Key principles applied by Witzenberg Municipality to Manage of Fraud Presented by: Gerhard Louw Internal Audit PEC Engagement 25 July 2013 IIA Guideline of fraud risk management Fraud anchor principles Principle 1 - Policy and procedures Principle 2 - Periodically fraud risk assessment Principle 3 - Prevention techniques Principle 4 - Detection techniques Principle 5 - Reporting and corrective action Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the Council and senior management regarding managing fraud risk. Fraud prevention policy Performance, Risk and Audit Committee News letters – awareness – Community and internal Fraud committee Fraud Month Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Fraud risk Identification Put on your “fraudster cap” for each process and capital project Think like a fraudster – “e.g. How can I beat the system?” Implement controls to mitigate Monthly Inter-action with local Police Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. E.g. Various Procurement declaration required from suppliers (MBD’s) Employees code of conduct Suppliers code of conduct Background checks Transunion checks on potential suppliers E.g bank detail fraud - one person Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Ghost employees Monthly select a few employees from payroll and physical verify existence and identification numbers Inventory checks Reconciliations Financial System Exception reports Audit projects – fraud considerations Monthly SCM deviation report to council Pre-determined/automated tests to detect abnormalities – Procurement threshold – monthly check of payments nearby threshold values – investigate exceptions Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. National Fraud Line - News letter and website Risk Management reporting Own Fraud Line – best practice NEW IDEAS • CRO and CAE Forum needs to spend to more time on fraud detection, prevention and mitigating controls ? Thank you