1. The Certified Fraud Examiners Fraud Prevention Checkup - An Introduction Toby J.F. Bishop CFE CPA FCA President & Chief Executive Officer Association of Certified Fraud Examiners

2. Current Fraud Concerns

Fraudulent financial reporting

Legal risks for executives

• Civil liability

• Criminal (jail time)

Financial losses for investors

Reputation damage to companies/brands

Crisis of confidence

3. An Appropriate Response

Fraud prevention is 80% of the solution

Objective evaluation of an entitys fraud prevention processes

Prompt action to fix gaps/breakdowns

Annual testing

Ongoing fraud education and training

4. The Certified Fraud Examiners Fraud Prevention Checkup

A high-level checkup of an entitys fraud prevention processes

Form available free atwww.CFEnet.com

Identifies major gaps

Provides an overall score

5. Benefits to Entities That Use This Tool

It provides insights that senior management, the board of directors and audit committee will value highly

It could save the entity from catastrophic financial and reputational losses

It could help build confidence in the entity internally and by the public

Its simple and inexpensive

6. Benefits for CFEs Who Apply This Tool

It provides insights that senior management, boards of directors and audit committees will value highly

It can be performed very inexpensively

It can help you win new clients and deepen existing relationships

It is being promoted in the media by the ACFE

7. But CFEs Should Manage Their Liability Risks

Risk of false perception of assurance

Be careful not to guarantee no fraud

Anti-fraud controls in existence vs. operating effectively

Ongoing frauds may be uncovered

Legal risks to entity evaluated if control gaps are identified but not fixed

8. Who Should Perform the Checkup?

Ideally a collaboration between a Certified Fraud Examiner and knowledgeable people inside the entity (e.g., internal auditors)

Helpful to interview senior management

But also talk to other levels of employees to get a reality check

9. The Certified Fraud Examiners Fraud Prevention Checkup

The seven elements:

• Fraud risk oversight (20 pts)

• Fraud risk ownership (10 pts)

• Fraud risk assessment (10 pts)

• Fraud risk tolerance and risk management policy (10 pts)

• Process level controls/anti-fraud re-engineering (10 pts)

• Environment level controls (30 pts)

• Proactive fraud detection (10 pts)

10. Fraud Risk Oversight

To what extenthas the entity established aprocessfor oversight of fraud risks by theboard of directors orothers charged with governance (e.g., anaudit committee )?

11. Scoring Risk Oversight

Score: Award from 0 (process not in place) to 20 points (process fully implemented, tested within the past year and working effectively).

Note: For all questions, awardno more than half the available pointsif the process has not been tested within the past year.

12. Fraud Risk Ownership

To what extent has the entity created ownership of fraud risks?

Chief Executive currently owns the risk, but needs to make others responsible too

A member of senior management,and

All business unit managers

13. Fraud Risk Assessment

To what extent has the entity created anongoing processfor identifying thesignificantfraud risks to whichthe entityis exposed?

• Potentially catastrophic risks

• Costly risks

• Tailored to the particular entity

• Can be part of enterprise risk management

14. Fraud Risk Tolerance and Risk Management Policy

To what extent has the entity identified and had approved by the board of directors:

• Itstolerancefor different types of fraud risks?

• Apolicyonhowit willmanageits fraud risks?

Align risk toleranceof management with that of board of directors & audit committee

Business decisions to reduce fraud risks

15. Process Level Controls/ Anti-Fraud Re-engineering

To what extent has the entity implemented measures to reduce each of the significant fraud risks identified in its risk assessment, through:

• Anti-fraud process re-engineering (removing the opportunity)?

• Process level controls to prevent, deter and detect fraud

16. Environment LevelAnti-Fraud Controls

To what extent has the entity implemented a process to promote ethical decisions, deter wrongdoing and facilitate two-way communication on difficult issues?

Most difficult area to evaluate

Difference between existence and operating effectiveness of controls can be crucial

Employee surveys are highly desirable

17. Key Elements of Environment Level Controls

Senior member of management responsible

Values-based code of conduct

Regular training (including fraud)

Advice and reporting systems

Investigation plans

Monitoring of compliance

18. Key Elements of Environment Level Controls

Regular measurement of achievement of ethics/compliance and fraud prevention goals

• Employee attitude surveys, fraud measures

Incorporate ethics/compliance and fraud prevention goals into performance measures for evaluating/compensating employees

19. Proactive Fraud Detection

To what extent has the entity established a process to detect, investigate and resolve potentially significant fraud?

• Proactive fraud detection testing

• Targeted at significant fraud risks identified in the fraud risk assessment

• Embedded fraud detection/audit hooks

• Automated e-mail monitoring (where legal)

20. Interpreting the Entitys Overall Score

Desirable score is 100 points

Most entities will fall short initially

Not currently considered a material weakness in internal controls that is a reportable condition

But significant gaps should be closed promptly to avoid disaster

21. Recommended Next Steps

Study the ACFE Fraud Prevention Checkup

Promote it to your current and target clients

Perform checkups and identify major gaps in clients fraud prevention processes

Providing anti-fraud consulting services to help clients fix those gaps

22. Thank You

Any questions?

ACFE Fraud Prevention Checkup pdf file available atwww.CFEnet.com .PowerPoint presentation available to members shortly.

+1 (512) 478-9070