1. ACFE Regent Emeritus Tommy Seah FCPA,CFE,CSI,FAIA,ACIB,MSIDpresents Implementing and Improving Internal Controls

2. Implementing and Improving Internal Controls Articulating the increasing need for comprehensive in-house fraud control procedures Optimizing the accuracy and reliability of data acquired through internal inspections Detailing the process of applying controls inside the organization, and demonstrating the outcome 3. .. financial institutions must have in place, all the necessary measures to deter or prevent fraud andconstantly review all its controlsand measures and alsohave in place a fraud management functionto prevent loopholes that fraudsters can exploit. who (a rticulate)said that ? 4. march 05, 2009 at Shangri-La hotel and the guest of honour wasMs Teo Swee Lian, Deputy Managing Director, MAS. 5. Why is Internal Control Important?

Operations

Promotes efficiency and effectiveness of operations through standardized processes

Ensures the safeguarding of assets through control activities

Financial Reporting

Promotes integrity of data used in making business decisions

Assists in fraud prevention and detection through the creation of an auditable trail of evidence

Laws and Regulations

Helps maintain compliance with laws and regulations through periodic monitoring

6. Limitations of Internal Control

Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc.

Controls that depend on the segregation of duties may be circumvented by collusion

Management may override the structure

Compliance may deteriorate over time

7. TheTrinityofControls Internal Audit CPA(CIA)CSI, CISA Compliance CPA,LLB, CSI Risk Management CPA,CFACSI Financial Control The Fraud Examiner CFE The Certified System Investigator CSI The Existing model 8. The Spectrum of Risk www.cfe-icg.com What is Risk ? Operational Risk Liquidity Risk Credit Risk Reputational Risk Market Risk B E C D A 9. www.cfe-icg.com Investigative auditing( suspicious, unusual activities, allegations) E.g.. Money Laundering penetration Test Internal audit(COSO + COBIT+ ISO ExternalAudit Forensic audit(Specific, Post event) Eg. NKF, CAO 10. Fraud Control Principle 11. Copyright (c)2006 www.cfe-icg.com If an organisation accepts that it is exposed to fraud and no organisation is immune to fraud the next step is to apportion responsibilityfor fraud risk management. 12. Copyright (c)2006 www.cfe-icg.com WHY is there a need for the paradigm shift ? Historically, the management of fraud risk does not lie with any one particular department or practitioner. 13. Internal Audit CPA(CIA)CSI, CISA Compliance CPA,LLB, CSI Risk Management CPA,CFACSI Financial Control The CPA The Fraud Examiner CFE The Certified System Investigator CSI The Paradigm Shift Investigation Unit FRM Unit S.T.A.R Strategic Tracking and Resolution 14. Copyright (c)2006 www.cfe-icg.com FRMcan be handled internally or be outsourced,and how it is handled is affected by many variablessuch as organizational size, industry sector, geographical location, cultural dynamics -and management perception of the problem. 15. Copyright (c)2006 www.cfe-icg.com Regardless of these variables, any fraud prevention and control model should aim to achieve one, or all, of thefive primary objectives: 16. Copyright (c)2006 The five primary objectives: _ Prevention_ Deterrence_ Disruption _ Identification_ Civil action/criminal prosecutionwww.cfe-icg.com 17. The Red Flags of fraud www.cfe-icg.com Text Alcohol Gambling Drugs Sex Profile of A Person Who Commits Fraud Given theright circumstances , almosteveryone can rationalize that it is OK to commit fraud.. 18. www.cfe-icg.com What type of individual commits FRAUD? It is not limited to any one type of person. Who Commits Fraud? 19. The Fraud Triangle. Auditors Domain Fraud Risk Management Fraud Risk Management Perceived Pressure Rationalization Perceived Opportunity 20. Detailing the process of applying controls inside the organization, and demonstrating the outcome 21. STEP 1: EVALUATE THE ORGANIZATION'S FRAUD RISK FACTORSTo identify which factors increase the risk for fraud within an organization, examiners should analyze industry and business operations, hold discussions with management, review previous frauds committed against or on behalf of the company, review company performance, and evaluate similar frauds that occurred at competitors' organizations. 22. STEP 2: IDENTIFY POSSIBLE FRAUD SCHEMESThe ability to identify specific schemes resulting from fraud risk factors depends on the examiner's knowledge of this area. Fraud specialists, including individuals with certified fraud examiner (CFE) designations and Certified Systems Investigator (CSI) are ideal for this step of the process, as they possess specialized knowledge of fraud detection and investigation. 23. STEP 3: PRIORITIZE IDENTIFIED FRAUD RISKSFraud is not just an ordinary risk, but also an inherent and significant one. Once the fraud schemes database is populated, management and internal auditing should identify the frauds that pose the greatest risk for the organization. 24.

Examiners should consider the following factors when prioritizing fraud risks:

Financial impact to the organization.

Reputation risk of negative publicity associated with fraud.

Loss of productivity.

Potential criminal/civil actions taken against theorganization. (Such as Data Breach EU95/46 on PII)

Loss of company assets.

25. STEP 4: EVALUATE MITIGATING CONTROLSInternal s Auditors with CFE qualifications are well-positioned to review and counsel on the existence and operational effectiveness of internal controls. In step four, the examiner/auditor should evaluate the high-priority frauds and determine if the necessary controls are in place to reduce the risk of occurrence. This step takes time, as the auditor should attempt to identify more than one control for each fraud scheme. 26. Fraud Consideration at all stages of engagement Perform Audit Plan Develop Audit Plan Perform Preliminary Planning Perform Pre-Engagement Activities Conclude & Report PROFESSIONAL SKEPTICISIM DOCUMENTATION GATHER AND ASEESS FRAUD RISKS 27. Questions? 28. Thank You ! Tommy Seah www.cfe-icg.com www.cfe-in-practice.net www.csi-worldhq.org also on Facebook Tel+65 6222 9861 Mobile+65 9106 9872 Contact Details: