2. E
M
A
C
Operational Risk
Nature of fraud risk- Operational Risks
What is fraud and fraud risk?
Necessity of anti-fraud training
Fraud risk factors
Group exercise: fraud risk factors or 3 Cs
www.elsamconsult.com 2
Coverage
3. E
M
A
C
• Operational risk attaches itself to people, systems
and process
• Operational risk is the risk of loss resulting from
inadequate or failed internal processes, people
and systems or from external events.
• It includes other risks such as legal risks, physical
risks, political risks and environmental risks
• Fraud is part of operational risk in any
organization
Internal fraud such as tax evasion, assets
misappropriation, bribery, corruption and larceny
External fraud such as theft, forgery, hacking and
information theft
www.elsamconsult.com 3
Introduction
5. E
M
A
C
• Joint McKinsey finds have shown that risk
management has not been able to prove its value
to organization
• Operational risk is seen as immature discipline that
has often not proven its value to organization
• There is evidence that operational risk can be
destructive as market loose faith in management
and control following large events (Enron Case)
• The discipline is focused more on measurement
than on management
www.elsamconsult.com 5
Perception on operational Risk
6. E
M
A
C
“obtaining a comprehensive measure of fraud’s
financial impact is challenging, if not impossible
due to the fact that fraud inherently involves
efforts at concealment. Many fraud cases will
never be detected, and of those that are, the full
amount of losses might never be determined or
reported. Consequently, any attempt to quantify
the extent of all fraud losses will be, at best, an
estimate”
www.elsamconsult.com 6
Why is Fraud a Major Operational
Risk
8. E
M
A
C
• Fraud is a broad legal concept that generally
refers to an intentional act committed to
secure an unfair or unlawful gain.
• Misconduct is also a broad concept, generally
referring to violations of laws, regulations,
internal policies, and market expectations of
ethical business conduct.
• It is an intentional act by one or more
individuals among management , those
charged with governance, employee or third
parties involving the use of deception to obtain
an unjust or illegal advantage
www.elsamconsult.com 8
What is fraud?
9. E
M
A
C
Fraud is any intentional act or omission
designed to deceive others, resulting in the
victim suffering loss and/ or the perpetrator
achieving a gain. ACFE
Corruption is the abuse of public or private
office for personal gain. It includes acts of
bribery, embezzlement, nepotism or state
capture. It is often associated with and
reinforced by other illegal practices such as bid
rigging, fraud or money laundering. OECDwww.elsamconsult.com 9
What is fraud? Perspectives ..
10. E
M
A
C
Fraud is …. Fraud is not …..
Intentional Taken by physical force
To trick or deceive
someone out of his/her
assets
Victimless
Theft Insignificant because no
one is hurt
A crime Acceptable or justifiable
www.elsamconsult.com 10
Characteristics of Fraud
11. E
M
A
C
Fraud commonly includes activities
such as theft, corruption,
conspiracy, embezzlement, money
laundering, bribery and extortion.
It involves using deception to
dishonestly make a personal gain
for oneself and / or create a loss for
another.
www.elsamconsult.com 11
Scope of Fraud
12. E
M
A
C
• Pressure on employee to misappropriate
cash or organizational assets
• Employees/people committing fraud are
not career criminals, they are trusted
employees
• Dr. Donald Cressey, a criminologist
developed a model to get reasons for why
people in trust commit fraud (Case Study II)
• Model is referred as fraud triangle
www.elsamconsult.com 12
Why people commit fraud?
13. E
M
A
C
• Most of fraudsters are first time offenders with
no criminal past and therefore don’t view
themselves as criminals (See Arthur Andersen
case)
• They must always justify the crime in a way that
makes it an acceptable and justifiable act
(rationalization) e.g. I was underpaid, my
employer cheated me, my employer is
dishonest, I was entitled to the money or I was
only borrowing money.
www.elsamconsult.com 13
Causes of Fraud - Rationalization
15. E
M
A
C
www.elsamconsult.com 15
Why fraud happens?
Fraud Need/
Rationalization
•Every one
Does it
•Simply borrow
-money
Pressure
Unrealistic
Corporate
Target can
Force
Employees to
Commit fraud
Opportunity- due to weak
And override of controls
16. E
M
A
C
• It is a perceived non-sharable financial pressure
• Non-Shareable involves some sort of embarrassment,
shame or disgrace
• It is the first motivation for crime
• A person may have financial problem that cannot be solved
through legitimate means
Consideration for illegal acts such as stealing cash or falsifying a
financial statement as a way to solve problem
It can be deep personal debt or a job/business is in jeopardy e.g.
Desire for status symbol eg. Big house, nicer car; need to meet
productivity targets; drug or gambling addition or inability to
pay bills ( See the Enron Case Study)
It can sexual addiction and importance of status
www.elsamconsult.com 16
Causes of Fraud (Pressure/Incentive)
17. E
M
A
C
• It is a perceived opportunity defining method by
which crime can be committed
• Involves uses of position of trust to solve financial
problems
• It is critical that the fraudster be able to solve
problem in secret since motivation is over the
status
• Always the fraudster will act in secret e.g. forcing
bank reconciliation to balance if he had paid a
cheque to oneself ( See a case of TV show)
www.elsamconsult.com 17
Causes of fraud (Opportunity)
18. E
M
A
C
• Not applicable to professional fraudsters or
predatory employees ( employees taking job
with intent to stealing from the employer)
• Rationalization is only necessary for first
commitment of fraud and afterwards it is
abandoned
www.elsamconsult.com 18
Fraud Triangle - Limitations
19. E
M
A
C
• Reduce pressures on employees that might push
them to committing fraud
• Reduced perceived opportunities to commit fraud
• Dispel rationalization for engaging in fraudulent
conduct
• Sanctions does not work, why
Fraudsters never think that they can be caught in a
perceived opportunity
Fraudsters always rationalize their conduct
Sanctions are only secondary consideration
www.elsamconsult.com 19
Fraud Triangle-Deterrence measures
20. E
M
A
C
20
Types of fraud
Fraudulent
Financial
Reporting
Asset
Misappropriation
Other
Questionable
or Improper
Business
Practices
Manipulation, falsification/alteration of records
or documents
Misappropriation of assets
Suppression or omission of the effect of
transaction from records or documents
Recording transaction without substance
Misapplication of accounting principles
These can be elaborated on this
presentation
22. E
M
A
C
• Aggressive application of accounting codes
• Information provided unwillingly or after unreasonable
delay
• Unsupported transactions
• Fewer confirmation responses
• Evidence of unduly lifestyle by officers or employees
• Long outstanding imprest balances
• Poor documentation
• False & improper entries in records
• Unauthorized payments
• Unauthorized use of corporate assets
• Misapplication of funds
www.elsamconsult.com 22
Fraud Indicators (Red Flags)
23. E
M
A
C
Undue secrecy
• Questionable practices
• Significant manager or director transactions
• Drop of sales or earnings
• Aggressive accounting treatment
• Posting of transactions to headquarters
• Receipt of poor quality goods
• Related party arrangements
• Weak security checks for employees
• Delay in submission of reports
www.elsamconsult.com 23
Fraud Indicators (Red Flags)
24. E
M
A
C
• Flouting directives and regulations
• Personal interest
• Uncorrected entries and stock adjustments
• High fly management decisions
• Incompatible functions done by one person
• Misuse of computer for private business
• Frequent use of allocated issue voucher even
when the system is available
• Questionable system adjustments
www.elsamconsult.com 24
Fraud indicators (Red flags)
25. E
M
A
C
• Unauthorized transactions
• Cash shortages
• Unexplained variation in prices
• Missing documentation
• Excessive refunds
• Living beyond ones means
• Drug and alcoholic abuse
• High personal debt/loses
• Compulsive gambling/stock speculation
• Risk of increase IT, increases the risk of
manipulation, access control
www.elsamconsult.com 25
Fraud Indicators
26. E
M
A
C
• Management Environment
Pressure
Management style and attitude
• Competitive and business environment
e.g. technology
• Employee relationship ( spouse
receiving non competitive contract)
• Attractive assets
• Internal controls
• Lack of separation of duties
• Too much trust placed on few
employees
www.elsamconsult.com 26
Fraud Indicators
30. E
M
A
C
• Although the level of fraud risk at an
organisation may be assessed as low,
individuals in the business can have a
personal motivation to commit fraud
– Personal pressures
– Individual performance targets
– Infiltration by organised crime
• Controls may be overridden or ignored
by certain individuals:
– Powerful (overrides controls, staff intimidated)
– Successful (not to be bothered, too busy earning money)
– Trusted (responsibility has moved beyond their job description)
www.elsamconsult.com 30
Personal Fraud indicators
31. E
M
A
C
www.elsamconsult.com 31
Managing Fraud -Forces
Entity Governance and Responsibility
Code of
Ethics
Staff Regulations
Director &
Officer
Liability
Internal
Audit
Risk
Management
Business Plan
and Budget Procurement
and Finance Acts
Customer
Service
Surveys
Stakeholders
pressures
Reputation
and
Credibility
32. E
M
A
C
• Rapid increase of activities Weak competition
• Rapidly growing sales
• Relatively high profitability
• ….. In such an environment, effective anti-fraud
measures can be ascribed low priority or be
undetected because the current level of profitability
allows for fraud losses to be absorbed within existing
profit margins.
• …. Consider tough times ahead…. More competition,
changing government regulations?
www.elsamconsult.com 32
Business environment
33. E
M
A
C
Elements of Fraudster
Makes false representation or willful omission
regarding a material fact.
The fraudster knew the representation was false.
The target relied on this misappropriation.
The victim suffered damages or incurred a loss
34. E
M
A
C
Fraudster
The analysis of the constantly changing nature of
fraudster can held organizations stiffen their
defenses against fraud
A typical fraudster is 35 to 45 years of age
Employed in an executive
Finance operations
Sales and marketing
Six years of employment
Intelligent and passionate of work
35. E
M
A
C
Characteristics of a Fraudster
Likely to be married.
Member of a church or mosque
Educated beyond high school.
No arrest record.
Age range from teens to over 60.
Socially conforming.
Employment tenure from 1 to 20 years.
Acts alone 70% of the time.
Growing use of technology
36. E
M
A
C
Characteristics of a Fraudster
First-time offenders.
Losses from fraud caused by managers and executives
were 3.5 times greater than those caused by non-
managerial employees.
Losses caused by men were 3 times those caused by
women. [53% males; 47% females]
Losses caused by perpetrators 60 and older were 27 times
those caused by perpetrators 25 or younger.
Losses caused by perpetrators with post-graduate
degrees were more than 3.5 times greater than those
caused by high school graduates.
37. E
M
A
C
Characteristics of a Fraudster
Yesterday, today and tomorrow Egotistical
Risk taker
Hard Worker
Greedy
Disgruntled or a
complainer
Overwhelming desire
for personal gain
Pressured to perform
Management frequently regards fraud risk as a single dot on the risk matrix,
not always fully appreciating its real nature and extent
39. E
M
A
C
Characteristics of Fraudster
Impact of collusion
It account 29% of known fraud
It is insiders who take the lead, since they tend to identify the
opportunity and to know the soft spots of the company’s
defense
More than 42% of fraudsters had worked with the company
more than six years
Collusion cannot be present when people act alone
Most detection is mostly from informal tip off by 22% and
formal whistle blowing by 19%
Cyber fraud is mostly perpetrated by collusion
We expect employees and managers managing fraud opportunities to continue to
threaten companies future
42. E
M
A
C
June 2013, Corruption swallows 25% of Africa GDP
according to World Bank survey. Africa loses $148
billion annually because of corruption, a survey
by World Bank has indicated
Corruption to increase costs of achieving the UN
millennium Development Goals on water and
sanitation by US $148 billion
www.elsamconsult.com 42
Astonishing facts
43. E
M
A
C
Tips for fraud Specialist
“Finding fraud is like trying to load frogs on to a
wheelbarrow.”
To be a forensic auditor, you have to have a knowledge of fraud,
what fraud looks like, how it works, and how and why people
steal. Source: Robert J. Lindquist
"Finding fraud is like using a metal detector at a city dump to
find rare coins. You're going to have a lot of false hits."
- D. Larry Crumbley
“Fraud can be best prevented by good people asking the right
questions at the right time.”
- Michael J. Comer
44. E
M
A
C
Tips for Fraud Specialists
Changing techniques
1. Tips from employees (26.3%).
2. By accident (18.8%).
3. Internal audit (18.6%).
4. Internal controls (15.4%).
5. External audits (11.5%).
6. Tips from customers (8.6%).
7. Anonymous tips (6.2%).
8. Tips from vendors (5.1%).
Therefore, 46.2% from tips.
45. E
M
A
C
Tips for Fraud Specialist
1. Strong Internal Controls (1.62)
2. Background checks of new employees (3.70)
3. Regular fraud audit (3.97)
4. Established fraud policies (4.08)
5. Willingness of companies to prosecute (4.47)
6. Ethical training for employees (4.86)
7. Anonymous fraud reporting mechanisms (5.02)
8. Workplace surveillance (6.07)
1 = Most effective
8 = Least effective
Source: 2002 Wells Report
46. E
M
A
C
Tips for Fraud Specialist
Assume there may be wrong doing.
The person may not be truthful.
The document may be altered.
The document may be a forgery.
Officers may override internal
controls.
Try to think like a crook.
Think outside the box.
47. E
M
A
C
Tips for Fraud Specialist
According to KPMG, typically, a fraudster
is perceived as someone who is greed and
deceitful by nature. However, as this
analysis reveals, many fraudsters work
within entities for several years without
committing any fraud, before an
influencing factor-financial worries, job
dissatisfaction, aggressive targets, or
simply an opportunity to commit fraud-
tips the balance
48. E
M
A
C
What are they?
1. Reviewed and Strengthening of internal controls
2. Periodic compliance audit
3. Employee hotline
4. Appointed compliance personnel
5. Establish and implement code of conduct for all
employees
6. Conducted background check for hires with budgetary
responsibility
7. Instituted fraud awareness training
8. Tied employee evaluations to ethics or compliance
objectives
What is your answer on the above from 0-10
www.elsamconsult.com 48
Do we have any fraud mitigation?
49. E
M
A
C
Iceberg Theory of Fraud
EMAC 49
Covert Aspects
Attitudes
Feelings (Fear, Anger, etc.)
Values
Norms
Interaction
Supportiveness
Satisfaction
Overt Aspects
Hierarchy
Financial Resources
Goals of the Organization
Skills and Abilities of Personnel
Technological State
Performance Measurement
Behavioral
Considerations
Water line
Structural
Considerations
The Iceberg Theory of Fraud
51. E
M
A
C
Fraud risk identification
Fraud risk assessment
Similar Procedures used in the
ERM process discussed
previously
www.elsamconsult.com 51
Fraud Risk Identification and
Assessment process
58. E
M
A
C
• Good controls on paper are not strictly
followed in practice
• Grey areas in the rules – open to
interpretation
• Lack of segregation of duties
• Collusion
• Management override
• Failure of senior management to lead by
example
• Bureaucracy &/or formulaic compliance
• Failure to share knowledge of fraud
experience, control weaknesses and
control improvements
• Clash of cultures
www.elsamconsult.com 58
Controls Barriers
59. E
M
A
C
www.elsamconsult.com 59
Objectives of Fraud Risk
Management
Prevention
Detection
Response
controls designed
to reduce the risk of
fraud and
misconduct from
occurring in the first
place
controls
designed to
discover fraud
and misconduct
when it occurs
controls
designed to take
corrective action
and remedy the
harm
caused by fraud
or misconduct
62. E
M
A
C
• Before an organisation can develop an effective program to
prevent and detect fraud, it must first understand the types of
fraud risk, including specific types of frauds and schemes, to
which it may be vulnerable.
www.elsamconsult.com 62
Fraud risk assessment
Likelihood
Significance/Impact
Qualitative factors in the assessment include:
• the accounting system
• complexity, volume and nature of
transactions
• internal controls in place
• compliance, training and monitoring
Incorporates the views of:
• management;
• control functions;
• line employees
Management are then able to:
• Prioritise identified risks and evaluate the existing controls
• Link each risk to specific controls and commit resources to implement
any enhancements
63. E
M
A
C
Surveys suggest that:
1. Over 50% of frauds are discovered as a result
of information provided by staff
2. Losses after an introduction of a whistle-
blowing hotline can be reduced by up to 60%.
3. Staff prefer the following reporting channels:
57%: a telephone hotline;
20%: conventional mail; and
16%: e-mail.
www.elsamconsult.com 63
Fraud Risk Management Experiences
Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse
64. E
M
A
C
www.elsamconsult.com 64
FRM – Hotline best practices
Confidentiality
Anonymity
Availability
Assistance –
Real Time
Procedures
Classify & Notify
Communicate
All matters treated confidentially; reported on a need
to know basis
Process should allow for anonymous submission &
resolution
Should be available in remote outposts, not just head
office
A ‘live’ response – operators need to be qualified,
trained & able to provide advice
Consistent protocols to gather information and manage
the call
Qualified staff assess the allegation; protocols establish
basis for escalation & investigation
Publicise the hotline prominently; commit to, & test for,
non-retaliation
65. E
M
A
C
www.elsamconsult.com 65
FRM - Response
• Objective is to take corrective action & remedy the
harm caused by fraud or misconduct:
• Examine the primary cause of the control
breakdown, ensuring that risk is mitigated and controls
are strengthened.
• Discipline those involved in the inappropriate
actions, as well as those in management positions
who failed to detect or prevent such events.
• Communicate to the wider population of employees
that management took appropriate, responsive
action.
66. E
M
A
C
Consideration should be
given to:
• Data and information gathering;
• Interviewing techniques;
• Appropriate resource;
• Analytical tools such as data mining; and
• Organisation intelligence information.
• My first fraud investigation Video
www.elsamconsult.com 66
FRM - Basis of Investigation
67. E
M
A
C
• Once the symptoms of fraud are found
and additional tests have indicated that
there is a strong possibility of fraud, the
review enters the formal investigation
phase
• Investigator must know;
Results of investigation can be used later
as an educational tools for auditors,
fraud investigators and other employees
(See a Case of Forensic Accountant)
www.elsamconsult.com 67
Fraud investigation
68. E
M
A
C
• Briefing management, followed by terms of reference
detailing the initial scope of work
• Communication with parties involved e.g. Internal
audit, audit committee and accounting staff
• Determining the extent of fraud
• Interviewing the defrauder ( only if fraud is known
with certainty)
• Investigating the known area with detailed audit test.
E.g. Procurement tendering, wages, cash debtors and
stock, payroll
• Report to the management on the findings, with
copies to interested parties e.g. Internal auditor, audit
committee.
www.elsamconsult.com 68
Fraud investigation- stages
69. E
M
A
C
• Circumstances which led to
investigation
• Fraud discovered and their extent
• Identity of the defrauder
• Effects on the reported profit of the
past period
• Effects on f/s of current periods
www.elsamconsult.com 69
Investigation – details of report
70. E
M
A
C
• IC weakness which allowed the fraud
and recommendations for eliminating
them
• Report of any interviewing with the
defrauder, including offers of restitution
etc, which may be relevant to
management in deciding what action, if
any they should take against him/her
• If there is any suggestion that the
internal auditors has been negligent the
extent of claim against him.
www.elsamconsult.com 70
Investigation – details of report
71. E
M
A
C
Investigator should
Consider the potential effects in F/s
Where the fraud is material the
auditor should modify the audit
procedures so as to perform
procedures appropriate to
circumstances depending on the type
of the fraud/error suspected, the
likelihood of their occurrence and
extent of damage in the F/swww.elsamconsult.com 71
Action upon proof of fraud or error
72. E
M
A
C
• If some proof of fraud exists,
management has several options
Cause a deeper audit to be done if
amount of loss appears substantial
Terminate employee responsible if loss
is minimal
File a claim to recover a loss from
clients fidelity insurance agent
Arrange with law enforcement agents
to probe into the matter
www.elsamconsult.com 72
Action upon proof of fraud or
error
73. E
M
A
C
• If some proof of fraud exists, management has
several options
Engage a private investigator to probe
into the loss and document it for claim
purpose/prosecution
Disregard losses if minimal and tighten
controls
Alert the directors, audit committees or
the Board
www.elsamconsult.com 73
Action upon proof of fraud or
error
74. E
M
A
C
• Strong internal Control System is not a
warrant from fraud
Entityshould have an effective anti-fraud and
corruption strategy which is aimed at
encouraging prevention, promote early
detection and respond to concern raised
Awareness programs to employees
Screening job applicants
Sound corporate policy on fraud
AVOID atmosphere of distrust and paranoia
by over-emphasising fraud deterrence
measures.www.elsamconsult.com 74
Fraud deterrence measures
75. E
M
A
C
• Management should ensure enforcement of
compliance with operations SOPs
• Risk management function should be embedded in
business activities
• Internal audit should be proactively risk based
www.elsamconsult.com 75
Fraud Deterrence –three lines of defense
76. E
M
A
C
• It is important to stick to facts, and
to discount hearsay, rumour, or
opinion and record what is relevant
to the cause of the incident and its
effect
• Audit reports on fraud and other
improprieties should be addressed to
the right person who can take action
www.elsamconsult.com 76
Fraud Risk Reporting
77. E
M
A
C
Report must contain all details of fraud
Must provide framework to analyse the fraud case
Must enable the user to develop improved
management and security policies and detect and
prevent fraud.
Investigation and reporting should proceed in such
a way that the outcome will be litigated. Recording
exact times, data, names of person and specific;
description of evidence are critical in civil or
criminal investigation or litigation
www.elsamconsult.com 77
Fraud reporting
78. E
M
A
C
Managing Fraud is
Your professional Responsibility
Management Commitment
Recognize Relevant Fraud Schemes
Identify High Key Risk indicators
Establish Prevention/Detection /Responsive Measures
www.elsamconsult.com 78
Conclusion
The pressure here is not financial pressure but non-shareable financial pressure because every body has financial pressure, but not everybody commits fraud