The presentation provides overall insight of operational fraud risk management. It explains the operational fraud risk and mitigation strategies. The role of Internal audit and audit committee is further exemplified
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
Fraud risk management
1. FRAUD RISK MANAGEMENT
PRACTICAL SENSE -PART II
Sako Mayrick
ELSAM MANAGEMENT CONSULTANTS
WWW.ELSAMCONSULT.COM
2. Introduction
• Operational risk attaches itself to people, systems
and process
• Operational risk is the risk of loss resulting from
inadequate or failed internal processes, people and
E systems or from external events.
M
•
A It includes other risks such as legal risks, physical
C risks, political risks and environmental risks
• Fraud is part of operational risk in any organization
– Internal fraud such as tax evasion, assets misappropriation,
bribery, corruption and larceny
– External fraud such as theft, forgery, hacking and
information theft
2
www.elsamconsult.com
3. Evolution of Operational Risk
Credit Market Operation Complianc Informati Data Risk Other Risk
Risk Risk al Risk e Risk on Risk
Basic Strategic ERM Integrated
E
M
A
C
www.elsamconsult.com 3
4. Perception on operational Risk
• Joint McKinsey finds have shown that risk
management has not been able to prove its
value to organization
E • Operational risk is seen as immature discipline
M
A
that has often not proven its value to
C organization
• There is evidence that operational risk can be
destructive as market loose faith in management
and control following large events
• The discipline is focused more on measurement
than on management
www.elsamconsult.com 4
5. What is fraud?
• Fraud is a broad legal concept that generally refers to an
intentional act committed to secure an unfair or unlawful
gain.
E
M
• Misconduct is also a broad concept, generally referring to
A violations of laws, regulations, internal policies, and
C market expectations of ethical business conduct.
• It is an intentional act by one or more individuals among
management , those charged with governance, employee
or third parties involving the use of deception to obtain
an unjust or illegal advantage
5
www.elsamconsult.com
6. Why people commit fraud?
• Pressure on employee to misappropriate cash
or organizational assets
E • Employees committing fraud are not career
M
A criminals, they are trusted employees
C
• Dr. Donald Cressey, a criminologist developed
a model to get reasons for why people in
trust commit fraud
• Model is referred as fraud triangle
www.elsamconsult.com 6
7. Causes of Fraud - Rationalization
• Most of fraudsters are first time offenders
with no criminal past and therefore don’t
E
view themselves as criminals
M • They must always justify the crime in a way
A
C that makes it an acceptable and justifiable act
(rationalization) e.g. I was underpaid, my
employer cheated me, my employer is
dishonest, I was entitled to the money or I
was only borrowing money.
www.elsamconsult.com 7
8. What causes fraud?- Fraud Triangle
Pressure or
Incentive
E
M
A
C
Fraud
Rationalizatio
Opportunity n
All the three factors must be present for fraud to occur, if any one of the three8
www.elsamconsult.com
is missing, fraud will not occur
9. Why fraud happens?
Opportunity- due to weak
And override of controls
E
M
A
C
Pressure
Fraud Need/
Unrealistic
Corporate Rationalization
Target can •Every one
Force Does it
Employees to •Simply borrow
Commit fraud -money
9
www.elsamconsult.com
10. Causes of Fraud (Pressure/Incentive)
• It is a perceived non-sharable financial pressure
• Non-Shareable involves some sort of embarrassment,
shame or disgrace
• It is the first motivation for crime
E
• A person may have financial problem that cannot be
M
A
solved through legitimate means
C – Consideration for illegal acts such as stealing cash or
falsifying a financial statement as a way to solve problem
– It can be deep personal debt or a job/business is in
jeopardy e.g. Desire for status symbol eg. Big house,
nicer car; need to meet productivity targets; drug or
gambling addition or inability to pay bills
– It can sexual addiction and importance of status
www.elsamconsult.com 10
11. Causes of fraud (Opportunity)
• It is a perceived opportunity defining method by
which crime can be committed
• Involves uses of position of trust to solve
E financial problems
M
A • It is critical that the fraudster be able to solve
C problem in secret since motivation is over the
status
• Always the fraudster will act in secret e.g.
forcing bank reconciliation to balance if he had
paid a cheque to oneself.
www.elsamconsult.com 11
12. Fraud Triangle - Limitations
• Not applicable to professional fraudsters or
predatory employees ( employees taking job
E with intent to stealing from the employer)
M
A • Rationalization is only necessary for first
C
commitment of fraud and afterwards it is
abandoned
www.elsamconsult.com 12
13. Fraud Triangle-Deterrence measures
• Reduce pressures on employees that might push
them to committing fraud
• Reduced perceived opportunities to commit
fraud
E
M • Dispel rationalization for engaging in fraudulent
A conduct
C
• Sanctions does not work, why
– Fraudsters never think that they can be caught in a
perceived opportunity
– Fraudsters always rationalize their conduct
– Sanctions are only secondary consideration
www.elsamconsult.com 13
14. Types of fraud
Asset
Fraudulent Misappropriation
Financial
Reporting
E Other
M Questionable
A Manipulation, falsification/alteration of or Improper
C records or documents Business
Misappropriation of assets Practices
Suppression or omission of the effect of
transaction from records or documents
Recording transaction without substance
Misapplication of accounting principles
14
www.elsamconsult.com
15. Fraud Indicators (Red Flags)
• Aggressive application of accounting codes
• Information provided unwillingly or after unreasonable
delay
• Unsupported transactions
E
M
• Fewer confirmation responses
A • Evidence of unduly lifestyle by officers or employees
C • Long outstanding imprest balances
• Poor documentation
• False & improper entries in records
• Unauthorized payments
• Unauthorized use of corporate assets
• Misapplication of funds
15
www.elsamconsult.com
16. Fraud Indicators (Red Flags)
• Undue secrecy
• Questionable practices
• Significant manager or director transactions
E • Drop of sales or earnings
M
A • Aggressive accounting treatment
C • Posting of transactions to headquarters
• Receipt of poor quality goods
• Related party arrangements
• Weak security checks for employees
• Delay in submission of reports
16
www.elsamconsult.com
17. Fraud indicators (Red flags)
• Flouting directives and regulations
• Personal interest
E
• Uncorrected entries and stock adjustments
M • High fly management decisions
A
C
• Incompatible functions done by one person
• Misuse of computer for private business
• Frequent use of allocated issue voucher even
when the system is available
• Questionable system adjustments
17
www.elsamconsult.com
18. Fraud Indicators
• Unauthorized transactions
• Cash shortages
• Unexplained variation in prices
E • Missing documentation
M • Excessive refunds
A • Living beyond ones means
C
• Drug and alcoholic abuse
• High personal debt/loses
• Compulsive gambling/stock speculation
• Risk of increase IT, increases the risk of manipulation,
access control
18
www.elsamconsult.com
19. Fraud Indicators
• Management Environment
– Pressure
– Management style and attitude
E
M • Competitive and business environment e.g. technology
A • Employee relationship ( spouse receiving non competitive
C contract)
• Attractive assets
• Internal controls
• Lack of separation of duties
• Too much trust placed on few employees
19
www.elsamconsult.com
20. Personal Fraud indicators
Although the level of fraud risk at an organisation may be
assessed as low, individuals in the business can have a
personal motivation to commit fraud
E
– Personal pressures
M – Individual performance targets
A – Infiltration by organised crime
C
Controls may be overridden or ignored by certain individuals:
– Powerful (overrides controls, staff intimidated)
– Successful (not to be bothered, too busy earning money)
– Trusted (responsibility has moved beyond their job
description)
20
www.elsamconsult.com
21. Managing Fraud -Forces
Risk Management
Director & Officer Internal Audit
Code of Ethics Staff Regulations
Liability
E
M
A Entity Governance and Responsibility
C
Business Plan and Stakeholders Reputation and
Customer Service
Budget Procurement and pressures Credibility
Surveys
Finance Acts
21
www.elsamconsult.com
22. Business environment
• Rapid increase of activities Weak competition
• Rapidly growing sales
• Relatively high profitability
E
M ….. In such an environment, effective anti-fraud
A
C
measures can be ascribed low priority or be
undetected because the current level of
profitability allows for fraud losses to be absorbed
within existing profit margins.
…. Consider tough times ahead…. More
competition, changing government regulations?
22
www.elsamconsult.com
23. Do we have any fraud mitigation?
• What are they?
1. Reviewed and Strengthening of internal controls
2. Periodic compliance audit
E
3. Employee hotline
M 4. Appointed compliance personnel
A 5. Establish and implement code of conduct for all employees
C 6. Conducted background check for hires with budgetary
responsibility
7. Instituted fraud awareness training
8. Tied employee evaluations to ethics or compliance objectives
What is your answer on the above from 0-10
23
www.elsamconsult.com
24. Fraud Risk Management Techniques
Management
Internal Controls Whistle-blowing
E Internal Audit
M
A
C ?
Reliance
24
www.elsamconsult.com
25. Controls Barriers
Good controls on paper are not strictly followed in
practice
Grey areas in the rules – open to interpretation
Lack of segregation of duties
E Collusion
M Management override
A
C
Failure of senior management to lead by example
Bureaucracy &/or formulaic compliance
Failure to share knowledge of fraud experience, control
weaknesses and control improvements
Clash of cultures
25
www.elsamconsult.com
26. Objectives of Fraud Risk Management
controls designed to
reduce the risk of fraud
controls designed to and misconduct from
take corrective action occurring in the first place
E Response Prevention
M and remedy the harm
caused by fraud or
A
misconduct
C
Detection
controls designed to
discover fraud and
misconduct when it
occurs
26
www.elsamconsult.com
27. Fraud Risks Management - Measures
Prevent
fraud and
misconduct
Detect
occurrence
Respond
appropriately if
discovered
www.elsamconsult.com 27
29. Fraud risk assessment
• Before an organisation can develop an effective program to prevent and detect
fraud, it must first understand the types of fraud risk, including specific types of
frauds and schemes, to which it may be vulnerable.
Qualitative factors in the assessment include:
• the accounting system
• complexity, volume and nature of
E transactions
M • internal controls in place
Significance / Impact
A • compliance, training and monitoring
C
Incorporates the views of:
• management;
• control functions;
Likelihood
• line employees
Management are then able to:
• Prioritise identified risks and evaluate the existing controls
• Link each risk to specific controls and commit resources to implement any
enhancements www.elsamconsult.com 29
30. Fraud Risk Management Experiences
• Surveys suggest that:
1. Over 50% of frauds are discovered as a result of
information provided by staff
E
M 2. Losses after an introduction of a whistle-blowing
A
C
hotline can be reduced by up to 60%.
3. Staff prefer the following reporting channels:
57%: a telephone hotline;
20%: conventional mail; and
16%: e-mail.
Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse
www.elsamconsult.com 30
31. FRM – Hotline best practices
Confidentiality All matters treated confidentially; reported on a need to know
basis
Anonymity Process should allow for anonymous submission & resolution
E Availability Should be available in remote outposts, not just head office
M
A A ‘live’ response – operators need to be qualified, trained & able
Assistance – Real Time
C to provide advice
Procedures Consistent protocols to gather information and manage the call
Classify & Notify Qualified staff assess the allegation; protocols establish basis for
escalation & investigation
Communicate Publicise the hotline prominently; commit to, & test for, non-
retaliation
www.elsamconsult.com 31
32. FRM - Response
Objective is to take corrective action & remedy the harm caused by fraud or
misconduct:
• Examine the primary cause of the control breakdown, ensuring that risk
E is mitigated and controls are strengthened.
M
A • Discipline those involved in the inappropriate actions, as well as those in
C management positions who failed to detect or prevent such events.
• Communicate to the wider population of employees that management
took appropriate, responsive action.
www.elsamconsult.com 32
33. FRM - Basis of Investigation
• Consideration should be given to:
• Data and information gathering;
E • Interviewing techniques;
M
A • Appropriate resource;
C • Analytical tools such as data mining; and
• MSD intelligence information.
www.elsamconsult.com 33
34. Fraud investigation
• Once the symptoms of fraud are found and
additional tests have indicated that there is a
E
strong possibility of fraud, the review enters
M the formal investigation phase
A
C • Investigator must know;
– Results of investigation can be used later as an
educational tools for auditors, fraud investigators
and other employees
34
www.elsamconsult.com
35. Fraud investigation- stages
• Briefing management, followed by terms of reference
detailing the initial scope of work
• Communication with parties involved e.g. Internal audit,
audit committee and accounting staff
E • Determining the extent of fraud
M
A • Interviewing the defrauder ( only if fraud is known with
C certainty)
• Investigating the known area with detailed audit test. E.g.
Procurement tendering, wages, cash debtors and stock
• Report to the management on the findings, with copies to
interested parties e.g. Internal auditor, audit committee.
www.elsamconsult.com 35
36. Investigation – details of report
• Circumstances which led to investigation
• Fraud discovered and their extent
E
M
• Identity of the defrauder
A
C
• Effects on the reported profit of the past
period
• Effects on f/s of current periods
www.elsamconsult.com 36
37. Investigation – details of report
• IC weakness which allowed the fraud and
recommendations for eliminating them
• Report of any interviewing with the
E
M
defrauder, including offers of restitution
A etc, which may be relevant to management
C in deciding what action, if any they should
take against him/her
• If there is any suggestion that the internal
auditors has been negligent the extent of
claim against him.
37
www.elsamconsult.com
38. Action upon proof of fraud or error
• investigator should
– Consider the potential effects in F/s
E – Where the fraud is material the auditor should
M modify the audit procedures so as to perform
A procedures appropriate to circumstances
C
depending on the type of the fraud/error
suspected, the likelihood of their occurrence and
extent of damage in the F/s
38
www.elsamconsult.com
39. Action upon proof of fraud or error
• If some proof of fraud exists, management
has several options
E – Cause a deeper audit to be done if amount of
M loss appears substantial
A – Terminate employee responsible if loss is minimal
C
– File a claim to recover a loss from clients fidelity
insurance agent
– Arrange with law enforcement agents to probe
into the matter
www.elsamconsult.com 39
40. Action upon proof of fraud or error
• If some proof of fraud exists, management
has several options
E – Engage a private investigator to probe into
M
A the loss and document it for claim
C
purpose/prosecution
– Disregard losses if minimal and tighten
controls
– Alert the directors, audit committees or
the Board
40
www.elsamconsult.com
41. Fraud deterrence measures
• Strong internal Control System is not a warrant from fraud
– Entity should have an effective anti-fraud and corruption
strategy which is aimed at encouraging
prevention, promote early detection and respond to
E concern raised
M – Awareness programs to employees
A
C – Screening job applicants
– Sound corporate policy on fraud
– AVOID atmosphere of distrust and paranoia by over-
emphasising fraud deterrence measures.
41
www.elsamconsult.com
42. Fraud Deterrence –three lines of defense
• Management should ensure enforcement of compliance with
operations SOPs
• Risk management function should be embedded in business
activities
E • Internal audit should be proactively risk based
M
A
C
www.elsamconsult.com 42
43. FRAUD REPORTING
• It is important to stick to facts, and to
discount hearsay, rumour, or opinion and
E record what is relevant to the cause of the
M
A
incident and its effect
C
• Audit reports on fraud and other
improprieties should be addressed to the
right person who can take action
www.elsamconsult.com 43
44. FRAUD REPORTING
• Report must contain all details of fraud
• Must provide framework to analyse the fraud case
E • Must enable the user to develop improved
M management and security policies and detect and
A
C
prevent fraud.
• Investigation and reporting should proceed in such a
way that the outcome will be litigated. Recording
exact times, data, names of person and specific;
description of evidence are critical in civil or criminal
investigation or litigation
www.elsamconsult.com 44
Editor's Notes
Basel II components
The pressure here is not financial pressure but non-shareable financial pressure because every body has financial pressure, but not everybody commits fraud