fraud risk management lahore oct 15

Tahir AbbasCertified Fraud Examiner

Fraud- Salient Crime

Any intentional and deliberate act to deprive another of property/money by guile, deception or any unfair mean(s).

A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her disadvantage.

Type Of Fraud

• White collar Crime

• Organizational Crime

• Occupational Fraud

White collar Crime

Not every crime involves a smoking gun. Some crimes arecommitted right under the victim's nose without a single shotfired!

White collar Crime

• Misrepresentation of facts • Concealment of fact• Bribery• Extortion• Conflict of interest• Forgery• Embezzlement• Theft• Breach of fiduciary duty

Organizational Crime

Organizational crime is that committed by business particularly corporations and governments.

Occupational Fraud

Why People Obey The Law

Why people obey the law while others chose to break it. Why is this so? What make people to act the way they do?

Why People Commit Fraud

Pressure

Who could turn an opportunity for fraud into reality?

Pressure (Non-Shareable Financial Problems) Trusted persons become trust violators when they believe that they have such a problem

‘There was no need for it like there was this time.’“The idea never entered my head.’‘I thought it was dishonest then, but this time it did not seem dishonest at first.’ ”10

Pressure (Non-Shareable Financial Problems)

• Violation of ascribed obligations

• Problems resulting from personal failure

• Business reversals

• Physical isolation

• Status gaining

• Employer-employee relations

Pressure (Non-Shareable Financial Problems) Some common financial problems employees face include those stemming from:

• Greed

• Living beyond one’s means or extravagant lifestyle

• High bills or personal debt

• Poor credit

• Personal financial losses

• Unexpected financial needs

• Substance abuse/addictions

• Gambling debt and addiction

Perceived Opportunity • Perceived ability to commit fraud

• General information

• Technical Skill

Rationalization• Understand his illegal behavior

• Before the crime takes place

Top 10 Thinking Errors (Fraudster) • Rationalization

• Instant Gratification

• Disregard for Authority or Rules

• Being Overly Optimistic

• Entitlement

• Lack of Remorse

• Peer or Financial Pressure

• Inadequate Fear of Punishment

• Egoism

• Diffusion of Harm

Workplace Deviant Behaviors

Who is most likely to commit fraud?

Behavioral Symptoms• Buying more material items

• Starts to carry unusual amounts of cash

• Creditors/Bill Collectors show up at work or call frequently

• Borrows money from coworkers

• Becomes more irritable or moody

• Becomes unreasonably upset when questioned

• Becomes territorial over their area of responsibility

• Won’t take vacation or sick time or only takes it in small increments

• Works unneeded overtime

• Turns down promotions

• Start coming in early or staying late

• Redo or Rewrite work to “make it neat”

Common Red Flags• Wheeler and Dealer

• Domineering/Controlling

• Don’t like people reviewing their work

• Strong Desire for Personal Gain

• Have a “Beat the System Attitude

• Live Beyond Their Means

• Close relationship with customers or vendors

• Unable to Relax

• Often have a “too good to be true” work performance

• Don’t take vacation or sick time or only take leave in small amounts.

• Often work excessive overtime

• Outwardly, appear to be very trustworthy.

• Often display some sort of drastic change in personality or behavior

Factors- Organizational Environment • Placing too much trust in key employees

• Lack of proper procedures for authorization of transactions

• Inadequate disclosures of personal investments and incomes

• No separation of authorization of transactions from the custody of related assets

• Lack of independent checks on performance

• Inadequate attention to details

• No separation of custody of assets from the accounting for those assets

• No separation of duties between accounting functions

• Lack of clear lines of authority and responsibility

• Department that is not frequently reviewed by internal auditors

•

Financial Statement Fraud

Fin

anci

al S

tate

men

t F

rau

d

Timing Difference

Improper Revenue Recognition

Improper Asset Valuation

Overstated /Concealed lability and Expenses

Improper Disclosure

Financial Statement Fraud

• Playing the accounting system

• Beating the accounting system

• Going outside the accounting system

Financial Statement Fraud- Case-Loss

Timing Difference

• Premature Revenue Recognition

• Sale With Conditions

• Long Term Contracts

• Channel Staffing

• Wrong period Recording of Expenses

Improper Revenue Recognition

• Overstated Revenue

• Understated Revenue

• Fictitious Revenue

Improper Assets Valuation

• Inventory Valuation

• Account Receivable

• Fixed Assets

• Business Combination

Overstated/Concealed Lability or Expenses

• Lability/ Expenses Omission

• Improper Cost Capitalization

• Warranty Cost and Provisions

Improper Disclosure

• Liability Omission

• Subsequent Events

• Management Fraud

• Related Party Transactions

• Accounting Change

FS Fraud Red Flags• Domination of management by a single person or small group

• Tone at top

• Recurring negative cash flows from operations

• Rapid growth or unusual profitability,

• Significant, unusual, or highly complex transactions- Period End

• Significant related-party transactions

• Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality

• Overly Complex organization Structure

• BOD of audit committee absence/competency

• Unusual rations and variations

Prevention of FS Fraud• An organizational environment that fosters control consciousness.

• Realistic organizational goals and objectives (as opposed to unrealistic ones).

• Written corporate policies (e.g., code of conduct) that describe prohibited activities and the action required whenever violations are discovered.

• Appropriate authorization policies for transactions are established and maintained.

• Policies, practices, procedures, reports, and other mechanisms to monitor activities and safeguard assets, particularly in high-risk areas.

• Communication channels that provide management with adequate and reliable information.

• Policies and procedures that foster the establishment and enhancement of cost-effective controls to prevent fraud.

• Thorough review of all post-financial-statement-date transactions, such as accounts payable increases and decreases, to detect omitted liabilities in financial statements.

• Thorough review of the appropriateness of capitalization procedures.

Detection of FS Fraud

• Some questions we should consider include:

• Are the transactions overly complex?• Has management discussed the transactions with the board of directors and audit committee?• Has management placed more emphasis on the need for a particular accounting treatment than on the underlying economics of the particular transaction?• Do the transactions involve unconsolidated, unrelated parties (including special purposes entities), or parties that do not have the substance or financial strength to support the transaction?


• Vertical Analysis

• Horizontal Analysis

• Ratio Analysis

• Interviewing


• Revenue recognition—Performing substantive analytical procedures relating to revenue using disaggregated data (e.g., comparing revenue reported by month and by product line during the current reporting period with comparable prior periods); confirming with customers relevant contract terms; or questioning staff about shipments near the end of a period.

• Inventory quantities—Examining inventory records to identify locations or items that require specific attention during or after the physical inventory count; performing a more rigorous examination of the count, such as examining contents of boxed items

Punjab Bank Case-StudyThe case start with one of the two directors of the bank, approved, on behalf ofthe board of directors of BoP, unlawful credit proposals amounting to Rs1.1 billionin July 2006. Investigation reveals that actual corruption at the BoP amounts toRs76.178 billion. While the bank shows profits from 2005 to 2008 on paper, it isactually running in loss.

Bank was deprived of over Rs11 billion in advances and mark up by one Groupalone.

Millions of rupees had been doled out from the BoP, against negligible securitiesand without any collateral, to non-existent clients like ABC Group. Despite havingno businesses, ABC Group opened accounts in the BoP by using fake identities anddocuments and funds were sanctioned to them at their discretion. In more than 95percent cases the sanctioned funds were withdrawn within a day after approval.

Assets Misappropriation

Assets Misappropriation - Cash

Skimming - Off Book Fraud

Sale• Sale- No Show• Amount Manipulation• Off-site Sale• False Discount

Receivables• Forcing Account Balances• Lapping• False Account Entries

Inventory• Inventory Padding

Short Term Skimming

Alert- Skimming - Off Book Fraud

• Inventory is lower than the records indicate• Gaps in pre-numbered transactions or documents• Differences between customer and company records• Lower than expected revenues when a specific person is working• Lower than expected revenues in a specific location• Excessive number of short shipments or receipts• Vendor invoices do not match receiving reports• Missing documents (e.g., no sales document for a shipping document )

Alert- Skimming - Off Book Fraud• The ability to remove assets from the premises without appropriate documentation• Scrap exceeds expected amounts, or the amount is rising without good cause• A rising trend in customers who never pay for merchandise• An employee who frequently visits company sites after normal business hours• Material usage is higher than established standards, or higher than materials used by other workers• Fraudulent or altered documents (e.g., packing, shipping, receiving.)• Documents that do not agree (e.g., the receiving report sent to accounts payable does not match the one kept by the receiving department)

Prevention

• Segregation of Duties

• Authorization—approving transactions and decisions• Recording—preparing source documents; maintaining journals,

ledgers, or other files; preparing reconciliations; and preparing performance reports

• Custody—handling cash; maintaining an inventory storeroom; receiving incoming customer checks; and writing checks on the organization’s bank account

• Access Controls• Reconciliations• Customer Complaint

Detection- Broken Promises, Shattered Trust

• Receipt of Sale level; Detection- Analytical

• Journal Entry Review

• Payment vs Posting

• Confirmation

Fraudulent Disbursement

Register Disbursement Schemes

• False Refund

• Fictitious Refund

• Overstated Refund

• False Void

Alert: Fraudulent Disbursement

• Small Disbursement

• Record Destruction

• Photocopies

• SGD: Authorization –Approval of Refunds

• Missing Supporting Documents

• No Management Reviews

• Ineffective Reconciliations

• Inventory shrinkage is larger than it has been historically

Cheque Tempering SchemesCheck tampering

(1) fraudulently preparing a check drawn on the organization’s account for his own benefit, or

(2) intercepting a check drawn on the organization’s account

• Forged Marker

• Free Hand Forgery

• Photocopied Forgery

• Interception Cheque before delivery

• Forged Endorsement Schemes

• Authorized Maker Schemes

Red Flags and Detection

• Fraudster Reconciling the Bank Statement

• Voided Cheque

• Missing Cheque

• Excessive Returned Cheque

• Frequent Address Changed

• Customer/Vendor Complaints

Billing Schemes

Bil

lin

g sc

hem

es

Invoicing Via Shell Company

Pass Through Schemes

Pay and return Schemes

Personal Purchase

False Purchase Requisition

Prevention Billing Schemes• Segregate these duties: purchase requests, purchasing goods and services,

purchase authorization, merchandise receipt, payment authorization, and vendor payment.• Require appropriate documentation on all transactions. For example, use pre-numbered, multi-copy purchase orders, receiving reports, etc. Make sure all documents are completed properly. Periodically account for numerical document sequences. Periodically review all documentation for completeness and accuracy.• Require appropriate supervisory approvals on all purchase orders, cash disbursements, write-offs, credit memos, etc.• Keep a list of approved vendors, and only purchase goods from approved vendors. Control the vendor approval process so that those buying the goods or services (and others in a position to commit fraud) cannot approve a vendor.• Promptly log in goods received, and complete the appropriate receiving reports to avoid merchandise loss.• Match the data on purchase orders, receiving reports, and vendor invoices before making vendor payments. Investigate all unmatched documents for appropriateness

Detection- Billing Schemes

• Analytical Review

• Computer Assisted Review

• Statistical Sampling

• Vendor Survey

Payroll Fraud Schemes

• Ghost Employee

• Fictitious Sale

• Altered Sales

• Falsified Hours and Salary

• Commission Schemes

Prevention- Payroll Fraud Schemes• Require all timekeeping information (hours worked, etc.) to be authorized before an employee is

paid.

• Separate the duties of hiring employees, entering timekeeping information, authorizing timekeeping information, processing payroll, authorizing payroll, distributing payroll, transferring funds to the payroll accounts, and reconciling the payroll bank account. Someone independent of the sales department should prepare data used to calculate sales commissions.

• If automated timekeeping systems are used, a supervisor should be present at the beginning and end of shifts to ensure that no one clocks another employee in or out of the system.

• Stringent access controls, all of whom have closely guarded passwords; all changes reviewed and authorized by someone else; changes only made from specific terminals during business hours, etc.) should be placed over the payroll database so that unauthorized employees cannot create ghost employees or change their hours, pay rates, salary, or commissions.

• Install an automated timekeeping system that requires employees to use ID cards or some other physical form of identification. This makes it more difficult to perpetrate fraud since a bogus ID must be obtained, and the perpetrator must be present to log the ghost employee in and out of the system every day.

Detection- Payroll Fraud Schemes

• Independent Payroll Disbursement

• Duplicate Account number

• Duplicate address

• Duplicate Identification Code

• Overtime Authorization

• Commission Analysis (Correlation)

• Trend Analysis

Other Assets- Fraud Schemes

• The first is to steal the asset with no intention of ever returning it. The second is to “borrow” the asset, to misuse it, or to use it in a way that the employer never intended it to be used.

• Noncash assets that are typically stolen or misused include inventory, supplies, tools and equipment, raw materials, computers and other office equipment, telephones (personal long distance calls, etc.), company cars, an individual’s time, and information

Initial Detection of Fraud

Initial Detection of Fraud- Source

Initial Detection of Fraud- Tip

Anti-Fraud Control

Control Weaknesses That Contributed to Fraud

Procurement Fraud- Red Flags

• Sequential invoices paid

• Unusual/large/round-dollar amounts paid

• Payments just under authorization level

• Employee-vendor address match

• Multiple invoices paid on same date

• Slight variation of vendor names

• Non-Monitoring of high risk employees and process

• Splitting one purchase into multiples to avoid the approval process

Bid Rigging

• Pre-solicitation Fraud

• Need Recognition

• Specification Tailoring

• Solicitation Fraud

• Bid pooling

• Bid-splitting • Fictitious supplier

• Time advantages

• Limited scope of solicitations

Alert Bid Rigging• Specifications tailored to a particular vendor

• Unreasonably restrictive pre-qualifications

• An employee who defines a “need” that could only be met by one supplier

• An employee who justifies a sole-source or noncompetitive procurement process

• Changes in a bid once other bidders’ prices are known, sometimes accomplished through deliberate mistakes “planted” in a bid

• Bids accepted after the due date

• Low bidder withdraws to become a subcontractor on the same contract

• Falsified documents or receipt dates (to get a late bid accepted

• Falsification of contractor qualifications, work history, facilities, equipment, or personnel

Corruption Red FlagsRecipient

• The Big Spender

• The Gift Taker

• The “Odd Couple”

• Success Champion

• The Rule Breaker

• The Hospitality Master

• The Complainer

• Genuine Need

Payer

• The Too-Successful Bidder

• Poor Quality, Higher Prices

• The One-Person Operation

• The Cash Cow

Fraud Risk Assessment

Risk, reward and objectives vs Scenarios and Schemes

The process of proactively identifying and addressing organizational vulnerabilities both internal and external

Factor Influence risk assessment process

• The Nature of the business

• The Operating environment

• The Effectiveness of Control System and Process

• The Control Environment

Objective - Fraud Risk Assessment

Do you have the answer?

• How might a fraud perpetrator exploit weakness in System of IC?

• How Could a perpetrator override or circumvent IC?• What could a perpetrator do to conceal a fraud?

Objective - Fraud Risk Assessment

• Improve communication and awareness about fraud

• Identify what activities are most vulnerable to fraud

• Know who puts the organization at greater risk

• Develop plan to mitigate fraud risk

• Develop techniques to know if fraud has occurred in high riskarea

• Assess Internal control and business processes

• Comply with regulator and compliance requirement

Good Fraud Risk Assessment

• Collaborative effort of Management and Auditors

• The Right Sponsor

• Independence and Objectivity of Team

• Working Knowledge of Business

• Access to People and Processes at Level

• Engendered Trust

• Ability of Think the Unthinkable

• Plan to keep it Alive and Relevant

• One size does not fit all

Techniques- Fraud Risk Assessment

Organization structure and Culture will determine the best technique.Don’t try to fit others best.

• Interviews• Focus Group• Survey• Anonymous feedback Mechanism• Process-flow Analysis• Self-assessment

Addressing/Reporting identified Fraud Risk

• Risk Appetite- Establish the Acceptable Level of Risk

• Ranking and Prioritizing Risk• Estimate Likely cost of Risk• Heat map

• Respond to Risk

• Report Objective not Subjective

• Keep it simple

• Focus on what really matters

• Identify actions, clear and measureable

Fraud Risk Assessment . Self Assessment

Fraud Prevention

Elements of a Fraud Prevention Program

• Roles and responsibilities• Commitment• Fraud awareness• Affirmation process• Conflict disclosure• Fraud risk assessment• Reporting procedures and whistleblower protection• Investigation process• Corrective action• Quality assurance• Continuous monitoring

ERM Framework

Enterprise Risk Management defined:

“Enterprise Risk Management (ERM) is a process, affected by the organizations leadership, applied in a strategy setting, and across the organization, designedto identify potential events that may affect the organization, and manage risk(s) to be within its risk appetite, to provide reasonable assurance regarding the achievement of the organization’s objectives.”

ERM Framework

• Process – ongoing and fluid throughout the organization structure

• Affected – every person at every level

• Applied in Strategy Setting – you have to have a game plan

• Applied Across the Organization – no one is left out

• Designed to Identify Events – good and bad

• Reasonable Assurance – yes management; it works

• Geared to Achieve Objectives – touches every department, every school

ERM Framework

Fraud Prevention

Perception of DetectionProactive Audit ProceduresAnalytical ReviewFraud Assessment QuestioningSurprise AuditEmployee Anti-fraud EducationCascading Training

What is Fraud what is notHow Fraud can hurt to allHow, when, how canWhat to doWhy to do

Fraud Prevention

Fraud Prevention• Fraud Prevention Policy

• Hiring Policies

• Mandatory Vacations

• Job Rotation

• Effective Management Oversight

• Reporting Program- Hotline

• Rewards

• Open door Policies

• Organization structure

• Performance management

• Minimize Employee Pressures

• Fair personal Polices and Procedures

• Employee Support programs/ Morale

Fraud Prevention Policy

• Scope

• Actions Constituting Fraud

• Non Fraud irregularities

• Investigation

• Reporting Procedures

• Communication

• Employee Trainings

• Ethical Programs

Fraud prevention

Employee Morale• Provide organization-sponsored social events

• Recognize employees for good work

• Offer flexible work arrangements

• Offer organization-sponsored team-building events

• Exhibit a strong ethical tone at the top

• Engage individual contributors in the decision-making process

• Keep staff well-informed of the organization’s activities

• Offer cross-functional training and career advancement opportunities

• Offer small perks such as coffee, soda, or food

• Make the work environment attractive and comfortable

• Empower employees

• Set realistic goals

• Take time to celebrate accomplishments

• Listen to employee grievances and settle them as soon as possible

• Tune into employees’ emotional needs

• Offer competitive compensation and benefits

• Train employees to develop positive attitudes

• Show employees the results of their work

Hotline, Code and Whistle Blower

Hotline, Code and Whistle Blower

• “one who reveals wrongdoing within an organization to the public or to those in positions of authority ”

• The power of a hotline lies in its ability to open the lines of communication with employees and create a venue for real-time interaction, especially with anonymous parties.

• Hotline as an integral part of company’s corporate compliance and ethics program

Elements of Hotline and Whistle Blowing The first step in any new whistleblower program is sitting down with your employees to discuss the program

• Anonymity and confidentiality

• No retaliation

• Whistleblower incentives

• Positive “tone at the top

• Educate, publicize and make hotline available

• Multiple uses for hotline, including a helpline

• Record and analyze statistics

• Benchmark

• Hotline managed by third-party provider

• Allow multiple methods for submitting tips

• Evaluate, test and audit

• Educate other stakeholders and grant access to hotline

Whistle Blower

Fraud Detection and investigation

Tradition Data Analysis and Reporting

Big Data- High Volume, High velocity, high variety complex information

Sorting

Joining

Compliance Verification

Duplicate Search

Fuzzy login Matching

Gap Test

Fraud Detection and investigation

Case for Data Analysis

Detecting Anomalies

• Lack of self-reference

• Verb tense(events were occurring in the present

• Answering questions with questions

• Equivocation (Statements made by guilty parties often include mild or vague words )

• Oaths

• Euphemisms- missing" instead of "stolen,"

• Alluding to actions

• Lack of Detail

• Narrative balance- prologue, critical event and aftermath

• Mean Length of Utterance (between 10 and 15 words )

Verb tense

"After closing the store, I put the cash pouch in my car and drove to theOlympia Bank building on Elm Street. It was raining hard so I had todrive slowly. I entered the parking lot and drove around back to thenight depository slot. When I stopped the car and rolled down mywindow, a guy jumps out of the bushes and yells at me. Ican see he has a gun. He grabs the cash pouch and runs away. The lastI saw him he was headed south on Elm Street. After he was gone, Icalled the police on my cell phone and reported the theft."