fraud risk management lahore oct 15
TRANSCRIPT
Tahir AbbasCertified Fraud Examiner
Fraud- Salient Crime
Any intentional and deliberate act to deprive another of property/money by guile, deception or any unfair mean(s).
A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her disadvantage.
Type Of Fraud
• White collar Crime
• Organizational Crime
• Occupational Fraud
White collar Crime
Not every crime involves a smoking gun. Some crimes arecommitted right under the victim's nose without a single shotfired!
White collar Crime
• Misrepresentation of facts • Concealment of fact• Bribery• Extortion• Conflict of interest• Forgery• Embezzlement• Theft• Breach of fiduciary duty
Organizational Crime
Organizational crime is that committed by business particularly corporations and governments.
Occupational Fraud
Why People Obey The Law
Why people obey the law while others chose to break it. Why is this so? What make people to act the way they do?
Why People Commit Fraud
Pressure
Who could turn an opportunity for fraud into reality?
Pressure (Non-Shareable Financial Problems) Trusted persons become trust violators when they believe that they have such a problem
‘There was no need for it like there was this time.’“The idea never entered my head.’‘I thought it was dishonest then, but this time it did not seem dishonest at first.’ ”10
Pressure (Non-Shareable Financial Problems)
• Violation of ascribed obligations
• Problems resulting from personal failure
• Business reversals
• Physical isolation
• Status gaining
• Employer-employee relations
Pressure (Non-Shareable Financial Problems) Some common financial problems employees face include those stemming from:
• Greed
• Living beyond one’s means or extravagant lifestyle
• High bills or personal debt
• Poor credit
• Personal financial losses
• Unexpected financial needs
• Substance abuse/addictions
• Gambling debt and addiction
Perceived Opportunity • Perceived ability to commit fraud
• General information
• Technical Skill
Rationalization• Understand his illegal behavior
• Before the crime takes place
Top 10 Thinking Errors (Fraudster) • Rationalization
• Instant Gratification
• Disregard for Authority or Rules
• Being Overly Optimistic
• Entitlement
• Lack of Remorse
• Peer or Financial Pressure
• Inadequate Fear of Punishment
• Egoism
• Diffusion of Harm
Workplace Deviant Behaviors
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Who is most likely to commit fraud?
Behavioral Symptoms• Buying more material items
• Starts to carry unusual amounts of cash
• Creditors/Bill Collectors show up at work or call frequently
• Borrows money from coworkers
• Becomes more irritable or moody
• Becomes unreasonably upset when questioned
• Becomes territorial over their area of responsibility
• Won’t take vacation or sick time or only takes it in small increments
• Works unneeded overtime
• Turns down promotions
• Start coming in early or staying late
• Redo or Rewrite work to “make it neat”
Common Red Flags• Wheeler and Dealer
• Domineering/Controlling
• Don’t like people reviewing their work
• Strong Desire for Personal Gain
• Have a “Beat the System Attitude
• Live Beyond Their Means
• Close relationship with customers or vendors
• Unable to Relax
• Often have a “too good to be true” work performance
• Don’t take vacation or sick time or only take leave in small amounts.
• Often work excessive overtime
• Outwardly, appear to be very trustworthy.
• Often display some sort of drastic change in personality or behavior
Factors- Organizational Environment • Placing too much trust in key employees
• Lack of proper procedures for authorization of transactions
• Inadequate disclosures of personal investments and incomes
• No separation of authorization of transactions from the custody of related assets
• Lack of independent checks on performance
• Inadequate attention to details
• No separation of custody of assets from the accounting for those assets
• No separation of duties between accounting functions
• Lack of clear lines of authority and responsibility
• Department that is not frequently reviewed by internal auditors
•
Financial Statement Fraud
Fin
anci
al S
tate
men
t F
rau
d
Timing Difference
Improper Revenue Recognition
Improper Asset Valuation
Overstated /Concealed lability and Expenses
Improper Disclosure
Financial Statement Fraud
• Playing the accounting system
• Beating the accounting system
• Going outside the accounting system
Financial Statement Fraud- Case-Loss
Financial Statement Fraud- Case-Loss
Timing Difference
• Premature Revenue Recognition
• Sale With Conditions
• Long Term Contracts
• Channel Staffing
• Wrong period Recording of Expenses
Improper Revenue Recognition
• Overstated Revenue
• Understated Revenue
• Fictitious Revenue
Improper Assets Valuation
• Inventory Valuation
• Account Receivable
• Fixed Assets
• Business Combination
Overstated/Concealed Lability or Expenses
• Lability/ Expenses Omission
• Improper Cost Capitalization
• Warranty Cost and Provisions
Improper Disclosure
• Liability Omission
• Subsequent Events
• Management Fraud
• Related Party Transactions
• Accounting Change
FS Fraud Red Flags• Domination of management by a single person or small group
• Tone at top
• Recurring negative cash flows from operations
• Rapid growth or unusual profitability,
• Significant, unusual, or highly complex transactions- Period End
• Significant related-party transactions
• Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality
• Overly Complex organization Structure
• BOD of audit committee absence/competency
• Unusual rations and variations
Prevention of FS Fraud• An organizational environment that fosters control consciousness.
• Realistic organizational goals and objectives (as opposed to unrealistic ones).
• Written corporate policies (e.g., code of conduct) that describe prohibited activities and the action required whenever violations are discovered.
• Appropriate authorization policies for transactions are established and maintained.
• Policies, practices, procedures, reports, and other mechanisms to monitor activities and safeguard assets, particularly in high-risk areas.
• Communication channels that provide management with adequate and reliable information.
• Policies and procedures that foster the establishment and enhancement of cost-effective controls to prevent fraud.
• Thorough review of all post-financial-statement-date transactions, such as accounts payable increases and decreases, to detect omitted liabilities in financial statements.
• Thorough review of the appropriateness of capitalization procedures.
Detection of FS Fraud
• Some questions we should consider include:
• Are the transactions overly complex?• Has management discussed the transactions with the board of directors and audit committee?• Has management placed more emphasis on the need for a particular accounting treatment than on the underlying economics of the particular transaction?• Do the transactions involve unconsolidated, unrelated parties (including special purposes entities), or parties that do not have the substance or financial strength to support the transaction?
Detection of FS Fraud
• Vertical Analysis
• Horizontal Analysis
• Ratio Analysis
• Interviewing
Detection of FS Fraud
• Revenue recognition—Performing substantive analytical procedures relating to revenue using disaggregated data (e.g., comparing revenue reported by month and by product line during the current reporting period with comparable prior periods); confirming with customers relevant contract terms; or questioning staff about shipments near the end of a period.
• Inventory quantities—Examining inventory records to identify locations or items that require specific attention during or after the physical inventory count; performing a more rigorous examination of the count, such as examining contents of boxed items
Punjab Bank Case-StudyThe case start with one of the two directors of the bank, approved, on behalf ofthe board of directors of BoP, unlawful credit proposals amounting to Rs1.1 billionin July 2006. Investigation reveals that actual corruption at the BoP amounts toRs76.178 billion. While the bank shows profits from 2005 to 2008 on paper, it isactually running in loss.
Bank was deprived of over Rs11 billion in advances and mark up by one Groupalone.
Millions of rupees had been doled out from the BoP, against negligible securitiesand without any collateral, to non-existent clients like ABC Group. Despite havingno businesses, ABC Group opened accounts in the BoP by using fake identities anddocuments and funds were sanctioned to them at their discretion. In more than 95percent cases the sanctioned funds were withdrawn within a day after approval.
Assets Misappropriation
Assets Misappropriation
Assets Misappropriation - Cash
Skimming - Off Book Fraud
Sale• Sale- No Show• Amount Manipulation• Off-site Sale• False Discount
Receivables• Forcing Account Balances• Lapping• False Account Entries
Inventory• Inventory Padding
Short Term Skimming
Alert- Skimming - Off Book Fraud
• Inventory is lower than the records indicate• Gaps in pre-numbered transactions or documents• Differences between customer and company records• Lower than expected revenues when a specific person is working• Lower than expected revenues in a specific location• Excessive number of short shipments or receipts• Vendor invoices do not match receiving reports• Missing documents (e.g., no sales document for a shipping document )
Alert- Skimming - Off Book Fraud• The ability to remove assets from the premises without appropriate documentation• Scrap exceeds expected amounts, or the amount is rising without good cause• A rising trend in customers who never pay for merchandise• An employee who frequently visits company sites after normal business hours• Material usage is higher than established standards, or higher than materials used by other workers• Fraudulent or altered documents (e.g., packing, shipping, receiving.)• Documents that do not agree (e.g., the receiving report sent to accounts payable does not match the one kept by the receiving department)
Prevention
• Segregation of Duties
• Authorization—approving transactions and decisions• Recording—preparing source documents; maintaining journals,
ledgers, or other files; preparing reconciliations; and preparing performance reports
• Custody—handling cash; maintaining an inventory storeroom; receiving incoming customer checks; and writing checks on the organization’s bank account
• Access Controls• Reconciliations• Customer Complaint
Detection- Broken Promises, Shattered Trust
• Receipt of Sale level; Detection- Analytical
• Journal Entry Review
• Payment vs Posting
• Confirmation
Fraudulent Disbursement
Register Disbursement Schemes
• False Refund
• Fictitious Refund
• Overstated Refund
• False Void
Alert: Fraudulent Disbursement
• Small Disbursement
• Record Destruction
• Photocopies
• SGD: Authorization –Approval of Refunds
• Missing Supporting Documents
• No Management Reviews
• Ineffective Reconciliations
• Inventory shrinkage is larger than it has been historically
Cheque Tempering SchemesCheck tampering
(1) fraudulently preparing a check drawn on the organization’s account for his own benefit, or
(2) intercepting a check drawn on the organization’s account
• Forged Marker
• Free Hand Forgery
• Photocopied Forgery
• Interception Cheque before delivery
• Forged Endorsement Schemes
• Authorized Maker Schemes
Red Flags and Detection
• Fraudster Reconciling the Bank Statement
• Voided Cheque
• Missing Cheque
• Excessive Returned Cheque
• Frequent Address Changed
• Customer/Vendor Complaints
Billing Schemes
Bil
lin
g sc
hem
es
Invoicing Via Shell Company
Pass Through Schemes
Pay and return Schemes
Personal Purchase
False Purchase Requisition
Prevention Billing Schemes• Segregate these duties: purchase requests, purchasing goods and services,
purchase authorization, merchandise receipt, payment authorization, and vendor payment.• Require appropriate documentation on all transactions. For example, use pre-numbered, multi-copy purchase orders, receiving reports, etc. Make sure all documents are completed properly. Periodically account for numerical document sequences. Periodically review all documentation for completeness and accuracy.• Require appropriate supervisory approvals on all purchase orders, cash disbursements, write-offs, credit memos, etc.• Keep a list of approved vendors, and only purchase goods from approved vendors. Control the vendor approval process so that those buying the goods or services (and others in a position to commit fraud) cannot approve a vendor.• Promptly log in goods received, and complete the appropriate receiving reports to avoid merchandise loss.• Match the data on purchase orders, receiving reports, and vendor invoices before making vendor payments. Investigate all unmatched documents for appropriateness
Detection- Billing Schemes
• Analytical Review
• Computer Assisted Review
• Statistical Sampling
• Vendor Survey
Payroll Fraud Schemes
• Ghost Employee
• Fictitious Sale
• Altered Sales
• Falsified Hours and Salary
• Commission Schemes
Prevention- Payroll Fraud Schemes• Require all timekeeping information (hours worked, etc.) to be authorized before an employee is
paid.
• Separate the duties of hiring employees, entering timekeeping information, authorizing timekeeping information, processing payroll, authorizing payroll, distributing payroll, transferring funds to the payroll accounts, and reconciling the payroll bank account. Someone independent of the sales department should prepare data used to calculate sales commissions.
• If automated timekeeping systems are used, a supervisor should be present at the beginning and end of shifts to ensure that no one clocks another employee in or out of the system.
• Stringent access controls, all of whom have closely guarded passwords; all changes reviewed and authorized by someone else; changes only made from specific terminals during business hours, etc.) should be placed over the payroll database so that unauthorized employees cannot create ghost employees or change their hours, pay rates, salary, or commissions.
• Install an automated timekeeping system that requires employees to use ID cards or some other physical form of identification. This makes it more difficult to perpetrate fraud since a bogus ID must be obtained, and the perpetrator must be present to log the ghost employee in and out of the system every day.
Detection- Payroll Fraud Schemes
• Independent Payroll Disbursement
• Duplicate Account number
• Duplicate address
• Duplicate Identification Code
• Overtime Authorization
• Commission Analysis (Correlation)
• Trend Analysis
Other Assets- Fraud Schemes
• The first is to steal the asset with no intention of ever returning it. The second is to “borrow” the asset, to misuse it, or to use it in a way that the employer never intended it to be used.
• Noncash assets that are typically stolen or misused include inventory, supplies, tools and equipment, raw materials, computers and other office equipment, telephones (personal long distance calls, etc.), company cars, an individual’s time, and information
Initial Detection of Fraud
Initial Detection of Fraud- Source
Initial Detection of Fraud- Tip
Anti-Fraud Control
Control Weaknesses That Contributed to Fraud
Procurement Fraud- Red Flags
• Sequential invoices paid
• Unusual/large/round-dollar amounts paid
• Payments just under authorization level
• Employee-vendor address match
• Multiple invoices paid on same date
• Slight variation of vendor names
• Non-Monitoring of high risk employees and process
• Splitting one purchase into multiples to avoid the approval process
Bid Rigging
• Pre-solicitation Fraud
• Need Recognition
• Specification Tailoring
• Solicitation Fraud
• Bid pooling
• Bid-splitting • Fictitious supplier
• Time advantages
• Limited scope of solicitations
Alert Bid Rigging• Specifications tailored to a particular vendor
• Unreasonably restrictive pre-qualifications
• An employee who defines a “need” that could only be met by one supplier
• An employee who justifies a sole-source or noncompetitive procurement process
• Changes in a bid once other bidders’ prices are known, sometimes accomplished through deliberate mistakes “planted” in a bid
• Bids accepted after the due date
• Low bidder withdraws to become a subcontractor on the same contract
• Falsified documents or receipt dates (to get a late bid accepted
• Falsification of contractor qualifications, work history, facilities, equipment, or personnel
Corruption Red FlagsRecipient
• The Big Spender
• The Gift Taker
• The “Odd Couple”
• Success Champion
• The Rule Breaker
• The Hospitality Master
• The Complainer
• Genuine Need
Payer
• The Too-Successful Bidder
• Poor Quality, Higher Prices
• The One-Person Operation
• The Cash Cow
Fraud Risk Assessment
Risk, reward and objectives vs Scenarios and Schemes
The process of proactively identifying and addressing organizational vulnerabilities both internal and external
Factor Influence risk assessment process
• The Nature of the business
• The Operating environment
• The Effectiveness of Control System and Process
• The Control Environment
Objective - Fraud Risk Assessment
Do you have the answer?
• How might a fraud perpetrator exploit weakness in System of IC?
• How Could a perpetrator override or circumvent IC?• What could a perpetrator do to conceal a fraud?
Objective - Fraud Risk Assessment
• Improve communication and awareness about fraud
• Identify what activities are most vulnerable to fraud
• Know who puts the organization at greater risk
• Develop plan to mitigate fraud risk
• Develop techniques to know if fraud has occurred in high riskarea
• Assess Internal control and business processes
• Comply with regulator and compliance requirement
Good Fraud Risk Assessment
• Collaborative effort of Management and Auditors
• The Right Sponsor
• Independence and Objectivity of Team
• Working Knowledge of Business
• Access to People and Processes at Level
• Engendered Trust
• Ability of Think the Unthinkable
• Plan to keep it Alive and Relevant
• One size does not fit all
Techniques- Fraud Risk Assessment
Organization structure and Culture will determine the best technique.Don’t try to fit others best.
• Interviews• Focus Group• Survey• Anonymous feedback Mechanism• Process-flow Analysis• Self-assessment
Addressing/Reporting identified Fraud Risk
• Risk Appetite- Establish the Acceptable Level of Risk
• Ranking and Prioritizing Risk• Estimate Likely cost of Risk• Heat map
• Respond to Risk
• Report Objective not Subjective
• Keep it simple
• Focus on what really matters
• Identify actions, clear and measureable
Fraud Risk Assessment . Self Assessment
Fraud Prevention
Elements of a Fraud Prevention Program
• Roles and responsibilities• Commitment• Fraud awareness• Affirmation process• Conflict disclosure• Fraud risk assessment• Reporting procedures and whistleblower protection• Investigation process• Corrective action• Quality assurance• Continuous monitoring
ERM Framework
Enterprise Risk Management defined:
“Enterprise Risk Management (ERM) is a process, affected by the organizations leadership, applied in a strategy setting, and across the organization, designedto identify potential events that may affect the organization, and manage risk(s) to be within its risk appetite, to provide reasonable assurance regarding the achievement of the organization’s objectives.”
ERM Framework
• Process – ongoing and fluid throughout the organization structure
• Affected – every person at every level
• Applied in Strategy Setting – you have to have a game plan
• Applied Across the Organization – no one is left out
• Designed to Identify Events – good and bad
• Reasonable Assurance – yes management; it works
• Geared to Achieve Objectives – touches every department, every school
ERM Framework
Fraud Prevention
Perception of DetectionProactive Audit ProceduresAnalytical ReviewFraud Assessment QuestioningSurprise AuditEmployee Anti-fraud EducationCascading Training
What is Fraud what is notHow Fraud can hurt to allHow, when, how canWhat to doWhy to do
Fraud Prevention
Fraud Prevention• Fraud Prevention Policy
• Hiring Policies
• Mandatory Vacations
• Job Rotation
• Effective Management Oversight
• Reporting Program- Hotline
• Rewards
• Open door Policies
• Organization structure
• Performance management
• Minimize Employee Pressures
• Fair personal Polices and Procedures
• Employee Support programs/ Morale
Fraud Prevention Policy
• Scope
• Actions Constituting Fraud
• Non Fraud irregularities
• Investigation
• Reporting Procedures
• Communication
• Employee Trainings
• Ethical Programs
Fraud prevention
Employee Morale• Provide organization-sponsored social events
• Recognize employees for good work
• Offer flexible work arrangements
• Offer organization-sponsored team-building events
• Exhibit a strong ethical tone at the top
• Engage individual contributors in the decision-making process
• Keep staff well-informed of the organization’s activities
• Offer cross-functional training and career advancement opportunities
• Offer small perks such as coffee, soda, or food
• Make the work environment attractive and comfortable
• Empower employees
• Set realistic goals
• Take time to celebrate accomplishments
• Listen to employee grievances and settle them as soon as possible
• Tune into employees’ emotional needs
• Offer competitive compensation and benefits
• Train employees to develop positive attitudes
• Show employees the results of their work
Hotline, Code and Whistle Blower
Hotline, Code and Whistle Blower
• “one who reveals wrongdoing within an organization to the public or to those in positions of authority ”
• The power of a hotline lies in its ability to open the lines of communication with employees and create a venue for real-time interaction, especially with anonymous parties.
• Hotline as an integral part of company’s corporate compliance and ethics program
Elements of Hotline and Whistle Blowing The first step in any new whistleblower program is sitting down with your employees to discuss the program
• Anonymity and confidentiality
• No retaliation
• Whistleblower incentives
• Positive “tone at the top
• Educate, publicize and make hotline available
• Multiple uses for hotline, including a helpline
• Record and analyze statistics
• Benchmark
• Hotline managed by third-party provider
• Allow multiple methods for submitting tips
• Evaluate, test and audit
• Educate other stakeholders and grant access to hotline
Whistle Blower
Fraud Detection and investigation
Tradition Data Analysis and Reporting
Big Data- High Volume, High velocity, high variety complex information
Sorting
Joining
Compliance Verification
Duplicate Search
Fuzzy login Matching
Gap Test
Fraud Detection and investigation
Case for Data Analysis
Detecting Anomalies
• Lack of self-reference
• Verb tense(events were occurring in the present
• Answering questions with questions
• Equivocation (Statements made by guilty parties often include mild or vague words )
• Oaths
• Euphemisms- missing" instead of "stolen,"
• Alluding to actions
• Lack of Detail
• Narrative balance- prologue, critical event and aftermath
• Mean Length of Utterance (between 10 and 15 words )
Verb tense
"After closing the store, I put the cash pouch in my car and drove to theOlympia Bank building on Elm Street. It was raining hard so I had todrive slowly. I entered the parking lot and drove around back to thenight depository slot. When I stopped the car and rolled down mywindow, a guy jumps out of the bushes and yells at me. Ican see he has a gun. He grabs the cash pouch and runs away. The lastI saw him he was headed south on Elm Street. After he was gone, Icalled the police on my cell phone and reported the theft."