Uploaded bychris75308
PPTX, PDF2,885 views

Anti fraud program

The document outlines strategies for implementing an effective anti-fraud program, including establishing governance, conducting fraud risk assessments, implementing prevention and detection controls, investigating fraud allegations, and taking corrective actions. It discusses benchmarking existing anti-fraud activities, defining roles and responsibilities, identifying key risk categories and schemes, measuring risks, and prioritizing next steps such as obtaining management buy-in and continuously improving prevention and detection efforts. The overall goal is to prevent, detect, and address fraud through a formal, collaborative anti-fraud program.

Embed presentation

Downloaded 100 times
Strategies for Implementing a Formal and Effective Anti-Fraud Program Josh Shilts CPA/CFF, CFE
MIS Training Institute Session 13 - Slide 2 n We will NOT discuss: u The definition of Fraud u Types & Categories of Fraud u Why people commit fraud n What we will do: u Discuss steps for you to use in implementing your anti-fraud program (“AFP”) u Assess and understand fraud management & forensic accounting techniques u Understand what is necessary for an anti-fraud program to be effective in your organization u Review tools that can be used by you in implementing an anti- fraud program Key Points
MIS Training Institute Session 13 - Slide 3 Anti-Fraud Program Objective Prevent or detect the occurrence of fraud and implement proactive solutions to reduce or eliminate fraud’s effects on the organization…
MIS Training Institute Session 13 - Slide 4 Before We Begin, Remember… The design of an organization’s formal and effective anti-fraud program evolves from the collaborative efforts of executive management, oversight committees, and specific departments within the organization…
MIS Training Institute Session 13 - Slide 5 n Benchmark What are we doing now? u “Routine” Audits u SOX & other regulatory audits u Code of Conduct u Management Oversight (financial reconciliation, expense reporting reviews, etc.) Pre -Implementation Steps What can we be doing? Continuous Assurance Training (auditors, business owners) Anti-fraud audit procedures Enhanced Due Diligence procedures (employee hiring, vendor on-boarding, etc.) Management Buy-In Potential cost savings Ex. 5% (per ACFE the avg. loss) X Gross Expenses Operational Improvements Strengthen Control Environment Identify Operational Efficiencies Risks lead to Opportunities VS.
MIS Training Institute Session 13 - Slide 6 Benchmark/GAP Analysis Identify “Best Practices” and other sources to Benchmark existing activities against to identify elements already established… Analyze current procedures and protocols to determine if applicable to anti-fraud initiatives… Engage others within your organization and executive management to provide feedback on existing practices… Document and present your analysis… Element Activity Exceeds Expectations Meets Expectations Does Not Meet Expectations Responsible Party(s) Enhancement Opportunities Prevention Anti-Fraud Training X Compliance Begin training within specific departments (i.e. Acctg.) Investigation & Corrective Action Investigative process is clearly defined X Compliance & Security Formalize investigation process and define specific roles & responsibilities Detection Analytical Reviews X Internal Audit Review analytical programs to determine if enhancement areas exist Assign activities to meet element objectives and determine if your program is meeting those defined objectives…
MIS Training Institute Session 13 - Slide 7 Established Benchmark Guidance Assess current procedures against established frameworks/guidance… Identify opportunities for improvement (e.g. modify or implement procedures, protocols, etc)... IIA, ACFE and AICPA’s “Managing the Business Risk of Fraud: A Practical Guide”, April 2008 IIA’s International Professional Practices Framework (“IPPF”) – Practice Guide: “Internal Auditing and Fraud”, December 2009
MIS Training Institute Session 13 - Slide 8 1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is to detect and investigate fraud; 1220.A1 – Internal auditors must exercise due professional care by considering the...probability of significant errors, fraud, or noncompliance...; 2120.A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk; 2210.A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives; and 2060 – The chief audit executive must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board of directors. IIA Fraud Standards Guidance provided by The IIA’s International Professional Practices Framework
MIS Training Institute Session 13 - Slide 9 Governance - The program should include a written policy (or policies) to convey the expectations of the board of directors and the executive management team regarding managing fraud risk. Fraud Risk Assessment - An organization’s fraud risk exposure should be assessed periodically by the organization to identify specific scenarios that the organization needs to mitigate. Prevention - Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. Detection - Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Investigation & Corrective Action - A reporting process should be in place to solicit input on potential fraud and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. The investigative function should be coordinated between appropriate parties selected by management. Anti-Fraud Program Elements
MIS Training Institute Session 13 - Slide 10 Benchmark/Gap Analysis Elements of Effective Anti-Fraud Management Executive Leadership Compliance Legal Audit Security Accounting HR Tone at the Top X Code of Conduct X X Establish & Maintain System of Internal Controls X X Internal Control Reviews X Deter & Detect Potential Conflicts of Interest X X Hotline Administration X Investigation of Fraud Allegations X X X X Referral to Law Enforcement X Fraud & Compliance Awareness Training X X Civil Litigation and Recovery of Losses Due to Fraud X Corrective Actions / Remediation to Prevent Recurrences of Fraud X Proactive Fraud Auditing X Fraud Risk Assessment X X Employee Assistance Program X Responsibility matrices can assist you in identifying and assigning responsibilities… Use the matrix to benchmark, clearly define roles & responsibilities and periodic evaluations…
MIS Training Institute Session 13 - Slide 11 Governance Image obtained from the ACFE’s article “Who Owns Fraud? Uniting Everyone to Effectively Manage the Anti-Fraud Program” by Dan Tropey, CPA and Mike Sherrod, CFE, CPA
MIS Training Institute Session 13 - Slide 12 Governance Best Practices Formal Anti-Fraud Policy – conveying the expectations of the board of directors and executive management. The policy (or policies) can include: Organization’s Definition of Fraud Organization’s attitude toward fraud (i.e. Zero-Tolerance, Materiality) Relationship between anti-fraud and Code of Conduct Summary of Fraud Control Strategies Overview of Fraud Risk Management functions Procedures for Reporting Fraud (i.e. Whistleblower Hotline) HR Employment Conditions and Processes Investigation Procedures (e.g. Confidentiality Protocol, Privilege, Fraud Response Management, Root-Cause Analysis) Department/Committee Roles & Responsibilities Attitude towards retaliation
MIS Training Institute Session 13 - Slide 13 Identify Plan Risk Assessment Process
MIS Training Institute Session 13 - Slide 14 Risk Assessment - Categories *Refer to the 2010 Report to the Nations on Occupational Fraud and Abuse, ACFE Present your “FRA” at a level that board members/executive management can understand… Use these categories and a Top-Down approach to build your Fraud Scheme Repository …
MIS Training Institute Session 13 - Slide 15 Risk Assessment – Fraud Scheme Mngt. Using the categories defined for presentation purposes build a granular fraud scheme repository specific to your organization’s activities & risks… The repository schemes can then be tracked and measured at a granular level and rolled up to assist in measuring the sub-risk and categories… Vendor A is required to pay the bidding manager $2,000 to participate in the bidding process Extortion Corruption Funds are misappropriated to a shell company. Vendor setup is colluding with accounts payable. Fraudulent Disbursement – Billing Scheme Asset Misappropriation Management has decided to book revenue for items shipped and ships items to meet expectations. Financial – Fictitious Revenues Fraudulent Statements KPIs Mitigation Actions 1. Hotline Statistics 1. SOX Controls 2. SEC Enforcement Actions 2. Audit Procedures Fraud Scheme Sub Risk Category
MIS Training Institute Session 13 - Slide 16 Risk Assessment - Measures KPIs and Mitigating Activities provide “real” data to support your assessment; however, Management should be updated and risks ranked by using the… Magnitude (i.e. Significance): High (3) = > $10 Million Med (2) = Between $4 Million and $10 Million Low (1) = < $4 Million Likelihood (i.e. Controls, Mitigating Activity): Strong (1) = Preferred Practice Good (2) = Adequate Low (3) = Needs Improvement Likelihood (i.e. Pressure, Occurrence): High (3) = Significant pressure Med (2) = Moderate pressure Low (1) = Little to no pressure Magnitude + Likelihood [(Controls) + (Pressure)] = Rank $s should reflect your Organization’s Appetite
MIS Training Institute Session 13 - Slide 17 Risk Assessment - Presentation Magnitude Major >$50M 5 Substantial >$25M 4 Moderate >$ 10M 3 Minor >$1M 2 Insignificant <$1M 1 Define how Financial Impact is measured (i.e. Net Income, Revenues, etc.) 1 2 3 4 5 Remote Unlikely Possible Likely Almost Certain Likelihood 12 11 3 10 4 6 5 14 13 2 15 9 8 1 7 Heat Map Other Measures (1) Velocity – Measurement of the rate of change… Measure as Immediate, Rapid or Slow (2) Risk – Gross & Residual Gross before Mitigating Activities and Residual Measures After Measure as High, Medium or Low
MIS Training Institute Session 13 - Slide 18 Prevention Prevention techniques are as varied as the industries and size of businesses we work in… Exit Interviews SecurityCameras SOX/ICFR
MIS Training Institute Session 13 - Slide 19 Prevention – Keep your Ears on the Track Continue to improve & enhance these activities based on past experiences, new concepts and information from your fraud risk assessment… 1. Integrate current activities with anti-fraud objectives 2. Continue to assess preventative activities as part audit and SOX procedures and identify ways to improve prevention activities 3. Adjust preventive activities based upon new ideas, frauds, etc. 4. Seek feedback from business owners 5. Try to stay ahead of the Fraudster by educating yourself and your team
MIS Training Institute Session 13 - Slide 20 Detection Structured Audits  Fraud Training/Planning embedded in plan  Fraud-Specific Audits  Other Department Audits Continuous Assurance  Base review areas on Assessment  Analytic Tools SOX/IFRS Control Reviews Whistleblower Programs Analytical Financial Data Reviews Unstructured Emails , Instant Messages Key Word Searches Base on high risk areas Memos, Contracts, Invoice Details, etc. Dates, $s, names, etc.
MIS Training Institute Session 13 - Slide 21 Detection – Use Existing Knowledge Leading & Lagging Indicators 1. Hotline Complaints 2. Fraud Risk Research Stats 3. New Audits w/ Fraud Objectives 1. Ratio Analysis 2. Prior Audit Findings 3. Hotline Complaint Trends Audit Planning & Testing Training SOX/ICFR Testing Continuous Monitoring Focus Areas Fraud Risk Assessment AuditPlanning Policy ObjectivesManagement/Employee Awareness
MIS Training Institute Session 13 - Slide 22 Detection – Fraud Materiality Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy FRAUD HAS NO MATERIALITY 1. Define your company’s fraud appetite 2. Review local laws/regulations for guidance on criminal fraud amounts 3. Project potential total losses over time ASSESS & DECIDE
MIS Training Institute Session 13 - Slide 23 Concept of Forensic Accountant vs. Fraud Manager Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company… Whereas various individuals are fraud managers in that they assist in the deterrence and/or detection of fraud or indications of fraud…
MIS Training Institute Session 13 - Slide 24 Investigation & Corrective Action 1. A reporting process should be in place to solicit input on potential fraud. 2. A coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely (“Fraud Response Plan”). 3. The investigative function should be coordinated between appropriate parties selected by management (Who is the quarterback?). 4. The function should clearly define the roles and responsibilities of identifying, responding and reporting to an alleged fraud. Including internal and external resources. Build the investigation team based upon skill sets. 5. Each part of the investigative process should be clearly documented and reported. Legal should be involved within the process to provide guidance. 6. Maintain consistent disciplinary procedures. “Set the tone” within the organization with respect to fraud. 7. As part of this process management should review the investigation’s findings to determine what the appropriate follow-up should be. 8. The investigative team should also review periodically their process to determine if there are improvement opportunities (i.e. learning roundtables).
MIS Training Institute Session 13 - Slide 25 Investigation & Corrective Action Corrective actions can include a root-cause analysis, internal control or process improvement reviews and/or criminal or civil actions… Coordinate remediation action steps across business units Utilize the investigation findings to determine the likelihood of the potential fraud risk from reoccurring and learn how to effectively mitigate the action Determine the value of your actions and present to management
MIS Training Institute Session 13 - Slide 26 Now What? Prioritize Your Next Steps •Management Buy In •Explain the value (Regulations or $ Savings) •Find your place at the “Table” •Internal Audits Role •Define your Plan •Risk Assessment, Detection/Prevention •Measure, Assess and Adjust •Manage resources efficiently and effectively NEVER Stop Thinking of New Ways to Prevent or Detect Fraud
MIS Training Institute Session 13 - Slide 27 Questions

More Related Content

PDF
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
byDecosimoCPAs
 
PPTX
Aml 2010 benami_2017_taxbar
byMuhammad Ijaz Syed
 
PDF
Fraud Risk Assessment- detection and prevention- Part- 2,
byTahir Abbas
 
PDF
Enterprise Risk Management - Aligning Risk with Strategy and Performance
byResolver Inc.
 
PPTX
Risk & Risk Management
byansula
 
PDF
Risk based internal auditing
byFrederick Altum Pokoo-Aikins
 
PPTX
Practical approach to Risk Based Internal Audit
byManoj Agarwal
 
PPTX
Fraud Management ppt.pptx
byjaramulat
 
Fraud Prevention, Detection and Investigation in the Payday Advance Industry
byDecosimoCPAs
 
Aml 2010 benami_2017_taxbar
byMuhammad Ijaz Syed
 
Fraud Risk Assessment- detection and prevention- Part- 2,
byTahir Abbas
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
byResolver Inc.
 
Risk & Risk Management
byansula
 
Risk based internal auditing
byFrederick Altum Pokoo-Aikins
 
Practical approach to Risk Based Internal Audit
byManoj Agarwal
 
Fraud Management ppt.pptx
byjaramulat
 

What's hot

PPTX
Internal Audit Strategic Framework
byJeremy Cheng
 
PPTX
Enterprise Risk Management
byPYA, P.C.
 
PPTX
Fraud Investigation
bySalih Islam
 
DOCX
Audit committee and corporate governance
bySujathaN8
 
PDF
Risk Overview & Risk management
bySubhendu Datta
 
PPTX
The Role of Internal Audit
byArmeniaFED
 
PPTX
Chapter 2 internal control
byDr Manu H Natesh
 
PPTX
Case study on forensic audit
bySBS AND COMPANY LLP, CHARTERED ACCOUNTANTS
 
PPTX
Risk Culture, Risk What?
byIan Rich
 
PPTX
Forensic Accounting Scope
byinfantemiliya
 
PPTX
Fraud Risk and Control
byWeaverCPAs
 
PPT
Presentation on fraud prevention, detection & control
byDominic Sroda Korkoryi
 
PPTX
Chapter 7 -Internal check
bySaidiBuyera
 
PDF
Shaping Your Culture via Risk Appetite
byAndrew Smart
 
PPTX
Standards of Internal Audit
byKaran Puri
 
PDF
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
byZanders Treasury, Risk and Finance
 
PPT
operations risk management power point presentation.
byMiyelani Shibambo
 
PPTX
10 Key Principles of Operational Risk Management
byColleen Beck-Domanico
 
PPTX
Risk management
byManish Tiwari
 
PDF
Integrated assurance and the role of the PMO
byAssociation for Project Management
 
Internal Audit Strategic Framework
byJeremy Cheng
 
Enterprise Risk Management
byPYA, P.C.
 
Fraud Investigation
bySalih Islam
 
Audit committee and corporate governance
bySujathaN8
 
Risk Overview & Risk management
bySubhendu Datta
 
The Role of Internal Audit
byArmeniaFED
 
Chapter 2 internal control
byDr Manu H Natesh
 
Case study on forensic audit
bySBS AND COMPANY LLP, CHARTERED ACCOUNTANTS
 
Risk Culture, Risk What?
byIan Rich
 
Forensic Accounting Scope
byinfantemiliya
 
Fraud Risk and Control
byWeaverCPAs
 
Presentation on fraud prevention, detection & control
byDominic Sroda Korkoryi
 
Chapter 7 -Internal check
bySaidiBuyera
 
Shaping Your Culture via Risk Appetite
byAndrew Smart
 
Standards of Internal Audit
byKaran Puri
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
byZanders Treasury, Risk and Finance
 
operations risk management power point presentation.
byMiyelani Shibambo
 
10 Key Principles of Operational Risk Management
byColleen Beck-Domanico
 
Risk management
byManish Tiwari
 
Integrated assurance and the role of the PMO
byAssociation for Project Management
 

Viewers also liked

PPTX
Doc procurement anti fraud and anti-corruption
byMyron Duncan Burton Betshanger
 
PPTX
Shiltscpa accounting 101 presentation
bychris75308
 
PDF
Essentials of a Highly Effective Employee Fraud Awareness Program
byFraudBusters
 
PPTX
Merging forensics w data analytics
bychris75308
 
PPT
Tommy Seah speaks on CORRUPTION and FRAUD PREVENTION in Malaysia
byTommy Seah
 
PPTX
Департамент контроля и аудита Л'Этуаль
byLEtoile
 
PPT
A Paradigm Shift in Audit Process
byPadmapriya V
 
PPT
Внутренний аудитор. Курс обучения
byЦентр Поддержки Предпринимателей
 
PDF
Shilts Fraud Risk Assessment Deck
bychris75308
 
PPT
Internal Audit - A Comprehensive Risk Management tool
byRamesh Verma
 
PPTX
1 INSURANCE FRAUD TRAINING PRESENTATION
byJoseph Callahan
 
PPT
Falcon 012009
byNorthwest Card Association
 
PPT
Fight Fraud with Employee Fraud Training
byCase IQ
 
PPTX
Parul kumar hedge funds ppt
byvaibhav Kukreja
 
PPTX
Fraud Investigation Process And Procedures
byVeriti Consulting LLC
 
PPT
Fraud And Internal Controls Linked In April 2011
byJohn Hall, CPA - Keynote Speaker Consultant
 
PPT
Hedge funds. a basic overview
byMalik Law Group
 
PDF
Введение во Внутренний Контроль
byMGrow
 
PDF
What is a Hedge Fund?
byHedgeFundFundamentals
 
PDF
Hedge Funds 101
byHedgeFundFundamentals
 
Doc procurement anti fraud and anti-corruption
byMyron Duncan Burton Betshanger
 
Shiltscpa accounting 101 presentation
bychris75308
 
Essentials of a Highly Effective Employee Fraud Awareness Program
byFraudBusters
 
Merging forensics w data analytics
bychris75308
 
Tommy Seah speaks on CORRUPTION and FRAUD PREVENTION in Malaysia
byTommy Seah
 
Департамент контроля и аудита Л'Этуаль
byLEtoile
 
A Paradigm Shift in Audit Process
byPadmapriya V
 
Внутренний аудитор. Курс обучения
byЦентр Поддержки Предпринимателей
 
Shilts Fraud Risk Assessment Deck
bychris75308
 
Internal Audit - A Comprehensive Risk Management tool
byRamesh Verma
 
1 INSURANCE FRAUD TRAINING PRESENTATION
byJoseph Callahan
 
Falcon 012009
byNorthwest Card Association
 
Fight Fraud with Employee Fraud Training
byCase IQ
 
Parul kumar hedge funds ppt
byvaibhav Kukreja
 
Fraud Investigation Process And Procedures
byVeriti Consulting LLC
 
Fraud And Internal Controls Linked In April 2011
byJohn Hall, CPA - Keynote Speaker Consultant
 
Hedge funds. a basic overview
byMalik Law Group
 
Введение во Внутренний Контроль
byMGrow
 
What is a Hedge Fund?
byHedgeFundFundamentals
 
Hedge Funds 101
byHedgeFundFundamentals
 

Similar to Anti fraud program

PDF
fraud-risk-assessment-presentation.pdf
byJonasGeorgeSoriano
 
PPTX
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
byBillyCheuk
 
PPT
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
byCraig Taggart MBA
 
PPTX
fraud-controlin applications-and789.pptx
byhanningtonwamala1
 
PPT
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
byCraig Taggart
 
PDF
7 Keys to Fraud Prevention, Detection and Reporting
byBrown Smith Wallace
 
PPTX
Anti-Fraud Playbook_Eswatini.pptx
byMario Fazekas
 
PPTX
ACCA-IIA Singapore Seminar 2015 part 2 fraud risk governance
byBillyCheuk
 
PPT
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
byCraig Taggart MBA
 
PPTX
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
byGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
Risk of Fraud Managing Business Risk
byMuna D. Buchahin
 
PPT
Improving and Implementing Internal Controls
byTommy Seah
 
PDF
FRAUD RISK MANAGEMENT
byTommy Seah
 
PPTX
Fraud Prevention - St. Louis - March 6, 2015
byRon Steinkamp
 
PDF
Role of HR after discovering Fraud
byNational HRD Network
 
PPTX
Internal Control And Fraud 11-19-10
byEd Tobias
 
PPSX
Fraud Risk
byF a h a d Z a f a r (Bradford MBA)
 
DOCX
Accounts payable fraud
bycomplianceonline123
 
PDF
Fraud risk Managemen CS3-2-COSO-RyanHubbsVincentWalden.pdf
byBambang Purwantoro
 
PDF
Fraud Risk Assessment: An Expert’s Blueprint
byFraudBusters
 
fraud-risk-assessment-presentation.pdf
byJonasGeorgeSoriano
 
ACCA-IIA Singapore Seminar 2015 Part 3 Fraud Risk Assessment
byBillyCheuk
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
byCraig Taggart MBA
 
fraud-controlin applications-and789.pptx
byhanningtonwamala1
 
ComplianceOnline PPT Format 2015 Developing an Effective Fraud Risk Managemen...
byCraig Taggart
 
7 Keys to Fraud Prevention, Detection and Reporting
byBrown Smith Wallace
 
Anti-Fraud Playbook_Eswatini.pptx
byMario Fazekas
 
ACCA-IIA Singapore Seminar 2015 part 2 fraud risk governance
byBillyCheuk
 
Society of Corporate Compliance and Ethics SCCE 2015 developing an effective ...
byCraig Taggart MBA
 
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
byGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Risk of Fraud Managing Business Risk
byMuna D. Buchahin
 
Improving and Implementing Internal Controls
byTommy Seah
 
FRAUD RISK MANAGEMENT
byTommy Seah
 
Fraud Prevention - St. Louis - March 6, 2015
byRon Steinkamp
 
Role of HR after discovering Fraud
byNational HRD Network
 
Internal Control And Fraud 11-19-10
byEd Tobias
 
Fraud Risk
byF a h a d Z a f a r (Bradford MBA)
 
Accounts payable fraud
bycomplianceonline123
 
Fraud risk Managemen CS3-2-COSO-RyanHubbsVincentWalden.pdf
byBambang Purwantoro
 
Fraud Risk Assessment: An Expert’s Blueprint
byFraudBusters
 

Recently uploaded

PDF
Introduction to R Programming for Data Analysis and Statistics
byNusrat Gulbarga
 
PPTX
From economy-wide energy system optimization to energy affordability for cons...
byIEA-ETSAP
 
PPTX
National Art School Diploma
by897eemzixp
 
PDF
Doctoral of Philosophy Thesis Defense Slides
bysuchanadatta3
 
PPTX
report data gathering and procedure edz.pptx
byhoneycooo14
 
PPTX
Business Ethics ppt (1).pptx for grade 12
bysuayanabegail
 
PDF
Operations and Data Support Portfolio | Delbert Ross Wanjala Investor Relatio...
byDelbertRossWanjala
 
PPTX
SQL - Basics of Databases 101 Learning.pdf
byJainnS
 
PDF
Machine learning genrative AI and agents
bysakingul
 
PPTX
[DSC Europe 25] Milos Belcevic - Product Professional's Journey to Full-Stack...
byDataScienceConferenc1
 
PPTX
gas chromatograohy by Rasha Ibrahim.pptx
byri7061584
 
PPTX
EMTECH-LESSON-3.pptxggggggggggggggggggggggg
byERICADEMESA
 
PDF
Powering_AI-Ready_MySQL_MyVector_ProxySQL_v3.pptx.pdf
byAlkin Tezuysal
 
PDF
CodeMate_Autonomous_Engineering_Documents.pdf
byssuserc287c9
 
PPTX
Can AI see like a tourist? An exploration of Vision Language Models for autom...
byMODUL Technology GmbH
 
PDF
Big Data Full Course Introduction to End.pdf
byJainnS
 
PDF
Solution Sheet / Objectives management (2026)
byOptymyze
 
PDF
Data Processing (2026)
byOptymyze
 
PPTX
[DSC Europe 25] Predrag Maletic - Scaling AI in Banking – Our Strategic Journ...
byDataScienceConferenc1
 
PPTX
Recommended Practices for system studies with high shares of wind and solar
byIEA-ETSAP
 
Introduction to R Programming for Data Analysis and Statistics
byNusrat Gulbarga
 
From economy-wide energy system optimization to energy affordability for cons...
byIEA-ETSAP
 
National Art School Diploma
by897eemzixp
 
Doctoral of Philosophy Thesis Defense Slides
bysuchanadatta3
 
report data gathering and procedure edz.pptx
byhoneycooo14
 
Business Ethics ppt (1).pptx for grade 12
bysuayanabegail
 
Operations and Data Support Portfolio | Delbert Ross Wanjala Investor Relatio...
byDelbertRossWanjala
 
SQL - Basics of Databases 101 Learning.pdf
byJainnS
 
Machine learning genrative AI and agents
bysakingul
 
[DSC Europe 25] Milos Belcevic - Product Professional's Journey to Full-Stack...
byDataScienceConferenc1
 
gas chromatograohy by Rasha Ibrahim.pptx
byri7061584
 
EMTECH-LESSON-3.pptxggggggggggggggggggggggg
byERICADEMESA
 
Powering_AI-Ready_MySQL_MyVector_ProxySQL_v3.pptx.pdf
byAlkin Tezuysal
 
CodeMate_Autonomous_Engineering_Documents.pdf
byssuserc287c9
 
Can AI see like a tourist? An exploration of Vision Language Models for autom...
byMODUL Technology GmbH
 
Big Data Full Course Introduction to End.pdf
byJainnS
 
Solution Sheet / Objectives management (2026)
byOptymyze
 
Data Processing (2026)
byOptymyze
 
[DSC Europe 25] Predrag Maletic - Scaling AI in Banking – Our Strategic Journ...
byDataScienceConferenc1
 
Recommended Practices for system studies with high shares of wind and solar
byIEA-ETSAP
 

Anti fraud program

  • 1.
    Strategies for Implementinga Formal and Effective Anti-Fraud Program Josh Shilts CPA/CFF, CFE
  • 2.
    MIS Training InstituteSession 13 - Slide 2 n We will NOT discuss: u The definition of Fraud u Types & Categories of Fraud u Why people commit fraud n What we will do: u Discuss steps for you to use in implementing your anti-fraud program (“AFP”) u Assess and understand fraud management & forensic accounting techniques u Understand what is necessary for an anti-fraud program to be effective in your organization u Review tools that can be used by you in implementing an anti- fraud program Key Points
  • 3.
    MIS Training InstituteSession 13 - Slide 3 Anti-Fraud Program Objective Prevent or detect the occurrence of fraud and implement proactive solutions to reduce or eliminate fraud’s effects on the organization…
  • 4.
    MIS Training InstituteSession 13 - Slide 4 Before We Begin, Remember… The design of an organization’s formal and effective anti-fraud program evolves from the collaborative efforts of executive management, oversight committees, and specific departments within the organization…
  • 5.
    MIS Training InstituteSession 13 - Slide 5 n Benchmark What are we doing now? u “Routine” Audits u SOX & other regulatory audits u Code of Conduct u Management Oversight (financial reconciliation, expense reporting reviews, etc.) Pre -Implementation Steps What can we be doing? Continuous Assurance Training (auditors, business owners) Anti-fraud audit procedures Enhanced Due Diligence procedures (employee hiring, vendor on-boarding, etc.) Management Buy-In Potential cost savings Ex. 5% (per ACFE the avg. loss) X Gross Expenses Operational Improvements Strengthen Control Environment Identify Operational Efficiencies Risks lead to Opportunities VS.
  • 6.
    MIS Training InstituteSession 13 - Slide 6 Benchmark/GAP Analysis Identify “Best Practices” and other sources to Benchmark existing activities against to identify elements already established… Analyze current procedures and protocols to determine if applicable to anti-fraud initiatives… Engage others within your organization and executive management to provide feedback on existing practices… Document and present your analysis… Element Activity Exceeds Expectations Meets Expectations Does Not Meet Expectations Responsible Party(s) Enhancement Opportunities Prevention Anti-Fraud Training X Compliance Begin training within specific departments (i.e. Acctg.) Investigation & Corrective Action Investigative process is clearly defined X Compliance & Security Formalize investigation process and define specific roles & responsibilities Detection Analytical Reviews X Internal Audit Review analytical programs to determine if enhancement areas exist Assign activities to meet element objectives and determine if your program is meeting those defined objectives…
  • 7.
    MIS Training InstituteSession 13 - Slide 7 Established Benchmark Guidance Assess current procedures against established frameworks/guidance… Identify opportunities for improvement (e.g. modify or implement procedures, protocols, etc)... IIA, ACFE and AICPA’s “Managing the Business Risk of Fraud: A Practical Guide”, April 2008 IIA’s International Professional Practices Framework (“IPPF”) – Practice Guide: “Internal Auditing and Fraud”, December 2009
  • 8.
    MIS Training InstituteSession 13 - Slide 8 1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is to detect and investigate fraud; 1220.A1 – Internal auditors must exercise due professional care by considering the...probability of significant errors, fraud, or noncompliance...; 2120.A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk; 2210.A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives; and 2060 – The chief audit executive must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board of directors. IIA Fraud Standards Guidance provided by The IIA’s International Professional Practices Framework
  • 9.
    MIS Training InstituteSession 13 - Slide 9 Governance - The program should include a written policy (or policies) to convey the expectations of the board of directors and the executive management team regarding managing fraud risk. Fraud Risk Assessment - An organization’s fraud risk exposure should be assessed periodically by the organization to identify specific scenarios that the organization needs to mitigate. Prevention - Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. Detection - Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Investigation & Corrective Action - A reporting process should be in place to solicit input on potential fraud and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. The investigative function should be coordinated between appropriate parties selected by management. Anti-Fraud Program Elements
  • 10.
    MIS Training InstituteSession 13 - Slide 10 Benchmark/Gap Analysis Elements of Effective Anti-Fraud Management Executive Leadership Compliance Legal Audit Security Accounting HR Tone at the Top X Code of Conduct X X Establish & Maintain System of Internal Controls X X Internal Control Reviews X Deter & Detect Potential Conflicts of Interest X X Hotline Administration X Investigation of Fraud Allegations X X X X Referral to Law Enforcement X Fraud & Compliance Awareness Training X X Civil Litigation and Recovery of Losses Due to Fraud X Corrective Actions / Remediation to Prevent Recurrences of Fraud X Proactive Fraud Auditing X Fraud Risk Assessment X X Employee Assistance Program X Responsibility matrices can assist you in identifying and assigning responsibilities… Use the matrix to benchmark, clearly define roles & responsibilities and periodic evaluations…
  • 11.
    MIS Training InstituteSession 13 - Slide 11 Governance Image obtained from the ACFE’s article “Who Owns Fraud? Uniting Everyone to Effectively Manage the Anti-Fraud Program” by Dan Tropey, CPA and Mike Sherrod, CFE, CPA
  • 12.
    MIS Training InstituteSession 13 - Slide 12 Governance Best Practices Formal Anti-Fraud Policy – conveying the expectations of the board of directors and executive management. The policy (or policies) can include: Organization’s Definition of Fraud Organization’s attitude toward fraud (i.e. Zero-Tolerance, Materiality) Relationship between anti-fraud and Code of Conduct Summary of Fraud Control Strategies Overview of Fraud Risk Management functions Procedures for Reporting Fraud (i.e. Whistleblower Hotline) HR Employment Conditions and Processes Investigation Procedures (e.g. Confidentiality Protocol, Privilege, Fraud Response Management, Root-Cause Analysis) Department/Committee Roles & Responsibilities Attitude towards retaliation
  • 13.
    MIS Training InstituteSession 13 - Slide 13 Identify Plan Risk Assessment Process
  • 14.
    MIS Training InstituteSession 13 - Slide 14 Risk Assessment - Categories *Refer to the 2010 Report to the Nations on Occupational Fraud and Abuse, ACFE Present your “FRA” at a level that board members/executive management can understand… Use these categories and a Top-Down approach to build your Fraud Scheme Repository …
  • 15.
    MIS Training InstituteSession 13 - Slide 15 Risk Assessment – Fraud Scheme Mngt. Using the categories defined for presentation purposes build a granular fraud scheme repository specific to your organization’s activities & risks… The repository schemes can then be tracked and measured at a granular level and rolled up to assist in measuring the sub-risk and categories… Vendor A is required to pay the bidding manager $2,000 to participate in the bidding process Extortion Corruption Funds are misappropriated to a shell company. Vendor setup is colluding with accounts payable. Fraudulent Disbursement – Billing Scheme Asset Misappropriation Management has decided to book revenue for items shipped and ships items to meet expectations. Financial – Fictitious Revenues Fraudulent Statements KPIs Mitigation Actions 1. Hotline Statistics 1. SOX Controls 2. SEC Enforcement Actions 2. Audit Procedures Fraud Scheme Sub Risk Category
  • 16.
    MIS Training InstituteSession 13 - Slide 16 Risk Assessment - Measures KPIs and Mitigating Activities provide “real” data to support your assessment; however, Management should be updated and risks ranked by using the… Magnitude (i.e. Significance): High (3) = > $10 Million Med (2) = Between $4 Million and $10 Million Low (1) = < $4 Million Likelihood (i.e. Controls, Mitigating Activity): Strong (1) = Preferred Practice Good (2) = Adequate Low (3) = Needs Improvement Likelihood (i.e. Pressure, Occurrence): High (3) = Significant pressure Med (2) = Moderate pressure Low (1) = Little to no pressure Magnitude + Likelihood [(Controls) + (Pressure)] = Rank $s should reflect your Organization’s Appetite
  • 17.
    MIS Training InstituteSession 13 - Slide 17 Risk Assessment - Presentation Magnitude Major >$50M 5 Substantial >$25M 4 Moderate >$ 10M 3 Minor >$1M 2 Insignificant <$1M 1 Define how Financial Impact is measured (i.e. Net Income, Revenues, etc.) 1 2 3 4 5 Remote Unlikely Possible Likely Almost Certain Likelihood 12 11 3 10 4 6 5 14 13 2 15 9 8 1 7 Heat Map Other Measures (1) Velocity – Measurement of the rate of change… Measure as Immediate, Rapid or Slow (2) Risk – Gross & Residual Gross before Mitigating Activities and Residual Measures After Measure as High, Medium or Low
  • 18.
    MIS Training InstituteSession 13 - Slide 18 Prevention Prevention techniques are as varied as the industries and size of businesses we work in… Exit Interviews SecurityCameras SOX/ICFR
  • 19.
    MIS Training InstituteSession 13 - Slide 19 Prevention – Keep your Ears on the Track Continue to improve & enhance these activities based on past experiences, new concepts and information from your fraud risk assessment… 1. Integrate current activities with anti-fraud objectives 2. Continue to assess preventative activities as part audit and SOX procedures and identify ways to improve prevention activities 3. Adjust preventive activities based upon new ideas, frauds, etc. 4. Seek feedback from business owners 5. Try to stay ahead of the Fraudster by educating yourself and your team
  • 20.
    MIS Training InstituteSession 13 - Slide 20 Detection Structured Audits  Fraud Training/Planning embedded in plan  Fraud-Specific Audits  Other Department Audits Continuous Assurance  Base review areas on Assessment  Analytic Tools SOX/IFRS Control Reviews Whistleblower Programs Analytical Financial Data Reviews Unstructured Emails , Instant Messages Key Word Searches Base on high risk areas Memos, Contracts, Invoice Details, etc. Dates, $s, names, etc.
  • 21.
    MIS Training InstituteSession 13 - Slide 21 Detection – Use Existing Knowledge Leading & Lagging Indicators 1. Hotline Complaints 2. Fraud Risk Research Stats 3. New Audits w/ Fraud Objectives 1. Ratio Analysis 2. Prior Audit Findings 3. Hotline Complaint Trends Audit Planning & Testing Training SOX/ICFR Testing Continuous Monitoring Focus Areas Fraud Risk Assessment AuditPlanning Policy ObjectivesManagement/Employee Awareness
  • 22.
    MIS Training InstituteSession 13 - Slide 22 Detection – Fraud Materiality Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy FRAUD HAS NO MATERIALITY 1. Define your company’s fraud appetite 2. Review local laws/regulations for guidance on criminal fraud amounts 3. Project potential total losses over time ASSESS & DECIDE
  • 23.
    MIS Training InstituteSession 13 - Slide 23 Concept of Forensic Accountant vs. Fraud Manager Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company… Whereas various individuals are fraud managers in that they assist in the deterrence and/or detection of fraud or indications of fraud…
  • 24.
    MIS Training InstituteSession 13 - Slide 24 Investigation & Corrective Action 1. A reporting process should be in place to solicit input on potential fraud. 2. A coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely (“Fraud Response Plan”). 3. The investigative function should be coordinated between appropriate parties selected by management (Who is the quarterback?). 4. The function should clearly define the roles and responsibilities of identifying, responding and reporting to an alleged fraud. Including internal and external resources. Build the investigation team based upon skill sets. 5. Each part of the investigative process should be clearly documented and reported. Legal should be involved within the process to provide guidance. 6. Maintain consistent disciplinary procedures. “Set the tone” within the organization with respect to fraud. 7. As part of this process management should review the investigation’s findings to determine what the appropriate follow-up should be. 8. The investigative team should also review periodically their process to determine if there are improvement opportunities (i.e. learning roundtables).
  • 25.
    MIS Training InstituteSession 13 - Slide 25 Investigation & Corrective Action Corrective actions can include a root-cause analysis, internal control or process improvement reviews and/or criminal or civil actions… Coordinate remediation action steps across business units Utilize the investigation findings to determine the likelihood of the potential fraud risk from reoccurring and learn how to effectively mitigate the action Determine the value of your actions and present to management
  • 26.
    MIS Training InstituteSession 13 - Slide 26 Now What? Prioritize Your Next Steps •Management Buy In •Explain the value (Regulations or $ Savings) •Find your place at the “Table” •Internal Audits Role •Define your Plan •Risk Assessment, Detection/Prevention •Measure, Assess and Adjust •Manage resources efficiently and effectively NEVER Stop Thinking of New Ways to Prevent or Detect Fraud
  • 27.
    MIS Training InstituteSession 13 - Slide 27 Questions

Editor's Notes

  • #2 MIS Training Institute Section # - Page 1 XXXXXX XXX ©
  • #3 MIS Training Institute Section # - Page 2 XXXXXX XXX ©
  • #4 Each organization’s objectives are unique and you need to understand how those objectives align with anti-fraud objectives.
  • #6 MIS Training Institute Section # - Page 5 XXXXXX XXX ©
  • #10 Conformance with anti-fraud elements allows an organization to strengthen the awareness of fraud risks, assign responsibility, provide assurance that fraud risk information is current and accurate, and ensure that vulnerability to fraud is properly addressed. Management should tailor the design of the anti-fraud program to fit the needs and objectives of the organization and ensure that the program’s benefits outweighs its costs.
  • #12 It is important to define roles & responsibilities. Each department/employee has specific skill sets that can assist in benefitting the overall program. Governance tends to address structures and processes for decision-making, direction, accountability, control, and behaviors within organizations. The goal of governance is to provide safeguards enabling organizations to achieve their objectives. Governance does not exist as a separate set of structures, activities, functions, arrangements and processes. There are relationships that must exist between the organization’s governing board, executive leadership, risk management, compliance, quality, and assurance providers like internal and external auditors. These relationships must be in harmony if the organization is to achieve its objectives and satisfy stakeholder expectations. Effective governance begins with an understanding of the roles and responsibilities among the various participants (stakeholders, governing board, executive leader, senior management, employees, partners, suppliers, customers…) in determining the direction and performance of the organization. ASSIGN A LEADER……
  • #13 Corporate governance is the set of processes, customs, policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. Corporate governance also includes the relationships among the many stakeholders involved and the goals for which the corporation is governed. In contemporary business corporations, the main external stakeholder groups are shareholders, debtholders, trade creditors, suppliers, customers and communities affected by the corporations activities. Internal stakeholders are the board of directors, executives, and other employees. An important theme of corporate governance is the nature and extent of accountability of particular individuals in the organization. It is important to define roles & responsibilities. Each department/employee has specific skill sets that can assist in benefitting the overall program. Writing these components in a formal document explains to employees the importance of anti-fraud within the organization as well as alerts to various aspects of the program (i.e. reporting procedures, contacts, etc.)
  • #14 Use surveys, interviews KPIS and facilitated sessions
  • #15 How granular do you go? Depends on your organization. No such thing as one size fits all. Fraud Scheme Repository…
  • #17 Assessment should have $ parameters (i.e. materiality) Assessments are subjective; however, use your granular stats (KPIs, Controls) to help gauge your measurements….. Utilize the experience of others in the organization from various departments…
  • #18 After Magnitude and Likelihood you can measure risk using velocity, gross/residual risk and others. Like KPIs, management discussions
  • #19 Design prevention techniques specific to your business and its’ culture. MAKE IT KNOWN What you prohibit. Heard stories of emailing how employees were terminated – don’t recommend unless legal approves.
  • #20 Provide staff/business owners with fraud articles to keep fraud on their mind…use different types as examples.
  • #21 Structured vs. Unstructed Data (E&Y Concept)
  • #22 Leading - # of complaints Lagging - # of audit findings, ratio analysis (“after the fact, hindsight”) What are your companies’ fraud indicators? Hotline, Audit Findings, Cont. Audit, Use indicators to assist in your detection efforts
  • #23 Fraud Materiality Concept: when to look during routine audits, control monitoring, CM – don’t waste resources Discuss concept of fraud materiality (costs outweigh benefits). Ex. Go after $10 or $1Mil. Discuss concepts of ethical appetite.
  • #24 Before our next section I want to introduce a concept that needs to be understood…While the investigation can be fun we all need to know our roles and how are unique skill sets can be used…
  • #25 work privileges/Kovel Letter
  • #26 Corrective Action: Internal Audit can provide feedback on controls, risk environment, process improvement opportunities. Quantify potential or actual savings (i.e. control can reduce waste and eliminating fraud). Follow Up on issue (depending on severity) with Audits. Add fraud into risk assessment KPIs and part of your Fraud RCM.