Developing A Fraud Risk Management Program
Developing a Fraud RiskManagement ProgramErick O. BellPriyanka JhangDeloitte Financial Advisory Services LLPSeptember 11, 2013Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
AgendaMaking the case for a Fraud Risk Management ProgramA COSO-consistent Process for Fraud Risk ManagementRoles of Key Parties in Managing Fraud RiskControl Environment and Fraud Risk AssessmentsAnti-Fraud Control ActivitiesSharing Information and CommunicationMonitoring ActivitiesCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Making the case for a FraudRisk Management ProgramCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Fraud: DefinedAny illegal acts characterized by deceit, concealment, or violationof trust. These acts are not dependent upon the application ofthreat of violence or of physical force. Frauds are perpetuated byindividuals and organizations to obtain money, property, orservices; to avoid payment or loss of services; or to secure personalor business advantage. Source: The Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing www.the.iia.org4Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Occupational Fraud: DefinedThe use of one’s occupation for personal enrichment through thedeliberate misuse or misapplication of the employingorganization’s resources or assets. Source: 2006 Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse5Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Errors Do Not Constitute Fraud6Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
ACFE Fraud Statistics Losses 5 percent of revenue 140,000 per case18-month durationHighest impact to small businessesHigher positions higher loss81% of fraudsters displayed one or morered flags Living beyond means Financial difficulties Unusually close association with vendors orcustomers Excessive control issues Source: 2012 Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse7Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Detection of Fraud Source: 2012 Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse8Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Size of Victim Organizations Source: 2012 Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse9Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Types of Occupational Fraud & AbusePercent of cases exceeds 100 percent due to cases spanning several categories. Source: 2012 Association of Certified Fraud Examiners Report to the Nation on Occupational Fraud & Abuse10Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Why Organizations Should Manage Fraud Risk Duty of care to shareholders/stakeholdersManage impact of fraud on profitability/available fundingStatutory/regulatory requirements (Sarbanes-Oxley, SEC, FCPA,Federal Sentencing Guidelines, funding agency requirements)Employee moraleStakeholder confidence11Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Statutory and Regulatory Guidance/Requirements forFraud Risk e iteriaPCAOBAuditingStandardsDepartmentof JusticeProsecutionPolicyAICPAIIA/AICPA/ACFENYSE / NASDAQAICPAManagementAFPCGuidanceManaging theBusiness Risk ofFraudCorporateGovernance ListingStandardsManagementOverride (“AchillesHeel”)12Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Reasons Why Entities Need to Manage Fraud Risk Organizational Benefits Survival Greater Profitability Intact or enhanced image Improved efficiency & increased ability to meet commitments Enhanced morale – attract/retain talent Individual Benefits Morale Reduced stress Job satisfaction Greater employment security13Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Questions?Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
A COSO-consistent Processfor Fraud Risk ManagementCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
COSO – An Overview The Committee of Sponsoring Organizations of the TreadwayCommission (“COSO”) Formed specifically to study the causal factors that can lead tofraud Private sector initiative established in 1985 by the followingorganizations: American Accounting Association (“AAA”)American Institute of Certified Public Accountants (“AICPA”)Financial Executives Institute (“FEI”)The Institute of Internal Auditors (“IIA”)Institute of Management Accountants (“IMA”)16Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Internal Control – IntegratedFramework (the “Framework”) In 1992, COSO issued the Internal Control – Integrated Framework Intended to help businesses and other entities assess and enhance theirinternal control systems Underlying principles provide framework for proactively establishingan environment to manage fraud risk17Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
The COSO Internal Control –Integrated Framework COSO offers an integrated framework that defines internalcontrol by five interrelated components: ObjectivesControl EnvironmentRisk AssessmentControl ActivitiesInformation & CommunicationMonitoringComponents The COSO framework helpsclarify the context of internalcontrol discussions18Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Recognized as an Internal Control Standard Organizations are continually being held to increased standardsfor internal control Sarbanes Oxley Act of 2002 PCAOB Auditing Standard No. 5 Federal Sentencing Guidelines COSO Framework is well known and recognized as authoritative The COSO Framework has served as the internal controlstandard for organizations implementing and evaluating internalcontrol in compliance with the US Sarbanes-Oxley Act of 2002(“SOX”) and the US Public Company Accounting OversightBoard (“PCAOB”) Standard[s] 2 [and 5] 1 Recognized by executives, board members, regulators, standardsetters, professional organizations, and others as an appropriatecomprehensive framework for internal control1New Guidance for Small Businesses to be Released, July 7, 2006, Institute of Internal Auditors19Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
20Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
The New Internal Control –IntegratedFramework Old framework will be superseded in December 2014 Same 5 components 17 principles “8. The organization considers the potential for fraud inassessing risks to the achievement of objectives.21Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
A COSO-Consistent Approach Tone at the top Code ofConduct/Ethics WhistleblowerHotlineICFRCreatinga ControlEnvironmentPerformingFraud RiskAssessmentsMonitoringActivities Identify fraud riskfactors, fraud risksand fraudschemesAFPC Monitoringeffectivenessof antifraudprograms andcontrolsSharingInformation andCommunicationDesigning andImplementingAntifraudControlActivities Link or mapidentified fraudrisks to controlactivities Effectivecommunication ofantifraud programsand controls5 Elements Source: Committee of Sponsoring Organizations of the TreadwayCommission, Internal Control – Integrated Framework22Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Questions?Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Roles of Key Parties inManaging Fraud RiskCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
3: Key Parties Involved with Managing Fraud RiskThose Chargedwith GovernanceBoard of DirectorsAudit CommitteeManagement(CEO, CFO, COO, CCO)Employees(all levels and functions)Internal Audit25Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Roles & Responsibilities – Board of DirectorsBoard of DirectorsAudit CommitteeManagement(CEO, CFO, COO, CCO)Employees(all levels and functions)Internal Audit Ensure that management designs effective fraud risk management documentation to encourageethical behavior Understand fraud risks (both generally and those affecting the organization) Establish and communicate an appropriate level of risk tolerance for the organization Maintain oversight of the fraud risk assessment Monitor management’s reports on fraud risks, policies, and control activities Ability to retain outside experts where needed Assure that external auditors understand the Board’s active involvement in fraud risk management26Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Roles & Responsibilities – Audit CommitteeBoard of DirectorsAudit CommitteeManagement(CEO, CFO, COO, CCO)Internal AuditEmployees(all levels and functions) Active role in the oversight of the fraud risk assessment Addressing the risk of management override of controls Uses internal audit, or other designated personnel, to monitor fraud risks throughout theorganization Meet separately with appropriate individuals (e.g., internal audit, external auditors) Maintain awareness of the external auditor’s responsibilities pertaining to fraud Seek advice of counsel when dealing with allegations of fraud Provide specific consideration to reputation risk when reviewing work of management, internalaudit, external auditors27Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Roles & Responsibilities – ManagementBoard of DirectorsAudit CommitteeManagement(CEO, CFO, COO, CCO)Employees(all levels and functions)Internal Audit Design and implementation of a fraud risk management programImplementing and documenting a fraud risk assessment processMaintaining adequate documentation of design of antifraud programs and controlsEvaluating design and operating effectiveness of antifraud programs and controlsReporting to the Board on actions that have been taken to manage fraud risks and theeffectiveness of the fraud risk management program Educating the organization on areas of potential compliance violations Enforcing Code of Ethics28Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Roles & Responsibilities – Internal AuditBoard of DirectorsAudit CommitteeManagement(CEO, CFO, COO, CCO)Employees(all levels and functions)Internal Audit Provide assurance to the Board and to management that existing controls are appropriate given therisk tolerance established by the Board Review the comprehensiveness and adequacy of the risks identified by management, especiallyregarding management override risks Support management’s education of the organization regarding areas of potential fraud andcompliance violations Consider fraud risks when developing annual audit plan and spend time to evaluate the design andoperation of antifraud controls Support the audit committee in performing detective activities around the risk of managementoverride of controls29Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Roles & Responsibilities – EmployeesBoard of DirectorsAudit CommitteeManagement(CEO, CFO, COO, CCO)Employees(all levels and functions)Internal Audit Basic understanding of fraud and awareness of red flags Understand their roles within the internal control framework, specifically how their procedures aredesigned to manage fraud risk Read and understand policies and procedures (e.g., fraud policy, code of conduct, whistleblowerpolicy) Participating in the process of creating a strong control environment Report suspicions or incidences of fraud and corruption Cooperate with investigations30Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Questions?Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Control Environment andFraud Risk AssessmentsCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
COSO Overview: Control EnvironmentCreating rmation andCommunicationPerformingFraud RiskAssessmentsControl Environment Control consciousness of an organization; it isthe environment in which people conductbusiness activities and fulfill their controlobligations. The control environment includes bothintangible and tangible elements: Integrity and ethical valueso Incentiveso Communicating moral values Commitment to competence Governance and organization structure Management’s philosophy and operatingstyle Assignment of authority and responsibility Human resource policies and practicesDesigning ht 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
COSO Overview: Control Environment Creating rmation andCommunicationSome of the components of the controlenvironment in which management may focusits efforts include: PerformingFraud RiskAssessmentsDesigning andImplementingAntifraudControlActivities34Audit CommitteeManagement AccountabilityFraud control policy/strategyTone at the TopCode of Conduct and EthicsHiring and Promotion ProceduresHotlines/helplinesInvestigation and corrective actionCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
What is a Fraud Risk Assessment? Fraud risk assessment is anintegral part of an antifraudprogram that is based on theCOSO framework A crucial part of an entity’sbroader risk assessment process, afraud risk assessment considers theways that fraud and misconductcan occur by and against the entityCreatinga ControlEnvironmentPerformingFraud rmation andCommunicationDesigning andImplementingAntifraudControlActivitiesCommittee of Sponsoring Organizations of the Treadway Commission,Internal Control – Integrated Framework35Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Benefits of A Fraud Risk Assessment Help in meeting regulatory requirements Assist in providing structure to tackling the potential of fraud ina proactive manner Reduce exposure from fraud risk, with potential impact onbottom line Supplement the internal controls environment in helping toprevent, detect and deter fraud Help address areas of exposure in an organization where theinternal controls environment may have limitations, such ascollusion36Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Management’s Fraud RiskAssessment Overview1 Identify fraud risk factors Schedule of fraud risk factors Sound knowledge of fraud risk environment Identify fraud risks Identify specific fraud schemes Identify account balances and potentialerrors related to each fraud risk Pervasive & specific fraud risks Catalog of fraud schemesIdentify & Evaluate FraudRisk Factors2Identify Possible FraudSchemes & Scenarios3Analyze Fraud Risks &Evaluate Control Design& Implementation4Evaluate Fraud RiskAssessment Results &Prioritize Residual FraudRisks5OutputApproachStepRisk Treatment Analyze the likelihood and significance ofpossible fraud schemes Link fraud schemes to mitigating controls &evaluate control design and implementation Inherent Risk Rating (IRR) of entityCatalog of existing controlsFraud Control Risk RatingFraud Risk Related Control Gap Analysis Evaluate the results of fraud risk analysisagainst established criteria and prioritizerisks for treatment Residual Risk Rating (RRR) Identification of fraud risks requiring furthertreatment Fraud risks prioritized Prepare Fraud Risk Action Plan Implement Plan Fraud Risk Action Plan Fraud Risks Treated37Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Where do Fraud Risk AssessmentsTypically Fall Down? Appropriate personnel are not involved in the process Assessment consists of an identification of risk factors only, anddoes not include an identification of schemes & scenarios Potential perpetrators are not identified (which can lead toinsufficient consideration of management override) Does not consider collusive fraud and management override ofcontrols Lack of monitoring by the Audit Committee/Board Lack of follow up after identification of fraud risks and linkageto mitigating controls38Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Questions?Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Anti-Fraud Control ActivitiesCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Design and Implement Control Activities Management may focus onseveral considerations whendesigning and implementingantifraud control activities,including:Creating aControlEnvironment Preventive Controls Detective ControlsMonitoringActivities Management may identifypreventive controls, detectivecontrols, or a combination ofboth, as adequately addressingfinancial reporting risks. (SECICFR guidance)41SharingInformation andCommunicationPerformingFraud RiskAssessmentsDesigning andImplementingAntifraudControlActivitiesCopyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Antifraud Control Activities –Prevent, Detect, & DeterFraud Risk MitigationPreventive Controls Detective ControlsDesigned to mitigate theopportunity for an individual toperpetrate a fraudLimited effectiveness whenmanagement may be involved in thefraudServe as a deterrent by creating anadditional obstacle to carrying out afraud Designed to identify indicators of afraud, if committedMay be used as a monitoringactivity to assess effectiveness ofother antifraud controlsServes as a deterrent by heighteningthe perceived likelihood of beingcaughtSource: Managing the Business Risk of Fraud: A Practical Guide42Copyright 2013 Deloitte Development LLC. All rights reserved.Developing a Fraud Risk Management Program
Antifraud Objectives for ControlActivities: Mitigate Control activities designed to mitigate fraud are not always thesame as the organization’s internal control activities designed toidentify errors. Antifraud control activities represent actions taken bymanagement to mitigate the specific fraud risks identi
Making the case for a Fraud Risk Management Program . A COSO-consistent Process for Fraud Risk Management . Roles of Key Parties in Managing Fraud Risk ; Control Environment and Fraud Risk Assessments . Anti-Fraud Con
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
COSO issued guidelines in the Fraud Risk Management Guide [3] to conduct a risk assessment. The following is the recommended fraud risk assessment process for PT X. It should be adopted among the strategies it uses to anticipate the risk of fraud faced by the company. 1) Establish a fraud risk assessment team The fraud risk assessment team may .
Fraud risk management strategy Fraud prevention Anti-fraud culture Risk awareness Whistleblowing Sound internal control systems A fraud policy statement, effective recruitment policies and good internal controls can minimise the risk of fraud. Fraud detection Performing regular checks. Warning signals/fraud risk indicators:
nance policy from scratch. The Fraud Risk Management Guide contains a "Sample Fraud Control Policy Framework" and a "Sample Fraud Risk Management Policy" that can be adapted to any organization. 2. Assess fraud risk This step is the most important fraud risk management step, because it establishes the baseline for succeeding steps. As-
Card Fraud 11 Unauthorised debit, credit and other payment card fraud 12 Remote purchase (Card-not-present) fraud 15 Counterfeit Card Fraud 17 Lost and Stolen Card Fraud 18 Card ID theft 20 Card not-received fraud 22 Internet/e-commerce card fraud los
performing a fraud risk assessment, or For developing and implementing a comprehensive fraud risk management program So, . You get to work one Monday morning and your boss says, "Hey, we need to do a fraud risk assessment in order to comply with the new COSO Principle about fraud risk, and we want you to head up the effort to do that .
c181 c182 c183 c184 . alloy: 5052-h32 per qqa 250/8 & astm b209 . standard finish: chemical film per mil-c-5541e . type 1 class 3 (gold) accessories chassis plate center support bar. actual . length (in) center . bar . sku. lllnl . stk# 5975-chassis . depth (minimum) 1d . 8.000. cb1 53407. 8" 2d . 14.000. cb2 53408. 14" 3d . 20.000. cb3 53409. 20" 4d . 26.000. cb4 unspecified. 26" custom .
