here
advertisement
“Insurance Fraud, from the Perspective of Asset Protection” Presenter: Winston Delahaye; CFE, M.Sc. 1 Fraud is a common risk that should not be ignored. The incidence of fraud is now so common that its occurrence is no longer remarkable, only its scale. Any entity that fails to protect itself appropriately from fraud should expect to become a victim of fraud, or rather, should expect to discover that it is a victim of fraud. 2 What is Fraud? • It is any illegal acts characterized by deceit, • • concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetuated by individuals and organizations to obtain money, property or services; to avoid payment or loss of services; or to secure personal or business advantage. 3 Historical Perspective The oldest available recorded instances of fraud occur in the Bible: 1. Genesis 3:13 ‘Inter alia’…….and the woman said, ‘the serpent tricked me, and I did eat.’ 2. Genesis 27:11-12 11 - And Jacob said to ……his mother, ‘Behold, Esau my brother is a hairy man, and I am a smooth man 12 - My father peradventure will feel me, and I shall seem to him as a deceiver……..’. 4 The Impact of Fraud on Insurance Globally According to a recent Federal Bureau of Investigations report on financial crimes, approximately US$1 trillion dollars is collected in insurance premiums annually. The report also stated that health care expenditures represented approximately 16.5% of Gross Domestic Product of the US economy and that by 2012 the total health care spending will exceed US$ 3.3 trillion. 5 The Impact of Fraud on Insurance Globally INSURANCE FRAUD STATISTICS: • Billions of dollars are lost every year in insurance fraud. • Some countries including the US have compiled some statistics in their attempt to combat this expensive economic crime. • For example, the INSURANCE INFORMATION INSTITUTE FACT BOOK 2004, claims that insurance fraud cost insurers and corporate buyers of insurance more than US $80 billion. • The COALITION AGAINST INSURANCE FRAUD (CAIF) contends that although it is hard to determine how big insurance fraud has gotten because so much goes undetected, and a complete research has yet to be done, they do know that : 6 The Impact of Fraud on Insurance Globally INSURANCE FRAUD STATISTICS: • Health care fraud costs Americans $54 billion a year. • According to a study by the RAND INSTITUTE FOR CIVIL JUSTICE, more than a third of people hurt in auto accidents exaggerate their injuries to the tune of an extra $13 – $15 billion in insurance costs. • The JOURNAL OF THE AMERICAS MEDICAL ASSOCIATION states that, Nearly a 3rd of doctors inflate the severity of a patient’s illness to help them avoid early hospital discharge. • The CAIF states that fraud schemes result in; - the loss of a person’s savings, endangering their health, constant increase in premiums and consumer goods, loss of jobs and, in some Instances, loss of life or quality of life. 7 The Impact of Fraud on Insurance Regionally 8 The Impact of Fraud on Insurance Regionally 9 The Impact of Fraud on Insurance Regionally 10 The Impact of Fraud on Insurance Regionally • St. John’s, Antigua, April 2002 - three investigating judges have been charged with figuring out where $230 million or more in state health insurance money has gone. • Kingston, Jamaica, July 2005 - MARK Thwaites, the former chief operating officer of the bankrupt Dyoll Insurance Company, faced the …..Court …on charges of insurance fraud. • Kingston, Jamaica, Sept. 2006 - Insurance fraud exposes firms and motorists: The insurance industry is losing millions of dollars in premiums due to a mushrooming cover note racket, major players in the market have revealed. While unable to place an exact dollar figure on the losses, stakeholders said that it has long passed 6 figures. • Guyana, Feb. 2007 - Guyanese police are questioning five employees of Clico Life Insurance in Guyana and seeking two others in connection with a $16 million fraud detected at the company. 11 The Impact of Fraud on Insurance Regionally • Trinidad & Tobago, May 2008 - Chairman of the Inter-Insurance Fraud Committee of the Association of Trinidad and Tobago Insurance Companies (Attic) Philip De Silva, said yesterday that incidents of fraud could hurt T&T’s chances of becoming the international financial centre of the region. • Trinidad, January 2007 - The Goodwill Scandal: No 'goodwill‘ at Goodwill - Goodwill General Insurance Company Ltd and its brokers and agents continued to issue new motor insurance policies in violation of a March 7, 2006 directive from the Central Bank to not write new business or renew policies. • Barbados, October 2005 - While not admitting that it did anything wrong, Doctors Benefit Insurance Company Limited (DBIC) of Barbados has agreed to pay the United States Internal Revenue Service (IRS) US$2.3 million (BDS$4.6 million) for selling supplemental disability policies to 2,800 doctors in the United States under the guise that the premiums were fully tax deductible. 12 Types of Insurance Fraud • Insurance fraud may be classified as “hard” or “soft.” • Hard fraud - is a deliberate attempt either to stage or invent an accident, injury, theft, arson or other type of loss that would be covered under an insurance policy. • Soft fraud is sometimes called opportunity fraud and occurs when a policyholder or claimant exaggerates a legitimate claim. – For example, A car owner involved in a “fender bender” who pads the claim to cover the policy deductible is committing soft fraud. – Another example is exaggerating the number and value of items stolen from a home or business. 13 Types of Insurance Fraud • Soft fraud may also occur when people purposely provide false information to influence the underwriting process in their favour when applying for insurance. – To lower insurance premiums or increase the likelihood that the application for insurance will be accepted, people may underreport the number of miles driven, – misrepresent where a car is garaged, – fail to provide an accurate medical history when applying for health insurance or, – falsify the number of employees and the nature of their work for workers compensation coverage. 14 TYPES OF INSURANCE FRAUD (CONTD.) AGENT/BROKER FRAUD Cash, Loan, and Dividend Checks A company employee without the knowledge of an insured or contract holder requests cash, loan or a dividend cheque and either deposits the cheque into his bank account or into a fictitious account. The employee, in order to minimize his chances of being detected committing a fraudulent act, might change the company policyholder’s address of record to either his address or a fictitious address. Once the cheque is issued, the address is then changed back to the previous address. 15 TYPES OF INSURANCE FRAUD (CONTD.) Settlement Cheques Company employees can misdirect settlement cheques such as Matured Endowment, paid Up, etc., to the branch office, to their homes, or to a fictitious address. The employee can easily create a cheque defalcation by changing the address of record prior to the settlement date then replacing the contract holder’s correct address after the settlement cheque has been received and fraudulently issued. This is particularly possible with Orphan policy/contract holders whose whereabouts are unknown, agents have left, or/and they have been assigned to a servicing agent. 16 AGENT / BROKER TYPES (CONTD) Premium Fraud Agent collects the premium, but doesn’t remit the cheque to the insurance company. The insured has no coverage. Fictitious Payees An agent or a clerk can change the beneficiary of record to a fictitious person and subsequently submit the necessary papers to authorize the issuance of a cheque. Fictitious Death Claims An agent or employee obtains a fictitious death certificate and requests that a death claim cheque be issued. The agent receives the cheque and cashes it. The sales representative can also write a fictitious application and, after the contestable period (usually two years), submit a phony death claim form and obtain the proceeds. The agent therefore, by investing a few thousand dollars could obtain far more from this fraudulent claim. 17 UNDERWRITNG IRREGULARITIES Equity funding This is the process of using existing premium / policy values to finance new businesses. As long as the insured is aware of what is being done by the agent and fully understands the long range method of payment on the new payment contract, there is no apparent underwriting irregularity. Equity funding techniques, also known as piggybacking, usually do not produce Quality business. Furthermore, the company increases the amount of life Insurance on the books but receives little or no new funds while incurring increased sales and administrative expenses associated with the issue of that new business. Equity funding irregularities might involve improper financial benefits to field personnel as well as annual incentive bonuses paid to management if applicable. 18 UNDERWRITING IRREGULARITIES (CONTD.) Misrepresentation This might occur if a sales representative makes a false statement with the intent to deceive the prospective insured in order to knowingly obtain an unlawful gain. False Information A company employee might submit the following false information to obtain an unlawful gain : • Improper medical information to obtain a better insurable rate for the prospective policyholder, i.e. standard to preferred rate. • Improper date of birth to obtain a cheaper premium on the new policy. • Improper home address to obtain a cheaper premium for home or automobile insurance. 19 UNDERWRITING IRREGULARITIES (CONTD.) Fictitious Policies A salesman, in order to keep his position, or improve his writing record, submits fictitious policies. Prior to leaving a company, an individual writes fictitious policies called TOMBSTONE CASES to improve his commission pool so that his compensation will be greater. TOMBSTONE means an agent literally takes names from tombstones in a cemetery and writes new policies. Some Jamaican companies call them LIGHTPOSTS. Sliding The term used for including additional coverages in the insurance policy without the knowledge of the insured. The extra charges are hidden in the Total premium and since the insured is unaware of the coverage, few claims are ever filed. For example, accidental death and travel accident coverages can usually be slipped into the policy without the knowledge of the insured. 20 UNDERWRITING IRREGULARITIES (CONTD.) TWISTING This is the replacement, usually by high pressure sales techniques, of existing policies for new ones. The primary reason, of course, is for the agent to profit since first year sales commissions are much higher than commissions for existing policies. Churning This occurs when agents falsely tell customers that they can buy additional insurance for nothing by using built-up value in their current policies. In reality, the cost of the new policies frequently exceeds the value of the old ones. 21 VEHICLE INSURANCE SCHEMES Ditching Also known as owner give-ups, is getting rid of a vehicle to cash in on an insurance policy or to settle an outstanding loan. The vehicle is normally expensive and purchased with a small down payment. The vehicle is reported stolen, stripped for parts or taken to a pound and destroyed. The scheme sometimes involves homeowner’s insurance for the property that was “stolen” in the vehicle. Past Posting This is a scheme in which a person becomes involved in an automobile accident, but doesn’t have insurance. The person gets insurance, waits a little bit of time, and then reports the vehicle as being in an accident, thus collecting for the damages. 22 VEHICLE INSURANCE SCHEMES (CONTD.) Vehicle Smuggling This scheme involves the purchase of a new vehicle with maximum financing. A counterfeit certificate of the vehicle’s title is made showing that it is free and clear. The vehicle is insured to the maximum, with minimum deductible theft coverage. It is then shipped to a foreign port and reported stolen. The car is sold at its new location and insurance is also collected for the “theft.” Vehicle Repair This involves the billing of new parts on a vehicle when used parts were actually replaced in the vehicle. Sometimes this involves collusion between the adjuster and the body repair shop. 23 VEHICLE INSURANCE SCHEMES (CONTD.) Phantom Vehicles The certificate of title is a document that shows the legal ownership of a vehicle, even though it is not absolute proof that a vehicle exists, it is the basis for the issuance of insurance policies. Collecting on a phantom vehicle has Been shown to be easy to do. Staged Accidents Two drivers purposely collide where they will not be observed. Additional damage may be added to the vehicles after impact. The cars are then driven to a road or highway and arranged so that the accident appears to have occurred there. The police are then notified. 24 VEHICLE INSURANCE SCHEMES (CONTD.) Two Vehicle Accident Perpetrators cause an accident and then lead the innocent driver to believe that it was their fault. Swoop & Squat The victim is passed by two cars while driving. The car in the lead will cut in front of the second, forcing it to stop abruptly. The victim rear-ends the second car while the other driver speeds away. Victims usually accept responsibility for the accident, thinking it is their fault for not paying attention. The rear-ended vehicle usually contains the maximum amount of passengers possible, all with injuries. Vehicle Identification Number (VIN) – Switch These are the works of professionals who switch VIN numbers from vehicles w wrecked, sold and reported as being repaired, to a stolen vehicle of the same make and model. 25 “RED FLAGS” OF INSURANCE FRAUD • Claim made immediately after policy inception or increase in coverage. • Insured has history of many claims and losses. • At inception, insured asked hypothetical questions about coverage in the event of a loss, similar to the actual claim. • Claim is not well documented, the insured is pushy, insistent on fast settlement, and is unusually well informed about insurance coverage and claims procedures. • Burglary loss claim include large, bulky property which is unusual for a burglary. 26 “RED FLAGS” OF INSURANCE FRAUD (CONTD.) • Personal or sentimental property normally seen among the lost property of a fire loss claim, is conspicuously absent. • Insured cannot remember, does not know, where claimed property was acquired, and cannot provide adequate descriptions. • Claim too perfect – insured already has receipts, other documentation, witnesses, and duplicate photographs. • Fire and theft loss claims involves recently purchased, expensive property, especially where insured cannot provide receipts, owner’s manuals, etc. 27 “RED FLAGS” OF INSURANCE FRAUD (CONTD.) • Amount on claim differs from value given to police. • Insured is able to give police complete list of lost property on the day of the burglary or shortly afterwards. • Documentation provided by insured is irregular or questionable such as: - numbered receipts from the same store and dated differently or nonsequentially; - documents show signs of alteration of dates, descriptions or amounts; - insured apparent handwriting on receipts, invoices or appraisals; - incorrect computation of tax; - receipts, invoices, or shipping documents not stamped “paid,” or “received”. 28 “RED FLAGS” OF INSURANCE FRAUD (CONTD.) • Physical evidence is inconsistent with the loss claimed by the insured, for example, in burglary loss there is no evidence of breaking and entering; in fire loss there is evidence of accelerant or remains do not match claimed property; physical damage to insured’s car is inconsistent with having being in a collision; etc. • Information on life application is vague, ambiguous as to details of health, history, dates, places of treatment, names of physicians / hospitals, or specific diagnosis. • Application not signed or pertinent questions not answered such as income, other insurance carried, hazardous duties, or aviation or flying activity, etc. • Insured has “excess” insurance at the time of insurance or earned income does not warrant amount of insurance being applied for. • Signature at the date of the application, differs from the signature at the date of the claim. 29 “RED FLAGS” OF INSURANCE FRAUD (CONTD.) • Patient’s records missing from hospital or doctor’s office. • Pressure for speed of handling – claimant wants to stop by the office to pick up his cheque “as we’re leaving for vacation in the morning.” • Series of prescription numbers from the same drugs store don’t coincide chronologically with the dates of the prescriptions. • Preliminary information for a business fire loss or home fire loss indicates considerable financial difficulties and financial pressures being brought upon the owner and the fire is suspicious in nature and / or origin. • Burglary loss claim investigator observes that the remaining contents of the scene are of inferior quality than the alleged stolen ones, there is no indentation in the carpet where heavy items of furniture or equipment were allegedly placed, no hooks or nails in walls that allegedly hung valuable pictures, and / or entrances or exits too small to take large items through without laboriously disassembling it. 30 Guidance to Help Prevent and Deter Fraud - Protecting Assets 1. Creating A Culture of Honesty and High Integrity. 2. Evaluating Anti-Fraud Processes and Controls. 3. Developing an Appropriate Oversight Process 4. Documentation 31 CREATING A CULTURE OF HONESTY AND HIGH ETHICS - Setting the Tone at the Top - Creating a Positive Workplace Environment - Hiring and Promoting Appropriate Employees - Training - Confirmation - Discipline 32 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Setting the Tone at the Top 1. 2. 3. 4. Directors and officers of corporations set the “tone at the top” for ethical behavior within any organization. Research in moral development strongly suggests that honesty can best be reinforced when a proper example is set—sometimes referred to as the tone at the top. The management of an entity cannot act one way and expect others in the entity to behave differently. It is always necessary for management to both behave ethically and openly communicate its expectations for ethical behavior because most employees are not in a position to observe management’s actions. 33 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Setting the Tone at the Top 5. Management must show employees through its words and 6. actions that dishonest or unethical behavior will not be tolerated, even if the result of the action benefits the entity. It should be evident that all employees will be treated equally, regardless of their position. For example, statements by management regarding the absolute need to meet operating and financial targets can create undue pressures that may lead employees to commit fraud to achieve them. Setting unachievable goals for employees can give them two unattractive choices: fail or cheat. In contrast, a statement from management that says, 34 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Setting the Tone at the Top “We are aggressive in pursuing our targets, while requiring truthful financial reporting at all times,” clearly indicates to employees that integrity is a requirement. This message also conveys that the entity has “zero tolerance” for unethical behavior. 7. The cornerstone of an effective antifraud environment is a culture with a strong value system founded on integrity. 8. This value system often is reflected in a code of conduct. 9. The code of conduct should reflect the core values of the entity and guide employees in making appropriate decisions during their workday. 10. The code of conduct might include such topics as ethics, confidentiality, conflicts of interest, intellectual property, sexual harassment, and fraud. 35 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Setting the Tone at the Top • For a code of conduct to be effective, it should be communicated to all personnel in an understandable fashion. • It also should be developed in a participatory and positive manner that will result in both management and employees taking ownership of its content. • The code of conduct should be included in an employee handbook or policy manual, or in some other formal document or location – the intranet so it can be referred to when needed 36 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Creating a Positive Workplace Environment 1. Research results indicate that wrongdoing occurs less frequently when employees have positive feelings about an entity than when they feel abused, threatened, or ignored. 2. Without a positive workplace environment, there are more opportunities for poor employee morale, which can affect an employee’s attitude about committing fraud against an entity. Factors that detract from a positive work environment and may increase the risk of fraud include: • Top management that does not seem to care about or reward appropriate behavior • Negative feedback and lack of recognition for job performance • Perceived inequities in the organization • Autocratic rather than participative management 37 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Creating a Positive Workplace Environment • Low organizational loyalty or feelings of ownership • Unreasonable budget expectations or other financial targets • Fear of delivering “bad news” to supervisors and/or management • Less-than-competitive compensation • Poor training and promotion opportunities • Lack of clear organizational responsibilities • Poor communication practices or methods within the organization The human resources department often is instrumental in helping to build a corporate culture and a positive work environment. Human resource professionals are responsible for implementing specific programs and initiatives, consistent with management’s strategies that can help to mitigate many of the detractors mentioned above. 38 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Creating a Positive Workplace Environment Mitigating factors that help create a positive work environment and reduce the risk of fraud may include: • Recognition and reward systems that are in tandem with goals and results • Equal employment opportunities • Team-oriented, collaborative decision-making policies • Professionally administered compensation programs • Professionally administered training programs and an organizational priority of career development Employees should be empowered to help create a positive workplace environment and support the entity’s values and code of conduct. They should be given the opportunity to provide input to the development and updating of the entity’s code of conduct, to ensure that it is relevant, clear, and fair. Involving employees in this fashion also may effectively contribute to the oversight of the entity’s code of conduct and an environment of ethical behaviour. 39 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Creating a Positive Workplace Environment • Employees should be given the means to obtain advice internally before making decisions that appear to have significant legal or ethical implications. They should also be encouraged and given the means to communicate concerns, anonymously if preferred, about potential violations of the entity’s code of conduct, without fear of retribution. • Many organizations have implemented a process for employees to report on a confidential basis any actual or suspected wrongdoing, or potential violations of the code of conduct or ethics policy. Some examples - a telephone “hotline” that is directed to or monitored by an ethics officer, fraud officer, general counsel, internal audit director, or another trusted individual responsible for investigating and reporting incidents of fraud or illegal acts. 40 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Hiring and Promoting Appropriate Employees Each employee has a unique set of values and personal code of ethics. When faced with sufficient pressure and a perceived opportunity, some employees will behave dishonestly rather than face the negative consequences of honest behavior. If an entity is to be successful in preventing fraud, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Proactive hiring and promotion procedures may include: • Conducting background investigations on individuals being considered for employment or • • • • for promotion to a position of trust Thoroughly checking a candidate’s education, employment history, and personal references Periodic training of all employees about the entity’s values and code of conduct Incorporating into regular performance reviews an evaluation of how each individual has contributed to creating an appropriate workplace environment in line with the entity’s values and code of conduct. Continuous objective evaluation of compliance with the entity’s values and code of conduct, with violations being addressed immediately. 41 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Training • New employees should be trained at the time of hiring about the entity’s values and its code of conduct. This training should explicitly cover expectations of all employees regarding: • their duty to communicate certain matters; • a list of the types of matters, including actual or suspected fraud, to be communicated along with specific examples; and • information on how to communicate those matters. • There also should be an affirmation from senior management regarding employee expectations and communication responsibilities. Such training should include an element of “fraud awareness,” the tone of which should be positive but nonetheless stress that fraud can be costly (and detrimental in other ways) to the entity and its employees. • In addition to training at the time of hiring, employees should receive refresher training periodically thereafter. Ongoing training for certain positions, maybe considered for purchasing agents or employees with financial reporting responsibilities. Training should be specific to an employee’s level within the organization, geographic location, and assigned responsibilities. For example, training for senior manager level personnel would normally be different from that of non-supervisory employees, and training for purchasing agents would be different from that of sales representatives. 42 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Confirmation • Management needs to clearly articulate that all employees will be held accountable to act within the entity’s code of conduct. All employees within senior management and the finance function, as well as other employees in areas that might be exposed to unethical behavior (for example, procurement, sales and marketing) should be required to sign a code of conduct statement annually, at a minimum. • Requiring periodic confirmation by employees of their responsibilities will not only reinforce the policy but may also deter individuals from committing fraud and other violations and might identify problems before they become significant. • Such confirmation may include statements that the individual understands the entity's expectations, has complied with the code of conduct, and is not aware of any violations of the code of conduct other than those the individual lists in his or her response. • Although people with low integrity may not hesitate to sign a false confirmation, most people will want to avoid making a false statement in writing. Honest individuals are more likely to return their confirmations and to disclose what they know (including any conflicts of interest or other personal exceptions to the code of conduct). Thorough follow-up by internal auditors or others regarding non-replies may uncover significant issues. 43 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Discipline The way an entity reacts to incidents of alleged or suspected fraud will send a strong deterrent message throughout the entity, helping to reduce the number of future occurrences. The following actions should be taken in response to an alleged incident of fraud: • • • • A thorough investigation of the incident should be conducted. Appropriate and consistent actions should be taken against violators. Relevant controls should be assessed and improved. Communication and training should occur to reinforce the entity’s values, code of conduct, and expectations. Expectations about the consequences of committing fraud must be clearly Communicated throughout the entity. 44 CREATING A CULTURE OF HONESTY AND HIGH ETHICS Discipline For example, a strong statement from management that dishonest actions will not be tolerated, and that violators may be terminated and referred to the appropriate authorities, clearly establishes consequences and can be a valuable deterrent to wrongdoing. If wrongdoing occurs and an employee is disciplined, it can be helpful to communicate that fact, on a no-name basis, in an employee newsletter or other regular communication to employees. Seeing that other people have been disciplined for wrongdoing can be an effective deterrent, increasing the perceived likelihood of violators being caught and punished. It also can demonstrate that the entity is committed to an environment of high ethical standards and integrity. 45 EVALUATING ANTIFRAUD PROCESSES AND CONTROLS - Identifying and Measuring Fraud Risks - Mitigating Fraud Risks - Implementing and Monitoring Appropriate Internal Controls 46 EVALUATING ANTIFRAUD PROCESSES AND CONTROLS Misappropriation of assets cannot occur without a perceived opportunity to commit and conceal the act. Organizations should be proactive in reducing fraud opportunities by; • (1) Identifying and measuring fraud risks, • (2) Taking steps to mitigate identified risks, and • (3) Implementing and monitoring appropriate preventive and detective internal controls and other deterrent measures. 47 EVALUATING ANTIFRAUD PROCESSES AND CONTROLS Identifying and Measuring Fraud Risks – – – – – Management has primary responsibility for establishing and monitoring all aspects of the entity’s fraud risk-assessment and prevention activities. Fraud risks often are considered as part of an enterprise-wide risk management program, though they may be addressed separately. The fraud risk-assessment process should consider the vulnerability of the entity to fraudulent activity and whether any of those exposures could result in a material loss to the organization. In identifying fraud risks, consideration should be given to industry, and country-specific characteristics that influence the risk of fraud. The nature and extent of management’s risk assessment activities should be commensurate with the size of the entity and complexity of its operations. For example, the risk assessment process is likely to be less formal and less structured in smaller entities. 48 EVALUATING ANTIFRAUD PROCESSES AND CONTROLS Identifying and Measuring Fraud Risks However, management should recognize that fraud can occur in organizations of any size or type, and that almost any employee may be capable of committing fraud given the right set of circumstances. Accordingly, management should develop a heightened “fraud awareness” and an appropriate fraud riskmanagement program, with oversight from the board of directors or audit committee. 49 EVALUATING ANTIFRAUD PROCESSES AND CONTROLS Mitigating Fraud Risks • It may be possible to reduce or eliminate certain fraud risks by making changes to the entity’s activities and processes. • An entity may choose to sell certain segments of its operations, cease doing business in certain locations, or reorganize its business processes to eliminate unacceptable risks. • For example, the risk of misappropriation of funds may be reduced by implementing a central lockbox at a bank to receive payments instead of receiving money at the entity’s various locations. The risk of corruption may be reduced by closely monitoring the entity’s procurement process. 50 EVALUATING ANTIFRAUD PROCESSES AND CONTROLS Implementing and Monitoring Appropriate Internal Controls • Some risks are inherent in the environment of the entity, but most can be addressed with an appropriate system of internal control. • Once fraud risk assessment has taken place, the entity can identify the processes, controls, and other procedures that are needed to mitigate the identified risks. • Effective internal control will include a well-developed control environment, an effective and secure information system, and appropriate control and monitoring activities. • Because of the importance of information technology in supporting operations and the processing of transactions, management also needs to implement and maintain appropriate controls, whether automated or manual, over computer-generated information. • In particular, management should evaluate whether appropriate internal controls have been implemented in any areas management has identified as posing a higher risk of fraudulent activity. 51 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS - Audit Committee or Board of Directors - Management Internal Auditors Independent Auditors Certified Fraud Examiners 52 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS To effectively prevent or deter fraud, an entity should have an appropriate oversight function in place. Oversight can take many forms and can be performed by many within and outside the entity, under the overall oversight of the audit committee of the board of directors. 53 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS Audit Committee or Board of Directors • The audit committee should evaluate management’s identification of fraud risks, implementation of antifraud measures, and creation of the appropriate “tone at the top.” • Active oversight by the audit committee can help to re-inforce management’s commitment to creating a culture with “zero tolerance” for fraud. The audit committee typically has the ability and authority to investigate any alleged or suspected wrongdoing brought to its attention. • Most audit committee charters empower the committee to investigate any matters within the scope of its responsibilities, and to retain legal, accounting, and other professional advisers as needed to advise the committee and assist in its investigation. 54 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS Management • Management is responsible for overseeing the activities carried out by employees, and typically does so by implementing and monitoring processes and controls, as mentioned earlier. • However, management also may initiate, participate in, or direct the commission and concealment of a fraudulent act. Accordingly, the audit committee has the responsibility to oversee the activities of senior management 55 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS Internal Auditors • An effective internal audit team can be extremely helpful in performing aspects of the oversight function. Their knowledge about the entity may enable them to identify indicators that suggest fraud has been committed. • Internal audits can be both a detection and a deterrence measure. Internal auditors can assist in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of internal control, commensurate with the extent of the potential exposure or risk in the various segments of the organization's operations. • Internal auditors may conduct proactive auditing to search for corruption and misappropriation of assets. 56 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS Independent Auditors • Independent auditors can assist management and the board of directors (or audit committee) by providing an assessment of the entity’s process for identifying, assessing, and responding to the risks of fraud. • The board of directors (or audit committee) should have an open and candid dialogue with the independent auditors regarding management’s risk assessment process and the system of internal control. • Such a dialogue should include a discussion of the entity’s exposure to misappropriation of assets. 57 DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS Certified Fraud Examiners • Certified fraud examiners may assist the audit committee and board of directors with aspects of the oversight process either directly or as part of a team of internal auditors or independent auditors. • Certified fraud examiners can provide extensive knowledge and experience about fraud that may not be available within an entity. 58 Documentation - Written Fraud Policy - Code of conduct - Code of Ethics Statement 59 Who is responsible for the Detection of Fraud? Management is responsible for designing and implementing systems and procedures for the prevention and detection of fraud and, along with the board of directors, for ensuring a culture and environment that promotes honesty and ethical behavior. 60 Questions? Contact Information: Email: winston.delahaye@ghl.com.jm Telephone: 1-876-355-2856 1-876-770-5537 61
