7 keys to fraud prevention, detection and reporting
Post on 14-Sep-2014
948 views
DESCRIPTION
On December 5, 2013, Ron Steinkamp, principal, government advisory services at Brown Smith Wallace, presented at the 2013 MIS Training Institute Governance, Risk & Compliance Conference. Ron focused on the following keys to fraud prevention, detection and reporting: 1. Anti-fraud culture 2. Fraud policy 3. Fraud awareness/training 4. Hotline 5. Assess fraud risks 6. Review/investigation 7. Improved controlsTRANSCRIPT
7 Keys to Fraud Prevention,
Detection, and Reporting
General Session
December 5, 2013
Ron Steinkamp | CPA,CIA,CFE,CRMA,CGMA
Principal
Brown Smith Wallace LLC
MIS Training Institute Session # - Slide 2 © Brown Smith Wallace
What is Occupational Fraud
2012 ACFE Global Fraud Study
Red Flags
7 Keys
Questions and Open Discussion
Key Points
MIS Training Institute Session # - Slide 3 © Brown Smith Wallace
The use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets.
Three General Categories:
Asset Misappropriation
Corruption
Financial Statement Fraud
What is Occupational Fraud
MIS Training Institute Session # - Slide 4 © Brown Smith Wallace
Asset Misappropriation
Employee steals or misuses an organization’s assets and/or resources
EXAMPLES:
Skimming cash receipts
Falsifying voids and refunds
Tampering with company checks
Overstating expenses
Creating a ghost employee
Creating a fictitious vendor and false invoices
MIS Training Institute Session # - Slide 5 © Brown Smith Wallace
Employee’s use of his/her influence in business transactions in a way that violates his/her duty to the employer for the purpose of obtaining benefit for him/herself or someone else.
EXAMPLES:
Conflicts of interest
Illegal gratuities
Bribery
Corruption
MIS Training Institute Session # - Slide 6 © Brown Smith Wallace
Intentional misstatement or omission of material information in the organization’s financial reports with the intent to mislead.
EXAMPLES:
Inflating revenues on the financials to show greater profit
Concealing liabilities
Forcing actual expenditures to match budget by moving expenses between accounts.
Improperly accounting for revenues and expenditures
Financial Statement Fraud
MIS Training Institute Session # - Slide 7 © Brown Smith Wallace
Report to the Nations on Occupational Fraud and Abuse
2012 ACFE Global Fraud Study
MIS Training Institute Session # - Slide 8 © Brown Smith Wallace
World’s largest anti-fraud organization and premier provider
of anti-fraud training and education.
Over 50,000 members in more than 140 countries.
Provides educational tools and practical solutions for anti-
fraud professionals.
Offers its members the opportunity for professional
certification – the CFE credential is preferred by businesses
and government entities around the world and indicates
expertise in fraud prevention and detection.
About the ACFE
MIS Training Institute Session # - Slide 9 © Brown Smith Wallace
Based on results of an online survey distributed to 34,275 CFEs in October 2011.
1,388 usable survey responses were received.
Respondents were asked to provide a detailed narrative of the single largest fraud case they investigated that met four explicit criteria:
Case involved occupational fraud
Investigation occurred between January 2010 and the time of the survey.
The investigation was completed.
CFE was reasonably sure the perpetrator(s) was/were identified.
Respondents were also presented with 85 questions to answer.
Professionals who took part in the survey had a median of 11 years of experience in fraud examination
Study Methodology
MIS Training Institute Session # - Slide 10 © Brown Smith Wallace
1. Typical organization loses 5% of annual revenue to fraud – applied to 2011
Gross World Product translates to potential fraud loss of more than $3.5 trillion
annually.
2. Median loss in the study was $140,000 with more than 20% of the cases
involving losses over $1 million.
3. Fraud lasted a median of 18 months.
4. Asset misappropriation schemes (fraudulent disbursements, theft of cash
receipts, other asset misappropriations) were the most common form of fraud,
representing 87% of the cases and least costly at a median loss of $120,000.
5. Financial statement fraud schemes were the least common form of fraud,
representing 8% of the cases and most costly at a median loss at $1 million.
Summary of Findings
MIS Training Institute Session # - Slide 11 © Brown Smith Wallace
6. Corruption schemes fell in the middle, comprising just over 33% of cases and
causing a median loss of $250,000.
7. Occupational frauds are most likely to be detected by tips (43%) followed by
management review (15%) and Internal Audit (14%).
8. Small organizations are disproportionately victimized by occupational fraud.
9. Banking/financial services, manufacturing and government/public
administration were the most commonly victimized industries.
10. Anti-fraud controls appear to help reduce the cost and duration of occupational
fraud schemes.
11. High-level perpetrators cause the greatest damage to their organizations.
Summary of Findings
MIS Training Institute Session # - Slide 12 © Brown Smith Wallace
12. 80% of frauds were committed by individuals in one of six departments:
• Accounting
• Operations
• Sales
• Executive/upper management
• Customer service
• Purchasing
13. More than 85% of fraudsters had never been previously charged or convicted for a fraud-
related offense.
14. Fraud perpetrators often display warning signs – most common behavioral red flag reported in
the survey were perpetrators living beyond their means (36%) and experiencing financial
difficulty (27%).
15. Nearly half of victim organizations do not recover any losses that they suffer due to fraud.
Summary of Findings
MIS Training Institute Session # - Slide 13 © Brown Smith Wallace
How are Frauds Detected
MIS Training Institute Session # - Slide 14 © Brown Smith Wallace
Source of Tips
MIS Training Institute Session # - Slide 15 © Brown Smith Wallace
Conclusions and Recommendations
Occupational fraud is a global problem – trends in fraud schemes, perpetrator characteristics and anti-fraud controls are similar regardless of where the fraud occurred.
Fraud reporting is a critical component of an effective fraud prevention and detection system.
Organizations over-rely on audits.
Employee education is the foundation of preventing and detecting occupational fraud. Most frauds are detected by tips and anti-fraud training for employees and managers results in lower fraud losses.
Surprise audits are an effective, yet underutilized, tool in the fight against fraud. Useful in detecting fraud, but most important benefit is in preventing fraud by creating a perception of detection.
Small business are particularly vulnerable to fraud due to far fewer controls in place. Need to focus on hotlines and setting an ethical tone.
Internal controls alone are insufficient to fully prevent occupational fraud.
MIS Training Institute Session # - Slide 16 © Brown Smith Wallace
Conclusions and Recommendations
Fraudsters exhibit behavioral warning signs of their misdeeds. For example:
Living beyond their means.
Financial difficulties.
Exhibiting control issues – unwillingness to share duties.
Unusually close relationship with vendor/customer.
Wheeler dealer attitude.
Family problems.
Irritability, suspiciousness or defensiveness.
Addiction problems.
Refusal to take vacation.
Etc.
Auditors and employees should be trained to recognize the common behavioral signs that a fraud is occurring.
Effective fraud prevention measures are critical
MIS Training Institute Session # - Slide 17 © Brown Smith Wallace
Red Flags – The Fraud Triangle
MIS Training Institute Session # - Slide 18 © Brown Smith Wallace
Pressure “Red Flags”
High personal debts.
Living beyond their means.
Excessive investment speculation.
Excessive gambling.
Substance abuse.
Extra-marital affairs.
Job frustration.
Resentment of superiors.
MIS Training Institute Session # - Slide 19 © Brown Smith Wallace
Opportunity “Red Flags”
Inadequate internal controls.
Too “cozy” with suppliers.
Annual vacation or sick days not taken.
Weak management or excessive turnover.
Ineffective or no internal audit.
No rotation of job duties among employees.
Procedures not well understood/always in crisis mode.
Large amounts of cash on hand or processed.
MIS Training Institute Session # - Slide 20 © Brown Smith Wallace
Rationalization “Red Flags”
Not compensated fairly.
No recent raises/cost of living adjustments.
Everyone else does it.
Intended to pay it back.
Needed the money.
Felt cheated and wanted revenge.
Bribe/kickback to tempting.
MIS Training Institute Session # - Slide 21 © Brown Smith Wallace
7 Keys to Fraud Prevention
MIS Training Institute Session # - Slide 22 © Brown Smith Wallace
Anti-Fraud Culture
Set the tone at the top = Lead by Example
Responsibility of Directors and Officers
Behave ethically and openly communicate expectations to employees
Treat all employees equally
Zero tolerance
Create a positive workplace environment
Focus on employee morale
Empower employees
Communicate
Hire and promote appropriate employees
Conduct background investigations before hiring or promoting
Check candidate’s education, employment history, references
Continuous and objective evaluation of compliance with entity values
Violations addressed immediately
MIS Training Institute Session # - Slide 23 © Brown Smith Wallace
Anti-Fraud Culture
Code of Conduct
Formalized and founded on integrity
Defines acceptable employee behavior
Communicated to all employees
All employees are held accountable for compliance
Discipline
Sends a strong message throughout the entity
Should be appropriate and consistent
Consequences of committing fraud clearly communicated throughout the entity
MIS Training Institute Session # - Slide 24 © Brown Smith Wallace
Anti-Fraud Culture
Oversight Process
Audit Committee or Board of Directors
Evaluate management’s “tone at the top”
Identification of fraud risks and implementation of anti-fraud controls
Ensure that management implements anti-fraud measures
Consider the potential for management override of controls
Management
Directs, implements and monitors anti-fraud controls
Sets the ethical tone
Trains employees
Internal Auditor
Identifies fraud indicators
Assesses fraud risks
Evaluates anti-fraud controls
Recommends actions to mitigate risks
Investigates potential frauds
MIS Training Institute Session # - Slide 25 © Brown Smith Wallace
Fraud Policy
Demonstrate commitment to combating fraud
Apply to all Directors, Management, employees, consultants, vendors, contractors, etc.
Should include:
Statement of organization’s position on fraud
Scope of the policy – who does it apply to
Management’s responsibility for prevention and detection of fraud
Definition of fraud
Actions constituting fraud
Fraud reporting process/procedures
Fraud investigation process/procedures
Unit responsible for administration of the policy and investigating fraud allegations
Statement on anonymity/confidentiality
Consequences
MIS Training Institute Session # - Slide 26 © Brown Smith Wallace
Fraud Policy
Reviewed and updated regularly
Signed off and agreed to by the CEO & Board Chair
See the ACFE for an example Fraud Policy
www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Sample_Fraud_Policy.pdf
MIS Training Institute Session # - Slide 27 © Brown Smith Wallace
Fraud Awareness/Training
All new employees should be trained at time of hiring on the Code of Conduct and Fraud Policy.
Training should include:
Their duty to communicate certain matters
A list of the types of matters to be communicated along with examples
How to communicate those matters
Affirmation from senior management regarding employee expectations and communication responsibilities
Refresher training periodically
MIS Training Institute Session # - Slide 28 © Brown Smith Wallace
Hotline
Enable employees, vendors, customers and others to
communicate concerns about known or suspected
wrongdoing.
Telephone, email, internet.
Anonymous.
Adequately publicized.
Internal or External.
Complaint monitoring and investigation/resolution.
MIS Training Institute Session # - Slide 29 © Brown Smith Wallace
Assess Fraud Risks
Conduct an annual fraud risk assessment.
Assists management in systematically identifying where and how fraud may occur and who may be in a position to commit fraud
Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.
General steps:
Identify areas and processes to assess
Identify potential fraud schemes in each area/process
Assess likelihood and significant of each scheme
Map existing anti-fraud controls to potential fraud schemes
Test operating effectiveness of antifraud controls
Identify any control gaps and/or deficiencies = Residual risks
Document and report on the fraud risk assessment
MIS Training Institute Session # - Slide 30 © Brown Smith Wallace
Assess Fraud Risks
Mitigate Fraud Risks
Make changes to activities and/or processes = transfer or eliminate the risks
Improve anti-fraud controls
Monitor Fraud Risks
Develop data analytics for management to use to monitor fraud risks
Utilize Internal Audit to conduct audits of risk areas.
MIS Training Institute Session # - Slide 31 © Brown Smith Wallace
Fraud Review/Investigation
All concerns/suspicions of wrongdoing should be reviewed and determination made whether a fraud investigation is warranted.
Develop a policy for fraud reviews and investigations that specifies:
Who is responsible for the review/investigation
Roles of Legal Counsel, Human Resources, Internal Audit, others
Process for conducting the review/investigation
Documentation requirements
Reporting requirements
When to involve law enforcement
MIS Training Institute Session # - Slide 32 © Brown Smith Wallace
Fraud Review/Investigation
Gather sufficient information and perform procedures necessary to determine:
Whether fraud has occurred
Loss or exposure associated with the fraud
Who was involved and how it happened
Must prepare, document and preserve evidence sufficient for potential legal proceedings.
Include experts = Certified Fraud Examiner (CFE)
MIS Training Institute Session # - Slide 33 © Brown Smith Wallace
Improved Controls
Use lessons learned from any fraud reviews or investigations to improve anti-fraud controls.
All fraud review and investigations should include a report to management with recommendations for control improvement.
MIS Training Institute Session # - Slide 34 © Brown Smith Wallace
Questions