financial fraud - catalysts and controls 26 march 2013 … · source: fraud triangle attributed to...

BUSINESS WITH CONFIDENCE icaew.com

Financial Fraud - catalysts and controls

26 March 2013 The webinar will begin shortly…


David Luijerink

Partner

KPMG Forensics

Steve Caine

Executive Director

Fraud Investigations & Disputes Services

Ernst & Young

Introduction


Ask a question

• Participate in today’s webinar

– send us a question


Financial Management Faculty

• Representing 7,634 members

• All the information you need in one place from £85pa

• Interactive Website

• Monthly magazine and quarterly reports providing CPD

• Electronic newsletter

• Events and networking opportunities

• Woman in Finance Network

• Thought Leadership

• Career Progression

Icaew.com/fmfac


Financial Fraud - causes and catalysts


Financial Fraud - catalysts and controls


Steve Caine: Key controls to reduce fraud risk

Steve Caine

Executive Director


Ernst & Young


Reference sources: overall control environment

• Principles based and not fraud specific

– COSO Framework (1992) and COSO ERM (2004)

– COCO Framework (1995)

– Turnbull Guidance (1999)

• Rules/compliance based and financial reporting

focussed

– SOX section 404


Overview of a generic fraud risk management system

Risk

assessment

Develop policies,

procedures and

controls:

prevention and

detection

Effective

implementation to

embed policies,

procedures and

controls

Monitor,

review

and

improve

Gap analysis

Top level commitment to foster ethical culture and risk appetite

Proportionality to risks assessed, scale and nature of the business


Importance of top level commitment

Pressure /incentive

Opportunity

Capability

Policies,

procedures

and controls

People, culture

and behaviours

e.g. Sales and profit targets

e.g. “I need to

meet these sales

and profit targets

because that all

that matters here”

Rationalisation

Source: Fraud Triangle attributed to Dr Donald R Cressey in Joseph T Wells’ Principles of Fraud Examination; introduced into professional literature in

AICPA Statement 99. Fraud Diamond developed by David T Wolfe and Dana R Hermanson.


Quantified risk assessment model

Risk

score

Impact

2 4 6 8

Pro

ba

bilit

y

4 8 16 24 32

3 6 12 18 24

2 4 8 12 16

1 2 4 6 8

Probability score Likelihood Frequency

4 Very high Probable Commonplace

3 High Very possible Frequent event

2 Medium Possible Regular event

1 Low Remote Isolated

Impact score Low Medium High Very high

2 4 6 8

Governance Breach of policy £1m fine

Operational 1 day factory closure

Stakeholders Loss <£0.5 m sales

Employees

IT Any network closure

Finance Budget variance Loss < £0.5m funds Loss >£0.5 m funds Loss >£5m funds

Reputation Any adverse Press Employees named Directors named


Risk mitigation

Diversion of OTV payments to private bank

accounts with loss > £5m – no mitigation

Control 1: monthly retrospective review by

CFO of all OTV payments > £100k

Control 2: independent approval of all OTV

payments > £100k

Control 3: independent actioning of all OTV

payments > £100k

Probability Impact Risk score

3 8 24


4 8 32


2 8 16


1 8 8


Features of good risk assessment

• Realistic

– Accepts fraud risk as the business reality

– Involves those who know what actually happens in the

business

• Rigorous

– Moves beyond platitudes about fraud risk and Identifies the

specific fraud schemes to which the business is exposed

– Requires mitigating policies, procedures and controls to

specifically respond to the identified fraud schemes

• Comprehensive

– Sufficient investment of senior time is made in the risk

assessment process

– External facilitation and challenge is used


Common failings of fraud risk policies,

procedures and controls

• Relying on generic controls or controls as they currently exist

(tick box approach)

– The design usually needs to be fettled to deal with the

fraud schemes identified in the risk assessment

• Assuming they operate in a particular way

– Failing to monitor what the control owner actually does

• Underestimating the scope for the policy, procedure or control

to be rendered ineffective through:

– Collusion

– Management override

– The influence of personal fiefdoms


Policies, procedures and controls need to be

relevant to the risks assessed ...but:

Segregation of duties

Delegation of authority

and authorisation

Access controls: assets, financial

& IT records, information

Rotate control ownership

Mandatory two week holidays

Whistleblowing

Surprise fraud audit

Recruitment vetting

Data analytics

Generic/traditional controls Specific (less familiar) controls

Prevent controls Detect controls


Key controls: whistleblowing

Source: ACFE 2012 Global Fraud Study


The future: forensically based data analytics

• Audit

– Sampling based, but

there is no representative

sample for fraud

– Materiality/reasonable

assurance, but crime is

revealed in the details

– Usually after the event

– Focussed on formal

financial controls not

behaviours

• Data analytics

– Can examine the entire

population against pre-

defined fraud risk criteria:

identifies all trends,

patterns and anomalies

– Real time and/or

retrospective

– Can reflect indicators of

specific fraud schemes

and behaviours


Any questions?


Ask a question

Participate in today’s webinar –

send us a question

Click here to

see questions


Questions and answers

Steve Caine

Executive Director


Ernst & Young


Future webinars

Webinars

• 20 June – Cost management

• 26 June – Business performance management

• 3 October – Fresh look at budgeting

• January 2014 – Internal reporting

• March 2014 – Financial Strategy


THANK YOU FOR ATTENDING

Contact the Financial Management Faculty .

+44 (0)20 7920 8508

[email protected]

icaew.com/fmfac

Please take the time to fill out our

short survey

A world leader of the

accountancy and finance profession


financial fraud - catalysts and controls 26 march 2013 … · source: fraud triangle attributed to...

Documents