Fraud Risk Assessments - wsuccess.com

FRAUD RISK ASSESSMENTS: ARE WE ASSESSING THE RIGHT RISKS?

October 16, 2012

Your Presenter

• Partner in Risk business unit, Crowe Horwath LLP

• National leader of fraud, ethics, anit-corruption practice

• Formerly with PricewaterhouseCoopers and a national

consulting practice

• More than 24 years experience

• Chief Audit Executive at several public companies

• Lecturer, teacher, researcher, author

Jonathan Marks CPA/CFF/CITP,CFE

FRAUD RISK ASSESSMENTS: ARE WE ASSESSING THE RIGHT RISKS?

October 16, 2012

The views expressed herein may not necessarily reflect those of Crowe Horwath LLP. Thus,

Crowe Horwath LLP is not, by means of this presentation, rendering business, accounting,

legal advice, or other professional advice or services.

This presentation is not a substitute for such professional advice or services, nor should it be

used as a basis for any decision or action that may affect your business. Before making any

decision or taking any action that may affect your business, you should consult a qualified

professionals. Crowe Horwath LLP, its affiliates, and related entities shall not be responsible

for any loss sustained by any person or entity that relies on this publication.

All materials including but not limited to graphics, photographs, and text appearing in this

presentation are protected by copyright.

We endeavor to give attribution to materials used by other professionals and their respective

organizations.

Should we mention your company’s name, we do so for learning purposes only, and there is

no intent to disparage the company or any individuals.

Reproduction or redistribution in any form is strictly prohibited.

Disclaimer, Trademark, & Copyright Notice

Never Put the Game in the Hands of the Referees!

Key Goal for Today

Developing a Process to Identify the Right

FRAUD AND ANTI-FRAUD OVERVIEW

Components of fraud

Act or actions that can be

internal or external (fraud

schemes)

Concealment

(deception or

deflection)

Conversion

Crowe’s Anti-Fraud Framework

Polling Question 1

For fraud risks to be effectively managed, they

must first be identified using a formal risk

assessment.

True or False?

CORPORATE GOVERNANCE

Refresh on Corporate Governance

Corporate governance is the systems and

processes an organization has in place to protect

the interests of its diverse stakeholder groups, e.g.,

shareholders, employees, customers, vendors,

community, etc.

Board of Directors & Committees

Clarifies the direction and values of the Organization

Oversees performance of the organization

Protects stakeholder interests

Challenge

Each Organization needs to have a

solution that takes its unique market and

growth incentives into account to deter

misaligning the entity’s goals and mission

with more aggressive and potentially fraudulent

behavior.

Board of

Directors &

Committees

Enterprise Risk

Management

Legal &

Regulatory

Monitoring

Business Practices &

Ethics

Disclosure &

Transparency

Communication

& Trust

Legal & Regulatory

Provides guidance on legal and regulatory matters to the business and

stakeholders

Coordinates regulatory responses

Challenge

Maintaining an understanding of the

compliance requirements for reporting

suspicious or fraudulent activity

in the entity’s dynamic regulatory

environment.

Board of Directors &

Committees

Enterprise Risk

Management

Legal &

Regulatory Monitoring

Ethics

Disclosure &

Transparency

Communication

& Trust

Business Practices & Ethics

Targets integrity risks to the organization

Emphasizes clear and well defined business practices

Corporate governance policies

Business strategy

Business processes & procedures

Performance goals & measures

Compensation systems

Human resource policies &

Challenge

Establishing Ethical Business Practices

that keep up with the expectations of

stakeholders and assist to deter fraud.

Board of Directors

Committees

Enterprise Risk

Management

Legal &

Regulatory

Monitoring

Business

Practices &

Ethics

Disclosure &

Transparency

Communication

& Trust

10-80-10

Unethical

Situational

Ethical

Disclosure & Transparency

Emphasizes understandability, relevance, reliability, comparability of

information for stakeholders

Provides stakeholders as much relevant information as possible without

compromising competitive advantage

Challenge

Ensuring that stakeholders receive

the appropriate level of information they

need in an understandable way to evidence

the entity’s approach to fraud deterrence

and detection.

Board of Directors

Committees

Enterprise Risk

Management

Legal &

Regulatory

Monitoring

Ethics

Disclosure &

Transparency

Communication

& Trust

Enterprise Risk Management

Emphasizes managing risks across the enterprise using common

methods and processes

Advocates integrating risk management functions to improve

performance, becoming more cost effective and strategic over-time

Challenge

Aligning risk management practices with

anti-fraud measures.

Board of Directors

Committees

Enterprise

Management

Legal &

Regulatory

Monitoring

Ethics

Disclosure &

Transparency

Communication

& Trust

Monitoring

• Advocates continuous improvement in governance processes through monitoring,

e.g., corporate governance audits

• Coordinates monitoring activities:

• Internal Audit

• Regulatory Compliance

• Board Self-Assessment

• Legal/In-house Counsel

• Internal Reporting

• Ethics Officer/Function

Challenge

Coordinating multiple fraud monitoring

procedures both internal and external across the

organization to cover all appropriate areas.

Board of Directors

Committees

Enterprise Risk

Management

Legal &

Regulatory

Monitoring

Ethics

Disclosure &

Transparency

Communication

& Trust

Communication & Trust

• Communication is valuable and includes clarifying information, timely

delivery, and multiple correspondence channels.

• Advocates two way dialogue throughout the organization.

• Function as the “HUB” of Corporate Governance by assisting in the moving

and improving Corporate Governance over time.

• Trust in people and information.

• Includes both character (integrity and intent) and

competence capabilities and results)

Challenge

Finding ways to improve fraud awareness

between all stakeholders and the various

components of the Corporate Governance

Framework.

Board of Directors Committees

Enterprise Risk

Management

Legal &

Regulatory

Monitoring

Ethics

Disclosure &

Transparency

Communication &

Crowe’s Corporate Governance Framework

Board of Directors

& Committees

Enterprise Risk

Management

Legal &

Regulatory Monitoring

Ethics

Disclosure &

Transparency

Communication

DEVELOPING A BEST IN CLASS FRAUD RISK ASSESSMENT

– Who Should be Involved?

• Executive Management

• Audit Committee

• Key Line Management

• External and Internal Audit

• Compliance & Legal

– Develop a common lexicon. What does the term “red flag” mean?

– Evaluate the Culture & Environment

– Communicate! Communicate! Communicate!

Getting Started

Polling Question 2

A fraud risk assessment is a process aimed at

proactively identifying and addressing

vulnerabilities to both internal and external fraud.

True or False?

Typical Fraud Risk Assessment

– Step 1 - Evaluate Fraud Risk Factors

– Step 2 - Identify Possible Fraud Schemes and Scenarios

– Step 3 – Analyze / Prioritize Identified Fraud Risks

– Step 4 – Evaluate Mitigating Controls

Polling Question 3

• Can anti-fraud controls be correlated with

significant decreases in the cost and duration of

occupational fraud schemes?

Yes or No?

New Recipe!

• Culture & Environment

• Schemes/Acts (Brainstorming or One-on-one)

• Concealment Strategies

• Conversion Methods

• Red Flags – Data

– Documents

– Lack of Controls

– Behavior

“Link and label all (internal and external)

Process(es)

Application(s)/Technology

Location(s)

People

Third Party Agents

Account(s)

When identifying fraud schemes, consider the

company's strategic plan. Why? Management

might do whatever it takes to achieve the desired

results!

…books and

records don’t

commit fraud,

people do!

Joseph T. Wells

Link People to Controls or

Actions

• Impact and likelihood

• Inherent Risk

• Residual Risk

Controls

New Recipe - Continued

Profiling in the Fight Against Fraud

Comprehensive Profile

Element or Trait

Actions

Source Dan Korem

Element or Trait

Possible Profile: White-collar criminal

Predictable – Unpredictable

Confident – Fearful

• Hot-tempered

• Egocentric

• Deceptive

• Secretive

• Moody

• Without a conscience

• Anxious

Control – Express

Ask – Tell

• Passionate

• Outgoing

• Friendly

RANDOM ACTOR SALESPERSON

Focus on “Gatekeepers” and

“Random Actors” and their associates

Dashboards as a Tool for Identifying Fraud

Risk and On-going Monitoring

• Example – Establish Ratio Criteria

Fraud Risk Assessment

– The assessment should delve into the specific lines of the business of the

institution. The business unit review is more operational and focused on the

specific prevention and detection techniques in place for area.

– During the assessment for each individual area, the following should be

considered:

• Fraud loss history

• External fraud schemes

• Fraud Red Flags

– Identifying and Categorizing Red Flags

• What is a ‘Red Flag’?

– An observable event or action that links to a concealment strategy.

• The existence of one or more red flag items does not necessarily

mean that fraud exists. These are indicators that fraud might exist,

and the area or issue may warrant further attention.

– Identifying and Categorizing Red Flags

• Categories

– Data

– Documents

– Controls

– Behavior

– Data Red Flags

• Unusual timing of the transaction.

This includes the time of day, the day of the week, or the season.

• Frequency of transactions.

Transactions that are occurring too frequently or not frequently enough are

suspicious. Each organization has its own operating patterns, and the

transactions should be booked accordingly.

• Unusual amounts recorded.

Take notice of whether an account has many large, round numbers entered.

Consider whether some of the transactions in the account are far too large or

far too small.

• Questionable parties involved.

Should the organization be paying an outside party? Is a payment being made

to a related party? Is the company paying large sums to a vendor whose name

is not easily recognizable?

– Document Red Flags

• Missing or Altered Documents

• Evidence of backdating documents

• No original documents available

• Documents that conflict with one another

• Questionable or missing signatures on documents

– Control Red Flags

• Lack of controls in general

– Unwillingness to remediate gaps

– Poor “Tone from the Top”

• Segregation of duties (excuse!)

• Management does not have a clear position about conflicts of interest

• Lax rules regarding authorization of transactions

• Untimely or failure to reconcile accounts

– Behavior Red Flags

• Rationalization and observed changes of contradictory behavior and past

behavior patterns

• Lack of stability

• Inadequate income for lifestyle

• Resentment of superiors and frustration with job

• Emotional trauma in home or work life

• Undue family, company or community expectations

Unethical

Situational

Ethics

Ethical

CLOSING THOUGHTS

Be Alert to Crisis Situations,

or Constant Fire Drills

Polling Question 4

The vast majority, over 75%, of all frauds were

committed by individuals working in one of six

departments: accounting, operations, sales,

executive/upper management, customer service

and purchasing?

True or False?

For More Information, Contact:

Jonathan Marks Partner & Leader of the Fraud, Ethics, & Anti-Corruption Practice

Mobile: 267.261.4947

Office: 212.572.5576

jonathan.marks@crowehorwath.com

@jtmarkscpa http://www.linkedin.com/in/jonathantmarks

Fraud Risk Assessments - wsuccess.com

Documents

Health Risk Asessments 4.17 Implement–Health Risk...

2017–2018 ANNUAL REPORT - Clean Energy Regulator€¦ ·....

FRAUD RISK ASSESSMENTS presentation final - … ·...

Fraud Risk Checklist -...

Indicators of Fraud Detection Proficiency and Their Impact.....

whether due to fraud or error. In making those risk...

Fraud Prevention Strategies in Local Government...2012/06/06...

FRAs : FRAUD RISK-ASSESSMENTS · 1...

Shilts Fraud Risk Assessment Deck Fraud Risk...Today’s...

Software Guide – RISK Manager Manager - Risk Assessments.....

Fraud and Corruption Prevention and Public Interest ... ·....

Managing Fraud Risk - Fraud Conference · •Managing fraud...

FRAUD RISK ASSESSEMENT -...

FRAs : FRAUD...

Fraud Risk Management | Fraud Risk Assessment - EY India

Risk Assessments/Risk Appetite