IIA Fraud Conference

Case studies from recent investigations 8 April 2015

Page 2

Outline

► What is fraud and types of fraud ► EY’s 13th Global Fraud Survey

► Survey approach and participant profile ► Unethical behavior persists ► Significant industry fraud ► Whistleblower hotlines

► Case Study 1 ► Case Study 2 ► Fraud prevention ► About us

Page 3

What is fraud?

► “Any intentional act or omission designed to deceive others”*

► “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets”**

► Fraud is profitable ► Fraud is a growth industry ► Fraud is a significant compliance

risk area

*Source: American Institute of Certified Public Accountants **Source: ACFE Report to the Nations 2014

Page 4

Types of fraud

Fraud Schemes

Fraudulent Statements Schemes

• Misstatement or omission of material information/accounting records from financial statements.

Misappropriation of Assets

• Theft or misuse of tangible and intangible assets. • Fraudulent expenditures.

Corruption Schemes • Utilizing influence in business transactions to obtain a personal benefit. • Bribery and/or extortion. • Aiding and abetting fraud.

Improper Capitalization/

Deferral of Expenses

Improper Revenue

Recognition

Improper Manipulation

of Tax Accounts

Fictitious Vendor

Theft of Assets

Theft of Intellectual

Property

FCPA/UK Bribery

Act

Procurement Fraud

Conflicts of Interest

Asset/Liability Manipulation

Improper Journal Entries

Employee Expense

Fraud

Payroll Fraud

Cash Skimming

Improper Accounting of

I/C Transactions

Management Estimates

Significant/ Unusual

Transactions

Page 5

Survey approach and participant profile EY’s 13th Global Fraud Survey

► Between November 2013 and February 2014, our researchers conducted 2,719 interviews with various executives in 59 countries and territories

► Interviewees were selected from a sample of the largest companies in each country. Employees interviewed included industry leaders – chief executive officers (CEOs), chief financial officers (CFOs), chief compliance officers (CCOs), general counsel and heads of internal audit. Interviews were conducted on an anonymous basis in the local language by telephone or in person. Details of the full survey are shown below:

► Please note that, due to rounding or the omission of percentages to allow better comparison, some figures may not sum to 100%

Job title % of respondents

CFO 28% Other finance 23% Head of internal audit 9% Other audit/risk 9% General counsel 7% CEO 6% Head of marketing/sales 4% CCO 3% Other 11%

Revenue % of respondents

More than US$5B 6% US$1B-US$5B 18% US$500M-US$0.99B 13% US$100M-US$499M 30% US$99M or less 31%

Above US $1B 24% Below US $1B 73%

* Details of countries categorized as developed markets and emerging markets can be found in the appendix.

Page 6

Unethical behavior persists EY’s 13th Global Fraud Survey - Figures 1, 5, & 10

28

4

0

2

30

Offering entertainment towin/retain business

Personal gifts towin/retain business

Cash payments towin/retain business

Misstating company’s financial performance

At least one of these canbe justified

US Results North America

Developed markets

Emerging markets

Other respondents

33 30 28 29

5 11 17 14

1 7 16 13

3 4 8 6

35 38 45 42

% Agree

Base: US 2014 (50); North America 2014 (100); developed markets 2014 (1103); emerging markets 2014 (1616); all respondents 2014 (2719) % don't know and none of the above have been omitted to allow better comparison between responses given

% Agree

Q. Which, if any, of the following do you feel can be justified if they help a business survive an economic downturn?

Page 7

Unethical behavior persists EY’s 13th Global Fraud Survey – Figure 6

33

14

11

8

50

47

More flexible productreturns

Change assumptionsdetermining

valuations/reserves

Extend monthly reportingperiod

Backdate a contract

None of these

At least one of these

US Results CFO Head of IA CCO GC Head of

Marketing

31 25 27 31 44

17 12 11 13 15

11 10 4 10 15

10 9 3 12 8

51 61 56 48 41

48 39 36 45 54

% Agree

Base: All respondents (2,719); CFO (752); head of internal audit (238); CCO (95); general counsel (181); head of marketing/sales (108). The “don’t know” and “refused” percentages have been omitted to allow better comparison between the responses given.

% Agree

Q: Given the pressure that often exists to meet financial targets, which, if any, of the following activities do you feel can be justified to meet those targets?

Page 8

Has your organization experienced a significant fraud in the last two years?

Industry % Yes

Financial services 17

Other transportation 16

Oil, gas and mining 16

Other sectors 13 Technology, communications and entertainment 13

Government and public sector 12

Consumer products, retail or wholesale 12

Average of all respondents 12

Power and utilities 11

Manufacturing and chemicals 11

Real estate 9

Automotive 8

Professional firms and services 8

Life sciences 6

► More than 1 in 10 executives surveyed reported their company as having experienced a significant fraud in the past two years.

► The level of fraud reported by

respondents has remained largely unchanged over the past six years from 13% in 2008 to 12% in 2014

Page 9

Detection of fraud schemes

0.5%

0.8%

1.1%

2.2%

2.6%

3.0%

4.2%

6.6%

6.8%

14.1%

16.0%

42.2%

Other

Confession

IT Controls

Notified by Law Enforcement

Surveillance/Monitoring

External Audit

Document Examination

Account Reconciliation

By Accident

Internal Audit

Management Review

Tip

Almost 50% of schemes are discovered by Tip or Accident

Source: ACFE Report to the Nations 2014

Page 10

ACFE 2014 Report to the Nations on “speaking-up”

Tips are consistently and by far the most common detection method.

In 2014 report, 42.2% of cases showed a tip as the most common method of initial detection of occupational fraud. Management review is second at 16%.

Organizations with hotlines ► Were much more likely to catch fraud by a tip ► Detected the fraud 50% quicker ► Experienced frauds that were 41% less costly

Page 11

Types of fraud

Fraud Schemes

Fraudulent Statements Schemes

• Misstatement or omission of material information/accounting records from financial statements.

Misappropriation of Assets

• Theft or misuse of tangible and intangible assets. • Fraudulent expenditures.

Corruption Schemes • Utilizing influence in business transactions to obtain a personal benefit. • Bribery and/or extortion. • Aiding and abetting fraud.

Improper Capitalization/

Deferral of Expenses

Improper Revenue

Recognition

Improper Manipulation

of Tax Accounts

Fictitious Vendor

Theft of Assets

Theft of Intellectual

Property

FCPA/UK Bribery

Act

Procurement Fraud

Conflicts of Interest

Asset/Liability Manipulation

Improper Journal Entries

Employee Expense

Fraud

Payroll Fraud

Cash Skimming

Improper Accounting of

I/C Transactions

Management Estimates

Significant/ Unusual

Transactions

Page 12

Case studies

Page 13

Case study 1

The client An information technology equipment and services company that operates call centers for third parties. What happened A terminated employee (whistleblower) sent an anonymous email to his former employer’s customer alleging fraudulent billing practices. The investigation The investigation took place over a period of two months and focused on determining the fraudulent invoicing process, identifying the individuals involved, and quantifying the extent of the over-billing.

Page 14

Case study 2

The client A financial services organization based out of New York, with primary operations located in Los Angeles What happened A whistleblower (who was involved with the fraud schemes), grew frustrated and reported the fraudulent activities. The investigation The investigation took place over a period of three months and focused on identifying the fraudulent schemes, assessing the financial ramifications and impact on the financial statements. Additional time was spent assisting the client with preparing for the insurance claims process

Page 15

Case study 2 (continued)

Scheme Impact Work performed

Fictitious vendors and kick-back scheme

• $6M in payments made to fictitious vendors, or vendors that provided kick backs to the employees engaged in the scheme

• Analyzed invoices for three vendors, identified by the whistleblower as being party to the fraudulent schemes

• Gained understanding of which services were legitimate and which were overstated as a result of kick-backs

Employee Expense Fraud

• $3M identified as suspicious reimbursements

• Analyzed over $18M in expenses for 8 individuals

• Identified reimbursements for falsified credit card statements, false invoices for asset purchases, and other non-reimbursable expenses

Capitalization of non-existing assets

• Material error resulted in “Big R” restatement

• Over $3M in assets written-off from the balance sheet

• Identified assets from the fictitious vendor and expense fraud schemes that were capitalized

• Calculated the amounts incorrectly capitalized and depreciated during the period

Page 16

Fraud prevention

Page 17

Fraud prevention measures

► Tone at the top ► Anti-fraud programs ► Code of ethics ► Policies and procedures ► Continuous communication and reinforcement of fraud

prevention programs ► Anti-fraud training ► Fraud risk assessments

Page 18

Code of Ethics

Fraud Prevention Policies

Communication and Training

Fraud Risk Assessment

Controls Monitoring and Analytics

Incident Response Plan

Reactive

Proactive

Setting the Proper Tone

Elements of a successful corporate anti-fraud program

Anti-fraud key activities ►Corporate compliance

program design ►Corporate compliance

assessment ►Gap analysis ► Future state design

session ►Discovery response

planning ►Records and

information management

►Who owns fraud? ► Assign roles and

responsibilities ► Fraud and risk committee

formulation ►Customized training ►Corporate governance ►Design sessions ►Corporate anti-fraud

roadmap ►Hotline

► Fraud risk assessment ► Targeted anti-fraud analytics ► Internal control testing ► Internal control monitoring

► Investigations

►Response plan

►Discovery and document review

► Forensic data analytics

► Assessment & remediation

►Continuous improvement

Components of an anti-fraud program Fraud prevention

Management Ownership and Involvement

Page 19

Does your organization have whistleblowing hotlines?

Industry % Yes

Financial services 66

Life sciences 57

Power and utilities 56

Automotive 55

Other transportation 55

Oil, gas and mining 53

Government and public sector 53

Average of all respondents 51

Technology, communications and entertainment 50

Manufacturing and chemicals 48

Consumer products, retail or wholesale 47

Real estate 46

Other sectors 44

Professional firms and services 43

► Nearly half of the businesses in the survey do not have a whistleblower hotline

► Many businesses will find it very easy to describe how they are rewarding growth — but can they also articulate how they are rewarding an ethical culture?

Page 20

Dodd-Frank Whistleblower Program Source of Tips

► Since the beginning of the whistleblower program, the Commission has received whistleblower tips from individuals in sixty-eight (68) countries outside the United States.

► In Fiscal Year 2013 alone, the Commission received whistleblower submissions from individuals in fifty-five (55) foreign countries. The map below reflects all countries in which whistleblower tips originated during Fiscal Year 2013:

Source: 2013 An Ann SEC Annual Report to Congress on the Dodd-Frank Whistleblower Program

Page 21

ACFE 2014 Report to the Nations Frequency of anti-fraud controls

► Presence of anti-fraud controls ► Reduced fraud losses ► Shorter fraud duration

► 18 anti-fraud controls in the survey ► All percentages are higher in

organizations with 100+ employees

► Code of conduct – 77.4% ► IA department – 70.6% ► Management review – 62.6% ► Independent audit committee – 62.0% ► Hotline – 54.1% ► Employee support programs – 52.4% ► Fraud training (management and employees separate

in survey) – 47.8% ► Anti-fraud policy – 45.4% ► Dedicated fraud department, function or team – 38.6% ► Proactive data monitoring/analysis – 34.8% ► Formal fraud risk assessment – 33.5% ► Surprise audits – 33.2% ► Job rotation/mandatory vacation – 19.9% ► Rewards for whistleblowers – 10.5%

Page 22

Code of Ethics

Fraud Prevention Policies

Communication and Training

Fraud Risk Assessment

Controls Monitoring and Analytics

Incident Response Plan

Reactive

Proactive

Setting the Proper Tone

Elements of a successful corporate anti-fraud program

Anti-fraud key activities ►Corporate compliance

program design ►Corporate compliance

assessment ►Gap analysis ► Future state design

session ►Discovery response

planning ►Records and

information management

►Who owns fraud? ► Assign roles and

responsibilities ► Fraud and risk committee

formulation ►Customized training ►Corporate governance ►Design sessions ►Corporate anti-fraud

roadmap

► Fraud risk assessment ► Targeted anti-fraud analytics ► Internal control testing ► Internal control monitoring

► Investigations

►Response plan

►Discovery and document review

► Forensic data analytics

► Assessment & remediation

►Continuous improvement

Components of an anti-fraud program Fraud prevention

Management Ownership and Involvement

Page 23

Six steps to help protect your business

► Own the problem ► In businesses where the risks of fraud, bribery and corruption are properly acknowledged,

compliance is not seen as a “tick-box” exercise. In these businesses, management owns the problem, and boards challenge management to ensure that they are prioritizing risk and dealing with issues effectively.

► Deal with the issues - Make compliance relevant ► Making compliance relevant to local teams does not mean diluting the program or bending the

rules. It means engaging with teams to manage specific requirements while retaining a robust and consistent approach.

► Communicate the risks ► Businesses that have a strong code of ethics are not just good at controlling behavior. They excel

at communicating the risks of unethical conduct. ► Communicate the benefits

► Investors and regulators are looking for global companies to show their ability to prevent and detect fraud or other unethical behavior. This can often be demonstrated through an audit of the effectiveness of the compliance/internal audit function.

► Focus resources ► A sharp focus on key risks is critical, and begins with understanding where the risks are. Having

identified the risks, businesses need to act. Technology has a key role to play in helping focus resources. The use of forensic data analytics can identify incidences of anomalous activity and guide more detailed assessments.

► Ask questions, demand answers ► Companies with robust approaches to fraud, bribery and corruption exercise their audit rights on

third parties and insist that their suppliers regularly respond to requests for information.

Page 24

About us

► Matthew Baker is a Manager in the Los Angeles office of Ernst & Young. Matthew has experience serving a variety of engagements including fraud investigations covering asset misappropriation and financial statement fraud, litigation support for audit malpractice defense cases, FCPA risk assessments, and anti-money laundering compliance assessments and investigations.

► Matthew’s compliance experience includes working closely with a multi-national financial institution and its subsidiary to review policies and procedures, along with transactional information, for compliance with Bank Secrecy Act, Dodd Frank, and other anti-money laundering legislations.

► Matthew has led investigations into allegations of embezzlement, fraudulent billing schemes, and revenue recognition issues. Matthew has worked directly with the Internal Audit department of a Fortune 100 company, leading its internal investigations into allegations of asset misappropriation and other violations of company policy. Matthew has participated in international investigations and has experience coordinating investigative efforts with international teams.

► In addition, Matthew has experience providing litigation support to expert witnesses and counsel in preparation for audit malpractice defense litigations and arbitrations. Matthew also has experience managing FCPA risk assessments for companies in the consumer products and retail industries, overseeing assessments conducted in southeast Asia and Latin America.

► Matthew graduated from California State University, Long Beach with a Bachelor’s Degree in Business Administration, emphasis in Accountancy and a minor in Criminal Justice. He is a Certified Public Accountant (“CPA”), Certified Fraud Examiner (“CFE”), and a Certified Anti-Money Laundering Specialist (“CAMS”).

Matthew Baker, CPA, CFE, CAMS Manager Fraud Investigation & Dispute Services Phone: +1 213 977 3282 Email: matthew.baker@ey.com Ernst & Young LLP 725 South Figueroa Street Los Angeles, CA 90017

Page 25

About us

► Dasha Russ is a Manager in EY’s Fraud Investigation and Dispute Services (“FIDS”) practice. During her time with EY in the Los Angeles office, Dasha has worked on fraud investigations, risk assessments, internal audits and Foreign Corrupt Practices Act (FCPA) assessments for a variety of companies including several not-for-profits and Fortune 500 companies

► Dasha has worked on multiple engagements in the area of Anti-Money Laundering ("AML") and has assisted clients in assessing and mitigating AML risks. She has also worked in the field of audit malpractice defense where she assisted legal counsel with document review, issue analysis, and the creation of exhibit databases used during arbitration preparation. Dasha experience includes multi-national investigations involving expense fraud, regulatory compliance, and asset misappropriation. She has worked directly with government regulators to address regulatory concerns and requests.

► Prior to working with the FIDS group, Dasha worked in EY’s Advisory practice where she performed IT audits that focused on critical systems in support of the financial audit. Dasha has also worked on a range of internal audit project for several not for profits that focused on assessing grant compliance, quality controls procedures and assessment of policies focused on improving client operations. Dasha has also worked with several businesses on developing and performing enterprise risk assessments to measure and identify key risks for the organization using both bottom-up and top-down approaches.

► Dasha received her Bachelor of Science in Accounting with an emphasis on Accounting Information Systems from the University of Southern California. She is also a Certified Public Accountant.

Dasha Russ, CPA Manager Fraud Investigation & Dispute Services Phone: +1 213 977 4393 Email: dasha.russ@ey.com Ernst & Young LLP 725 South Figueroa Street Los Angeles, CA 90017

Page 26

Questions

EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

About EY’s Assurance Services Our assurance services help our clients meet their reporting requirements by providing an objective and independent examination of the financial statements that are provided to investors and other stakeholders. Throughout the audit process, our teams provide timely and constructive challenge to management on accounting and reporting matters and a robust and clear perspective to audit committees charged with oversight. The quality of our audit starts with our 60,000 assurance professionals, who have the breadth of experience and on-going professional development that comes from auditing many of the world’s leading companies. For every client, we assemble the right multidisciplinary team with the sector knowledge and subject-matter expertise to address your specific issues. All teams use our Global Audit Methodology and latest audit tools to deliver consistent audits worldwide.

About EY’s Fraud Investigation & Dispute Services Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority – no matter what the industry sector is. With our more-than-2,000 fraud investigation and dispute professionals around the world, we assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. We work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide. © 2014 Ernst & Young LLP. All Rights Reserved BSC no. 1403-1221809 This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com