Add to collection(s) Add to saved
  1. Business
  2. Finance

WHO’S DOING WHAT, WHERE: BEST PRACTICES

advertisement 
WHO’S DOING WHAT, WHERE: BEST PRACTICES
WHO OWNS FRAUD?
UNITING CORPORATE EXECUTIVES TO MANAGE YOUR
ANTI-FRAUD PROGRAM
Successful anti-fraud programs within any organization need to stem from establishing
the key components of the program from within. This session covers the seven critical
components of an effective program, how to identify the key contributors and stakeholders,
and how to properly assign roles and responsibilities to ensure the program’s success.
MIKE SHERROD, CFE, CPA
Senior Manager
Ernst & Young
Washington, DC
Mike Sherrod is a senior manager at Ernst & Young in the Fraud Investigation & Dispute
Services practice and is based in Washington, DC.
Mike leads efforts in the United States with respect to Anti-Fraud Service where he
works with clients in conducting anti-fraud program assessments, fraud risk assessments,
fraud awareness trainings and developing and assessing fraud response plans. Mike has
conducted fraud risk assessments in various industries including, energy, manufacturing,
financial services, consumer products, telecommunications and media and entertainment. In
addition to this role, Mike has also conducted numerous reactive investigations into revenue
recognition, embezzlements and other misappropriation of asset allegations for various
clients in various industries.
Prior to joining EY, Mike was an audit manager with a large regional CPA firm. His area
of focus during this time was on audits of construction and manufacturing companies and
governmental audits of cities, counties, authorities, and school boards. He also was involved
in conducting investigations of allegations of suspected charges of embezzlement and other
misappropriation of assets schemes.
Mike worked with other professionals from EY and the AICPA to publish the book The
Guide to Investigating Business Fraud. Mike was the overall co-editor of the book and one of
the contributing authors. The book was published and released by the AICPA in September
2009.
©2011
Mike has published three articles in Fraud Magazine with members from our Forensic
Technology group on how EY developed a methodology to look at unstructured data from a
proactive basis to enhance the fraud risk assessment process and assist clients in preventing,
detecting, and monitoring against fraud. In addition, he published an article titled “Who
Owns Fraud,” which describes how companies address fraud proactively and reactively and
how synergies should be developed between internal audit, compliance, general counsel,
human resources and executive management.
“Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the
ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc.
©2011
Who Owns Fraud
Uniting Corporate Executives
to Manage Your Anti-Fraud
Program
Monday
June 13, 2011
10:20 – 11:40
San Diego, California
Who owns fraud — why is it important?
►
►
►
Many companies struggle to determine who will be
responsible for managing fraud proactively and reactively
within their organization. Not having a coordinated effort can
cause confusion in a company’s ability to respond to fraud.
This confusion can cause companies to struggle to
determine who will be responsible for managing fraudrelated issues and could ultimately place the company at
greater risk.
This can include a lack of trust by employees in the antifraud initiatives of the company, inefficient and ineffective
responses to allegations of fraudulent activity, and a
dangerous deficiency in the sharing of knowledge throughout
the company.
Page 2
“Who Owns Fraud?”
June 13, 2011
Current environment
The perfect storm for fraud & business corruption
Companies are
decentralized,
which has an
immediate effect
on internal
controls
Lack of
infrastructure and
controls in many
foreign countries
Layoffs
unemployment
and unease
continue
Budgets are
decreasing.
Companies and
organizations are
doing more with
less.
Opportunity
Internal and External
Pressure
Internal
Controls
Pressure
Anti-bribery
regulatory focus
increased globally
Page 3
“Who Owns Fraud?”
May 22, 2008
Stressed and
disaffected
employees may
have greater
ability to
rationalize
improper actions
Opportunity to
Commit Fraud
Personal
retirement plans
and market levels
remain low
Large
government
contracts
Rationalization
Employees are working in countries
with perception of bribery
June 13, 2011
Page 1
Presentation title
The top strategic risks for business
(ranking from 2009 in brackets)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Regulation and compliance (2)
Access to credit (1)
Slow recovery or double-dip
recession (3)
Managing talent (7)
Emerging markets (12)
Cost cutting (6)
Non-traditional entrants (5)
Radical greening (4)
Social acceptance and CSR
(New)
Executing alliances and
transactions (8)
Page 4
“Who Owns Fraud?”
June 13, 2011
How do you define fraud?
.
This goes a long way to determine who owns fraud
Who is monitoring corruption?
Fraud tree
Corruption
Conflicts
of
interest
Bribery and
corruption/
FCPA
Illegal
gratuities
Focus of external and internal
auditors
Fraudulent statements
Bid-rigging/
procurement
Revenue
recognition
GAAP
Reserves
T&E
fraud
Theft of
data
Non
financial
Asset misappropriation
Cash
larceny
Theft of
other assets
– inventory/
AR/
fixed assets
Fake
vendor
Payroll
fraud
Focus of internal auditors
Page 5
“Who Owns Fraud?”
June 13, 2011
What types of fraud are occurring?
Source: ACFE 2010 Report to the Nations On Occupational Fraud
Page 6
“Who Owns Fraud?”
May 22, 2008
June 13, 2011
Page 2
Presentation title
Does this change your perspective?
Dealing with different corruption schemes around the world
Page 7
“Who Owns Fraud?”
June 13, 2011
Who owns fraud?
Page 8
“Who Owns Fraud?”
June 13, 2011
Current view of risk management
Approaching risk is not always clear
External – regulators, analysts, investors
Board/senior management oversight
Audit
committee
Risk
Management
Internal
Audit
Compliance
Business
unit
Page 9
“Who Owns Fraud?”
May 22, 2008
Risk
committee
Business
unit
Internal
Control
Other
committees
Information
Technology
Business
unit
Legal and
Regulatory
External
Audit
Business
unit
June 13, 2011
Page 3
Presentation title
Who owns fraud?
How to approach
►
Define the roles and responsibilities associated with
the proactive and reactive initiatives.
►
Identify the importance of developing coordination
with these initiatives.
►
Identify gaps to assist the company in enhancing the
tone and culture within an organization to proactively
and reactively respond to fraud.
Page 10
“Who Owns Fraud?”
June 13, 2011
The elements of an anti-fraud program—
Who does what with respect to proactive and reactive approaches to fraud?
Assess
Fraud
prevention
policies
Code of
ethics
Proactive
Communication
and
training
Fraud risk
assessment
Reactive
Fraud
response
plan
Controls
monitoring
Monitor
Improve
Setting the proper tone
Communicate
Executive
Mgmt
Audit
Committee
General
Counsel
Internal
Audit
Board
Controllers
Group
Page 11
HR
Proactive and Reactive
Who
Owns Fraud?
Response To Fraud
Having a Seat at the
Table.
OIG
IT
“Who Owns Fraud?”
June 13, 2011
Using a survey to assess tone at the top
I understand the definition of fraud could include the following:
Count
Percent
Misappropriation of assets by staff
20
100%
Taking bribes or kickbacks from suppliers or
customers
15
75%
Impropriety in matters of financial reporting, either
internally or externally
20
100%
Impropriety in matters of non-financial reporting
18
90%
Misuse of company information or customer data
15
75%
20
100%
Total Responses:
Page 12
“Who Owns Fraud?”
May 22, 2008
June 13, 2011
Page 4
Presentation title
Using a survey to assess tone at the top
Page 13
“Who Owns Fraud?”
(Cont)
June 13, 2011
How to conduct a fraud risk assessment
Survey(s)
Interview(s)
Survey
Interview
Survey
Facilitated
Session
Facilitated Session(s)
Facilitated
Session
Interview
Interview
► Create and deliver customized surveys
to different levels of management and
employees throughout the
organization.
Survey
► One-on-one interviews allow
participants the opportunity to
have focused discussions, share
opinions, review facts, and
generate consensus on key
business risk in the organization
► Allows for a mechanism to capture
employees perception of fraud risks
and overall tone and culture within an
organization.
► Effective facilitated workshop sessions
allow participants the opportunity to have
focused discussions, share opinions,
review facts, and generate consensus on
key business risk in the organization
identified in the survey, interviews, or
during these sessions.
► Sometimes participants feel more
comfortable in a small setting to
share potential fraud risks.
► Employee responses are anonymous
and this typically allows for more
candid response.
Facilitated
Session
► Prioritize risks inside the organization
into “Heat Maps”
► Determine next steps such as data
analytics and review of controls.
► Graphical analysis and sharing of
results with management provide
insight into unforeseen risks, potential
fraud, or other concerns.
Page 14
“Who Owns Fraud?”
June 13, 2011
End result: Where are your risks? — Next steps
Critical
2
9
6
4
Significant
Severity of Impact
3
5
8
1
7
Minor
Very Rare
Possible
Likely
Likelihood of Occurrence
Fraudulent Statement Schemes
Page 15
“Who Owns Fraud?”
May 22, 2008
Corruption Schemes
Misappropriation of Asset Schemes
June 13, 2011
Page 5
Presentation title
Fraud controls monitoring — Next steps
Are controls in place to mitigate the risk identified?
Identify the appropriate
controls to monitor based on
the associated level of risk and
identify the process owner who
will be responsible
16
Page 16
“Who Owns Fraud?”
June 13, 2011
Roles and responsibilities — Fraud response
Page 17
“Who Owns Fraud?”
June 13, 2011
Fraud response plan — Reactive protocol
Page 18
“Who Owns Fraud?”
May 22, 2008
June 13, 2011
Page 6
Presentation title
Next steps
Fraud detection analytics — maturity model
Unstructured
Data
Structured
Data
Low
Matching, Grouping, Ordering,
Joining, Filtering
Predictive Modeling, Anomaly
Detection, Clustering
Rules-Based Queries & Analytics
Statistical-Based Analysis
Data visualization, Drill-down
into data, Text Mining
Keyword Search
Traditional Keyword Searching
High
Page 19
High
Detection Rate
“Who Owns Fraud?”
Data Visualization & Text Mining
False Positive Rate
Low
June 13, 2011
Who owns fraud? — The issue
“Many corporations have too many departments
handling fraud with no coordinated efforts.”
-Jim Ratley, President of the Association of Certified Fraud Examiners
Many companies struggle to determine
who will be responsible for managing
fraud proactively and reactively
within their organization.
Page 20
“Who Owns Fraud?”
June 13, 2011
Questions?
Page 21
“Who Owns Fraud?”
May 22, 2008
June 13, 2011
Page 7
Presentation title
Related documents
Using CommonKADS Method to Build Prototype System in
Using CommonKADS Method to Build Prototype System in
WCMSRiskManagement
WCMSRiskManagement
Internet Problems & Solutions Essay
Internet Problems & Solutions Essay
The Headright System Yazoo Land Fraud (Allocation By Price)
The Headright System Yazoo Land Fraud (Allocation By Price)
Financial Certification
Financial Certification
Download
advertisement