“jamaica’s premier leadership and hr conference” theme
TRANSCRIPT
1
PRESENTS :Conference35
“Jamaica’s Premier Leadership and HR Conference”
Theme: “Transforming Organizations …Executing Creative People
Strategy”
“SenSitizing the OrganizatiOn againSt Fraud
PRESENTER : Friday, November 20, 2015
COLLIN A. A. GREENLAND, (11:30 a.m. - 12:25pm)
Forensic Accountant,
MBA, FJIM, CFE, CFSA, CFC.
To Introduce and Explain To Attendees to the Need for Fraud Sensitization.
To Introduce and Sensitize Attendees to the Legal Definition of Fraud, its
Nature, and Elements.
To Introduce and Sensitize Attendees to Management, External / Internal
Auditors’ Rsponsibilities.
To Introduce and Sensitize Attendees to Fraud Awareness, Fraud
Deterrence, Fraud Prevention and Fraud Detection.
To Expose and Sensitize Attendees to Fraud Myths That Hurt Companies.
2
3
the Need for Fraud Sensitization
The consensus amongst both researchers and practitioners today, is
that whilst board members, management and other stakeholders
continue to expect assurances that an organization is adhering to
industry best practices regarding governance and internal controls,
and that the organization is on sound financial footing, increasingly in
light of recent financial scandals, increasingly new and more stringent
legal requirements, and the increasing complexity of financial reporting
places higher demands on not just managers, but all stakeholders’
awareness for risk management is growing.
4
the Need for Fraud Sensitization (contd.)
For example, In 2012, both the Journal of Accountancy and CGMA
Magazine, accountants in the wake of financial crisises, both predicted
a strong demand strong for more experts in anti-fraud knowledge, such
as forensic accountants, and stated that Forensic accounting revenue
in the United States was expected to grow 6.8% annually over the next
five years.
5
the Need for Fraud Sensitization (contd.)
Deloitte Touche also, in their 2012 survey reported that since their last
Internal Audit Fraud Survey in 2010, the mandate and role of managers
and indeed, Internal Audit functions, have continued to evolve, in
respect of both fraud risk management and investigation responsibility.
Management are still dependent on Internal Audit to provide them with
assurance over the anti-fraud controls in place across their
businesses, together with the ability to detect and investigate fraud,
should it occur.
6
the Need for Fraud Sensitization (contd.)
Also, in 2014, IBISWorld confirmed that over the previous five years,demand for forensic accounting services surged as financialregulation increased and the number of bankruptcies and corporaterestructures caused influenced by massive frauds, rose sharp
Businesses have turned to anti-fraud experts for aid in assessingand correcting the damage inflicted by irregularities as well as forassistance with litigation. Though internal competition andcompetition from other industries, in-house anti-fraudmethodologies, such as forensic accounting services wereforecasted to rise over the next five years.
7
the Need for Fraud Sensitization (contd.)
Accordingly, the Deloitte report pointed out that a robust anti-fraudculture is being promoted by senior management with 98% ofrespondents stating senior management endorse and offer some, orextensive encouragement of a strong approach to fraud riskmanagement.
The Deloitte report also predicted that over the next 12 months, thethree key areas of focus in Internal Audit were to be firstly the inclusion(or continued inclusion) of fraud in the scope of reviews undertaken(53%), secondly the increased coverage of fraud risk in the audit plan(40%), and thirdly performing fraud risk assessments (36%). Also, 28%of respondents anticipate the implementation of fraud data miningtools, critical in fighting fraud.
8
WHAT IS FRAUD ?
The Difficulties in Defining Fraud
Fraud is probably one of the most used technical term that is not characterized
by an internationally agreed definition, though essential aspects has emerged
that must be present in any appropriate definition.
The multiplicity of definitions that permeate different jurisdictions, industries,
professions, and disciplines, usually define the phenomenon contextually (eg.
Health Fraud, Computer Fraud, Marketing Fraud, etc.) and it is difficult in most
countries to find a legal definition exhibiting the all embracing, comprehensive
nature of fraud.
•
9
WHAT IS FRAUD (Contd.) ?
The following examines some of the more adroit definitions posited by experts,
associations and institutions involved in anti-fraud writings and efforts.
Lawrence Sawyer, (1911-2002) for example, was a highly acclaimed author,
educator, and leader of the internal auditing profession and a lifelong advocate of
The Institute of Internal Auditing (IIA). Known as the “father of internal auditing,” he
defined fraud briefly as:
“a false representation or concealment of a material fact to induce someone to part
with something of value.”
By his own admission however, Sawyer acknowledges the inadequacy of this
definition since it does not include employee peculations, extortion, or the
conversion of one’s own use of assets already in the custody of the wrongdoer.
10
WHAT IS FRAUD (Contd.) ?
The Institute of Internal Auditors more appropriately defines fraud in the glossaryof its Professional Practices Framework as:
“Any illegal acts characterized by deceit, concealment, or violation of trust. Theseacts are not dependent upon the application of threat of violence or of physicalforce. Frauds are perpetrated by parties or organizations to obtain money,property, or services; to avoid payment or loss of services; or to secure personalor business advantage”
WHAT IS FRAUD ? (contd.)
The Association of Certified Fraud Examiners
(ACFE) acknowledges that in the broadest sense,
fraud can encompass any crime for gain that uses
deception as its principal modus operandus, and can
be committed either internally by employees, managers, officers, or owners
of the company, or externally by customers, vendors, and other parties.
Other schemes defraud individuals, rather than organizations.
Internal Fraud
Internal fraud, also called occupational fraud, is defined by the ACFE as:
“the use of one’s occupation for personal enrichment through
the deliberate misuse or misapplication of the organization’s
resources or assets.”
Simply stated, this type of fraud occurs when an employee, manager, or
executive commits fraud against his or her employer.
WHAT IS FRAUD ? (contd.)
Black’s Laws Dictionary tends to give different
definitions based in their various editions with the
5th edition (1979) stated as follows:
“all multifarious means by which human ingenuity
can devise and, which are resorted to by one
individual to get an advantage over another by
false suggestions or suppression of the truth.
It includes all surprise, trick, cunning or
dissembling, and any unfair way by which
another is cheated.
12
WHAT IS FRAUD ? (contd.)
However, the 6th edition (1990) defined it more expansively as :
“An intentional perversion of the truth for the purpose of
inducing another in reliance upon it to part with some valuable
thing or to surrender a legal right; a false representation of a
matter of fact, whether by words or conduct, by false or
misLeading allegations, or by concealment of that which should
have been disclosed, which deceives and is intended to deceive
another so that he shall act upon it to his legal inquiry; anything
calculated to deceive, whether by a single act or combination, or
by suppression of truth, or suggestion of what is false, whether it
be by direct falsehood or innuendo, by speech or silence,
word of mouth, or look or gesture; fraud comprises all
acts, omissions, and concealments involving a branch of legal
or equitable duty and resulting in damage to another.
13
14
THE NATURE OF FRAUD
In the broadest sense, fraud can encompass any crime for gain which uses
deception as its principle modus operandi. There are three ways to illegally
relieve a victim of his money:
* Force,
* Trickery
* Larceny.
Those offenses which employ trickery are usually frauds. Wrong doing by
deceit however, goes by many names. It has been called fraud, white
collar fraud, white collar crime, and embezzlement, or many other things
such as the 100 shown below. None of these embraces the full spectrum of
deceptive and illegal practices in the market place and government.
LEXICON OF FRAUD SYNONYMS
1. Appropriate 31. Fictitious 61. Misappropriate 91. Spoofing
2. Baffle 32. Filch 62. Mislead 92. Spurious
3. Bamboozle 33. Finagle 63. Misrepresent 93. Stash
4. Bent 34. Flaw 64. Mystify 94. Stupefy
5. Bilk 35. Fleece 65. Obscure 95. Suppress
6. Bogus 36. Flit 66. Peculate 96. Swindle
7. Bribery 37. Fudge 67. Perfidious 97. Swipe
8. Cheat 38. Feign 68. Perjure 98. Slink
9. Concocted 39. Guile 69. Pharming 99. Swipe
10. Corrupt 40. Hacking 70. Phishing 100. Welsh
11. Counterfeit 41. Heist 71. Phony
12. Crafty 42. Hoax 72. Pilfer
13. Creep 43. Hocus 73. Pinch
14. Crooked 44. Hoodwink 74. Plagiarize
15. Defalcation 45. Heist 75. Poach
16. Defraud 46. Hoax 76. Prevaricate
17. Deprive 47. Hocus 77. Pseudo
18. Diddle 48. Hoodwink 78. Purloin
19. Dishonest 49. Illusory 79. Shady
20. Dissemble 50. Irregularity 80. Pyramid
21. Divert 51. Kickback 81. Quack
22. Dupe 52. Kiting 82. Rigging
23. Duplicitous 53. Lapping 83. Shoplift
24. Ersatz 54. Larceny 84. Screw
25. Extort 55. Malfeasance 85. Shady
26. Fabricate 56. Manipulation 86. Sham
27. Fake 57. Mask 87. Shoplift
28. Fallacious 58. Malfeasance 88. Shroud
29. Falsify 59. Manipulation 89. Skimming
30. Fib 60. Mendacious 90. Snaffle
15
THE NATURE OF FRAUD (contd.)
Since deception is the linchpin of fraud, we will utilise
Webster’s Synonyms to examine the nature of fraud:
“Deceive” implies imposing a false idea or belief that causes ignorance,
bewilderment or helplessness;
“Mislead’ implies a leading astray that may or may not be intentional;
“Delude” implies deceiving so thoroughly as to obscure the truth;
“Beguile’ stress the use of charm and persuasion in deceiving.
Notwithstanding the legal distinctions to follow, this presentation will use the
term FRAUD in its broadest commonly accepted usage. It will include
manipulations, malfeasance, peculations, withholdings, defalcations, thefts,
embezzlements and any other misdeeds by an individual that might cause
financial loss to an organization. 16
17
ELEMENTS OF FRAUD
• It is important to note that not all deceptions are frauds. Legally, fraud is defined as containing SEVEN important, necessary and distinct elements. If any one of the seven is lacking, then no fraud has been perpetrated. The elements are the following:
1. There must be a MISREPRESENTATION.
2. Of a PAST or PRESENT.
3. MATERIAL FACT.
4. Made KNOWINGLY or RECKLESSLY.
5. With the INTENT of inducing a party to act.
6. the injured party must have ACTED on the MISREPRESENTATION.
7. To his/her DETRIMENT.
The legal definition is the same whether the offense is criminal or civil; the difference is that criminal cases must meet a higher burden of proof.
18
ELEMENTS OF FRAUD (CONTD.)
• Various criminologists and research from others have produced
various technical components of fraud and fraudsters. One of the
most classical models was developed by Donald R. Cressey and
published in “other people’s money: a Study in the social Psychology
of Embezzlement.”
• Cressy’s final hypothesis is:
“Trusted persons become trust violators when they conceive of
themselves as having a financial problem which is non-sharable, are
aware this problem can be secretly resolved by violation of the
position of financial trust, and are able to apply to their own conduct in
that situation verbalizations which enable them to adjust their
conceptions of themselves as trusted persons with their conceptions
of themselves as users of the entrusted funds or property.”
19
ELEMENTS OF FRAUD (CONTD.)
NB - Some prefer MOTIVE to PRESSURE since some frauds motivated by greed more than situational pressures.
Fraud can take certain other technical forms. It may result from an INTENTIONAL
MISREPRESENTATION – the suggestion that something is true, when it is not, by
someone who knows it is not. It may be NEGLIGENT MISREPRESENTATION – the
assertion as a fact of that which is not true. It includes CONCEALMENT – the
suppression of a fact by one who is bound to disclose it. It also includes FALSE
PROMISES – a promise made with no intention of fulfilling it.
OPPORTUNITY
PRESSURE RATIONALIZATION
THE FRAUD
TRIANGLE
THE EXTENT OF FRAUD
The nature of fraud suggest that any attempt to accurately measure it will
at best, be incomplete. Possibly the best known, most comprehensive and
widely accepted authority on this matter is the “Report To The Nation On
Occupational Fraud and Abuse,” researched, compiled and presented by
the ACFE in 1996, 2002, 2004, 2006, 2008, 2010, 2012 and 2014.
The report is also popularly regarded as the “Wells
Report,” named after its conceptualizer Mr. Joseph T.
Wells, founder and Chairman of the ACFE.
20
THE EXTENT OF FRAUD (CONTD.)
Key Findings and Highlights of the 2014 Report to the Nations include:
The Summary of Findings:
◦Survey participants estimated that the typical organization loses 5% of
revenues each year to fraud. If applied to the 2013 estimated Gross World
Product, this translates to a potential projected global fraud loss of nearly
$3.7 trillion.
◦Occupational frauds can be classified into three primary categories: asset
misappropriations, corruption and financial statement fraud. Of these, asset
misappropriations are the most common, occurring in 85% of the cases in our
study, as well as the least costly, causing a median loss of $130,000. In
contrast, only 9% of cases involved financial statement fraud, but those cases
had the greatest financial impact, with a median loss of $1 million. Corruption
schemes fell in the middle in terms of both frequency (37% of cases) and
median loss ($200,000).
21
22
TYPES OF FRAUD (CONTD.)
23
THE EXTENT OF FRAUD (CONTD.)
• Tips are consistently and by far the most common detection method. Over
40% of all cases were detected by a tip — more than twice the rate of any other
detection method. Employees accounted for nearly half of all tips that led to the
discovery of fraud.
• The banking and financial services, government and public administration,
and manufacturing industries continue to have the greatest number of
cases reported in our research, while the mining, real estate, and oil and gas
industries had the largest reported median losses.
• The presence of anti-fraud controls is associated with reduced fraud losses and
shorter fraud duration. Fraud schemes that occurred at victim organizations that
had implemented any of several common anti-fraud controls were significantly
less costly and were detected much more quickly than frauds at organizations
lacking these controls.
24
THE EXTENT OF FRAUD (CONTD.)
• The higher the perpetrator’s level of authority, the greater fraud losses
tend to be. Owners/executives only accounted for 19% of all cases, but
they caused a median loss of $500,000. Employees, conversely, committed
42% of occupational frauds but only caused a median loss of $75,000.
Managers ranked in the middle, committing 36% of frauds with a median
loss of $130,000.
• Collusion helps employees evade independent checks and other anti-fraud
controls, enabling them to steal larger amounts. The median loss in a
fraud committed by a single person was $80,000, but as the number of
perpetrators increased, losses rose dramatically. In cases with two
perpetrators the median loss was $200,000, for three perpetrators it was
$355,000 and when four or more perpetrators were involved the median
loss exceeded $500,000.
25
THE EXTENT OF FRAUD (CONTD.)
• Approximately 77% of the frauds in our study were committed by
individuals working in one of seven departments: accounting, operations,
sales, executive/upper management, customer service, purchasing and
finance.
• It takes time and effort to recover the money stolen by perpetrators, and
many organizations are never able to fully do so. At the time of our survey,
58% of the victim organizations had not recovered any of their losses due to
fraud, and only 14% had made a full recovery.
26
27
WHO HAS THE
RESPONSIBILITIES FOR
FRAUD?
28
MANAGEMENT RESPONSIBILITIES
Management is responsible for establishing and maintaining effective
systems of internal control to deter, prevent and detect fraud. Accordingly,
the IIA’s Practice Advisory 1210.A2-2, titled “Responsibility for Fraud
Detection,” sates that “management has a responsibility to establish and
maintain an effective control system at a reasonable cost.”
The fair representation of a company’s financial statements, therefore,
and detection of fraudulent financial reporting must start with the entity
that prepares the financial statements.
This becomes confusing because fraudulent
financial reporting usually is instigated and
perpetrated by members of management or
people under the direct control of management.
29
MANAGEMENT RESPONSIBILITIES (CONTD.)
In order to improve the company’s overall financial reporting process and
increase the likelihood of detecting financial statement fraud, management
should implement, or maintain the following practices:
• A management tone evoking fraud deterrence
• Internal audit functions
• An audit committee
• Management and audit committee reports
• The practice of seeking second opinions from
Independent public accountants
• Quarterly reports
30
MANAGEMENT RESPONSIBILITIES (CONTD.)
The Tone at the Top
The tone set by upper management greatly influences the corporate
environment in which the financial reporting process occurs. In order to
successfully established a tone that is committed to detecting fraudulent
financial reporting management must:
* Identify, understand and assess the risk of fraudulent financial reporting
* Design and implement internal controls
* Enforce a written code of corporate conduct
31
AUDIT COMMITTEEs
An audit committee maintains an active role in discussing
controversial accounting issues, disagreements with upper
management, deficiencies in the company’s internal control structure,
and problems encountered during the audit. An audit committee that
is actively involved in keeping the communication lines open with the
internal and external auditors and addressing the issues in a timely
and just manner is an effective way of reducing the opportunity for
fraudulent financial reporting.
32
AUDIT CMMTTS. (CONTD.)
The audit committee SHOULD :
• Be informed, vigilant and effective overseers of the financial reporting process and the company’s internal controls.
• Have adequate resources and authority to discharge their responsibilities.
• Review management’s evaluation of factors related to the independence of the company’s public accountant.
• Review management’s plan for engaging the company’s independent public accountant to perform management advisory services during the coming years, considering both the types of services that may be rendered and the projected fees
33
FRAUD RESPONSIBILITIES FOR EXTERNAL AUDITORS
EXTERNAL AUDITORS ARE RESPONSIBLE FOR THE FOLLOWING:
• Understanding the characteristics causes
and signs of fraud.
• Assessing the risk of a material financial
statement misstatement due to fraud.
• Planning and performing the audit to obtain
reasonable assurance about whether the
financial statement, whether cause by error
or fraud.
• Exercising due care in planning, performing,
evaluating and documenting the result of
audit procedures and instance of fraud.
34
EXTERNAL AUDITORS FRAUD RESPONSIBILITIES (CONTD.)
EXTERNAL AUDITORS RESPONSIBILITIES (contd.)
• Processing the proper degree of professional skepticism, assuming neither dishonesty nor unquestioned honesty of management.
• Determine whether significant accounting policies are acceptable given the nature of the account or transaction.
• Auditing large, unusual, or complex transaction.
Evaluating the quantitative and qualitative significance of difference between the accounting records and the underlying facts.
Reporting all instance of fraud to the appropriate level of management ,e.g. at least one level above the personnel involved.
35
INTERNAL AUDITORS FRAUD RESPONSIBILITIES
Proficiency – Internal Auditors should possess the
knowledge, skills and competencies needed to perform
their individual responsibilities. The internal auditing
activity should possess or obtain the knowledge, skills
and competences needed to perform its responsibilities
36
IAs FRAUD RESPONSIBILITIES (CONTD.)
The internal auditor should have sufficient knowledge to identify
indicators that fraud may have been committed. This require that
the internal auditor knows the characteristics of fraud, the
techniques used to commit fraud, and the types of frauds
associated with the activities audited.
The internal auditor is not expected to have the expertise of a
person whose primary responsibility is detecting and
investigating fraud.
37
INSTITUTE OF INTERNAL AUDITOR’S
PRACTICE ADVISORY 1210.A2-1
• IDENTIFICATION OF FRAUD
1. Fraud encompasses an array of irregularities and illegal acts characterized by international deception. It can be perpetrated for the benefit of or to the detriment of the organization and by persons outside as well as inside the organization.
2. Fraud designed to benefit the organization generally produces such benefit by exploiting an unfair or dishonest advantage that also may deceive an outside party.
38
INSTITUTE OF INTERNAL AUDITOR’S
PRACTICE ADVISORY 1210.A2-2
• RESPONSIBILITY FOR FRAUD DETECTION1. Management and the internal audit activity have differing roles with
respect to fraud detection. The normal course of work for the internal audit activity provide an independent appraisal, examination, and evaluation of an organization’s activities as a service to the organization.
The objective of internal auditing in fraud detection is to assist members of the organization in the effective discharge of their responsibilities by furnishing with analyses, appraisals, counsel, recommendations, and information concerning the activities reviewed. The engagement objective includes promoting effective control at a reasonable cost.
39
INSTITUTE OF INTERNAL AUDITOR’S
PRACTICE ADVISORY 1210.A2-2 (contd.)
2. Management has the responsibility to establish and maintain
an effective control system at a reasonable cost. To the degree
that fraud may be present in activities covered in the normal
course of work as defined above, internal auditors have a
responsibility to exercise “due professional care”.
3. A well designed internal control system should not be
conducive to fraud. Tests conducted by auditors, along with
reasonable controls established by management, improve the
likelihood that any existing fraud indicators will be
detected and considered for further investigation.
40
INSTITUTE OF INTERNAL AUDITOR’S
DUE PROFESSIONAL CARE -1220
Internal auditors should apply the care and skill expected of a reasonably
prudent and competent internal auditor. Due professional care does not
imply infallibility or extraordinary performance.
DUE PROFESSIONAL CARE 1220. A1 :
The internal auditor should exercise due professional care by considering the:
• Extent of work needed to achieve the engagement’s objectives;
• Relative complexity, materiality or significance of matters to which assurance procedures are applied.
• Cost assurance in relation to potential benefits.
• Adequacy and effectiveness of risk management, control, and
governance processes.
• Likelihood of material irregularities or noncompliance.
41
DUE PROFESSIONAL CARE 1220.A3
• The internal auditor should be alert to the significant risks
that might affect objectives, operations, or resources.
However assurance procedures alone, even when
performed with due professional care, do not guarantee that
all significant risks will be identified.
• If controls do not mitigate these risks and exposures, the
auditor should investigate further for the existence of fraud.
If sufficient indicators of fraud are detected, internal auditors
should recommend an investigation to the appropriate
individual.
SOURCE :
INTERNAL
AUDITORS:
• Keep an eye on the corporate climate.
• Serve as a safety net
for an organization.
• Find out what’s working
and what’s not.
• Tell it like it is.
• Assess risks.
• Uncover corporate
misbehavior.
•
INTERNAL
AUDITORS ALSO:
• Look at things with
fresh eyes.
• Raise red flags.
• And . . .
• Advocate a
culture within
organizations
to do the
right thing.
FRAUD DETERRENCE
FRAUD AWARENESS
This involves familiarity with many elements: the human element,
organizational behavior, knowledge of common fraud schemes, evidence
and its sources, standards of proof, and sensitivity to red flags. Lawrence
sawyer quite correctly states that “employee and management fraud is a
noxious weed which flourishes best in a permissive climate where the
seeds of fraud are helped, even invited, to blossom and mature.”
Too often, members of senior management cannot bring themselves to
believe that any of their people could conceivably commit dishonest acts.
When evidence of dishonesty is brought before them, they must refuse
to believe it – they refuse to think ill of some favored employee.
Management’s negligence or refusal to be realistic can generate a
climate for fraud to germinate.44
FRAUD AWARENESS (contd.)
The environment within an enterprise is generally developed and
maintained by senior management and the board of directors. To deter
fraud, the environment should be a rigorous one. Management should set
forth clearly in written policies its commitment fair dealing, its position on
conflict of interest, its requirement that only honest employees be hired, its
insistence on strong internal controls that are well policed, and its resolve to
prosecute the guilty.
CREATING AN ENVIRONMENT FOR COMMON MYTHS
DEALING WITH FRAUD
• MANAGEMENT PERSPECTIVE BAD PUBLICITY!
• FRAUD POLICY INVESTIGATION IS
• ESTABLISHING THE ENVIRONMENT COSTLY & DISRUPTIVE!
WE MIGHT GET SUED!45
FRAUD DETERRENCE (contd.)
FRAUD DETERRENCE (contd.)
FRAUD AWARENESS (contd.)
HOW TO ENCOURAGE FRAUD :
• Practice autocratic management
• Manage by powers with little trust in people
• Manage crises
• Centralize authority in top management
• Measure performance on a short-term basis
• Make profits the only criterion for success
• Make rewards punitive, string and political
• Give feedback that is always critical and negative
• Create a highly hostile, competitive workplace
Source: adapted from G.J. Bologna & R.J. Lindquist, Fraud auditing & Forensic Accounting (New York: John Wiley & sons, 1987), pp.47-49
46
FRAUD DETERRENCE (contd.)
Deterrence of fraud consists of those actions taken to discourage the
perpetration of fraud and limit the exposure if fraud does occur. The
principal mechanism for deterring fraud is control. Primary
responsibility for establishing and maintaining control rests with
management.
47
48
FRAUD DETERRENCE (contd.)
CREATING AN ENVIRONMENT FOR DEALING WITH FRAUD
An excellently structured source document from which individual
organizations can tailor their own Deterrence (and is some cases
Prevention) Policies that create the appropriate antifraud tone and / or
environment, is:
The 10 Step Antifraud Action Plan, published by the Institute of Internal
Auditors Inc., (IIA’s FSA Times, 1s Quarter 2005), which summarized
PricewaterhouseCoopers (PWC) White Paper titled,
“ The Emerging Role of Internal Audit in Mitigating Fraud and
Reputation Risks.”
FRAUD DETERRENCE (contd.)A 10-STEP ANTIFRAUD PLAN (Summary)
Given today’s environment, prudent internal
audit groups (indeed all concerned), will seek
to capitalize on antifraud-related opportunities
and minimize downside risks. To achieve such
a best-of-both-worlds positioning, internal
auditors need to develop a strategic plan to address their role in the
organization’s antifraud effort. In developing an antifraud action plan, the
following steps should be addressed:
1. Anticipate Questions and Manage Expectations.
E.g. - What are the company’s fraud and reputation risks? What
programs and controls have been implemented to mitigate these risks?
What is internal auditing doing to prevent and detect issues before
they emerge into a corporate scandal,? Etc.
49
FRAUD DETERRENCE (contd.)
10-STEP ANTIFRAUD PLAN (contd.)
2. Asses Existing Antifraud Programs and Controls.
Once the fraud and reputation risk assessment has
taken place, the organization will need to identify,
evaluate, and test the design and operating
effectiveness of its antifraud control activities. Fraud
monitoring should become an integral part of day-to-day operating
activities and should be included in planning and executing the annual
internal audit cycle.
3. Secure Management and Audit Committee Sponsorship.
Senior management and the Audit Committee should be persuaded to
take ownership of the antifraud With strong backing from the board and
management, internal auditing is better able to unearth critical
information about the organization’s fraud risks. 50
FRAUD DETERRENCE (contd.)
10-STEP ANTIFRAUD PLAN (contd.)
4. Assemble Fraud Expertise Within Internal Auditing.
An evaluation of the adequacy of the internal auditing’s fraud –related
activities should consider the depth of fraud expertise within, or
available to, the department. Internal auditing must have a solid
understanding of measures intended to prevent and detect fraud and
be able to evaluate and test antifraud control effectiveness, as well as
be knowledgeable about fraud auditing and forensic investigation
techniques.
5. Organize a Fraud and Reputation Risk Assessment.
An effective risk assessment will help to identify previously unidentified
risks and strengthen the ability of the organization to prevent and
detect fraud and misconduct before they reach scandalous
proportions. Furthermore, fraud and reputation-risks assessment can
identify cost saving opportunities far in excess of direct assessment
costs. 51
FRAUD DETERRENCE (contd.)
6. 1 10-STEP ANTIFRAUD PLAN (contd.)
6. Link Antifraud Control Activities.
Proper assessments of fraud and reputation risk require the auditor to
consider how the organization’s control might be circumvented or
overridden by the management and others, as well as to identify fraud
risks that cannot be tied to effectively designed and operating controls.
7. Evaluate and Test the Design and Operating Effectiveness of
Controls.
Although the process for evaluating antifraud controls is similar to that
for testing other control activities, it differs in one important manner; in
evaluating antifraud controls, internal auditors need to address the
possibility that management might seek to circumvent or override
controls intended to prevent or detect fraud.52
FRAUD DETERRENCE (contd.)10-STEP ANTIFRAUD PLAN (contd.)
8. Refine the Audit Plan to Address Residual Risk and Incorporate
Fraud Auditing.
Fraud auditing, as opposed to fraud investigation, is fairly new field,
largely being defined in response to toady’s environment. Fraud
auditing focuses on the risk of fraud, the probability of the occurrence of
fraud, and the significance of a fraud event or series of events, while
combining aspects of forensic investigation and standard audit
techniques. It generally requires knowledge of how frauds occur in
various industries and a firm grounding in the indicators of fraud
schemes that appear during an audit.
By contrast, fraud investigation – or forensic accounting – is an enquiry
into specific allegations or suspicions of fraud, focusing on determining
the nature, extent, cause and resolution of identified or suspected
fraudulent events.
53
FRAUD DETERRENCE (contd.)
10-STEP ANTIFRAUD PLAN (contd.)
9. Establish a standard process for responding to fraud allegations
or suspicions.
Organizations should not wait until fraud is detected to develop an
investigative process.
10. Remediate and prevent recurrence.
Whereas the investigation determines what happened, the remediation
process generally involves taking disciplinary and legal action against
wrongdoers, recovering losses and damages, and learning from the
incident to improve controls and recurrence.
54
55
FRAUD DETERRENCE (contd.)THE PSYCHOLOGY AND CHARACTERISTICS OF FRAUDSTERS
Criminologists such as Edwin Sutherland, Donald Cressey and John Clarke have all
postulated hypotheses purporting to explain, categorize or describe the psychology
and aspects that typify fraudsters. These various models featured aspects such as
• Genetical bases,
• Differential association,
• Fraud triangle,
• Sociological factors,
• Motivators,
• Beating the system,
• The Fraud Scale, and
• Work Place Conditions.
56
FRAUD DETERRENCE (contd.)THE PSYCHOLOGY AND CHARACTERISTICS OF
FRAUDSTERS (Contd.)
Dr. W. Steve Albrecht, a very prolific researcher, writer and speaker on white-collar
crime and business fraud, conducted extensive work in the in the 1980s which
expanded on and reconfirmed much of Donald Cressey’s study (Fraud Triangle)
and focused on the motivations of the perpetrators of occupational fraud and abuse.
He postulated that the mind of a perpetrator contained Nine Motivators,
summarized as follows :
• Living beyond their means
• An overwhelming desire for personal gain
• High personal debt
• A close association with customers
• Feeling pay was not commensurate with responsibility
• A wheeler- dealer attitude
• Strong challenge to beat the system
• Excessive gambling habits W. Steve Albrecht,
• Undue family or peer pressure Ph.D., CFE, CPA, CIA
FRAUD DETERRENCE (contd.)EMOTIONAL RESPONSES TO FRAUD
DO YOU NEED A POLICY FOR HANDLING SUSPECTED
WRONGDOING?
The answer is yes:
• Suspected fraud is unpleasant to
most managers.
• Cases can be complicated
and emotion laden.
• There is always the risk of mishandling a case and exposing the
organization to costly litigation.
• Handling of suspected wrongdoing merits a planned approached
developed with the benefit of input from top management and legal
counsel. 57
WHY DO YOU NEED A POLICY FOR HANDLING SUSPECTED WRONGDOING?
58
DENIAL DISMAY ANGER EMPATHYYOU MAY HEAR:
Loyal trusted
employee.
How dare you!
Do you know who
you are accusing?
Must be a mistake!
I can’t believe it! Let’s get him!
Sue them!
Call the police!
Fire them!
Make them pay!
Value to the
organization.
Forgive and forget
Error in judgment
I know her!
What will happen if
we do this?
DANGERS :
Investigation is
Stopped
Cover up
Sets a tone of
Permissiveness
None Civil Litigation by
litigation.
Extortion.
Wrongful
Termination
Defamation.
Termination or bond
Discrimination.
Sets tone for
permissiveness.
59
FRAUD DETERRENCE (contd.)WHY DO YOU NEED A POLICY FOR HANDLING SUSPECTED
WRONGDOING? (contd.):
The approach should be developed before
management is confronted with an
embezzlement by good old “Auntie” Margaret,
leader of the company choirs, banker of the
long standing company “partner,” a mother to
many, and who has been with us for 28 years.
Policy should be established in calm, not crisis.
By having an established policy an
organization is able to institutionalize the
approach and reduce role of personalities
in decisions regarding each case.
60
A POLICY FOR HANDLING SUSPECTED
WRONGDOING? (contd.)
REASONS FOR HAVING A POLICY INCLUDE:
• Raising awareness of management and others.
• Establish responsibility for detection and investigation.
• Reduce the impact of emotions.
• Reduce the opportunity for
discrimination.
• Reduce the opportunity for successful
litigation by suspects.
61
POLICY FOR HANDLING SUSPECTED
WRONGDOING? (contd.)
ITEMS WHICH MIGHT BE INCLUDED IN A POLICY
Management is responsible for being aware of exposures and
symptoms of exposures in their areas, and for detecting suspected
wrongdoing. Definitions of responsibilities must be clearly stated for
the following:
• Conducting investigations
• Initial notification
• Filing bonding claims
• Referring cases to law enforcement
• Notifying bonding company
62
POLICY (contd.)
Guidelines for case handling so as to avoid charges of malicious
prosecution, slander, libel and false imprisonment should be included.
Concerned managers represent one of the greatest threats to successful
handling of cases. The individual with infrequent exposure to fraud cases
is much more likely to compromise an investigation than the seasoned
investigator or auditor. For example, the policy should include specific
instructions to managers not to contact suspects or discuss the case.
63
POLICY (contd.)
There are many topics which can be included in your written policy. Yet
most organizations have no written policy, or have a policy which is limited
to “call internal audit”, or “call security”. The following topics for example,
should be adequately covered for a policy to be effective:
• Management is responsible for knowing what can go wrong in their areas and for recognizing symptoms of wrongdoing
PURPOSE: To raise management awareness and to reduce opportunity for blame by encouraging accountability
• Initial notification of internal audit should be made immediately upon
discovery. Management should not confront the suspect or investigate
in an angry manner.
PURPOSE: To reduce opportunity for compromising the investigation
by alerting suspect or mishandling the matter. The greatest threat to a
successful investigation environment is overly enthusiastic (and
sometimes angry) management.
64
POLICY (contd)
Topics to be covered in an effective policy (contd.) :
• Responsibility for investigations should be assigned
PURPOSE: To reduce confusion, to assure that investigations are
conducted by those properly trained to do so and to prevent others from
compromising the investigation.
* The policy should include guidelines for case handling so as to reduce
opportunity for successful litigation for malicious prosecution,
defamation, false imprisonment or confinement.
65
POLICY (CONTD.)
Topics to be covered in an effective policy (contd.) :
• The policy should include a statement regarding
termination or suspension of dishonest employees.
PURPOSE: To reduce the opportunity for
uncollectible losses resulting from invading the bond by retaining
dishonest employees.
* SUBJECT: Suspected defalcation, misappropriation and similar
irregularities.
PURPOSE: The purpose of the procedure is to communicate company
policy regarding investigation of suspected defalcation, misappropriation
and similar irregularities. The procedure also provides specific
instructions for operating management regarding appropriate action in
case of suspected improprieties of this type.
66
POLICY (contd)
APPLICABILITY: This procedure applies to the company and all
subsidiaries and affiliates. It is intended that managers be aware of this
procedure since good business practice dictates that every suspected
defalcation, misappropriation or irregularity be promptly identified and
investigated.
DEFINITIONS: The term defalcations, misappropriation and other
irregularities includes:
• Any dishonest or fraudulent act
• Forgery or alteration of policy related items eg. Loans, surrenders and changes in beneficiary.
• Forgery or alteration of cheques drafts, promissory notes and securities.
• Any misappropriation of frauds, securities, supplies or any other asset.
• Any irregularity in the handling or reporting of money transaction
67
POLICY (CONTD.)
RESPONSIBILITIES: Operation management is responsible for detecting
improprieties. Each manager should be familiar with the types of
improprieties that might occur in his area and be alert to any indication that
such a defalcation, misappropriation or irregularity is or was in existence.
As soon as an impropriety is detected or suspected, the internal audit
department should be contacted immediately.
The internal audit department , for example, could be responsible for the
investigations or for the direction of the investigation of any suspected
irregularity and will coordinate investigations with the legal department.
68
SAMPLE FRAUD POLICY
BACKGROUND
The corporate fraud policy is stabled to facilitate the development of
controls, which will aid in the detection and prevention of fraud against
Sample Company Ltd. It is intent of the company to promote consistent
behaviour by providing guidelines and assigning responsibility for the
development of controls and conduct of investigations.
SCOPE OF POLICY
This policy applies to any irregularity, or suspected irregularity involving
employees as well as shareholders, consultant, vendors or outsider
agencies doing business with employees of such agencies or any other
parties with a business relationship with the company. It is to be read in
conjunction with the company’s Grievance Procedure and Disciplinary
Code. Any investigative activity required will be conducted without regard
to the suspected wrongdoer’s length of service, position/title or relationship
to the Company.
69
SAMPLE POLICY (CONTD.)
Management is responsible for the detection and prevention of fraud,
misappropriations, and other irregularities. Fraud is defined as the
intentional, false representation or concealment of a material fact for the
purpose of inducing another to act upon it to his or her injury. Each
member of the management team will be familiar with the types of
improprieties that might occur within his or her area of responsibility.
It is the policy of the Commission that any irregularity that is detected or
suspected must be reported immediately to the Chief Internal Auditor who
coordinates all investigations with the Legal Department and other affected
areas, both internal and external.
SAMPLE POLICY (CONTD.)
ACTION CONSTITUTING FRAUD
The terms defalcation, misappropriation and other irregularities refer to, but
is not limited to:
• Any dishonest or fraudulent act
• Forgery or alteration of any document or account belonging to the commission
• Misappropriation of funds, securities &supplies
• Impropriety in the handling or reporting of money or financial transactions
• Profiteering as a result of insider knowledge of company activities
70
SAMPLE POLICY (CONTD.)
• Decisions to prosecute or refer to the examination results to the
appropriate law enforcement or regulatory agencies for independent
investigation will be made in conjunction with legal counsel and senior
management, as well as final decisions on disposition of the case.
INVESTIGATION RESPONSIBILITIES
The Internal Audit unit has the primary responsibility for the investigation of
all suspected fraudulent acts as defined in the policy. If the investigations
substantiates that fraudulent activities has occurred, the Internal Audit unit
will issue reports to appropriate designated personnel and if appropriate to
the Board of Directors through the Audit Committee.
Decisions to prosecute or refer to the examination results to the
appropriate law enforcement or regulatory agencies for independent
investigation will be made in conjunction with legal counsel and senior
management, as well as final decisions on disposition of the case.71
SAMPLE POLICY (CONTD.)
CONFIDENTIALITY
The Internal Audit Unit treats all information received confidentially. Any
employee who suspects dishonest or fraudulent activity will notify the
Internal Audit Unit immediately, and should not attempt to personally
conduct investigations or interviews/interrogations related to any suspected
fraudulent act.
Investigations results will not be disclosed or discussed with anyone other
than those who have a legitimate need to know. This is important in order
to avoid damaging the reputations of persons suspected but subsequently
found innocent of wrongful conduct and to protect the Company from
potential civil liability.
72
73
SAMPLE POLICY (CONTD.)
AUTHORIZATION FOR INVESTIGATING SUSPECTED FRAUD
Members of the Internal Audit Unit will have:
• Free unrestricted access to all Commission records and premises,
whether owned or rented AND
• The authority to examine, copy and remove all or any portion of the
contents of files, desks, cabinet and other storage facilities on the
premises without prior knowledge or consent of any individual who may
have custody of any facilities when it is within the scope of their
investigation.
SAMPLE POLICY (CONTD.)
TERMINATION
• If an investigation results in a recommendation to terminate an
individual, the recommendation will be reviewed for approval by the
designated representatives from Human Resources Development
Department and the Legal arm of the Administration department if
necessary, by outside counsel, before any such action is taken.
• The Internal Audit Unit does not have the authority to terminate any
employee. The decision to terminate an employee is made by the
employee’s management. Should the Internal Audit Unit management
decision inappropriate for the facts presented, the facts will be
presented to executive level management for a decision
74
SAMPLE POLICY (CONTD.)
ADMINISTRATION
The director of ……… is responsible for the administration, revision,
interpretation and application of this policy. The policy will be reviewed
annually and revised as needed.
APPROVAL ……………… ……….
Chairman/Managing Date
Director
………………
Board
75
SAMPLE FRAUD POLICY 2
TABLE OF CONTENTS
ACKNOWLEDGEMENTS
1. BACKGROUND:
• 1.1 Introduction / Overview 4
• 1.2. Purpose / Objectives of Fraud Policy 4
2. SCOPE OF POLICY:
• 1. Applicability
• 2.General Policy and Responsibilities 5
• 3. Confidentiality 5
• 4. Deterrence / Prevention 6
• 5. Reporting
3. FRAUD:
• 1. Definition 7
• 2. Action Constituting Fraud 7
• 3. Staff Education and Awareness 8
• 4. Client and Community Awareness 8
4. FRAUD RISK ASSESSMENT
5. WHISTLE BLOWING 8 76
SAMPLE FRAUD POLICY 2 (CONTD.)
6. FALSE ALLEGATIONS 8
7. INVESTIGATION RESPONSIBILITIES 8
• 1 Security of Evidence
• 2 Reporting the Outcome of Investigations 8
• 3 Recovering Assets 8
• 4 Other Issues (Corrections, Training, etc.) 8
8. CONFIDENTIALITY 9
9.. AUTHORISATION FOR INVESTIGATING SUSPECTED FRAUD 9
10. REPORTING PROCEDURES 9
• 1. Employees 9
• 11. Supervisors / Managers 9
• 111. Internal Audit 9
• 1v. External Audit 9
11. TERMINATION 9
12. MEDIA ISSUES 9
13. INSURANCE RECOVERY 9
14. APPROVAL 977
FRAUD DETERRENCE (contd.)EMPLOYMENT PRACTICESThough Employment practices are more associated with Fraud Prevention
efforts, practices such as Psychological / Pyschometric Tests, Whistle
Blowing Policies, Pre-Employment sensitization efforts, Mandatory
Vacations, Job Rotations, and Unscheduled (surprise) audits, Ethics
Programs and Discilinary Actions all help to DETER.
78
FRAUD PREVENTION• INTRODUCTION TO FRAUD PREVENTION
• FRAUD PREVENTION METHODS USED BY ACCOUNTANTS
• COSO FIVE (5) STEP FRAUD PREVENTION
• THE FOUR STEP APPROACH
• SOME AVOIDABLE MISTAKES!
79
FRAUD PREVENTIONINTRODUCTION TO FRAUD PREVENTION
The many precautions one can take to prevent fraud gives to the old cliché
That states “an ounce of prevention is worth a pound of cure.”
Businesses and consumers can take appropriate steps and procedures to
mitigate, minimize or avoid fraud losses but it must be stressed that taking
the precautions possible does not guarantee that companies or consumers
will not become victims.
80
FRAUD PREVENTION (contd.)
ACCOUNTANTS’ PERCEPTION
According to the Managerial Auditing Journal, (2006; Vol. 21 No.5, pp.520-35;
ISSN : 0268-6902), although firewalls, virus and password protection, and internal
control review are quite commonly used to combat fraud, discovery sampling, data
mining, forensic accountants and digital analysis software are not often used,
Despite receiving high ratings of effectiveness.
81
FRAUD PREVENTION (contd.)
ACCOUNTANTS’ PERCEPTION ((contd.)
In an article authored by James L. Bierstaker, Richard G.
Brody, and Carl Pacini, C. titled, "Accountants'
perceptions regarding fraud detection and prevention
methods,” published by Emerald Group Publishing
Limited, they contend that although organisational use of forensic
accountants and digital analysis were the least often
used of anti-fraud methods, they had the highest
effective mean effectiveness ratings. The lack of use of
these highly effective methods have been blamed on
lack or organizational resources.
The following table summarizes the procedures in terms of their percentage
usage and level of effectiveness:
82
83
FRAUD PREVENTION (contd.)
ACCOUNTANTS’ PERCEPTION ((contd.)
PRACTICAL IMPLICATIONS
Based on the above therefore, organizations should consider the cost / benefit
tradeoff in investing in highly effective but potentially underutilized methods to
prevent or detect fraud. While the costs may seem prohibitive for small
organizations, substantial cost savings from reduced fraud losses may also be
significant.
84
FRAUD PREVENTION (CONTD.)COSO FIVE (5) STEP FRAUD PREVENTION
1. Control Environment
• A strong control environment based on a culture of honesty and high
ethics is critical to a successful antifraud programs and controls.
• Control environment elements pertaining to antifraud programs and
controls include:
• Codes of Conduct/Ethics
• Ethics Hotline/Whistleblower program
• Integrity Diligence in Hiring and Promotion
• Board and Audit Committee Oversight Of
Management’s Antifraud Efforts
• A Standard Investigative Process
• Remediation of Identified Fraud
85
FRAUD PREVENTION (CONTD.)
COSO FIVE (5) STEP FRAUD PREVENTION (CONTD.)
2. Fraud Risk Assessment
• Fraud and reputation-risk assessments are the corner stones of an
antifraud program that anticipates, rather than reacts to, fraud and
misconduct. An effective fraud and reputation-risk assessment will
identify previously unidentified risks and strengthen the ability of the
organization to prevent and detect fraud and misconduct before they
emerge into a corporate scandal. A fraud and reputation-risk
assessment, moreover, should identify cost-saving opportunities far in
excess of the cost of the assessment.
3. Control Activities
• Once the fraud risk assessment has taken place, the organization
should identify the control activities implemented to mitigate the
identified fraud risk. In the context of antifraud management program,
control activities are those actions taken by management to identify,
prevent and mitigate fraudulent financial reporting or misuse of an
organization’s assets. 86
FRAUD PREVENTION (CONTD.)
COSO FIVE (5) STEP FRAUD PREVENTION (CONTD.)
4. Information and Communication
• Effective communication is critical to ensuring the success of antifraud
programs and policies. Anti fraud policies must be stated clearly. This
information must be communicated to employees effectively. An
assessment of the antifraud program must consider whether the
content of it policies is appropriate, timely, current and properly
disseminated.
5. Monitoring
• A company’s antifraud controls, programs and policies must be
subjected to ongoing and periodic performance assessments. The
frequency of these assessments is a matter of management’s
judgment. In determining the frequency consideration should be given
to the following: the nature and degree of changes occurring, the
competence and experience of the individuals implementing the
controls, and the results of ongoing monitoring.87
FRAUD PREVENTION (CONTD.)
THE FOUR STEP APPROACH
This approach in prevention is based upon the reduction of both the
opportunity to commit fraud and go undetected, and incentive. Research
studies and experience show that opportunity and likelihood of being
detected play major roles in the individual decision to commit fraud.
88
89
THE FOUR STEP APPROACH (contd)
STEP 1. Screen out those who are likely to commit fraud Companies can:
a. Do criminal back ground checks on employees and vendors, in
accordance with law and contract.
b. Call previous employers to verify employment dates. For jobs with candidates who have previously worked
for the organization, verify employment
and eligibility to be rehired.
90
FOUR STEP APPROACH (CONTD)
c. Confirm school transcripts, degrees and certification.
d. consider getting a credit history for applicants in high exposures positions.
e. consider drug testing
f. Use psychological ‘ psychometric testing
g. Establish procedures for debarring and suspending problem vendors and contractors.
Monitor to see that they are working
91
4 STEP APPROACH (CONTD.)
STEP 2. Reduce the opportunity available.
Auditors and Managers can:
a. Be sure internal control decisions include
consideration of what kind of fraud can be
perpetrated, and by whom
b. Be sure that subordinates and operators, in
making decisions about controls are fully
aware of the fraud implications of the control
in place or suggested.
92
STEP 2 (contd.)
c. In areas where segregation of duties is not practical, use alternative controls to reduce opportunity. Management sampling of work and quality assurance techniques have proven valuable. Mandatory vacation and rotation of assignments are useful for surfacing fraud
requiring ongoing cover-up activity.
93
4 STEP APPROACH (CONTD.)
STEP 3.
Create an environment in which employees believe that
dishonest acts will be detected by management,
monitoring techniques, other employees or the
auditors.
a. Build fraud detection steps into every
audit using the five step approach to
fraud detection. Use exposure
analysis to relate fraud exposures and
symptoms to audit program steps.
94
4 STEP APPROACH (CONTD.)
STEP 3 (CONTD.)
b. Bring fraud into the open. Discussion of the
implications of internal controls, and review the
frauds reported in newspapers, magazines and
trade journals all heighten awareness.
c. Consider conducting an in-house program for
supervisors and managers covering dishonest
and fraudulent activities which would occur, and
what the symptoms might be.
95
4 STEP APPROACH (CONTD.)
STEP 3 (contd.)
d. Determine that the fraud implications of controls designed and intended to detect fraud are fully understood by the clerical and supervisory personnel responsible for them. Fight form without substance.
e. Establish communication methods which encourage employees to report suspected fraud directly to those responsible for investigation without fear of disclosure or retribution.
96
4 STEP APPROACH (CONTD.)
STEP 3 (contd.)
f. Consider the use of a fraud hotline.
Government, health care insurers, and
some retailers are using hotlines
successfully.
g. Report all fraud activity to the audit
committee or the board of directors.
97
4 STEP APPROACH (CONTD.)
STEP 4. Create an environment in which dishonest
acts are not related and are, in fact punished.
a. Develop and implement a policy for handling
suspected dishonest and fraudulent activities,
including termination and reporting to law enforcement.
b. Communicate such policy to all directors, officers, employees, agents and other interested parties.
98
4 STEP APPROACH (CONTD.)
STEP 4 (contd.)
c. Develop and implement a code of ethics for
employees, clearly defining acceptable and
unacceptable activities.
d. Require all vendors and contractors to
agree in writing, a part of the contracting
process to abide by the code of ethics.
99
4 STEP APPROACH (CONTD.)
STEP 4. (contd.)
e. Develop and implement codes, guidelines and
organizational policies designed to prohibit
conflicts of interest. Some companies now
require that employees disclose possible
conflicts of interest involving other employees.
100
SOME AVOIDABLE MISTAKES
IN FIELD WORK
The auditors sampled from the shelves
or from file cabinets instead of from
Controlled sources. They had no chance
of including for testing files hidden or
destroyed. Although it had been 3 years
since the last audit, the sample included
only transactions in the last 6 months.
The auditors miss the significant fraud
which had stopped 9 months before the
audit.
101
FRAUD DETECTION TECHNIQUES
* INITIAL DETECTION
* UNDERSTANDING
RED FLAG
* UNDERSTANDING SYMPTOMS
DETECTION INTRODUCTION TO FRAUD DETECTION
FRAUD SURFACES THROUGH:
• MANAGEMENT REVIEW & OTHER CONTROLS
• INTERNAL AUDIT
• PUBLIC ACCOUNTANT
• LAW ENFORCEMENT
• CONCERNED EMPLOYEES
• OUTSIDE INFORMANTS
• UNSOLICITED CONFESSION
For example, the ACFE’s 2014 survey
showed the Initial Detection of occupational
Frauds as follows:
102
103
DETECTION (CONTD.)INTRODUCTION TO FRAUD DETECTION (Contd.)
SINCE OPPORTUNITY FOR FRAUD IS INCREASED WHEN:
• SEGREGATION OF DUTIES BREAKS DOWN
• SEGREGATION OF DUTIES IS NOT PRACTICAL
• SUPERVISORY REVIEW IS ABSENT OR PERFUNCTORY
• CONTROLS BREAKDOWN!
We should direct our detection efforts in these directions!
104
DETECTION (CONTD.)INTRODUCTION TO FRAUD DETECTION (Contd.)
In addition, Opportunity is also increased and auditors should be
particularly alert when auditing transactions:
• At remote locations or branches,
• Under control of on person,
• Processed outside of normal operating routines,
• Initiated during: vacations, illness, management change & leaves of absence,
• Processed by outside agent,
• Requiring special handling,
• Related to unrecorded assets,
105
DETECTION (CONTD.)THE FIVE STEP APPROACH TO FRAUD DETECTION
1. KNOW THE EXPOSURES
Know what go wrong, who could do it, what opportunities there are for
employees, executives, outsiders, suppliers, agents and others
providing goods and services. For cooking the books, know the
pressure for favorable results. Understand the systems, the control and
what they are intended to prevent or detect.
2. KNOW THE SYMPTOMS OF OCCURRENCE
Symptoms are specific and may be of the fraud itself, or of the cover up
attempt. For each exposure know how it would be reflected in
documents, reports, computer files, edit reports
paid cheques, reconciliations, accounts, complaint
files, adjusting or correcting entries.
106
DETECTION (CONTD.)THE FIVE STEP APPROACH (Contd.)
3. BE ALERT FOR SYMPTOMS
Many cases are detected by an auditor or manager following throughon a symptom noted while actually looking for something else.
4. BUILD AUDIT PROGRAMS TO LOOK FOR SYMPTOMS
Determining exposure and evaluating internal control precedes writingthe audit program. Some environments may lack controls which theinternal auditor can rely upon to protect his organization’s interest.Such environments include some branch
offices and other remote locations, and
outsiders such as vendors, agents
and contractors. Even the organization
with good controls, frequently there are
areas or departments lacking
segregation of duties or meaningful
supervisory review.
107
DETECTION (CONTD.)THE FIVE STEP APPROACH (Contd.)
4. (contd.) BUILD AUDIT PROGRAMS TO LOOK FOR SYMPTOMS
In developing the audit program the internal auditor should include
specific steps designed to look for symptoms of fraud. Sampling plan
should take into consideration the fraud exposure and the reliability of
internal controls. Building audit program to look for symptoms includes:
• Selecting large samples for limited fraud tests
• Looking for symptoms of fraud occurrence
• Using computer techniques to look for fraud occurrence
• Stratification of the population, stratified sampling, direct sampling and
discovery sampling may prove to be helpful. In the completely
uncontrolled environment the auditor will want to determine the tolerable
undetected fraud allowable in the population. The auditor may want to
design his sample so as to include a fraudulent occurrence should the
level of fraud in the population aggregate more than the tolerable amount.108
DETECTION (CONTD.)THE FIVE STEP APPROACH (Contd.)
5. FOLLOW THROUGH ON ALL SYMPTOMS OBSERVED
The auditor should resolve all symptoms. The auditor should operate with an attitude of healthy professional skepticism. Beware of pressures to complete work on time, the single symptoms that you are looking at may not be an occurrence and it may be one of many.
• NB No fraud is acceptable but auditors in deciding sample sizes actually are determining the probability of having the opportunity to detect fraud. The probability is dependent upon the amount of fraud the size of the population and the sample selected.
.
109
FRAUD DETECTIONTECHNIQUES• UNDERSTANDING RED FLAGS
110
DETECTION (CONTD.)UNDERSTANDING RED FLAGSRed flags of fraud are fraud-related variables or forces that influence the
decision to commit fraud. Research reported in “How to detect and Prevent
Business Fraud,” by W. Steve Albrecht, categorized red flags as :
(1) Situational,
(2) Opportunity, and
(3) Personal characteristics.
Examples of red flags are:
Situational red flags:
High personal debts or losses
Living beyond one’s means
Gambling or speculation
Excessive use of alcohol or drugs
Illicit involvement with members of opposite sex
Perceived inequities in organization 111
DETECTION (CONTD.)UNDERSTANDING RED FLAGS (Contd.)
Opportunity Red Flags :
Familiarity with operations and position of trust
Close association with suppliers and key people
Dominant top management
Dishonest or unethical management
Too much trust in key employees
112
DETECTION (CONTD.)UNDERSTANDING RED FLAGS (Contd.)
Company situations encouraging fraud on its behalf:
Heavy investments or losses
Urgent need for a favorable earnings
Temporary bad situation
Revoked or imperiled licenses
Opportunity for fraud on behalf of the company:
Related party transactions
Poor accounting records
Poor internal controls or weakness enforcement
A typical or hot industry113
DETECTION (CONTD.)UNDERSTANDING RED FLAGS (Contd.)
Personal characteristics red flags include:
Low moral character
Wheeler-dealer
Rationalizer of contradictory behavior
Poor credit rating or financial status
114
DETECTION (CONTD.)UNDERSTANDING RED FLAGS (Contd.)
AVOID OVERREACTING TO RED FLAGS :
Some red flags will always be present, even
though fraud may not be. After fraud has
surfaced, red flags surface too. These red flags
may have been observed by managers and
auditors and explained away.
Some auditors and managers tend to overreact to red flags and create
some real problems. Auditors faced with spending –related red flags may
try to investigate lifestyle. It may be better to use the red flags to trigger an
audit instead of an investigation of the person. Such an audit should include
specific steps aimed at identifying symptoms of fraud occurrence.
115
DETECTION (CONTD.)
UNDERSTANDING RED FLAGS (Contd.)
IMPACT OF BEHAVIORAL RED FLAGS ON AUDITING
* Do not count on your knowledge of red flags to protect you from fraud.
There are too many other variables. Do not ignore them, however, the
following usually should result in additional audit / investigative work or a
change of scope:
Red flags are usually most valuable if they relate to a sudden change in lifestyle or behavior. There is an old saying among gamblers and speculators - “Fast money stays fast” Many people seem to tend to spend money they do not really think they deserve. So somebody who is stealing may seem to waste the proceeds. Pay attention to sudden dramatic changes in observable spending patterns.
Unbelievable lifestyle or spending should draw
audit attention!116
DETECTION (CONTD.)
UNDERSTANDING RED FLAGS (Contd.)
Some types of fraud require active ongoing cover-up activity. Staying late,
coming in early, and never taking vacation is common behavior for some
types of fraud. Perpetrators sometimes will show a great deal of interest in
the audit process, offering to help out, provide explanations, and generally
monitor progress and direct the audit away from themselves.
Inquiries such as, “Has anyone ever been caught stealing here?” or “I
wonder what happens if an employee is taking inventory?” could alert a
manager to fraud. Excuses, including “ I’m working
on those records at home!” and “We haven’t had
time to make that deposit,” or “The bank lost that
deposit!” demand immediate follow up action.
117
DETECTION (CONTD.)UNDERSTANDING SYMPTOMS
This is the key to the detection of wrongdoing. A symptom of fraud may
be defined as a condition which is directly attributable to dishonest or
fraudulent activity. It may result from the fraud itself or from the attempt to
conceal the fraud.
Managers and auditors interested in operating controls need to be familiar
with what can go wrong in the areas they manage or audit. And they need
to know what symptoms may be reflected in books, records, accounts,
documents, reports and reconciliations if something does go wrong.
118
DETECTION (CONTD.)UNDERSTANDING SYMPTOMS (Contd.)Knowledge of exposures and symptoms is needed by anyone working with
controls. Examples of symptoms of fraud includes:
1. Missing document
2. Shortages in cash drawers
3. Overages in cash drawers
4. Control total of cheques received does not balance to chequesdeposited
5. Presence of a “thief’s adding machine
6. Excessive voids or refunds
7. Excessive voids or refunds
8. Deposits in transit are slow in reaching the bank
9. Deposits in transits are growing
10. Manual or computer detail does not equal control totals
11. General ledger does not balance
12. Customers complain, “I paid this!”119
DETECTION (CONTD.)UNDERSTANDING SYMPTOMS (Contd.)
13. Adjustments to receivables
14. Increases in past due accounts
15. Excessive late charges
16. Increase in write-offs of late charges
17. No collections on past due or written off accounts
18. Adjusting entries lack formal approval
19. Shortages in inventory / Adjustments to inventory
20. Deviation from specification on delivered goods/services
21. Shortages on delivery
22. Cheque amounts have been altered
23. Goods purchased are in excess of needs
24. Delivery location is not your office, plant or job site
25. Duplicate payments
26. Employees are not present at payroll payoff
120
DETECTION (CONTD.)UNDERSTANDING SYMPTOMS (Contd.)
27. Payroll cheques have second endorsements by a boss
28. Handwriting on endorsement does not match signatures on file
29. Invoices are duplicates or copies
30. Invoices from a plain paper are not permitted forms or letterhead
31. Old outstanding cheques in bank reconciliations
32. Payees have common names and addresses
33. Addressed change followed by a request for payment
34. Vendor’s address is the same as an employee address
35. Top performance by a new sales person
36. Any performance that is too good to be believed
37. Alteration of documents
38. Changes in logs, day books and time report
121
DETECTION (CONTD.)UNDERSTANDING SYMPTOMS (Contd.)
39. Liquid paper and erasures on timecards
40. Copies where originals are expected
41. Support for payments is not canceled or marked paid
42. A computer report total is incorrect
43. Payments made in currency when cheques were expected
44. An employee does not remember working on a job his hours were charged to
45. An employee name or number is coded into an application program
122
Fraud Myths That Hurt Companies.
Since fraud inherently involves intent and concealment, many
organizations may be lulled into a false sense of security, and are
still operate with some big misconceptions about employee fraud.
Lack of awareness and common misconceptions about fraud persist
in both the private and public sectors. If persons mistakenly believe
that their organization is not at risk, they will probably not actively
try to deter, prevent, detect and invs estigate fraud.
Organizations must know the truth about fraud and its perpetrators in
order to actively protect ourselves. The following are some of the
more popular myths about fraud :
123
Fraud Myths That Hurt Companies.
MOST PEOPLE ARE HONEST AND WON’T COMMIT FRAUD.
This is a dangerous approach to take to the business of fraud. It istrue that most people are generally honest. But to rely on this insteadof putting controls in place to prevent fraud is a big mistake.
While it’s wise to hire those with a track record of honesty, pastbehavior doesn’t necessarily predict future behavior. Almost 88percent of employees and executives who commit fraud against theiremployer have never before been charged or convicted of a fraud-related offense. This means it’s nearly impossible for companies topredict who is going to commit fraud and when they are going to do it.
124
Fraud Myths That Hurt Companies.
MOST PEOPLE ARE HONEST AND WON’T COMMIT FRAUD(contd.)
It is a fact that honest people can and do commit fraud. Outsidepressures can cause people to behave in ways they normally wouldnot. Things that could push someone toward fraud include addictions,divorce, overwhelming debt, and gambling problems. When pressureslike this are present, it’s difficult to predict who will commit fraud.
In the end, those who commit fraud come from all walks and ways oflife. From clerks to executives, no one is immune. Thieves come fromall social classes and all economic backgrounds. If given a strongmotivation and ample opportunity, anyone can commit fraud againsther or his employer.
125
Fraud Myths That Hurt Companies.
OUR COMPANY DOES NOT HAVE AN INTERNAL FRAUDPROBLEM – OUR PEOPLE WOULD NOT COMMIT FRAUD!
While companies would like to believe they have good employees andadequate controls to prevent fraud, the fact of the matter is that 45percent of companies will be significantly affected by fraud, accordingto one international study. A separate study estimates that theaverage internal fraud will cost $159,000, and that almost one-fourthof fraud cases will cost companies over $1 million each.
ERNST & YOUNG research revealed that more than 85% of fraudswere committed by insiders, more than 55% of perpetrators ofcorporate fraud were from management ranks. In addition, althoughthe tenure of the typical fraudster is three to five years, 85% of themanagers committing the largest frauds had less than one year ofservice in their new roles.
126
Fraud Myths That Hurt Companies.
IF FRAUD OCCURRED, IT WOULD BE DISCOVERED QUICKLY!
Most companies believe they have sufficient safeguards in place todetect fraud, and because no fraud has been uncovered, they believethat no significant fraud is occurring. Many companies rely mainly ontheir internal controls to detect fraud, but Ernst & Young’s researchreveal that 38% of companies have never trained their employees onFraud prevention and detection.
Also, it is important to note that internal control, no matter how welldesigned and operated, can provide only reasonable assurance tomanagement and the board of directors is affected by limitationsinherent in all control systems. These may include, Faulty humanjudgment in decision-making causing breakdowns such as simpleerror or mistake; Circumvention of controls by the collusion of two ormore people; and Management override of control system.
127
Fraud Myths That Hurt Companies.
SMALL FRAUDS AREN’T IMPORTANT ENOUGH FORMANAGEMENT TO WORRY ABOUT, DAMAGES WOULD NOT BESIGNIFICANT – WE CAN DEAL WITH IT.
Virtually every big fraud started out as a small fraud at one point.Whether it is a minor theft of cash or a financial statementmanipulation intended to cover up a substandard quarter, what startsout as a small fraud can quickly grow into a major fraud scheme. Atheft of $500 may not seem significant enough for management todevote time and effort to the problem. But what if an employee wasstealing $500 a week for three years? Suddenly, there is a theft of over$75,000, which could be very material to the company.
It’s important for companies to take small frauds and ethical lapsesseriously. Not only does management want to cut off frauds whilethey are in their early stages, they also should be sending a messageto employees that dishonesty is not tolerated. A zero tolerance policyis a necessary part of any good fraud prevention program.
128
Fraud Myths That Hurt Companies.
SMALL FRAUDS AREN’T IMPORTANT ENOUGH FORMANAGEMENT TO WORRY ABOUT, DAMAGES WOULD NOT BESIGNIFICANT – WE CAN DEAL WITH IT.
It may be expensive to monitor and investigate smaller thefts from thecompany. However, in the long run, the cost will be worthwhilebecause the company will have stopped frauds from growing into thehundreds of thousands and millions of dollars. Therefore, an effectivefraud prevention program will contain components that help thecompany
According to Ernst & Young, only about 20% of losses are recoveredfrom perpetrators, and only an additional 19% are recovered throughinsurance policies. Reputational damage can be even morechallenging to measure as its impact is far reaching, and severesecondary effects such as reduction in stock price, decline incustomer loyalty, reduced sales and reduced employee productivitycan be suffered.
129
Fraud Myths That Hurt Companies.
FRAUD WILL BE DETECTED BY OUR AUDITORS.
History has shown us that a company’s external auditors cannot be
relied upon to find fraud. This is true primarily because audits are not
designed to detect fraud. They are designed to give “reasonable
assurance” that the numbers shown on the financial statements are
materially accurate.
Because fraud involves the active concealment of the truth, it makes it
difficult for auditors to discover. Although auditing standards have
attempted to address how auditors approach the potential for fraud
within companies, a traditional independent audit still cannot be relied
upon to detect fraud. Executives who believe differently are setting
their companies up for disaster.
130
Fraud Myths That Hurt Companies.
IF OUR COMPANY FOLLOWS GOVERNMENT REGULATIONS, WE
WILL BE PROTECTED AGAINST FRAUD.
Unfortunately, the current accounting rules and plethora of
Government regulations do not really provide protection against
fraud. Although companies may spend enormous amounts of money
in being compliant, it doesn’t really ensure that many have fraud
prevention procedures in place.
In order to effectively prevent fraud, companies must create and
implement policies and procedures specifically designed to deter and
detect fraud. Again, this should be accomplished with the help of an
anti-fraud professional who is experienced in the methods used by
corporate fraudsters. A good fraud prevention program will actively
prevent and detect fraud while still complying with the applicable
regulations.
131
Fraud Myths That Hurt Companies.
IF OUR COMPANY FOLLOWS GOVERNMENT REGULATIONS, WE
WILL BE PROTECTED AGAINST FRAUD.
Therefore, the best protection against fraud therefore involve the
following deterrence, prevention, detection and reporting best
practices:
1. Anti-fraud culture
2. Fraud policy
3. Fraud Awareness / Training
4. Whistle Blowing Policy / Hotline
5. Fraud Risks Assessment
6. Utilize Experts (Fraud Examiners, Forensic Accountants, etc.
7. Improved controls
132
133
REMEMBER :
PRAY, AS IF EVERY THING DEPENDS ON GOD,
BUT,
WORK, AS IF EVERYTHING DEPENDS ON YOU !!
THANK YOU FOR LISTENING !