1. Fraud Awareness Training SeriesFraud Risk Assessment Tahir Abbas CIA,CFE,CISA, 03 June 2012

2. Agenda Fraud Awareness, Research, Patterns andStatistics Common Fraud Schemes Financial Statement Fraud Schemes Assets Misappropriation Fraud Prevention and Detection: Tools andTechniques Key Elements of Antifraud Programs andControls 3. What is Fraud?A silent crimeAny intentional and deliberate act to deprive another ofproperty/ money by guile, deception or any unfair mean(s)Fraud at its core involves taking something from someoneelse through deception or concealment 4. Types of Fraud Occupational Fraud White collar Crime Organizational Crime 5. Occupational fraudThe use of ones occupation for personal enrichment throughdeliberate misuse or misapplication of employing organizationand resources/assets Financial Statement Assets Misappropriation Corruption 6. White collar CrimeNonviolent crime , financial gain, by mean of deception, byprofessionals Misrepresentation Conflict of interest of facts (Existing) Forgery Concealment ofEmbezzlement fact- MaterialTheft Bribery Breach of fiduciary duty Extortion 7. Organizational CrimeOrganizational crime is that committed by businessparticularly corporations and governments. When? Type? Measures Corporate criminal behavior Cost of corporate crimes Opportunities for unlawful behavior 8. Occupational Fraud and Abuse ClassificationSystemAssetsMisappropriationFictitious revenueChannel StuffingCorruption Improper assetsFinancial valuationFinancial Statement Concealed liability and expensesNon Financial Improper disclosers 9. Occupational Fraud and AbuseClassification System ExtortionAssets Misappropriation Purchasing SchemesConflict of InterestSaleSchemes CorruptionInvoice KickbackBriberyFinancial StatementIllegalBid Rigginggratuities 10. Occupational Fraud and AbuseClassification SystemBilling schemesCorruption Inventory and otherPayroll schemes Expenses schemesFinancial StatementFraudulent disbursement Cheque TemperingAssetsRegisterMisappropriationTheft of disbursementcash in handSaleCashTheft of cash ReceivablereceiptSkimming Refund Larceny 11. The Cost of Occupational Fraud Distribution of Losses 12. How Occupational Fraud Is Committed Occupational Frauds by Category Frequency3 13. How Occupational Fraud Is Committed Occupational Frauds by Category Median Loss 14. How Occupational Fraud Is CommittedMedian Duration of Fraud Based on Scheme Type 15. Victim Organizations 16. Victim organization 17. Victim organizationFrequency of Anti-Fraud Controls14 18. Victim organizationPrimary Internal Control Weakness 19. PerpetratorsNumber of perpetrators v/s Medium Loss 20. Perpetrators Gender V/s Loss 21. Perpetrators Perpetrators Tenure Perpetrators Education Level Perpetrators Department Schemes Based on Perpetrators Department Perpetrators Criminal and Employment History Behavioral Red Flags Displayed by Perpetrators 22. Financial Statement Fraud Playing the accounting system Beating the accounting system Going outside the accounting system 23. Financial Statement Fraud SchemesOver v/s under statement? Fictitious revenue Channel Stuffing Improper assets valuation Concealed liability and expenses Improper disclosers 24. Fictitious /Fabricated Revenue Assets- RevenueBogus or defective productsFictitious invoiceFake customerSale with conditionsPremature RevenueTiming difference Prepay schemes :: Loans hidden in sales 25. Channel Stuffing Weakness Fear Short-term thinking Pressures 26. Improper Assets ValuationClassificationInventoryFixed AssetsBooking fictitious assetsDepreciationAccount Receivable 27. Concealed Liability and Expenses Liability / expense omission Capitalization 28. Improper Disclosers Related parties Subsequent events Accounting change Contingent liabilities 29. Detection of Fraud SchemesInitial Detection of Occupational Frauds 30. Detect/Prevent Fraudulent Financial Statement Schemes Financial Statement Analysis Interviews Internal Auditors Management Reduce the Situational Pressures Reduce the Opportunity to Commit Fraud Reduce the Rationalization of FraudStrengthen Employee Personal Integrity 31. Red Flags - Financial Statement Schemes Growth Profitability Cash flows Related parties Complex transactions Receivables/ bad debts Domination Ineffective board Ethical standards Formal or informal restrictions on auditor 32. Billing schemes Inventory and Payroll otherschemes Forged makerFraudulentExpenses disbursement schemesForgedMisappropriationCheque endorsement TemperingAssets Altered payee RegisterdisbursementAuthorizedmakerTheft of cash in hand SaleTheft of cash Cash Skimming Receivablereceipt LarcenyRefund 33. Detection/Prevention of SkimmingSchemes Analytical procedures Journal entry review Segregation of duties Access control procedures Independent reconciliations Cash refunds approval Data analytical 34. Register Disbursement Schemes Fictitious Refunds Overstated Refunds False Voids Red Flag, Detection and Prevention 35. Cheque Tampering Schemes Forged Maker Schemes (Flow chart) Forging the Signature Free-Hand Forgery Photocopied Forgeries Forged Endorsement Schemes Theft of Returned Cheques Altered Payee Schemes Authorised Maker Schemes 36. Billing Schemes Invoicing Via Shell Companies Submitting False Invoices Self-Approval of Fraudulent Invoices Rubber Stamp Supervisors Pass-Through Schemes Pay-and-Return Schemes Personal Purchases 37. Payroll Fraud Schemes 38. Expense Reimbursement Schemes Mischaracterized Expense Reimbursements Altered Receipts Over purchasing (Air travel) Fictitious Expense Reimbursements Duplicate Reimbursements Detect: Review and Analysis of Expense Accounts Prevent: Detailed expense reports /Approvals 39. Theft of Inventory and Other AssetsLarceny Schemes The False SaleDetection Statistical SamplingPrevention Receiving reports Proper Documentation Perpetual inventory records Segregation of Duties Raw materials requisitions Independent Checks Shipping documents Job cost sheets Shipping Documents Physical Inventory Counts 40. Indicator- Overall A trend of declining revenues Trend of declining gross, operating, net, and/or freecash flow margins Off-Balance Sheet Items Creative or Strange Accounts (deferred subscriberacquisition costs) Frequent changes of legal counsel, auditors orexternal board members Continuous problems with regulatory agencies Compensation is derived from bonuses based 41. Behavioral Red FlagsWorkplace deviant behavior No vacation Financial difficulties Overtime/ Late sitting Serious addiction to Un-explained variancedrugs, alcohol, or Reluctant to delegategambling An unwillingness to One employee do it all share duties Documents photocopies A close personal Most trusted in town relationship with vendors Rule breakersor customers Family problems Living beyond means Excessive pressure Complaints about low pay within the company 42. What Causes People to Commit Fraud? 43. Top Rationalizations for Committing Fraud I need it more than the other person. Im borrowing and will pay it back later. Everybody does it. Nobody will get hurt. I deserve it. Its for the greater good. Im not paid enough. Its just part of the job. Im not gaining personally. 44. Culture as a Predictor of Fraud Culture Is the Foundation of SystemsTone at top Management attitude Integrity Ethical values/policy Reward system Structure- authority/responsibility Decision making Hiring and promotion/HR policies Commitment to competence 45. The only certainty is uncertaintyEvent:Occurrence of a particular set of circumstances.Frequency:A measure of the number of occurrences per unit of time.Hazard:A source of potential harm or a situation with a potential tocause loss.Consequence:Outcome or impact of an event.Likelihood:A general description of probability or frequency. 46. Fraud Risk Assessment Foundations of an effective fraud risk management Identify inherent fraud risk Assess the likelihood and significance of inherentfraud risk Developing a response to reasonably likely andsignificant inherent and residual fraud risk 47. Fraud Risk Assessment Identify inherent fraud risk Where could things go wrong Industry, geo-political risks Company risks Incentive plans Growth rate Consolidation Risk of management override Assess the likelihood and significance of inherent fraudrisk Likelihood remote, possible, probably Significance not just dollars; reputation, management time 48. Risk/Control Sample Matrix 49. Procurement Fraud Risk AssessmentCorruptionContextDocumentFraud Risk- List downLikelihoodImpactControl 50. Key Principle for Fraud Risk Management As part of an organizations governance structure, a fraud riskmanagement program should be in place, including a written policy (orpolicies) to convey the expectations of the board of directors and seniormanagement regarding managing fraud risk Fraud risk exposure should be assessed periodically by the organizationto identify specific potential schemes and events that the organizationneeds to mitigate. Prevention techniques to avoid potential key fraud risk events should beestablished, where feasible, to mitigate possible impacts on theorganization. Detection techniques should be established to uncover fraud events whenpreventive measures fail or unmitigated risks are realized a reportingprocess should be in place to solicit input on potential fraud, and acoordinated 51. Preventing Fraud A SummaryCreate a culture of Honesty, Eliminate OpportunitiesOpenness, and AssistanceImplement Have good Employeeinternal controlsAssistance Discourage Programs CollusionHave a Code of EthicsProvide tiphotlines PublicizeCreate a PositiveCreate ancompany policies Workexpectation ofEnvironment punishment Proactively audit Hire honest people and for fraudprovide fraud awareness trainingMonitoremployees 52. ControlsExistence of a control even ifnon operational can be adeterrent and act as a realcontrol 53. Deterrence and PreventionDeterrence modifies the persons behavior throughperception of being caught and being punishedwhile Prevention focuses on removing the root cause of theproblem, hence prevention and correction logically gotogether. 54. Prevention Analytical reviews Mandatory vacation Job rotation Surprise audit Oversight Employee education Open door polices 55. PreventionDishonest employees may not commit a fraud if they knowthe organization has an oversight and confirmationprocess. After giving the code of ethics to all employees (inboth hard and soft copy if possible), require that they sign astatement that says they have read and understood thecodes requirements and will comply with them. The fraudprevention plan should include an accountability matrix thatlists the anti-fraud functions and which staff have primary,secondary or a shared responsibility. This then eliminatesthe excuse of ignorance. 56. The Death Penalty For CorporationsIf we are going to consider the corporation to be a person and afford it the same kinds of rights and freedoms that are extended to the individual, perhaps it is time to revise the methods by which we hold the corporate "person" accountable. We should impose the same kind of punishments that we have established for individuals. If a corporation is convicted in the courts for a violation of law, we should curtail its freedom to conduct business for a period of time. In the event of repeat offenses, the penalties should be increased. In those instances where a corporation severely violates the public trust, it should cease to exist. The corporate charter should be revoked, the assets seized and the corporation dissolved. 57. Fraud Prevention ChecklistIs ongoing anti-fraud training provided to allemployees of the organization? Understand what constitutes fraud? Have the costs of fraud to the company and everyone in it including lost profits, adverse publicity, job loss and decreased morale and productivity been made clear to employees? Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely? Has a policy of zero-tolerance for fraud been communicated to employees through words and actions? 58. Fraud Prevention ChecklistIs an effective fraud reporting mechanism in place? Have employees been taught how to communicateconcerns about known or potential wrongdoing? Is there an anonymous reporting channel available toemployees, such as a third-party hotline? Do employees trust that they can report suspicious activityanonymously and/or confidentially and without fear ofreprisal? Has it been made clear to employees that reports ofsuspicious activity will be promptly and thoroughlyevaluated? 59. Fraud Prevention ChecklistAre strong anti-fraud controls in place andoperating effectively, including the following? Proper separation of duties Use of authorizations Physical safeguards Job rotations Mandatory vacations 60. Detection Process controls Anonymous Reporting/hotline Internal Audit Benchmark Measurements Computer Checks for Anomalies Interviews 61. Linguistic Text Analysis Lack of self-reference Euphemisms Verb tense Alluding to actions Answering Q with Q Lack of Detail Equivocation Narrative balance Oaths Mean Length