The document discusses how fraud and integrity risks are changing and increasing during the economic downturn. It summarizes that incentive/pressure, opportunity, and rationalization - the three conditions of the fraud triangle - are all heightened. Specific fraud risks that may emerge include issues in the supply chain, revenue leakage, bribery, anticompetitive practices, improper financial reporting, data theft, and weakened internal controls. The document recommends that organizations assess these risks, employ data analytics to detect misconduct, and implement a comprehensive antifraud framework based on the COSO model to proactively manage fraud risks.
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
09/16/2009 Meeting - Fraud In A Downturn
1. Fraud in a Downturn
A review of how fraud and other integrity risks affect business
September 16, 2009
Presented by Kristin Rivera PartnerPresented by Kristin Rivera, Partner
4. Section 1 - Introduction
The landscape
• The economic downturn is changing the nature and scale of fraud and
integrity risks that organizations face.
– The speed of change increases the opportunities to commit fraud.g
– More people will feel real pressure to ‘cross the line’ or to look the other way
while others do so.
The receding economic tide has exposed more frauds that have been ongoing– The receding economic tide has exposed more frauds that have been ongoing
while economic conditions were good.
– As the economy rebounds, companies will feel pressure to improve performance
and this may also lead to inappropriate actionsand this may also lead to inappropriate actions
• Fraud and integrity are critical business issues—not just legal and
compliance issues.p
• The regulatory pendulum has swung back to its post Enron position, and
public sentiment against white collar crime is one of zero tolerance.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 2
5. Section 1 - Introduction
The landscape
• How are fraud, corruption, abuse and other integrity threats changing during
this period of economic decline?
• What are the fraud schemes that may emerge and the likely regulatoryy g y g y
response?
• What strategies are proactive organizations implementing to manage short-
term risks but also enhance long-term stakeholder value?term risks but also enhance long-term stakeholder value?
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 3
6. Section 1 - Introduction
The fraud triangle
Developed by Dr. Donald Cressey, the Fraud Triangle describes three
conditions that are commonly found when fraud occurs.
Incentive/
pressure
!Fraud risk
Opportunity Rationalization
The global economic decline is such that each of these three factors are
heightened as never before.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 5
7. Section 1 - Introduction
The fraud triangle
Incentive/Pressure
As people lose their jobs pressures
increase. Those still in employment
Incentive/
pressure
increase. Those still in employment
feel ever more threatened, the
pressure to commit fraud will increase.
When someone’s livelihood rests on
!Fraud riskWhen someone s livelihood rests on
obtaining a new order, some people
will make the wrong choice while
others will look the other way Opportunity Rationalization
Fraud risk
others will look the other way. pp y
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 6
8. Section 1 - Introduction
The fraud triangle
Opportunity
The economic downturn is forcing an
unprecedented pace of change. As
Incentive/
pressure
unprecedented pace of change. As
change happens, gaps in the control
system can and will appear.
Checks and balances put in place to
!Fraud riskChecks and balances put in place to
maintain control may be abandoned
and procedures whose purpose was to
detect anomalies may be suspended Opportunity Rationalization
Fraud risk
detect anomalies may be suspended. pp y
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 7
9. Section 1 - Introduction
The fraud triangle
Rationalization
In difficult economic times the capacity
for people to rationalize fraud and
Incentive/
pressure
for people to rationalize fraud and
corruption increases.
“The company is fundamentally sound
if I have to cross the line to get us
!Fraud risk– if I have to cross the line to get us
through the next six months, so be it.”
Opportunity Rationalization
Fraud risk
pp y
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 8
11. Section 2 - Fraud and integrity risks
Fraud and integrity risks
Given these circumstances, what are
the likely effects on corporations,
investors, regulators and government?
We believe board and audit
committees should be asking
themselves and key stakeholders the
questions below…
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 11
12. Section 2 - Fraud and integrity risks
Fraud and integrity risks
1. How much are fraud and abuse losses in the supply chain and through
revenue leakage costing your business?
– Fraud losses can run as high as 7% of revenue.1g
– Studies show that effective fraud management produces an 8:1 return on
investment,2 and strong controls reduce fraud by at least 30%.3
1 Association of Certified Fraud Examiners 2008 Report to the Nation on Occupational Fraud and Abuse.
2 Nelsestuen, Rodney, Enterprise Fraud Management in Financial Services: Restoring Confidence in an Uncertain World, Tower Group, September 2007.
3 Kielstra, Paul, Global Fraud Survey, The Economist Intelligence Unit, 2008.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 12
13. Section 2 - Fraud and integrity risks
Fraud and integrity risks
2. Is your organization at risk of DOJ, SEC or foreign government scrutiny for
public and commercial bribery in the US or overseas?
– There remains significant opportunity within global organizations to engage ing y g g g g
bribery via “consulting payments” in order to win new business.
– The anti-bribery provisions of the FCPA prohibits corrupt payments to foreign
officials for the purpose of obtaining or keeping business.
– Regulators are prosecuting companies and their directors and officers for the
inappropriate actions of business partners in the sales channel and supply chain
such as distributors and sales agents.
– Many organizations face significant reputational, legal and financial risk from
inadequate due diligence and monitoring controls in relation to business partners.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 13
14. Section 2 - Fraud and integrity risks
Fraud and integrity risks
3. Is your organization at risk of breaching competition laws?
– The Justice Department and Federal Trade Commission levied fines totaling
billions of dollars in 2008 related to the investigation and detection of anti-
competitive cartel practices.
– The regulatory fines that can be levied for price fixing, bid rigging and market
sharing can be up to 10% of turnover.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 14
15. Section 2 - Fraud and integrity risks
Fraud and integrity risks
4. How robust are your controls in treasury and banking operations?
– When control environments weaken, rogue traders have the opportunity to
operate undetected as they trade beyond the limit of their authority.
– As companies approach banking covenant breaches, the temptation to ‘massage’
the numbers provided to their banks will increase.
– As banks face pressure to control their own costs the resources available toAs banks face pressure to control their own costs, the resources available to
counter this threat are constrained.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 15
16. Section 2 - Fraud and integrity risks
Fraud and integrity risks
5. Is your organization at risk of significant data theft?
– Criminal organizations have for some time recognized the value of personal data,
and while bank account details continue to have a black market value, there will
be a significant risk of theft.
– Consider where you are holding personal information and how this data is
controlled.
– Not enough is being done to address the risk of deliberate theft by criminal
organizations working in collusion with permanent, short-term or temporary staff
to infiltrate organizations and circumvent existing control systems.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 16
17. Section 2 - Fraud and integrity risks
Fraud and integrity risks
6. How well does your organization employ data analytics to prevent and
detect misconduct?
– Where senior managers have colluded with third parties to misrepresent financialg
information and statements, fraud can be difficult to identify unless the company
has robust internal controls and processes in place.
– Fraud and forensic technologists find that even fraud that is the result of collusion
can cause data anomalies that companies can identify using data analytics.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 18
18. Section 2 - Fraud and integrity risks
Fraud and integrity risks
7. Are you weakening your first line of defense?
– Operations and finance personnel are the first line of defense against fraud,
corruption and abuse.
– Because the legal and internal audit functions are removed from the day-to-day
business, it is not wise to rely on them as the principal line of defense.
– Downsizing unless carefully planned and managed skyrocketsDownsizing, unless carefully planned and managed, skyrockets
misconduct risks.
– Downsizing can eliminate critical segregation of duties. The fear of being the one
selected for downsizing can lead employees to engage in fraud to cover upselected for downsizing can lead employees to engage in fraud to cover up
innocent mistakes.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 19
19. Section 2 - Fraud and integrity risks
Fraud and integrity risks
8. If a crisis occurred, how well prepared are you to react?
– Companies need to be ‘investigation ready’, with policies in place regarding the
conduct of investigations and knowledge of where data is stored and how it can
be speedily retrieved.
– e-Discovery readiness is an increasingly critical component of litigation.
– Organizations are expected to conduct comprehensive root-cause analysis andOrganizations are expected to conduct comprehensive root-cause analysis and
implement and monitor controls to prevent recurrence.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 20
21. Section 3 - The strategy of the proactive organization
The PwC antifraud framework
Control environment
• Board oversight
• Codes of ethics/conduct
• Anonymous reporting
Fraud event identification and risk assessment
Identify entity
level scheme
& scenario risks
Assess
likelihood
& impact
Conduct
self-assessment
at functional & local
• Other entry
level activities
business unit levels Develop a
risk response
Continuous
Incident response
& remediation
• Investigate
• Perform root
cause analysis
Monitoring Activities
• Monitor fraud risk
factors and indicators
• Audit for ‘red flags’
Entity and business process level
control activities
Develop new
/enhance
existing
Validate
operating
effectiveness
Evaluate
control
designs
Continuous
reassessment
y
• Search for
other misconduct
• Enhance controls
existing
controls
effectiveness designs
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a model for evaluating internal controls. This model has
been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure
the effectiveness of their systems of internal control. We have adapted the COSO framework to illustrate some of the key elements of a fraud and integrity risk
control framework.
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 23
22. Section 3 - The strategy of the proactive organization
The PwC antifraud framework
Areas to consider
• Organizational tone
Management information• Management information
• Communication and training
• Risk identification• Risk identification
• Control linkage and evaluation
• Preventive controlsPreventive controls
• Monitoring and auditing
• Incident response and remediationp
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 24
24. About PwC Forensic servicesAbout PwC Forensic services
Fraud Prevention and Detection Experience
• PwC is a leader in the prevention, investigation and remediation of fraud.
• We have invested over 100,000 hours researching common, sector- and market-specific misconduct
h i l i f d l t ti t i i ti d i i l d tschemes involving fraudulent reporting, asset misappropriation, and criminal conduct.
• Our risks and controls professionals developed manuals detailing the mechanics, controls, risk indicators
and detection procedures for hundreds of fraud scenarios, which are tailored to specific client needs
and circumstances.
• Hundreds of companies have used our anti-fraud framework—which has been embraced by COSO, SEC,
IIA, and the AICPA—to benchmark the effectiveness of efforts to guard against misconduct.
Contact Us
K i ti RiKristin Rivera
Partner
kristin.d.rivera@us.pwc.com
Tel: (415) 498-6566
Fraud in a Downturn • A review of how fraud and other integrity risks affect business 28