fraud indicators auditors

8/10/2019 Fraud Indicators Auditors

1/35


2/35


3/35

Definition of FraudThe Institute of Internal Auditors IPPF definesfraud as:

Any illegal act characterized by deceit,concealment, or violation of trust. These actsare not dependent upon the threat of violenceor physical force. Frauds are perpetrated by

parties and organizations to obtain money,property, or services; to avoid payment or lossof services; or to secure personal or businessadvantage.


4/35

Another definition of fraud from the publication

Managing the Business Risk of Fraud: A Practical Guide,sponsored by The IIA, the AICPA, and the Association ofCertified Fraud Examiners, states:

Fraud is any intentional act or omissiondesigned to deceive others, resulting in thevictim suffering a loss and/or the perpetratorachieving a gain.

Frauds are characterized by intentional deception ormisrepresentation.


5/35

Impact of Fraud

Fraud has negatively impacted organizations in

different ways, including financial, reputational,psychological, and social. Organizations have beenforced to cease operations due to the impact offinancial and reputation damages, and the

psychological and social effects have been especiallyshocking to the employees of the organizations.


6/35

Impact of Fraud

Victims of fraud also suffer mental and emotional

harm and stress-related physical effects in additionto their financial losses. The victims have felt robbedof not only their money, but also their security, self-esteem, and dignity. The bottom line is that fraud

left unchecked can be damaging to any organization.


7/35

Reasons for Fraud

Pressure or incentive

Opportunity

Rationalization


8/35

Pressure or incentivePressure or incentive represents a need that anindividual attempts to satisfy by committing fraud.Often, pressure comes from a significant financialneed or problem. This may include the need to keep

onesjob or earn a bonus. In listed companies, theremay be pressure to meet or beat analystsestimates.For example, a large bonus or other financial awardcan be earned based on meeting certain

performance goals. The fraudster has a desire tomaintain his or her position in the organization andto retain a certain standard of living to compete withperceived peers.


9/35

OpportunityOpportunity is the ability to commit fraud and notbe detected. Since fraudsters do not want to be

caught in their actions, they must believe that theiractivities will not be detected. Opportunity is createdby weak internal controls, poor management, lack ofboard oversight, and/or through the use of ones

position and authority to override controls. Failure toestablish adequate procedures to detect fraudulentactivity also increases the opportunities for fraud tooccur.


10/35

OpportunityPersons in positions of authority may be able tocreate opportunities to override existing controlsbecause subordinates or weak controls allow them to

circumvent the established controls. Opportunityoften occurs because the fraudster knows what theauditor will do the when, what, and how much ofthe auditors procedures. For example, if the

fraudster knows that the auditor always tests onlylarge transactions in December, the fraudster cancommit the fraud on smaller transactions in othermonths.


11/35

RationalizationRationalization is the ability for a person to justify afraud, a crucial component in most frauds.

Rationalization involves a person reconciling his/herbehavior (e.g., stealing) with the commonly acceptedideas of decency and trust. For example, thefraudster places himself or herself as the priority

(self-centered), rather than the wellbeing of theorganization or society as a whole.


12/35

RationalizationThe person may believe committing fraud is justifiedin the context of saving a family member or lovedone so he/she can pay for high medical bills. Other

times, the person simply labels the theft asborrowing, and intends to pay the stolen moneyback at a later time. Some people will do things thatare defined as unacceptable behavior by the

organization, yet are commonplace in their cultureor were accepted by previous employers. As a result,they can rationalize their behavior as the rules dontapply to them.


13/35

Management fraud usually occurs because of theease with which management can circumvent thesystems of internal control. Sawyer list eightreasons behind management fraud. These aremotives (incentives or situational pressures).

Sometimes take rash steps from which they

cannot move back. Profit centers may distort facts to delay

divestment.

Incompetent managers may deceive to survive.

Reasons of Management fraud


14/35

Performance may be distorted to justify largerbonuses.

The need to succeed can turn managers tocheating.

Corrupt managers may serve interests thatconflict.

Profits may be inflated to obtain advantages inthe market.

The one who controls both the assets and their

records is in a perfect position to falsify the latter.

Reasons of Management fraud


15/35

Examples of Fraud Asset misappropriation involves stealing cash or

assets

Skimming occurs when cash is stolen from an

organization before it is recorded on theorganizations books and records.

Disbursement fraud occurs when a person causes theorganization to issue a payment for fictitious goods or

services, inflated invoices, or invoices for personalpurchases.

Expense reimbursement fraud occurs when anemployee is paid for fictitious or inflated expenses.


16/35

Examples of Fraud Payroll fraud occurs when the fraudster causes the

organization to issue a payment by making falseclaims for compensation.

Financial statement fraud involvesmisrepresenting the financial statements, often byoverstating assets or revenue or understatingliabilities and expenses.

Information misrepresentation involves providingfalse information, usually to those outside theorganization.


17/35

Examples of Fraud Corruption is the misuse of entrusted power for

private gain. Corruption includes bribery and otherimproper uses of power. Corruption is often an off-book fraud, meaning that there is little financialstatement evidence available to prove that the crimeoccurred.

Bribery is the offering, giving, receiving, or solicitingof anything of value to influence an outcome.

Bribes may be offered to key employees or managerssuch as purchasing agents who have discretion in

awarding business to vendors.


18/35

Examples of Fraud A conflict of interest occurs where an employee,

manager, or executive of an organization has anundisclosed personal economic interest in a

transaction that adversely affects the organizationor the shareholdersinterests.

A diversion is an act to divert a potentially profitabletransaction to an employee or outsider that would

normally generate profits for the organization. Unauthorized or illegal use or theft of confidential or

proprietary information to wrongly benefit someone.

Tax evasion is intentional reporting of false

information on a tax return to reduce taxes owed.


19/35

Potential Fraud IndicatorsFraudsters often display certain behaviors or characteristicsthat may serve aswarning signs or red flags.

High personnel turnover

Low employee morale

Paperwork supporting adjusting entries not readilyavailable

Bank reconciliations not completed promptly

Increases in the number of customer complaints

Unusual rise in inventory and receivables

Deteriorating income trend when the industry or the

organization as a whole is doing well.


20/35

Potential Fraud Indicators Numerous audit adjustments of significant size

Write-offs of inventory shortages with no attempt todetermine cause

Unrealistic performance expectations Rumors of conflicts of interest

Use of duplicate invoices to support payments tosuppliers

Use of sole-source procurement contracts

Overrides of controls by management or officers

Consistently exceeding goals/objectives regardless ofchanging business conditions and/or competition


21/35

Potential Fraud Indicators Prevalence of non-routine transactions or journal

entries

Rewriting records under the guise of neatness inpresentation

Problems or delays in providing requested information

Significant unusual changes in customers or suppliers

Transactions that lack documentation or normalapproval

Employees or management hand-delivering checks

Customer complaints about delivery


22/35

Potential Fraud Indicators Replying to questions with unreasonable explanations

Not separating the functional responsibilities ofauthorization, custodianship, and record keeping

Failure to record transactions resulting in lack ofaccountability

Not comparing existing assets with recorded amounts

Transaction execution without proper authorization

Not implementing prescribed controls because of Lackof / Unqualified personnel

Lack of computer expertise by supervisors

Unlimited access to assets


23/35

Potential Fraud Indicators Unrestricted access to computer disks

Location of computer terminals off-site withoutcompensating controls

Use of untested off-the-shelf vendor software Poor IT access controls such as poor password controls

Existence of liquid assets, such as cash, bearersecurities, or highly marketable merchandise

An employee is trusted so completely that duties arenot segregated

A manager continually handles the organization'smost urgent problems


24/35

Organizational-Level Red Flags(Tone at the Top, The lIA November 2003)

Abnormally rapid growth or profits, particularlyrelative to the industry

Financial results excessively better than those ofcompetitors absent significant operational differences.

Unexplained changes in trends or financial statement

relationships Decentralized operations coupled with a weak internal

reporting system

Earnings growth combined with a lack of cash


25/35

Organizational-Level Red Flags Excessively optimistic public statements about future

growth

Use of accounting principles that conform with theletter (form) of requirements, not the substance, orthat vary from industry practice

A debt ratio that is too high or difficulty in paying debt

Excessive sensitivity to interest rate fluctuations End-of-period transactions that are complex, unusual,

or significant

Non-enforcement of the organizationsethics code


26/35

Organizational-Level Red Flags Material related-party transactions not in the

ordinary course of business

Potential business failure in the near term Use of unusual legal entities, many lines of

authority, or contracts with no obvious businessreason.

Business arrangements that are difficult tounderstand and do not seem to have any practicalapplicability to the entity.


27/35

Personal red flags Living beyond onesmeans

Borrowing small amounts from fellow employees

Placing personal checks in change funds --undated, postdated -- or requesting others to"hold" checks

Collectors or creditors appearing at the place of

business, and excessive use of telephone to "stalloff" creditors

Placing unauthorized IOUs in change funds, orprevailing on others in authority to accept IOUs

for small, short-term loans


28/35

Personal red flags Conveying dissatisfaction with the job to fellow

employees

Severe personal financial losses Addiction to drugs, alcohol or gambling

Change in personal circumstances

Developing outside business interests Pronounced criticism of others so as to divert

suspicion

Getting annoyed at reasonable questioning


29/35

Personal red flags Refusing to leave custody of records during the

day; working overtime regularly

Refusing to take vacations and avoid promotionsfor fear of detection

Constant association with and entertainment by, amember of a supplier's staff

Carrying an unusually large bank balance, or heavybuying of securities

Extended illness of self or family, usually without a

plan of debt liquidation


30/35

Personal red flags Proud about exploits, and/or carrying unusual

amounts of money

Consistently rationalize poor performance Identify beating the system to be an intellectual

challenge

Provide unreliable communications and reports

Rarely take vacations or sick time (and when theyare absent, no one performs their work)


31/35

These red flags are often indicators of

misconduct, and an organizationsmanagement and internal auditors need to betrained to understand and identify the

potential warning signs of fraudulentconduct. While none of these mean anemployee is actually committing fraud, acombination of these factors could indicate aneed for inquiries and heightened auditattention.


32/35

Internal Auditors Responsibility in

Assessment of Fraud Risk

The International Professional Practices

Framework (IPPF) outlines the followingInternational Standards for the ProfessionalPractice of Internal Auditing (Standards)

pertaining to fraud and the internal auditorsrole in detecting, preventing, and monitoringfraud risks and addressing those risks inaudits and investigations.


33/35


Assessment of Fraud Risk1210. A2 Internal auditors must have sufficientknowledge to evaluate the risk of fraud and themanner in which it is managed by the organization,but are not expected to have the expertise of aperson whose primary responsibility is detectingand investigating fraud.

1220. A1 Internal auditors must exercise dueprofessional care by considering the probability ofsignificant errors, fraud, or noncompliance.


34/35


Assessment of Fraud Risk2120. A2 The internal audit activity must evaluatethe potential for the occurrence of fraud and howthe organization manages fraud risk.

2210. A2 Internal auditors must consider theprobability of significant errors, fraud,

noncompliance, and other exposures whendeveloping the engagement objectives.


35/35

Thank You & Good Luck

fraud indicators auditors

Documents