Key principles applied by
Witzenberg Municipality to Manage
of Fraud
Presented by: Gerhard Louw
Internal Audit
PEC Engagement
25 July 2013
IIA Guideline of fraud risk management
Fraud anchor principles
Principle 1 - Policy and procedures
Principle 2 - Periodically fraud risk assessment
Principle 3 - Prevention techniques
Principle 4 - Detection techniques
Principle 5 - Reporting and corrective action
Principle 1:
As part of an organization’s governance structure, a fraud risk
management program should be in place, including a written
policy (or policies) to convey the expectations of the Council
and senior management regarding managing fraud risk.
 Fraud prevention policy
 Performance, Risk and Audit Committee
 News letters – awareness – Community and
internal
Fraud committee
Fraud Month
Principle 2:
Fraud risk exposure should be assessed periodically
by the organization to identify specific potential
schemes and events that the organization needs to
mitigate.
 Fraud risk Identification
 Put on your “fraudster cap” for each process and capital
project
 Think like a fraudster – “e.g. How can I beat the
system?”
 Implement controls to mitigate
 Monthly Inter-action with local Police
Principle 3:
Prevention techniques to avoid potential key fraud risk
events should be established, where feasible, to
mitigate possible impacts on the organization.
 E.g. Various Procurement declaration required from
suppliers (MBD’s)
 Employees code of conduct
 Suppliers code of conduct
 Background checks
 Transunion checks on potential suppliers
 E.g bank detail fraud - one person
Principle 4:
Detection techniques should be established to
uncover fraud events when preventive
measures fail or unmitigated risks are realized.
 Ghost employees
 Monthly select a few employees from payroll and physical verify existence
and identification numbers
 Inventory checks
 Reconciliations
 Financial System Exception reports
 Audit projects – fraud considerations
 Monthly SCM deviation report to council
 Pre-determined/automated tests to detect abnormalities
– Procurement threshold – monthly check of payments nearby threshold
values – investigate exceptions
Principle 5:
A reporting process should be in place to solicit input
on potential fraud, and a coordinated approach to
investigation and corrective action should be used to
help ensure potential fraud is addressed appropriately
and timely.
 National Fraud Line - News letter and website
 Risk Management reporting
 Own Fraud Line – best practice
NEW IDEAS
• CRO and CAE Forum needs to spend to more
time on fraud detection, prevention and
mitigating controls ?
Thank you