fraud risk assessment- detection and prevention- part- 2,
DESCRIPTION
Fraud, controls, detection and preventionTRANSCRIPT
Fraud Risk Assessment (Part 2)
Detection and Prevention Techniques
TAHIR ABBAS
CIA,CISA,CFE,CRMA
The only certainty is uncertainty
Event:
Occurrence of a particular set of circumstances.
Frequency:
A measure of the number of occurrence's per unit of time.
Hazard:
A source of potential harm or a situation with a potential to cause loss.
Consequence:
Outcome or impact of an event.
Likelihood:
A general description of probability or frequency.
Fraud Risk Assessment
• Identify inherent fraud risk
• Assess the likelihood and significance of inherent fraud risk
• Developing a response to reasonably likely and significant inherent and residual fraud risk
Foundations of an effective fraud risk management
Fraud Risk Assessment
– Identify inherent fraud risk
• Where could things go wrong
• Industry, geo-political risks
• Company risks – Incentive plans
– Growth rate
– Consolidation
• Risk of management override
– Assess the likelihood and significance of inherent fraud risk
• Likelihood – remote, possible, probably
• Significance – not just dollars; reputation, management time
Risk/Control Sample Matrix
Procurement Fraud Risk Assessment
Corruption Context
Document
Fraud Risk- List down
Likelihood
Impact
Control
Procurement Fraud Red Flags
• Repeated awards to the same entity.
• Competitive bidder complaints and protests.
• Complaints about quality and quantity.
• Multiple contracts awarded below the competitive threshold.
• Abnormal bid patterns.
• Agent fees.
• Questionable bidder.
• Awards to non-lowest bidder.
• Contract scope changes.
• Numerous post-award contract change orders.
• Urgent need or sole source.
• Questionable minority/disabled ownership.
•
Key Principle for Fraud Risk Management
• As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk
• Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.
• Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.
• Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized a reporting process should be in place to solicit input on potential fraud, and a coordinated
• Approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
Preventing Fraud – A Summary
Create a culture of Honesty, Openness, and Assistance
Eliminate Opportunities
Implement Employee Assistance Programs
Have a Code of Ethics
Create a Positive Work
Environment
Hire honest people and provide fraud awareness
training
Have good internal controls
Discourage Collusion
Publicize company policies
Monitor employees
Provide tip hotlines
Create an expectation of punishment Proactively audit
for fraud
Controls
Existence of a control even if non operational can be a deterrent and act as a real control
Deterrence and Prevention
Deterrence modifies the person's behavior through perception of being caught and being punished while Prevention focuses on removing the root cause of the problem, hence prevention and correction logically go together.
Prevention
• Analytical reviews
• Mandatory vacation
• Job rotation
• Surprise audit
• Oversight
• Employee education
• Open door polices
Prevention
Dishonest employees may not commit a fraud if they know the organization has an oversight and confirmation process. After giving the code of ethics to all employees (in both hard and soft copy if possible), require that they sign a statement that says they have read and understood the code's requirements and will comply with them. The fraud prevention plan should include an accountability matrix that lists the anti-fraud functions and which staff have primary, secondary or a shared responsibility. This then eliminates the excuse of ignorance.
The Death Penalty
For Corporations
If we are going to consider the corporation to be a person
and afford it the same kinds of rights and freedoms that are extended to the individual, perhaps it is time to revise the methods by which we hold the corporate "person" accountable. We should impose the same kind of punishments that we have established for individuals. If a corporation is convicted in the courts for a violation of law, we should curtail its freedom to conduct business for a period of time. In the event of repeat offenses, the penalties should be increased. In those instances where a corporation severely violates the public trust, it should cease to exist. The corporate charter should be revoked, the assets seized and the corporation dissolved.
Reactive Fraud Detection
Fraud Prevention Checklist
Is ongoing anti-fraud training provided to all employees of the organization? Understand what constitutes fraud? Have the costs of fraud to the company and everyone in
it — including lost profits, adverse publicity, job loss and decreased morale and productivity — been made clear to employees?
Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely?
Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
Fraud Prevention Checklist
Is an effective fraud reporting mechanism in place? Have employees been taught how to communicate
concerns about known or potential wrongdoing? Is there an anonymous reporting channel available to
employees, such as a third-party hotline? Do employees trust that they can report suspicious activity
anonymously and/or confidentially and without fear of reprisal?
Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
Fraud Prevention Checklist
Are strong anti-fraud controls in place and operating effectively, including the following?
Proper separation of duties
Use of authorizations
Physical safeguards
Job rotations
Mandatory vacations
Detection
– Process controls
– Anonymous Reporting/hotline
– Internal Audit
– Benchmark
– Measurements
– Computer Checks for Anomalies
– Interviews
Forensic Accounting
Forensic accounting or financial forensics is the specialty practice area of accountancy that describes engagements that result from actual or anticipated disputes or litigation. "Forensic" means "suitable for use in a court of law", and it is to that standard and potential outcome that forensic accountants generally have to work. Forensic accountants, also referred to as forensic auditors or investigative auditors, often have to give expert evidence at the eventual trial.
Forensic Auditing
Forensic auditing is a type of auditing that specifically looks for financial misconduct, and abusive or wasteful activity.
It is most commonly associated with gathering evidence that will be presented in a court of law as part of a financial crime or a fraud investigation.
Forensic Accounting Factors
• Time: Forensic accounting focuses on the past, although it may do so in order to look forward (e.g., damages, valuations).
• Purpose: Forensic accounting is performed for a specific legal forum or in anticipation of appearing before a legal forum.
• Peremptory: Forensic accountants may be employed in a wide variety of risk management engagements within business enterprises as a matter of right, without the necessity of allegations (e.g., proactive).
Forensic Audit Approaches
• Direct methods involve probing missing income by pointing to specific items of income that do not appear on the tax return. In direct methods, the agents use conventional auditing techniques such as looking for canceled checks of customers, deed records of real estate transactions, public records and other direct evidence of unreported income.
• Indirect methods use economic reality and financial status techniques in which the taxpayer’s finances are reconstructed through circumstantial evidence.
Indirect Methods
An indirect method should be used when:
• The taxpayer has inadequate books and records
• The books do not clearly reflect taxable income
• There is a reason to believe that the taxpayer has omitted taxable income
• There is a significant increase in year-to-year net worth
• Gross profit percentages change significantly for that particular business
• The taxpayer’s expenses (both business and personal) exceed reported income and there is no obvious cause for the difference
How internal controls Can detect fraud?
• Can internal controls detect fraud?
Method for detecting frauds
• Percentage markup method for proving income
• Data Analysis
• Fraud Assessment tools
• Bedford analysis
• Link Analysis
• Interviewing strategies
• Linguistic Text Analysis
Percentage markup method for proving
Income
Data Analysis
• Article provided
• Ratios, hor , vertical
Bedford analysis
Article provided
Link Analysis
Given the complexity of serious fraud investigations, and the significant number of individuals and entities ordinarily involved, the employment of an analytic procedure known as 'link network diagramming' - commonly referred to as 'link analysis' - should be considered to facilitate the investigation and case structuring. Link analysis is essentially a graphic method for integrating and displaying large amounts of data which are related to complicated criminal activities and civil wrongs. The construction of a link analysis diagram should enhance the integration and presentation of relevant evidence or information that is:
• connected to various financial accounts, individuals and entities;
• collected by or from different sources; and
• spread over a protracted period of time.
Link Analysis
Essentially, the link analysis technique is comprised of two sequential steps. The first step is the conversion of written material containing summaries of investigative findings into a graphic form called an 'association matrix'. The second step is the conversion of the matrix into a diagram intended to facilitate understanding of the relationships contained therein. The association matrix is essentially an interim step in producing graphic material to assist investigators, prosecutors and civil litigation counsel. The goal is the development of pictorial data which clearly shows the relationships between people, organizations and activities. It allows an analyst or a trier-of-fact ready access to the big picture in complex matters. As the final diagram depicts relationships (or links) between people, organizations and activities, the generally accepted name for such pictorial data is a 'link analysis' diagram.
Linguistic Text Analysis
Lack of self-reference
Verb tense
Answering Q with Q
Equivocation
Oaths
Euphemisms
Alluding to actions
Lack of Detail
Narrative balance
Mean Length
Linguistic Text Analysis
• ON SLIDE NO 77 AND 78 OF FIRST PART PRESENTATION ALREADY PROVIDED
• http://www.fraud-magazine.com/article.aspx?id=4294971184
11 vital questions to answer within the
first 24 hours of a fraud allegation:
• Does the alleged activity constitute fraud?
• Who is involved?
• How should those who were involved in the fraud be handled?
• Are there any co-conspirators?
• How much was lost to fraud?
• During what period did the fraud occur?
• How did the fraud occur?
• How was the fraud identified?
• Could the fraud have been detected earlier?
• What can be done to prevent similar frauds?
• Should the conduct be disclosed to the authorities?
Tone at top
• What is the “tone at the top”?
• Major fraud factors
– Meeting analysts’ expectations
– Compensation and incentives
– Pressure to reach goals
• Why employees don’t report unethical conduct????
Tone at top
• COMMON ETHICAL VIOLATIONS
• Abusive or intimidating behavior of superiors toward employees (21 percent)
• Lying to employees, customers, vendors, or the public (19 percent)
• A situation that places employee interests over organizational interests (18 percent)
• Violations of safety regulations (16 percent)
• Misreporting actual time or hours worked (16 percent)
• •
COMMON ETHICAL VIOLATIONS
Stealing, theft, or related fraud (11 percent)
• Sexual harassment (9 percent)
• Provision of goods or services that fail to meet specifications (8 percent)
• Misuse of confidential information (7 percent)
• Price fixing (3 percent)
• Giving or accepting bribes, kickbacks, or inappropriate gifts (3 percent)
• E-mail and Internet abuse (13 percent)
• Discrimination on the basis of race, color, gender, age, or similar categories (12
• percent)