Improving and Implementing Internal Controls

ACFE Regent Emeritus Tommy Seah FCPA,CFE,CSI,FAIA,ACIB,MSID presents Implementing and Improving Internal Controls

Implementing and Improving Internal Controls Articulating the increasing need for comprehensive in-house fraud control procedures • Optimizing the accuracy and reliability of data acquired through internal inspections • Detailing the process of applying controls inside the organization, and demonstrating the outcome

“………… .. financial institutions must have in place, all the necessary measures to deter or prevent fraud and constantly review all its controls and measures and also have in place a fraud management function to prevent loopholes that fraudsters can exploit.” …… who (a rticulate) said that ?

march 05, 2009 at Shangri-La hotel and the guest of honour was Ms Teo Swee Lian, Deputy Managing Director, MAS.

Why is Internal Control Important?

Operations

Promotes efficiency and effectiveness of operations through standardized processes

Ensures the safeguarding of assets through control activities

Financial Reporting

Promotes integrity of data used in making business decisions

Assists in fraud prevention and detection through the creation of an auditable trail of evidence

Laws and Regulations

Helps maintain compliance with laws and regulations through periodic monitoring

Limitations of Internal Control

Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc.

Controls that depend on the segregation of duties may be circumvented by collusion

Management may override the structure

Compliance may deteriorate over time

The Trinity of Controls Internal Audit CPA(CIA) CSI, CISA Compliance CPA,LLB, CSI Risk Management CPA,CFA CSI Financial Control The Fraud Examiner CFE The Certified System Investigator CSI The Existing model

The Spectrum of Risk www.cfe-icg.com What is Risk ? Operational Risk Liquidity Risk Credit Risk Reputational Risk Market Risk B E C D A

www.cfe-icg.com Investigative auditing ( suspicious, unusual activities, allegations) E.g.. Money Laundering penetration Test Internal audit (COSO + COBIT+ ISO… “ External” Audit Forensic audit (Specific, Post event) Eg. NKF, CAO

Fraud Control Principle

Copyright (c)2006 www.cfe-icg.com If an organisation accepts that it is exposed to fraud – and no organisation is immune to fraud – the next step is to apportion responsibility for fraud risk management.

Internal Audit CPA(CIA) CSI, CISA Compliance CPA,LLB, CSI Risk Management CPA,CFA CSI Financial Control The CPA The Fraud Examiner CFE The Certified System Investigator CSI The Paradigm Shift Investigation Unit FRM Unit S.T.A.R Strategic Tracking and Resolution

Copyright (c)2006 www.cfe-icg.com FRM can be handled internally or be outsourced, and how it is handled is affected by many variables such as organizational size, industry sector, geographical location, cultural dynamics - and management perception of the problem.

The “Red Flags” of fraud www.cfe-icg.com Text Alcohol Gambling Drugs Sex Profile of A Person Who Commits Fraud Given the “right circumstances” , almost everyone can rationalize that it is OK to commit fraud..

www.cfe-icg.com What type of individual commits FRAUD? It is not limited to any one type of person. Who Commits Fraud?

The Fraud Triangle. Auditor’s Domain Fraud Risk Management Fraud Risk Management Perceived Pressure Rationalization Perceived Opportunity

Detailing the process of applying controls inside the organization, and demonstrating the outcome

STEP 1: EVALUATE THE ORGANIZATION'S FRAUD RISK FACTORS To identify which factors increase the risk for fraud within an organization, examiners should analyze industry and business operations, hold discussions with management, review previous frauds committed against or on behalf of the company, review company performance, and evaluate similar frauds that occurred at competitors' organizations.

STEP 2: IDENTIFY POSSIBLE FRAUD SCHEMES The ability to identify specific schemes resulting from fraud risk factors depends on the examiner's knowledge of this area. Fraud specialists, including individuals with certified fraud examiner (CFE) designations and Certified Systems Investigator (CSI) are ideal for this step of the process, as they possess specialized knowledge of fraud detection and investigation.

STEP 3: PRIORITIZE IDENTIFIED FRAUD RISKS Fraud is not just an ordinary risk, but also an inherent and significant one. Once the fraud schemes database is populated, management and internal auditing should identify the frauds that pose the greatest risk for the organization.

Examiners should consider the following factors when prioritizing fraud risks:

Financial impact to the organization.

Reputation risk of negative publicity associated with fraud.

Loss of productivity.

Potential criminal/civil actions taken against the organization. (Such as Data Breach EU95/46 on PII)

Loss of company assets.

STEP 4: EVALUATE MITIGATING CONTROLS Internal s Auditors with CFE qualifications are well-positioned to review and counsel on the existence and operational effectiveness of internal controls. In step four, the examiner/auditor should evaluate the high-priority frauds and determine if the necessary controls are in place to reduce the risk of occurrence. This step takes time, as the auditor should attempt to identify more than one control for each fraud scheme.

Fraud Consideration at all stages of engagement Perform Audit Plan Develop Audit Plan Perform Preliminary Planning Perform Pre-Engagement Activities Conclude & Report PROFESSIONAL SKEPTICISIM DOCUMENTATION GATHER AND ASEESS FRAUD RISKS

Questions?

Thank You ! Tommy Seah www.cfe-icg.com www.cfe-in-practice.net www.csi-worldhq.org also on Facebook Tel +65 6222 9861 Mobile +65 9106 9872 Contact Details: