The document discusses the implementation and improvement of internal controls in organizations to prevent fraud, emphasizing the necessity of comprehensive fraud control procedures and the roles of internal audits and compliance. It outlines a systematic approach for identifying, prioritizing, and mitigating fraud risks, highlighting the importance of continuous monitoring and the need for a paradigm shift in fraud risk management responsibilities. Additionally, it describes the characteristics of individuals who commit fraud and presents steps for evaluating fraud risk factors and controls within an organization.

1. ACFE Regent Emeritus Tommy Seah FCPA,CFE,CSI,FAIA,ACIB,MSID presents Implementing and Improving Internal Controls

2. Implementing and Improving Internal Controls Articulating the increasing need for comprehensive in-house fraud control procedures • Optimizing the accuracy and reliability of data acquired through internal inspections • Detailing the process of applying controls inside the organization, and demonstrating the outcome

3. “………… .. financial institutions must have in place, all the necessary measures to deter or prevent fraud and constantly review all its controls and measures and also have in place a fraud management function to prevent loopholes that fraudsters can exploit.” …… who (a rticulate) said that ?

4. march 05, 2009 at Shangri-La hotel and the guest of honour was Ms Teo Swee Lian, Deputy Managing Director, MAS.

5. Why is Internal Control Important? Operations Promotes efficiency and effectiveness of operations through standardized processes Ensures the safeguarding of assets through control activities Financial Reporting Promotes integrity of data used in making business decisions Assists in fraud prevention and detection through the creation of an auditable trail of evidence Laws and Regulations Helps maintain compliance with laws and regulations through periodic monitoring

6. Limitations of Internal Control Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. Controls that depend on the segregation of duties may be circumvented by collusion Management may override the structure Compliance may deteriorate over time

7. The Trinity of Controls Internal Audit CPA(CIA) CSI, CISA Compliance CPA,LLB, CSI Risk Management CPA,CFA CSI Financial Control The Fraud Examiner CFE The Certified System Investigator CSI The Existing model

8. The Spectrum of Risk www.cfe-icg.com What is Risk ? Operational Risk Liquidity Risk Credit Risk Reputational Risk Market Risk B E C D A

9. www.cfe-icg.com Investigative auditing ( suspicious, unusual activities, allegations) E.g.. Money Laundering penetration Test Internal audit (COSO + COBIT+ ISO… “ External” Audit Forensic audit (Specific, Post event) Eg. NKF, CAO

10. Fraud Control Principle

11. Copyright (c)2006 www.cfe-icg.com If an organisation accepts that it is exposed to fraud – and no organisation is immune to fraud – the next step is to apportion responsibility for fraud risk management.

12. Copyright (c)2006 www.cfe-icg.com WHY is there a need for the paradigm shift ? Historically, the management of fraud risk does not lie with any one particular department or practitioner.

13. Internal Audit CPA(CIA) CSI, CISA Compliance CPA,LLB, CSI Risk Management CPA,CFA CSI Financial Control The CPA The Fraud Examiner CFE The Certified System Investigator CSI The Paradigm Shift Investigation Unit FRM Unit S.T.A.R Strategic Tracking and Resolution

14. Copyright (c)2006 www.cfe-icg.com FRM can be handled internally or be outsourced, and how it is handled is affected by many variables such as organizational size, industry sector, geographical location, cultural dynamics - and management perception of the problem.

15. Copyright (c)2006 www.cfe-icg.com Regardless of these variables, any fraud prevention and control model should aim to achieve one, or all, of the five primary objectives:

16. Copyright (c)2006 The five primary objectives: _ Prevention _ Deterrence _ Disruption – _ Identification _ Civil action/criminal prosecution www.cfe-icg.com

17. The “Red Flags” of fraud www.cfe-icg.com Text Alcohol Gambling Drugs Sex Profile of A Person Who Commits Fraud Given the “right circumstances” , almost everyone can rationalize that it is OK to commit fraud..

18. www.cfe-icg.com What type of individual commits FRAUD? It is not limited to any one type of person. Who Commits Fraud?

19. The Fraud Triangle. Auditor’s Domain Fraud Risk Management Fraud Risk Management Perceived Pressure Rationalization Perceived Opportunity

20. Detailing the process of applying controls inside the organization, and demonstrating the outcome

21. STEP 1: EVALUATE THE ORGANIZATION'S FRAUD RISK FACTORS To identify which factors increase the risk for fraud within an organization, examiners should analyze industry and business operations, hold discussions with management, review previous frauds committed against or on behalf of the company, review company performance, and evaluate similar frauds that occurred at competitors' organizations.

22. STEP 2: IDENTIFY POSSIBLE FRAUD SCHEMES The ability to identify specific schemes resulting from fraud risk factors depends on the examiner's knowledge of this area. Fraud specialists, including individuals with certified fraud examiner (CFE) designations and Certified Systems Investigator (CSI) are ideal for this step of the process, as they possess specialized knowledge of fraud detection and investigation.

23. STEP 3: PRIORITIZE IDENTIFIED FRAUD RISKS Fraud is not just an ordinary risk, but also an inherent and significant one. Once the fraud schemes database is populated, management and internal auditing should identify the frauds that pose the greatest risk for the organization.

24. Examiners should consider the following factors when prioritizing fraud risks: Financial impact to the organization. Reputation risk of negative publicity associated with fraud. Loss of productivity. Potential criminal/civil actions taken against the organization. (Such as Data Breach EU95/46 on PII) Loss of company assets.

25. STEP 4: EVALUATE MITIGATING CONTROLS Internal s Auditors with CFE qualifications are well-positioned to review and counsel on the existence and operational effectiveness of internal controls. In step four, the examiner/auditor should evaluate the high-priority frauds and determine if the necessary controls are in place to reduce the risk of occurrence. This step takes time, as the auditor should attempt to identify more than one control for each fraud scheme.

26. Fraud Consideration at all stages of engagement Perform Audit Plan Develop Audit Plan Perform Preliminary Planning Perform Pre-Engagement Activities Conclude & Report PROFESSIONAL SKEPTICISIM DOCUMENTATION GATHER AND ASEESS FRAUD RISKS

27. Questions?

28. Thank You ! Tommy Seah www.cfe-icg.com www.cfe-in-practice.net www.csi-worldhq.org also on Facebook Tel +65 6222 9861 Mobile +65 9106 9872 Contact Details: