Fraud Risk Assessment

Similar documents
Sunera Canada ULC. Effective Fraud Risk Assessment Annual Fraud Program. October 21, 2016

Fraud Risk Assessment CARRIE KENNEDY, PARTNER DUSTIN BIRASHK, PARTNER

HOW TO SPOT AND MITIGATE FRAUDULENT ACTIVITIES

The Auditor s Responsibilities. Audit of Financial Statements

FRAUD: A Web Of Deceit

Auditing and Assurance Standards Council

A c f e. Report to. the Nation. on Occupational Fraud & Abuse

Spotting Financial Distortions: A Primer for Attorneys

Types of Fraud, Detection and Mitigation Presentation by: Isaac Mutembei Murugu CIA, CISA 23 rd November Uphold public interest

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Beyond Borders: Corruption Risk in Today s s Global Marketplace. Dallas-Fort Worth Joint IIA Chapter Meeting May 14, 2009

International Standard on Auditing (Ireland) 240

International Standard on Auditing (UK) 240 (Revised June 2016)

Describe Fraud in the Context of Financial

FINANCIAL STATEMENT FRAUD: DETAILED LOOK AT UNCOVERING CREATIVE ACCOUNTING FRAUD: P R E S E N T E D B Y : J O H N E K A D A H

The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements

UNDERSTANDING FINANCIAL STATEMENTS

Fraud prevention for credit unions

Financial Statement Fraud

Figure 1: Occupational Frauds by Category Frequency

Fraud Examination. Prevention, Detection, and Investigation. Steven M. Bragg

Its Not About If, Its About When! Learning how to protect your organization.

STRATEGIES FOR MANAGING RISKS FROM FRAUD TO CORRUPTION. April 11, 2017

Table 1: Historical Summary of Revenue Lost to Fraud. Estimate of Revenue Lost to Fraud

November 2017 ICPAK FORENSIC AUDIT SEMINAR

What do they investigate

REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE GLObAL FrAUD STUDy

IIA Fraud Conference. Case studies from recent investigations. 8 April 2015

Fraud Risk Assessment Awareness in Employee Benefit Plans

Managing Reputational Risk for Nonprofit Organizations. Best Practices for Fraud Prevention. July 14, Christopher W. Truman, CPA, Manager

Anti-Fraud Policy Date: Version: Review Date:

Illustrate by way of some example how Fraudulent Financial Reporting and Misappropriation of Asset can be done?

Fraud risk management. Oil and gas sector

Lecture Notes for How to Steal $500 Million

Asset Misappropriation. Peter N. Munachewa, CICA, CFIP, CFE

COVERAGE FRAUD IN EMPLOYEE BENEFIT PLANS 5/15/2014. Where employee benefit fraud is likely. Internal controls that help prevent fraud

Fraud Prevention for Nonprofits

FRAUD EXAMINERS MANUAL INTERNATIONAL EDITION

Fraud Prevention and Detection. Lisa dewit, Sr Project Manager (3-5631) Formation Review 20 Oct 17 Prepared for: IIA Annual Fraud Seminar

1/3/2013. Months. Other $75,000. Government $81,000. Non-Profit $100,000. Dollars. Public Company $127,000. Private Company $200,000

University System of Georgia s 2016 Georgia Summit Fraud in Higher Education

An Expensive Problem. Fraud in Government A Growing Problem

FRAUD EXAMINERS MANUAL

FRAUD AWARENESS & PREVENTION

Financial Crime - Early Warning Signs the role of Internal Audit in recognizing red flags

REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE 2016 SOUTHERN ASIA EDITION

Figure 1: Breakdown of Cases by Country

Fraud in Government. Mike Nolan, CPA, CFE, CGMA. CCACC & CCA&RMC Conference Monterey, CA September 2014

Fraud Risk Management

Mitigating Fraud. June 22, Sept. 21, 2014

Lecture notes for: Corporate Cons

The State of the Art of Fraud. Glenn L. Helms, Ph.D., CPA, CIA, CITP, CISA, CFF

FRAUD TRENDS TO WATCH FOR IN Presented by: Daniel J. Mahalak

ANTI BRIBERY FRAUD AND CORRUPTION. RES-CG-003-V02 Anti Bribary, Fraud and Corruption If printed this document is uncontrolled

REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE 2016 GLOBAL FRAUD STUDY

1/3/2012. Cooking the Books: Financial Statement Fraud Issues & Examples. Financial Statement Fraud

April 2015 FC 158/12 E. Hundred and Fifty-eighth Session. Rome, May Anti-Fraud and Anti-Corruption Policy

FRAUD EXAMINERS MANUAL (INTERNATIONAL EDITION)

Chapter 2 Skimming 1

Bribery and Corruption

Anti-fraud and Corruption Policy

Reduce Your Risk: Understanding Internal Controls and Fraud Risks and Prevention

Future Generali India Insurance Company Limited. Anti Fraud Policy. (Version 5.0)

CARIBBEAN DEVELOPMENT BANK STRATEGIC FRAMEWORK FOR INTEGRITY, COMPLIANCE AND ACCOUNTABILITY PILLARS I AND II INTEGRITY AND ETHICS POLICY

"Observations On Auditors' Implementation Of PCAOB Standards Relating To Auditors' Responsibilities With Respect To Fraud"

Fraud auditing and reporting. 15 April 2018

Finacial Statement Fraud. Peter N Munachewa, CFE Risk Management Consultant

The entity's risk assessment process will assist the auditor in identifying risks of materials misstatement.

Catch Me If You Can. Fraud in Local Government. CITY & COUNTY OF SAN FRANCISCO Office of the Controller Audits Division

ANTI-FRAUD CODE CONTENTS INTRODUCTION GOAL CORPORATE REFERENCE FRAMEWORK CONCEPTUAL FRAMEWORK ACTION FRAMEWORK GOVERNANCE STRUCTURE

TEXAS WORKFORCE COMMISSION LETTER. ID/No: Regulatory Integrity Date: August 17, 2009

Compliance and Fraud, Waste, and Abuse Awareness Training. First Tier, Downstream, and Related Entities

CODE OF BUSINESS CONDUCT AND ETHICS

Grant Fraud. Leslie Les Hollie Assistant Inspector General For Investigations

REPORT TO THE NATIONS 2018 GLOBAL STUDY ON OCCUPATIONAL FRAUD AND ABUSE

Community College Audit and Fiscal Compliance Workshop. VAVRINEK, TRINE, DAY & CO., LLP May 23, 2017

Is Your Construction Project a Victim of Fraud?

Medicare Parts C & D Fraud, Waste, and Abuse Training and General Compliance Training. Developed by the Centers for Medicare & Medicaid Services

REPORT TO THE NATIONS 2018 GLOBAL STUDY ON OCCUPATIONAL FRAUD AND ABUSE

REPORT TO THE NATIONS 2018 GLOBAL STUDY ON OCCUPATIONAL FRAUD AND ABUSE

COMPANION POLICY CP TO NATIONAL INSTRUMENT CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS TABLE OF CONTENTS

Employee Code of Conduct Handbook

Anti Fraud Policy. 1. Introduction

CARIBBEAN DEVELOPMENT BANK STRATEGIC FRAMEWORK FOR INTEGRITY, COMPLIANCE AND ACCOUNTABILITY PILLARS I, II AND III WHISTLEBLOWER POLICY

MMAAA Annual Meeting. Conducting an Investigative Audit June 13, Presented by: John J. Sullivan, CFE Melanson Heath

Everything You Didn t Want To Know About Employee Crime

Analyzing a Potpourri of Fraud in Higher Education. Calvin Wendelboe, CPA, CIA, CFE

Financial Crime Policy

Town of Cohasset FRAUD RISK POLICY Adopted by Board of Selectmen:

Approval version. G l o b a l P o l i c y : F r a u d R e s p o n s e a n d W h i s t l e b l o w i n g P o l i c y. Board of Directors.

AN ANALYSIS OF SMALL COMPANY FRAUDS AND IMPLICATONS FOR AUDITORS IN DETECTING FRAUDS

Chapter 10. Cash and Financial Investments. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

ANTI FRAUD, BRIBERY AND CORRUPTION POLICY

Using Data Analytics to Detect Fraud

Fraud & Forensic Accounting Update for CPAs

The Global Fund Policy to Combat Fraud and Corruption

Last Updated: 1 February 2018 To be reviewed: Annually

Fraud Control Framework

The business of fraud

INSURANCE. Forensic services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY. kpmg.com/in

Transcription:

Fraud Risk AHIA Southeast Regional Seminar Houston Texas Friday, November 12, 2010 Today s Discussion Agenda What is fraud? Industry fraud statistics Common fraud scenarios Fraud risk assessment (FRA) FRA work steps Q&A In the News 2 What is Fraud? 1

What is Fraud? 3 Black s Law Dictionary defines fraud as: All means by which one individual can get an advantage over another by false suggestions or suppression of the truth. It includes all surprise, trick, cunning or dissembling, and any unfair way by which another is cheated. Institute of Internal Auditors defines fraud as: Any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage. Statement on Auditing Standards No. 99 ( SAS 99 ) defines fraud as: An intentional act that results in a material misstatement in financial statements that are the subject of an audit. Two types of misstatements are relevant to the auditor s consideration of fraud: (1) fraudulent financial reporting and (2) misappropriation of assets. Managing the Business Risk of Fraud: A Practical Guide defines fraud as: Any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Categories of Fraud The various categories of fraud that are relevant for consideration by management in identifying risks of fraud include: Misappropriation of Assets Improper or unauthorized expenditures (including bribery and other improper p payment schemes) Self-dealings (including kickbacks) Violations of laws and regulations Fraudulent financial reporting Necessary Conditions for Fraud 5 Incentive / Pressure Monitor Detect 2

6 Fraud Statistics What Does Fraud Cost You? 5% of annual revenues are lost to occupational fraud* *ACFE 2010 Report to the Nation 7 2010 Report to the Nations: Victim Organizations - # Case / Median Loss # Case / # Case / Victim Organization Victim Organization Median Loss Median Loss Mining 12 / $1M Retail 119 / $85K Wholesale Trade 42 / $513K Government and Public Administration 176 / $81K Oil and Gas 57 / $478K Services (Professional) 51 / $110K Real Estate 57 / $ 475K Utilities 45 / $120K Agriculture, Forestry, Fishing and Hunting 27 / $320K Services (Other) 89 / $109K Manufacturing 193 / $300K Banking / Financial Services 298 / $175K Transportation and Warehousing 62 / $300K Technology 65 / $250K Construction 77 / $200K Communication / Publishing 16 / $110K Religious, Charitable or Social Services 41 / $75K Insurance 91 / $197K Healthcare 107 / $150K Education 90 / $71K Telecommunications 37 / $131K Arts, Entertainment and Recreation 57 / $475K 8 No. of Frauds 90 80 Legend 70 2010 60 2008 50 40 30 20 10 0 Financial Asset Corruption Statement Fraud Misappropriation 3

Common Fraud Scenarios Common Fraud Scenarios: Cross-Industry Risks Fraudulent financial reporting Earnings management Improper revenue recognition Overstatement of assets Understatement of liabilities Fraudulent journal entries Round-trip or wash trades Misappropriation of assets Billing schemes Collusion Concealment Embezzlement Forgery Ghost employees Kiting Lapping Larceny Misapplication Payroll fraud Theft Expenditures and liabilities incurred for improper or illegal purposes Bribes Corrupt payments FCPA violations Concealment Related party payments Violations of Laws & Regulations Compliance violations o Tax fraud Money laundering Anti-trust violations Self Dealings Kickbacks Conflicts of interest Money laundering Anti-trust violations Common Fraud Scenarios: Key Healthcare Industry Risks Health Care Fraud Scenarios Identity Theft and Theft of Confidential Information Insurance Fraud, Medicare Fraud & False Claims Inappropriate Payment to Doctors / Health Care Professionals & Facilities Kickback Schemes FCPA & Corruption Billing Schemes Theft & Embezzlement (Drugs, Medical Equipment, Etc.) Clinical Trial Fraud & Medical Malpractice Concealment Sample sales Pharmaceutical Frauds Conflicts of Interest Moonlighting Misrepresentation of Operations Tax Fraud Money Laundering Unauthorized Benefit Altered Discharged Dates Altered Medical Records 4

12 What is a Fraud Risk (FRA)? Managing Fraud risk & Evaluating Anti- Fraud Controls Situation 1 The uncontrolled takings of the treasurer Fraud Risk Management Evaluation Assess fraud risk management program, including (but not limited to): Roles and responsibilities Fraud control policy Commitment of Board and management Ongoing fraud awareness program Affirmation process Conflicts disclosure Fraud risk assessment Reporting procedures Whistleblower protections Investigation process Corrective action (i.e. remediation ) Process evaluation and improvement ( quality assurance ) Continuous monitoring Fraud Risk Understand fraud risk and specific risks that directly or indirectly impact organization Structured and tailored to organization s size, complexity, industry and goals Performed and updated periodically Integrated within overall organizational risk assessment; or Conducted on stand-alone basis Create fraud risk assessment team Components include (but are not limited to): Risk identification Risk likelihood Significance assessment Risk response (residual) 13 Principles of Fraud Risk Management Managing the Business Risk of Fraud: A Practical Guide IIA, AICPA and ACFE July 2008 Situation 2 No one questions the President Principle 1: Fraud Risk Governance As part of an organization s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding fraud risk. Principle 2: Fraud Risk Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Principle 3: Fraud Prevention Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate potential impacts on the organization. Principle 4: Fraud Detection Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Principle 5: Fraud Investigation and Corrective Action A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. 14 5

Fraud Risk ( FRA ) A fraud risk assessment is crucial to an entity s broader risk assessment process. It considers the ways in which fraud and misconduct can occur within and against an entity. To be effective, a fraud risk assessment: Considers possible internal and external fraud schemes and scenarios Assesses risk at entity-wide, significant business unit and significant account levels Evaluates vulnerability and impact Is performed with involvement of appropriate personnel Considers management override (e.g., journal entries, bias of estimates, non-routine transactions) Is dynamic and should be updated when new or unique circumstances arise (e.g., changed operating environments, restructurings, acquisitions), at least annually Benefits of Fraud Risk Help in meeting regulatory requirements Assist in providing structure to tackling fraud in a proactive manner Understand exposure from fraud, especially direct impact on bottom line Supplement internal control environment in helping to prevent, detect and deter fraud Help address areas of exposure in an organization where the internal controls environment may have limitations, such as collusion Our Methodology FRAUD RISK ASSESSMENT 6

Fraud Risk Risk Identification Likelihood Significance Response Fraud Risk Identification Define fraud for purposes of fraud risk assessment process External sources Internal sources: Document review Interviews Brainstorming exercises Review of whistleblower complaints Analytical procedures Other considerations (but not limited to): of incentives / pressures, opportunity and rationalization to commit fraud Employee incentive programs and metrics Management override of controls Fraudulent financial reporting Misappropriation of assets Corruption Information technology Areas with known internal control weaknesses Based upon Managing the Business Risk of Fraud: A Practical Guide, released by IIA, AICPA and ACFE - July 2008 18 Fraud Risk (cont d) Risk Identification Likelihood Significance Response Risk Likelihood (inherent) Past issues Prevalence of fraud risk within industry Other factors Number of individual transactions Complexity of risk Number of people involved in reviewing or approving process Categories of likelihood Remote Reasonably possible Probable 19 Definitions - Vulnerability Vulnerability The inherent probability that the risk will occur. Factors to consider include: Complexity The more complexity involved in a transaction, the more likely fraud could occur Subjectivity The higher the degree of human judgment involved in the transaction, the more likely fraud could occur Susceptibility Based on the susceptibility to material error, omission, manipulation, or loss Velocity Based on the volume and size of individual transactions processed Geography Based on the locations in which the organization operates 7

Fraud Risk (cont d) Risk Identification Likelihood Significance Response Risk Significance (inherent) Financial statement and monetary significance Operations Brand value Reputation Criminal, civil and regulatory liability People / department Incentives / pressures on individuals or departments Identify who is most likely to commit fraud and by what means Management Overrides Collusion 21 Definitions Impact (Level of Significance) Impact - The inherent impact of a risk if it occurs. Factors to consider include: Materiality of the transactions that could be impacted by fraud (e.g., dollar value of invoices processed) Potential impact of fraud on the organization s reputation, which could cause loss of share price, market share or access to capital Potential regulatory or legal ramifications of fraud risk Likelihood that senior management or a member of the financial organization would be involved in the fraud Fraud Risk (cont d) Situation 3 Higher risks in banking Risk Identification Likelihood Significance Response Map Internal Controls Anti-fraud controls should be designed appropriately and executed by competent and objective individuals Management s documentation of anti-fraud controls should include: Description i of f what t control t lis i designed i dto t do Who is to perform control Who is to monitor and assess effectiveness of control Related segregation of duties 23 Response to residual fraud risk Determine organization s risk tolerance Key is to be selective and efficient Goal is targeted and structured approach Overall objective is to have benefit of controls exceed their cost 8

Si 16 26 3 30 34 17 8 9 11 25 18 23 15 19 10 7 31 29 12 6 24 32 27 21 28 20 4 33 14 22 13 # Process Hypothetical Fraud Risk Factors Fraud Category Sub-Category Fraud Scenario Potential Perpetrators Fraud Risk Vulnerability Impact Inherent Risk Control REV1 Revenue Cycle Personal pressures Misappropriation of Skimming due to economic Assets conditions Checks addressed to Hospital ABC are intercepted by unauthorized personnel and the payee is altered. Checks payable to the company are altered and made payable to an employee. The checks are deposited to an account in the name of the employee or under the control of an employee. Use of abbreviations such as ABC can be more easily altered. REV2 Revenue Cycle Personal Addictions Misappropriation of Assets Skimming Time of service payments received in cash are not recorded in the books and records. The cash is absconded by an employee and used for personal use. REV3 Revenue Cycle Potential absence of Misappropriation of Lapping controls Assets An A/R employee may skim receipts from a customer and lap payments from other customers to conceal the skim. Lapping customer payments is one of the most common methods of concealing skimming. It is a technique, which is particularly useful to employees who skim receivables. Lapping is the crediting of one account through the abstraction of money from another account. It is the fraudster s version of robbing Peter to pay Paul. REV4 Revenue Cycle Corporate Pressure Fraudulent acquisition Overbilling of revenues or assets Hospital could bill a patient more than the copayment amount for services that were prepaid or paid in full by the payer under the terms of a managed care contract or governmental program. REV5 Revenue Cycle Pressure to Succeed Fraudulent Financial Management Reporting Overrides Through requests to IT Administrator, unauthorized adjustment of sales/revenue data within the system (not by using journal entry or other automated transaction entry processes), or through user spreadsheets, which is designed to hide adjustment from users. REV6 Revenue Cycle Unrealistic Goals Fraudulent acquisition Insurance Fraud Patients are billed unwarranted services, lab tests or durable medical goods which are not of revenues or assets delivered. However, fees for the products and services are billed to the insurance companies. REV7 Revenue Cycle Personal pressures Fraudulent acquisition Insurance Fraud For outpatient services, billing multiple view x-rays when only one view was taken. Other due to economic of revenues or assets undelivered patient services may be billed to insurance providers or Medicare/Medicaid. conditions 24 Fraud Risk Profile Example of Inherent Fraud Risk Map Risk Map - Inherent 1 Conflicts of Interest- 18 Wire Transfers Acquisition 19 SOD-Inventory 2 Due Diligence ignificance LOW 2 5 MEDIUM Occurrence HIGH 3 4 5 6 7 8 9 10 11 Non-Disclosure Risk in 20 New Deal- 21 Non-Disclosure of Material Matters by Companies Targeted 22 for Acquisition Timberland Theft and Misappropriation 23 Environmental Fraud 24 Management Override 25 Management Fraud Due to Over Extension or Lack of Oversight 26 Tax Fraud 27 Loan Covenant Manipulation 28 SOD-Financial Reporting 29 Purchasing Fraud Vendor Payment Schemes Undisclosed Liabilities SOD-Disbursements Inventory Valuation SOD-Inventory Conflict of Interest- Sales Side Letters Volume Discounts Rebates 12 Ghost Employees 30 Credit Memos Non-Routine General Revenue Tax 13 14 15 16 Overtime Fraud Expense Report Fraud SOD-Payroll FCPA 31 32 Revenue Overstatements Earnings Distribution Management 25 Debt Payroll AP Inventory Expense Reporting Assets 17 Conflict of Interest- Purchasing 33 34 Earnings Management SOD-Revenue Heat Map 5.50 Fraud Risk - Business Process Consolidated Heat Map Payroll Withholding Diverted HIGH Inter-Company Manip 5.00 4.50 4.00 350 3.50 3.00 Likelihood 2.50 2.00 1.50 Revenue / Earnings Identity Fraud Impairment - Mistatement Manipulation FCPA Violations License Sharing Anti-Trust Violations Bribery / Kickbacks / Gifts GAAP Misapplication / nondisclosure Skimming Wire Transfer Fictitious Journal Entries Unrecognized Expenses / Liabilities Theft or Misuse of Confidential Information Conflicts of Interest Theft of Intellectual Property Theft of Inventory Inflated Assets Related Party Transactions Sabotage Payroll - Salary Diversion Royalty Manipulation Ghost Employees Disbursement Schemes Theft or Misuse of Assets Inventory Manipulation 26 1.00 Low Concealment / Divestiture Manipulation Management Overrides 0.50 0.50 1.00 1.50 2.00 2.50 3.00 3.50 4.00 4.50 5.00 5.50 Impact 9

Examples of Process Level Anti-Fraud Controls Process Level Policy and Procedures Vendor Set Up Procurement Segregation of Duties Journal Entries Procure to Pay Receipt of Revenue Review of Journal Entries Manual Journal Entries Unusual Entries Monitoring Transaction Level & Vendor Data Mining Vertical & Horizontal Analysis Algorithms Authorization Policy and Matrix Situation 4 Incompatible Duties of the Controller Data Classification and Protection of Highly Classified Data Access Controls Data Masking 27 Q& A 28 Thank You Anne Marie Minogue 1290 Avenue of the Americas 5th Floor New York, NY 10104 Direct: 212.708.6369 Mobile: 917.312.5950 Fax: 212.708.6439 anne.marie.minogue@protiviti.com Powerful Insights. Proven Delivery. 29 10

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback