fraud risk management training - elsam management consultants
Post on 13-Sep-2014
463 views
DESCRIPTION
Fraud, Why fraud, types of fraud, distinction between fraud and corruption, fraud red flags Fraudsters, anti-fruad programs and fraud investigationTRANSCRIPT
![Page 1: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/1.jpg)
www.elsamconsult.com 1
EMAC
Fraud Risk Management
Part IIADVANCED RISK
MANAGEMENT WORKSHOPSTELLA MARIS HOSTEL
Bagamoyo 9TH -11TH April,2014
![Page 2: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/2.jpg)
www.elsamconsult.com 2
EMAC
Operational Risk Nature of fraud risk- Operational Risks What is fraud and fraud risk? Necessity of anti-fraud training Fraud risk factors Group exercise: fraud risk factors or 3 Cs
Coverage
![Page 3: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/3.jpg)
www.elsamconsult.com
EMAC
• Operational risk attaches itself to people, systems and process
• Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.
• It includes other risks such as legal risks, physical risks, political risks and environmental risks
• Fraud is part of operational risk in any organization Internal fraud such as tax evasion, assets
misappropriation, bribery, corruption and larceny External fraud such as theft, forgery, hacking and
information theft
3
Introduction
![Page 4: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/4.jpg)
www.elsamconsult.com 4
EMAC
Credit Risk
Market Risk
Operational Risk
Compliance Risk
Information Risk
Data Risk
Other Risk
Basic Strategic ERM Integrated
Evolution of Operational Risk
![Page 5: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/5.jpg)
www.elsamconsult.com 5
EMAC
• Joint McKinsey finds have shown that risk management has not been able to prove its value to organization
• Operational risk is seen as immature discipline that has often not proven its value to organization
• There is evidence that operational risk can be destructive as market loose faith in management and control following large events (Enron Case)
• The discipline is focused more on measurement than on management
Perception on operational Risk
![Page 6: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/6.jpg)
www.elsamconsult.com 6
EMAC
“obtaining a comprehensive measure of fraud’s financial impact is challenging, if not impossible due to the fact that fraud inherently involves efforts at concealment. Many fraud cases will never be detected, and of those that are, the full amount of losses might never be determined or reported. Consequently, any attempt to quantify the extent of all fraud losses will be, at best, an estimate”
Why is Fraud a Major Operational Risk
![Page 7: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/7.jpg)
www.elsamconsult.com 7
EMAC
The Cost of Fraud & Corruption
![Page 8: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/8.jpg)
www.elsamconsult.com
EMAC
• Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain.
• Misconduct is also a broad concept, generally referring to violations of laws, regulations, internal policies, and market expectations of ethical business conduct.
• It is an intentional act by one or more individuals among management , those charged with governance, employee or third parties involving the use of deception to obtain an unjust or illegal advantage
8
What is fraud?
![Page 9: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/9.jpg)
www.elsamconsult.com 9
EMAC
Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering loss and/ or the perpetrator achieving a gain. ACFE
Corruption is the abuse of public or private office for personal gain. It includes acts of bribery, embezzlement, nepotism or state capture. It is often associated with and reinforced by other illegal practices such as bid rigging, fraud or money laundering. OECD
What is fraud? Perspectives ..
![Page 10: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/10.jpg)
www.elsamconsult.com 10
EMAC
Fraud is …. Fraud is not …..
Intentional Taken by physical force
To trick or deceive someone out of his/her assets
Victimless
Theft Insignificant because no one is hurt
A crime Acceptable or justifiable
Characteristics of Fraud
![Page 11: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/11.jpg)
www.elsamconsult.com 11
EMAC
Fraud commonly includes activities such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion.
It involves using deception to dishonestly make a personal gain for oneself and / or create a loss for another.
Scope of Fraud
![Page 12: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/12.jpg)
www.elsamconsult.com 12
EMAC
• Pressure on employee to misappropriate cash or organizational assets
• Employees/people committing fraud are not career criminals, they are trusted employees
• Dr. Donald Cressey, a criminologist developed a model to get reasons for why people in trust commit fraud (Case Study II)
• Model is referred as fraud triangle
Why people commit fraud?
![Page 13: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/13.jpg)
www.elsamconsult.com 13
EMAC
• Most of fraudsters are first time offenders with no criminal past and therefore don’t view themselves as criminals (See Arthur Andersen case)• They must always justify the crime in a
way that makes it an acceptable and justifiable act (rationalization) e.g. I was underpaid, my employer cheated me, my employer is dishonest, I was entitled to the money or I was only borrowing money.
Causes of Fraud - Rationalization
![Page 14: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/14.jpg)
www.elsamconsult.com
EMAC Frau
d
Pressure or
Incentive
Rationalization
Opportunity
14
What causes fraud?- Fraud Triangle
All the three factors must be present for fraud to occur, if any one of the three is missing, fraud will not occur
![Page 15: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/15.jpg)
www.elsamconsult.com
EMAC
15
Why fraud happens?
Fraud Need/Rationalization•Every one Does it•Simply borrow-money
PressureUnrealistic Corporate Target can
Force Employees toCommit fraud
Opportunity- due to weak And override of controls
![Page 16: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/16.jpg)
www.elsamconsult.com 16
EMAC
• It is a perceived non-sharable financial pressure• Non-Shareable involves some sort of
embarrassment, shame or disgrace• It is the first motivation for crime• A person may have financial problem that cannot
be solved through legitimate means Consideration for illegal acts such as stealing cash or
falsifying a financial statement as a way to solve problem
It can be deep personal debt or a job/business is in jeopardy e.g. Desire for status symbol eg. Big house, nicer car; need to meet productivity targets; drug or gambling addition or inability to pay bills ( See the Enron Case Study)
It can sexual addiction and importance of status
Causes of Fraud (Pressure/Incentive)
![Page 17: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/17.jpg)
www.elsamconsult.com 17
EMAC
• It is a perceived opportunity defining method by which crime can be committed
• Involves uses of position of trust to solve financial problems
• It is critical that the fraudster be able to solve problem in secret since motivation is over the status
• Always the fraudster will act in secret e.g. forcing bank reconciliation to balance if he had paid a cheque to oneself ( See a case of TV show)
Causes of fraud (Opportunity)
![Page 18: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/18.jpg)
www.elsamconsult.com 18
EMAC
• Not applicable to professional fraudsters or predatory employees ( employees taking job with intent to stealing from the employer)
• Rationalization is only necessary for first commitment of fraud and afterwards it is abandoned
Fraud Triangle - Limitations
![Page 19: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/19.jpg)
www.elsamconsult.com 19
EMAC
• Reduce pressures on employees that might push them to committing fraud
• Reduced perceived opportunities to commit fraud
• Dispel rationalization for engaging in fraudulent conduct
• Sanctions does not work, why Fraudsters never think that they can be
caught in a perceived opportunity Fraudsters always rationalize their conduct Sanctions are only secondary
consideration
Fraud Triangle-Deterrence measures
![Page 20: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/20.jpg)
EMAC
20
Types of fraudFraudulent Financial Reporting
Asset Misappropriation
Other Questionable or Improper Business Practices
Manipulation, falsification/alteration of records or documents
Misappropriation of assetsSuppression or omission of the effect of
transaction from records or documentsRecording transaction without substanceMisapplication of accounting principlesThese can be elaborated on th
is presentation
![Page 21: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/21.jpg)
www.elsamconsult.com 21
EMAC
Types of Internal Fraud
![Page 22: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/22.jpg)
www.elsamconsult.com
EMAC
• Aggressive application of accounting codes• Information provided unwillingly or after
unreasonable delay• Unsupported transactions• Fewer confirmation responses• Evidence of unduly lifestyle by officers or
employees• Long outstanding imprest balances• Poor documentation• False & improper entries in records• Unauthorized payments• Unauthorized use of corporate assets• Misapplication of funds
22
Fraud Indicators (Red Flags)
![Page 23: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/23.jpg)
www.elsamconsult.com
EMAC
Undue secrecy• Questionable practices• Significant manager or director transactions• Drop of sales or earnings• Aggressive accounting treatment• Posting of transactions to headquarters• Receipt of poor quality goods• Related party arrangements• Weak security checks for employees• Delay in submission of reports
23
Fraud Indicators (Red Flags)
![Page 24: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/24.jpg)
www.elsamconsult.com
EMAC
• Flouting directives and regulations• Personal interest • Uncorrected entries and stock adjustments• High fly management decisions• Incompatible functions done by one
person• Misuse of computer for private business• Frequent use of allocated issue voucher
even when the system is available• Questionable system adjustments
24
Fraud indicators (Red flags)
![Page 25: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/25.jpg)
www.elsamconsult.com
EMAC
• Unauthorized transactions• Cash shortages• Unexplained variation in prices• Missing documentation• Excessive refunds• Living beyond ones means• Drug and alcoholic abuse• High personal debt/loses• Compulsive gambling/stock speculation• Risk of increase IT, increases the risk of
manipulation, access control25
Fraud Indicators
![Page 26: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/26.jpg)
www.elsamconsult.com
EMAC
• Management Environment Pressure Management style and attitude
• Competitive and business environment e.g. technology
• Employee relationship ( spouse receiving non competitive contract)
• Attractive assets • Internal controls• Lack of separation of duties• Too much trust placed on few
employees26
Fraud Indicators
![Page 27: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/27.jpg)
www.elsamconsult.com 27
EMAC
Fraud Risk Indicators
![Page 28: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/28.jpg)
www.elsamconsult.com 28
EMAC
Common Red-Flags
![Page 29: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/29.jpg)
www.elsamconsult.com 29
EMAC
Red Flags Data
![Page 30: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/30.jpg)
www.elsamconsult.com
EMAC
• Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraud– Personal pressures– Individual performance targets– Infiltration by organised crime
• Controls may be overridden or ignored by certain individuals:– Powerful (overrides controls, staff intimidated)– Successful (not to be bothered, too busy earning money)– Trusted (responsibility has moved beyond their job description)
30
Personal Fraud indicators
![Page 31: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/31.jpg)
www.elsamconsult.com
EMAC
31
Managing Fraud -Forces
Entity Governance and Responsibility
Code of Ethics Staff
Regulations
Director & Officer Liability
Internal Audit
Risk Management
Business Plan and Budget
Procurement and Finance Acts
Customer Service Surveys
Stakeholders pressures
Reputation and Credibility
![Page 32: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/32.jpg)
www.elsamconsult.com
EMAC
• Rapid increase of activities Weak competition• Rapidly growing sales• Relatively high profitability• ….. In such an environment, effective anti-
fraud measures can be ascribed low priority or be undetected because the current level of profitability allows for fraud losses to be absorbed within existing profit margins.
• …. Consider tough times ahead…. More competition, changing government regulations?
32
Business environment
![Page 33: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/33.jpg)
EMAC
Elements of Fraudster
Makes false representation or willful omission regarding a material fact.
The fraudster knew the representation was false.
The target relied on this misappropriation.
The victim suffered damages or incurred a loss
![Page 34: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/34.jpg)
EMAC
Fraudster
The analysis of the constantly changing nature of fraudster can held organizations stiffen their defenses against fraud
A typical fraudster is 35 to 45 years of age Employed in an executive Finance operations Sales and marketing Six years of employment Intelligent and passionate of work
![Page 35: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/35.jpg)
EMAC
Characteristics of a Fraudster
Likely to be married. Member of a church or mosque Educated beyond high school. No arrest record. Age range from teens to over 60. Socially conforming. Employment tenure from 1 to 20 years. Acts alone 70% of the time. Growing use of technology
![Page 36: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/36.jpg)
EMAC
Characteristics of a Fraudster First-time offenders.
Losses from fraud caused by managers and executives were 3.5 times greater than those caused by non-managerial employees.
Losses caused by men were 3 times those caused by women. [53% males; 47% females]
Losses caused by perpetrators 60 and older were 27 times those caused by perpetrators 25 or younger.
Losses caused by perpetrators with post-graduate degrees were more than 3.5 times greater than those caused by high school graduates.
![Page 37: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/37.jpg)
EMAC
Characteristics of a FraudsterYesterday, today and tomorrow
Egotistical Risk taker Hard Worker Greedy Disgruntled or a
complainer Overwhelming
desire for personal gain
Pressured to performManagement frequently regards fraud risk as a single dot on
the risk matrix, not always fully appreciating its real nature and extent
![Page 38: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/38.jpg)
EMAC
Characteristics of Fraudster
![Page 39: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/39.jpg)
EMAC
Characteristics of Fraudster Impact of collusion
It account 29% of known fraud It is insiders who take the lead, since they tend to
identify the opportunity and to know the soft spots of the company’s defense
More than 42% of fraudsters had worked with the company more than six years
Collusion cannot be present when people act alone Most detection is mostly from informal tip off by 22%
and formal whistle blowing by 19% Cyber fraud is mostly perpetrated by collusion
We expect employees and managers managing fraud opportunities to continue to threaten companies future
![Page 40: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/40.jpg)
www.elsamconsult.com 40
EMAC
Where the fraudster works?
![Page 41: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/41.jpg)
www.elsamconsult.com 41
EMAC
Which source of fraud type?
![Page 42: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/42.jpg)
www.elsamconsult.com 42
EMAC
June 2013, Corruption swallows 25% of Africa GDP according to World Bank survey. Africa loses $148 billion annually because of corruption, a survey by World Bank has indicated
Corruption to increase costs of achieving the UN millennium Development Goals on water and sanitation by US $148 billion
Astonishing facts
![Page 43: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/43.jpg)
EMAC
Tips for fraud Specialist “Finding fraud is like trying to load frogs on to a
wheelbarrow.”To be a forensic auditor, you have to have a knowledge of fraud, what fraud looks like, how it works, and how and why people steal. Source: Robert J. Lindquist "Finding fraud is like using a metal detector at a city
dump to find rare coins. You're going to have a lot of false hits."
- D. Larry Crumbley
“Fraud can be best prevented by good people asking the right questions at the right time.”
- Michael J. Comer
![Page 44: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/44.jpg)
EMAC
Tips for Fraud Specialists
Changing techniques1. Tips from employees (26.3%).2. By accident (18.8%).3. Internal audit (18.6%).4. Internal controls (15.4%).5. External audits (11.5%).6. Tips from customers (8.6%).7. Anonymous tips (6.2%).8. Tips from vendors (5.1%).Therefore, 46.2% from tips.
![Page 45: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/45.jpg)
EMAC
Tips for Fraud Specialist1. Strong Internal Controls (1.62)2. Background checks of new employees (3.70)3. Regular fraud audit (3.97)4. Established fraud policies (4.08)5. Willingness of companies to prosecute (4.47)6. Ethical training for employees (4.86)7. Anonymous fraud reporting mechanisms
(5.02)8. Workplace surveillance (6.07)
1 = Most effective8 = Least effective
Source: 2002 Wells Report
![Page 46: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/46.jpg)
EMAC
Tips for Fraud Specialist Assume there may be wrong doing. The person may not be truthful. The document may be altered. The document may be a forgery. Officers may override internal
controls. Try to think like a crook. Think outside the box.
![Page 47: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/47.jpg)
EMAC
Tips for Fraud SpecialistAccording to KPMG, typically, a fraudster is perceived as someone who is greed and deceitful by nature. However, as this analysis reveals, many fraudsters work within entities for several years without committing any fraud, before an influencing factor-financial worries, job dissatisfaction, aggressive targets, or simply an opportunity to commit fraud-tips the balance
![Page 48: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/48.jpg)
www.elsamconsult.com
EMAC
What are they?1. Reviewed and Strengthening of internal
controls2. Periodic compliance audit3. Employee hotline4. Appointed compliance personnel5. Establish and implement code of conduct for all
employees6. Conducted background check for hires with
budgetary responsibility7. Instituted fraud awareness training8. Tied employee evaluations to ethics or
compliance objectivesWhat is your answer on the above from 0-10 48
Do we have any fraud mitigation?
![Page 49: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/49.jpg)
EMAC 49
EMAC
Iceberg Theory of Fraud
Covert AspectsAttitudesFeelings (Fear, Anger, etc.)ValuesNormsInteractionSupportivenessSatisfaction
Overt AspectsHierarchyFinancial ResourcesGoals of the OrganizationSkills and Abilities of PersonnelTechnological StatePerformance Measurement
Behavioral Considerations
Water line
Structural Considerations
The Iceberg Theory of Fraud
![Page 50: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/50.jpg)
www.elsamconsult.com
EMAC
50
Fraud Risk Management TechniquesManagement
Internal Audit Internal Controls Whistle-blowing
Reliance
?
![Page 51: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/51.jpg)
www.elsamconsult.com 51
EMAC
Fraud risk identificationFraud risk assessment Similar Procedures used in the ERM process discussed previously
Fraud Risk Identification and Assessment process
![Page 52: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/52.jpg)
www.elsamconsult.com 52
EMAC
What is fraud risk identification
![Page 53: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/53.jpg)
www.elsamconsult.com 53
EMAC
What is fraud risk assessment
![Page 54: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/54.jpg)
www.elsamconsult.com 54
EMAC
Fraud Risk Assessment
![Page 55: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/55.jpg)
www.elsamconsult.com 55
EMAC
Source of Date to Assess Fraud Risks
![Page 56: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/56.jpg)
www.elsamconsult.com 56
EMAC
Anti Fraud Programs
![Page 57: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/57.jpg)
www.elsamconsult.com 57
EMAC
Building blocks in Fraud Management
![Page 58: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/58.jpg)
www.elsamconsult.com
EMAC
• Good controls on paper are not strictly followed in practice
• Grey areas in the rules – open to interpretation• Lack of segregation of duties• Collusion• Management override• Failure of senior management to lead by
example• Bureaucracy &/or formulaic compliance• Failure to share knowledge of fraud
experience, control weaknesses and control improvements
• Clash of cultures
58
Controls Barriers
![Page 59: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/59.jpg)
EMAC
www.elsamconsult.com 59
Objectives of Fraud Risk Management
PreventionDetectionResponse
controls designed to reduce the risk of fraud and misconduct fromoccurring in the first placecontrols designed to discover fraud and misconduct when it occurs
controls designed to take corrective action and remedy the harmcaused by fraud or misconduct
![Page 60: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/60.jpg)
www.elsamconsult.com 60
appropriately if discovered
occurrence
fraud and misconduct
Fraud Risks Management - Measures
Detect
Respond
Prevent
![Page 61: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/61.jpg)
www.elsamconsult.com 61
Fraud Risk Management - components
![Page 62: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/62.jpg)
EMAC
• Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable.
www.elsamconsult.com 62
Fraud risk assessment
Likelihood
Sign
ifica
nce
/ Im
pact
Qualitative factors in the assessment include:• the accounting system• complexity, volume and nature of transactions• internal controls in place• compliance, training and monitoring
Incorporates the views of:• management;• control functions;• line employeesManagement are then able to:
• Prioritise identified risks and evaluate the existing controls• Link each risk to specific controls and commit resources to implement any enhancements
![Page 63: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/63.jpg)
EMAC
Surveys suggest that:1. Over 50% of frauds are discovered as a result
of information provided by staff2. Losses after an introduction of a whistle-
blowing hotline can be reduced by up to 60%.3. Staff prefer the following reporting channels:
57%: a telephone hotline; 20%: conventional mail; and 16%: e-mail.
www.elsamconsult.com 63
Fraud Risk Management Experiences
Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse
![Page 64: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/64.jpg)
EMAC
www.elsamconsult.com 64
FRM – Hotline best practicesConfidentiality
Anonymity AvailabilityAssistance – Real TimeProceduresClassify & Notify
Communicate
All matters treated confidentially; reported on a need to know basisProcess should allow for anonymous submission & resolutionShould be available in remote outposts, not just head officeA ‘live’ response – operators need to be qualified, trained & able to provide adviceConsistent protocols to gather information and manage the callQualified staff assess the allegation; protocols establish basis for escalation & investigationPublicise the hotline prominently; commit to, & test for, non-retaliation
![Page 65: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/65.jpg)
EMAC
www.elsamconsult.com 65
FRM - Response• Objective is to take corrective action &
remedy the harm caused by fraud or misconduct:
• Examine the primary cause of the control breakdown, ensuring that risk is mitigated and controls are strengthened.
• Discipline those involved in the inappropriate actions, as well as those in management positions who failed to detect or prevent such events.
• Communicate to the wider population of employees that management took appropriate, responsive action.
![Page 66: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/66.jpg)
EMAC
Consideration should be given to:• Data and information gathering;• Interviewing techniques;• Appropriate resource;• Analytical tools such as data mining;
and• Organisation intelligence information.
• My first fraud investigation Videowww.elsamconsult.com 66
FRM - Basis of Investigation
![Page 67: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/67.jpg)
www.elsamconsult.com
EMAC
• Once the symptoms of fraud are found and additional tests have indicated that there is a strong possibility of fraud, the review enters the formal investigation phase
• Investigator must know;Results of investigation can be used later as an educational tools for auditors, fraud investigators and other employees (See a Case of Forensic Accountant)
67
Fraud investigation
![Page 68: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/68.jpg)
EMAC
• Briefing management, followed by terms of reference detailing the initial scope of work
• Communication with parties involved e.g. Internal audit, audit committee and accounting staff
• Determining the extent of fraud• Interviewing the defrauder ( only if fraud is
known with certainty) • Investigating the known area with detailed
audit test. E.g. Procurement tendering, wages, cash debtors and stock, payroll
• Report to the management on the findings, with copies to interested parties e.g. Internal auditor, audit committee.www.elsamconsult.com 68
Fraud investigation- stages
![Page 69: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/69.jpg)
EMAC
• Circumstances which led to investigation
• Fraud discovered and their extent• Identity of the defrauder• Effects on the reported profit of
the past period• Effects on f/s of current periods
www.elsamconsult.com 69
Investigation – details of report
![Page 70: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/70.jpg)
www.elsamconsult.com
EMAC
• IC weakness which allowed the fraud and recommendations for eliminating them
• Report of any interviewing with the defrauder, including offers of restitution etc, which may be relevant to management in deciding what action, if any they should take against him/her
• If there is any suggestion that the internal auditors has been negligent the extent of claim against him.
70
Investigation – details of report
![Page 71: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/71.jpg)
www.elsamconsult.com
EMAC
Investigator should Consider the potential effects in F/sWhere the fraud is material the auditor should modify the audit procedures so as to perform procedures appropriate to circumstances depending on the type of the fraud/error suspected, the likelihood of their occurrence and extent of damage in the F/s
71
Action upon proof of fraud or error
![Page 72: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/72.jpg)
EMAC
• If some proof of fraud exists, management has several options
Cause a deeper audit to be done if amount of loss appears substantial
Terminate employee responsible if loss is minimal
File a claim to recover a loss from clients fidelity insurance agent
Arrange with law enforcement agents to probe into the matter
www.elsamconsult.com 72
Action upon proof of fraud or error
![Page 73: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/73.jpg)
www.elsamconsult.com
EMAC
• If some proof of fraud exists, management has several options
Engage a private investigator to probe into the loss and document it for claim purpose/prosecution
Disregard losses if minimal and tighten controls
Alert the directors, audit committees or the Board
73
Action upon proof of fraud or error
![Page 74: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/74.jpg)
www.elsamconsult.com
EMAC
• Strong internal Control System is not a warrant from fraudEntity should have an effective anti-fraud and corruption strategy which is aimed at encouraging prevention, promote early detection and respond to concern raised
Awareness programs to employeesScreening job applicantsSound corporate policy on fraudAVOID atmosphere of distrust and paranoia by over-emphasising fraud deterrence measures. 74
Fraud deterrence measures
![Page 75: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/75.jpg)
www.elsamconsult.com 75
EMAC
• Management should ensure enforcement of compliance with operations SOPs
• Risk management function should be embedded in business activities
• Internal audit should be proactively risk based
Fraud Deterrence –three lines of defense
![Page 76: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/76.jpg)
EMAC
• It is important to stick to facts, and to discount hearsay, rumour, or opinion and record what is relevant to the cause of the incident and its effect
• Audit reports on fraud and other improprieties should be addressed to the right person who can take actionwww.elsamconsult.com 76
Fraud Risk Reporting
![Page 77: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/77.jpg)
EMAC
Report must contain all details of fraud Must provide framework to analyse the
fraud case Must enable the user to develop improved
management and security policies and detect and prevent fraud.
Investigation and reporting should proceed in such a way that the outcome will be litigated. Recording exact times, data, names of person and specific; description of evidence are critical in civil or criminal investigation or litigation
www.elsamconsult.com 77
Fraud reporting
![Page 78: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/78.jpg)
www.elsamconsult.com 78
EMAC
Managing Fraud is Your professional Responsibility Management Commitment Recognize Relevant Fraud Schemes Identify High Key Risk indicators Establish Prevention/Detection /Responsive
Measures
Conclusion
![Page 79: Fraud risk management training - Elsam Management Consultants](https://reader035.vdocuments.mx/reader035/viewer/2022062923/5414e4ed8d7f724d6c8b4755/html5/thumbnails/79.jpg)
www.elsamconsult.com 79
EMAC
PRMIA GARP IRM PERI
Sources of Learning