The document outlines a fraud control framework, discussing current fraud trends, evidence gathering techniques, and key elements of an effective framework. It notes that while traditional fraud threats still exist, emerging areas now include regulatory non-compliance, cybercrime, and third-party fraud. Effective controls require enhancing whistleblowing policies, investigative capacity, fraud prevention measures, and promoting an ethical organizational culture.

1. Mumbai | Pune | Hyderabad | New Delhi | Chennai | Bengaluru
FRAUD CONTROL FRAMEWORK
German Centre For Industry and Trade
27 January 2016

2. © 2015 SKP Business Consulting LLP. All rights reserved.
FRAUD TRENDS
Overall fraud values/ median values in the Study by ACFE for 2014 was $145,000.
Additionally, 22% of the cases involved losses of atleast $1 million.
Median duration/ Time from when the fraud commenced until it was detected for the
fraud cases reported to ACFE was 18 months.
Source: http://www.acfe.com/rttn/docs/2014-report-to-nations.pdf
Statistics-ACFE
42% of Frauds were committed by employee-level perpetrators, 36% were committed by
managers and approximately 19% were committed by owners/ executives.
Rise in Government Prosecutions

3. © 2015 SKP Business Consulting LLP. All rights reserved.
OVERALL TRENDS

4. © 2015 SKP Business Consulting LLP. All rights reserved.
OVERALL TRENDS
Traditional threats that companies are still vulnerable to:
Bribery and Kickbacks (Purchases)
Fund Diversion
Conflict of Interest
Misreporting
Theft/Misuse of funds

5. © 2015 SKP Business Consulting LLP. All rights reserved.
OVERALL TRENDS
Emerging Areas of Threats
Regulatory non
compliance (tax
frauds, international
bribery corruption
etc)
Cybercrime Eg- Internet
Frauds, Data Theft and
Damage to assets/
propertyEmerging
Areas of
Threats
Third Party frauds (dealer, business
partner etc)
Senior Management Fraud including
misuse of authority Eg. Favoritism

6. © 2015 SKP Business Consulting LLP. All rights reserved.
LEGAL PERSPECTIVE
Fraud Definition
Fraud has been defined under different statues:
 Section 25 Of India Penal Code (IPC);
 Section 17 of the Indian Contract Act;
 Section 447 of the Companies Act 2013
Person (as defined in Companies Act)
Repercussions/ Consequences of frauds

7. © 2015 SKP Business Consulting LLP. All rights reserved.
Investigation
Evidences
1.ERP info
2.Application data
3.Backend logs and
reports
1.Computer Forensic
2.Mobile Forensic
1.Process compliance
2.Inconsistent
documentation
1.Mystery shopping
2.Desk Searches and
3.Third party reviews (signature
analysis)
1.Whistle blower/
witness interviews
2.Suspect/ Subject
interviews
1.Registry information
2.Media information
3.Other public domain
information
GATHERING EVIDENCE

8. © 2015 SKP Business Consulting LLP. All rights reserved.
DATA ANALYSIS
Control Exceptions Eg PO, GRN and
payment on the same date
Transactional non compliance Eg.
Split PO
Trends/ Patterns Eg Benford’s Law

9. © 2015 SKP Business Consulting LLP. All rights reserved.
DOCUMENTARY EVIDENCE
Inconsistencies
Forged
Documentary
Evidence Override of controls
Approving without validation
Forged signatures and
documentation
Project Reports & Payouts
Syntax and symantic variances
Falsified document-
claims/request letters for Forex

10. © 2015 SKP Business Consulting LLP. All rights reserved.
Start
EVIDENCES FROM COMPUTER FORENSIC
Reports and
documents
Applications installed
eg. software used to
wipe information
Emails
Internet
activity Chat Log
Media info
(Photo, scan
doc, video etc)
Usage of
USB
WiFi usage
Specific
Folders
Secured
information
Draft
agreements
Deleted
Information
Personal
Identity
info
Network
information
Downloaded
content

11. © 2015 SKP Business Consulting LLP. All rights reserved.
EVIDENCES FROM MOBILE DEVICES
Internet history/
activities
Key chat
exchanges
Mails/files
downloaded to
mobile
Search history/
flagged places
Files uploaded/
downloaded from
storage sites
Contact list and
frequently
contacted
indications
Social media cache
memory
Call and text history

12. © 2015 SKP Business Consulting LLP. All rights reserved.
D&B reports
Regulatory
reports (tax,
ROC,
electoral
list)
B2B and B2C sites
(Just dial, Sulekha)
Social Media
Public
information
(true caller/
association list/
school list)
News,
magazines,
advertiseme
nts
Profile and
CV’s
Blogs/
comments or
other
references
EVIDENCES FROM PUBLIC DOMAIN

13. © 2015 SKP Business Consulting LLP. All rights reserved.
LEGAL PERSPECTIVES OF CASE HANDLING
Communication and Reporting Protocols
Information obtained v/s ability to use the
information as evidence
Dealing with confidential/ price sensitive
information
Taking the assistance of courts in gaining
access to information and records
Civil/ Criminal Remedies
 Termination of Employment
 Civil Suit
 Action before CLB
 Criminal Complaint
 Reporting to Regulatory Authorities
(SEBI, RoC, other regulators)

14. © 2015 SKP Business Consulting LLP. All rights reserved.
FRAUD CONTROL FRAMEWORK
1. Enhance
whistle blowing
2. Investigate
concerns &
violations
3. Enhance
measures to
minimize fraud
4. Develop
mechanism to
detect fraud
5. Promote
ethical culture
6. Enhance
capacity of
investigation
team
7. Structure
mechanism for
fraud reporting

15. © 2015 SKP Business Consulting LLP. All rights reserved.
WHISTLE BLOWING
Context
Geographical Spread
Division of Responsibility
(decentralized or
centralized authority)
Increased use of third
party
Dependence on
Technology (for eg relying
on what is entered in SAP
than the actual purpose of
entering)
Companies Act and WB
Protection Act
In case of Private Sector,
Companies Act 2013 under
Section 177(9) read with
Rule 7 prescribes certain
companies (criteria given
in the section) are required
to establish a vigil
mechanism and directors
and employees to report
concerns.
Other Aspects
Usually incorporates
reporting to the Audit
Committee
Awareness is critical
Encompass a mechanism
to handle concerns
Receiving, handling and
reporting structure of
whistle blown

16. © 2015 SKP Business Consulting LLP. All rights reserved.
INVESTIGATION AND FRAUD PREVENTION
Context
Detective & Response
Vulnerability
assessment e.g.
payment process
Proactive data
analytics e.g Inventory
Regulatory
Covered in slide No.
14
IFC/ ICFR required
Fraud Prevention/
Detection
Essentials
Ability to gather
evidence
Mechanism adopted
should be
comprehensive
Confidentiality and
Communication
Protocols

17. © 2015 SKP Business Consulting LLP. All rights reserved.
ETHICAL CULTURE
Tone at the Top
Constant Communication
Essentials
Measuring Effectiveness
Behavioral Influence
Context

18. © 2015 SKP Business Consulting LLP. All rights reserved.
SUMMARY
Current set of vulnerabilities are different from traditional ones
Essentials and source of gathering evidence from Documentation/Digital/Mobile/Social Media
Legal Perspective of handling case Eg. Civil/Criminal Remedies
Elements of Fraud Control Framework
Whistle Blowing as a key element
Investigation & Fraud Prevention as a key element
Ethical Culture as a key element

19. © 2015 SKP Business Consulting LLP. All rights reserved.
The contents herein are solely meant for communicating information and not
as professional advice. It may contain confidential or legally privileged
information. The addressee is hereby notified that any disclosure, copy, or
distribution of this material or the contents there of may be unlawful and is
strictly prohibited. Also the contents can not be considered as any
opinion/advice and should not be used basis for any decision. Before taking
any decision/advice please consult a qualified professional adviser. While due
care has been taken to ensure the accuracy of the information contained
herein, no warranty, express or implied, is being made by us as regards the
accuracy and adequacy of the information contained herein. SKP Business
Consulting LLP shall not be responsible for any loss whatsoever sustained by
any person who relies on this material.
DISCLAIMER
Credits:
Icon and Shape
www.flaticon.com
www.duarte.com
THANK YOU