Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Changing Faces of Fraud and Performing Fraud Risk Assessments

Published byJonah Wells Modified over 6 years ago

Similar presentations

Presentation on theme: "The Changing Faces of Fraud and Performing Fraud Risk Assessments"— Presentation transcript:

1 The Changing Faces of Fraud and Performing Fraud Risk Assessments
Farhan Zahid, Senior Manager Carolyn Zhou, Senior Consultant Deloitte & Touch LLP December 1, 2017

2 Agenda Introduction What does a fraudster “look” like? – “Internal” or “Traditional” Fraudster A Brief Look at Fraud Around the Globe How to Address the “Internal” or “Traditional” Fraudster Cyber Crime/Fraud What does a fraudster “look” like? – Cyber Fraudster Performing Fraud Risk Assessments

3 Introduction What is Fraud? What are the types of Fraud?
As defined by the Institute of Internal Auditors: “Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage.” What are the types of Fraud? Internal: illegal acts of employees, managers and executives against the company External: illegal acts of outsiders (non-employees) against a company The activity: Is clandestine Violates the perpetrator’s fiduciary duties to the victim organization Is committed for the purpose of direct or indirect financial benefit to the perpetrator Costs the employing organization assets, revenue or reserves How are changing the way we look at Fraud? Old model-informants, whistleblowers, hotlines, reading newspapers New model-risk of random review, error rate measurement, quality assessment New model-data integration, mining, analysis (e.g., Medstat, salient, fair isaac, entity analytics)

4 What does a fraudster “look” like? -
“Internal” or “Traditional” Fraudster

5 The Internal Fraudster — Which department?
The Internal Fraudster — How Old? Statistics from the 2016 ACFE Report to the Nation on Fraud

6 The Internal Fraudster — On the surface
— Beneath the surface Long-time employee Gambler Position of trust Drug or alcohol problem Appears to be extremely dedicated Behavioral changes Unexplained cash or other wealth Financial Issues Always willing to help out and put in extra hours Extramarital affairs Hostility to management General disenchantment with compensation

7 The Internal Fraudster — Educational background
Source: 2016 ACFE Report to the Nation on Fraud

8 The Internal Fraudster — Effects of tenure
Direct correlation between length of time employed and size of fraud losses Employees with 10 or more years of tenure caused median fraud losses of $250,000 Employees with less than one year of tenure caused median fraud losses of $49,000 Source: 2016 ACFE Report to the Nation on Fraud

9 The Internal Fraudster — Effects of gender
Male perpetrators accounted for 65% of cases with median fraud losses of $187,000 (2016) Female perpetrators accounted for 35% of cases with median fraud losses of $100,000 (2016) Source: 2016 ACFE Report to the Nation on Fraud

10 A Brief Look at Fraud Around The Globe

11 Corruption perception index
Source: Transparency International

12 Brazil Overview Legislation/remediation Specific risks Common risks
Brazil Overview Legislation/remediation Brazil’s Clean Company Act 2014 (Law No. 12,846) is the country's first anti-corruption law to hold companies responsible for their employee’s corrupt actions.  Criminal Organizations Enforcement Act (Act 12,850/2013) introduced the possibility of actual declination of prosecution in exchange for full cooperation of the offender Confiscation of assets Suspension in part or in whole of the company’s operations Debarment from contracts, receiving tax breaks and other incentives from the Brazilian government for a minimum of one year to a maximum 5 years Compulsory company dissolution. Fines range from 0.1 per cent to 20 per cent of the company’s gross revenue Publication of the judicial decision 2016 Corruption Perception Index Score: 40 (Rank 79 out of 176) Adopted the OECD Anti-Bribery Convention Regulatory bodies frequently involved: PROCON CADE Specific risks Judicial System- local political and economic interests have a heavy influence Police- The police force is entrenched in corruption, violence and acts with impunity Public Services- Inefficient and excessive bureaucracy Land Administration- powerful landlords have a strong influence on the local judiciary and police forces Complex tax laws that increase risk to reduce assessments and liabilities Tax Administration-Companies have been tempted to engage in tax evading activities because of the enormous complexity and burden the tax system imposes on them Customs Administration- Companies assess the border administration to be inefficient, features poor time-predictability, and prone to irregular payments  Common risks Organized Crime- The country has the world’s second largest domestic cocaine market after the United States and the world’s largest domestic crack cocaine market Flood-economic losses of about USD 1.4 billion annually on an average High levels of poverty and violent crime in shanty-towns (favelas) in most Brazilian cities Brazil has a high road accident rate and in rural areas the quality of roads and standards of driving for trucks and buses is poor. 

13 India Overview Legislation/remediation Specific risks Common risks
2016 Corruption Perception Index Score: 40 (Rank 79 out of 176) Increasing enforcement by the following agencies: Central Vigilance Commission Central Bureau of Investigation Lokpal State Ombudsman Right to public services legislation- Guarantee time bound delivery of services for various public services rendered by the government to citizen Anti-corruption laws- Black Money (Undisclosed Foreign Income and Assets) and Imposition of Tax Act 2015, Whistleblowers’ Protection (Amendment) Bill 2015 Electoral Reforms- A number of ideas have been in discussion to improve the efficiency and effectiveness of electoral processes in India. Specific risks Economic Risks- India has Asia’s oldest stock market and a fairly vigorous regulatory system for equities and debt. The economic risks of doing business in India have more to do with inflation and with lack of fiscal discipline at the government level Political Risk- Pressure from the public or specific interest groups are sometimes responsible for political backtracking that has affected foreign companies; the decision to permit foreign investment Public Services- Companies are likely to encounter red tape, petty corruption, bribery and facilitation payments when dealing with India's public administration Tax Administration- Corruption and bribery present low to moderate risks for companies dealing with India's tax administration.  Natural Resources-  illegal mining of sand in India; with the bribery of local officials and police further exacerbating the problem Common risks India’s increased vulnerability to a recovery in oil prices- Since, October 2016, India has increased its reliance on foreign, primarily Middle Eastern, oil imports by 20% Kashmir remains a source of tensions between India, Pakistan and the separatists of the region Poverty remains pervasive and income distribution uneven Structural weaknesses include inadequate infrastructure, current and fiscal account deficits and state involvement crowds out private sector initiatives in some sectors Weak structural business environment A weak banking system is still a matter of concern: gross non-performing loans ratios was 7.5% in FY (from 4.3% in FY

14 Russia Overview Legislation/remediation Specific risks Common risks
2016 Corruption Perception Index Score: 29 (Rank 131 out of 176) Adopted the OECD Anti-Bribery Convention Anti-Corruption Office recently created by the presidential administration Bribery in a commercial organization – Article 204  Mediation in bribery in a commercial organization – Article 204.1 Bribe taking by a civil servant – Article 290 Russian Federal Anti-Corruption Law No. 273 requires domestic and foreign companies operating in Russia to implement extensive compliance programs. Specific risks EU Sanctions- The UK Government and other international partners are putting hard effort to bring the Minsk and other pressures  Human Rights- Russia is a country of concern for human rights issues Corruption and weak corporate transparency is another major ongoing risk for investors. Economic Context- The IMF does however expect Russia to return to limited growth in 2017 and 2018, predicting growth rates of 1.1 and 1.2% respectively Common risks High vulnerability to global oil price shocks Prone to capital flight Exchange rate remains vulnerable to volatility and sudden depreciation Prolonged recession has adversely affected corporate profitability Poor rule of law and high level of perceived corruption Geopolitical risks: Conflict with Ukraine and serious dispute with the West over that conflict (including sanctions and counter-sanctions).

15 Examples: 2012 to 2017 Industry Allegations Country Sports
2016 Rio Summer Olympics and 2014 FIFA World Cup- Construction Bribery Brazil Oil & Natural Gas Oil company Petrobras – A pioneer in offshore oil exploration and production – has sunk into a gigantic web of corruption  Political Top ranking government officials linked with a wide array of cases from drug smuggling to gasoline smuggling Venezuela UN General Assembly John Ashe, former president of the U.N. General Assembly took part in a $1 million bribery scheme with a Chinese businessman who wanted to build real estate8 UN Automobile Volkswagen Emissions Scandal- company officials were setting up elaborate systems to lie to customers and get around pollution controls.  Germany Electronics Toshiba Accounting Scandal- it had overstated its earnings by nearly $2 billion over seven years Japan Technology and Political South Korea saw the start of a massive corruption scandal involving its political and business elite that brought down its first female president Park Geun-hye South Korea Pharmaceuticals Valeant's Secret Division- using a specialty pharmacy company Philidor to artificially inflate its sales. US

16 How to Address the “Internal” or “Traditional” Fraudster

17 How to address Getting The Truth Navigating Politics
Maintain an attitude of professional skepticism Investigate what does not make sense Trust your instincts Beware of trust over reason Good interviewing and observation skills are key Look for signs of deceptive behavior Do not ignore information or data Fear of the consequences Focus on what you need to know Professional reassurance – rationalism, unbiased How to know if you are always getting the truth? Is it always possible? Internal and external politics affecting the meeting Pressures in the room. Possibility of one on one time? Ask questions again when necessary to each individual Whistleblower hotline?

18 The Internal Fraudster — How do they attempt to fool, distract and undermine
Overloading Attaching false time frames Taking advantage of perceived fears Killing time with trivia Exploiting expected scopes Exploiting historically low-risk areas Exploiting complex areas Predicting cycle audits Making staff unavailable/Stalling Filtering of information Not updating procedures Discrediting the auditor

19 Changing Speech Patterns
Deceptive Behaviors Non-verbal Verbal Wiping Sweat Hand Wringing Changing Speech Patterns Repeating Questions People tend to shift their feet or body towards the door Crossing the arms is a subconscious message of defense and of closing down Biting Lip Scratching Selective Memory Making Excuses

20 Lies Tough to tell the difference between lies and an honest person under stress Indicators of lying: Level of detail being provided Tone of voice, unusual body language Inconsistency when changing viewpoints Concealment of anger, distress or fear Lifting just the inner part of the eyebrow (Distress>85%) Eyebrows raised and pulled together (Fear) Narrowed, tightened lips or lopsided smile (Anger) No absolute clues to lying, only indicators. It is very spontaneous.

21 Cyber Crime/Fraud

22 The Computer Fraud and Abuse Act (CFAA)
What is Cyber Crime? Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet. The Computer Fraud and Abuse Act (CFAA) The Computer Fraud and Abuse Act (CFAA) was enacted by Congress in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. It was written to clarify and increase the scope of the previous version of 18 U.S.C. § 1030 while, in theory, limiting federal jurisdiction to cases "with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.“

23 Prominent Cyber Fraud Schemes
Identity Theft Credit card/Retail Purchase Fraud Medical Identity Theft “Catfishing”/Direct Solicitations The Nigerian Scam Hitman Scam Re-Shippers/Call-Tag Scam Work at Home Schemes Job Offers Schemes Phishing Pharming Smashing Auction and Retail Sites Stock Market Manipulation

24 Cyber Crime Around the World
Continent % of Fraudulent Transactions Countries Representing Highest Fraudulent Transactions Focus Areas Top Offenses Africa 7% Nigeria, Ghana Online dating, retail websites Credit card fraud, identity theft, profile misrepresentation, and online scams and solicitations Asia 5% Bangladesh, Vietnam and India Retail websites, online dating and massively multiplayer online gaming Credit card fraud, identity theft and shipping fraud, theft of virtual goods South America 4% Chile, Brazil Retail websites, gaming and online dating Credit card fraud and identity theft Europe 2% Poland, Romania, Portugal Retail, dating, gaming, gambling, financial services, travel and telecommunications Credit card fraud, identity theft, spam and solicitations North America 1% Mexico Retail, gaming, financial services, travel and logistics Statistics from the "CYBER FRAUD: THE WORSENING THREAT“ -

25 What does a fraudster “look” like? -
Cyber Fraudster

26 Profile of the Cyber-Criminal
Some measure of technical knowledge (ranging from "script kiddies" who use others' malicious code to very talented hackers). Disregard for the law or rationalizations about why particular laws are invalid or should not apply to them. High tolerance for risk or need for "thrill factor.“ "Control freak" nature, enjoyment in manipulating or "outsmarting" others. A motive for committing the crime - monetary gain, strong emotions, political or religious beliefs, impulses, or even just boredom or the desire for "a little fun.“ Often referred to as “white-collar crime”. White collar crime is such a large category that some police agencies have entire investigative divisions devoted exclusively to it. Some white collar criminals are highly organized and meticulous about details, stealing only limited amounts from any one source and may go on for years or decades without being caught. Source:

27 White-Collar Criminal
Range from the pre-adolescent who downloads illegal songs without really realizing it's a crime to the desperate white collar worker in dire financial straits who downloads company secrets to sell to a competitor to pay her family's medical bills. Signs of a possible white collar criminal include: Refusal to take time off from work or let anyone else help with his/her job, lest they uncover what's been going on. Attempts to avoid formal audits. A lifestyle far above what would be expected on the person's salary with no good explanation for the extra income. Large cash transactions. Multiple bank accounts in different banks, especially banks in different cities or counties.

28 Performing Fraud Risk Assessments

29 Fraud Risk Assessment - Introduction
Monitoring Activities Creating a Control Environment Performing Fraud Risk Assessments Designing and Implementing Antifraud Control Activities Sharing Information and Communication What is a fraud risk assessment? A fraud risk assessment considers the ways that fraud and misconduct can occur by and against an entity The fraud risk assessment is an integral part of an antifraud program that is based on the COSO (Committee of Sponsoring Organizations) integrated governance framework The fraud risk assessment is a crucial part of the broader entity-wide risk assessment process

30 Why conduct a Fraud Risk Assessment
Key Approach Traditional risk assessments link risks to the organization’s key objectives. Fraud can be overlooked during this type of review if it is not considered a core company objective. Evaluate fraud risk factors Identify possible fraud schemes & scenarios Prioritize identified fraud risks Evaluate whether mitigating controls exist or are effective Document the risk assessment process & conclusions Conduct periodic reviews and updates A fraud risk assessment expands upon traditional risk assessment. It is scheme and scenario based rather than based on control risk or inherent risk. Assessment teams must be able to identify the potential schemes and scenarios impacting the industries and geographic markets in which the organization conducts business.

31 Fraud Risk Assessment: Who should be involved?
CEO CFO CIO General Counsel Chief Compliance Officer C-Suite Officers Controller Accounting Manager Accounting Supervisors Accounting Business Unit Managers Practitioner Marketing Human Resources Management Internal Audit Board of Directors Audit Committee External Auditors Oversight

32 Fraud Risk Assessment - Overview
FT has compelled you that it is important for your company to have an effective FRA Let’s discuss the 4 step process that Deloitte utilizes when assisting companies with completing an FRA Evaluate Fraud Risk Factors Identify possible schemes and scenarios Prioritize the identified fraud risks Evaluate the mitigating controls Fraud Risk Assessment - Overview Step Approach Output 1 Identify and Evaluate fraud risk factors Identify fraud risk factors Identify account balances and potential errors Schedule of fraud risk factors Enhanced knowledge of fraud risk environment 2 Identify possible fraud schemes and scenarios Identify fraud risks Identify specific fraud schemes Identify potential parties involved Pervasive and specific fraud risks Catalog of fraud schemes Internal and external parties to fraud 3 Prioritize identified fraud schemes Evaluate possible fraud schemes by type, likelihood, significance, and pervasiveness Understand inherent risk associated with entity 4 Evaluate whether mitigating controls exist/are effective Link fraud schemes to mitigating controls Evaluate control effectiveness Evaluate fraud risk factors Understand residual risk associated with entity Communication with management

33 Identify and Evaluate Fraud Risk Factors
Fraud Risk Factors are events or conditions that indicate incentives / pressures to perpetrate fraud, opportunities to carry out the fraud, or attitudes / rationalizations to justify a fraudulent action. Identify fraud risk factors at the entity level, significant location, significant account and business process level. Personnel from various levels of the organization should be involved in the process Management should consider and evaluate the facts and circumstances for their organizations in determining the areas to consider in the fraud risk assessment process. Considerations: Rationalizations Circumstances exist that provide an opportunity for fraud to be perpetrated Incentives & Pressures Employees have an incentive or are under pressure which provides a reason to commit the fraud Opportunity Those involved in the fraud are able to rationalize committing a fraudulent act Internal Past fraud within the organization Compliance with laws and regulations Tone at the top Strength of organization’s IT department Unrealistic performance expectations Unusual internal trends Unusual financial trends Employee morale External Industry fraud, actual and alleged Industry analyst reports Analyst expectations Current market conditions Investor expectations

34 Identify and Evaluate Fraud Risk Factors (Contd.)
Pitfalls Fraud Risk Factors are not considered Existing controls are considered The potential for management override of controls is not considered Interviews are not value-added. Recommendations Use the Fraud Triangle to explain the significance of fraud risk factors and to initiate thinking Do not consider controls EXCEPT when considering the potential for management override Develop interview approach that matches area and culture.

35 Considerations – Fraud Risk Factors
The “if it seems too good to be true…” maxim Continuous increase in sales with static gross profit margins Spot-on effective tax rates Immaculate documentation Exemplary aging of trade receivables — customer remittances applied to receivables on a “FIFO” basis Upfront admission of impropriety Indication of bigger issues not admitted to? Red flag regarding management integrity? Local management integrity Honest vs. dishonest dishonesty If you can’t trust local management today, how can you trust them tomorrow Significant turnover in accounting/finance department, especially CFO/controller For mergers and acquisitions, has a thorough risk-based due diligence performed in line with FCPA and anti-corruption guidelines? Frequent change of auditors or “offshore” auditor Indication of “opinion shopping” and/or high risk audit client Offshore auditor might not have full appreciation of local business practices

36 Identify Possible Fraud Schemes, Scenarios and Parties
Brainstorm specific fraud schemes that could result from the specific risks identified, without consideration of existing controls. Identify parties who could be involved: A scheme is the mechanism, scenario, or sequence of actions by which: The financial statements may be improperly manipulated or misstated Assets may be misappropriated Improper or unauthorized expenditures may be made Self-dealings may occur Laws and regulations may be violated One or more related fraud schemes may exist for each fraud risk. Consider: Past fraud within the organization, actual and alleged The industry in which the organization operates The geographies in which the organization operates Internal C-suite Business process owners Employees External Agents Independent contractors Competitors Customers Licensees Vendors Pitfalls The schemes are too general, not allowing for sufficient consideration of risks and preventing appropriate level of mapping to controls The schemes do not consider the potential for management override of controls The schemes do not consider the potential for collusion Recommendations Detail the schemes by considering: Why? Who? What? (Assets, financial reporting) Where? (locations, accounts) When? How?

37 Example Fraud Schemes Risk indicator Risk/purpose Example
Off-balance sheet bank accounts Bank accounts held in name of employees or family members to collect unreported sales or fund inappropriate payments Use cash from unreported sales (thus avoiding tax) or other sources (see below) to (i) fund payments to induce sales or unreported income (e.g., bonuses) to employees or (ii) fund unreported expenses to overstate gross margins/operating income Significant advances to CFO/employees Inappropriate payments Advances to fund payments to induce sales or unreported income (often offset by inappropriate or fake expense claims) Significant use of distributors, agents, consultants and other 3rd- party intermediaries Manipulation of sales Collusion in sales channel to overstate sales to inflate valuation Payment to intermediary to facilitate bribes, etc. Significant related party transactions Non-arm’s length transactions Preferential cost arrangements (e.g., supply chain, rent, etc.) Divert cash to 3rd-party owner/management via fabricated business arrangement (e.g., consultancy fees) for personal gain Divert cash (e.g., related party loan) to fund paydown of trade receivables generated by fake sales Preferential pricing from “vendor”/sales to “customer” controlled by owner/management to inflate valuation Significant payments for construction-in-progress (CIP), leasehold improvements, etc. (often in form of prepayments) Inflate required expenditures to divert cash to fund inappropriate payments Manipulation of sales (e.g., “bury” trade receivables generated by fake sales) Divert cash to fund off-balance sheet bank accounts Divert cash to 3rd-party owner/management for personal gain Divert cash to fund paydown of trade receivables generated by fake sales Sales today offset by depreciation expense tomorrow Sales of business units, subsidiaries, etc. at net book value or at a loss Divert portion of actual proceeds to “slush fund” to manipulate sales or make inappropriate payments Underreport sales proceeds and divert “excess funds” to off-balance sheet bank account to fund paydown of trade receivables generated by fake sales and/or inappropriate payments

38 Example Fraud Schemes Cont’d.
Risk indicator Risk/purpose Example Loans from/to unrelated businesses Create collective slush fund with other companies to be used when required to manipulate sales or fund inappropriate payments Company A loans money to off-balance sheet bank account of Company B for paydown of Company B trade receivables generated by fake sales; Company B then loans money back to Company A Deterioration in aging of trade receivables Manipulation of sales Lack of outside funds for paydown of trade receivables generated by fake sales Multiple sets of books Mask true operating results Tax avoidance Books with lower profit to avoid tax and books with higher profit to inflate valuation Inadequate/inappropriate documentation Mask manipulation of sales or earnings Mask inappropriate payments Obscure transparency Falsified sales documentation (including bank statements) to support fake sales transactions to inflate valuation Bury operating expenses in construction-in-progress (CIP) to inflate valuation Falsified expenditure documentation to mask nature of payments (inappropriate payments or non-deductible expenses) Weak internal controls Avoid detection of inappropriate transactions/arrangements CFO based in location away from company operations Finance/accounting function not a control point Failure to maintain records to obscure “audit trail” to verify transactions

39 Analyze Fraud Schemes Prioritize Identified Fraud Risks Likelihood
That a fraud scheme will occur and result in a material misstatement, should be assessed without consideration of controls Remote More Than Remote / Reasonably Possible Probable Significance Evaluate whether a fraud scheme could lead to a material misstatement or otherwise negatively impact the entity Inconsequential More Than Inconsequential Material Pervasiveness Evaluate whether each particular fraud scheme is pervasive to: The financial statements as a whole A particular account balance A certain class of transactions or a particular financial statement assertion Prioritize Identified Fraud Risks Pitfalls All fraud risks are considered equally important Recommendations Prioritize the identified fraud risks based on likelihood and significance

40 Identify and Map Mitigating Controls
Evaluate Mitigating Controls Evaluate the control design effectiveness and operating effectiveness to determine if they sufficiently mitigate the risk of the identified fraud schemes Consider possible management override of controls. Such controls include: active oversight from the audit committee whistle-blower programs and a system to investigate anonymous complaints Consider the need for additional control activities or strengthening of existing controls (identify control gaps) Mapping to Mitigating Controls Preventative: to mitigate specific fraud risks Detective: to identify fraud if it occurs. Monitoring activity to assess the effectiveness of antifraud controls Deterrence: to heighten the fear of detection and the consequences of prosecution

41 Fraud Schemes Asset Misappropriation Fraudulent Financial Reporting
Skimming of cash Lapping – Accounts Receivable False expense reimbursements/check requests Vendor fraud Abuse of procurement cards Theft of assets including supplies, equipment and information Payroll fraud Fraudulent Financial Reporting Deliberately misrepresenting services Billing for non-covered services Manipulating asset balances Manipulating sales (e.g. revenues) and costs (e.g. outgoings, depreciation) Delaying the recording of an accrual Other common fraud schemes “Refreshed” receivables Adjustments to estimations Quid-pro-quo arrangements Moving inventory between locations Related parties transactions Unjustified consolidation entries Adding back O/S checks to cash Off-balance sheet liabilities

42 Mitigating Control Examples
Asset misappropriation Fraud Scheme Mitigating Control Examples Skimming of cash Reconciling the online banking system to the cashier’s daily cash report to the amount. Daily reconciliation of the cashiers cash report to the detailed support provided. Segregation of duties between: authorizations (approvals) recording (entering into the system both initial entry and adjustments/ journal entries initial and adjustments) safeguarding (physical access to assets) reconciliations/ reviews. Theft of assets including; prescription drugs, supplies, equipment Restrict physical access to assets to appropriate individuals. Physical inventory count to reconcile asset on hand with recorded inventory. Lapping – Accounts Receivable (AR) Month-end reviews reconciling cash payments, bank balance, and AR to identify variances. False expense reimbursements/check requests Maintain signature book to evaluate authenticity of approvals. Require documentation to substantiate disbursement (receipts, work order, etc.). Set up of fictitious vendor Conduct vendor research (i.e. internet search, white pages, Dun & Bradstreet report, etc.) and address; require tax-id. Abuse of procurement cards Restrict issuance of procurement cards based on roles/responsibilities and business need. Enforce supervisor approval Payroll fraud Independent reconciliation of payroll disbursements to source documents.

43 Planning a Fraud Risk Assessment
Pitfalls Management does not take responsibility for the FRA The FRA is not risk-based The FRA is too broadly based The planned approach is contrary to the organizational culture The organization does not have the necessary skill sets to perform the FRA The FRA process does not include the appropriate people The FRA is not systematic and recurring Recommendations Management should own the FRA and have significant input into the FRA. Educate the Board and External Auditors on the FRA - get their support/buy-in The FRA should be risk-based The FRA should be focused on the higher risk areas The planned approach should fit into the organizational culture – consider a mixed approach, e.g., interviews and group brainstorms Hire in the necessary skill sets (employees/consultants) Consider who should be involved as part of the planning process The FRA should be systematic and recurring

44 Documenting the Fraud Risk Assessment
Documentation may include: Process narrative Minutes of fraud brainstorm sessions Copies of instructions and reference materials provided to participants and other correspondence related to the process Minutes of audit committee meetings during which management’s fraud risk assessment was presented / reviewed / discussed / approved

45 Monitoring the Fraud Risk Assessment
Need to keep fraud risk assessment and documentation current Conduct quarterly updates Imbed on-going fraud risk assessment in SOX 404 efforts Re-visit fraud risk assessment as part of Enterprise Risk Management activities Report changes and updates to Senior Management Team and Board of Director on a quarterly basis Update fraud risk assessment for changes in the business and/or business environment (economy, industry, changes in competitor businesses) Use the fraud risk assessment to refine and focus internal audit testing

46 Evaluate Fraud Risk Assessment Results & Prioritize Residual Risk
Evaluate whether controls sufficiently mitigate the identified fraud risks Management identify and prioritize fraud risks requiring attention in terms of urgency and allocating resources Management actions to address fraud risk in a Fraud Risk Action Plan

47 Remediation Plan Controls should be implemented or enhanced for identified fraud schemes where controls are not already present, inadequately designed or poorly implemented Plan to identify specific personnel responsible for implementing control improvements and an implementation timetable Fraud Risk Action Plan may be actions to improve the antifraud program or address specific fraud scheme control deficiencies The Audit Committee should oversee the entire process

48

Download ppt "The Changing Faces of Fraud and Performing Fraud Risk Assessments"

Similar presentations

Fraud and Internal Control Presented by Andy Harper Pugh & Company, P.C. April 28, 2011.

Fraud and Internal Control Presented by Andy Harper Pugh & Company, P.C. April 28, 2011.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
6 THE AUDIT PROCESS. AUDITRESPONSIBILITIES AND OBJECTIVES AUDITRESPONSIBILITIES Audit Objective Primary objective of the audit is to express an opinion.

6 THE AUDIT PROCESS. AUDITRESPONSIBILITIES AND OBJECTIVES AUDITRESPONSIBILITIES Audit Objective Primary objective of the audit is to express an opinion.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
11 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
Indiana State University Forensic Accounting By Dr. Thomas D. Harris.

Indiana State University Forensic Accounting By Dr. Thomas D. Harris.
Copyright ©2004 Pearson Education, Inc. All rights reserved. Chapter 14 Stock Analysis and Valuation.

Copyright ©2004 Pearson Education, Inc. All rights reserved. Chapter 14 Stock Analysis and Valuation.
1. 2 CVM’s OBJECTIVES u to stimulate the creation of savings and their investment in securities; u to promote the expansion and regular and efficient.

1. 2 CVM’s OBJECTIVES u to stimulate the creation of savings and their investment in securities; u to promote the expansion and regular and efficient.
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Auditing the Payroll Cycle. Transactions Personnel services or payroll cycle involves the activities that pertain to executive and employee compensation.

Auditing the Payroll Cycle. Transactions Personnel services or payroll cycle involves the activities that pertain to executive and employee compensation.
Chapter 15 Conflicts of Interest in the Financial Industry.

Chapter 15 Conflicts of Interest in the Financial Industry.
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.

D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.

Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
IT Auditing & Assurance, 2e, Hall & Singleton C hapter 12: Fraud Schemes & Fraud Detection.

IT Auditing & Assurance, 2e, Hall & Singleton C hapter 12: Fraud Schemes & Fraud Detection.

Similar presentations

Ads by Google