Fraud Risk Assessment- detection and prevention- Part- 2,
Fraud Risk Assessment (Part 2)Detection and Prevention TechniquesTAHIR ABBASCIA,CISA,CFE,CRMA
The only certainty is uncertaintyEvent:Occurrence of a particular set of circumstances.Frequency:A measure of the number of occurrences per unit of time.Hazard:A source of potential harm or a situation with a potential tocause loss.Consequence:Outcome or impact of an event.Likelihood:A general description of probability or frequency.
Fraud Risk Assessment Foundations of an effective fraud risk management• Identify inherent fraud risk• Assess the likelihood and significance of inherent fraud risk• Developing a response to reasonably likely and significant inherent and residual fraud risk
Fraud Risk Assessment– Identify inherent fraud risk • Where could things go wrong • Industry, geo-political risks • Company risks – Incentive plans – Growth rate – Consolidation • Risk of management override– Assess the likelihood and significance of inherent fraud risk • Likelihood – remote, possible, probably • Significance – not just dollars; reputation, management time
Procurement Fraud Risk AssessmentCorruptionContextDocumentFraud Risk- List downLikelihoodImpactControl
Procurement Fraud Red Flags• Repeated awards to the • Awards to non-lowest same entity. bidder.• Competitive bidder • Contract scope changes. complaints and protests. • Numerous post-award• Complaints about quality contract change orders. and quantity. • Urgent need or sole• Multiple contracts awarded source. below the competitive • Questionable threshold. minority/disabled• Abnormal bid patterns. ownership.• Agent fees. •• Questionable bidder.
Key Principle for Fraud Risk Management• As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk• Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.• Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.• Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized a reporting process should be in place to solicit input on potential fraud, and a coordinated• Approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
Preventing Fraud – A Summary Create a culture of Honesty, Eliminate Opportunities Openness, and Assistance Implement Have good Employee internal controls Assistance Discourage Programs CollusionHave a Code of Ethics Provide tip hotlines Publicize company Create a Positive Create an policies Work expectation of Environment punishment Proactively audit Hire honest people and for fraud provide fraud awareness training Monitor employees
ControlsExistence of a control even ifnon operational can be adeterrent and act as a realcontrol
Deterrence and PreventionDeterrence modifies the persons behavior throughperception of being caught and being punishedwhile Prevention focuses on removing the root cause of theproblem, hence prevention and correction logically gotogether.
Prevention• Analytical reviews• Mandatory vacation• Job rotation• Surprise audit• Oversight• Employee education• Open door polices
PreventionDishonest employees may not commit a fraud if they knowthe organization has an oversight and confirmationprocess. After giving the code of ethics to all employees (inboth hard and soft copy if possible), require that they signa statement that says they have read and understood thecodes requirements and will comply with them. The fraudprevention plan should include an accountability matrix thatlists the anti-fraud functions and which staff have primary,secondary or a shared responsibility. This then eliminatesthe excuse of ignorance.
The Death Penalty For CorporationsIf we are going to consider the corporation to be a person and afford it the same kinds of rights and freedoms that are extended to the individual, perhaps it is time to revise the methods by which we hold the corporate "person" accountable. We should impose the same kind of punishments that we have established for individuals. If a corporation is convicted in the courts for a violation of law, we should curtail its freedom to conduct business for a period of time. In the event of repeat offenses, the penalties should be increased. In those instances where a corporation severely violates the public trust, it should cease to exist. The corporate charter should be revoked, the assets seized and the corporation dissolved.
Fraud Prevention ChecklistIs ongoing anti-fraud training provided to allemployees of the organization? Understand what constitutes fraud? Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss and decreased morale and productivity — been made clear to employees? Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely? Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
Fraud Prevention ChecklistIs an effective fraud reporting mechanism inplace? Have employees been taught how to communicate concerns about known or potential wrongdoing? Is there an anonymous reporting channel available to employees, such as a third-party hotline? Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal? Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
Fraud Prevention ChecklistAre strong anti-fraud controls in place andoperating effectively, including thefollowing? Proper separation of duties Use of authorizations Physical safeguards Job rotations Mandatory vacations
Detection– Process controls– Anonymous Reporting/hotline– Internal Audit– Benchmark– Measurements– Computer Checks for Anomalies– Interviews
Forensic AccountingForensic accounting or financial forensics isthe specialty practice area of accountancy thatdescribes engagements that result from actual oranticipated disputes or litigation. "Forensic" means"suitable for use in a court of law", and it is to thatstandard and potential outcome that forensicaccountants generally have to work. Forensicaccountants, also referred to as forensic auditorsor investigative auditors, often have to give expertevidence at the eventual trial.
Forensic AuditingForensic auditing is a type of auditing thatspecifically looks for financial misconduct,and abusive or wasteful activity.It is most commonly associated withgathering evidence that will be presentedin a court of law as part of a financial crimeor a fraud investigation.
Forensic Accounting Factors• Time: Forensic accounting focuses on the past, although it may do so in order to look forward (e.g., damages, valuations).• Purpose: Forensic accounting is performed for a specific legal forum or in anticipation of appearing before a legal forum.• Peremptory: Forensic accountants may be employed in a wide variety of risk management engagements within business enterprises as a matter of right, without the necessity of allegations (e.g., proactive).
Forensic Audit Approaches• Direct methods involve probing missing income by pointing to specific items of income that do not appear on the tax return. In direct methods, the agents use conventional auditing techniques such as looking for canceled checks of customers, deed records of real estate transactions, public records and other direct evidence of unreported income.• Indirect methods use economic reality and financial status techniques in which the taxpayer’s finances are reconstructed through circumstantial evidence.
Indirect MethodsAn indirect method should be used when:• The taxpayer has inadequate books and records• The books do not clearly reflect taxable income• There is a reason to believe that the taxpayer has omitted taxable income• There is a significant increase in year-to-year net worth• Gross profit percentages change significantly for that particular business• The taxpayer’s expenses (both business and personal) exceed reported income and there is no obvious cause for the difference
How internal controls Can detect fraud?• Can internal controls detect fraud?
Method for detecting frauds• Percentage markup method for proving income• Data Analysis• Fraud Assessment tools• Bedford analysis• Link Analysis• Interviewing strategies• Linguistic Text Analysis
Link AnalysisGiven the complexity of serious fraud investigations, and the significantnumber of individuals and entities ordinarily involved, the employmentof an analytic procedure known as link network diagramming -commonly referred to as link analysis - should be considered tofacilitate the investigation and case structuring. Link analysis isessentially a graphic method for integrating and displaying largeamounts of data which are related to complicated criminal activitiesand civil wrongs. The construction of a link analysis diagram shouldenhance the integration and presentation of relevant evidence orinformation that is:• connected to various financial accounts, individuals and entities;• collected by or from different sources; and• spread over a protracted period of time.
Link AnalysisEssentially, the link analysis technique is comprised of two sequentialsteps. The first step is the conversion of written material containingsummaries of investigative findings into a graphic form called anassociation matrix. The second step is the conversion of the matrixinto a diagram intended to facilitate understanding of the relationshipscontained therein. The association matrix is essentially an interim stepin producing graphic material to assist investigators, prosecutors andcivil litigation counsel. The goal is the development of pictorial datawhich clearly shows the relationships between people, organizationsand activities. It allows an analyst or a trier-of-fact ready access to thebig picture in complex matters. As the final diagram depictsrelationships (or links) between people, organizations and activities,the generally accepted name for such pictorial data is a link analysisdiagram.
Linguistic Text Analysis Lack of self-reference Euphemisms Verb tense Alluding to actions Answering Q with Q Lack of Detail Equivocation Narrative balance Oaths Mean Length
Linguistic Text Analysis• ON SLIDE NO 77 AND 78 OF FIRST PART PRESENTATION ALREADY PROVIDED• http://www.fraud-magazine.com/article.aspx?id=4294971184
11 vital questions to answer within the first 24 hours of a fraud allegation:• Does the alleged activity constitute fraud?• Who is involved?• How should those who were involved in the fraud be handled?• Are there any co-conspirators?• How much was lost to fraud?• During what period did the fraud occur?• How did the fraud occur?• How was the fraud identified?• Could the fraud have been detected earlier?• What can be done to prevent similar frauds?• Should the conduct be disclosed to the authorities?
Tone at top• What is the “tone at the top”?• Major fraud factors – Meeting analysts’ expectations – Compensation and incentives – Pressure to reach goals• Why employees don’t report unethical conduct????
Tone at top• COMMON ETHICAL VIOLATIONS• Abusive or intimidating behavior of superiors toward employees (21 percent)• Lying to employees, customers, vendors, or the public (19 percent)• A situation that places employee interests over organizational interests (18 percent)• Violations of safety regulations (16 percent)• Misreporting actual time or hours worked (16 percent)
COMMON ETHICAL VIOLATIONSStealing, theft, or related fraud (11 percent)• Sexual harassment (9 percent)• Provision of goods or services that fail to meetspecifications (8 percent)• Misuse of confidential information (7 percent)• Price fixing (3 percent)• Giving or accepting bribes, kickbacks, or inappropriate gifts(3 percent)• E-mail and Internet abuse (13 percent)• Discrimination on the basis of race, color, gender, age, orsimilar categories (12• percent)