Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fraud risk management training - Elsam Management Consultants


Published on

Fraud, Why fraud, types of fraud, distinction between fraud and corruption, fraud red flags Fraudsters, anti-fruad programs and fraud investigation

  • Be the first to comment

Fraud risk management training - Elsam Management Consultants

  1. 1. E M A C Fraud Risk Management 1 Part II ADVANCED RISK MANAGEMENT WORKSHOP STELLA MARIS HOSTEL Bagamoyo 9TH -11TH April,2014
  2. 2. E M A C Operational Risk Nature of fraud risk- Operational Risks What is fraud and fraud risk? Necessity of anti-fraud training Fraud risk factors Group exercise: fraud risk factors or 3 Cs 2 Coverage
  3. 3. E M A C • Operational risk attaches itself to people, systems and process • Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. • It includes other risks such as legal risks, physical risks, political risks and environmental risks • Fraud is part of operational risk in any organization Internal fraud such as tax evasion, assets misappropriation, bribery, corruption and larceny External fraud such as theft, forgery, hacking and information theft 3 Introduction
  4. 4. E M A C Credit Risk Market Risk Operation al Risk Complianc e Risk Informati on Risk Data Risk Other Risk Basic Strategic ERM Integrated 4 Evolution of Operational Risk
  5. 5. E M A C • Joint McKinsey finds have shown that risk management has not been able to prove its value to organization • Operational risk is seen as immature discipline that has often not proven its value to organization • There is evidence that operational risk can be destructive as market loose faith in management and control following large events (Enron Case) • The discipline is focused more on measurement than on management 5 Perception on operational Risk
  6. 6. E M A C “obtaining a comprehensive measure of fraud’s financial impact is challenging, if not impossible due to the fact that fraud inherently involves efforts at concealment. Many fraud cases will never be detected, and of those that are, the full amount of losses might never be determined or reported. Consequently, any attempt to quantify the extent of all fraud losses will be, at best, an estimate” 6 Why is Fraud a Major Operational Risk
  7. 7. E M A C 7 The Cost of Fraud & Corruption
  8. 8. E M A C • Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain. • Misconduct is also a broad concept, generally referring to violations of laws, regulations, internal policies, and market expectations of ethical business conduct. • It is an intentional act by one or more individuals among management , those charged with governance, employee or third parties involving the use of deception to obtain an unjust or illegal advantage 8 What is fraud?
  9. 9. E M A C Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering loss and/ or the perpetrator achieving a gain. ACFE Corruption is the abuse of public or private office for personal gain. It includes acts of bribery, embezzlement, nepotism or state capture. It is often associated with and reinforced by other illegal practices such as bid rigging, fraud or money laundering. 9 What is fraud? Perspectives ..
  10. 10. E M A C Fraud is …. Fraud is not ….. Intentional Taken by physical force To trick or deceive someone out of his/her assets Victimless Theft Insignificant because no one is hurt A crime Acceptable or justifiable 10 Characteristics of Fraud
  11. 11. E M A C Fraud commonly includes activities such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion. It involves using deception to dishonestly make a personal gain for oneself and / or create a loss for another. 11 Scope of Fraud
  12. 12. E M A C • Pressure on employee to misappropriate cash or organizational assets • Employees/people committing fraud are not career criminals, they are trusted employees • Dr. Donald Cressey, a criminologist developed a model to get reasons for why people in trust commit fraud (Case Study II) • Model is referred as fraud triangle 12 Why people commit fraud?
  13. 13. E M A C • Most of fraudsters are first time offenders with no criminal past and therefore don’t view themselves as criminals (See Arthur Andersen case) • They must always justify the crime in a way that makes it an acceptable and justifiable act (rationalization) e.g. I was underpaid, my employer cheated me, my employer is dishonest, I was entitled to the money or I was only borrowing money. 13 Causes of Fraud - Rationalization
  14. 14. E M A C Fraud Pressure or Incentive Rationalizati on Opportunity 14 What causes fraud?- Fraud Triangle All the three factors must be present for fraud to occur, if any one of the three is missing, fraud will not occur
  15. 15. E M A C 15 Why fraud happens? Fraud Need/ Rationalization •Every one Does it •Simply borrow -money Pressure Unrealistic Corporate Target can Force Employees to Commit fraud Opportunity- due to weak And override of controls
  16. 16. E M A C • It is a perceived non-sharable financial pressure • Non-Shareable involves some sort of embarrassment, shame or disgrace • It is the first motivation for crime • A person may have financial problem that cannot be solved through legitimate means Consideration for illegal acts such as stealing cash or falsifying a financial statement as a way to solve problem It can be deep personal debt or a job/business is in jeopardy e.g. Desire for status symbol eg. Big house, nicer car; need to meet productivity targets; drug or gambling addition or inability to pay bills ( See the Enron Case Study) It can sexual addiction and importance of status 16 Causes of Fraud (Pressure/Incentive)
  17. 17. E M A C • It is a perceived opportunity defining method by which crime can be committed • Involves uses of position of trust to solve financial problems • It is critical that the fraudster be able to solve problem in secret since motivation is over the status • Always the fraudster will act in secret e.g. forcing bank reconciliation to balance if he had paid a cheque to oneself ( See a case of TV show) 17 Causes of fraud (Opportunity)
  18. 18. E M A C • Not applicable to professional fraudsters or predatory employees ( employees taking job with intent to stealing from the employer) • Rationalization is only necessary for first commitment of fraud and afterwards it is abandoned 18 Fraud Triangle - Limitations
  19. 19. E M A C • Reduce pressures on employees that might push them to committing fraud • Reduced perceived opportunities to commit fraud • Dispel rationalization for engaging in fraudulent conduct • Sanctions does not work, why Fraudsters never think that they can be caught in a perceived opportunity Fraudsters always rationalize their conduct Sanctions are only secondary consideration 19 Fraud Triangle-Deterrence measures
  20. 20. E M A C 20 Types of fraud Fraudulent Financial Reporting Asset Misappropriation Other Questionable or Improper Business Practices  Manipulation, falsification/alteration of records or documents  Misappropriation of assets  Suppression or omission of the effect of transaction from records or documents  Recording transaction without substance  Misapplication of accounting principles  These can be elaborated on this presentation
  21. 21. E M A C 21 Types of Internal Fraud
  22. 22. E M A C • Aggressive application of accounting codes • Information provided unwillingly or after unreasonable delay • Unsupported transactions • Fewer confirmation responses • Evidence of unduly lifestyle by officers or employees • Long outstanding imprest balances • Poor documentation • False & improper entries in records • Unauthorized payments • Unauthorized use of corporate assets • Misapplication of funds 22 Fraud Indicators (Red Flags)
  23. 23. E M A C Undue secrecy • Questionable practices • Significant manager or director transactions • Drop of sales or earnings • Aggressive accounting treatment • Posting of transactions to headquarters • Receipt of poor quality goods • Related party arrangements • Weak security checks for employees • Delay in submission of reports 23 Fraud Indicators (Red Flags)
  24. 24. E M A C • Flouting directives and regulations • Personal interest • Uncorrected entries and stock adjustments • High fly management decisions • Incompatible functions done by one person • Misuse of computer for private business • Frequent use of allocated issue voucher even when the system is available • Questionable system adjustments 24 Fraud indicators (Red flags)
  25. 25. E M A C • Unauthorized transactions • Cash shortages • Unexplained variation in prices • Missing documentation • Excessive refunds • Living beyond ones means • Drug and alcoholic abuse • High personal debt/loses • Compulsive gambling/stock speculation • Risk of increase IT, increases the risk of manipulation, access control 25 Fraud Indicators
  26. 26. E M A C • Management Environment Pressure Management style and attitude • Competitive and business environment e.g. technology • Employee relationship ( spouse receiving non competitive contract) • Attractive assets • Internal controls • Lack of separation of duties • Too much trust placed on few employees 26 Fraud Indicators
  27. 27. E M A C 27 Fraud Risk Indicators
  28. 28. E M A C 28 Common Red-Flags
  29. 29. E M A C 29 Red Flags Data
  30. 30. E M A C • Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraud – Personal pressures – Individual performance targets – Infiltration by organised crime • Controls may be overridden or ignored by certain individuals: – Powerful (overrides controls, staff intimidated) – Successful (not to be bothered, too busy earning money) – Trusted (responsibility has moved beyond their job description) 30 Personal Fraud indicators
  31. 31. E M A C 31 Managing Fraud -Forces Entity Governance and Responsibility Code of Ethics Staff Regulations Director & Officer Liability Internal Audit Risk Management Business Plan and Budget Procurement and Finance Acts Customer Service Surveys Stakeholders pressures Reputation and Credibility
  32. 32. E M A C • Rapid increase of activities Weak competition • Rapidly growing sales • Relatively high profitability • ….. In such an environment, effective anti-fraud measures can be ascribed low priority or be undetected because the current level of profitability allows for fraud losses to be absorbed within existing profit margins. • …. Consider tough times ahead…. More competition, changing government regulations? 32 Business environment
  33. 33. E M A C Elements of Fraudster  Makes false representation or willful omission regarding a material fact.  The fraudster knew the representation was false.  The target relied on this misappropriation.  The victim suffered damages or incurred a loss
  34. 34. E M A C Fraudster The analysis of the constantly changing nature of fraudster can held organizations stiffen their defenses against fraud A typical fraudster is 35 to 45 years of age Employed in an executive Finance operations Sales and marketing Six years of employment Intelligent and passionate of work
  35. 35. E M A C Characteristics of a Fraudster  Likely to be married.  Member of a church or mosque  Educated beyond high school.  No arrest record.  Age range from teens to over 60.  Socially conforming.  Employment tenure from 1 to 20 years.  Acts alone 70% of the time.  Growing use of technology
  36. 36. E M A C Characteristics of a Fraudster  First-time offenders.  Losses from fraud caused by managers and executives were 3.5 times greater than those caused by non- managerial employees.  Losses caused by men were 3 times those caused by women. [53% males; 47% females]  Losses caused by perpetrators 60 and older were 27 times those caused by perpetrators 25 or younger.  Losses caused by perpetrators with post-graduate degrees were more than 3.5 times greater than those caused by high school graduates.
  37. 37. E M A C Characteristics of a Fraudster Yesterday, today and tomorrow Egotistical  Risk taker  Hard Worker  Greedy  Disgruntled or a complainer  Overwhelming desire for personal gain  Pressured to perform Management frequently regards fraud risk as a single dot on the risk matrix, not always fully appreciating its real nature and extent
  38. 38. E M A C Characteristics of Fraudster
  39. 39. E M A C Characteristics of Fraudster Impact of collusion It account 29% of known fraud It is insiders who take the lead, since they tend to identify the opportunity and to know the soft spots of the company’s defense More than 42% of fraudsters had worked with the company more than six years Collusion cannot be present when people act alone Most detection is mostly from informal tip off by 22% and formal whistle blowing by 19% Cyber fraud is mostly perpetrated by collusion We expect employees and managers managing fraud opportunities to continue to threaten companies future
  40. 40. E M A C 40 Where the fraudster works?
  41. 41. E M A C 41 Which source of fraud type?
  42. 42. E M A C June 2013, Corruption swallows 25% of Africa GDP according to World Bank survey. Africa loses $148 billion annually because of corruption, a survey by World Bank has indicated Corruption to increase costs of achieving the UN millennium Development Goals on water and sanitation by US $148 billion 42 Astonishing facts
  43. 43. E M A C Tips for fraud Specialist “Finding fraud is like trying to load frogs on to a wheelbarrow.” To be a forensic auditor, you have to have a knowledge of fraud, what fraud looks like, how it works, and how and why people steal. Source: Robert J. Lindquist "Finding fraud is like using a metal detector at a city dump to find rare coins. You're going to have a lot of false hits." - D. Larry Crumbley “Fraud can be best prevented by good people asking the right questions at the right time.” - Michael J. Comer
  44. 44. E M A C Tips for Fraud Specialists Changing techniques 1. Tips from employees (26.3%). 2. By accident (18.8%). 3. Internal audit (18.6%). 4. Internal controls (15.4%). 5. External audits (11.5%). 6. Tips from customers (8.6%). 7. Anonymous tips (6.2%). 8. Tips from vendors (5.1%). Therefore, 46.2% from tips.
  45. 45. E M A C Tips for Fraud Specialist 1. Strong Internal Controls (1.62) 2. Background checks of new employees (3.70) 3. Regular fraud audit (3.97) 4. Established fraud policies (4.08) 5. Willingness of companies to prosecute (4.47) 6. Ethical training for employees (4.86) 7. Anonymous fraud reporting mechanisms (5.02) 8. Workplace surveillance (6.07) 1 = Most effective 8 = Least effective Source: 2002 Wells Report
  46. 46. E M A C Tips for Fraud Specialist  Assume there may be wrong doing.  The person may not be truthful.  The document may be altered.  The document may be a forgery.  Officers may override internal controls.  Try to think like a crook.  Think outside the box.
  47. 47. E M A C Tips for Fraud Specialist According to KPMG, typically, a fraudster is perceived as someone who is greed and deceitful by nature. However, as this analysis reveals, many fraudsters work within entities for several years without committing any fraud, before an influencing factor-financial worries, job dissatisfaction, aggressive targets, or simply an opportunity to commit fraud- tips the balance
  48. 48. E M A C What are they? 1. Reviewed and Strengthening of internal controls 2. Periodic compliance audit 3. Employee hotline 4. Appointed compliance personnel 5. Establish and implement code of conduct for all employees 6. Conducted background check for hires with budgetary responsibility 7. Instituted fraud awareness training 8. Tied employee evaluations to ethics or compliance objectives What is your answer on the above from 0-10 48 Do we have any fraud mitigation?
  49. 49. E M A C Iceberg Theory of Fraud EMAC 49 Covert Aspects Attitudes Feelings (Fear, Anger, etc.) Values Norms Interaction Supportiveness Satisfaction Overt Aspects Hierarchy Financial Resources Goals of the Organization Skills and Abilities of Personnel Technological State Performance Measurement Behavioral Considerations Water line Structural Considerations The Iceberg Theory of Fraud
  50. 50. E M A C 50 Fraud Risk Management Techniques Management Internal Audit Internal Controls Whistle-blowing Reliance ?
  51. 51. E M A C Fraud risk identification Fraud risk assessment Similar Procedures used in the ERM process discussed previously 51 Fraud Risk Identification and Assessment process
  52. 52. E M A C 52 What is fraud risk identification
  53. 53. E M A C 53 What is fraud risk assessment
  54. 54. E M A C 54 Fraud Risk Assessment
  55. 55. E M A C 55 Source of Date to Assess Fraud Risks
  56. 56. E M A C 56 Anti Fraud Programs
  57. 57. E M A C 57 Building blocks in Fraud Management
  58. 58. E M A C • Good controls on paper are not strictly followed in practice • Grey areas in the rules – open to interpretation • Lack of segregation of duties • Collusion • Management override • Failure of senior management to lead by example • Bureaucracy &/or formulaic compliance • Failure to share knowledge of fraud experience, control weaknesses and control improvements • Clash of cultures 58 Controls Barriers
  59. 59. E M A C 59 Objectives of Fraud Risk Management Prevention Detection Response controls designed to reduce the risk of fraud and misconduct from occurring in the first place controls designed to discover fraud and misconduct when it occurs controls designed to take corrective action and remedy the harm caused by fraud or misconduct
  60. 60. appropria tely if discovere d occurrence fraud and misconduct Fraud Risks Management - Measures 60 Detect Respond Prevent
  61. 61. Fraud Risk Management - components 61
  62. 62. E M A C • Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable. 62 Fraud risk assessment Likelihood Significance/Impact Qualitative factors in the assessment include: • the accounting system • complexity, volume and nature of transactions • internal controls in place • compliance, training and monitoring Incorporates the views of: • management; • control functions; • line employees Management are then able to: • Prioritise identified risks and evaluate the existing controls • Link each risk to specific controls and commit resources to implement any enhancements
  63. 63. E M A C Surveys suggest that: 1. Over 50% of frauds are discovered as a result of information provided by staff 2. Losses after an introduction of a whistle- blowing hotline can be reduced by up to 60%. 3. Staff prefer the following reporting channels:  57%: a telephone hotline;  20%: conventional mail; and  16%: e-mail. 63 Fraud Risk Management Experiences Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse
  64. 64. E M A C 64 FRM – Hotline best practices Confidentiality Anonymity Availability Assistance – Real Time Procedures Classify & Notify Communicate All matters treated confidentially; reported on a need to know basis Process should allow for anonymous submission & resolution Should be available in remote outposts, not just head office A ‘live’ response – operators need to be qualified, trained & able to provide advice Consistent protocols to gather information and manage the call Qualified staff assess the allegation; protocols establish basis for escalation & investigation Publicise the hotline prominently; commit to, & test for, non-retaliation
  65. 65. E M A C 65 FRM - Response • Objective is to take corrective action & remedy the harm caused by fraud or misconduct: • Examine the primary cause of the control breakdown, ensuring that risk is mitigated and controls are strengthened. • Discipline those involved in the inappropriate actions, as well as those in management positions who failed to detect or prevent such events. • Communicate to the wider population of employees that management took appropriate, responsive action.
  66. 66. E M A C Consideration should be given to: • Data and information gathering; • Interviewing techniques; • Appropriate resource; • Analytical tools such as data mining; and • Organisation intelligence information. • My first fraud investigation Video 66 FRM - Basis of Investigation
  67. 67. E M A C • Once the symptoms of fraud are found and additional tests have indicated that there is a strong possibility of fraud, the review enters the formal investigation phase • Investigator must know; Results of investigation can be used later as an educational tools for auditors, fraud investigators and other employees (See a Case of Forensic Accountant) 67 Fraud investigation
  68. 68. E M A C • Briefing management, followed by terms of reference detailing the initial scope of work • Communication with parties involved e.g. Internal audit, audit committee and accounting staff • Determining the extent of fraud • Interviewing the defrauder ( only if fraud is known with certainty) • Investigating the known area with detailed audit test. E.g. Procurement tendering, wages, cash debtors and stock, payroll • Report to the management on the findings, with copies to interested parties e.g. Internal auditor, audit committee. 68 Fraud investigation- stages
  69. 69. E M A C • Circumstances which led to investigation • Fraud discovered and their extent • Identity of the defrauder • Effects on the reported profit of the past period • Effects on f/s of current periods 69 Investigation – details of report
  70. 70. E M A C • IC weakness which allowed the fraud and recommendations for eliminating them • Report of any interviewing with the defrauder, including offers of restitution etc, which may be relevant to management in deciding what action, if any they should take against him/her • If there is any suggestion that the internal auditors has been negligent the extent of claim against him. 70 Investigation – details of report
  71. 71. E M A C Investigator should Consider the potential effects in F/s Where the fraud is material the auditor should modify the audit procedures so as to perform procedures appropriate to circumstances depending on the type of the fraud/error suspected, the likelihood of their occurrence and extent of damage in the F/ 71 Action upon proof of fraud or error
  72. 72. E M A C • If some proof of fraud exists, management has several options Cause a deeper audit to be done if amount of loss appears substantial Terminate employee responsible if loss is minimal File a claim to recover a loss from clients fidelity insurance agent Arrange with law enforcement agents to probe into the matter 72 Action upon proof of fraud or error
  73. 73. E M A C • If some proof of fraud exists, management has several options Engage a private investigator to probe into the loss and document it for claim purpose/prosecution Disregard losses if minimal and tighten controls Alert the directors, audit committees or the Board 73 Action upon proof of fraud or error
  74. 74. E M A C • Strong internal Control System is not a warrant from fraud Entityshould have an effective anti-fraud and corruption strategy which is aimed at encouraging prevention, promote early detection and respond to concern raised Awareness programs to employees Screening job applicants Sound corporate policy on fraud AVOID atmosphere of distrust and paranoia by over-emphasising fraud deterrence 74 Fraud deterrence measures
  75. 75. E M A C • Management should ensure enforcement of compliance with operations SOPs • Risk management function should be embedded in business activities • Internal audit should be proactively risk based 75 Fraud Deterrence –three lines of defense
  76. 76. E M A C • It is important to stick to facts, and to discount hearsay, rumour, or opinion and record what is relevant to the cause of the incident and its effect • Audit reports on fraud and other improprieties should be addressed to the right person who can take action 76 Fraud Risk Reporting
  77. 77. E M A C Report must contain all details of fraud Must provide framework to analyse the fraud case Must enable the user to develop improved management and security policies and detect and prevent fraud. Investigation and reporting should proceed in such a way that the outcome will be litigated. Recording exact times, data, names of person and specific; description of evidence are critical in civil or criminal investigation or litigation 77 Fraud reporting
  78. 78. E M A C Managing Fraud is Your professional Responsibility Management Commitment Recognize Relevant Fraud Schemes Identify High Key Risk indicators Establish Prevention/Detection /Responsive Measures 78 Conclusion
  79. 79. E M A C PRMIA GARP IRM PERI 79 Sources of Learning