Leading Compliance Monitoring Activities to Assess Fraud and Corruption Risks
Kenya AMC Presentation 1
1. FORENSIC ACCOUNTING & VALIDATION FORUM 2015
7 July 2015
Intercontinental Hotel, Nairobi, Kenya
Running an Investigation
By
Mr. Felix T. Maromo, CFE, CPFA, Msc.
Financial Crime Compliance Manager
Standard Charted Bank Zimbabwe
2. 1. Introduction - Fraud Investigation Defined
2. Running an investigation
What is involved in running an investigation?
Key statistics and fraud trends.
3. Explore sources of evidence using:
Open source and public information
Forensic data analytics
Fieldwork and interviews
Electronic evidence
Discussion - ways of reporting and presenting evidence
4. Conclusion
5. Question & Answer Session
Disclaimer:
Information and views in this presentation represents solely the presenter's personal views and comments.
Contents
3. Fraud Investigation Defined
Fraud in simple terms involves misrepresentation with an intent to deceive. It involves an abuse of
position, or false representation, or prejudicing someone’s rights for personal gain.
Fraud Investigation has several definitions, however in general terms it entails gathering evidence
relating to specific fraud allegations to determine the facts relating to the matter and to assist in
deciding what, if any, action should be taken in relation to the matter(s).
Corporate fraud, including embezzlement, asset misappropriation, and financial statement
manipulation can severely damage a company’s reputation, erode shareholder confidence and even
result in the collapse of major corporations.
Many times, when fraud is uncovered, executives and boards of directors are surprised by the incident,
and even more surprised by the fact that the auditors did not detect the fraud sooner, or at all. Isn't
that what auditors are supposed to do?
Auditor versus Fraud Examiner
Both an auditor and fraud examiner share common attributes but their roles differ significantly and it
is important to understand the differences.
Many companies will call in a fraud examiner to conduct an investigation once fraud is suspected, but
the external auditor is the initial investigator when an indicator of potential fraud (referred to as a red
flag) is identified.
Introduction
4. Auditor versus Fraud Examiner
Introduction Cont’d…
Issue Auditing Fraud Examination
Timing Audits are conducted on a regular
reoccurring basis
Nonrecurring; fraud examinations are
conducted with sufficient predication
Scope The scope of an audit is an examination of
financial data
Specific: conducted to resolve specific
allegations
Objective An audit is conducted for the purpose of
expressing an opinion on the financial
statements
Affix Blame: the fraud examination is
conducted to determine whether fraud has
occurred or is occurring and to determine
who is responsible
Relationship The audit is nonadversaril in general Because the purpose is to affix blame,
fraud examinations are adversarial in
nature
Methodology Audits are conducted by examining financial
data and obtaining corroborating evidence
Fraud examinations conducted by 1)
document examination, 2) review of
outside data and 3) interviews
Presumption Auditors are required to approach audits
with professional skepticism
Fraud examiners approach examination by
attempting to establish sufficient proof to
5. Running an investigation - What it entails!!!
Reporting
Analysing
the Evidence
Fact Finding,
Interviewing
& Reinter
viewing
6. Running an investigation - What it entails!!! Cont’d...
INNITIAL ANALYSIS
Who is alleged to have acted wrongly
What is the alleged violation
Is an investigation necessary
Internal or external timing/deadline
Need for immediate action
Escalation of matter within the entity
Investigation Accountability
Need to preserve evidence
Maintaining confidentiality at his early
stage
PLANNING & LEADING
Establishing a need to know list
Method of communication to be used
Creating an Investigation Plan
Prepare a chronology of facts known and
Allegations made
Evaluate available information/
documents?
Identify who should be interviewed, Order
of Interviews
Setting up a case/investigation file
FACT FINDING, INTERVIEWING &
REINTER VIEWING
What is the goal of interview?
Developing the facts Elements?
Planning
Arranging
Opening
Conducting
Note taking
Closing
To be discussed in detail below.
ANALYSING EVIDENCE
Assess if there is sufficient factual basis
for decision makers to reach a conclusion
Examine each piece of evidence gathered
Analyse what is missing
Is there a need to re-interview .
Quality: clarity, detail, logical,
speculation, first hand
Quantity: corroboration, contradiction
Credibility findings: rarely, and if done,
use care and provide factual support
Findings: “of fact” vs. “conclusion”
REPORTING
Main aim is:
Showing there has been a professional,
thorough and fair investigation
Presenting the decision makers with
sufficient facts to conclude outcome
Establishing documentation relating to
the investigation that will stand in future
times
Highlighting any internal
processes/controls that may need
attention
FOLLOWING UP
Management notification of decisions
Notification to complainant (if applicable)
and investigation subject.
When allegation are proved, complainant
is told a violation was found, corrective
action was taken, and request for
continued confidentiality.
When allegation not proved, complainant
and investigation subject are told (in
writing
Record keeping – Document retention
8. Running an investigation - Key Fraud Statistics & Trends
Summary of Findings
Typical organization loses 5% of revenues each year to fraud.
The median loss by frauds was noted as $145,000.
The median duration — the amount of time from when the fraud commenced until it was detected
— for the fraud cases reported was found to be 18 months.
Occupational frauds: (Asset misappropriations, Corruption and Financial statement fraud)
a) Asset misappropriations are the most common fraud, occurring in 85% of the cases in studies
conducted, causing a median loss of $130,000.
b) Financial statement fraud constituted 9%, but those cases had the greatest financial impact,
with a median loss of $1 million.
c) Corruption schemes fell in the middle in terms of both frequency (37% of cases) and median loss
($200,000).
Many cases involve more than one category of occupational fraud.
Tips are consistently and by far the most common detection method.
9. Running an investigation - Key Fraud Statistics & Trends Cont’d...
Summary of Findings
Organizations with hotlines were much more likely to catch fraud by a tip
The smallest organizations tend to suffer disproportionately large losses due to occupational fraud.
The banking and financial services, government and public administration, and manufacturing
industries continue to have the greatest number of cases reported.
The presence of anti-fraud controls is associated with reduced fraud losses and shorter fraud
duration.
The higher the perpetrator’s level of authority, the greater fraud losses tend to be.
Collusion helps employees evade independent checks and other anti-fraud controls, enabling them
to steal larger amounts.
Approximately 77% of the frauds in the study were committed by individuals working in one of
seven departments: accounting, operations, sales, executive/upper management, customer service,
purchasing and finance.
It takes time and effort to recover the money stolen by perpetrators, and many organizations are
never able to fully do so.
10. Running an investigation - Key Fraud Statistics & Trends Cont’d...
US Sub Saharan
Africa
Asia-Pacific Western Europe Eastern Europe &
Western/ Central
Asia
Canada Latin America &
Carebbean
Southern Asia Middle East &
North Africa
646 173 129 98 78 58 57 55 53
48.0% 12.8% 9.6% 7.3% 5.8% 4.3% 4.2% 4.1% 3.9%
100000
120000
240000
200000
383000
250000
200000
56000
248000
Geographical Location of Victim Organizations
No. of Cases Percent of Case Median Loss (US$)
11. Running an investigation - Key Fraud Statistics & Trends Cont’d...
Region No. of Cases Percent of Case Median Loss (US$)
US 646 48.0% 100000
Sub Saharan Africa 173 12.8% 120000
Asia-Pacific 129 9.6% 240000
Western Europe 98 7.3% 200000
Eastern Europe & Western/ Central Asia 78 5.8% 383000
Canada 58 4.3% 250000
Latin America & Carebbean 57 4.2% 200000
Southern Asia 55 4.1% 56000
Middle East & North Africa 53 3.9% 248000
12. Sources of Information - Open source and public information
Open-source information
a) This relates to data collected from publicly available sources.
b) Open information can be obtained overtly, instead of using hidden/covert means.
c) There are Open Source software used to extract open source data.
d) Open information can be extracted from:
Media: newspapers, magazines, radio, television, and computer-based information.
Web based information or from social-networking sites
Public data: government reports, official data such as budgets, demographics etc
Observation and reporting
Professional and academic information
13. Sources of Information - Open source and public information Cont’d...
Public information
a) Is information that is collected, assembled, or maintained under a law or ordinance or in
connection with the transaction of official business:
By a governmental body; or
For a governmental body and the governmental body owns the information or has a right of
access to it.
a) The media on which public information is recorded may include: paper;Video recording; a
magnetic, optical, or solid state device that can store an electronic signal or tape.
b) The general forms in which the media containing public information exist include a book, paper,
letter, document, printout, photograph, film, tape, microfiche, microfilm, Photostat, sound
recording, map, and drawing and a voice, data, or video representation held in computer
memory.
14. Sources of Information - Forensic data analytics
Forensic Analytics reviews and shows how twenty substantive and rigorous tests can be used to
detect fraud, errors, estimates, or biases in your data.
Data forensics can involve many different tasks, including data recovery or data tracking.
Data forensics might focus on recovering information on the use of a mobile device, computer or
other device.
It might cover the tracking of phone calls, texts or emails through a network.
Digital forensics investigators may also use various methodologies to pursue data forensics,
such as decryption, advanced system searches, reverse engineering, or other high-level data
analyses.
Some experts make a distinction between two types of data collected in data forensics.
Persistent data - which is permanently stored on a drive and is therefore easier to find.
Volatile data - or data that is transient and elusive.
Data forensics often focuses on volatile data, or on a mix of data that has become difficult to
recover or analyze for some reason.
15. Sources of Information - Fieldwork and interviews
Assembling the Team
Fraud investigation and should rely on the competency of others to assist when
necessary. Consider the following specialized areas for inclusion as part of the team:
•Forensic Accountants
•Legal Counsel
•InformationTechnology/Computer Forensics
•Company Security Personnel
•Company Management
•Fraud Examiners/Investigators
16. Sources of Information - Fieldwork and interviews
Investigative Fieldwork
Once the team is assembled, the begins investigative fieldwork to establish the validity of the
allegation.
This stage involves examination of documents, analytical procedures, evidence collection, and
witness and subject interviews.
This stage of the process normally requires the most time.
If substantiated, the results of the investigation may possibly conclude in a civil and/or criminal
proceeding.
Fieldwork may include the following:
Public Document Reviews & Background Investigations
Interviews of Relevant Persons
Confidential Sources
Analysis of Electronic Evidence
Physical & Electronic Surveillance
Undercover Operations
Analysis of FinancialTransactions
18. Sources of Information - Ways of reporting
Reporting
Fraud Investigator uses various report writing styles and formats.
A fraud examination report should contain (although the order may vary) the following key sections:
a) Executive Summary
b) Estimated Loss and Recovery
c) Evidence Collected
d) Procedures Performed
e) Findings
f) Final Disposition
The writer should be considerate of the target audience for the report, which could consist of one or more
of the following:
a) Management
b) Internal/external audit
c) Legal counsel – plaintiff’s attorney, defense attorney, prosecuting attorney
d) Judge/Jury
e) Law enforcement
f) Employee
g) Audit committee
h) Insurance company