Fraud risk management


Published on

The presentation provides overall insight of operational fraud risk management. It explains the operational fraud risk and mitigation strategies. The role of Internal audit and audit committee is further exemplified

Published in: Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Basel II components
  • The pressure here is not financial pressure but non-shareable financial pressure because every body has financial pressure, but not everybody commits fraud
  • Fraud risk management

    2. 2. Introduction • Operational risk attaches itself to people, systems and process • Operational risk is the risk of loss resulting from inadequate or failed internal processes, people andE systems or from external events.M •A It includes other risks such as legal risks, physicalC risks, political risks and environmental risks • Fraud is part of operational risk in any organization – Internal fraud such as tax evasion, assets misappropriation, bribery, corruption and larceny – External fraud such as theft, forgery, hacking and information theft 2
    3. 3. Evolution of Operational Risk Credit Market Operation Complianc Informati Data Risk Other Risk Risk Risk al Risk e Risk on Risk Basic Strategic ERM IntegratedEMAC 3
    4. 4. Perception on operational Risk • Joint McKinsey finds have shown that risk management has not been able to prove its value to organizationE • Operational risk is seen as immature disciplineMA that has often not proven its value toC organization • There is evidence that operational risk can be destructive as market loose faith in management and control following large events • The discipline is focused more on measurement than on management 4
    5. 5. What is fraud? • Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain.EM • Misconduct is also a broad concept, generally referring toA violations of laws, regulations, internal policies, andC market expectations of ethical business conduct. • It is an intentional act by one or more individuals among management , those charged with governance, employee or third parties involving the use of deception to obtain an unjust or illegal advantage 5
    6. 6. Why people commit fraud? • Pressure on employee to misappropriate cash or organizational assetsE • Employees committing fraud are not careerMA criminals, they are trusted employeesC • Dr. Donald Cressey, a criminologist developed a model to get reasons for why people in trust commit fraud • Model is referred as fraud triangle 6
    7. 7. Causes of Fraud - Rationalization • Most of fraudsters are first time offenders with no criminal past and therefore don’tE view themselves as criminalsM • They must always justify the crime in a wayAC that makes it an acceptable and justifiable act (rationalization) e.g. I was underpaid, my employer cheated me, my employer is dishonest, I was entitled to the money or I was only borrowing money. 7
    8. 8. What causes fraud?- Fraud Triangle Pressure or IncentiveEMAC Fraud Rationalizatio Opportunity n All the three factors must be present for fraud to occur, if any one of the three8 is missing, fraud will not occur
    9. 9. Why fraud happens? Opportunity- due to weak And override of controlsEMAC Pressure Fraud Need/ Unrealistic Corporate Rationalization Target can •Every one Force Does it Employees to •Simply borrow Commit fraud -money 9
    10. 10. Causes of Fraud (Pressure/Incentive) • It is a perceived non-sharable financial pressure • Non-Shareable involves some sort of embarrassment, shame or disgrace • It is the first motivation for crimeE • A person may have financial problem that cannot beMA solved through legitimate meansC – Consideration for illegal acts such as stealing cash or falsifying a financial statement as a way to solve problem – It can be deep personal debt or a job/business is in jeopardy e.g. Desire for status symbol eg. Big house, nicer car; need to meet productivity targets; drug or gambling addition or inability to pay bills – It can sexual addiction and importance of status 10
    11. 11. Causes of fraud (Opportunity) • It is a perceived opportunity defining method by which crime can be committed • Involves uses of position of trust to solveE financial problemsMA • It is critical that the fraudster be able to solveC problem in secret since motivation is over the status • Always the fraudster will act in secret e.g. forcing bank reconciliation to balance if he had paid a cheque to oneself. 11
    12. 12. Fraud Triangle - Limitations • Not applicable to professional fraudsters or predatory employees ( employees taking jobE with intent to stealing from the employer)MA • Rationalization is only necessary for firstC commitment of fraud and afterwards it is abandoned 12
    13. 13. Fraud Triangle-Deterrence measures • Reduce pressures on employees that might push them to committing fraud • Reduced perceived opportunities to commit fraudEM • Dispel rationalization for engaging in fraudulentA conductC • Sanctions does not work, why – Fraudsters never think that they can be caught in a perceived opportunity – Fraudsters always rationalize their conduct – Sanctions are only secondary consideration 13
    14. 14. Types of fraud Asset Fraudulent Misappropriation Financial ReportingE OtherM QuestionableA  Manipulation, falsification/alteration of or ImproperC records or documents Business  Misappropriation of assets Practices  Suppression or omission of the effect of transaction from records or documents  Recording transaction without substance  Misapplication of accounting principles 14
    15. 15. Fraud Indicators (Red Flags) • Aggressive application of accounting codes • Information provided unwillingly or after unreasonable delay • Unsupported transactionsEM • Fewer confirmation responsesA • Evidence of unduly lifestyle by officers or employeesC • Long outstanding imprest balances • Poor documentation • False & improper entries in records • Unauthorized payments • Unauthorized use of corporate assets • Misapplication of funds 15
    16. 16. Fraud Indicators (Red Flags) • Undue secrecy • Questionable practices • Significant manager or director transactionsE • Drop of sales or earningsMA • Aggressive accounting treatmentC • Posting of transactions to headquarters • Receipt of poor quality goods • Related party arrangements • Weak security checks for employees • Delay in submission of reports 16
    17. 17. Fraud indicators (Red flags) • Flouting directives and regulations • Personal interestE • Uncorrected entries and stock adjustmentsM • High fly management decisionsAC • Incompatible functions done by one person • Misuse of computer for private business • Frequent use of allocated issue voucher even when the system is available • Questionable system adjustments 17
    18. 18. Fraud Indicators • Unauthorized transactions • Cash shortages • Unexplained variation in pricesE • Missing documentationM • Excessive refundsA • Living beyond ones meansC • Drug and alcoholic abuse • High personal debt/loses • Compulsive gambling/stock speculation • Risk of increase IT, increases the risk of manipulation, access control 18
    19. 19. Fraud Indicators • Management Environment – Pressure – Management style and attitudeEM • Competitive and business environment e.g. technologyA • Employee relationship ( spouse receiving non competitiveC contract) • Attractive assets • Internal controls • Lack of separation of duties • Too much trust placed on few employees 19
    20. 20. Personal Fraud indicators Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraudE – Personal pressuresM – Individual performance targetsA – Infiltration by organised crimeC Controls may be overridden or ignored by certain individuals: – Powerful (overrides controls, staff intimidated) – Successful (not to be bothered, too busy earning money) – Trusted (responsibility has moved beyond their job description) 20
    21. 21. Managing Fraud -Forces Risk Management Director & Officer Internal Audit Code of Ethics Staff Regulations LiabilityEMA Entity Governance and ResponsibilityC Business Plan and Stakeholders Reputation and Customer Service Budget Procurement and pressures Credibility Surveys Finance Acts 21
    22. 22. Business environment • Rapid increase of activities Weak competition • Rapidly growing sales • Relatively high profitabilityEM ….. In such an environment, effective anti-fraudAC measures can be ascribed low priority or be undetected because the current level of profitability allows for fraud losses to be absorbed within existing profit margins. …. Consider tough times ahead…. More competition, changing government regulations? 22
    23. 23. Do we have any fraud mitigation? • What are they? 1. Reviewed and Strengthening of internal controls 2. Periodic compliance auditE 3. Employee hotlineM 4. Appointed compliance personnelA 5. Establish and implement code of conduct for all employeesC 6. Conducted background check for hires with budgetary responsibility 7. Instituted fraud awareness training 8. Tied employee evaluations to ethics or compliance objectives What is your answer on the above from 0-10 23
    24. 24. Fraud Risk Management Techniques Management Internal Controls Whistle-blowingE Internal AuditMAC ? Reliance 24
    25. 25. Controls Barriers  Good controls on paper are not strictly followed in practice  Grey areas in the rules – open to interpretation  Lack of segregation of dutiesE  CollusionM  Management overrideAC  Failure of senior management to lead by example  Bureaucracy &/or formulaic compliance  Failure to share knowledge of fraud experience, control weaknesses and control improvements  Clash of cultures 25
    26. 26. Objectives of Fraud Risk Management controls designed to reduce the risk of fraud controls designed to and misconduct from take corrective action occurring in the first placeE Response PreventionM and remedy the harm caused by fraud orA misconductC Detection controls designed to discover fraud and misconduct when it occurs 26
    27. 27. Fraud Risks Management - Measures Prevent fraud and misconduct Detect occurrence Respondappropriately ifdiscovered 27
    28. 28. Fraud Risk Management -components 28
    29. 29. Fraud risk assessment • Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable. Qualitative factors in the assessment include: • the accounting system • complexity, volume and nature ofE transactionsM • internal controls in place Significance / ImpactA • compliance, training and monitoringC Incorporates the views of: • management; • control functions; Likelihood • line employeesManagement are then able to:• Prioritise identified risks and evaluate the existing controls• Link each risk to specific controls and commit resources to implement anyenhancements 29
    30. 30. Fraud Risk Management Experiences • Surveys suggest that: 1. Over 50% of frauds are discovered as a result of information provided by staffEM 2. Losses after an introduction of a whistle-blowingAC hotline can be reduced by up to 60%. 3. Staff prefer the following reporting channels:  57%: a telephone hotline;  20%: conventional mail; and  16%: e-mail. Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse 30
    31. 31. FRM – Hotline best practices Confidentiality All matters treated confidentially; reported on a need to know basis Anonymity Process should allow for anonymous submission & resolutionE Availability Should be available in remote outposts, not just head officeMA A ‘live’ response – operators need to be qualified, trained & able Assistance – Real TimeC to provide advice Procedures Consistent protocols to gather information and manage the call Classify & Notify Qualified staff assess the allegation; protocols establish basis for escalation & investigation Communicate Publicise the hotline prominently; commit to, & test for, non- retaliation 31
    32. 32. FRM - Response Objective is to take corrective action & remedy the harm caused by fraud or misconduct: • Examine the primary cause of the control breakdown, ensuring that riskE is mitigated and controls are strengthened.MA • Discipline those involved in the inappropriate actions, as well as those inC management positions who failed to detect or prevent such events. • Communicate to the wider population of employees that management took appropriate, responsive action. 32
    33. 33. FRM - Basis of Investigation • Consideration should be given to: • Data and information gathering;E • Interviewing techniques;MA • Appropriate resource;C • Analytical tools such as data mining; and • MSD intelligence information. 33
    34. 34. Fraud investigation • Once the symptoms of fraud are found and additional tests have indicated that there is aE strong possibility of fraud, the review entersM the formal investigation phaseAC • Investigator must know; – Results of investigation can be used later as an educational tools for auditors, fraud investigators and other employees 34
    35. 35. Fraud investigation- stages • Briefing management, followed by terms of reference detailing the initial scope of work • Communication with parties involved e.g. Internal audit, audit committee and accounting staffE • Determining the extent of fraudMA • Interviewing the defrauder ( only if fraud is known withC certainty) • Investigating the known area with detailed audit test. E.g. Procurement tendering, wages, cash debtors and stock • Report to the management on the findings, with copies to interested parties e.g. Internal auditor, audit committee. 35
    36. 36. Investigation – details of report • Circumstances which led to investigation • Fraud discovered and their extentEM • Identity of the defrauderAC • Effects on the reported profit of the past period • Effects on f/s of current periods 36
    37. 37. Investigation – details of report • IC weakness which allowed the fraud and recommendations for eliminating them • Report of any interviewing with theEM defrauder, including offers of restitutionA etc, which may be relevant to managementC in deciding what action, if any they should take against him/her • If there is any suggestion that the internal auditors has been negligent the extent of claim against him. 37
    38. 38. Action upon proof of fraud or error • investigator should – Consider the potential effects in F/sE – Where the fraud is material the auditor shouldM modify the audit procedures so as to performA procedures appropriate to circumstancesC depending on the type of the fraud/error suspected, the likelihood of their occurrence and extent of damage in the F/s 38
    39. 39. Action upon proof of fraud or error • If some proof of fraud exists, management has several optionsE – Cause a deeper audit to be done if amount ofM loss appears substantialA – Terminate employee responsible if loss is minimalC – File a claim to recover a loss from clients fidelity insurance agent – Arrange with law enforcement agents to probe into the matter 39
    40. 40. Action upon proof of fraud or error • If some proof of fraud exists, management has several optionsE – Engage a private investigator to probe intoMA the loss and document it for claimC purpose/prosecution – Disregard losses if minimal and tighten controls – Alert the directors, audit committees or the Board 40
    41. 41. Fraud deterrence measures • Strong internal Control System is not a warrant from fraud – Entity should have an effective anti-fraud and corruption strategy which is aimed at encouraging prevention, promote early detection and respond toE concern raisedM – Awareness programs to employeesAC – Screening job applicants – Sound corporate policy on fraud – AVOID atmosphere of distrust and paranoia by over- emphasising fraud deterrence measures. 41
    42. 42. Fraud Deterrence –three lines of defense • Management should ensure enforcement of compliance with operations SOPs • Risk management function should be embedded in business activitiesE • Internal audit should be proactively risk basedMAC 42
    43. 43. FRAUD REPORTING • It is important to stick to facts, and to discount hearsay, rumour, or opinion andE record what is relevant to the cause of theMA incident and its effectC • Audit reports on fraud and other improprieties should be addressed to the right person who can take action 43
    44. 44. FRAUD REPORTING • Report must contain all details of fraud • Must provide framework to analyse the fraud caseE • Must enable the user to develop improvedM management and security policies and detect andAC prevent fraud. • Investigation and reporting should proceed in such a way that the outcome will be litigated. Recording exact times, data, names of person and specific; description of evidence are critical in civil or criminal investigation or litigation 44