managing fraud and fraud risks as part of an overall organizational cost reduction strategy guido...

Managing fraud and fraud risks as part of

an overall organizational cost reduction strategy

Guido van Drunen, Principal

June 16, 2011

Advisory Services

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 50716SFO

2

What we are going to be speaking about

Risk management is becoming more and more part of everyday corporate governance and compliance. One risk that all organizations are faced with is fraud, waste, and abuse, yet little is done to specifically address this risk and at times significant business cost. This session will address the cost of fraud waste and abuse to organizations and key strategies for minimizing costs through prevention programs, proactive detection programs and how to respond to incidents of fraud, waste, and abuse to limit further losses, mitigate fines, and attempt to recover losses.


3

The problem: Fraud, waste, and abuse are business costs.

The 2010 Association of Certified Fraud Examiners (ACFE) report to the nation makes the following key observation:

“While it is unlikely that we can accurately measure the true costs of occupational fraud at any given point in time, it is still useful to try to gain some understanding of the scope of the problem with which we are confronted. Accordingly, we asked each survey participant to provide his or her best estimate of the percentage of annual revenues lost by the typical U.S. organization to fraud each year. Survey participants estimated that the typical organization loses 5 percent of its annual revenue to fraud.”

Source: 2010 ACFE report


4

The real cost

Even if the 5 percent figure is double or triple what might be occurring at your organization, the amount is still meaningful.

The amount noted above does not include the costs of investigations, management down time, and/or distractions.

While we will not discuss the issue here, there is also the cost (often times unmeasurable) on the ethical environment of the organization.

Suffice it to say the measure and quantity of the projected losses are significant.


5

The current environment

U.S.: Gross Domestic Product $14.6 trillion¹

Estimated Fraud Loss Rate² 5%

U.S. Cost of Fraud $700 billion

1 Estimate for FY 2010, per U.S. Dept of Commerce Bureau of Economic Analysis2 2010 ACFE Report to the Nation on Occupational Fraud and Abuse


6

Occurrences and cost of fraud

2010 ACFE Report to the Nation on Occupational Fraud and Abuse

Con-sumer 23%

Em-ployee

37%

Finan-cial

Report-ing4%

In-suran

ce5%

Mis-conduct4%

Com-puter Crime

6%

Ven-dor-re-lated21%

Percentage of fraud occurrences

Consumer 4%

Employee 1%

Finan-cial

Report-ing

76%

In-suran

ce17%

Others1%

Percentage of total fraud of cost


7

Important but hard to define costs and benefits

Leaving aside the less readily quantifiable benefits which result from strong antifraud programs and controls such as:

Tone at the top

Deterrent effects

Employee morale

Sustainability

Operational efficiencies, etc.

The potential losses projected by the ACFE provide a significant opportunity set to warrant focusing cost reduction initiatives on them.


8

Key strategies for minimizing costs through prevention programs

Conduct a high-level fraud risk assessment of the organization. This can be part of the standard enterprise risk management process.

Identify those areas considered to be of potential higher risk due to a number of issues such as volume of transactions, nature of the industry, dollar values processed, past issues, strength of control structure, ability to collude, etc.

Select the top three risks and use automated tools to conduct tests for fraud, waste, and abuse.

Assess the output produced and conduct appropriate follow-up.


9

Misappropri-ation of assets

Revenue/assets

improperly gained

Expenses/liabilities

for improper purposes

Expenses/liabilities

improperly avoided

Fraudulent financial reporting

Other misconduct

Types of fraud and misconduct risks


10

Integrity survey 2009Key findings

Prevalence of fraud and misconduct remains high

Have you personally observed or do you have first-hand knowledge of wrongdoing within your organization?

2000

2005

2008

0 20 40 60 80 100

76

74

74

Source: KPMG Integrity Survey 2009


11

Integrity survey 2009Key findings (continued)

Would the observation cause a “significant loss of public trust?”

Source: KPMG Integrity Survey 2009

2000

2005

2008

0 20 40 60 80 100

49

50

46


12

Proactive detection programs

The ACFE has identified that the procurement cycle, T&E, and payroll account for over 60 percent of all organizational fraud cases.

While the largest risk remains the manipulation of the financial statements, there are opportunities for potential cost reduction in the areas identified above which are a much larger volume of the fraudulent activity and can have an integrity impact on the overall organization.

Proactive companies will have policies and procedures that contain clear segregation of duties, layout clear implications for fraud and include whistleblower policies, an anonymous hotline, and outline key oversight roles such as internal audit and/or compliance.


13

Enablers of fraud and misconduct

Source: Fraudulent Financial Reporting 1987–1997: An Analysis of U.S. Public Companies (COSO Study)

Collusion between employees and management

Collusion between management and third parties

Collusion between employees and third parties

Inadequate oversight by directors over management

Management override of internal controls

Inadequate internal controls or compliance programs

0% 20% 40% 60% 80% 100%

27%

32%

43%

44%

47%

66%


14

Detecting fraud and misconduct

Other means

Government regulators or law enforcement

Customers or suppliers

External auditors

Line managers

Employee whistleblowers

Internal audit, legal, or compliance personnel

0% 20% 40% 60% 80% 100%

2%

3%

4%

9%

13%

20%

47%


15

Response to fraud

Response: Policies, procedures, infrastructure, relationships, and other measures designed to help a company react appropriately when fraud is discovered to help minimize damage as well as find and eliminate root causes of the fraud

Limit losses: Should you encounter incidents of fraud, a quick response is essential to limit losses. The longer a potential fraud is not addressed, the larger the loss to the organization and the larger the potential fines.

Mitigate fines: Often, a proactive approach when responding to potential fraud can result in lower fines from the government due to taking initiative and possibly presenting findings to the regulators prior to government investigation.

Recover losses: Conducting fraud-related testing on certain areas within an organization which are considered to be higher risk could result in an enhanced control structure, identification of losses, the potential opportunity to prevent further losses, and recovery of identified losses.


16

Conclusions

Even if the fraud, waste, and abuse at your organization is at a significantly lower level than that estimated by the ACFE there is still a significant cost reduction opportunity that may be obtained.

Traditionally, the low-hanging fruit resides in the procurement cycle, T&E and payroll; simple testing can have both monetary and nonmonetary benefits.

The benefits outweigh the costs, and even if nothing is located, it will demonstrate a desire to be compliant with the Corporate Sentencing Guidelines regarding antifraud programs and controls.

Thank you

Presenter’s contact details

Guido van Drunen

KPMG LLP

206-913-4208

[email protected]

www.kpmg.com


The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

managing fraud and fraud risks as part of an overall organizational cost reduction strategy guido...

Documents