IIA Fraud Conference Case studies from recent investigations 8 April 2015
Outline What is fraud and types of fraud EY s 13 th Global Fraud Survey Survey approach and participant profile Unethical behavior persists Significant industry fraud Whistleblower hotlines Case Study 1 Case Study 2 Fraud prevention About us Page 2
What is fraud? Any intentional act or omission designed to deceive others * The use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization s resources or assets ** Fraud is profitable Fraud is a growth industry Fraud is a significant compliance risk area *Source: American Institute of Certified Public Accountants **Source: ACFE Report to the Nations 2014 Page 3
Types of fraud Fraud Schemes Misappropriation of Assets Theft or misuse of tangible and intangible assets. Fraudulent expenditures. Fictitious Vendor Theft of Intellectual Property Theft of Assets Payroll Fraud Employee Expense Fraud Cash Skimming Fraudulent Statements Schemes Misstatement or omission of material information/accounting records from financial statements. Improper Capitalization/ Deferral of Expenses Improper Revenue Recognition Asset/Liability Manipulation Improper Accounting of I/C Transactions Improper Manipulation of Tax Accounts Improper Journal Entries Management Estimates Significant/ Unusual Transactions Corruption Schemes Utilizing influence in business transactions to obtain a personal benefit. Bribery and/or extortion. Aiding and abetting fraud. FCPA/UK Bribery Act Conflicts of Interest Procurement Fraud Page 4
Survey approach and participant profile EY s 13 th Global Fraud Survey Between November 2013 and February 2014, our researchers conducted 2,719 interviews with various executives in 59 countries and territories Interviewees were selected from a sample of the largest companies in each country. Employees interviewed included industry leaders chief executive officers (CEOs), chief financial officers (CFOs), chief compliance officers (CCOs), general counsel and heads of internal audit. Interviews were conducted on an anonymous basis in the local language by telephone or in person. Details of the full survey are shown below: Revenue % of respondents More than US$5B 6% US$1B-US$5B 18% US$500M-US$0.99B 13% US$100M-US$499M 30% US$99M or less 31% Above US $1B 24% Below US $1B 73% Job title % of respondents CFO 28% Other finance 23% Head of internal audit 9% Other audit/risk 9% General counsel 7% CEO 6% Head of marketing/sales 4% CCO 3% Other 11% Please note that, due to rounding or the omission of percentages to allow better comparison, some figures may not sum to 100% * Details of countries categorized as developed markets and emerging markets can be found in the appendix. Page 5
Unethical behavior persists EY s 13 th Global Fraud Survey - Figures 1, 5, & 10 Q. Which, if any, of the following do you feel can be justified if they help a business survive an economic downturn? US Results North America Developed markets Emerging markets Other respondents Offering entertainment to win/retain business 28 33 30 28 29 Personal gifts to win/retain business 4 5 11 17 14 Cash payments to win/retain business 0 1 7 16 13 Misstating company s financial performance 2 3 4 8 6 At least one of these can be justified 30 % Agree 35 38 45 42 % Agree Base: US 2014 (50); North America 2014 (100); developed markets 2014 (1103); emerging markets 2014 (1616); all respondents 2014 (2719) % don't know and none of the above have been omitted to allow better comparison between responses given Page 6
Unethical behavior persists EY s 13 th Global Fraud Survey Figure 6 Q: Given the pressure that often exists to meet financial targets, which, if any, of the following activities do you feel can be justified to meet those targets? More flexible product returns Change assumptions determining valuations/reserves Extend monthly reporting period Backdate a contract US Results 33 14 11 8 CFO Head of IA CCO GC Head of Marketing 31 25 27 31 44 17 12 11 13 15 11 10 4 10 15 10 9 3 12 8 None of these At least one of these % Agree 50 47 51 61 56 48 41 48 39 36 45 54 % Agree Base: All respondents (2,719); CFO (752); head of internal audit (238); CCO (95); general counsel (181); head of marketing/sales (108). The don t know and refused percentages have been omitted to allow better comparison between the responses given. Page 7
Has your organization experienced a significant fraud in the last two years? Industry % Yes Financial services 17 Other transportation 16 Oil, gas and mining 16 Other sectors 13 Technology, communications and entertainment 13 Government and public sector 12 Consumer products, retail or wholesale 12 Average of all respondents 12 Power and utilities 11 Manufacturing and chemicals 11 Real estate 9 Automotive 8 Professional firms and services 8 Life sciences 6 More than 1 in 10 executives surveyed reported their company as having experienced a significant fraud in the past two years. The level of fraud reported by respondents has remained largely unchanged over the past six years from 13% in 2008 to 12% in 2014 Page 8
Detection of fraud schemes Tip 42.2% Management Review 16.0% Internal Audit 14.1% By Accident Account Reconciliation Document Examination External Audit Surveillance/Monitoring Notified by Law Enforcement IT Controls Confession Other 6.8% 6.6% 4.2% 3.0% 2.6% 2.2% 1.1% 0.8% 0.5% Almost 50% of schemes are discovered by Tip or Accident Source: ACFE Report to the Nations 2014 Page 9
ACFE 2014 Report to the Nations on speaking-up Tips are consistently and by far the most common detection method. In 2014 report, 42.2% of cases showed a tip as the most common method of initial detection of occupational fraud. Management review is second at 16%. Organizations with hotlines Were much more likely to catch fraud by a tip Detected the fraud 50% quicker Experienced frauds that were 41% less costly Page 10
Types of fraud Fraud Schemes Misappropriation of Assets Theft or misuse of tangible and intangible assets. Fraudulent expenditures. Fictitious Vendor Theft of Intellectual Property Theft of Assets Payroll Fraud Employee Expense Fraud Cash Skimming Fraudulent Statements Schemes Misstatement or omission of material information/accounting records from financial statements. Improper Capitalization/ Deferral of Expenses Improper Revenue Recognition Asset/Liability Manipulation Improper Accounting of I/C Transactions Improper Manipulation of Tax Accounts Improper Journal Entries Management Estimates Significant/ Unusual Transactions Corruption Schemes Utilizing influence in business transactions to obtain a personal benefit. Bribery and/or extortion. Aiding and abetting fraud. FCPA/UK Bribery Act Conflicts of Interest Procurement Fraud Page 11
Case studies Page 12
Case study 1 The client An information technology equipment and services company that operates call centers for third parties. What happened A terminated employee (whistleblower) sent an anonymous email to his former employer s customer alleging fraudulent billing practices. The investigation The investigation took place over a period of two months and focused on determining the fraudulent invoicing process, identifying the individuals involved, and quantifying the extent of the over-billing. Page 13
Case study 2 The client A financial services organization based out of New York, with primary operations located in Los Angeles What happened A whistleblower (who was involved with the fraud schemes), grew frustrated and reported the fraudulent activities. The investigation The investigation took place over a period of three months and focused on identifying the fraudulent schemes, assessing the financial ramifications and impact on the financial statements. Additional time was spent assisting the client with preparing for the insurance claims process Page 14
Case study 2 (continued) Scheme Impact Work performed Fictitious vendors and kick-back scheme Employee Expense Fraud Capitalization of non-existing assets $6M in payments made to fictitious vendors, or vendors that provided kick backs to the employees engaged in the scheme $3M identified as suspicious reimbursements Material error resulted in Big R restatement Over $3M in assets written-off from the balance sheet Analyzed invoices for three vendors, identified by the whistleblower as being party to the fraudulent schemes Gained understanding of which services were legitimate and which were overstated as a result of kick-backs Analyzed over $18M in expenses for 8 individuals Identified reimbursements for falsified credit card statements, false invoices for asset purchases, and other non-reimbursable expenses Identified assets from the fictitious vendor and expense fraud schemes that were capitalized Calculated the amounts incorrectly capitalized and depreciated during the period Page 15
Fraud prevention Page 16
Fraud prevention measures Tone at the top Anti-fraud programs Code of ethics Policies and procedures Continuous communication and reinforcement of fraud prevention programs Anti-fraud training Fraud risk assessments Page 17
Components of an anti-fraud program Fraud prevention Setting the Proper Tone Proactive Reactive Elements of a successful corporate anti-fraud program Code of Ethics Fraud Prevention Policies Communication and Training Fraud Risk Assessment Management Ownership and Involvement Controls Monitoring and Analytics Incident Response Plan Anti-fraud key activities Corporate compliance program design Corporate compliance assessment Gap analysis Future state design session Discovery response planning Records and information management Who owns fraud? Assign roles and responsibilities Fraud and risk committee formulation Customized training Corporate governance Design sessions Corporate anti-fraud roadmap Hotline Fraud risk assessment Targeted anti-fraud analytics Internal control testing Internal control monitoring Investigations Response plan Discovery and document review Forensic data analytics Assessment & remediation Continuous improvement Page 18
Does your organization have whistleblowing hotlines? Industry % Yes Nearly half of the businesses in the survey do not have a whistleblower hotline Many businesses will find it very easy to describe how they are rewarding growth but can they also articulate how they are rewarding an ethical culture? Financial services 66 Life sciences 57 Power and utilities 56 Automotive 55 Other transportation 55 Oil, gas and mining 53 Government and public sector 53 Average of all respondents 51 Technology, communications and entertainment 50 Manufacturing and chemicals 48 Consumer products, retail or wholesale 47 Real estate 46 Other sectors 44 Professional firms and services 43 Page 19
Dodd-Frank Whistleblower Program Source of Tips Since the beginning of the whistleblower program, the Commission has received whistleblower tips from individuals in sixty-eight (68) countries outside the United States. In Fiscal Year 2013 alone, the Commission received whistleblower submissions from individuals in fifty-five (55) foreign countries. The map below reflects all countries in which whistleblower tips originated during Fiscal Year 2013: Source: 2013 An Ann SEC Annual Report to Congress on the Dodd-Frank Whistleblower Program Page 20
ACFE 2014 Report to the Nations Frequency of anti-fraud controls Presence of anti-fraud controls Reduced fraud losses Shorter fraud duration 18 anti-fraud controls in the survey All percentages are higher in organizations with 100+ employees Code of conduct 77.4% IA department 70.6% Management review 62.6% Independent audit committee 62.0% Hotline 54.1% Employee support programs 52.4% Fraud training (management and employees separate in survey) 47.8% Anti-fraud policy 45.4% Dedicated fraud department, function or team 38.6% Proactive data monitoring/analysis 34.8% Formal fraud risk assessment 33.5% Surprise audits 33.2% Job rotation/mandatory vacation 19.9% Rewards for whistleblowers 10.5% Page 21
Components of an anti-fraud program Fraud prevention Setting the Proper Tone Proactive Reactive Elements of a successful corporate anti-fraud program Code of Ethics Fraud Prevention Policies Communication and Training Fraud Risk Assessment Management Ownership and Involvement Controls Monitoring and Analytics Incident Response Plan Anti-fraud key activities Corporate compliance program design Corporate compliance assessment Gap analysis Future state design session Discovery response planning Records and information management Who owns fraud? Assign roles and responsibilities Fraud and risk committee formulation Customized training Corporate governance Design sessions Corporate anti-fraud roadmap Fraud risk assessment Targeted anti-fraud analytics Internal control testing Internal control monitoring Investigations Response plan Discovery and document review Forensic data analytics Assessment & remediation Continuous improvement Page 22
Six steps to help protect your business Own the problem In businesses where the risks of fraud, bribery and corruption are properly acknowledged, compliance is not seen as a tick-box exercise. In these businesses, management owns the problem, and boards challenge management to ensure that they are prioritizing risk and dealing with issues effectively. Deal with the issues - Make compliance relevant Making compliance relevant to local teams does not mean diluting the program or bending the rules. It means engaging with teams to manage specific requirements while retaining a robust and consistent approach. Communicate the risks Businesses that have a strong code of ethics are not just good at controlling behavior. They excel at communicating the risks of unethical conduct. Communicate the benefits Investors and regulators are looking for global companies to show their ability to prevent and detect fraud or other unethical behavior. This can often be demonstrated through an audit of the effectiveness of the compliance/internal audit function. Focus resources A sharp focus on key risks is critical, and begins with understanding where the risks are. Having identified the risks, businesses need to act. Technology has a key role to play in helping focus resources. The use of forensic data analytics can identify incidences of anomalous activity and guide more detailed assessments. Ask questions, demand answers Companies with robust approaches to fraud, bribery and corruption exercise their audit rights on third parties and insist that their suppliers regularly respond to requests for information. Page 23
About us Matthew Baker, CPA, CFE, CAMS Manager Fraud Investigation & Dispute Services Phone: +1 213 977 3282 Email: matthew.baker@ey.com Ernst & Young LLP 725 South Figueroa Street Los Angeles, CA 90017 Matthew Baker is a Manager in the Los Angeles office of Ernst & Young. Matthew has experience serving a variety of engagements including fraud investigations covering asset misappropriation and financial statement fraud, litigation support for audit malpractice defense cases, FCPA risk assessments, and anti-money laundering compliance assessments and investigations. Matthew s compliance experience includes working closely with a multi-national financial institution and its subsidiary to review policies and procedures, along with transactional information, for compliance with Bank Secrecy Act, Dodd Frank, and other anti-money laundering legislations. Matthew has led investigations into allegations of embezzlement, fraudulent billing schemes, and revenue recognition issues. Matthew has worked directly with the Internal Audit department of a Fortune 100 company, leading its internal investigations into allegations of asset misappropriation and other violations of company policy. Matthew has participated in international investigations and has experience coordinating investigative efforts with international teams. In addition, Matthew has experience providing litigation support to expert witnesses and counsel in preparation for audit malpractice defense litigations and arbitrations. Matthew also has experience managing FCPA risk assessments for companies in the consumer products and retail industries, overseeing assessments conducted in southeast Asia and Latin America. Matthew graduated from California State University, Long Beach with a Bachelor s Degree in Business Administration, emphasis in Accountancy and a minor in Criminal Justice. He is a Certified Public Accountant ( CPA ), Certified Fraud Examiner ( CFE ), and a Certified Anti-Money Laundering Specialist ( CAMS ). Page 24
About us Dasha Russ, CPA Manager Fraud Investigation & Dispute Services Phone: +1 213 977 4393 Email: dasha.russ@ey.com Ernst & Young LLP 725 South Figueroa Street Los Angeles, CA 90017 Dasha Russ is a Manager in EY s Fraud Investigation and Dispute Services ( FIDS ) practice. During her time with EY in the Los Angeles office, Dasha has worked on fraud investigations, risk assessments, internal audits and Foreign Corrupt Practices Act (FCPA) assessments for a variety of companies including several not-for-profits and Fortune 500 companies Dasha has worked on multiple engagements in the area of Anti-Money Laundering ("AML") and has assisted clients in assessing and mitigating AML risks. She has also worked in the field of audit malpractice defense where she assisted legal counsel with document review, issue analysis, and the creation of exhibit databases used during arbitration preparation. Dasha experience includes multi-national investigations involving expense fraud, regulatory compliance, and asset misappropriation. She has worked directly with government regulators to address regulatory concerns and requests. Prior to working with the FIDS group, Dasha worked in EY s Advisory practice where she performed IT audits that focused on critical systems in support of the financial audit. Dasha has also worked on a range of internal audit project for several not for profits that focused on assessing grant compliance, quality controls procedures and assessment of policies focused on improving client operations. Dasha has also worked with several businesses on developing and performing enterprise risk assessments to measure and identify key risks for the organization using both bottom-up and top-down approaches. Dasha received her Bachelor of Science in Accounting with an emphasis on Accounting Information Systems from the University of Southern California. She is also a Certified Public Accountant. Page 25
Questions Page 26
EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. About EY s Assurance Services Our assurance services help our clients meet their reporting requirements by providing an objective and independent examination of the financial statements that are provided to investors and other stakeholders. Throughout the audit process, our teams provide timely and constructive challenge to management on accounting and reporting matters and a robust and clear perspective to audit committees charged with oversight. The quality of our audit starts with our 60,000 assurance professionals, who have the breadth of experience and on-going professional development that comes from auditing many of the world s leading companies. For every client, we assemble the right multidisciplinary team with the sector knowledge and subject-matter expertise to address your specific issues. All teams use our Global Audit Methodology and latest audit tools to deliver consistent audits worldwide. About EY s Fraud Investigation & Dispute Services Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority no matter what the industry sector is. With our more-than-2,000 fraud investigation and dispute professionals around the world, we assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. We work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide. 2014 Ernst & Young LLP. All Rights Reserved BSC no. 1403-1221809 This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com