Presentation is loading. Please wait.

Presentation is loading. Please wait.

RAISING FRAUD AWARENESS: BEST PRACTICES IN FRAUD RISK ASSESSMENTS

Published byJohnathan Nichols Modified over 5 years ago

Similar presentations

Presentation on theme: "RAISING FRAUD AWARENESS: BEST PRACTICES IN FRAUD RISK ASSESSMENTS"— Presentation transcript:

1 RAISING FRAUD AWARENESS: BEST PRACTICES IN FRAUD RISK ASSESSMENTS
NIDHI RAO, CPA, CFE, CFF, CIA OCTOBER 12, 2017

2 FRAUD DETECTION IS AS SIMPLE AS…

3 DISCUSSION THEMES Tales Cost Risk Assessment

4 Fraud Myths It couldn’t happen to us.
If something happened, it would be discovered quickly. Damage wouldn’t be significant. Most people are honest and won’t commit fraud. Fraud will be detected by our auditors.

5 Ripped from the Headlines
American Indian Charter School II Nancy Dobrowski, Ex-Burnham clerk pleads guilty to stealing more than $700,000 Former Fresno County Employees Accused of Stealing From the Dead

6 Ripped from the Headlines
American Indian Charter School II Mount Sterling Administrator Joe Johnson sentenced to 10 years in prison for theft in office Sedwick County Victim of Phishing Scheme – loss $566K City puts two workers on leave amid fraud inquiry

7 THE COST OF FRAUD Annual Revenues 18 Months $150,000 Indirect
Median Loss Indirect Costs Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

8 VICTIM ORGANIZATION 7.6% 9.0% 33.4% 36.8% 86.7% 85.4%
Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

9 HOW FRAUD IS COMMITTED 7.6% 9.0% 33.4% 36.8% 86.7% 85.4%
Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

10 FRAUDS BY CATEGORY Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

11 FRAUDS BY CATEGORY Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

12 DETECTION OF FRAUD SCHEMES
Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

13 Median Loss Based on Presence of Anti-Fraud Controls
VICTIM ORGANIZATIONS Median Loss Based on Presence of Anti-Fraud Controls Control Percent of Cases Control in Place Control Not in Place Percent Reduction Proactive Data Monitoring/Analysis 36.7% $92,000 $200,000 54.0% Employee Support Programs 56.1% $100,000 $183,000 45.4% Management Review 64.7% 50.0% Code of Conduct 81.1% $120,000 40.0% Internal Audit Department 73.7% $123,000 $215,000 42.8% Formal Fraud Risk Assessments 39.3% $187,000 46.5% Surprise Audits 37.8% $195,000 48.7% External Audit of ICOFR 67.6% $105,000 47.5% Fraud Training for Managers/Executives 51.3% $190,000 47.4% Hotline 60.1% Dedicated Fraud Department, Function or Team 41.2% $192,000 47.9% Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

14 Median Duration Based on Presence of Anti-Fraud Controls
VICTIM ORGANIZATIONS Median Duration Based on Presence of Anti-Fraud Controls Control Percent of Cases Control in Place Control Not in Place Percent Reduction Surprise Audits 37.8% 12 Months 24 Months 50.0% Proactive Data Monitoring/Analysis 36.7% Dedicated Fraud Department, Function, or Team 41.2% Hotline 60.1% Formal Fraud Risk Assessments 39.3% Management Review 64.7% Independent Audit Committee 62.5% Internal Audit Department 73.7% External Audit of Internal Controls over Financial Reporting 67.6% Management Certification of Financial Statements 71.9% Code of Conduct 81.1% 13 Months 45.8% Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

15 VICTIM ORGANIZATIONS Source: ACFE’s 2016 Report To The Nations On Occupational Fraud and Abuse Copyright 2016 by the Association of Certified Fraud Examiners, Inc.

16 Risk Assessment Methodologies – Best Practices
Selective Fraud Presentation

17 12 Points of Focus Involve Appropriate Levels of Management – The fraud risk assessment team includes appropriate levels of management. Include Entity, Subsidiary, Division, Operating Unit, and Functional Levels – The fraud risk assessment team recognizes that frauds can happen at any level or component of the organization. Analyze Internal and External Factors – The fraud risk assessment team considers both internal and external factors and their impact on the achievement of objectives. Consider Various Types of Fraud – The fraud risk assessment team considers a wide range of possible fraud schemes and exposures.

18 12 Points of Focus Specifically Consider the Risk of Management Override of Controls – The fraud risk assessment team understands that catastrophic frauds have been perpetrated by senior members of management overriding existing and otherwise effective controls and focuses on these risks. Estimate the Likelihood and Significance of Risks Identified – The fraud risk assessment team carefully evaluates the probability that each particular fraud could occur and the potential effects on the organization if that particular fraud occurs. Assess Personnel or Departments Involved and All Aspects of the Fraud Triangle – The fraud risk assessment team focuses on incentives and pressures, opportunities, and attitudes and rationalizations to commit fraud.

19 12 Points of Focus Identify Existing Fraud Control Activities and Assess Their Effectiveness – The fraud risk assessment team identifies and evaluates existing controls for effectiveness to determine residual fraud risks that require mitigation. Determine How to Respond to Risks – The fraud risk assessment team’s ultimate goal is to formulate effective and appropriate responses to all fraud risks. Use Data Analytics Techniques for Fraud Risk Assessment and Fraud Risk Responses – The organization uses data analytics to improve the effectiveness and results of the fraud risk assessment.

20 12 Points of Focus Perform Periodic Reassessments and Assesses Changes to Fraud Risk – The organization repeats the risk assessment process periodically and considers changes affecting the organization – including changes in the external environment, operations, personnel, and leadership – that can affect fraud risks. Document the Risk Assessment – The organization understands that the risk assessment serves as the central element of the fraud risk management process and ensures that it is carefully and thoroughly documented.

21 Who Should be Involved? Considerations in assembling the right team:
Individuals with diverse knowledge, skills, and perspectives to lead and conduct the assessment From multiple functions (consider each step in the risk event cycle) Multiple levels (up and down the org chart) The team can include both internal and external resources Independence Expertise in performing assessments

22 Identifying Risks Consider:
Incentives, pressures, and opportunities for fraud/noncompliance Risk of management’s override of controls Population/listing of risks Different methods of perpetrating frauds Drivers of risk

23 Techniques for Identifying and Assessing
Techniques to use: Interviews (structured or semi-structured) Focus groups/workshops (unstructured or semi-structured) Surveys Anonymous feedback mechanisms

24 Questions to Ask What financial reporting areas are susceptible to misstatement? What operational areas are susceptible to misappropriation of assets? Who is in the position to be able to defraud the organization or manipulate the financials? Are there any weaknesses in the internal control system that can be exploited? How could a perpetrator override or circumvent controls? What could a perpetrator do to conceal the fraud? Is a process in place to screen new vendors and employees? How are related parties identified? Are there any red flags of fraud and do the employees know how to identify red flags of fraud?

25 Internal Control Considerations
Distinguish preventive vs. detective Consider risk of override General vs. risk-specific Reference specific policy or procedure that supports the control Map to specific risk(s)

26 Internal Control Design and Operation
Review policies and procedures Consider the risk of override Interview management and employees Observe control activities Test samples of transactions for compliance Data analytics Conduct transaction walk-throughs Review previous audit reports including reports on fraud incidents

27 Assessing Whether Controls are Operating as Designed
If assessment team does not perform controls testing, they need to gain understanding of: Timing—When was the last time the relevant controls were formally tested? Extent—How many transactions were tested and which attributes of the internal controls were tested? Results—Were deviations from expected internal controls discovered?

28 Keep it Alive ! Assessment Collect and Monitor Implement system for collecting new information and monitoring for signs of changes in risk profile At the conclusion of an assessment, implement the mitigation plan Update the assessment or prepare a new one

29 Q & A

Download ppt "RAISING FRAUD AWARENESS: BEST PRACTICES IN FRAUD RISK ASSESSMENTS"

Similar presentations

Chapter 4 Risk Assessment McGraw-Hill/Irwin

Chapter 4 Risk Assessment McGraw-Hill/Irwin
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Control and Accounting Information Systems

Control and Accounting Information Systems
© 2003 by the AICPA SAS 99: Consideration of Fraud in a Financial Statement Audit.

© 2003 by the AICPA SAS 99: Consideration of Fraud in a Financial Statement Audit.
Internal Control.

Internal Control.
11 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
Fraud Auditing Chapter 11.

Fraud Auditing Chapter 11.
Fraud Auditing Chapter 11 By arens et.al.,.

Fraud Auditing Chapter 11 By arens et.al.,.
Indiana State University Forensic Accounting By Dr. Thomas D. Harris.

Indiana State University Forensic Accounting By Dr. Thomas D. Harris.
Management Fraud and Audit Risk

Management Fraud and Audit Risk
© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F.

© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F.
Planning the Audit; Linking Audit Procedures to Risk

Planning the Audit; Linking Audit Procedures to Risk
Review of Introduction to Auditing

Review of Introduction to Auditing
SAS 99: Consideration of Fraud in a Financial Statement Audit Based upon AICPA 2003 overview available at

SAS 99: Consideration of Fraud in a Financial Statement Audit Based upon AICPA 2003 overview available at
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Managing Fraud Risk in Higher Education 2014 UNC Fall Controller's Workshop November 10, 2014 David A. King, CPA, CFE – Director, Special Investigations.

Managing Fraud Risk in Higher Education 2014 UNC Fall Controller's Workshop November 10, 2014 David A. King, CPA, CFE – Director, Special Investigations.
The Information Systems Audit Process

The Information Systems Audit Process
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
Fraud detection and prevention

Fraud detection and prevention

Similar presentations

Ads by Google