal entries – near
end of financial period Missing support for disbursements/purchases Forgery of supporting documentation No background checks performed for
employees Bonuses tied to profitability
21/06/2007
Detecting Occupational FraudDetecting Occupational Fraud
20% increase in detection by Internal Control 27% increase in detection by Internal Audit
20% increase in detection by Internal Control 27% increase in detection by Internal Audit
Data obtained from Association of Certified Fraud Examiners 2004 Report to the Nation
21/06/2007
Detecting Fraud in Small Business
Detecting Fraud in Small Business
Data obtained from Association of Certified Fraud Examiners 2004 Report to the Nation
Detection of Fraud by Small Business 28% fewer frauds detected by Internal Audit 24% fewer frauds detected by Internal Controls
Detection of Fraud by Small Business 28% fewer frauds detected by Internal Audit 24% fewer frauds detected by Internal Controls
1
2
21/06/2007
CODE OF BUSINESS ETHICS & CONDUCT
Covers:Compliance with Laws and RegulationsConflict of Interest Gifts and EntertainmentTreatment of Confidential Information Employee ConductReporting ViolationsDisciplineCompliance Letter
21/06/2007
FRAUD POLICY
COVERS:Scope – any irregularity Responsibility – Mgmt Actions Constituting FraudInvestigation ResponsibilitiesConfidentiality of Info Received
21/06/2007
FRAUD POLICY
Cont’d
Authorization for Investigating Suspected Fraud
Reporting ProceduresTermination ProceduresAdministration of Policy
21/06/2007
COMPLIANCE PROGRAMS
Covers:Scope and ImplementationStandards of ConductRole of Compliance CoordinatorCommunications of Standards and
Procedures to EmployeesMonitoring, Auditing and ReportingRole of the Board
21/06/2007
FRAUD PREVENTION CHECK UP
What is the Check up about? Uses a questionnaire to identify gaps in
an entity’s fraud prevention processes – indicated by low scores.
There is no passing grade other than 100 per cent
21/06/2007
ACFE FRAUD PREVENTION CHECK UP
WHAT DOES IT COVER? Fraud Risk Oversight Fraud Risk Ownership Fraud Risk assessment Fraud Risk Tolerance and risk management
policy Process Anti-fraud controls Environment level anti fraud controls Proactive Fraud detection processes
21/06/2007
ACFE FRAUD PREVENTION CHECK UP
WHO SHOULD COMPLETE THE QUESTIONNAIRE?
Collaboration between A Fraud Specialist e.g. CFE, and those within the organisation with extensive knowledge about its operations
top related