june 21, 2007andrea st. rose & associates fraud risk & the audit committee presented by...

June 21, 2007 Andrea St. Rose & Associates

FRAUD RISK & THE AUDIT COMMITTEE

Presented by Andrea St.Rose, LLB(Hons),

FCIS,CFE,MBA,CGA,CABay Gardens Hotel – JUNE 22, 2007

21/06/2007


1. The Internal Audit Function1. The Internal Audit Function

2. Risk Management and Internal Audit2. Risk Management and Internal Audit

3. Fraud – An Overview3. Fraud – An Overview

4. Categories of Occupational Fraud and Abuse4. Categories of Occupational Fraud and Abuse

Agenda

21/06/2007


5. Fraud Red Flags5. Fraud Red Flags

6. Fraud Prevention Programs 6. Fraud Prevention Programs

8. Conclusion 8. Conclusion

Agenda

7. ACFE’ s Annual Fraud Check Up

21/06/2007


9. Case Studies in Detection and Prevention9. Case Studies in Detection and Prevention

10. ACFE’s Annual Fraud Check Up10. ACFE’s Annual Fraud Check Up

11. Wrap up – Questions and Answers11. Wrap up – Questions and Answers

Agenda

21/06/2007


THE INTERNAL AUDIT FUNCTION

21/06/2007

Fraud Risk & The Audit Committee

What is Internal Audit?

Internal Audit is an independent, objective, assurance and consulting activity designed to add value and improve the operations of an organization. ( The IIA)

21/06/2007


How is value added?

Conducts risk-based reviews of an organization’s business activities providing assessments and comments on risk management techniques/ internal controls and governance processes.

Works consultatively with management to ensure risk management issues are addressed.

Provides constructive recommendations.

21/06/2007

Risk Management and Internal Audit

The Institute of Internal Auditors

ECCB Guidelines

Sarbanes-Oxley Act - USA

21/06/2007


The IIAIIA Performance Standard 2100

“The internal audit activity should evaluate and contribute to the improvement of risk management, control and governance processes using a systematic and discipines approach” ( Source: The IIA).

21/06/2007


The IIA IIA Performance Standard 2110

“The Internal Audit activity should assist the organisation by identifying and evaluating significant exposures to risk”.

(Source: The IIA)

21/06/2007


ECCB - Guidelines For Internal Auditing of Institutions Licensed Under The Banking Act (Sec.7.0)

“ An Internal Audit function in the financial institution assists management in evaluating and improving the risk management, control and governance systems”.

(Source: ECCB)

21/06/2007


RISK Management

Decisions to accept exposure or to reduce vulnerabilities by either mitigating the risks or applying cost effective controls.(Source: www.utmb.edu/is/security/glossary.htm )

21/06/2007


What are some of the vulnerabilities that an organisation faces?

Business Continuity Liquidity Risk Market Risk Fraud Risk

21/06/2007


Legislation/ Standards – Fraud Risk

IIA

ISA

SOX

21/06/2007


The IIA Standards and Fraud Risk

Sec 1210.A.2

The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. (Source: The IIA)

21/06/2007


Standard External Auditors’ Report

Management’s Responsibilities – ( paragraph)

“ this responsibilities include designing,implementing,and maintaining internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to FRAUD or ERROR….”

21/06/2007


Sarbanes –Oxley Act ( USA)

Section 404

As a deterrence to fraudulent financial reporting, the Act requires CFO and CEO of public companies to personally certify their quarterly and annual Sec filings.

21/06/2007

FRAUD – AN OVERVIEW

What is it?

Why is it committed?

21/06/2007

FRAUD – AN OVERIEW

FRAUD – What is it?

There are 4 basic elements:

1. A false representation of a material nature.

2. Knowledge that the representation is false

3. Reliance – the person receiving the represenation reasonably relied on it.

4. Damages – financial, resulting from above .

(source: A Guide to Forensic Investigation – Golden,Skalak and Clayton)

21/06/2007

FRAUD AN OVERVIEW

Why Fraud is commited:

“Trusted persons become trust violators when they conceive of themselves as having a financial problem which is nonsharable, are aware that this problem can be secretely resolved by violation of the position of financial trust and are able to apply their own conduct in that situation,…”(Cressey)

21/06/2007

FRAUD AN OVERVIEW

Nonshareable Problems: Inability to meet debt obligations Bad judgement resulting in losses Status Ambitions – cont’d associations Relations with Employer – working conditions

etc. Drug abuse

21/06/2007

THE FRAUD TRIANGLE

Hypothesis – The Fraud Triangle

Opportunity

Pressure Rationalization

21/06/2007

THE FRAUD TRIANGLE

Pressure

Opportunity

Rationalisation

21/06/2007

CATEGORIES OF OCCUPATIONAL FRAUD AND ABUSE

Asset misappropriation

Fraudulent statements

Corruption

21/06/2007

ASSET MISAPPROPRIATION

According to ACFE in its 2006 report to the Nation :

Asset Misappropriation- Any scheme that involves the theft or misuse of an organizations assets. e.g. payroll fraud

21/06/2007


Most common form of fraud

Target – cash, cheques, money orders (87% of reported cases in 2006)

Non cash – 23% of reported cases in 2006

21/06/2007


CASH Larcency – cash stolen after recorded Skimming – cash stolen before recorded Fraudulent disbursements – non bona fide

payments

Other Assets Misuse Larcency – outright stealing e.g theft of

inventory

21/06/2007


Fraudulent statements

21/06/2007

FRAUDULENT FINANCIAL STATEMENTS

What happened at Enron?

Creation of SPE’s to hide losses

Questionable accounting treatments

21/06/2007

FRAUDULENT STATEMENTS

What is it?

How detected?

How prevented?

21/06/2007


Manipulation of financial statements : Overstatement of revenues

Understatement of expenses/ liabilities

Timing differences

Asset valuations

Non disclosure of material transactions

21/06/2007


DETECTION:

Disgruntled EmployeeEmployee Hot LineInternal AuditExternal Audit

21/06/2007


HOW CAN WE PREVENT?

21/06/2007


PREVENTION

Apply the Fraud Triangle:

Reduce Pressures - How?Reduce Opportunities – How?Reduce rationalisation - How?

21/06/2007


REDUCE PRESSURES

Tone at the top organisationSet realistic targetsPay system - fair – Performance SystemsReduce pressure from stock brokers

21/06/2007


REDUCE OPPORTUNITIES Background checks for prospective employees KYE Proper system Internal Controls

Segregation of incompatible duties Physical security for assets Procedures manual – clear Accounting policies and procedures clear Monitoring Controls – internal audit Protect whistleblowers

Job rotation – vacation policy

21/06/2007


REDUCE RATIONALIZATION Code of Conduct clearly communicated Communication of Values – Zero tolerance Clear communication regarding non

compliance with accounting polices/procedures

Promote Integrity throughout the organisation Training

21/06/2007


DETECTION

Financial Statement Analysis Ratio Analysis Trend Analysis Horizontal Analysis – yr to yr Vertical Analysis – analyzing relationships

Surprise Audits

21/06/2007


RED FLAGS Weak internal control environment Unsupported adjusting journal entries – near

end of financial period Missing support for disbursements/purchases Forgery of supporting documentation No background checks performed for

employees Bonuses tied to profitability

21/06/2007


CORRUPTION

21/06/2007

CORRUPTION

Corruption – “Any scheme in which a person uses his or her influence in a business transaction to obtain an unauthorised benefit contrary to that person’s duty to his employer” (source: ACFE 2006 Report to the Nation)

21/06/2007

CORRUPTION

Conflicts of interest – most common

Bribery

Illegal gratuties

Extortion

21/06/2007

CORRUPTION

Conflicts of interest: Employee or executive has not disclosed an

interest in a transaction that negatively impacts on the entity.

e.g. Employee A, the purchasing manager of Company B enters into a contract with Company C, however Company C is owned by Employee A. The costs incurred are 10 per cent above market rates.

21/06/2007

CORRUPTION

BRIBERY Usually takes the form of a gift/kickback which

is geared at influencing a party – the employer has not consented. Includes Offers.

e.g. Employee A disloses to Company B that the terms of a contract out for tender will change. Company B submits a low bid, gets the contract. Variation orders submitted eventually increase the cost of the contract. Company B pays $5,000 to employee A’s Offshore Bank account for awarding the contract.

21/06/2007

CORRUPTION

ILLEGAL GRATUTIES The giving of a gift as a result of securing a

favourable business decision – the principal has no knowledge.

Company A offers an all expenses paid vacation to Loan Officer B of Int’L Bank C. Company A is a delinquent debtor of the Bank.

21/06/2007

CORRUPTION

EXTORTION “The coercion of another to enter into a

transaction or deliver property based on wrongfuluse of actual or threatened force, fear or economic duress” – (source: ACFE)

Company A, a large company is the major purchaser of furniture manufactured by B, a sole proprietor. Purchasing manager Peter indicates that quality is poor and the company will discontinue purchases unless B hires a Quality consultant – who happens to be Peter’s Mistress.

21/06/2007

CORRUPTION

DETECTION: - BRIBERY General purchasing Prebid solicitation Bid Solicitation Bid or Contract Acceptance Behaviour profile of recipient

( source: Corporate Fraud Handbook – J.T. Wells -299)

21/06/2007

CORRUPTION

PREVENTION - BRIBERY

Bribery prevention policy Gift Acceptance Policy Entertainment Policy

(Source: Corporate Fraud Handbook – J.T.Wells 302)

21/06/2007

CORRUPTION

DETECTON - CONFLICT OF INTEREST Tips and complaints Comparison of Vendor addresses with

employee addresses Vendor ownership review Interview Purchasing Staff

21/06/2007

CORRUPTION

PREVENTION – Conflicts of interests Annual disclosures Independence Statements Vendor “Right to Audit Clauses” Code of Ethics – clearly communicated

21/06/2007

FRAUD RED FLAGS

Fraud against the organisation

Fraudulent financial statements

21/06/2007

FRAUD RED FLAGS – FRAUD AGAINST ORGANISATION

Major Signs: Inconsistencies in financial reports Lifestyles that are not in keeping with income

levels Unwarranted organisational structure – e.g.

outsourcing arrangements Unusually large dollar value of transactions Significant amount of large cash transactions Discontinued control structure – expanded

span of control – reduced chain of command

21/06/2007

FRAUD AGAINST THE ORGANISATION – RED FLAGS

KPMG Personal financial pressure Vices such as drug abuse Grievances against the company Internal budgetary pressures Short vacations Extravagent life styles

21/06/2007

FRAUD RED FLAGS- FRAUDULENT STATEMENTS

RED FLAGS Weak internal control environment Unsupported adjusting journal entries – near

end of financial period Missing support for disbursements/purchases Forgery of supporting documentation No background checks performed for

employees Bonuses tied to profitability

21/06/2007

Detecting Occupational FraudDetecting Occupational Fraud

20% increase in detection by Internal Control 27% increase in detection by Internal Audit

20% increase in detection by Internal Control 27% increase in detection by Internal Audit

Data obtained from Association of Certified Fraud Examiners 2004 Report to the Nation

21/06/2007

Detecting Fraud in Small Business

Detecting Fraud in Small Business

Data obtained from Association of Certified Fraud Examiners 2004 Report to the Nation

Detection of Fraud by Small Business 28% fewer frauds detected by Internal Audit 24% fewer frauds detected by Internal Controls

Detection of Fraud by Small Business 28% fewer frauds detected by Internal Audit 24% fewer frauds detected by Internal Controls

1

2

21/06/2007

FRAUD PREVENTION PROGRAMS

Code of Business Ethics

Fraud Policy

Compliance Programs

21/06/2007

CODE OF BUSINESS ETHICS & CONDUCT

Covers:Compliance with Laws and RegulationsConflict of Interest Gifts and EntertainmentTreatment of Confidential Information Employee ConductReporting ViolationsDisciplineCompliance Letter

21/06/2007

FRAUD POLICY

COVERS:Scope – any irregularity Responsibility – Mgmt Actions Constituting FraudInvestigation ResponsibilitiesConfidentiality of Info Received

21/06/2007

FRAUD POLICY

Cont’d

Authorization for Investigating Suspected Fraud

Reporting ProceduresTermination ProceduresAdministration of Policy

21/06/2007

COMPLIANCE PROGRAMS

Covers:Scope and ImplementationStandards of ConductRole of Compliance CoordinatorCommunications of Standards and

Procedures to EmployeesMonitoring, Auditing and ReportingRole of the Board

21/06/2007

ACFE FRAUD PREVENTION CHECK UP


21/06/2007

FRAUD PREVENTION CHECK UP

What is the Check up about? Uses a questionnaire to identify gaps in

an entity’s fraud prevention processes – indicated by low scores.

There is no passing grade other than 100 per cent

21/06/2007


WHAT DOES IT COVER? Fraud Risk Oversight Fraud Risk Ownership Fraud Risk assessment Fraud Risk Tolerance and risk management

policy Process Anti-fraud controls Environment level anti fraud controls Proactive Fraud detection processes

21/06/2007


WHO SHOULD COMPLETE THE QUESTIONNAIRE?

Collaboration between A Fraud Specialist e.g. CFE, and those within the organisation with extensive knowledge about its operations

21/06/2007

Closing Remarks

june 21, 2007andrea st. rose & associates fraud risk & the audit committee presented by...

Documents

fraud risk sec

internal audit function

improvement of risk

risk management issues

internal audit activity

audit committee

iia slide

rose associates fraud