Presentation Description

The presentation defines fraud risk and fraud risk management, fraud triangle, fraud risk mitigation measures and fraud risk reporting


Presentation Transcript


Fraud Risk Management FRM TRAINING MATERIALS 1 Prepared by Sako Mwakalobo -CRO

Issues Covered: 

Recall y0ur memory Introduction Profile of a fraudster Fraud Risk Indicators Other Fraud risk Indicators Fraud Risk Management FRM investigation and Reporting Issues Covered 2 Prepared by Sako Mwakalobo -CRO

Recall and test your memory: 

What do know of past fraud and risk of fraud occurring at an organisation ? Who is responsible for managing fraud at an entity? Are there any systems in place to detects fraud and irregularity at an entity? Do you know where to report fraud or suspected fraud at an entity? Recall and test your memory 3 Prepared by Sako Mwakalobo -CRO


Entities management has not scored well in fraud risk assessment and audit conducted by the external assessors Generally an entity has not systems in place to detect and channel the fraudulent matters neither as to where to report by the staff Fraud is costing an entity dearly and a need for proper assessment and reporting is imperative These slides will present a brief on fraud risk management organizational wide as part of risk management process. Introduction 4 Prepared by Sako Mwakalobo -CRO

What is fraud?: 

Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain. Misconduct is also a broad concept, generally referring to violations of laws, regulations, internal policies, and market expectations of ethical business conduct. Intentional act by one or more individuals among management , those charged with governance, employee or third parties involving the use of deception to obtain an unjust or illegal advantage What is fraud? 5 Prepared by Sako Mwakalobo -CRO

Types of fraud: 

Types of fraud Fraudulent Financial Reporting Asset Misappropriation Other Questionable or Improper Business Practices Manipulation, falsification/alteration of records or documents Misappropriation of assets Suppression or omission of the effect of transaction from records or documents Recording transaction without substance Misapplication of accounting principles 6 Prepared by Sako Mwakalobo -CRO

Fraud Losses – Estimated at an entity: 

Fraud Losses – Estimated at an entity 7 Prepared by Sako Mwakalobo -CRO

Fraudster profile - International: 

KPMG UK analysed a sample of 100 frauds investigated over a three year period Directors or Senior Managers perpetrated 2/3 of frauds; 32% had worked for company for between 10 and 25 years; 51% involved some collusion between two or more people in business and in 10% of cases, more than 5 people involved; 70% of cases involved only men; Typical ages: 39% were between 36 and 45; Finance was most likely area hit in 42% of cases with procurement next most likely at 12.5%. Fraudster profile - International 8 Prepared by Sako Mwakalobo -CRO

Why fraud happens?: 

Why fraud happens? Fraud Need/ Rationalization Every one Does it Simply borrow -money Pressure Unrealistic Corporate Target can Force Employees to Commit fraud Opportunity - due to weak And override of controls 9 Prepared by Sako Mwakalobo -CRO

Fraud Indicators (Red Flags): 

Aggressive application of accounting codes Information provided unwillingly or after unreasonable delay Unsupported transactions Fewer confirmation responses Evidence of unduly lifestyle by officers or employees Long outstanding imprest balances Poor documentation False & improper entries in records Unauthorized payments Unauthorized use of corporate assets Misapplication of funds Fraud Indicators (Red Flags) 10 Prepared by Sako Mwakalobo -CRO

Fraud Indicators (Red Flags): 

Undue secrecy Questionable practices Significant manager or director transactions Drop of sales or earnings Aggressive accounting treatment Posting of transactions to headquarters Receipt of poor quality goods Related party arrangements Weak security checks for employees Delay in submission of reports Fraud Indicators (Red Flags) 11 Prepared by Sako Mwakalobo -CRO

Fraud indicators (Red flags): 

Flouting directives and regulations Personal interest Uncorrected entries and stock adjustments High fly management decisions Incompatible functions done by one person Misuse of computer for private business Frequent use of allocated issue voucher even when the system is available Questionable system adjustments Fraud indicators (Red flags) 12 Prepared by Sako Mwakalobo -CRO

Fraud Indicators: 

Unauthorized transactions Cash shortages Unexplained variation in prices Missing documentation Excessive refunds Living beyond ones means Drug and alcoholic abuse High personal debt/loses Compulsive gambling/stock speculation Risk of increase IT, increases the risk of manipulation, access control Fraud Indicators 13 Prepared by Sako Mwakalobo -CRO

Fraud Indicators: 

Management Environment Pressure Management style and attitude Competitive and business environment e.g. technology Employee relationship ( spouse receiving non competitive contract) Attractive assets Internal controls Lack of separation of duties Too much trust placed on few employees Fraud Indicators 14 Prepared by Sako Mwakalobo -CRO

Personal Fraud indicators: 

Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraud Personal pressures Individual performance targets Infiltration by organised crime Controls may be overridden or ignored by certain individuals: Powerful (overrides controls, staff intimidated) Successful (not to be bothered, too busy earning money) Trusted (responsibility has moved beyond their job description) Personal Fraud indicators 15 Prepared by Sako Mwakalobo -CRO

Managing Fraud -Forces: 

Managing Fraud -Forces Entity Governance and Responsibility Code of Ethics Staff Regulations Director & Officer Liability Internal Audit Risk Management Business Plan and Budget Procurement and Finance Acts Customer Service Surveys Stakeholders pressures Reputation and Credibility 16 Prepared by Sako Mwakalobo -CRO

Business environment: 

Rapid increase of activities ( partially as a result of expansion) Weak competition Rapidly growing sales – vertical program sales Relatively high profitability ….. In such an environment, effective anti-fraud measures can be ascribed low priority or be undetected because the current level of profitability allows for fraud losses to be absorbed within existing profit margins. …. Consider tough times ahead…. More competition, changing government regulations, funds to health facilities?? Business environment 17 Prepared by Sako Mwakalobo -CRO

Do we have any fraud mitigation?: 

What are they? Reviewed and Strengthening of internal controls Periodic compliance audit Employee hotline Appointed compliance personnel Establish and implement code of conduct for all employees Conducted background check for hires with budgetary responsibility Instituted fraud awareness training Tied employee evaluations to ethics or compliance objectives What is your answer on the above from 0-10 Do we have any fraud mitigation? 18 Prepared by Sako Mwakalobo -CRO

Fraud Risk Management Techniques: 

Fraud Risk Management Techniques Management Internal Audit Internal Controls Whistle - blowing Reliance ? 19 Prepared by Sako Mwakalobo -CRO

Controls Barriers: 

Good controls on paper are not strictly followed in practice Grey areas in the rules – open to interpretation Lack of segregation of duties Collusion Management override Failure of senior management to lead by example Bureaucracy &/or formulaic compliance Failure to share knowledge of fraud experience, control weaknesses and control improvements Clash of cultures Controls Barriers 20 Prepared by Sako Mwakalobo -CRO

Objectives of Fraud Risk Management: 

Objectives of Fraud Risk Management controls designed to reduce the risk of fraud and misconduct from occurring in the first place controls designed to discover fraud and misconduct when it occurs controls designed to take corrective action and remedy the harm caused by fraud or misconduct 21 Prepared by Sako Mwakalobo -CRO

Fraud Risks Management - Measures: 

appropriately if discovered occurrence fraud and misconduct Fraud Risks Management - Measures Detect Respond Prevent 22 Prepared by Sako Mwakalobo -CRO

Fraud Risk Management - components: 

Fraud Risk Management - components 23 Prepared by Sako Mwakalobo -CRO

Fraud risk assessment: 

Fraud risk assessment Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable. Likelihood Significance / Impact Qualitative factors in the assessment include: the accounting system complexity, volume and nature of transactions internal controls in place compliance, training and monitoring Incorporates the views of: management; control functions; line employees Management are then able to : Prioritise identified risks and evaluate the existing controls Link each risk to specific controls and commit resources to implement any enhancements 24 Prepared by Sako Mwakalobo -CRO

Fraud Risk Management Experiences: 

Fraud Risk Management Experiences Surveys suggest that: Over 50% of frauds are discovered as a result of information provided by staff Losses after an introduction of a whistle-blowing hotline can be reduced by up to 60%. Staff prefer the following reporting channels: 57%: a telephone hotline; 20%: conventional mail; and 16%: e-mail . Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse 25 Prepared by Sako Mwakalobo -CRO

FRM – Hotline best practices: 

FRM – Hotline best practices Confidentiality Anonymity Availability Assistance – Real Time Procedures Classify & Notify Communicate All matters treated confidentially; reported on a need to know basis Process should allow for anonymous submission & resolution Should be available in remote outposts, not just head office A ‘live’ response – operators need to be qualified, trained & able to provide advice Consistent protocols to gather information and manage the call Qualified staff assess the allegation; protocols establish basis for escalation & investigation Publicise the hotline prominently; commit to, & test for, non-retaliation 26 Prepared by Sako Mwakalobo -CRO

FRM - Response: 

FRM - Response Objective is to take corrective action & remedy the harm caused by fraud or misconduct: Examine the primary cause of the control breakdown, ensuring that risk is mitigated and controls are strengthened. Discipline those involved in the inappropriate actions, as well as those in management positions who failed to detect or prevent such events. Communicate to the wider population of employees that management took appropriate, responsive action. 27 Prepared by Sako Mwakalobo -CRO

FRM - Basis of Investigation: 

Consideration should be given to: Data and information gathering; Interviewing techniques; Appropriate resource; Analytical tools such as data mining; and Entity intelligence information. FRM - Basis of Investigation 28 Prepared by Sako Mwakalobo -CRO


FRAUD INVESTIGATION Once the symptoms of fraud are found and additional tests have indicated that there is a strong possibility of fraud, the review enters the formal investigation phase Investigator must know; Results of investigation can be used later as an educational tools for auditors, fraud investigators and other employees 29 Prepared by Sako Mwakalobo -CRO


FRAUD INVESTIGATION- STAGES Briefing management, followed by terms of reference detailing the initial scope of work Communication with parties involved e.g. Internal audit, audit committee and accounting staff Determining the extent of fraud Interviewing the defrauder ( only if fraud is known with certainty) Investigating the known area with detailed audit test. E.g. Procurement tendering, wages, cash debtors and stock Report to the management on the findings, with copies to interested parties e.g. Internal auditor, audit committee. 30 Prepared by Sako Mwakalobo -CRO


INVESTIGATION – DETAILS OF REPORT Circumstances which led to investigation Fraud discovered and their extent Identity of the defrauder Effects on the reported profit of the past period Effects on f/s of current periods 31 Prepared by Sako Mwakalobo -CRO


INVESTIGATION – DETAILS OF REPORT IC weakness which allowed the fraud and recommendations for eliminating them Report of any interviewing with the defrauder, including offers of restitution etc, which may be relevant to management in deciding what action, if any they should take against him/her If there is any suggestion that the internal auditors has been negligent the extent of claim against him. 32 Prepared by Sako Mwakalobo -CRO


ACTION UPON PROOF OF FRAUD OR ERROR investigator should Consider the potential effects in F/s Where the fraud is material the auditor should modify the audit procedures so as to perform procedures appropriate to circumstances depending on the type of the fraud/error suspected, the likelihood of their occurrence and extent of damage in the F/s 33 Prepared by Sako Mwakalobo -CRO


ACTION UPON PROOF OF FRAUD OR ERROR If some proof of fraud exists, management has several options Cause a deeper audit to be done if amount of loss appears substantial Terminate employee responsible if loss is minimal File a claim to recover a loss from clients fidelity insurance agent Arrange with law enforcement agents to probe into the matter 34 Prepared by Sako Mwakalobo -CRO


ACTION UPON PROOF OF FRAUD OR ERROR If some proof of fraud exists, management has several options Engage a private investigator to probe into the loss and document it for claim purpose/prosecution Disregard losses if minimal and tighten controls Alert the directors, audit committees or the Board 35 Prepared by Sako Mwakalobo -CRO


FRAUD DETERANCE MEASURES Strong internal Control System is not a warrant from fraud Entity should have an effective anti-fraud and corruption strategy which is aimed at encouraging prevention, promote early detection and respond to concern raised Awareness programs to employees Screening job applicants Sound corporate policy on fraud AVOID atmosphere of distrust and paranoia by over-emphasising fraud deterrence measures. 36 Prepared by Sako Mwakalobo -CRO


FRAUD REPORTING It is important to stick to facts, and to discount hearsay, rumour, or opinion and record what is relevant to the cause of the incident and its effect Audit reports on fraud and other improprieties should be addressed to the right person who can take action 37 Prepared by Sako Mwakalobo -CRO


FRAUD REPORTING Report must contain all details of fraud Must provide framework to analyse the fraud case Must enable the user to develop improved management and security policies and detect and prevent fraud. Investigation and reporting should proceed in such a way that the outcome will be litigated. Recording exact times, data, names of person and specific; description of evidence are critical in civil or criminal investigation or litigation 38 Prepared by Sako Mwakalobo -CRO