topic 2 - fraud audit planning & execution - icpak · fraud audit planning & execution 2...
TRANSCRIPT
Fraud Audit Planning & ExecutionICPAK FORENSIC AUDIT SEMINAR
November2017
Introduction
3Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
• Forensic investigation life cycle
• Developing fraud controls and anti fraud programs
• Fraud Prevention and response
• Aftermath of fraud- legal and court involvement
Forensic investigation lifecycle
3Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Reporting & ClosureReporting & Closure
Analysis & Interviewi
ng
Analysis & Interviewi
ngEvidence GatheringEvidence Gathering
Strategy & Planning
Strategy & Planning
Risk managem
ent
Risk managem
ent
• Define the objectives and scope the
investigation;
• Design a risk management methodology-
Understand the regulatory environment;
• Define the skills and resources required for the
job; and
• Understand the nature of evidence required
Risk Management – Must dos
4
1 Risk Management Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Strategy & Planning
7Fraud Audit Planning & Execution
2 Strategy & Planning
Type Legal considerations
Activity Plan
• Different jurisdictions
• Rights of employees
• Contract of Employment
• Procedure documents
• Evidence gathering options
• Whistleblowers
• Identify the tasks and subtasks to be carried out
• Agree on the resources manpower, workspace and the security of the team
• Assign the tasks to the team and agree on the milestones
• Sensitize the plan to time and the budget allocated
• Covert vs Overt
• Internal Review
• Internal Investigation
• Internal Disciplinary proceeding
• Civil Proceeding
• Criminal Proceedings
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
“Evidence is information that may be presented to a client, court or tribunal to help it assess the probability of some facts asserted before it, i.e. information by which the facts tend to be proved or disproved”
A must know;
• Understand what evidence is• Provenance• How to capture and preserve evidence• Where am I likely to find evidence?
Evidence Gathering: What you need to know
8Fraud Audit Planning & Execution
3 Evidence Gathering Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
10
3 Evidence Gathering
EVIDENCE
TYPESDirect EvidenceTestimonyExpert EvidenceReal EvidenceDocumentsPhysical objectsCircumstantial
EvidenceElectronic EvidencePhotographic EvidenceBad Character Evidence
SOURCES
• Internal records• Financial
records.• Legal Records• HR records• Electronic Media• Employee
workspace inspectionEVIDENCE
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Evidence Gathering: Sources and types of evidence
Evidence Gathering Methods of evidence Gathering
11Fraud Audit Planning & Execution
3 Evidence Gathering Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Surveillance
Document review
CollaborationsInterviewing
Digital evidence recovery
Due diligenceSearch and
Seizure
Evidence Analysis
12Fraud Audit Planning & Execution
4 Analysis & Interviewing Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Document Examination • Handwriting reading, document authentication,
signature experts etc
Data Analysis• Trend analysis• Comparison• Test runs for any exceptions
Interviewing and cross
examination
• Understand case for or against the subject
• Other indicators like body language and eye contact
Interviews Do’s & Don’ts
15Fraud Audit Planning & Execution
4 Analysis & Interviewing
DO’S
• Be objective in your assessment
• Consider the facts
• Know what you say and what you write
• Keep the discussion circle small
• Preserve any evidence through access control
• Protect your work product
• Consider/discuss legal issues with counsel
DON’TS
• Respond emotionally or take any hasty actions
• Immediately confront the subjects
• Damage or mark any (potential) evidence
• Writing on original documents
• Base your investigation on anonymous info, hearsay or opinions
• Limit the scope of your concerns to a specific issue
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
• Purpose of the Deliverable
• Structure of the Report
• All facts must be supported with an exhibits
• The value of the Executive Summary
• Presentation of the report
• Sign off
Reporting & Closure
16Fraud Audit Planning & Execution
5 Reporting & Closure Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Developing Fraud Controls & Anti-Fraud Programmes
17Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
• The regulatory environment
• The elements of fraud to address
• Key components of an anti-fraud regime
• Measuring compliance
Developing Fraud Controls & Anti-fraud Programs
18Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
• Internal control systems should be designed to prevent or detect material
error and fraud
• “Sarbox” is the first regulation where established good practice for anti-fraud
programmes is set out; European legislation is likely to follow suit
• Auditors (will) have a responsibility to give an opinion on the adequacy of
controls, including anti-fraud programmes
The Regulatory Environment
19Fraud Audit Planning & Execution
6 The Regulatory Environment Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
The Elements of Fraud to address
20Fraud Audit Planning & Execution
7 The Elements of Fraud to address
RATIONALIZATION
MOTIVATION OPPORTUNITY
FRAUD
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Key components of an Anti-Fraud regime
INFRASTRUCTURE
• Governance
• Ethics – Fraud Policy/Code of Conduct
• Training and Education
• Communication
• Incident Reporting
Mechanisms
• Intelligence Screening
RISK MANAGEMENT
• Analysis and Implementation –
management fraud risk assessment
• Self Assessment – Management Evaluation
and testing
MONITORING & COMPLIANCE
• Investigation
• Internal Audit
• Remediation
INTELLIGENCE
• Internal: investigation and internal audit findings,
trend analysis
• External: intelligence networks, best practice
KEY COMPONENTS OF AN ANTI-FRAUD REGIME
21Fraud Audit Planning & Execution
8 Key components of an Anti-Fraud regime Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Fraud Prevention & Response
23Fraud Audit Planning & Execution
RESPONSE
PREVENTION
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
PREVENTION
BOARD/AUDIT COMM
INTERNAL AUDIT
FRAUD & MISCONDUCT RA
CODE OF CONDUCT
EXEC/LINE MGT
EMPLOYEE & 3rd PARTY DD
COMMUNICATION&
TRAINING
Fraud Prevention: Control Considerations
• Responsive controls are designed to take corrective action and remedy the
harm caused by fraud or misconduct. These include:
• Internal investigation protocols
• Remedial action protocols
• Enforcement and accountability protocols
• Disclosure protocols
Fraud Response
29Fraud Audit Planning & Execution
11 Fraud Response
RESPONSE
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
28Fraud Audit Planning & Execution
11 Fraud Response
REMEDIAL ACTION
ENFORCEMENT & ACCOUNTABILITY
DISCLOSURE
INTERNAL INVESTIGATION
PROTOCOLS
Fraud Response
34Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
The End
34Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
34Fraud Audit Planning & Execution
Fraud Prevention & Response Developing Fraud Controls & Anti-Fraud ProgrammesInvestigation Life Cycle
Annastacia WachekeForensic Consultant
[email protected] 325 740