The document outlines strategies for implementing an effective anti-fraud program, including establishing governance, conducting fraud risk assessments, implementing prevention and detection controls, investigating fraud allegations, and taking corrective actions. It discusses benchmarking existing anti-fraud activities, defining roles and responsibilities, identifying key risk categories and schemes, measuring risks, and prioritizing next steps such as obtaining management buy-in and continuously improving prevention and detection efforts. The overall goal is to prevent, detect, and address fraud through a formal, collaborative anti-fraud program.
On December 5, 2013, Ron Steinkamp, principal, government advisory services at Brown Smith Wallace, presented at the 2013 MIS Training Institute Governance, Risk & Compliance Conference. Ron focused on the following keys to fraud prevention, detection and reporting:
1. Anti-fraud culture
2. Fraud policy
3. Fraud awareness/training
4. Hotline
5. Assess fraud risks
6. Review/investigation
7. Improved controls
On December 5, 2013, Ron Steinkamp, principal, government advisory services at Brown Smith Wallace, presented at the 2013 MIS Training Institute Governance, Risk & Compliance Conference. Ron focused on the following keys to fraud prevention, detection and reporting:
1. Anti-fraud culture
2. Fraud policy
3. Fraud awareness/training
4. Hotline
5. Assess fraud risks
6. Review/investigation
7. Improved controls
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
Study Flashcards On CISA Domain 4 Information Systems Operations, Maintenance and Support at Cram.com. Quickly memorize the terms, phrases and much more. Infosectrain.com makes it easy to get the grade you want!
Most companies have ethics and compliance policies in place and those policies usually include training for employees. That training typically includes material about policies prohibiting discrimination and harassment, bribery and excessive gift-giving. But it usually does not teach employees how to recognize signs of fraud and how to report them.
Employee fraud awareness training is one of the most important ways your company can protect itself from fraud which, according to the Association of Certified Fraud Examiners, costs the average company five per cent of its revenues every year.
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
The presentation provides overall insight of operational fraud risk management. It explains the operational fraud risk and mitigation strategies. The role of Internal audit and audit committee is further exemplified
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
Study Flashcards On CISA Domain 4 Information Systems Operations, Maintenance and Support at Cram.com. Quickly memorize the terms, phrases and much more. Infosectrain.com makes it easy to get the grade you want!
Most companies have ethics and compliance policies in place and those policies usually include training for employees. That training typically includes material about policies prohibiting discrimination and harassment, bribery and excessive gift-giving. But it usually does not teach employees how to recognize signs of fraud and how to report them.
Employee fraud awareness training is one of the most important ways your company can protect itself from fraud which, according to the Association of Certified Fraud Examiners, costs the average company five per cent of its revenues every year.
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
The presentation provides overall insight of operational fraud risk management. It explains the operational fraud risk and mitigation strategies. The role of Internal audit and audit committee is further exemplified
Essentials of a Highly Effective Employee Fraud Awareness ProgramFraudBusters
Webinar series from FraudResourceNet LLC on Preventing and Detecting Fraud in a High Crime Climate. Recordings of these Webinars are available for purchase from our Website fraudresourcenet.com
This Webinar focused on the subject in the title
FraudResourceNet (FRN) is the only searchable portal of practical, expert fraud prevention, detection and audit information on the Web.
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The role of internal auditors in fraud risk management and the skill sets required in the current scenario...
The focus of audit has to change from transaction audit to value addition..
По окончании курса Вы будете:
- понимать принципы и методы проведения аудита;
- уметь планировать и подготавливать внутренний аудит;
- собирать и анализировать объективные свидетельства;
- выполнять аудит и составлять отчет
Пройти тестирование и ПОЛУЧИТЬ СЕРТИФИКАТ: http://vk.cc/2h2oEn
При поддержке Центра поддержки предпринимателей по вопросам сертификации http://iso.kiev.ua/
Forensic accountants use many tools to fine tune their fraud investigation process, yielding useable results during any fraud investigation. Learn more here.
The law firm's investment management practice represents a full range of U.S. domestic and non-U.S. clients
in all aspects of their organization and operations. Our clients include start-up investment managers/advisers and
investment funds, seasoned private equity and venture capital professionals and established/industry-recognized investment companies and institutions.
This presentation will give users a general overview of many aspects of the industry and its purpose, including:
• The benefits of hedge fund investing
• Who invests in hedge funds?
• Who regulates the hedge fund industry?
• The various strategies and types of hedge funds
• How do hedge funds generate returns for their investors
Learn more about the global hedge fund industry at: www.hedgefundfundamentals.com.
Presented at the MENA-OECD Business Integrity Training, 22-25 April, Kuwait. Organised by the MENA-OECD Investment Programme in cooperation with the IMF-Middle East Center for Economics and Finance
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
We will cover:
• Brief overview of the Standard content
• What is Risk Management?
• Guidance on how to position Risk Management in an organization
• Three examples of where Risk Management must be considered
Presenter:
This webinar will be presented by Steve Tremblay, Owner and Executive ITSM/ISO Consultant at Excelsa Tech.
On Tuesday, 23 September, MCRB hosted a half-day workshop on “Anti-Corruption Programmes” for Myanmar businesses in Yangon. The workshop, held in collaboration with Spectrum – a Yangon-based sustainable development knowledge network - was the first in a series of events to follow-up on the Transparency in Myanmar Enterprises (TiME) report and build business capacity in the area of anti-corruption and human rights.
From Bolt-on to Built-inManaging Risk as an Integral Part of Managing an Organization
New Horizons in Corporate Risk Management April 5, 2016 Moscow, Russia
Vincent Tophoff, International Federation of Accountants (IFAC)
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
2. MIS Training Institute Session 13 - Slide 2
n We will NOT discuss:
u The definition of Fraud
u Types & Categories of Fraud
u Why people commit fraud
n What we will do:
u Discuss steps for you to use in implementing your anti-fraud
program (“AFP”)
u Assess and understand fraud management & forensic
accounting techniques
u Understand what is necessary for an anti-fraud program to be
effective in your organization
u Review tools that can be used by you in implementing an anti-
fraud program
Key Points
3. MIS Training Institute Session 13 - Slide 3
Anti-Fraud Program Objective
Prevent or detect the occurrence of fraud and
implement proactive solutions to reduce or
eliminate fraud’s effects on the organization…
4. MIS Training Institute Session 13 - Slide 4
Before We Begin, Remember…
The design of an organization’s formal and
effective anti-fraud program evolves from the
collaborative efforts of executive
management, oversight committees, and
specific departments within the organization…
5. MIS Training Institute Session 13 - Slide 5
n Benchmark
What are we doing now?
u “Routine” Audits
u SOX & other regulatory audits
u Code of Conduct
u Management Oversight (financial
reconciliation, expense reporting
reviews, etc.)
Pre -Implementation Steps
What can we be doing?
Continuous Assurance
Training (auditors, business owners)
Anti-fraud audit procedures
Enhanced Due Diligence procedures
(employee hiring, vendor on-boarding,
etc.)
Management Buy-In
Potential cost savings
Ex. 5% (per ACFE the avg. loss) X Gross
Expenses
Operational Improvements
Strengthen Control Environment
Identify Operational Efficiencies
Risks lead to Opportunities
VS.
6. MIS Training Institute Session 13 - Slide 6
Benchmark/GAP Analysis
Identify “Best Practices” and other sources to
Benchmark existing activities against to identify
elements already established…
Analyze current procedures and protocols to
determine if applicable to anti-fraud initiatives…
Engage others within your organization and
executive management to provide feedback on
existing practices…
Document and present your analysis…
Element Activity
Exceeds
Expectations
Meets
Expectations
Does Not Meet
Expectations
Responsible
Party(s)
Enhancement Opportunities
Prevention
Anti-Fraud
Training
X Compliance
Begin training within specific
departments (i.e. Acctg.)
Investigation
& Corrective
Action
Investigative
process is clearly
defined
X
Compliance &
Security
Formalize investigation process
and define specific roles &
responsibilities
Detection
Analytical
Reviews
X Internal Audit
Review analytical programs to
determine if enhancement areas
exist
Assign activities to meet element objectives and determine if your program is
meeting those defined objectives…
7. MIS Training Institute Session 13 - Slide 7
Established Benchmark Guidance
Assess current procedures against established frameworks/guidance…
Identify opportunities for improvement (e.g. modify or implement
procedures, protocols, etc)...
IIA, ACFE and AICPA’s “Managing
the Business Risk of Fraud: A
Practical Guide”, April 2008
IIA’s International Professional Practices
Framework (“IPPF”) – Practice Guide:
“Internal Auditing and Fraud”, December 2009
8. MIS Training Institute Session 13 - Slide 8
1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of
fraud and the manner in which it is managed by the organization, but are not
expected to have the expertise of a person whose primary responsibility is to detect
and investigate fraud;
1220.A1 – Internal auditors must exercise due professional care by considering
the...probability of significant errors, fraud, or noncompliance...;
2120.A2 – The internal audit activity must evaluate the potential for the
occurrence of fraud and how the organization manages fraud risk;
2210.A2 – Internal auditors must consider the probability of significant errors,
fraud, noncompliance, and other exposures when developing the engagement
objectives; and
2060 – The chief audit executive must report periodically to senior management
and the board of directors on the internal audit activity’s purpose, authority,
responsibility, and performance relative to its plan. Reporting must also include
significant risk exposures and control issues, including fraud risks, governance
issues, and other matters needed or requested by senior management and the
board of directors.
IIA Fraud Standards
Guidance provided by The IIA’s International Professional Practices Framework
9. MIS Training Institute Session 13 - Slide 9
Governance - The program should include a written policy (or policies)
to convey the expectations of the board of directors and the executive
management team regarding managing fraud risk.
Fraud Risk Assessment - An organization’s fraud risk exposure should
be assessed periodically by the organization to identify specific scenarios
that the organization needs to mitigate.
Prevention - Prevention techniques to avoid potential key fraud risk
events should be established, where feasible, to mitigate possible impacts
on the organization.
Detection - Detection techniques should be established to uncover fraud
events when preventive measures fail or unmitigated risks are realized.
Investigation & Corrective Action - A reporting process should be in
place to solicit input on potential fraud and a coordinated approach to
investigation and corrective action should be used to help ensure potential
fraud is addressed appropriately and timely. The investigative function
should be coordinated between appropriate parties selected by
management.
Anti-Fraud Program Elements
10. MIS Training Institute Session 13 - Slide 10
Benchmark/Gap Analysis
Elements of Effective
Anti-Fraud
Management
Executive
Leadership
Compliance Legal Audit Security Accounting HR
Tone at the Top X
Code of Conduct X X
Establish & Maintain System of
Internal Controls
X X
Internal Control Reviews X
Deter & Detect Potential Conflicts
of Interest
X X
Hotline Administration X
Investigation of Fraud
Allegations
X X X X
Referral to Law Enforcement X
Fraud & Compliance Awareness
Training
X X
Civil Litigation and Recovery of
Losses Due to Fraud
X
Corrective Actions / Remediation
to Prevent Recurrences of Fraud
X
Proactive Fraud Auditing X
Fraud Risk Assessment X X
Employee Assistance Program X
Responsibility matrices can assist you in identifying and assigning responsibilities…
Use the matrix to benchmark, clearly define roles & responsibilities and periodic
evaluations…
11. MIS Training Institute Session 13 - Slide 11
Governance
Image obtained from the ACFE’s article “Who Owns Fraud? Uniting Everyone to Effectively Manage the Anti-Fraud Program” by Dan Tropey,
CPA and Mike Sherrod, CFE, CPA
12. MIS Training Institute Session 13 - Slide 12
Governance Best Practices
Formal Anti-Fraud Policy – conveying the expectations of the board of
directors and executive management. The policy (or policies) can include:
Organization’s Definition of Fraud
Organization’s attitude toward fraud (i.e. Zero-Tolerance, Materiality)
Relationship between anti-fraud and Code of Conduct
Summary of Fraud Control Strategies
Overview of Fraud Risk Management functions
Procedures for Reporting Fraud (i.e. Whistleblower Hotline)
HR Employment Conditions and Processes
Investigation Procedures (e.g. Confidentiality Protocol, Privilege, Fraud
Response Management, Root-Cause Analysis)
Department/Committee Roles & Responsibilities
Attitude towards retaliation
14. MIS Training Institute Session 13 - Slide 14
Risk Assessment - Categories
*Refer to the 2010 Report to the Nations on Occupational Fraud and Abuse, ACFE
Present your “FRA” at a level that board members/executive management can
understand…
Use these categories and a Top-Down approach to build your Fraud Scheme
Repository …
15. MIS Training Institute Session 13 - Slide 15
Risk Assessment – Fraud Scheme Mngt.
Using the categories defined for presentation purposes build a granular fraud
scheme repository specific to your organization’s activities & risks…
The repository schemes can then be tracked and measured at a granular level
and rolled up to assist in measuring the sub-risk and categories…
Vendor A is required to pay the bidding manager
$2,000 to participate in the bidding process
Extortion Corruption
Funds are misappropriated to a shell company.
Vendor setup is colluding with accounts payable.
Fraudulent Disbursement
– Billing Scheme
Asset
Misappropriation
Management has decided to book revenue for items
shipped and ships items to meet expectations.
Financial – Fictitious
Revenues
Fraudulent
Statements
KPIs Mitigation Actions
1. Hotline Statistics 1. SOX Controls
2. SEC Enforcement Actions 2. Audit Procedures
Fraud Scheme Sub Risk Category
16. MIS Training Institute Session 13 - Slide 16
Risk Assessment - Measures
KPIs and Mitigating Activities provide “real” data to support your assessment;
however, Management should be updated and risks ranked by using the…
Magnitude (i.e. Significance):
High (3) = > $10 Million
Med (2) = Between $4 Million and $10 Million
Low (1) = < $4 Million
Likelihood (i.e. Controls, Mitigating Activity):
Strong (1) = Preferred Practice
Good (2) = Adequate
Low (3) = Needs Improvement
Likelihood (i.e. Pressure, Occurrence):
High (3) = Significant pressure
Med (2) = Moderate pressure
Low (1) = Little to no pressure
Magnitude + Likelihood [(Controls) + (Pressure)] = Rank
$s should reflect your Organization’s Appetite
17. MIS Training Institute Session 13 - Slide 17
Risk Assessment - Presentation
Magnitude
Major >$50M 5
Substantial >$25M 4
Moderate >$ 10M 3
Minor >$1M 2
Insignificant <$1M 1
Define how Financial Impact
is measured (i.e. Net Income,
Revenues, etc.)
1 2 3 4 5
Remote Unlikely Possible Likely
Almost
Certain
Likelihood
12
11
3
10
4
6
5
14
13
2
15
9
8
1
7
Heat Map Other Measures
(1) Velocity – Measurement of
the rate of change…
Measure as Immediate, Rapid or
Slow
(2) Risk – Gross & Residual
Gross before Mitigating Activities
and Residual Measures After
Measure as High, Medium or
Low
18. MIS Training Institute Session 13 - Slide 18
Prevention
Prevention techniques are as varied as the industries and size of businesses we
work in…
Exit Interviews
SecurityCameras
SOX/ICFR
19. MIS Training Institute Session 13 - Slide 19
Prevention – Keep your Ears on the Track
Continue to improve & enhance these activities based on past experiences, new
concepts and information from your fraud risk assessment…
1. Integrate current activities with anti-fraud objectives
2. Continue to assess preventative activities as part audit and SOX
procedures and identify ways to improve prevention activities
3. Adjust preventive activities based upon new ideas, frauds, etc.
4. Seek feedback from business owners
5. Try to stay ahead of the Fraudster by educating yourself and your team
20. MIS Training Institute Session 13 - Slide 20
Detection
Structured
Audits
Fraud Training/Planning embedded in plan
Fraud-Specific Audits
Other Department Audits
Continuous Assurance
Base review areas on Assessment
Analytic Tools
SOX/IFRS Control Reviews
Whistleblower Programs
Analytical Financial Data Reviews
Unstructured
Emails , Instant Messages
Key Word Searches
Base on high risk areas
Memos, Contracts, Invoice Details, etc.
Dates, $s, names, etc.
21. MIS Training Institute Session 13 - Slide 21
Detection – Use Existing Knowledge
Leading & Lagging Indicators
1. Hotline Complaints
2. Fraud Risk Research Stats
3. New Audits w/ Fraud Objectives
1. Ratio Analysis
2. Prior Audit Findings
3. Hotline Complaint Trends
Audit Planning & Testing Training
SOX/ICFR Testing
Continuous Monitoring Focus Areas
Fraud Risk Assessment
AuditPlanning
Policy ObjectivesManagement/Employee Awareness
22. MIS Training Institute Session 13 - Slide 22
Detection – Fraud Materiality
Materiality is a concept or convention within auditing and accounting relating
to the importance/significance of an amount, transaction, or discrepancy
FRAUD HAS NO MATERIALITY
1. Define your company’s fraud appetite
2. Review local laws/regulations for guidance on
criminal fraud amounts
3. Project potential total losses over time
ASSESS & DECIDE
23. MIS Training Institute Session 13 - Slide 23
Concept of Forensic Accountant vs. Fraud Manager
Forensic accountants are experienced auditors,
accountants, and investigators of legal and financial
documents that are hired to look into possible
suspicions of fraudulent activity within a company…
Whereas various individuals are fraud managers in
that they assist in the deterrence and/or detection
of fraud or indications of fraud…
24. MIS Training Institute Session 13 - Slide 24
Investigation & Corrective Action
1. A reporting process should be in place to solicit input on
potential fraud.
2. A coordinated approach to investigation and corrective action
should be used to help ensure potential fraud is addressed
appropriately and timely (“Fraud Response Plan”).
3. The investigative function should be coordinated between appropriate parties
selected by management (Who is the quarterback?).
4. The function should clearly define the roles and responsibilities of identifying,
responding and reporting to an alleged fraud. Including internal and external
resources. Build the investigation team based upon skill sets.
5. Each part of the investigative process should be clearly documented and
reported. Legal should be involved within the process to provide guidance.
6. Maintain consistent disciplinary procedures. “Set the tone” within the
organization with respect to fraud.
7. As part of this process management should review the investigation’s findings
to determine what the appropriate follow-up should be.
8. The investigative team should also review periodically their process to
determine if there are improvement opportunities (i.e. learning roundtables).
25. MIS Training Institute Session 13 - Slide 25
Investigation & Corrective Action
Corrective actions can include a root-cause analysis, internal control
or process improvement reviews and/or criminal or civil actions…
Coordinate remediation action steps across business units
Utilize the investigation findings to determine the
likelihood of the potential fraud risk from reoccurring and
learn how to effectively mitigate the action
Determine the value of
your actions and present
to management
26. MIS Training Institute Session 13 - Slide 26
Now What?
Prioritize Your Next Steps
•Management Buy In
•Explain the value (Regulations or $ Savings)
•Find your place at the “Table”
•Internal Audits Role
•Define your Plan
•Risk Assessment, Detection/Prevention
•Measure, Assess and Adjust
•Manage resources efficiently and effectively
NEVER Stop Thinking of New Ways to Prevent or Detect Fraud
Conformance with anti-fraud elements allows an organization to strengthen the awareness of fraud risks, assign responsibility, provide assurance that fraud risk information is current and accurate, and ensure that vulnerability to fraud is properly addressed. Management should tailor the design of the anti-fraud program to fit the needs and objectives of the organization and ensure that the program’s benefits outweighs its costs.
It is important to define roles & responsibilities. Each department/employee has specific skill sets that can assist in benefitting the overall program. Governance tends to address structures and processes for decision-making, direction, accountability, control, and behaviors within organizations. The goal of governance is to provide safeguards enabling organizations to achieve their objectives. Governance does not exist as a separate set of structures, activities, functions, arrangements and processes. There are relationships that must exist between the organization’s governing board, executive leadership, risk management, compliance, quality, and assurance providers like internal and external auditors. These relationships must be in harmony if the organization is to achieve its objectives and satisfy stakeholder expectations.
Effective governance begins with an understanding of the roles and responsibilities among the various participants (stakeholders, governing board, executive leader, senior management, employees, partners, suppliers, customers…) in determining the direction and performance of the organization. ASSIGN A LEADER……
Corporate governance is the set of processes, customs, policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. Corporate governance also includes the relationships among the many stakeholders involved and the goals for which the corporation is governed. In contemporary business corporations, the main external stakeholder groups are shareholders, debtholders, trade creditors, suppliers, customers and communities affected by the corporations activities. Internal stakeholders are the board of directors, executives, and other employees. An important theme of corporate governance is the nature and extent of accountability of particular individuals in the organization.
It is important to define roles & responsibilities. Each department/employee has specific skill sets that can assist in benefitting the overall program. Writing these components in a formal document explains to employees the importance of anti-fraud within the organization as well as alerts to various aspects of the program (i.e. reporting procedures, contacts, etc.)
Use surveys, interviews KPIS and facilitated sessions
How granular do you go? Depends on your organization. No such thing as one size fits all.
Fraud Scheme Repository…
Assessment should have $ parameters (i.e. materiality)
Assessments are subjective; however, use your granular stats (KPIs, Controls) to help gauge your measurements…..
Utilize the experience of others in the organization from various departments…
After Magnitude and Likelihood you can measure risk using velocity, gross/residual risk and others. Like KPIs, management discussions
Design prevention techniques specific to your business and its’ culture. MAKE IT KNOWN What you prohibit. Heard stories of emailing how employees were terminated – don’t recommend unless legal approves.
Provide staff/business owners with fraud articles to keep fraud on their mind…use different types as examples.
Structured vs. Unstructed Data (E&Y Concept)
Leading - # of complaints
Lagging - # of audit findings, ratio analysis (“after the fact, hindsight”)
What are your companies’ fraud indicators? Hotline, Audit Findings, Cont. Audit,
Use indicators to assist in your detection efforts
Fraud Materiality Concept: when to look during routine audits, control monitoring, CM – don’t waste resources
Discuss concept of fraud materiality (costs outweigh benefits). Ex. Go after $10 or $1Mil. Discuss concepts of ethical appetite.
Before our next section I want to introduce a concept that needs to be understood…While the investigation can be fun we all need to know our roles and how are unique skill sets can be used…
work privileges/Kovel Letter
Corrective Action: Internal Audit can provide feedback on controls, risk environment, process improvement opportunities. Quantify potential or actual savings (i.e. control can reduce waste and eliminating fraud). Follow Up on issue (depending on severity) with Audits. Add fraud into risk assessment KPIs and part of your Fraud RCM.