Fraud Risk Management – Providing Insight Into Fraud .
Fraud Risk Management –providing insight into fraudprevention, detection and responseFor private circulation onlywww.deloitte.com/in
Fraud follows opportunityand attacks weakness. Knowwhere you are vulnerable andhow to take control.2
IntroductionIncrease in the levels ofscrutiny byRegulatorsAppearing in the form of58%Governmentof respondents have increased theirfocus on fraud risk managementHaving a reputation for integrity is crucial tosafeguarding market confidence and public trust.Unfortunately, fraud and misconduct can seriouslyundermine such efforts, exposing an organisation tolegal, regulatory, or reputational damage. That is whyexperienced business leaders work to ensure that theyhave an effective approach to mitigating these risks.This is especially important in an environment marked byintense scrutiny and rising enforcement.The area of fraud risk management is increasinglyattracting mainstream attention as various edFraud PolicyEnhancedfraud riskmonitoringhave begun to comprehend the negative effects ofuncontained risk. With 58 percent of respondents toDeloitte’s (UK/ LLP) 2012 report on ‘The Internal AuditFraud Challenge’ having said that the new regulatoryenvironment has led them to an increased focus onfraud risk management - is definitely a positive sign.A strong anti-fraud stance and proactive, comprehensiveapproach to combating fraud is now graduallybecoming a pre-requisite and any organisation thatfails to protect itself appropriately, faces increasedvulnerability to fraud.Fraud Risk Management3
Deloitte’s Fraud RiskManagement ServicesWe are accustomed to working with clients in a varietyof situations, particularly when the level of scrutiny ishigh and the margin for error is low. Examples includewhen: Your company experiences a problem and you wantto take steps to reduce the likelihood of recurrence Your industry is under scrutiny and you need toassess that your programs and controls can meetstakeholder expectations Your board needs to demonstrate performance ofits fiduciary duty to evaluate periodically whetheryour compliance program is designed and operatingeffectively Your internal audit or compliance functions wouldbenefit from heightened levels of objectivity orspecialization in assessing your program Your employees and third-party agents are operatingin environments with added pressures andopportunities to commit fraud or other illegal acts tomeet targets4 Your budget owners need to identify and cutunnecessary costs associated with occupationaltheft, waste, and abuse Your management team needs to identify fraud andmisconduct risks when performing due diligence onacquisition targets or business partners Your company needs to adopt more formalizedgovernance mechanisms and antifraud controls aspart of an initial public offeringA robust fraud risk management thus, requiresmore than just ensuring an effective system ofinternal controls. It also requires clearly defined andimplemented actions designed to reduce fraud riskand an ongoing assessment of the effectiveness of theorganisation's approach to managing the business riskof fraud.
ToolsA 360o approach to fraud risk management: The anti-fraud controls roadmap“Continuous Improvement: Diagnose, Detect and Respond” Steps Generally Include –Diagnosevulnerability tofraudDetect gaps inanti-fraud controlsRecommendMitigatingAntifraud ControlsContinuousor PeriodicMonitoringDevelop FraudResponse PlanInvestigate casesof alleged fraud Evaluate thecurrent statusand effectivenessof theorganisation’santi-fraud controlenvironment- this involvesassessing theculture, attitude,and awarenessamongstemployees abouttheir knowledgeof and responseto any issuesof fraud ormisconduct Evaluatemanagement’sexisting fraudrisk managementframework todetect potentialgaps of antifraud controls inthe processes Establish fraudrisk profiles byanalysis andranking of fraudrisks (as high/medium/ low)against existinganti-fraudcontrols Recommendenhancement ofexisting controlsor mitigatingantifraudcontrols forimplementation,based on‘antifraudcontrol’ gapsdetected Enablecontinuousmonitoring ofcontrols usingtechnology;and/or Perform forensicdata analyticsof transactionsperiodicallyat the processlevel to alertManagement offraud signals Develop a fraudresponse planto address casesof alleged orconfirmed fraud Investigate casesof alleged orconfirmed fraud Assist in theinvestigation ofcases of allegedor confirmedfraud within theorganisation Incorporateidentifiedfraud risksand schemesinto fraud riskmanagementframework basedon findings frominvestigationForensic dataanalytics(DETECT)Develop FraudResponse Plan(RESPOND)Employees’ EthicsSurvey(DIAGNOSE)Fraud RiskManagement Tool(DETECT)Recommendmitigating anti-fraudControls(RESPOND)Investigatecases of allegedfraud(RESPOND)“To think, we know and understand all risksaround us is misleading, to think we can manageall of them, if they hit us, is an illusion, and toturn a blind eye to them is sheer foolishness.”Fraud Risk Management5
I. Comprehensive evaluation of anti-fraud programsand controls, ethics and compliance programOrganisations need to realize the growing importanceof addressing / controlling the risk of fraud in acomprehensive and integrated manner, which would inturn benefit them in a number of ways.Evaluating anti-fraud programs, controls, ethical conductand compliance with policies and procedures in thebusiness process by assessing its vulnerability to fraud isthe foundation on which effective anti-fraud processesare built. Does the management conduct, document andupdate fraud vulnerability assessment periodically(typically annually)? Can the management explain key fraud risks that mayaffect the company’s brand, reputation and assets?Deloitte assists organisations in conducting acomprehensive periodic evaluation of anti-fraud controlswith the help of fraud risk management tools that aretailored to an organisation’s processes and specificindustry that help check the adequacy of your existinganti-fraud programs and controls.1Know exposureto fraud risks orvulnerabilities24Investigate thesignals – casesof confirmed andalleged fraudA 360º approachto anti-fraudcontrol measures3Recommend remediationmeasures and tools toimplement. Treat thefraud signals.Lack of effective corporate governance seriouslyundermines any fraud risk managementprogramme. Only meticulous and ongoing effortby an organisation can protect itself againstsignificant acts of fraud.6Detect the gapsin the existingfraud preventionand detectioncontrol measures
II.Fraud vulnerability diagnostic tool: A web-enabledemployee ethics and fraud awareness survey toolDeloitte’s web-enabled fraud and ethics survey toolassesses an organisation’s ethical culture, the attitudeof its employees towards fraud, the awarenessof fraud-related policies and procedures, and anemployees’ willingness to report fraud and other seriousmisconduct. The web-enabled survey can also provideemployees a chance to offer their suggestions toimprove the control environment. This survey gathersanonymous feedback from employees and managementby guiding them through a series of questions coveringkey areas such as: Awareness of policies and communication Organizational culture and code of conduct Raising a concern about fraud and misconduct Fraud risk management assessment Conflicts of interest Areas of improvementThe process also includes the analysis and productionof an interpreted report of findings that includesidentification of key issues, practical recommendations,and suggested steps.III. Employee fraud awareness training(s): Essentialelement of fraud controlMaking employees aware of their obligations concerningfraud and misconduct controls begins with practicalcommunication and training. Like any other complianceeffort, effective fraud control means educating youremployees to understand the critical role they play inpreventing, detecting and deterring fraud.Your organisation’s philosophy and expectations inrelation to fraud control and ethical behavior shouldbe planned, prioritized and clearly communicated.Employees at all levels need to be aware of antifraudactivities, have a clear understanding of what isexpected of them, know that the organisation takesthe threat of fraud seriously, and knows where to seekassistance and advice.In formulating a training and communications plan,management should consider developing fraud andmisconduct awareness initiatives that are: Comprehensive and based upon job functions and riskareas Integrated with other training efforts, wheneverpossible Effective in a variety of settings, using multiplemethods and techniques Regular and frequent, covering the relevant employeepopulationDeloitte has experienced fraud training facilitatorswho can assist you by designing and delivering fraudawareness training tailored to the specific needs of yourorganisation. The issues generally covered are: Organizational expectations and obligations Relevant codes and policies Understanding the concept of fraud and the “fraudtriangle” How to and the benefits of preventing fraud Unearthing typical fraud indicators or “red flags” Recognizing conflicts of interest and taking steps toresolve them Reporting fraud and seeking assistanceFraud Risk Management7
IV. Tip-offs Anonymous: Deloitte’s whistle blowingserviceAn important aspect to encourage accountability andtransparency within an organisation is a mechanismto enable all individuals to voice concerns internallyin a responsible and effective manner when theydiscover information which they believe shows seriousmalpractice.Implementing an employee whistleblowing hotlinegives your employees a voice to confidentially reportworkplace concerns and enables you to identify andrectify problems before they damage your business,reputation and employee morale. Companies are alsoslowly beginning to realize the importance of integratinga whistleblower service/ independent helpline as part ofthe fraud risk management strategy. Additionally, it hasbeen proved to be one of the most effective ways todetect fraud (as per the ACFE 2014 Global Fraud Study)1.Deloitte’s Tip-offs Anonymous is a whistleblowingfacility that provides callers the opportunity to raise aconcern regarding an incident of wrongdoing, fraudor unethical behaviour within the workplace, andreport it to an independent party.What does it entail? 24/7 operation Telephone, email, web, fax, text Over 16 languages supported Support with Ethics, Whistle-blowing, Fraud orGovernance Policies Effective communication and awarenesscampaigns Privacy compliant Compliance with whistle-blower legislation Complete information securityV. Forensic data analytics tool: Leveragingtechnology to proactively detect, prevent andcontrol fraudData assessment and continuous analysisDeloitte’s DTectTM, a forensic data analytics proprietarytool, can profile and analyse financial and non-financial data across various areas and disparate systems tofind anomalous relationships, transactions or unusualpatterns, such as, duplicate supplier invoicing, ghostemployees, altered payees, etc. This rigorous analysiscan help organisations identify fraudulent activity; prioritize case management and investigation; and improvethe false positive rate of a detection and preventionstrategy.Deloitte’s forensic data analytics tool enables us toanalyze data to help answer some of the following: What happened? Where did it happen? How many times did it happen? What is the volume / value involved? What ruled or thresholds have been breached? Are there any non-compliance issues with contractsand anti-fraud control gaps in processes?This analytical tool can be used to detect various fraudulent issues and raise red flags by performing tests thatcan identify and isolate suspicious transactions withinthe vast data fields that hum away in the course ofeveryday business. Deloitte makes use of DTect, to interrogate data across the business, based on which electronic data analysis is conducted and specific fraud riskmanagement issues are investigated. This therefore actsas a comprehensive ‘Health Check’ for your businessor for detecting anomalies and potential fraud in yourbusiness processes or functions.An effective fraud risk management frameworkwill enable organisations to have controls that firstprevent the fraud from occurring, detect as soon asa fraud happens and respond effectively to fraudincidents when they occur.81 The Association of CertifiedFraud Examiners (‘ACFE’)report is based on datacompiled from a study of1,483 cases of occupationalfraud that occurred that werereported by the CertifiedFraud Examiners (CFEs) whoinvestigated them. Theseoffenses occurred in nearly100 countries across sixcontinents, thus providing aview into the global natureof occupational fraud.
VI. Develop a Fraud Response Management Plan Has the company developed a fraud responsemanagement plan to react to the allegations of majorfraud or corruption? Does that plan include assigned responsibilities formanagement and advisers to help drive actions andcommunications that will sustain confidence?It is critical for an organisation to develop fraudresponse strategies, which would help in minimizingthe impact of frauds that occur, or are discovered, andcome to the attention of the company, authorities andother interested parties. Deloitte assists organisationsin setting up an effective Fraud Response Managementprogram / plan that is designed to allow the organisation to react to various types of fraud and misconductallegations in a measured and consistent manner.These plans can be valuable in implementing a robustresponse to allegations under severe time pressure andintense scrutiny from the media, regulators, investors,and law enforcement. The overarching goal of a fraudresponse program is to protect the organisation fromthe economic, reputational and legal risks associatedwith the fraud allegation.One of the elements also included in a substantive fraudresponse strategy is the capability to conduct soundinvestigations. Additionally, pre-determining investigative resources and protocols can accelerate the pace ofan investigation and also help reduce the risk of ineffective investigations. We believe that most organisationscould benefit from incorporating leading practices intotheir investigative response plans, including: Establishing and documenting fraud investigationprotocols Identifying fraud investigation resources, especiallyglobal response teams, before the occurrence of acrisis Implementing a case management system to trackand log the resolution of fraud allegations Implementing processes and control improvementsenterprise-wide to gain efficiencies and preventrecurrencesFraud Risk Management9
Conclusion: Responding to thebusiness risk of fraudGiven below is a pragmatic approach of the top focus areas of fraud prevention and detection strategies within afraud risk management programme that can help provide the board of directors and the senior management withactionable results:Data andTechnology Web-based survey tounderstand ethical culture Fraud awareness training Conduct whistle blowingsystem assessments andbenchmarking Forensic data analytics toidentify transaction anomaliesand unusual patterns Computer Forensics Fraud vulnerability diagnostic(FRM tools used to evaluateanti-fraud controls) Business Intelligence services Corporate Fraud InvestigationCultureMake fraud risk management strategy a priority.Have a discussion about the organisation’s fraud riskmanagement strategy that involves senior management,the board of directors and audit committee to garnertop-level support. Build a cross-departmental fraud riskmanagement committee. Talk about fraud risks and howorganisations can benefit by enhancing their fraud riskmanagement capabilities and share examples of fraudschemes in the news or from the organisation’s pastexperiences — effective risk management comes withopenness and awareness.Plan and execute a fraud risk managementprogramme. Establish clear roles, responsibilities andaccountability for fraud risk management. Set goals andtimelines and measure the progress in implementingimprovements. Put an annual process in place to updatethe fraud risk management plan and re-evaluate thefraud risk management strategy based on changes inthe business and risk environment.Perform an anti-fraud control gap analysis. Comparethe organisation’s fraud risk management practices withleading global practices using appropriate fraud risk10Controlsmanagement tools. This will help make the organisation’s anti-fraud controls robust as well as stay one stepahead of the fraudster. Identify the missing elementsand determine priorities for how anti-fraud controlgaps, if any should be addressed. For those practices,which the organisation already has in place, use therecommended leading practices to help uncover furtherperformance improvement opportunities. Using thefraud risk management tool, which also provides a riskrating system (based on evaluation of business processesvis-à-vis their fraud vulnerability and its impact) proves tobe an efficient and effective way to periodically evaluatethe robustness of anti-fraud control measures.Fraud risk management is not a one-time exercise but acontinuous process. As businesses change and grow, sodo their fraud risks. We therefore recommend a continuous improvement approach to the fraud risk management strategy that requires regular measurement ofwhere the business is and where it wants to be in termsof effectively preventing, detecting, and deterringfraud. We call this approach the Diagnose, Detect andRespond Strategy.
What sets us apart?Presence &InfrastructureDeloitte has significant geographic presence in India, with offices in 13 locations includingBengaluru, Chennai, Hyderabad, Kolkata, Mumbai and New Delhi. We have a highlydeveloped infrastructure that has more than ten years of maturity.Expertise andExperienceWe have a highly talented and globally competitive workforce, offering experience andexpertise in a wide range of services. Professionals in our Forensic & Dispute Servicespractices have worked on some of the largest and most complex investigations of fraudand corruption within India and globally. Our team has assisted clients on a number ofanti-bribery engagements that include anti-bribery due diligence, compliance reviews andinvestigations.Robust Tools,Flexibility andScalabilityOur key differentiator is the use of robust tools in all our various forensic engagements, rightfrom preventive services like the fraud risk management assessment to reactive services likethe investigations that results in building efficiency and effective delivery of engagements,which in turn benefits our clients with outputs substantially exceeding their expectations. Wehave the flexibility and scalability to quickly ramp up to support large projects at short notice.We are able to staff projects, both virtually and on-site.Proven GlobalDelivery ModelDeloitte has a proven global delivery model, working seamlessly across time zones andcultures to deliver high quality work on time. Depending on engagement requirements, weadjust our timetables to meet client requirements.TechnologyDeloitte operates one of the largest electronic discovery labs in Asia (and the largest in India),utilizing advanced technology to collect, process, host, and analyze electronically storedinformation (emails, user files, metadata, etc.) in support of forensic investigations.A timely detection of fraud incidents will go along way in containing the losses and improvingthe chances of recovery. It is now time fororganisations to ensure that their current fraudrisk management strategies are revised to ensurethat they are in line with the current fraud trendsand adequate to take care of future growth besidesincreasing ways of detecting frauds p
everyday business. Deloitte makes use of DTect, to inter-rogate data across the business, based on which elec-tronic data analysis is conducted and specific fraud risk management issues are investigated. This therefore acts as a comprehensive ‘Health Check’ for your business or for detecting anomalies and potential fraud in your business processes or functions. An effective fraud risk .
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
COSO issued guidelines in the Fraud Risk Management Guide [3] to conduct a risk assessment. The following is the recommended fraud risk assessment process for PT X. It should be adopted among the strategies it uses to anticipate the risk of fraud faced by the company. 1) Establish a fraud risk assessment team The fraud risk assessment team may .
Fraud risk management strategy Fraud prevention Anti-fraud culture Risk awareness Whistleblowing Sound internal control systems A fraud policy statement, effective recruitment policies and good internal controls can minimise the risk of fraud. Fraud detection Performing regular checks. Warning signals/fraud risk indicators:
Making the case for a Fraud Risk Management Program . A COSO-consistent Process for Fraud Risk Management . Roles of Key Parties in Managing Fraud Risk ; Control Environment and Fraud Risk Assessments . Anti-Fraud Con
nance policy from scratch. The Fraud Risk Management Guide contains a "Sample Fraud Control Policy Framework" and a "Sample Fraud Risk Management Policy" that can be adapted to any organization. 2. Assess fraud risk This step is the most important fraud risk management step, because it establishes the baseline for succeeding steps. As-
Card Fraud 11 Unauthorised debit, credit and other payment card fraud 12 Remote purchase (Card-not-present) fraud 15 Counterfeit Card Fraud 17 Lost and Stolen Card Fraud 18 Card ID theft 20 Card not-received fraud 22 Internet/e-commerce card fraud los
Secret weapon for 70% white hair coverage. Ammonia freepermanent colour. Result: Luminous reflects and added volume. Perfect for: Women who want a multi-dimensional result and white hair coverage. Classic, rich permanent colour that treats the hair while colouring. Result: Intense and long lasting colour. Perfect for: Women who want the ultimate radiant colour results with absolute confidence .
