Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Article - Fraud Awareness Training, October 2016

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

Article - Fraud Awareness Training, October 2016

  1. 1. Compliance & Ethics Professional ® a publication of the society of corporate compliance and ethics www.corporatecompliance.org October 2016 41 Fraud awareness training: Enhancing a low cost, high impact control in challenging economic times Heidi Schubert, Lisa Zaharia, and Bruce McKenzie 35 What new cybersecurity requirements mean for contractors Pamela Passman 25 A passion for compliance   ethics Cris Mattoon 29 Yes, a board can positively affect culture: 10  practical actions Marjorie Doyle Meet Lisa Fine Director, Global Compliance gategroup Reston, VA See page 14 This article, published in Compliance Ethics Professional, appears here with permission from the Society of Corporate Compliance Ethics. Call SCCE at +1 952 933 4977 or 888 277 4977 with reprint requests.
  2. 2. +1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  41 ComplianceEthicsProfessional®   October2016 FEATURE by Heidi Schubert, Lisa Zaharia, and Bruce McKenzie E conomic downturn puts more pressure on executives, employees and vendors, increasing the potential for good people to do bad things. Fraud awareness training is an effective way to equip employees with the tools and knowledge to recognize and report suspicious activity. Three factors are generally accepted as being necessary for a fraud to occur: pressure (or motivation), opportunity, and the ability to rationalize bad behavior. The presence of each of these factors rises during periods of economic hardship impacting organizations and individuals alike, both experiencing the pressure of increased financial strain. With the added job responsibilities left behind by departed colleagues, reduced resources, and decreased morale, remaining employees often experience an increased pressure to perform. In this environment, opportunities for fraud proliferate. Cuts to the workforce, as well as programs and controls, can lead to internal control gaps and fewer proactive fraud prevention measures.1 Fraud awareness training: Enhancing a low cost, high impact control in challenging economic times »» Economic downturn can enhance pressures that lead to increased fraud activity. »» Staff re-organizations, lay-offs, and scrutinized spending present an opportunity for companies to uncover fraudulent activity that was previously undetected during busier times. »» Employees are an important source of tips, so by increasing fraud awareness training, employees can be well equipped to know what to look for and how to report suspicious activity. »» Fraud occurs at all levels and can lead to both financial and reputational consequences. Personnel at all levels in the organization, including the board, management, and staff, have a responsibility to understand fraud risk, the company expectation around mitigation measures, and their personal responsibility to speak up and report suspicious activity or misconduct. »» The key components of a fraud awareness training pack are contained in this article, including: types of fraud, consequences, frequency and potential perpetrators, fraud indicators, controls, and how to report suspicious activity. Schubert Zaharia McKenzie
  3. 3. 42   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 ComplianceEthicsProfessional®   October2016 FEATURE Fraud is an event that few people and organizations like to acknowledge. Unfortunately, it happens in every organization and is committed at all levels. Current estimates suggest that fraud accounts for value leakage of up to 5% of revenues.2 This excludes intangible costs associated with fraud such as reputational damage, investigation expenses, and damage to the company culture. Employees are a valuable source of information for discovering potential fraud. According to the 2014 Report to the Nations on Occupational Fraud and Abuse, more than 40% of the reported fraud cases studied were discovered through tips. Employees were the source of almost half of all tips.3 Economic downturns offer a unique opportunity for fraud detection, and employees play a key role. Company restructuring and resulting staff role changes offer a renewed perspective on current business processes. Budgets are tighter and under much closer scrutiny—potentially uncovering discrepancies and inconsistencies that could be red-flags requiring further inquiry. Also, because expenditures and operations are more closely scrutinized and employees are uncertain about their positions, they might be more inclined to speak up to help the company and preserve their job. So the opportunity to uncover inappropriate activity increases, but only if employees have the awareness around what to look for and how to report. Employees trained in fraud awareness can help to identify suspicious activity. In a resource constrained environment, fraud awareness training is a low cost, high impact means to enhance fraud risk detection, management, and expectations throughout an organization. In other words, it is an effective preventive control. Programmatic approach: Ideal best practice Compliance professionals are schooled in the value of a programmatic approach to risk mitigation, so it is no surprise to a compliance professional that to be truly effective, a fraud risk management program needs to be managed holistically.4 It can be difficult to institute or reshape a fraud risk management program in tough economic times. There are limits on an organization’s human and capital resources and its overall capacity to manage continuing change. There are also constraints on how much can be spent on designing, implementing, and conducting systems of internal control. In these times, there is often ”no appetite” for new programs. Despite these realities during strained economic times, there is a low cost but high impact, effective tool to uncover and mitigate fraud risks—interactive fraud awareness training. Interactive fraud awareness training Personnel at all levels in the organization, including the board, management, and staff, have a responsibly to understand fraud risk, the company expectation around mitigation measures, and their personal responsibility to speak up and report suspicious activity or misconduct. To ensure this occurs, every member of the organization should have some form of fraud training both at the time of hire and annually thereafter. In-person, interactive sessions that maximize engagement through discussion are more effective training venues over online training. Tapping into this type of engaging awareness sessions is a source of valuable information that is an enhancement to an internal control. Effective fraud awareness training is one of the best ways to equip employees with the tools and knowledge to recognize and report fraud.
  4. 4. +1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  43 ComplianceEthicsProfessional®   October2016 FEATURE What follows is a guide to the key topics for an effective fraud awareness training program: ·· Fraud definition and the types of fraud ·· Consequences, frequency, and perpetrators ·· Recipe for fraud ·· Fraud indicators ·· Fraud controls ·· Reporting suspicious activity Fraud definition and the types of fraud Fraud: A deliberate deceit which is planned and executed to deprive an individual or company of property, money, or any other valuable security. A deceit being a mischaracterization of the actual transaction.5 According to the Association of Certified Fraud Examiners (CFE) there are three general categories of fraud:6 1. Financial statements (e.g., underestimating liabilities and/or over estimating revenues); 2. Corruption (e.g., transactions that are not arm’s length, acquisition of company property for less than market value); and 3. Asset misappropriation (e.g. falsifying expense claims, stealing money from the company account, falsifying supplier invoices, theft of stock, fictitious invoicing, and/or theft of raw materials). The types of fraud activities will vary between organizations and is a function of the type of business activities in which the entity is engaged, its inherent risks, and the fraud controls in place. Consequences, frequency, and perpetrators The financial impact of fraud is bigger than one might think. In terms of overall impact on an organization, the CFE estimates fraud losses are approximately 5% of annual revenues. In real dollars, this means an organization with annual revenues of $3 billion could be losing up to $150 million per year. This would be the equivalent of losing over $400,000 per day. Although the frequency of fraud related to asset misappropriation is the highest at over 80%, the value per incident is the lowest at about $125,000 per incident (See Figure 1). While the frequency of fraud related to manipulating financial statements is lowest at 10%, the cost per incident at $975,000 per incident is the highest.7 Although the occurrences are much less frequent, when committed by executive and senior management, the fraud incidents have a much higher financial impact. Financial Statements Corruption (…Ethics) Asset Misappro- priation 10 % 35% 84% $975k $200k $12k Legend Frequency (%) Median Loss Executive/Management Employees Frequency value of fraud by type Adapted from Association Of Certified Fraud Examiners. 2016 Report to the Nations on Occupational Fraud and Abuse. Note: The percentages do not add up to 100% as some of the fraud cases involved more than one of the three categories of occupational fraud. Figure 1
  5. 5. 44   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 ComplianceEthicsProfessional®   October2016 FEATURE Recipe for fraud Fraud is committed by individuals. Even fraud within large corporate entities is ultimately through decisions and actions of individuals. The decision to bend or break the rules is a personal one. As mentioned in the opening paragraphs, economic turbulence can increase fraud activity. Understanding how the three factors – motivation (or pressure), rationalization, and opportunity – work together to facilitate fraudulent activity helps employees understand what to look for in the organization and how to identify misconduct. Two main motivators/pressures stand out as the most significant and are enhanced in difficult economic times: the pressure to “do whatever it takes” and to seek personal gain.8 Below are listed the three factors along with phrases or rationales (in brackets) that might be heard in an organization. 1. Motive (or pressure)– The need for committing the act (i.e., want of money or the need to please). –– Do “whatever it takes” to meet goals –– Personal gain (i.e., greed such as the need to keep up appearances in the community) –– To get out of a temporary situation (e.g., the borrower: “It’s only until we get our bonus”) –– Expensive habits such as drugs or gambling (e.g., an executive with a cocaine habit) –– Desire to maintain lifestyle that one had during better economic times (e.g., keeping the summer cottage) –– Need to make ends meet to support a family (e.g., children in university) –– Over-committing oneself to assets that have dropped in value (e.g., real estate) –– Making business or personal performance targets (e.g., not reporting accidents to meet HSE targets) 2. Rationalization– The mindset that justifies the fraudulent act: –– Everyone else is doing it –– Culturally acceptable (i.e., “That’s the way we do business around here”) –– Belief they will not get caught (i.e., “They never check”) –– “I deserve it” because my salary has been cut or bonuses are less this year –– What I’m doing is not fraudulent, I’m just borrowing money from the company –– We are doing more with less around here, and I have to work harder now 3. Opportunity– A situation that enables fraud to occur (i.e., position of financial authority). Opportunity is most directly affected by the system of internal controls and generally provides the most actionable route to deterrence: –– Minimal controls or controls are not enforced –– Tone from the top (moral compass) –– Cost-cutting measures may include some fraud control mechanisms (e.g., data monitoring, fraud detection teams, surprise audits, etc.) –– Potential loss of segregation of duties as staff is reduced –– More responsibility on fewer people Fraud indicator: Behavioral warning signs Understanding the indicators of fraud is critical for staff to recognize and report potential fraud. Equally important, employees when identifying fraud warning signs must not jump to conclusions that fraud has or is actually occurring. Reporting the suspicious activity should initiate the investigative process, which
  6. 6. +1 952 933 4977 or 888 277 4977  www.corporatecompliance.org  45 ComplianceEthicsProfessional®   October2016 FEATURE will ultimately determine if fraudulent activity has occurred. The Association of Certified Fraud Examiners in the 2016 Report to the Nations noted several behavioral warning signs that were present in the majority of reported fraud cases.9 The six most common red flags shown on the graphic to the right have consistently been the six most common red flags in every report since 2008 (See Figure 2). Fraud indicators: Financial warning signs These warning signs need to be tailored to a particular business, but the following are some of the more common financial warning signs: ·· Unexplained variances between budget and actual amount ·· Abnormal changes in account balances or invoices just under approval authority amounts ·· Abnormal invoice volume ·· Rounded amount invoices ·· Infrequent or late financial reports ·· Accounting staff is 3-4 months behind on preparation of monthly bank reconciliations ·· Missing documents ·· Large liabilities related to unexpected contracts ·· Significant internal control issues being reported ·· Supplier complaints Fraud controls For fraud controls to be effective, they need to be communicated and understood. This section is an opportunity for the organization to review the controls they have in place and the expectations around compliance. This section would need to be tailored to a particular organization. Most common fraud controls as surveyed by Fraud Examiners: Frequency of Anti-Fraud Controls.10 1 0 5 10 15 20 25 30 35 40 45 50 Complained About Lack of Authority Instability in Life Circumstances Excessive Family/Peer Pressure for Success Social Isolation Past Legal Problems Other Excessive Pressure from Within Organization Past Employment-Related Problems Refusal to Take Vacations Complained About Inadequate Pay No Behavioural Red Flags Addiction Problems Irritability, Suspiciousness, or Defensiveness Divorce/family Problems Wheeler-Dealer Attitude Control Issues, Unwillingness to Share Duties Unusually Close Association with Vendor/Customer Financial Difficulties Living Beyond MeansLiving beyond their means Financial difficulties Excessive family/peer pressure for success Divorce/family problems Other Past legal problems Social Isolation Wheeler-dealer attitude Irritability, suspicious or defensive Addiction problems No behavioural red flags Unusually close with vendor/customer Control issues, unwillingness to share duties Complained about inadequate pay Refusal to take vacations Past employment-related problems Excessive pressure from within organization How to identify fraud: Behavioral Warning Signs of Fraudsters Complained about lack of authority Ø  Work Ø  Family pressure Ø  Character Ø  Financial Association Of Certified Fraud Examiners. 2016 Report to the Nations on Occupational Fraud and Abuse. Instability in life circumstances Figure 2 Control % External Audit of Financial Statement (F/S) 81.7 Code of Conduct 81.1 Internal Audit Department 73.7 Management Certification of Financial Statements (F/S) 71.9 External Audit of ICOFR 67.8 Management Review 64.7 Independent Audit Committee 62.5 Hotline 60.1 Employee Support Programs 56.1 Fraud Training for Employees 51.6 Fraud Training for Managers/Executives 51.3 Anti-Fraud Policy 48.6 Dedicated Fraud Department, Function or Team 41.2 Formal Fraud Risk Assessments 39.2 Surprise Audits 37.8 Proactive Data Monitoring/ Analysis 36.7 Job Rotation/ Mandatory Vacation 19.4 Rewards for Whistleblowers 12.1 Figure 3
  7. 7. 46   www.corporatecompliance.org  +1 952 933 4977 or 888 277 4977 ComplianceEthicsProfessional®   October2016 FEATURE Reporting suspicious activity High performing organizations embrace the concept of transparency and speaking up, but it isn’t always easy to achieve. As noted earlier, employee tips are a valuable source of fraud detection information, but employees need to be comfortable reporting suspicious activity. Reporting suspicious activity is the job of everyone, and everyone is encouraged to bring their concerns forward. In a July 2013 IPSOS Reid News release, the authors reported that 42% of Canadian workforce members that were surveyed had observed some form of misconduct in the workplace.10 Of those 42%, approximately 50% did not report it. This means that over 20% of the Canadian workforce surveyed was holding on to information about misconduct that potentially could have assisted their employer in either detecting or preventing further damage. How to speak up and report suspicious activity will vary from organization to organization. While there are a number of reasons for failing to speak up (the subject matter of many papers), one commonly cited reason is that the employee did not know how. This section of the training should include a message of encouragement around the organization’s expectation to speak up, a corporate commitment to the protections provided to individuals that come forward with information, and the various mechanisms available to make a report (i.e., speaking to a supervisor or chief compliance officer, calling into a hotline, and online reporting). Conclusion During an economic downturn, companies are often required to reduce staff and scrutinize spending. This presents an opportunity for companies to uncover fraudulent activity that was previously undetected during busier times. By increasing fraud awareness training, using inexpensive interactive training programs, employees can be well equipped to know what to look for and how to report any suspected fraud. “After all, you only find out who is swimming naked when the tide goes out.” Warren Buffett, 2001 Chairman’s Letter – Berkshire Hathaway ✵ 1. Oversight Continous Monitoring. The 2007 Oversight Systems Corporate Report on Fraud, Available at: http://bit.ly/2bHfCDs 2. Association of Certified Fraud Examiners. 2016 Report to the Nations on Occupational Fraud and Abuse, p. 8. Available at: http://www.acfe.com 3. Ibid., Ref #2, p. 36 4. Institute of Internal Auditors, American Institute of Certified Public Accountants and Association of Certified Fraud Examiners. Managing the Business Risk of Fraud: A Practice Guide, p. 8. Available at: https://na.theiia.org 5. Deepankar Sanwalka. Tools and Rules to Combat Fraud, p. 2. Available at: http://bit.ly/2bcmqHT 6. Ibid., Ref #2, p. 10 7. Ibid., Ref #2, p. 12. Note: 32% of the fraud cases analyzed involved more than one type of fraud, therefore, the sum of the percentages on the graphic do not equal 100, but are greater than 100. 8. Ibid., Ref #1, p. 2 9. Ibid., Ref#2, p. 68-71 10. Ibid., Ref#2, p. 38, Figure 47: Frequency of Anti-Fraud Controls. 11. Ipsos: “Four in Ten (42%) Employed Canadians Have Observed Some Form of Workplace Misconduct; One in Five (17%) Cite Witnessing Privacy Violations” News Polls, July 3, 2013. Available at: http://bit.ly/2bx0Tiz Heidi Schubert (heidifschubert@gmail.com) is the founder of Heidi F. Schubert Legal and Business Advisory Services in Calgary, Alberta, Canada Lisa Zaharia (lisamzaharia@gmail.com) is the Director of ZBCo. Inc in Calgary, Alberta, Canada Bruce McKenzie (mckenzie.bruce@ymail.com) is Principal at Above Ground Risk Ltd. in Ladysmith, B.C., Canada While there are a number of reasons for failing to speak up (the subject matter of many papers), one commonly cited reason is that the employee did not know how.

×