fraud risk management training - elsam management consultants
Post on 13-Sep-2014
459 Views
Preview:
DESCRIPTION
TRANSCRIPT
www.elsamconsult.com 1
EMAC
Fraud Risk Management
Part IIADVANCED RISK
MANAGEMENT WORKSHOPSTELLA MARIS HOSTEL
Bagamoyo 9TH -11TH April,2014
www.elsamconsult.com 2
EMAC
Operational Risk Nature of fraud risk- Operational Risks What is fraud and fraud risk? Necessity of anti-fraud training Fraud risk factors Group exercise: fraud risk factors or 3 Cs
Coverage
www.elsamconsult.com
EMAC
• Operational risk attaches itself to people, systems and process
• Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.
• It includes other risks such as legal risks, physical risks, political risks and environmental risks
• Fraud is part of operational risk in any organization Internal fraud such as tax evasion, assets
misappropriation, bribery, corruption and larceny External fraud such as theft, forgery, hacking and
information theft
3
Introduction
www.elsamconsult.com 4
EMAC
Credit Risk
Market Risk
Operational Risk
Compliance Risk
Information Risk
Data Risk
Other Risk
Basic Strategic ERM Integrated
Evolution of Operational Risk
www.elsamconsult.com 5
EMAC
• Joint McKinsey finds have shown that risk management has not been able to prove its value to organization
• Operational risk is seen as immature discipline that has often not proven its value to organization
• There is evidence that operational risk can be destructive as market loose faith in management and control following large events (Enron Case)
• The discipline is focused more on measurement than on management
Perception on operational Risk
www.elsamconsult.com 6
EMAC
“obtaining a comprehensive measure of fraud’s financial impact is challenging, if not impossible due to the fact that fraud inherently involves efforts at concealment. Many fraud cases will never be detected, and of those that are, the full amount of losses might never be determined or reported. Consequently, any attempt to quantify the extent of all fraud losses will be, at best, an estimate”
Why is Fraud a Major Operational Risk
www.elsamconsult.com 7
EMAC
The Cost of Fraud & Corruption
www.elsamconsult.com
EMAC
• Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain.
• Misconduct is also a broad concept, generally referring to violations of laws, regulations, internal policies, and market expectations of ethical business conduct.
• It is an intentional act by one or more individuals among management , those charged with governance, employee or third parties involving the use of deception to obtain an unjust or illegal advantage
8
What is fraud?
www.elsamconsult.com 9
EMAC
Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering loss and/ or the perpetrator achieving a gain. ACFE
Corruption is the abuse of public or private office for personal gain. It includes acts of bribery, embezzlement, nepotism or state capture. It is often associated with and reinforced by other illegal practices such as bid rigging, fraud or money laundering. OECD
What is fraud? Perspectives ..
www.elsamconsult.com 10
EMAC
Fraud is …. Fraud is not …..
Intentional Taken by physical force
To trick or deceive someone out of his/her assets
Victimless
Theft Insignificant because no one is hurt
A crime Acceptable or justifiable
Characteristics of Fraud
www.elsamconsult.com 11
EMAC
Fraud commonly includes activities such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion.
It involves using deception to dishonestly make a personal gain for oneself and / or create a loss for another.
Scope of Fraud
www.elsamconsult.com 12
EMAC
• Pressure on employee to misappropriate cash or organizational assets
• Employees/people committing fraud are not career criminals, they are trusted employees
• Dr. Donald Cressey, a criminologist developed a model to get reasons for why people in trust commit fraud (Case Study II)
• Model is referred as fraud triangle
Why people commit fraud?
www.elsamconsult.com 13
EMAC
• Most of fraudsters are first time offenders with no criminal past and therefore don’t view themselves as criminals (See Arthur Andersen case)• They must always justify the crime in a
way that makes it an acceptable and justifiable act (rationalization) e.g. I was underpaid, my employer cheated me, my employer is dishonest, I was entitled to the money or I was only borrowing money.
Causes of Fraud - Rationalization
www.elsamconsult.com
EMAC Frau
d
Pressure or
Incentive
Rationalization
Opportunity
14
What causes fraud?- Fraud Triangle
All the three factors must be present for fraud to occur, if any one of the three is missing, fraud will not occur
www.elsamconsult.com
EMAC
15
Why fraud happens?
Fraud Need/Rationalization•Every one Does it•Simply borrow-money
PressureUnrealistic Corporate Target can
Force Employees toCommit fraud
Opportunity- due to weak And override of controls
www.elsamconsult.com 16
EMAC
• It is a perceived non-sharable financial pressure• Non-Shareable involves some sort of
embarrassment, shame or disgrace• It is the first motivation for crime• A person may have financial problem that cannot
be solved through legitimate means Consideration for illegal acts such as stealing cash or
falsifying a financial statement as a way to solve problem
It can be deep personal debt or a job/business is in jeopardy e.g. Desire for status symbol eg. Big house, nicer car; need to meet productivity targets; drug or gambling addition or inability to pay bills ( See the Enron Case Study)
It can sexual addiction and importance of status
Causes of Fraud (Pressure/Incentive)
www.elsamconsult.com 17
EMAC
• It is a perceived opportunity defining method by which crime can be committed
• Involves uses of position of trust to solve financial problems
• It is critical that the fraudster be able to solve problem in secret since motivation is over the status
• Always the fraudster will act in secret e.g. forcing bank reconciliation to balance if he had paid a cheque to oneself ( See a case of TV show)
Causes of fraud (Opportunity)
www.elsamconsult.com 18
EMAC
• Not applicable to professional fraudsters or predatory employees ( employees taking job with intent to stealing from the employer)
• Rationalization is only necessary for first commitment of fraud and afterwards it is abandoned
Fraud Triangle - Limitations
www.elsamconsult.com 19
EMAC
• Reduce pressures on employees that might push them to committing fraud
• Reduced perceived opportunities to commit fraud
• Dispel rationalization for engaging in fraudulent conduct
• Sanctions does not work, why Fraudsters never think that they can be
caught in a perceived opportunity Fraudsters always rationalize their conduct Sanctions are only secondary
consideration
Fraud Triangle-Deterrence measures
EMAC
20
Types of fraudFraudulent Financial Reporting
Asset Misappropriation
Other Questionable or Improper Business Practices
Manipulation, falsification/alteration of records or documents
Misappropriation of assetsSuppression or omission of the effect of
transaction from records or documentsRecording transaction without substanceMisapplication of accounting principlesThese can be elaborated on th
is presentation
www.elsamconsult.com 21
EMAC
Types of Internal Fraud
www.elsamconsult.com
EMAC
• Aggressive application of accounting codes• Information provided unwillingly or after
unreasonable delay• Unsupported transactions• Fewer confirmation responses• Evidence of unduly lifestyle by officers or
employees• Long outstanding imprest balances• Poor documentation• False & improper entries in records• Unauthorized payments• Unauthorized use of corporate assets• Misapplication of funds
22
Fraud Indicators (Red Flags)
www.elsamconsult.com
EMAC
Undue secrecy• Questionable practices• Significant manager or director transactions• Drop of sales or earnings• Aggressive accounting treatment• Posting of transactions to headquarters• Receipt of poor quality goods• Related party arrangements• Weak security checks for employees• Delay in submission of reports
23
Fraud Indicators (Red Flags)
www.elsamconsult.com
EMAC
• Flouting directives and regulations• Personal interest • Uncorrected entries and stock adjustments• High fly management decisions• Incompatible functions done by one
person• Misuse of computer for private business• Frequent use of allocated issue voucher
even when the system is available• Questionable system adjustments
24
Fraud indicators (Red flags)
www.elsamconsult.com
EMAC
• Unauthorized transactions• Cash shortages• Unexplained variation in prices• Missing documentation• Excessive refunds• Living beyond ones means• Drug and alcoholic abuse• High personal debt/loses• Compulsive gambling/stock speculation• Risk of increase IT, increases the risk of
manipulation, access control25
Fraud Indicators
www.elsamconsult.com
EMAC
• Management Environment Pressure Management style and attitude
• Competitive and business environment e.g. technology
• Employee relationship ( spouse receiving non competitive contract)
• Attractive assets • Internal controls• Lack of separation of duties• Too much trust placed on few
employees26
Fraud Indicators
www.elsamconsult.com 27
EMAC
Fraud Risk Indicators
www.elsamconsult.com 28
EMAC
Common Red-Flags
www.elsamconsult.com 29
EMAC
Red Flags Data
www.elsamconsult.com
EMAC
• Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraud– Personal pressures– Individual performance targets– Infiltration by organised crime
• Controls may be overridden or ignored by certain individuals:– Powerful (overrides controls, staff intimidated)– Successful (not to be bothered, too busy earning money)– Trusted (responsibility has moved beyond their job description)
30
Personal Fraud indicators
www.elsamconsult.com
EMAC
31
Managing Fraud -Forces
Entity Governance and Responsibility
Code of Ethics Staff
Regulations
Director & Officer Liability
Internal Audit
Risk Management
Business Plan and Budget
Procurement and Finance Acts
Customer Service Surveys
Stakeholders pressures
Reputation and Credibility
www.elsamconsult.com
EMAC
• Rapid increase of activities Weak competition• Rapidly growing sales• Relatively high profitability• ….. In such an environment, effective anti-
fraud measures can be ascribed low priority or be undetected because the current level of profitability allows for fraud losses to be absorbed within existing profit margins.
• …. Consider tough times ahead…. More competition, changing government regulations?
32
Business environment
EMAC
Elements of Fraudster
Makes false representation or willful omission regarding a material fact.
The fraudster knew the representation was false.
The target relied on this misappropriation.
The victim suffered damages or incurred a loss
EMAC
Fraudster
The analysis of the constantly changing nature of fraudster can held organizations stiffen their defenses against fraud
A typical fraudster is 35 to 45 years of age Employed in an executive Finance operations Sales and marketing Six years of employment Intelligent and passionate of work
EMAC
Characteristics of a Fraudster
Likely to be married. Member of a church or mosque Educated beyond high school. No arrest record. Age range from teens to over 60. Socially conforming. Employment tenure from 1 to 20 years. Acts alone 70% of the time. Growing use of technology
EMAC
Characteristics of a Fraudster First-time offenders.
Losses from fraud caused by managers and executives were 3.5 times greater than those caused by non-managerial employees.
Losses caused by men were 3 times those caused by women. [53% males; 47% females]
Losses caused by perpetrators 60 and older were 27 times those caused by perpetrators 25 or younger.
Losses caused by perpetrators with post-graduate degrees were more than 3.5 times greater than those caused by high school graduates.
EMAC
Characteristics of a FraudsterYesterday, today and tomorrow
Egotistical Risk taker Hard Worker Greedy Disgruntled or a
complainer Overwhelming
desire for personal gain
Pressured to performManagement frequently regards fraud risk as a single dot on
the risk matrix, not always fully appreciating its real nature and extent
EMAC
Characteristics of Fraudster
EMAC
Characteristics of Fraudster Impact of collusion
It account 29% of known fraud It is insiders who take the lead, since they tend to
identify the opportunity and to know the soft spots of the company’s defense
More than 42% of fraudsters had worked with the company more than six years
Collusion cannot be present when people act alone Most detection is mostly from informal tip off by 22%
and formal whistle blowing by 19% Cyber fraud is mostly perpetrated by collusion
We expect employees and managers managing fraud opportunities to continue to threaten companies future
www.elsamconsult.com 40
EMAC
Where the fraudster works?
www.elsamconsult.com 41
EMAC
Which source of fraud type?
www.elsamconsult.com 42
EMAC
June 2013, Corruption swallows 25% of Africa GDP according to World Bank survey. Africa loses $148 billion annually because of corruption, a survey by World Bank has indicated
Corruption to increase costs of achieving the UN millennium Development Goals on water and sanitation by US $148 billion
Astonishing facts
EMAC
Tips for fraud Specialist “Finding fraud is like trying to load frogs on to a
wheelbarrow.”To be a forensic auditor, you have to have a knowledge of fraud, what fraud looks like, how it works, and how and why people steal. Source: Robert J. Lindquist "Finding fraud is like using a metal detector at a city
dump to find rare coins. You're going to have a lot of false hits."
- D. Larry Crumbley
“Fraud can be best prevented by good people asking the right questions at the right time.”
- Michael J. Comer
EMAC
Tips for Fraud Specialists
Changing techniques1. Tips from employees (26.3%).2. By accident (18.8%).3. Internal audit (18.6%).4. Internal controls (15.4%).5. External audits (11.5%).6. Tips from customers (8.6%).7. Anonymous tips (6.2%).8. Tips from vendors (5.1%).Therefore, 46.2% from tips.
EMAC
Tips for Fraud Specialist1. Strong Internal Controls (1.62)2. Background checks of new employees (3.70)3. Regular fraud audit (3.97)4. Established fraud policies (4.08)5. Willingness of companies to prosecute (4.47)6. Ethical training for employees (4.86)7. Anonymous fraud reporting mechanisms
(5.02)8. Workplace surveillance (6.07)
1 = Most effective8 = Least effective
Source: 2002 Wells Report
EMAC
Tips for Fraud Specialist Assume there may be wrong doing. The person may not be truthful. The document may be altered. The document may be a forgery. Officers may override internal
controls. Try to think like a crook. Think outside the box.
EMAC
Tips for Fraud SpecialistAccording to KPMG, typically, a fraudster is perceived as someone who is greed and deceitful by nature. However, as this analysis reveals, many fraudsters work within entities for several years without committing any fraud, before an influencing factor-financial worries, job dissatisfaction, aggressive targets, or simply an opportunity to commit fraud-tips the balance
www.elsamconsult.com
EMAC
What are they?1. Reviewed and Strengthening of internal
controls2. Periodic compliance audit3. Employee hotline4. Appointed compliance personnel5. Establish and implement code of conduct for all
employees6. Conducted background check for hires with
budgetary responsibility7. Instituted fraud awareness training8. Tied employee evaluations to ethics or
compliance objectivesWhat is your answer on the above from 0-10 48
Do we have any fraud mitigation?
EMAC 49
EMAC
Iceberg Theory of Fraud
Covert AspectsAttitudesFeelings (Fear, Anger, etc.)ValuesNormsInteractionSupportivenessSatisfaction
Overt AspectsHierarchyFinancial ResourcesGoals of the OrganizationSkills and Abilities of PersonnelTechnological StatePerformance Measurement
Behavioral Considerations
Water line
Structural Considerations
The Iceberg Theory of Fraud
www.elsamconsult.com
EMAC
50
Fraud Risk Management TechniquesManagement
Internal Audit Internal Controls Whistle-blowing
Reliance
?
www.elsamconsult.com 51
EMAC
Fraud risk identificationFraud risk assessment Similar Procedures used in the ERM process discussed previously
Fraud Risk Identification and Assessment process
www.elsamconsult.com 52
EMAC
What is fraud risk identification
www.elsamconsult.com 53
EMAC
What is fraud risk assessment
www.elsamconsult.com 54
EMAC
Fraud Risk Assessment
www.elsamconsult.com 55
EMAC
Source of Date to Assess Fraud Risks
www.elsamconsult.com 56
EMAC
Anti Fraud Programs
www.elsamconsult.com 57
EMAC
Building blocks in Fraud Management
www.elsamconsult.com
EMAC
• Good controls on paper are not strictly followed in practice
• Grey areas in the rules – open to interpretation• Lack of segregation of duties• Collusion• Management override• Failure of senior management to lead by
example• Bureaucracy &/or formulaic compliance• Failure to share knowledge of fraud
experience, control weaknesses and control improvements
• Clash of cultures
58
Controls Barriers
EMAC
www.elsamconsult.com 59
Objectives of Fraud Risk Management
PreventionDetectionResponse
controls designed to reduce the risk of fraud and misconduct fromoccurring in the first placecontrols designed to discover fraud and misconduct when it occurs
controls designed to take corrective action and remedy the harmcaused by fraud or misconduct
www.elsamconsult.com 60
appropriately if discovered
occurrence
fraud and misconduct
Fraud Risks Management - Measures
Detect
Respond
Prevent
www.elsamconsult.com 61
Fraud Risk Management - components
EMAC
• Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable.
www.elsamconsult.com 62
Fraud risk assessment
Likelihood
Sign
ifica
nce
/ Im
pact
Qualitative factors in the assessment include:• the accounting system• complexity, volume and nature of transactions• internal controls in place• compliance, training and monitoring
Incorporates the views of:• management;• control functions;• line employeesManagement are then able to:
• Prioritise identified risks and evaluate the existing controls• Link each risk to specific controls and commit resources to implement any enhancements
EMAC
Surveys suggest that:1. Over 50% of frauds are discovered as a result
of information provided by staff2. Losses after an introduction of a whistle-
blowing hotline can be reduced by up to 60%.3. Staff prefer the following reporting channels:
57%: a telephone hotline; 20%: conventional mail; and 16%: e-mail.
www.elsamconsult.com 63
Fraud Risk Management Experiences
Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse
EMAC
www.elsamconsult.com 64
FRM – Hotline best practicesConfidentiality
Anonymity AvailabilityAssistance – Real TimeProceduresClassify & Notify
Communicate
All matters treated confidentially; reported on a need to know basisProcess should allow for anonymous submission & resolutionShould be available in remote outposts, not just head officeA ‘live’ response – operators need to be qualified, trained & able to provide adviceConsistent protocols to gather information and manage the callQualified staff assess the allegation; protocols establish basis for escalation & investigationPublicise the hotline prominently; commit to, & test for, non-retaliation
EMAC
www.elsamconsult.com 65
FRM - Response• Objective is to take corrective action &
remedy the harm caused by fraud or misconduct:
• Examine the primary cause of the control breakdown, ensuring that risk is mitigated and controls are strengthened.
• Discipline those involved in the inappropriate actions, as well as those in management positions who failed to detect or prevent such events.
• Communicate to the wider population of employees that management took appropriate, responsive action.
EMAC
Consideration should be given to:• Data and information gathering;• Interviewing techniques;• Appropriate resource;• Analytical tools such as data mining;
and• Organisation intelligence information.
• My first fraud investigation Videowww.elsamconsult.com 66
FRM - Basis of Investigation
www.elsamconsult.com
EMAC
• Once the symptoms of fraud are found and additional tests have indicated that there is a strong possibility of fraud, the review enters the formal investigation phase
• Investigator must know;Results of investigation can be used later as an educational tools for auditors, fraud investigators and other employees (See a Case of Forensic Accountant)
67
Fraud investigation
EMAC
• Briefing management, followed by terms of reference detailing the initial scope of work
• Communication with parties involved e.g. Internal audit, audit committee and accounting staff
• Determining the extent of fraud• Interviewing the defrauder ( only if fraud is
known with certainty) • Investigating the known area with detailed
audit test. E.g. Procurement tendering, wages, cash debtors and stock, payroll
• Report to the management on the findings, with copies to interested parties e.g. Internal auditor, audit committee.www.elsamconsult.com 68
Fraud investigation- stages
EMAC
• Circumstances which led to investigation
• Fraud discovered and their extent• Identity of the defrauder• Effects on the reported profit of
the past period• Effects on f/s of current periods
www.elsamconsult.com 69
Investigation – details of report
www.elsamconsult.com
EMAC
• IC weakness which allowed the fraud and recommendations for eliminating them
• Report of any interviewing with the defrauder, including offers of restitution etc, which may be relevant to management in deciding what action, if any they should take against him/her
• If there is any suggestion that the internal auditors has been negligent the extent of claim against him.
70
Investigation – details of report
www.elsamconsult.com
EMAC
Investigator should Consider the potential effects in F/sWhere the fraud is material the auditor should modify the audit procedures so as to perform procedures appropriate to circumstances depending on the type of the fraud/error suspected, the likelihood of their occurrence and extent of damage in the F/s
71
Action upon proof of fraud or error
EMAC
• If some proof of fraud exists, management has several options
Cause a deeper audit to be done if amount of loss appears substantial
Terminate employee responsible if loss is minimal
File a claim to recover a loss from clients fidelity insurance agent
Arrange with law enforcement agents to probe into the matter
www.elsamconsult.com 72
Action upon proof of fraud or error
www.elsamconsult.com
EMAC
• If some proof of fraud exists, management has several options
Engage a private investigator to probe into the loss and document it for claim purpose/prosecution
Disregard losses if minimal and tighten controls
Alert the directors, audit committees or the Board
73
Action upon proof of fraud or error
www.elsamconsult.com
EMAC
• Strong internal Control System is not a warrant from fraudEntity should have an effective anti-fraud and corruption strategy which is aimed at encouraging prevention, promote early detection and respond to concern raised
Awareness programs to employeesScreening job applicantsSound corporate policy on fraudAVOID atmosphere of distrust and paranoia by over-emphasising fraud deterrence measures. 74
Fraud deterrence measures
www.elsamconsult.com 75
EMAC
• Management should ensure enforcement of compliance with operations SOPs
• Risk management function should be embedded in business activities
• Internal audit should be proactively risk based
Fraud Deterrence –three lines of defense
EMAC
• It is important to stick to facts, and to discount hearsay, rumour, or opinion and record what is relevant to the cause of the incident and its effect
• Audit reports on fraud and other improprieties should be addressed to the right person who can take actionwww.elsamconsult.com 76
Fraud Risk Reporting
EMAC
Report must contain all details of fraud Must provide framework to analyse the
fraud case Must enable the user to develop improved
management and security policies and detect and prevent fraud.
Investigation and reporting should proceed in such a way that the outcome will be litigated. Recording exact times, data, names of person and specific; description of evidence are critical in civil or criminal investigation or litigation
www.elsamconsult.com 77
Fraud reporting
www.elsamconsult.com 78
EMAC
Managing Fraud is Your professional Responsibility Management Commitment Recognize Relevant Fraud Schemes Identify High Key Risk indicators Establish Prevention/Detection /Responsive
Measures
Conclusion
www.elsamconsult.com 79
EMAC
PRMIA GARP IRM PERI
Sources of Learning
top related