Add to collection(s) Add to saved
  1. Business
  2. Management

2-250 Audit Risk Assessments at Transit Agencies (KPMG)

GLOBAL SERVICE/ INDUSTRY
Audit Risk Assessments
at Transit Agencies
National Fraud Awareness Conference on
Transportation Infrastructure Programs
July 27, 2010
AUDIT / TAX / ADVISORY / LINE OF BUSINESS
Presenter Introductions
John (Jack) E. Reagan, III
Partner, Audit – KPMG, LLP
Kenneth R. Jones
Director, Fraud Risk Management – KPMG, LLP
Leon Langford
Audit Supervisor - Office of Inspector General
Washington Metropolitan Area Transit Authority
(WMATA)
2
Presentation Outline
The Case for Risk Assessments
Enterprise-wide vs. Fraud Risk Assessments
Fraud Risk Management
Fraud Risk Assessments
The Value of Risk Assessments to Auditors
Case Example:
WMATA OIG - Department of Bus Services (BUSV)
3
The Case for Risk Assessments
4
Fraud Enforcement and Recovery Act (FERA)
of 2009
Increased Funding for False Claim Act Investigations
$330 million over 2 years to DOJ
$40 million over 2 years to SEC
$60 million over 2 years to Postal Inspection Service
$40 million over 2 years to Secret Service
5
Recent Changes Impacting Frauds Against the
Government
A Brief History of the False Claims Act:
The False Claims Act dates back to the Civil War when,
in 1863, President Abraham Lincoln and the Congress
enacted this law to combat procurement fraud.
Unscrupulous defense contractors were billing the Union
Army for:
dead mules,
boots with soles that had been glued on, rather than
stitched (and were coming apart in the rain and mud),
gunpowder that had been salted down with sawdust.
6
FERA enhancements to the False Claims Act
FERA expanded liability to virtually every recipient of federal
funding (contractors, sub-contractors, any recipient)
FERA expanded the protection of whistle blowers (not just
employees, but contractors, competitors, etc.)
FERA allows whistle blowers access to information gained
from government subpoenas
FERA expands the statute of limitations for FCA actions,
specifying that government complaints "relate back" to
earlier whistleblower complaints.
Earlier FCA Provisions Still in Effect:
Qui Tam Relators
Treble Damages
7
Improper Payments Information Act (IPIA) of
2002
The Improper Payments Information Act (IPIA) of 2002,
requires annual estimates of improper payments
helped frame the issue and the magnitude of the problem
The ensuing efforts to improve the tracking of improper
payments and subsequent findings of significant and
growing levels of estimated improper payments in turn led
to the Presidential Executive Order.
8
Executive Order – Reducing IP and Eliminating Waste in
Federal Programs (11/20/09)
Purpose of the Executive Order to Reduce Improper
Payments
Comprehensive set of policies, including transparency
and public scrutiny
Identifying and eliminating the highest improper
payments
Accountability for reducing improper payments
Federal, State and Local Coordination
99
Improper Payments Executive Order Highlights
Establish a Senate Confirmed Accountable Official
for each Agency that has High Priority Programs
Focus on Improving ability to identify and recover
improper payments and to coordinate at the Federal,
State and Local level.
Establish an Internet-based public reporting of
improper payments
Establish and report on reduction targets
Establish working groups to recommend improving
the ability to detect / recovery IP through single audit
reporting, State and Local coordination, Data Sharing,
enhancing eligibility verification, prepayment scrutiny,
forensic accounting and auditing
1010
What does it mean for YOUR agency?
Increased Funding for Law Enforcement
Increased External Enforcement Activity
Increased Protection for Whistle-blowers
Significant Compensation for Whistle-blowers
Increased Transparency on Government Spending
Increased Federal Improper Payments Requirements
Uncovering Fraud, Waste and Abuse via the above initiatives may:
Point to internal control problems in your agency.
11
Enterprise-wide vs. Fraud Risk
Assessments
12
ERM Risk Assessment vs.
Fraud Risk Assessment
Enterprise Risk Management and Risk Assessments
Enterprise Risk Management (ERM)
- Operational, Financial, and Strategic Risks
- Fraud Risks can be found in all 3 areas
Enterprise-wide Risk Assessments
- Extensive process, tools and effort involved
Fraud usually makes the top 10 risks
Fraud Risk Management and Risk Assessments
Fraud Risk Assessment across the entire enterprise, or Fraud Risk Assessment of a specific business unit, location or
process
13
Fraud Risk Management
14
GAO Recommended Model for
Anti-Fraud Programs and Controls
15
KPMG’s Fraud Risk Management Methodology
Prevent fraud from occurring in the first place
Detect instances when they do occur
Respond take action when instances arise
We work with clients in their efforts to achieve
these objectives through the:
Assessment of needs based on the nature of fraud
and misconduct risks and existing controls
Design programs and controls in a manner consistent with legal and regulatory
criteria as well as industry practices
Implement programs and controls through assigning roles, building
competencies and deploying resources
Evaluate program & control design & operational effectiveness in achieving
objectives
16
Fraud Risk Management
Prevention
Detection
Response
Agency Leadership
OIG Internal Audit
Compliance and Monitoring Functions

Fraud and misconduct risk
assessment

Hotlines and whistleblower
mechanisms

Internal investigations and
investigative protocols

Code of conduct and related
standards

Auditing and monitoring

Enforcement and accountability
protocols

Retrospective forensic data
analysis

Disclosure protocols

Remedial action protocols

Employee and third-party due
diligence

Communication and training

Process-specific fraud risk controls

Proactive forensic data analysis
17
Model Fraud Risk Compliance Program
Report
Results
Risk
Assessment
Identify
Improvement
Needs
Remediation and
Corrective Action
Policies &
Standards
Measure
Results
Continuous
Improvement
Investigation
Auditing and
Monitoring
Implement
Programs and
Due Diligence
Controls
Define
Scorecard /
Metrics
Communication
and Training
18
Drivers and Benefits of Continuous Auditing and
Continuous Monitoring (CA/CM)
A number of drivers influence decisions to implement and refine an
organization’s CA/CM capability which benefits the organization in
various ways.
Transparency
Improve Risk
Management
Optimize Costs and
Improve Profitability
Monitor for
Potential Fraud and
Misconduct
Address Regulatory
Pressures
Accountability
Greater Efficiency
Improved Oversight
Enhanced Controls
Improved Forecasting
Timely Information
Reduced Complexity
Reduced Cost
Improved Performance
19
Fraud Risk Assessments
20
The GAO Improper Payments Executive Guide
discusses:
The Control Environment: Instilling a Culture of
Accountability
Risk Assessment: Determining the Extent and Nature of
the Problem
Control Activities: Taking Action to Address Identified
Risk Areas
Information and Communications: Using and Sharing
Knowledge to Manage Improper Payments
Monitoring: Tracking the Success of Improvement
Initiatives
21
Fraud Risk Management – KPMG White Paper
Fraud Risk Management
Developing a Strategy for
Prevention, Detection and Response
Richard H. Girgenti
National Practice Leader
KPMG Forensic
22
Fraud Risk Assessment Process
Step 1: Identify Business Units, Locations or Processes
to Assess
Step 2: Inventory and Categorize Fraud / Misconduct
Risks or Occurrences
Note: Not just the usual fraud – new potential risks
Step 3: Rate Risks Based on the Likelihood and
Significance of Occurrence
Step 4: Remediate Risks Through Control Optimization
23
Overall Risk Rating Table
(Adapted from the Australian/New Zealand Standard on Risk Management (AS/NZS:4360)
24
The Value of Risk Assessments
to Auditors
25
Case Example: WMATA OIG Department of Bus Services
(BUSV)
26
QUESTIONS?
27
Presenter’s contact details
Jack Reagan
Ken Jones
Leon Langford
KPMG, LLP
KPMG, LLP
WMATA
Partner
Director
Audit Supervisory
Audit
Fraud Risk Mgmt.
OIG – Audit
202-
267-495-6855
kennethjones@kpmg.com
Copyrights and Disclaimers may vary between applications. Please consult the GB&RC MicroWeb for
specific policies. http://www.gbmc.kworld.kpmg.com/BRC/resource/default.asp?getnode=339
Please delete this message prior to printing or presenting
The information contained herein [or insert the title of the presentation, report, or talkbook] is of a general nature and is not intended to address the circumstances of any particular
individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it
is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough
examination of the particular situation.
© (year) KPMG (member firm name if applicable), the (jurisdiction) member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in (country).
(Insert document code)
28
Related documents
SmartVista Product Development 2011
SmartVista Product Development 2011
WCMSRiskManagement
WCMSRiskManagement
Chapter Outlines
Chapter Outlines
A Closer Look at Fraud - Bank Card Insurance
A Closer Look at Fraud - Bank Card Insurance
Grant Fraud Prevention
Grant Fraud Prevention
Portfolio 1 Citizen
Portfolio 1 Citizen
Notes - College of Business
Notes - College of Business
Consumer Rights and Responsibilities
Consumer Rights and Responsibilities
slides
slides
Marubeni v Mongolia
Marubeni v Mongolia
Download