Más contenido relacionado




Anti fraud program

  1. Strategies for Implementing a Formal and Effective Anti-Fraud Program Josh Shilts CPA/CFF, CFE
  2. MIS Training Institute Session 13 - Slide 2 n We will NOT discuss: u The definition of Fraud u Types & Categories of Fraud u Why people commit fraud n What we will do: u Discuss steps for you to use in implementing your anti-fraud program (“AFP”) u Assess and understand fraud management & forensic accounting techniques u Understand what is necessary for an anti-fraud program to be effective in your organization u Review tools that can be used by you in implementing an anti- fraud program Key Points
  3. MIS Training Institute Session 13 - Slide 3 Anti-Fraud Program Objective Prevent or detect the occurrence of fraud and implement proactive solutions to reduce or eliminate fraud’s effects on the organization…
  4. MIS Training Institute Session 13 - Slide 4 Before We Begin, Remember… The design of an organization’s formal and effective anti-fraud program evolves from the collaborative efforts of executive management, oversight committees, and specific departments within the organization…
  5. MIS Training Institute Session 13 - Slide 5 n Benchmark What are we doing now? u “Routine” Audits u SOX & other regulatory audits u Code of Conduct u Management Oversight (financial reconciliation, expense reporting reviews, etc.) Pre -Implementation Steps What can we be doing? Continuous Assurance Training (auditors, business owners) Anti-fraud audit procedures Enhanced Due Diligence procedures (employee hiring, vendor on-boarding, etc.) Management Buy-In Potential cost savings Ex. 5% (per ACFE the avg. loss) X Gross Expenses Operational Improvements Strengthen Control Environment Identify Operational Efficiencies Risks lead to Opportunities VS.
  6. MIS Training Institute Session 13 - Slide 6 Benchmark/GAP Analysis Identify “Best Practices” and other sources to Benchmark existing activities against to identify elements already established… Analyze current procedures and protocols to determine if applicable to anti-fraud initiatives… Engage others within your organization and executive management to provide feedback on existing practices… Document and present your analysis… Element Activity Exceeds Expectations Meets Expectations Does Not Meet Expectations Responsible Party(s) Enhancement Opportunities Prevention Anti-Fraud Training X Compliance Begin training within specific departments (i.e. Acctg.) Investigation & Corrective Action Investigative process is clearly defined X Compliance & Security Formalize investigation process and define specific roles & responsibilities Detection Analytical Reviews X Internal Audit Review analytical programs to determine if enhancement areas exist Assign activities to meet element objectives and determine if your program is meeting those defined objectives…
  7. MIS Training Institute Session 13 - Slide 7 Established Benchmark Guidance Assess current procedures against established frameworks/guidance… Identify opportunities for improvement (e.g. modify or implement procedures, protocols, etc)... IIA, ACFE and AICPA’s “Managing the Business Risk of Fraud: A Practical Guide”, April 2008 IIA’s International Professional Practices Framework (“IPPF”) – Practice Guide: “Internal Auditing and Fraud”, December 2009
  8. MIS Training Institute Session 13 - Slide 8 1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is to detect and investigate fraud; 1220.A1 – Internal auditors must exercise due professional care by considering the...probability of significant errors, fraud, or noncompliance...; 2120.A2 – The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk; 2210.A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing the engagement objectives; and 2060 – The chief audit executive must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board of directors. IIA Fraud Standards Guidance provided by The IIA’s International Professional Practices Framework
  9. MIS Training Institute Session 13 - Slide 9 Governance - The program should include a written policy (or policies) to convey the expectations of the board of directors and the executive management team regarding managing fraud risk. Fraud Risk Assessment - An organization’s fraud risk exposure should be assessed periodically by the organization to identify specific scenarios that the organization needs to mitigate. Prevention - Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. Detection - Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Investigation & Corrective Action - A reporting process should be in place to solicit input on potential fraud and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. The investigative function should be coordinated between appropriate parties selected by management. Anti-Fraud Program Elements
  10. MIS Training Institute Session 13 - Slide 10 Benchmark/Gap Analysis Elements of Effective Anti-Fraud Management Executive Leadership Compliance Legal Audit Security Accounting HR Tone at the Top X Code of Conduct X X Establish & Maintain System of Internal Controls X X Internal Control Reviews X Deter & Detect Potential Conflicts of Interest X X Hotline Administration X Investigation of Fraud Allegations X X X X Referral to Law Enforcement X Fraud & Compliance Awareness Training X X Civil Litigation and Recovery of Losses Due to Fraud X Corrective Actions / Remediation to Prevent Recurrences of Fraud X Proactive Fraud Auditing X Fraud Risk Assessment X X Employee Assistance Program X Responsibility matrices can assist you in identifying and assigning responsibilities… Use the matrix to benchmark, clearly define roles & responsibilities and periodic evaluations…
  11. MIS Training Institute Session 13 - Slide 11 Governance Image obtained from the ACFE’s article “Who Owns Fraud? Uniting Everyone to Effectively Manage the Anti-Fraud Program” by Dan Tropey, CPA and Mike Sherrod, CFE, CPA
  12. MIS Training Institute Session 13 - Slide 12 Governance Best Practices Formal Anti-Fraud Policy – conveying the expectations of the board of directors and executive management. The policy (or policies) can include: Organization’s Definition of Fraud Organization’s attitude toward fraud (i.e. Zero-Tolerance, Materiality) Relationship between anti-fraud and Code of Conduct Summary of Fraud Control Strategies Overview of Fraud Risk Management functions Procedures for Reporting Fraud (i.e. Whistleblower Hotline) HR Employment Conditions and Processes Investigation Procedures (e.g. Confidentiality Protocol, Privilege, Fraud Response Management, Root-Cause Analysis) Department/Committee Roles & Responsibilities Attitude towards retaliation
  13. MIS Training Institute Session 13 - Slide 13 Identify Plan Risk Assessment Process
  14. MIS Training Institute Session 13 - Slide 14 Risk Assessment - Categories *Refer to the 2010 Report to the Nations on Occupational Fraud and Abuse, ACFE Present your “FRA” at a level that board members/executive management can understand… Use these categories and a Top-Down approach to build your Fraud Scheme Repository …
  15. MIS Training Institute Session 13 - Slide 15 Risk Assessment – Fraud Scheme Mngt. Using the categories defined for presentation purposes build a granular fraud scheme repository specific to your organization’s activities & risks… The repository schemes can then be tracked and measured at a granular level and rolled up to assist in measuring the sub-risk and categories… Vendor A is required to pay the bidding manager $2,000 to participate in the bidding process Extortion Corruption Funds are misappropriated to a shell company. Vendor setup is colluding with accounts payable. Fraudulent Disbursement – Billing Scheme Asset Misappropriation Management has decided to book revenue for items shipped and ships items to meet expectations. Financial – Fictitious Revenues Fraudulent Statements KPIs Mitigation Actions 1. Hotline Statistics 1. SOX Controls 2. SEC Enforcement Actions 2. Audit Procedures Fraud Scheme Sub Risk Category
  16. MIS Training Institute Session 13 - Slide 16 Risk Assessment - Measures KPIs and Mitigating Activities provide “real” data to support your assessment; however, Management should be updated and risks ranked by using the… Magnitude (i.e. Significance): High (3) = > $10 Million Med (2) = Between $4 Million and $10 Million Low (1) = < $4 Million Likelihood (i.e. Controls, Mitigating Activity): Strong (1) = Preferred Practice Good (2) = Adequate Low (3) = Needs Improvement Likelihood (i.e. Pressure, Occurrence): High (3) = Significant pressure Med (2) = Moderate pressure Low (1) = Little to no pressure Magnitude + Likelihood [(Controls) + (Pressure)] = Rank $s should reflect your Organization’s Appetite
  17. MIS Training Institute Session 13 - Slide 17 Risk Assessment - Presentation Magnitude Major >$50M 5 Substantial >$25M 4 Moderate >$ 10M 3 Minor >$1M 2 Insignificant <$1M 1 Define how Financial Impact is measured (i.e. Net Income, Revenues, etc.) 1 2 3 4 5 Remote Unlikely Possible Likely Almost Certain Likelihood 12 11 3 10 4 6 5 14 13 2 15 9 8 1 7 Heat Map Other Measures (1) Velocity – Measurement of the rate of change… Measure as Immediate, Rapid or Slow (2) Risk – Gross & Residual Gross before Mitigating Activities and Residual Measures After Measure as High, Medium or Low
  18. MIS Training Institute Session 13 - Slide 18 Prevention Prevention techniques are as varied as the industries and size of businesses we work in… Exit Interviews SecurityCameras SOX/ICFR
  19. MIS Training Institute Session 13 - Slide 19 Prevention – Keep your Ears on the Track Continue to improve & enhance these activities based on past experiences, new concepts and information from your fraud risk assessment… 1. Integrate current activities with anti-fraud objectives 2. Continue to assess preventative activities as part audit and SOX procedures and identify ways to improve prevention activities 3. Adjust preventive activities based upon new ideas, frauds, etc. 4. Seek feedback from business owners 5. Try to stay ahead of the Fraudster by educating yourself and your team
  20. MIS Training Institute Session 13 - Slide 20 Detection Structured Audits  Fraud Training/Planning embedded in plan  Fraud-Specific Audits  Other Department Audits Continuous Assurance  Base review areas on Assessment  Analytic Tools SOX/IFRS Control Reviews Whistleblower Programs Analytical Financial Data Reviews Unstructured Emails , Instant Messages Key Word Searches Base on high risk areas Memos, Contracts, Invoice Details, etc. Dates, $s, names, etc.
  21. MIS Training Institute Session 13 - Slide 21 Detection – Use Existing Knowledge Leading & Lagging Indicators 1. Hotline Complaints 2. Fraud Risk Research Stats 3. New Audits w/ Fraud Objectives 1. Ratio Analysis 2. Prior Audit Findings 3. Hotline Complaint Trends Audit Planning & Testing Training SOX/ICFR Testing Continuous Monitoring Focus Areas Fraud Risk Assessment AuditPlanning Policy ObjectivesManagement/Employee Awareness
  22. MIS Training Institute Session 13 - Slide 22 Detection – Fraud Materiality Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy FRAUD HAS NO MATERIALITY 1. Define your company’s fraud appetite 2. Review local laws/regulations for guidance on criminal fraud amounts 3. Project potential total losses over time ASSESS & DECIDE
  23. MIS Training Institute Session 13 - Slide 23 Concept of Forensic Accountant vs. Fraud Manager Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company… Whereas various individuals are fraud managers in that they assist in the deterrence and/or detection of fraud or indications of fraud…
  24. MIS Training Institute Session 13 - Slide 24 Investigation & Corrective Action 1. A reporting process should be in place to solicit input on potential fraud. 2. A coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely (“Fraud Response Plan”). 3. The investigative function should be coordinated between appropriate parties selected by management (Who is the quarterback?). 4. The function should clearly define the roles and responsibilities of identifying, responding and reporting to an alleged fraud. Including internal and external resources. Build the investigation team based upon skill sets. 5. Each part of the investigative process should be clearly documented and reported. Legal should be involved within the process to provide guidance. 6. Maintain consistent disciplinary procedures. “Set the tone” within the organization with respect to fraud. 7. As part of this process management should review the investigation’s findings to determine what the appropriate follow-up should be. 8. The investigative team should also review periodically their process to determine if there are improvement opportunities (i.e. learning roundtables).
  25. MIS Training Institute Session 13 - Slide 25 Investigation & Corrective Action Corrective actions can include a root-cause analysis, internal control or process improvement reviews and/or criminal or civil actions… Coordinate remediation action steps across business units Utilize the investigation findings to determine the likelihood of the potential fraud risk from reoccurring and learn how to effectively mitigate the action Determine the value of your actions and present to management
  26. MIS Training Institute Session 13 - Slide 26 Now What? Prioritize Your Next Steps •Management Buy In •Explain the value (Regulations or $ Savings) •Find your place at the “Table” •Internal Audits Role •Define your Plan •Risk Assessment, Detection/Prevention •Measure, Assess and Adjust •Manage resources efficiently and effectively NEVER Stop Thinking of New Ways to Prevent or Detect Fraud
  27. MIS Training Institute Session 13 - Slide 27 Questions

Notas del editor

  1. MIS Training Institute Section # - Page 1 XXXXXX XXX ©
  2. MIS Training Institute Section # - Page 2 XXXXXX XXX ©
  3. Each organization’s objectives are unique and you need to understand how those objectives align with anti-fraud objectives.
  4. MIS Training Institute Section # - Page 5 XXXXXX XXX ©
  5. Conformance with anti-fraud elements allows an organization to strengthen the awareness of fraud risks, assign responsibility, provide assurance that fraud risk information is current and accurate, and ensure that vulnerability to fraud is properly addressed. Management should tailor the design of the anti-fraud program to fit the needs and objectives of the organization and ensure that the program’s benefits outweighs its costs.
  6. It is important to define roles & responsibilities. Each department/employee has specific skill sets that can assist in benefitting the overall program. Governance tends to address structures and processes for decision-making, direction, accountability, control, and behaviors within organizations. The goal of governance is to provide safeguards enabling organizations to achieve their objectives. Governance does not exist as a separate set of structures, activities, functions, arrangements and processes. There are relationships that must exist between the organization’s governing board, executive leadership, risk management, compliance, quality, and assurance providers like internal and external auditors. These relationships must be in harmony if the organization is to achieve its objectives and satisfy stakeholder expectations. Effective governance begins with an understanding of the roles and responsibilities among the various participants (stakeholders, governing board, executive leader, senior management, employees, partners, suppliers, customers…) in determining the direction and performance of the organization. ASSIGN A LEADER……
  7. Corporate governance is the set of processes, customs, policies, laws, and institutions affecting the way a corporation (or company) is directed, administered or controlled. Corporate governance also includes the relationships among the many stakeholders involved and the goals for which the corporation is governed. In contemporary business corporations, the main external stakeholder groups are shareholders, debtholders, trade creditors, suppliers, customers and communities affected by the corporations activities. Internal stakeholders are the board of directors, executives, and other employees. An important theme of corporate governance is the nature and extent of accountability of particular individuals in the organization. It is important to define roles & responsibilities. Each department/employee has specific skill sets that can assist in benefitting the overall program. Writing these components in a formal document explains to employees the importance of anti-fraud within the organization as well as alerts to various aspects of the program (i.e. reporting procedures, contacts, etc.)
  8. Use surveys, interviews KPIS and facilitated sessions
  9. How granular do you go? Depends on your organization. No such thing as one size fits all. Fraud Scheme Repository…
  10. Assessment should have $ parameters (i.e. materiality) Assessments are subjective; however, use your granular stats (KPIs, Controls) to help gauge your measurements….. Utilize the experience of others in the organization from various departments…
  11. After Magnitude and Likelihood you can measure risk using velocity, gross/residual risk and others. Like KPIs, management discussions
  12. Design prevention techniques specific to your business and its’ culture. MAKE IT KNOWN What you prohibit. Heard stories of emailing how employees were terminated – don’t recommend unless legal approves.
  13. Provide staff/business owners with fraud articles to keep fraud on their mind…use different types as examples.
  14. Structured vs. Unstructed Data (E&Y Concept)
  15. Leading - # of complaints Lagging - # of audit findings, ratio analysis (“after the fact, hindsight”) What are your companies’ fraud indicators? Hotline, Audit Findings, Cont. Audit, Use indicators to assist in your detection efforts
  16. Fraud Materiality Concept: when to look during routine audits, control monitoring, CM – don’t waste resources Discuss concept of fraud materiality (costs outweigh benefits). Ex. Go after $10 or $1Mil. Discuss concepts of ethical appetite.
  17. Before our next section I want to introduce a concept that needs to be understood…While the investigation can be fun we all need to know our roles and how are unique skill sets can be used…
  18. work privileges/Kovel Letter
  19. Corrective Action: Internal Audit can provide feedback on controls, risk environment, process improvement opportunities. Quantify potential or actual savings (i.e. control can reduce waste and eliminating fraud). Follow Up on issue (depending on severity) with Audits. Add fraud into risk assessment KPIs and part of your Fraud RCM.