“jamaica’s premier leadership and hr conference” theme

1

PRESENTS :Conference35

“Jamaica’s Premier Leadership and HR Conference”

Theme: “Transforming Organizations …Executing Creative People

Strategy”

“SenSitizing the OrganizatiOn againSt Fraud

PRESENTER : Friday, November 20, 2015

COLLIN A. A. GREENLAND, (11:30 a.m. - 12:25pm)

Forensic Accountant,

MBA, FJIM, CFE, CFSA, CFC.

http://hrmaj-online.blogspot.com/

http://hrmaj-online.blogspot.com/

To Introduce and Explain To Attendees to the Need for Fraud Sensitization.

To Introduce and Sensitize Attendees to the Legal Definition of Fraud, its

Nature, and Elements.

To Introduce and Sensitize Attendees to Management, External / Internal

Auditors’ Rsponsibilities.

To Introduce and Sensitize Attendees to Fraud Awareness, Fraud

Deterrence, Fraud Prevention and Fraud Detection.

To Expose and Sensitize Attendees to Fraud Myths That Hurt Companies.

2

3

the Need for Fraud Sensitization

The consensus amongst both researchers and practitioners today, is

that whilst board members, management and other stakeholders

continue to expect assurances that an organization is adhering to

industry best practices regarding governance and internal controls,

and that the organization is on sound financial footing, increasingly in

light of recent financial scandals, increasingly new and more stringent

legal requirements, and the increasing complexity of financial reporting

places higher demands on not just managers, but all stakeholders’

awareness for risk management is growing.

4

the Need for Fraud Sensitization (contd.)

For example, In 2012, both the Journal of Accountancy and CGMA

Magazine, accountants in the wake of financial crisises, both predicted

a strong demand strong for more experts in anti-fraud knowledge, such

as forensic accountants, and stated that Forensic accounting revenue

in the United States was expected to grow 6.8% annually over the next

five years.

5


Deloitte Touche also, in their 2012 survey reported that since their last

Internal Audit Fraud Survey in 2010, the mandate and role of managers

and indeed, Internal Audit functions, have continued to evolve, in

respect of both fraud risk management and investigation responsibility.

Management are still dependent on Internal Audit to provide them with

assurance over the anti-fraud controls in place across their

businesses, together with the ability to detect and investigate fraud,

should it occur.

6


Also, in 2014, IBISWorld confirmed that over the previous five years,demand for forensic accounting services surged as financialregulation increased and the number of bankruptcies and corporaterestructures caused influenced by massive frauds, rose sharp

Businesses have turned to anti-fraud experts for aid in assessingand correcting the damage inflicted by irregularities as well as forassistance with litigation. Though internal competition andcompetition from other industries, in-house anti-fraudmethodologies, such as forensic accounting services wereforecasted to rise over the next five years.

7


Accordingly, the Deloitte report pointed out that a robust anti-fraudculture is being promoted by senior management with 98% ofrespondents stating senior management endorse and offer some, orextensive encouragement of a strong approach to fraud riskmanagement.

The Deloitte report also predicted that over the next 12 months, thethree key areas of focus in Internal Audit were to be firstly the inclusion(or continued inclusion) of fraud in the scope of reviews undertaken(53%), secondly the increased coverage of fraud risk in the audit plan(40%), and thirdly performing fraud risk assessments (36%). Also, 28%of respondents anticipate the implementation of fraud data miningtools, critical in fighting fraud.

8

WHAT IS FRAUD ?

The Difficulties in Defining Fraud

Fraud is probably one of the most used technical term that is not characterized

by an internationally agreed definition, though essential aspects has emerged

that must be present in any appropriate definition.

The multiplicity of definitions that permeate different jurisdictions, industries,

professions, and disciplines, usually define the phenomenon contextually (eg.

Health Fraud, Computer Fraud, Marketing Fraud, etc.) and it is difficult in most

countries to find a legal definition exhibiting the all embracing, comprehensive

nature of fraud.

•

9

WHAT IS FRAUD (Contd.) ?

The following examines some of the more adroit definitions posited by experts,

associations and institutions involved in anti-fraud writings and efforts.

Lawrence Sawyer, (1911-2002) for example, was a highly acclaimed author,

educator, and leader of the internal auditing profession and a lifelong advocate of

The Institute of Internal Auditing (IIA). Known as the “father of internal auditing,” he

defined fraud briefly as:

“a false representation or concealment of a material fact to induce someone to part

with something of value.”

By his own admission however, Sawyer acknowledges the inadequacy of this

definition since it does not include employee peculations, extortion, or the

conversion of one’s own use of assets already in the custody of the wrongdoer.

10

WHAT IS FRAUD (Contd.) ?

The Institute of Internal Auditors more appropriately defines fraud in the glossaryof its Professional Practices Framework as:

“Any illegal acts characterized by deceit, concealment, or violation of trust. Theseacts are not dependent upon the application of threat of violence or of physicalforce. Frauds are perpetrated by parties or organizations to obtain money,property, or services; to avoid payment or loss of services; or to secure personalor business advantage”

WHAT IS FRAUD ? (contd.)

The Association of Certified Fraud Examiners

(ACFE) acknowledges that in the broadest sense,

fraud can encompass any crime for gain that uses

deception as its principal modus operandus, and can

be committed either internally by employees, managers, officers, or owners

of the company, or externally by customers, vendors, and other parties.

Other schemes defraud individuals, rather than organizations.

Internal Fraud

Internal fraud, also called occupational fraud, is defined by the ACFE as:

“the use of one’s occupation for personal enrichment through

the deliberate misuse or misapplication of the organization’s

resources or assets.”

Simply stated, this type of fraud occurs when an employee, manager, or

executive commits fraud against his or her employer.


Black’s Laws Dictionary tends to give different

definitions based in their various editions with the

5th edition (1979) stated as follows:

“all multifarious means by which human ingenuity

can devise and, which are resorted to by one

individual to get an advantage over another by

false suggestions or suppression of the truth.

It includes all surprise, trick, cunning or

dissembling, and any unfair way by which

another is cheated.

12


However, the 6th edition (1990) defined it more expansively as :

“An intentional perversion of the truth for the purpose of

inducing another in reliance upon it to part with some valuable

thing or to surrender a legal right; a false representation of a

matter of fact, whether by words or conduct, by false or

misLeading allegations, or by concealment of that which should

have been disclosed, which deceives and is intended to deceive

another so that he shall act upon it to his legal inquiry; anything

calculated to deceive, whether by a single act or combination, or

by suppression of truth, or suggestion of what is false, whether it

be by direct falsehood or innuendo, by speech or silence,

word of mouth, or look or gesture; fraud comprises all

acts, omissions, and concealments involving a branch of legal

or equitable duty and resulting in damage to another.

13

14

THE NATURE OF FRAUD

In the broadest sense, fraud can encompass any crime for gain which uses

deception as its principle modus operandi. There are three ways to illegally

relieve a victim of his money:

* Force,

* Trickery

* Larceny.

Those offenses which employ trickery are usually frauds. Wrong doing by

deceit however, goes by many names. It has been called fraud, white

collar fraud, white collar crime, and embezzlement, or many other things

such as the 100 shown below. None of these embraces the full spectrum of

deceptive and illegal practices in the market place and government.

LEXICON OF FRAUD SYNONYMS

1. Appropriate 31. Fictitious 61. Misappropriate 91. Spoofing

2. Baffle 32. Filch 62. Mislead 92. Spurious

3. Bamboozle 33. Finagle 63. Misrepresent 93. Stash

4. Bent 34. Flaw 64. Mystify 94. Stupefy

5. Bilk 35. Fleece 65. Obscure 95. Suppress

6. Bogus 36. Flit 66. Peculate 96. Swindle

7. Bribery 37. Fudge 67. Perfidious 97. Swipe

8. Cheat 38. Feign 68. Perjure 98. Slink

9. Concocted 39. Guile 69. Pharming 99. Swipe

10. Corrupt 40. Hacking 70. Phishing 100. Welsh

11. Counterfeit 41. Heist 71. Phony

12. Crafty 42. Hoax 72. Pilfer

13. Creep 43. Hocus 73. Pinch

14. Crooked 44. Hoodwink 74. Plagiarize

15. Defalcation 45. Heist 75. Poach

16. Defraud 46. Hoax 76. Prevaricate

17. Deprive 47. Hocus 77. Pseudo

18. Diddle 48. Hoodwink 78. Purloin

19. Dishonest 49. Illusory 79. Shady

20. Dissemble 50. Irregularity 80. Pyramid

21. Divert 51. Kickback 81. Quack

22. Dupe 52. Kiting 82. Rigging

23. Duplicitous 53. Lapping 83. Shoplift

24. Ersatz 54. Larceny 84. Screw

25. Extort 55. Malfeasance 85. Shady

26. Fabricate 56. Manipulation 86. Sham

27. Fake 57. Mask 87. Shoplift

28. Fallacious 58. Malfeasance 88. Shroud

29. Falsify 59. Manipulation 89. Skimming

30. Fib 60. Mendacious 90. Snaffle

15

THE NATURE OF FRAUD (contd.)

Since deception is the linchpin of fraud, we will utilise

Webster’s Synonyms to examine the nature of fraud:

“Deceive” implies imposing a false idea or belief that causes ignorance,

bewilderment or helplessness;

“Mislead’ implies a leading astray that may or may not be intentional;

“Delude” implies deceiving so thoroughly as to obscure the truth;

“Beguile’ stress the use of charm and persuasion in deceiving.

Notwithstanding the legal distinctions to follow, this presentation will use the

term FRAUD in its broadest commonly accepted usage. It will include

manipulations, malfeasance, peculations, withholdings, defalcations, thefts,

embezzlements and any other misdeeds by an individual that might cause

financial loss to an organization. 16

17

ELEMENTS OF FRAUD

• It is important to note that not all deceptions are frauds. Legally, fraud is defined as containing SEVEN important, necessary and distinct elements. If any one of the seven is lacking, then no fraud has been perpetrated. The elements are the following:

1. There must be a MISREPRESENTATION.

2. Of a PAST or PRESENT.

3. MATERIAL FACT.

4. Made KNOWINGLY or RECKLESSLY.

5. With the INTENT of inducing a party to act.

6. the injured party must have ACTED on the MISREPRESENTATION.

7. To his/her DETRIMENT.

The legal definition is the same whether the offense is criminal or civil; the difference is that criminal cases must meet a higher burden of proof.

18

ELEMENTS OF FRAUD (CONTD.)

• Various criminologists and research from others have produced

various technical components of fraud and fraudsters. One of the

most classical models was developed by Donald R. Cressey and

published in “other people’s money: a Study in the social Psychology

of Embezzlement.”

• Cressy’s final hypothesis is:

“Trusted persons become trust violators when they conceive of

themselves as having a financial problem which is non-sharable, are

aware this problem can be secretly resolved by violation of the

position of financial trust, and are able to apply to their own conduct in

that situation verbalizations which enable them to adjust their

conceptions of themselves as trusted persons with their conceptions

of themselves as users of the entrusted funds or property.”

19

ELEMENTS OF FRAUD (CONTD.)

NB - Some prefer MOTIVE to PRESSURE since some frauds motivated by greed more than situational pressures.

Fraud can take certain other technical forms. It may result from an INTENTIONAL

MISREPRESENTATION – the suggestion that something is true, when it is not, by

someone who knows it is not. It may be NEGLIGENT MISREPRESENTATION – the

assertion as a fact of that which is not true. It includes CONCEALMENT – the

suppression of a fact by one who is bound to disclose it. It also includes FALSE

PROMISES – a promise made with no intention of fulfilling it.

OPPORTUNITY

PRESSURE RATIONALIZATION

THE FRAUD

TRIANGLE

THE EXTENT OF FRAUD

The nature of fraud suggest that any attempt to accurately measure it will

at best, be incomplete. Possibly the best known, most comprehensive and

widely accepted authority on this matter is the “Report To The Nation On

Occupational Fraud and Abuse,” researched, compiled and presented by

the ACFE in 1996, 2002, 2004, 2006, 2008, 2010, 2012 and 2014.

The report is also popularly regarded as the “Wells

Report,” named after its conceptualizer Mr. Joseph T.

Wells, founder and Chairman of the ACFE.

20

THE EXTENT OF FRAUD (CONTD.)

Key Findings and Highlights of the 2014 Report to the Nations include:

The Summary of Findings:

◦Survey participants estimated that the typical organization loses 5% of

revenues each year to fraud. If applied to the 2013 estimated Gross World

Product, this translates to a potential projected global fraud loss of nearly

$3.7 trillion.

◦Occupational frauds can be classified into three primary categories: asset

misappropriations, corruption and financial statement fraud. Of these, asset

misappropriations are the most common, occurring in 85% of the cases in our

study, as well as the least costly, causing a median loss of $130,000. In

contrast, only 9% of cases involved financial statement fraud, but those cases

had the greatest financial impact, with a median loss of $1 million. Corruption

schemes fell in the middle in terms of both frequency (37% of cases) and

median loss ($200,000).

21

TYPES OF FRAUD (CONTD.)

23


• Tips are consistently and by far the most common detection method. Over

40% of all cases were detected by a tip — more than twice the rate of any other

detection method. Employees accounted for nearly half of all tips that led to the

discovery of fraud.

• The banking and financial services, government and public administration,

and manufacturing industries continue to have the greatest number of

cases reported in our research, while the mining, real estate, and oil and gas

industries had the largest reported median losses.

• The presence of anti-fraud controls is associated with reduced fraud losses and

shorter fraud duration. Fraud schemes that occurred at victim organizations that

had implemented any of several common anti-fraud controls were significantly

less costly and were detected much more quickly than frauds at organizations

lacking these controls.

24


• The higher the perpetrator’s level of authority, the greater fraud losses

tend to be. Owners/executives only accounted for 19% of all cases, but

they caused a median loss of $500,000. Employees, conversely, committed

42% of occupational frauds but only caused a median loss of $75,000.

Managers ranked in the middle, committing 36% of frauds with a median

loss of $130,000.

• Collusion helps employees evade independent checks and other anti-fraud

controls, enabling them to steal larger amounts. The median loss in a

fraud committed by a single person was $80,000, but as the number of

perpetrators increased, losses rose dramatically. In cases with two

perpetrators the median loss was $200,000, for three perpetrators it was

$355,000 and when four or more perpetrators were involved the median

loss exceeded $500,000.

25


• Approximately 77% of the frauds in our study were committed by

individuals working in one of seven departments: accounting, operations,

sales, executive/upper management, customer service, purchasing and

finance.

• It takes time and effort to recover the money stolen by perpetrators, and

many organizations are never able to fully do so. At the time of our survey,

58% of the victim organizations had not recovered any of their losses due to

fraud, and only 14% had made a full recovery.

26

27

WHO HAS THE

RESPONSIBILITIES FOR

FRAUD?

28

MANAGEMENT RESPONSIBILITIES

Management is responsible for establishing and maintaining effective

systems of internal control to deter, prevent and detect fraud. Accordingly,

the IIA’s Practice Advisory 1210.A2-2, titled “Responsibility for Fraud

Detection,” sates that “management has a responsibility to establish and

maintain an effective control system at a reasonable cost.”

The fair representation of a company’s financial statements, therefore,

and detection of fraudulent financial reporting must start with the entity

that prepares the financial statements.

This becomes confusing because fraudulent

financial reporting usually is instigated and

perpetrated by members of management or

people under the direct control of management.

29

MANAGEMENT RESPONSIBILITIES (CONTD.)

In order to improve the company’s overall financial reporting process and

increase the likelihood of detecting financial statement fraud, management

should implement, or maintain the following practices:

• A management tone evoking fraud deterrence

• Internal audit functions

• An audit committee

• Management and audit committee reports

• The practice of seeking second opinions from

Independent public accountants

• Quarterly reports

30

MANAGEMENT RESPONSIBILITIES (CONTD.)

The Tone at the Top

The tone set by upper management greatly influences the corporate

environment in which the financial reporting process occurs. In order to

successfully established a tone that is committed to detecting fraudulent

financial reporting management must:

* Identify, understand and assess the risk of fraudulent financial reporting

* Design and implement internal controls

* Enforce a written code of corporate conduct

31

AUDIT COMMITTEEs

An audit committee maintains an active role in discussing

controversial accounting issues, disagreements with upper

management, deficiencies in the company’s internal control structure,

and problems encountered during the audit. An audit committee that

is actively involved in keeping the communication lines open with the

internal and external auditors and addressing the issues in a timely

and just manner is an effective way of reducing the opportunity for

fraudulent financial reporting.

32

AUDIT CMMTTS. (CONTD.)

The audit committee SHOULD :

• Be informed, vigilant and effective overseers of the financial reporting process and the company’s internal controls.

• Have adequate resources and authority to discharge their responsibilities.

• Review management’s evaluation of factors related to the independence of the company’s public accountant.

• Review management’s plan for engaging the company’s independent public accountant to perform management advisory services during the coming years, considering both the types of services that may be rendered and the projected fees

33

FRAUD RESPONSIBILITIES FOR EXTERNAL AUDITORS

EXTERNAL AUDITORS ARE RESPONSIBLE FOR THE FOLLOWING:

• Understanding the characteristics causes

and signs of fraud.

• Assessing the risk of a material financial

statement misstatement due to fraud.

• Planning and performing the audit to obtain

reasonable assurance about whether the

financial statement, whether cause by error

or fraud.

• Exercising due care in planning, performing,

evaluating and documenting the result of

audit procedures and instance of fraud.

34

EXTERNAL AUDITORS FRAUD RESPONSIBILITIES (CONTD.)

EXTERNAL AUDITORS RESPONSIBILITIES (contd.)

• Processing the proper degree of professional skepticism, assuming neither dishonesty nor unquestioned honesty of management.

• Determine whether significant accounting policies are acceptable given the nature of the account or transaction.

• Auditing large, unusual, or complex transaction.

Evaluating the quantitative and qualitative significance of difference between the accounting records and the underlying facts.

Reporting all instance of fraud to the appropriate level of management ,e.g. at least one level above the personnel involved.

35

INTERNAL AUDITORS FRAUD RESPONSIBILITIES

Proficiency – Internal Auditors should possess the

knowledge, skills and competencies needed to perform

their individual responsibilities. The internal auditing

activity should possess or obtain the knowledge, skills

and competences needed to perform its responsibilities

36

IAs FRAUD RESPONSIBILITIES (CONTD.)

The internal auditor should have sufficient knowledge to identify

indicators that fraud may have been committed. This require that

the internal auditor knows the characteristics of fraud, the

techniques used to commit fraud, and the types of frauds

associated with the activities audited.

The internal auditor is not expected to have the expertise of a

person whose primary responsibility is detecting and

investigating fraud.

37

INSTITUTE OF INTERNAL AUDITOR’S

PRACTICE ADVISORY 1210.A2-1

• IDENTIFICATION OF FRAUD

1. Fraud encompasses an array of irregularities and illegal acts characterized by international deception. It can be perpetrated for the benefit of or to the detriment of the organization and by persons outside as well as inside the organization.

2. Fraud designed to benefit the organization generally produces such benefit by exploiting an unfair or dishonest advantage that also may deceive an outside party.

38


PRACTICE ADVISORY 1210.A2-2

• RESPONSIBILITY FOR FRAUD DETECTION1. Management and the internal audit activity have differing roles with

respect to fraud detection. The normal course of work for the internal audit activity provide an independent appraisal, examination, and evaluation of an organization’s activities as a service to the organization.

The objective of internal auditing in fraud detection is to assist members of the organization in the effective discharge of their responsibilities by furnishing with analyses, appraisals, counsel, recommendations, and information concerning the activities reviewed. The engagement objective includes promoting effective control at a reasonable cost.

39


PRACTICE ADVISORY 1210.A2-2 (contd.)

2. Management has the responsibility to establish and maintain

an effective control system at a reasonable cost. To the degree

that fraud may be present in activities covered in the normal

course of work as defined above, internal auditors have a

responsibility to exercise “due professional care”.

3. A well designed internal control system should not be

conducive to fraud. Tests conducted by auditors, along with

reasonable controls established by management, improve the

likelihood that any existing fraud indicators will be

detected and considered for further investigation.

40


DUE PROFESSIONAL CARE -1220

Internal auditors should apply the care and skill expected of a reasonably

prudent and competent internal auditor. Due professional care does not

imply infallibility or extraordinary performance.

DUE PROFESSIONAL CARE 1220. A1 :

The internal auditor should exercise due professional care by considering the:

• Extent of work needed to achieve the engagement’s objectives;

• Relative complexity, materiality or significance of matters to which assurance procedures are applied.

• Cost assurance in relation to potential benefits.

• Adequacy and effectiveness of risk management, control, and

governance processes.

• Likelihood of material irregularities or noncompliance.

41

DUE PROFESSIONAL CARE 1220.A3

• The internal auditor should be alert to the significant risks

that might affect objectives, operations, or resources.

However assurance procedures alone, even when

performed with due professional care, do not guarantee that

all significant risks will be identified.

• If controls do not mitigate these risks and exposures, the

auditor should investigate further for the existence of fraud.

If sufficient indicators of fraud are detected, internal auditors

should recommend an investigation to the appropriate

individual.

SOURCE :

INTERNAL

AUDITORS:

• Keep an eye on the corporate climate.

• Serve as a safety net

for an organization.

• Find out what’s working

and what’s not.

• Tell it like it is.

• Assess risks.

• Uncover corporate

misbehavior.

•

INTERNAL

AUDITORS ALSO:

• Look at things with

fresh eyes.

• Raise red flags.

• And . . .

• Advocate a

culture within

organizations

to do the

right thing.

FRAUD DETERRENCE

FRAUD AWARENESS

This involves familiarity with many elements: the human element,

organizational behavior, knowledge of common fraud schemes, evidence

and its sources, standards of proof, and sensitivity to red flags. Lawrence

sawyer quite correctly states that “employee and management fraud is a

noxious weed which flourishes best in a permissive climate where the

seeds of fraud are helped, even invited, to blossom and mature.”

Too often, members of senior management cannot bring themselves to

believe that any of their people could conceivably commit dishonest acts.

When evidence of dishonesty is brought before them, they must refuse

to believe it – they refuse to think ill of some favored employee.

Management’s negligence or refusal to be realistic can generate a

climate for fraud to germinate.44

FRAUD AWARENESS (contd.)

The environment within an enterprise is generally developed and

maintained by senior management and the board of directors. To deter

fraud, the environment should be a rigorous one. Management should set

forth clearly in written policies its commitment fair dealing, its position on

conflict of interest, its requirement that only honest employees be hired, its

insistence on strong internal controls that are well policed, and its resolve to

prosecute the guilty.

CREATING AN ENVIRONMENT FOR COMMON MYTHS

DEALING WITH FRAUD

• MANAGEMENT PERSPECTIVE BAD PUBLICITY!

• FRAUD POLICY INVESTIGATION IS

• ESTABLISHING THE ENVIRONMENT COSTLY & DISRUPTIVE!

WE MIGHT GET SUED!45

FRAUD DETERRENCE (contd.)


FRAUD AWARENESS (contd.)

HOW TO ENCOURAGE FRAUD :

• Practice autocratic management

• Manage by powers with little trust in people

• Manage crises

• Centralize authority in top management

• Measure performance on a short-term basis

• Make profits the only criterion for success

• Make rewards punitive, string and political

• Give feedback that is always critical and negative

• Create a highly hostile, competitive workplace

Source: adapted from G.J. Bologna & R.J. Lindquist, Fraud auditing & Forensic Accounting (New York: John Wiley & sons, 1987), pp.47-49

46


Deterrence of fraud consists of those actions taken to discourage the

perpetration of fraud and limit the exposure if fraud does occur. The

principal mechanism for deterring fraud is control. Primary

responsibility for establishing and maintaining control rests with

management.

47

48


CREATING AN ENVIRONMENT FOR DEALING WITH FRAUD

An excellently structured source document from which individual

organizations can tailor their own Deterrence (and is some cases

Prevention) Policies that create the appropriate antifraud tone and / or

environment, is:

The 10 Step Antifraud Action Plan, published by the Institute of Internal

Auditors Inc., (IIA’s FSA Times, 1s Quarter 2005), which summarized

PricewaterhouseCoopers (PWC) White Paper titled,

“ The Emerging Role of Internal Audit in Mitigating Fraud and

Reputation Risks.”

FRAUD DETERRENCE (contd.)A 10-STEP ANTIFRAUD PLAN (Summary)

Given today’s environment, prudent internal

audit groups (indeed all concerned), will seek

to capitalize on antifraud-related opportunities

and minimize downside risks. To achieve such

a best-of-both-worlds positioning, internal

auditors need to develop a strategic plan to address their role in the

organization’s antifraud effort. In developing an antifraud action plan, the

following steps should be addressed:

1. Anticipate Questions and Manage Expectations.

E.g. - What are the company’s fraud and reputation risks? What

programs and controls have been implemented to mitigate these risks?

What is internal auditing doing to prevent and detect issues before

they emerge into a corporate scandal,? Etc.

49


10-STEP ANTIFRAUD PLAN (contd.)

2. Asses Existing Antifraud Programs and Controls.

Once the fraud and reputation risk assessment has

taken place, the organization will need to identify,

evaluate, and test the design and operating

effectiveness of its antifraud control activities. Fraud

monitoring should become an integral part of day-to-day operating

activities and should be included in planning and executing the annual

internal audit cycle.

3. Secure Management and Audit Committee Sponsorship.

Senior management and the Audit Committee should be persuaded to

take ownership of the antifraud With strong backing from the board and

management, internal auditing is better able to unearth critical

information about the organization’s fraud risks. 50



4. Assemble Fraud Expertise Within Internal Auditing.

An evaluation of the adequacy of the internal auditing’s fraud –related

activities should consider the depth of fraud expertise within, or

available to, the department. Internal auditing must have a solid

understanding of measures intended to prevent and detect fraud and

be able to evaluate and test antifraud control effectiveness, as well as

be knowledgeable about fraud auditing and forensic investigation

techniques.

5. Organize a Fraud and Reputation Risk Assessment.

An effective risk assessment will help to identify previously unidentified

risks and strengthen the ability of the organization to prevent and

detect fraud and misconduct before they reach scandalous

proportions. Furthermore, fraud and reputation-risks assessment can

identify cost saving opportunities far in excess of direct assessment

costs. 51


6. 1 10-STEP ANTIFRAUD PLAN (contd.)

6. Link Antifraud Control Activities.

Proper assessments of fraud and reputation risk require the auditor to

consider how the organization’s control might be circumvented or

overridden by the management and others, as well as to identify fraud

risks that cannot be tied to effectively designed and operating controls.

7. Evaluate and Test the Design and Operating Effectiveness of

Controls.

Although the process for evaluating antifraud controls is similar to that

for testing other control activities, it differs in one important manner; in

evaluating antifraud controls, internal auditors need to address the

possibility that management might seek to circumvent or override

controls intended to prevent or detect fraud.52

FRAUD DETERRENCE (contd.)10-STEP ANTIFRAUD PLAN (contd.)

8. Refine the Audit Plan to Address Residual Risk and Incorporate

Fraud Auditing.

Fraud auditing, as opposed to fraud investigation, is fairly new field,

largely being defined in response to toady’s environment. Fraud

auditing focuses on the risk of fraud, the probability of the occurrence of

fraud, and the significance of a fraud event or series of events, while

combining aspects of forensic investigation and standard audit

techniques. It generally requires knowledge of how frauds occur in

various industries and a firm grounding in the indicators of fraud

schemes that appear during an audit.

By contrast, fraud investigation – or forensic accounting – is an enquiry

into specific allegations or suspicions of fraud, focusing on determining

the nature, extent, cause and resolution of identified or suspected

fraudulent events.

53



9. Establish a standard process for responding to fraud allegations

or suspicions.

Organizations should not wait until fraud is detected to develop an

investigative process.

10. Remediate and prevent recurrence.

Whereas the investigation determines what happened, the remediation

process generally involves taking disciplinary and legal action against

wrongdoers, recovering losses and damages, and learning from the

incident to improve controls and recurrence.

54

55

FRAUD DETERRENCE (contd.)THE PSYCHOLOGY AND CHARACTERISTICS OF FRAUDSTERS

Criminologists such as Edwin Sutherland, Donald Cressey and John Clarke have all

postulated hypotheses purporting to explain, categorize or describe the psychology

and aspects that typify fraudsters. These various models featured aspects such as

• Genetical bases,

• Differential association,

• Fraud triangle,

• Sociological factors,

• Motivators,

• Beating the system,

• The Fraud Scale, and

• Work Place Conditions.

56

FRAUD DETERRENCE (contd.)THE PSYCHOLOGY AND CHARACTERISTICS OF

FRAUDSTERS (Contd.)

Dr. W. Steve Albrecht, a very prolific researcher, writer and speaker on white-collar

crime and business fraud, conducted extensive work in the in the 1980s which

expanded on and reconfirmed much of Donald Cressey’s study (Fraud Triangle)

and focused on the motivations of the perpetrators of occupational fraud and abuse.

He postulated that the mind of a perpetrator contained Nine Motivators,

summarized as follows :

• Living beyond their means

• An overwhelming desire for personal gain

• High personal debt

• A close association with customers

• Feeling pay was not commensurate with responsibility

• A wheeler- dealer attitude

• Strong challenge to beat the system

• Excessive gambling habits W. Steve Albrecht,

• Undue family or peer pressure Ph.D., CFE, CPA, CIA

FRAUD DETERRENCE (contd.)EMOTIONAL RESPONSES TO FRAUD

DO YOU NEED A POLICY FOR HANDLING SUSPECTED

WRONGDOING?

The answer is yes:

• Suspected fraud is unpleasant to

most managers.

• Cases can be complicated

and emotion laden.

• There is always the risk of mishandling a case and exposing the

organization to costly litigation.

• Handling of suspected wrongdoing merits a planned approached

developed with the benefit of input from top management and legal

counsel. 57

WHY DO YOU NEED A POLICY FOR HANDLING SUSPECTED WRONGDOING?

58

DENIAL DISMAY ANGER EMPATHYYOU MAY HEAR:

Loyal trusted

employee.

How dare you!

Do you know who

you are accusing?

Must be a mistake!

I can’t believe it! Let’s get him!

Sue them!

Call the police!

Fire them!

Make them pay!

Value to the

organization.

Forgive and forget

Error in judgment

I know her!

What will happen if

we do this?

DANGERS :

Investigation is

Stopped

Cover up

Sets a tone of

Permissiveness

None Civil Litigation by

litigation.

Extortion.

Wrongful

Termination

Defamation.

Termination or bond

Discrimination.

Sets tone for

permissiveness.

59

FRAUD DETERRENCE (contd.)WHY DO YOU NEED A POLICY FOR HANDLING SUSPECTED

WRONGDOING? (contd.):

The approach should be developed before

management is confronted with an

embezzlement by good old “Auntie” Margaret,

leader of the company choirs, banker of the

long standing company “partner,” a mother to

many, and who has been with us for 28 years.

Policy should be established in calm, not crisis.

By having an established policy an

organization is able to institutionalize the

approach and reduce role of personalities

in decisions regarding each case.

60

A POLICY FOR HANDLING SUSPECTED

WRONGDOING? (contd.)

REASONS FOR HAVING A POLICY INCLUDE:

• Raising awareness of management and others.

• Establish responsibility for detection and investigation.

• Reduce the impact of emotions.

• Reduce the opportunity for

discrimination.

• Reduce the opportunity for successful

litigation by suspects.

61

POLICY FOR HANDLING SUSPECTED

WRONGDOING? (contd.)

ITEMS WHICH MIGHT BE INCLUDED IN A POLICY

Management is responsible for being aware of exposures and

symptoms of exposures in their areas, and for detecting suspected

wrongdoing. Definitions of responsibilities must be clearly stated for

the following:

• Conducting investigations

• Initial notification

• Filing bonding claims

• Referring cases to law enforcement

• Notifying bonding company

62

POLICY (contd.)

Guidelines for case handling so as to avoid charges of malicious

prosecution, slander, libel and false imprisonment should be included.

Concerned managers represent one of the greatest threats to successful

handling of cases. The individual with infrequent exposure to fraud cases

is much more likely to compromise an investigation than the seasoned

investigator or auditor. For example, the policy should include specific

instructions to managers not to contact suspects or discuss the case.

63

POLICY (contd.)

There are many topics which can be included in your written policy. Yet

most organizations have no written policy, or have a policy which is limited

to “call internal audit”, or “call security”. The following topics for example,

should be adequately covered for a policy to be effective:

• Management is responsible for knowing what can go wrong in their areas and for recognizing symptoms of wrongdoing

PURPOSE: To raise management awareness and to reduce opportunity for blame by encouraging accountability

• Initial notification of internal audit should be made immediately upon

discovery. Management should not confront the suspect or investigate

in an angry manner.

PURPOSE: To reduce opportunity for compromising the investigation

by alerting suspect or mishandling the matter. The greatest threat to a

successful investigation environment is overly enthusiastic (and

sometimes angry) management.

64

POLICY (contd)

Topics to be covered in an effective policy (contd.) :

• Responsibility for investigations should be assigned

PURPOSE: To reduce confusion, to assure that investigations are

conducted by those properly trained to do so and to prevent others from

compromising the investigation.

* The policy should include guidelines for case handling so as to reduce

opportunity for successful litigation for malicious prosecution,

defamation, false imprisonment or confinement.

65

POLICY (CONTD.)

Topics to be covered in an effective policy (contd.) :

• The policy should include a statement regarding

termination or suspension of dishonest employees.

PURPOSE: To reduce the opportunity for

uncollectible losses resulting from invading the bond by retaining

dishonest employees.

* SUBJECT: Suspected defalcation, misappropriation and similar

irregularities.

PURPOSE: The purpose of the procedure is to communicate company

policy regarding investigation of suspected defalcation, misappropriation

and similar irregularities. The procedure also provides specific

instructions for operating management regarding appropriate action in

case of suspected improprieties of this type.

66

POLICY (contd)

APPLICABILITY: This procedure applies to the company and all

subsidiaries and affiliates. It is intended that managers be aware of this

procedure since good business practice dictates that every suspected

defalcation, misappropriation or irregularity be promptly identified and

investigated.

DEFINITIONS: The term defalcations, misappropriation and other

irregularities includes:

• Any dishonest or fraudulent act

• Forgery or alteration of policy related items eg. Loans, surrenders and changes in beneficiary.

• Forgery or alteration of cheques drafts, promissory notes and securities.

• Any misappropriation of frauds, securities, supplies or any other asset.

• Any irregularity in the handling or reporting of money transaction

67

POLICY (CONTD.)

RESPONSIBILITIES: Operation management is responsible for detecting

improprieties. Each manager should be familiar with the types of

improprieties that might occur in his area and be alert to any indication that

such a defalcation, misappropriation or irregularity is or was in existence.

As soon as an impropriety is detected or suspected, the internal audit

department should be contacted immediately.

The internal audit department , for example, could be responsible for the

investigations or for the direction of the investigation of any suspected

irregularity and will coordinate investigations with the legal department.

68

SAMPLE FRAUD POLICY

BACKGROUND

The corporate fraud policy is stabled to facilitate the development of

controls, which will aid in the detection and prevention of fraud against

Sample Company Ltd. It is intent of the company to promote consistent

behaviour by providing guidelines and assigning responsibility for the

development of controls and conduct of investigations.

SCOPE OF POLICY

This policy applies to any irregularity, or suspected irregularity involving

employees as well as shareholders, consultant, vendors or outsider

agencies doing business with employees of such agencies or any other

parties with a business relationship with the company. It is to be read in

conjunction with the company’s Grievance Procedure and Disciplinary

Code. Any investigative activity required will be conducted without regard

to the suspected wrongdoer’s length of service, position/title or relationship

to the Company.

69

SAMPLE POLICY (CONTD.)

Management is responsible for the detection and prevention of fraud,

misappropriations, and other irregularities. Fraud is defined as the

intentional, false representation or concealment of a material fact for the

purpose of inducing another to act upon it to his or her injury. Each

member of the management team will be familiar with the types of

improprieties that might occur within his or her area of responsibility.

It is the policy of the Commission that any irregularity that is detected or

suspected must be reported immediately to the Chief Internal Auditor who

coordinates all investigations with the Legal Department and other affected

areas, both internal and external.


ACTION CONSTITUTING FRAUD

The terms defalcation, misappropriation and other irregularities refer to, but

is not limited to:

• Any dishonest or fraudulent act

• Forgery or alteration of any document or account belonging to the commission

• Misappropriation of funds, securities &supplies

• Impropriety in the handling or reporting of money or financial transactions

• Profiteering as a result of insider knowledge of company activities

70


• Decisions to prosecute or refer to the examination results to the

appropriate law enforcement or regulatory agencies for independent

investigation will be made in conjunction with legal counsel and senior

management, as well as final decisions on disposition of the case.

INVESTIGATION RESPONSIBILITIES

The Internal Audit unit has the primary responsibility for the investigation of

all suspected fraudulent acts as defined in the policy. If the investigations

substantiates that fraudulent activities has occurred, the Internal Audit unit

will issue reports to appropriate designated personnel and if appropriate to

the Board of Directors through the Audit Committee.

Decisions to prosecute or refer to the examination results to the

appropriate law enforcement or regulatory agencies for independent

investigation will be made in conjunction with legal counsel and senior

management, as well as final decisions on disposition of the case.71


CONFIDENTIALITY

The Internal Audit Unit treats all information received confidentially. Any

employee who suspects dishonest or fraudulent activity will notify the

Internal Audit Unit immediately, and should not attempt to personally

conduct investigations or interviews/interrogations related to any suspected

fraudulent act.

Investigations results will not be disclosed or discussed with anyone other

than those who have a legitimate need to know. This is important in order

to avoid damaging the reputations of persons suspected but subsequently

found innocent of wrongful conduct and to protect the Company from

potential civil liability.

72

73


AUTHORIZATION FOR INVESTIGATING SUSPECTED FRAUD

Members of the Internal Audit Unit will have:

• Free unrestricted access to all Commission records and premises,

whether owned or rented AND

• The authority to examine, copy and remove all or any portion of the

contents of files, desks, cabinet and other storage facilities on the

premises without prior knowledge or consent of any individual who may

have custody of any facilities when it is within the scope of their

investigation.


TERMINATION

• If an investigation results in a recommendation to terminate an

individual, the recommendation will be reviewed for approval by the

designated representatives from Human Resources Development

Department and the Legal arm of the Administration department if

necessary, by outside counsel, before any such action is taken.

• The Internal Audit Unit does not have the authority to terminate any

employee. The decision to terminate an employee is made by the

employee’s management. Should the Internal Audit Unit management

decision inappropriate for the facts presented, the facts will be

presented to executive level management for a decision

74


ADMINISTRATION

The director of ……… is responsible for the administration, revision,

interpretation and application of this policy. The policy will be reviewed

annually and revised as needed.

APPROVAL ……………… ……….

Chairman/Managing Date

Director

………………

Board

75

SAMPLE FRAUD POLICY 2

TABLE OF CONTENTS

ACKNOWLEDGEMENTS

1. BACKGROUND:

• 1.1 Introduction / Overview 4

• 1.2. Purpose / Objectives of Fraud Policy 4

2. SCOPE OF POLICY:

• 1. Applicability

• 2.General Policy and Responsibilities 5

• 3. Confidentiality 5

• 4. Deterrence / Prevention 6

• 5. Reporting

3. FRAUD:

• 1. Definition 7

• 2. Action Constituting Fraud 7

• 3. Staff Education and Awareness 8

• 4. Client and Community Awareness 8

4. FRAUD RISK ASSESSMENT

5. WHISTLE BLOWING 8 76

SAMPLE FRAUD POLICY 2 (CONTD.)

6. FALSE ALLEGATIONS 8

7. INVESTIGATION RESPONSIBILITIES 8

• 1 Security of Evidence

• 2 Reporting the Outcome of Investigations 8

• 3 Recovering Assets 8

• 4 Other Issues (Corrections, Training, etc.) 8

8. CONFIDENTIALITY 9

9.. AUTHORISATION FOR INVESTIGATING SUSPECTED FRAUD 9

10. REPORTING PROCEDURES 9

• 1. Employees 9

• 11. Supervisors / Managers 9

• 111. Internal Audit 9

• 1v. External Audit 9

11. TERMINATION 9

12. MEDIA ISSUES 9

13. INSURANCE RECOVERY 9

14. APPROVAL 977

FRAUD DETERRENCE (contd.)EMPLOYMENT PRACTICESThough Employment practices are more associated with Fraud Prevention

efforts, practices such as Psychological / Pyschometric Tests, Whistle

Blowing Policies, Pre-Employment sensitization efforts, Mandatory

Vacations, Job Rotations, and Unscheduled (surprise) audits, Ethics

Programs and Discilinary Actions all help to DETER.

78

FRAUD PREVENTION• INTRODUCTION TO FRAUD PREVENTION

• FRAUD PREVENTION METHODS USED BY ACCOUNTANTS

• COSO FIVE (5) STEP FRAUD PREVENTION

• THE FOUR STEP APPROACH

• SOME AVOIDABLE MISTAKES!

79

FRAUD PREVENTIONINTRODUCTION TO FRAUD PREVENTION

The many precautions one can take to prevent fraud gives to the old cliché

That states “an ounce of prevention is worth a pound of cure.”

Businesses and consumers can take appropriate steps and procedures to

mitigate, minimize or avoid fraud losses but it must be stressed that taking

the precautions possible does not guarantee that companies or consumers

will not become victims.

80

FRAUD PREVENTION (contd.)

ACCOUNTANTS’ PERCEPTION

According to the Managerial Auditing Journal, (2006; Vol. 21 No.5, pp.520-35;

ISSN : 0268-6902), although firewalls, virus and password protection, and internal

control review are quite commonly used to combat fraud, discovery sampling, data

mining, forensic accountants and digital analysis software are not often used,

Despite receiving high ratings of effectiveness.

81


ACCOUNTANTS’ PERCEPTION ((contd.)

In an article authored by James L. Bierstaker, Richard G.

Brody, and Carl Pacini, C. titled, "Accountants'

perceptions regarding fraud detection and prevention

methods,” published by Emerald Group Publishing

Limited, they contend that although organisational use of forensic

accountants and digital analysis were the least often

used of anti-fraud methods, they had the highest

effective mean effectiveness ratings. The lack of use of

these highly effective methods have been blamed on

lack or organizational resources.

The following table summarizes the procedures in terms of their percentage

usage and level of effectiveness:

82


ACCOUNTANTS’ PERCEPTION ((contd.)

PRACTICAL IMPLICATIONS

Based on the above therefore, organizations should consider the cost / benefit

tradeoff in investing in highly effective but potentially underutilized methods to

prevent or detect fraud. While the costs may seem prohibitive for small

organizations, substantial cost savings from reduced fraud losses may also be

significant.

84

FRAUD PREVENTION (CONTD.)COSO FIVE (5) STEP FRAUD PREVENTION

1. Control Environment

• A strong control environment based on a culture of honesty and high

ethics is critical to a successful antifraud programs and controls.

• Control environment elements pertaining to antifraud programs and

controls include:

• Codes of Conduct/Ethics

• Ethics Hotline/Whistleblower program

• Integrity Diligence in Hiring and Promotion

• Board and Audit Committee Oversight Of

Management’s Antifraud Efforts

• A Standard Investigative Process

• Remediation of Identified Fraud

85

FRAUD PREVENTION (CONTD.)

COSO FIVE (5) STEP FRAUD PREVENTION (CONTD.)

2. Fraud Risk Assessment

• Fraud and reputation-risk assessments are the corner stones of an

antifraud program that anticipates, rather than reacts to, fraud and

misconduct. An effective fraud and reputation-risk assessment will

identify previously unidentified risks and strengthen the ability of the

organization to prevent and detect fraud and misconduct before they

emerge into a corporate scandal. A fraud and reputation-risk

assessment, moreover, should identify cost-saving opportunities far in

excess of the cost of the assessment.

3. Control Activities

• Once the fraud risk assessment has taken place, the organization

should identify the control activities implemented to mitigate the

identified fraud risk. In the context of antifraud management program,

control activities are those actions taken by management to identify,

prevent and mitigate fraudulent financial reporting or misuse of an

organization’s assets. 86


COSO FIVE (5) STEP FRAUD PREVENTION (CONTD.)

4. Information and Communication

• Effective communication is critical to ensuring the success of antifraud

programs and policies. Anti fraud policies must be stated clearly. This

information must be communicated to employees effectively. An

assessment of the antifraud program must consider whether the

content of it policies is appropriate, timely, current and properly

disseminated.

5. Monitoring

• A company’s antifraud controls, programs and policies must be

subjected to ongoing and periodic performance assessments. The

frequency of these assessments is a matter of management’s

judgment. In determining the frequency consideration should be given

to the following: the nature and degree of changes occurring, the

competence and experience of the individuals implementing the

controls, and the results of ongoing monitoring.87


THE FOUR STEP APPROACH

This approach in prevention is based upon the reduction of both the

opportunity to commit fraud and go undetected, and incentive. Research

studies and experience show that opportunity and likelihood of being

detected play major roles in the individual decision to commit fraud.

88

89

THE FOUR STEP APPROACH (contd)

STEP 1. Screen out those who are likely to commit fraud Companies can:

a. Do criminal back ground checks on employees and vendors, in

accordance with law and contract.

b. Call previous employers to verify employment dates. For jobs with candidates who have previously worked

for the organization, verify employment

and eligibility to be rehired.

90

FOUR STEP APPROACH (CONTD)

c. Confirm school transcripts, degrees and certification.

d. consider getting a credit history for applicants in high exposures positions.

e. consider drug testing

f. Use psychological ‘ psychometric testing

g. Establish procedures for debarring and suspending problem vendors and contractors.

Monitor to see that they are working

91

4 STEP APPROACH (CONTD.)

STEP 2. Reduce the opportunity available.

Auditors and Managers can:

a. Be sure internal control decisions include

consideration of what kind of fraud can be

perpetrated, and by whom

b. Be sure that subordinates and operators, in

making decisions about controls are fully

aware of the fraud implications of the control

in place or suggested.

92

STEP 2 (contd.)

c. In areas where segregation of duties is not practical, use alternative controls to reduce opportunity. Management sampling of work and quality assurance techniques have proven valuable. Mandatory vacation and rotation of assignments are useful for surfacing fraud

requiring ongoing cover-up activity.

93


STEP 3.

Create an environment in which employees believe that

dishonest acts will be detected by management,

monitoring techniques, other employees or the

auditors.

a. Build fraud detection steps into every

audit using the five step approach to

fraud detection. Use exposure

analysis to relate fraud exposures and

symptoms to audit program steps.

94


STEP 3 (CONTD.)

b. Bring fraud into the open. Discussion of the

implications of internal controls, and review the

frauds reported in newspapers, magazines and

trade journals all heighten awareness.

c. Consider conducting an in-house program for

supervisors and managers covering dishonest

and fraudulent activities which would occur, and

what the symptoms might be.

95


STEP 3 (contd.)

d. Determine that the fraud implications of controls designed and intended to detect fraud are fully understood by the clerical and supervisory personnel responsible for them. Fight form without substance.

e. Establish communication methods which encourage employees to report suspected fraud directly to those responsible for investigation without fear of disclosure or retribution.

96


STEP 3 (contd.)

f. Consider the use of a fraud hotline.

Government, health care insurers, and

some retailers are using hotlines

successfully.

g. Report all fraud activity to the audit

committee or the board of directors.

97


STEP 4. Create an environment in which dishonest

acts are not related and are, in fact punished.

a. Develop and implement a policy for handling

suspected dishonest and fraudulent activities,

including termination and reporting to law enforcement.

b. Communicate such policy to all directors, officers, employees, agents and other interested parties.

98


STEP 4 (contd.)

c. Develop and implement a code of ethics for

employees, clearly defining acceptable and

unacceptable activities.

d. Require all vendors and contractors to

agree in writing, a part of the contracting

process to abide by the code of ethics.

99


STEP 4. (contd.)

e. Develop and implement codes, guidelines and

organizational policies designed to prohibit

conflicts of interest. Some companies now

require that employees disclose possible

conflicts of interest involving other employees.

100

SOME AVOIDABLE MISTAKES

IN FIELD WORK

The auditors sampled from the shelves

or from file cabinets instead of from

Controlled sources. They had no chance

of including for testing files hidden or

destroyed. Although it had been 3 years

since the last audit, the sample included

only transactions in the last 6 months.

The auditors miss the significant fraud

which had stopped 9 months before the

audit.

101

FRAUD DETECTION TECHNIQUES

* INITIAL DETECTION

* UNDERSTANDING

RED FLAG

* UNDERSTANDING SYMPTOMS

DETECTION INTRODUCTION TO FRAUD DETECTION

FRAUD SURFACES THROUGH:

• MANAGEMENT REVIEW & OTHER CONTROLS

• INTERNAL AUDIT

• PUBLIC ACCOUNTANT

• LAW ENFORCEMENT

• CONCERNED EMPLOYEES

• OUTSIDE INFORMANTS

• UNSOLICITED CONFESSION

For example, the ACFE’s 2014 survey

showed the Initial Detection of occupational

Frauds as follows:

102

DETECTION (CONTD.)INTRODUCTION TO FRAUD DETECTION (Contd.)

SINCE OPPORTUNITY FOR FRAUD IS INCREASED WHEN:

• SEGREGATION OF DUTIES BREAKS DOWN

• SEGREGATION OF DUTIES IS NOT PRACTICAL

• SUPERVISORY REVIEW IS ABSENT OR PERFUNCTORY

• CONTROLS BREAKDOWN!

We should direct our detection efforts in these directions!

104

DETECTION (CONTD.)INTRODUCTION TO FRAUD DETECTION (Contd.)

In addition, Opportunity is also increased and auditors should be

particularly alert when auditing transactions:

• At remote locations or branches,

• Under control of on person,

• Processed outside of normal operating routines,

• Initiated during: vacations, illness, management change & leaves of absence,

• Processed by outside agent,

• Requiring special handling,

• Related to unrecorded assets,

105

DETECTION (CONTD.)THE FIVE STEP APPROACH TO FRAUD DETECTION

1. KNOW THE EXPOSURES

Know what go wrong, who could do it, what opportunities there are for

employees, executives, outsiders, suppliers, agents and others

providing goods and services. For cooking the books, know the

pressure for favorable results. Understand the systems, the control and

what they are intended to prevent or detect.

2. KNOW THE SYMPTOMS OF OCCURRENCE

Symptoms are specific and may be of the fraud itself, or of the cover up

attempt. For each exposure know how it would be reflected in

documents, reports, computer files, edit reports

paid cheques, reconciliations, accounts, complaint

files, adjusting or correcting entries.

106

DETECTION (CONTD.)THE FIVE STEP APPROACH (Contd.)

3. BE ALERT FOR SYMPTOMS

Many cases are detected by an auditor or manager following throughon a symptom noted while actually looking for something else.

4. BUILD AUDIT PROGRAMS TO LOOK FOR SYMPTOMS

Determining exposure and evaluating internal control precedes writingthe audit program. Some environments may lack controls which theinternal auditor can rely upon to protect his organization’s interest.Such environments include some branch

offices and other remote locations, and

outsiders such as vendors, agents

and contractors. Even the organization

with good controls, frequently there are

areas or departments lacking

segregation of duties or meaningful

supervisory review.

107


4. (contd.) BUILD AUDIT PROGRAMS TO LOOK FOR SYMPTOMS

In developing the audit program the internal auditor should include

specific steps designed to look for symptoms of fraud. Sampling plan

should take into consideration the fraud exposure and the reliability of

internal controls. Building audit program to look for symptoms includes:

• Selecting large samples for limited fraud tests

• Looking for symptoms of fraud occurrence

• Using computer techniques to look for fraud occurrence

• Stratification of the population, stratified sampling, direct sampling and

discovery sampling may prove to be helpful. In the completely

uncontrolled environment the auditor will want to determine the tolerable

undetected fraud allowable in the population. The auditor may want to

design his sample so as to include a fraudulent occurrence should the

level of fraud in the population aggregate more than the tolerable amount.108


5. FOLLOW THROUGH ON ALL SYMPTOMS OBSERVED

The auditor should resolve all symptoms. The auditor should operate with an attitude of healthy professional skepticism. Beware of pressures to complete work on time, the single symptoms that you are looking at may not be an occurrence and it may be one of many.

• NB No fraud is acceptable but auditors in deciding sample sizes actually are determining the probability of having the opportunity to detect fraud. The probability is dependent upon the amount of fraud the size of the population and the sample selected.

.

109

FRAUD DETECTIONTECHNIQUES• UNDERSTANDING RED FLAGS

110

DETECTION (CONTD.)UNDERSTANDING RED FLAGSRed flags of fraud are fraud-related variables or forces that influence the

decision to commit fraud. Research reported in “How to detect and Prevent

Business Fraud,” by W. Steve Albrecht, categorized red flags as :

(1) Situational,

(2) Opportunity, and

(3) Personal characteristics.

Examples of red flags are:

Situational red flags:

High personal debts or losses

Living beyond one’s means

Gambling or speculation

Excessive use of alcohol or drugs

Illicit involvement with members of opposite sex

Perceived inequities in organization 111

DETECTION (CONTD.)UNDERSTANDING RED FLAGS (Contd.)

Opportunity Red Flags :

Familiarity with operations and position of trust

Close association with suppliers and key people

Dominant top management

Dishonest or unethical management

Too much trust in key employees

112


Company situations encouraging fraud on its behalf:

Heavy investments or losses

Urgent need for a favorable earnings

Temporary bad situation

Revoked or imperiled licenses

Opportunity for fraud on behalf of the company:

Related party transactions

Poor accounting records

Poor internal controls or weakness enforcement

A typical or hot industry113


Personal characteristics red flags include:

Low moral character

Wheeler-dealer

Rationalizer of contradictory behavior

Poor credit rating or financial status

114


AVOID OVERREACTING TO RED FLAGS :

Some red flags will always be present, even

though fraud may not be. After fraud has

surfaced, red flags surface too. These red flags

may have been observed by managers and

auditors and explained away.

Some auditors and managers tend to overreact to red flags and create

some real problems. Auditors faced with spending –related red flags may

try to investigate lifestyle. It may be better to use the red flags to trigger an

audit instead of an investigation of the person. Such an audit should include

specific steps aimed at identifying symptoms of fraud occurrence.

115

DETECTION (CONTD.)

UNDERSTANDING RED FLAGS (Contd.)

IMPACT OF BEHAVIORAL RED FLAGS ON AUDITING

* Do not count on your knowledge of red flags to protect you from fraud.

There are too many other variables. Do not ignore them, however, the

following usually should result in additional audit / investigative work or a

change of scope:

Red flags are usually most valuable if they relate to a sudden change in lifestyle or behavior. There is an old saying among gamblers and speculators - “Fast money stays fast” Many people seem to tend to spend money they do not really think they deserve. So somebody who is stealing may seem to waste the proceeds. Pay attention to sudden dramatic changes in observable spending patterns.

Unbelievable lifestyle or spending should draw

audit attention!116

DETECTION (CONTD.)

UNDERSTANDING RED FLAGS (Contd.)

Some types of fraud require active ongoing cover-up activity. Staying late,

coming in early, and never taking vacation is common behavior for some

types of fraud. Perpetrators sometimes will show a great deal of interest in

the audit process, offering to help out, provide explanations, and generally

monitor progress and direct the audit away from themselves.

Inquiries such as, “Has anyone ever been caught stealing here?” or “I

wonder what happens if an employee is taking inventory?” could alert a

manager to fraud. Excuses, including “ I’m working

on those records at home!” and “We haven’t had

time to make that deposit,” or “The bank lost that

deposit!” demand immediate follow up action.

117

DETECTION (CONTD.)UNDERSTANDING SYMPTOMS

This is the key to the detection of wrongdoing. A symptom of fraud may

be defined as a condition which is directly attributable to dishonest or

fraudulent activity. It may result from the fraud itself or from the attempt to

conceal the fraud.

Managers and auditors interested in operating controls need to be familiar

with what can go wrong in the areas they manage or audit. And they need

to know what symptoms may be reflected in books, records, accounts,

documents, reports and reconciliations if something does go wrong.

118

DETECTION (CONTD.)UNDERSTANDING SYMPTOMS (Contd.)Knowledge of exposures and symptoms is needed by anyone working with

controls. Examples of symptoms of fraud includes:

1. Missing document

2. Shortages in cash drawers

3. Overages in cash drawers

4. Control total of cheques received does not balance to chequesdeposited

5. Presence of a “thief’s adding machine

6. Excessive voids or refunds

7. Excessive voids or refunds

8. Deposits in transit are slow in reaching the bank

9. Deposits in transits are growing

10. Manual or computer detail does not equal control totals

11. General ledger does not balance

12. Customers complain, “I paid this!”119

DETECTION (CONTD.)UNDERSTANDING SYMPTOMS (Contd.)

13. Adjustments to receivables

14. Increases in past due accounts

15. Excessive late charges

16. Increase in write-offs of late charges

17. No collections on past due or written off accounts

18. Adjusting entries lack formal approval

19. Shortages in inventory / Adjustments to inventory

20. Deviation from specification on delivered goods/services

21. Shortages on delivery

22. Cheque amounts have been altered

23. Goods purchased are in excess of needs

24. Delivery location is not your office, plant or job site

25. Duplicate payments

26. Employees are not present at payroll payoff

120


27. Payroll cheques have second endorsements by a boss

28. Handwriting on endorsement does not match signatures on file

29. Invoices are duplicates or copies

30. Invoices from a plain paper are not permitted forms or letterhead

31. Old outstanding cheques in bank reconciliations

32. Payees have common names and addresses

33. Addressed change followed by a request for payment

34. Vendor’s address is the same as an employee address

35. Top performance by a new sales person

36. Any performance that is too good to be believed

37. Alteration of documents

38. Changes in logs, day books and time report

121


39. Liquid paper and erasures on timecards

40. Copies where originals are expected

41. Support for payments is not canceled or marked paid

42. A computer report total is incorrect

43. Payments made in currency when cheques were expected

44. An employee does not remember working on a job his hours were charged to

45. An employee name or number is coded into an application program

122

Fraud Myths That Hurt Companies.

Since fraud inherently involves intent and concealment, many

organizations may be lulled into a false sense of security, and are

still operate with some big misconceptions about employee fraud.

Lack of awareness and common misconceptions about fraud persist

in both the private and public sectors. If persons mistakenly believe

that their organization is not at risk, they will probably not actively

try to deter, prevent, detect and invs estigate fraud.

Organizations must know the truth about fraud and its perpetrators in

order to actively protect ourselves. The following are some of the

more popular myths about fraud :

123


MOST PEOPLE ARE HONEST AND WON’T COMMIT FRAUD.

This is a dangerous approach to take to the business of fraud. It istrue that most people are generally honest. But to rely on this insteadof putting controls in place to prevent fraud is a big mistake.

While it’s wise to hire those with a track record of honesty, pastbehavior doesn’t necessarily predict future behavior. Almost 88percent of employees and executives who commit fraud against theiremployer have never before been charged or convicted of a fraud-related offense. This means it’s nearly impossible for companies topredict who is going to commit fraud and when they are going to do it.

124


MOST PEOPLE ARE HONEST AND WON’T COMMIT FRAUD(contd.)

It is a fact that honest people can and do commit fraud. Outsidepressures can cause people to behave in ways they normally wouldnot. Things that could push someone toward fraud include addictions,divorce, overwhelming debt, and gambling problems. When pressureslike this are present, it’s difficult to predict who will commit fraud.

In the end, those who commit fraud come from all walks and ways oflife. From clerks to executives, no one is immune. Thieves come fromall social classes and all economic backgrounds. If given a strongmotivation and ample opportunity, anyone can commit fraud againsther or his employer.

125


OUR COMPANY DOES NOT HAVE AN INTERNAL FRAUDPROBLEM – OUR PEOPLE WOULD NOT COMMIT FRAUD!

While companies would like to believe they have good employees andadequate controls to prevent fraud, the fact of the matter is that 45percent of companies will be significantly affected by fraud, accordingto one international study. A separate study estimates that theaverage internal fraud will cost $159,000, and that almost one-fourthof fraud cases will cost companies over $1 million each.

ERNST & YOUNG research revealed that more than 85% of fraudswere committed by insiders, more than 55% of perpetrators ofcorporate fraud were from management ranks. In addition, althoughthe tenure of the typical fraudster is three to five years, 85% of themanagers committing the largest frauds had less than one year ofservice in their new roles.

126


IF FRAUD OCCURRED, IT WOULD BE DISCOVERED QUICKLY!

Most companies believe they have sufficient safeguards in place todetect fraud, and because no fraud has been uncovered, they believethat no significant fraud is occurring. Many companies rely mainly ontheir internal controls to detect fraud, but Ernst & Young’s researchreveal that 38% of companies have never trained their employees onFraud prevention and detection.

Also, it is important to note that internal control, no matter how welldesigned and operated, can provide only reasonable assurance tomanagement and the board of directors is affected by limitationsinherent in all control systems. These may include, Faulty humanjudgment in decision-making causing breakdowns such as simpleerror or mistake; Circumvention of controls by the collusion of two ormore people; and Management override of control system.

127


SMALL FRAUDS AREN’T IMPORTANT ENOUGH FORMANAGEMENT TO WORRY ABOUT, DAMAGES WOULD NOT BESIGNIFICANT – WE CAN DEAL WITH IT.

Virtually every big fraud started out as a small fraud at one point.Whether it is a minor theft of cash or a financial statementmanipulation intended to cover up a substandard quarter, what startsout as a small fraud can quickly grow into a major fraud scheme. Atheft of $500 may not seem significant enough for management todevote time and effort to the problem. But what if an employee wasstealing $500 a week for three years? Suddenly, there is a theft of over$75,000, which could be very material to the company.

It’s important for companies to take small frauds and ethical lapsesseriously. Not only does management want to cut off frauds whilethey are in their early stages, they also should be sending a messageto employees that dishonesty is not tolerated. A zero tolerance policyis a necessary part of any good fraud prevention program.

128


SMALL FRAUDS AREN’T IMPORTANT ENOUGH FORMANAGEMENT TO WORRY ABOUT, DAMAGES WOULD NOT BESIGNIFICANT – WE CAN DEAL WITH IT.

It may be expensive to monitor and investigate smaller thefts from thecompany. However, in the long run, the cost will be worthwhilebecause the company will have stopped frauds from growing into thehundreds of thousands and millions of dollars. Therefore, an effectivefraud prevention program will contain components that help thecompany

According to Ernst & Young, only about 20% of losses are recoveredfrom perpetrators, and only an additional 19% are recovered throughinsurance policies. Reputational damage can be even morechallenging to measure as its impact is far reaching, and severesecondary effects such as reduction in stock price, decline incustomer loyalty, reduced sales and reduced employee productivitycan be suffered.

129


FRAUD WILL BE DETECTED BY OUR AUDITORS.

History has shown us that a company’s external auditors cannot be

relied upon to find fraud. This is true primarily because audits are not

designed to detect fraud. They are designed to give “reasonable

assurance” that the numbers shown on the financial statements are

materially accurate.

Because fraud involves the active concealment of the truth, it makes it

difficult for auditors to discover. Although auditing standards have

attempted to address how auditors approach the potential for fraud

within companies, a traditional independent audit still cannot be relied

upon to detect fraud. Executives who believe differently are setting

their companies up for disaster.

130


IF OUR COMPANY FOLLOWS GOVERNMENT REGULATIONS, WE

WILL BE PROTECTED AGAINST FRAUD.

Unfortunately, the current accounting rules and plethora of

Government regulations do not really provide protection against

fraud. Although companies may spend enormous amounts of money

in being compliant, it doesn’t really ensure that many have fraud

prevention procedures in place.

In order to effectively prevent fraud, companies must create and

implement policies and procedures specifically designed to deter and

detect fraud. Again, this should be accomplished with the help of an

anti-fraud professional who is experienced in the methods used by

corporate fraudsters. A good fraud prevention program will actively

prevent and detect fraud while still complying with the applicable

regulations.

131


IF OUR COMPANY FOLLOWS GOVERNMENT REGULATIONS, WE

WILL BE PROTECTED AGAINST FRAUD.

Therefore, the best protection against fraud therefore involve the

following deterrence, prevention, detection and reporting best

practices:

1. Anti-fraud culture

2. Fraud policy

3. Fraud Awareness / Training

4. Whistle Blowing Policy / Hotline

5. Fraud Risks Assessment

6. Utilize Experts (Fraud Examiners, Forensic Accountants, etc.

7. Improved controls

132

REMEMBER :

PRAY, AS IF EVERY THING DEPENDS ON GOD,

BUT,

WORK, AS IF EVERYTHING DEPENDS ON YOU !!

THANK YOU FOR LISTENING !

“jamaica’s premier leadership and hr conference” theme

Documents