Fraud Risk Assessment- detection and prevention- Part- 2,
4 likes5,429 views
The document discusses various techniques for detecting and preventing fraud, including: 1) Establishing prevention techniques like controls, job rotation, and education to avoid fraud risks. 2) Implementing detection methods such as data analysis, forensic auditing, and link analysis to uncover fraud. 3) Asking vital questions within 24 hours of a fraud allegation to properly investigate and prevent future fraud.
Fraud Risk Assessment- detection and prevention- Part- 2,
- 1. Fraud Risk Assessment (Part 2) Detection and Prevention Techniques TAHIR ABBAS CIA,CISA,CFE,CRMA
- 2. The only certainty is uncertainty Event: Occurrence of a particular set of circumstances. Frequency: A measure of the number of occurrence's per unit of time. Hazard: A source of potential harm or a situation with a potential to cause loss. Consequence: Outcome or impact of an event. Likelihood: A general description of probability or frequency.
- 3. Fraud Risk Assessment Foundations of an effective fraud risk management • Identify inherent fraud risk • Assess the likelihood and significance of inherent fraud risk • Developing a response to reasonably likely and significant inherent and residual fraud risk
- 4. Fraud Risk Assessment – Identify inherent fraud risk • Where could things go wrong • Industry, geo-political risks • Company risks – Incentive plans – Growth rate – Consolidation • Risk of management override – Assess the likelihood and significance of inherent fraud risk • Likelihood – remote, possible, probably • Significance – not just dollars; reputation, management time
- 6. Procurement Fraud Risk Assessment Corruption Context Document Fraud Risk- List down Likelihood Impact Control
- 7. Procurement Fraud Red Flags • Repeated awards to the • Awards to non-lowest same entity. bidder. • Competitive bidder • Contract scope changes. complaints and protests. • Numerous post-award • Complaints about quality contract change orders. and quantity. • Urgent need or sole • Multiple contracts awarded source. below the competitive • Questionable threshold. minority/disabled • Abnormal bid patterns. ownership. • Agent fees. • • Questionable bidder.
- 8. Key Principle for Fraud Risk Management • As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk • Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. • Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. • Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized a reporting process should be in place to solicit input on potential fraud, and a coordinated • Approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
- 9. Preventing Fraud – A Summary Create a culture of Honesty, Eliminate Opportunities Openness, and Assistance Implement Have good Employee internal controls Assistance Discourage Programs Collusion Have a Code of Ethics Provide tip hotlines Publicize company Create a Positive Create an policies Work expectation of Environment punishment Proactively audit Hire honest people and for fraud provide fraud awareness training Monitor employees
- 10. Controls Existence of a control even if non operational can be a deterrent and act as a real control
- 11. Deterrence and Prevention Deterrence modifies the person's behavior through perception of being caught and being punished while Prevention focuses on removing the root cause of the problem, hence prevention and correction logically go together.
- 12. Prevention • Analytical reviews • Mandatory vacation • Job rotation • Surprise audit • Oversight • Employee education • Open door polices
- 13. Prevention Dishonest employees may not commit a fraud if they know the organization has an oversight and confirmation process. After giving the code of ethics to all employees (in both hard and soft copy if possible), require that they sign a statement that says they have read and understood the code's requirements and will comply with them. The fraud prevention plan should include an accountability matrix that lists the anti-fraud functions and which staff have primary, secondary or a shared responsibility. This then eliminates the excuse of ignorance.
- 14. The Death Penalty For Corporations If we are going to consider the corporation to be a person and afford it the same kinds of rights and freedoms that are extended to the individual, perhaps it is time to revise the methods by which we hold the corporate "person" accountable. We should impose the same kind of punishments that we have established for individuals. If a corporation is convicted in the courts for a violation of law, we should curtail its freedom to conduct business for a period of time. In the event of repeat offenses, the penalties should be increased. In those instances where a corporation severely violates the public trust, it should cease to exist. The corporate charter should be revoked, the assets seized and the corporation dissolved.
- 16. Fraud Prevention Checklist Is ongoing anti-fraud training provided to all employees of the organization? Understand what constitutes fraud? Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss and decreased morale and productivity — been made clear to employees? Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely? Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
- 17. Fraud Prevention Checklist Is an effective fraud reporting mechanism in place? Have employees been taught how to communicate concerns about known or potential wrongdoing? Is there an anonymous reporting channel available to employees, such as a third-party hotline? Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal? Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
- 18. Fraud Prevention Checklist Are strong anti-fraud controls in place and operating effectively, including the following? Proper separation of duties Use of authorizations Physical safeguards Job rotations Mandatory vacations
- 19. Detection – Process controls – Anonymous Reporting/hotline – Internal Audit – Benchmark – Measurements – Computer Checks for Anomalies – Interviews
- 21. Forensic Accounting Forensic accounting or financial forensics is the specialty practice area of accountancy that describes engagements that result from actual or anticipated disputes or litigation. "Forensic" means "suitable for use in a court of law", and it is to that standard and potential outcome that forensic accountants generally have to work. Forensic accountants, also referred to as forensic auditors or investigative auditors, often have to give expert evidence at the eventual trial.
- 22. Forensic Auditing Forensic auditing is a type of auditing that specifically looks for financial misconduct, and abusive or wasteful activity. It is most commonly associated with gathering evidence that will be presented in a court of law as part of a financial crime or a fraud investigation.
- 23. Forensic Accounting Factors • Time: Forensic accounting focuses on the past, although it may do so in order to look forward (e.g., damages, valuations). • Purpose: Forensic accounting is performed for a specific legal forum or in anticipation of appearing before a legal forum. • Peremptory: Forensic accountants may be employed in a wide variety of risk management engagements within business enterprises as a matter of right, without the necessity of allegations (e.g., proactive).
- 24. Forensic Audit Approaches • Direct methods involve probing missing income by pointing to specific items of income that do not appear on the tax return. In direct methods, the agents use conventional auditing techniques such as looking for canceled checks of customers, deed records of real estate transactions, public records and other direct evidence of unreported income. • Indirect methods use economic reality and financial status techniques in which the taxpayer’s finances are reconstructed through circumstantial evidence.
- 25. Indirect Methods An indirect method should be used when: • The taxpayer has inadequate books and records • The books do not clearly reflect taxable income • There is a reason to believe that the taxpayer has omitted taxable income • There is a significant increase in year-to-year net worth • Gross profit percentages change significantly for that particular business • The taxpayer’s expenses (both business and personal) exceed reported income and there is no obvious cause for the difference
- 26. How internal controls Can detect fraud? • Can internal controls detect fraud?
- 27. Method for detecting frauds • Percentage markup method for proving income • Data Analysis • Fraud Assessment tools • Bedford analysis • Link Analysis • Interviewing strategies • Linguistic Text Analysis
- 28. Percentage markup method for proving Income
- 29. Data Analysis • Article provided • Ratios, hor , vertical
- 31. Link Analysis Given the complexity of serious fraud investigations, and the significant number of individuals and entities ordinarily involved, the employment of an analytic procedure known as 'link network diagramming' - commonly referred to as 'link analysis' - should be considered to facilitate the investigation and case structuring. Link analysis is essentially a graphic method for integrating and displaying large amounts of data which are related to complicated criminal activities and civil wrongs. The construction of a link analysis diagram should enhance the integration and presentation of relevant evidence or information that is: • connected to various financial accounts, individuals and entities; • collected by or from different sources; and • spread over a protracted period of time.
- 32. Link Analysis Essentially, the link analysis technique is comprised of two sequential steps. The first step is the conversion of written material containing summaries of investigative findings into a graphic form called an 'association matrix'. The second step is the conversion of the matrix into a diagram intended to facilitate understanding of the relationships contained therein. The association matrix is essentially an interim step in producing graphic material to assist investigators, prosecutors and civil litigation counsel. The goal is the development of pictorial data which clearly shows the relationships between people, organizations and activities. It allows an analyst or a trier-of-fact ready access to the big picture in complex matters. As the final diagram depicts relationships (or links) between people, organizations and activities, the generally accepted name for such pictorial data is a 'link analysis' diagram.
- 35. Linguistic Text Analysis Lack of self-reference Euphemisms Verb tense Alluding to actions Answering Q with Q Lack of Detail Equivocation Narrative balance Oaths Mean Length
- 37. Linguistic Text Analysis • ON SLIDE NO 77 AND 78 OF FIRST PART PRESENTATION ALREADY PROVIDED • http://www.fraud-magazine.com/article.aspx?id=4294971184
- 38. 11 vital questions to answer within the first 24 hours of a fraud allegation: • Does the alleged activity constitute fraud? • Who is involved? • How should those who were involved in the fraud be handled? • Are there any co-conspirators? • How much was lost to fraud? • During what period did the fraud occur? • How did the fraud occur? • How was the fraud identified? • Could the fraud have been detected earlier? • What can be done to prevent similar frauds? • Should the conduct be disclosed to the authorities?
- 39. Tone at top • What is the “tone at the top”? • Major fraud factors – Meeting analysts’ expectations – Compensation and incentives – Pressure to reach goals • Why employees don’t report unethical conduct????
- 40. Tone at top • COMMON ETHICAL VIOLATIONS • Abusive or intimidating behavior of superiors toward employees (21 percent) • Lying to employees, customers, vendors, or the public (19 percent) • A situation that places employee interests over organizational interests (18 percent) • Violations of safety regulations (16 percent) • Misreporting actual time or hours worked (16 percent)
- 41. COMMON ETHICAL VIOLATIONS Stealing, theft, or related fraud (11 percent) • Sexual harassment (9 percent) • Provision of goods or services that fail to meet specifications (8 percent) • Misuse of confidential information (7 percent) • Price fixing (3 percent) • Giving or accepting bribes, kickbacks, or inappropriate gifts (3 percent) • E-mail and Internet abuse (13 percent) • Discrimination on the basis of race, color, gender, age, or similar categories (12 • percent)