“Good” Fraud?
Transforming Risk into Opportunity
Jonny Frank
Fraud Risks & Controls
March 2010
PwC
Should We have Drunk Something Harder than Wine?
Recession Driven Incentives, Pressures and Opportunities
+
Ever Increasing Legal & Regulatory Requirements
+
New Professional Standards and Frameworks
+
Market and Management Expectations
=
INCREASED RISK
2
Should We be Drinking Champagne?
Maximize Revenue & Reduce Leaks
+
Cut Costs
+
Safeguard Assets
+
Protect Brand Value and Professional Reputation
+
Avoid Criminal, Civil and Legal Liability
+
Enhance Finance & Internal Audit Prestige
=
INCREASED OPPORTUNITY
3
Some Numbers to Consider…
• US government admits losing 10% of spending to fraud
• ACFE estimates that companies lose $1 trillion or 7% of revenue to misconduct
• PwC GECS survey
– 40% increase in fraud - - before the recession
– Controls paradox
• Economist Intelligence Unit survey revealed that 85% of companies detected
significant frauds over past 3 years
– Small companies - $8.2 million average loss
– Large companies - $23 million
– 10% suffer >$100 million
• Effective fraud management produces an 8:1 ROI for financial services industry
(Tower Group)
• US government realizes a $9.75:1 return on fraud management
4
Fraud Reporting Trends
Source: PwC Global Economic Crime survey, 2009
Source: ACFE report to the nation (US only), 2008
5
Fraud Detection Trends
Fraud Detection:
• Informal Tip offs are the most
likely source of detecting fraud
• Only 7% of frauds were
detected through formal
whistle-blowing procedures
• Internal audit remains another
key source for detecting frauds
• Fraud Risk Management
programs are becoming
increasingly effective in raising
fraud awareness and detecting
fraud
Source: PwC Global Economic Crime survey, 2009
6
Management Response Trends
Management Response:
• High reliance on internal audit
• Continued focus on control
environment
• Low emphasis on forensic technology
Internal Audit's Role in Assessing and Responding to Fraud Risk
7
Reported Fraud by Country or Region
Territories that
reported high
levels of fraud
(40% or more)
% of Companies
surveyed that
experienced a
fraud event in the
last 12 months
TICPI *
Score
Territories that
reported high
levels of fraud
(20% or less)
% of Companies
surveyed that
experienced a
fraud event in the
last 12 months
TICPI
Score
Russia
71%
2.1
Italy
19%
4.8
South Africa
62%
4.9
Sweden
19%
9.3
Kenya
57%
2.1
Singapore
18%
9.2
Canada
56%
8.7
India
18%
3.4
Mexico
51%
3.6
Indonesia
18%
2.6
Ukraine
45%
2.5
Switzerland
17%
9.0
UK
43%
7.7
Finland
17%
9.0
New Zealand
42%
9.3
Romania
16%
3.8
Australia
40%
8.7
Netherlands
15%
8.9
Turkey
15%
4.6
Hong Kong
13%
8.1
Japan
10%
7.3
Sources: PwC Global Economic Crime survey, 2009
and Transparency International
* the lower the score, the greater the prevalence of corruption in the country
8
Climate of Risk for Fraud and Waste
If Economic Downturn is the
“Perfect Storm” for Fraud and
Waste, will an Upturn be Even
More Perfect?
Incentives/Pressures
• Job security
• Bonus and other compensation
• Power & prestige
Rationalization
• Job dissatisfaction
• Family & health priorities
• “Everybody else” syndrome
• Self-denial about
consequences
• Belief that “I won’t get
caught”
Opportunity
• Reduced headcount,
travel restrictions and
other cost containment
measures
• Collusion
• Override
9
Creating Value While Meeting Standards: "Leakage” vs.
“Liability” Fraud
Revenue
Leakage
Misappropriation
of Assets
Expenditure
Leakage
Financial
Reporting &
Disclosure
Manipulation
Unauthorized
Receivables /
Acquisition of
Assets
Unauthorized
Expenses /
Disposal of
Assets
Good Fraud = Leakage related activities,
that when prevented or
detected early, leads to
improved financial results
Bad Fraud = Liability related activities,
that if not prevented, leads
to government sanctions,
and damage to brand value
and reputation of individual
members of the Board and
senior management
10
Leakage vs. Liability Risk: Revenue Leakage
Illustrations:
Revenue
Leakage
Misappropriation
of Assets
Expenditure
Leakage
Financial
Reporting &
Disclosure
Manipulation
Unauthorized
Receivables /
Acquisition of
Assets
Unauthorized
Expenses /
Disposal of
Assets
• Salesperson discounts price in return for
kickback
• Business leader runs parallel business
• Salesperson violates non-compete
clause after leaving company
• Salesperson enters side agreement with
customer unable to make payment,
ultimately resulting in write off of
receivable and/or debt
11
Leakage vs. Liability Risk: Misappropriation of Assets
Illustrations:
Revenue
Leakage
Misappropriation
of Assets
Expenditure
Leakage
Financial
Reporting &
Disclosure
Manipulation
Unauthorized
Receivables /
Acquisition of
Assets
Unauthorized
Expenses /
Disposal of
Assets
• Employee steals liquid assets
• Salesperson steals customer list for use
at a competitor
• Event planner receives 15%
“commission” on rooms
• HR employees puts shadow employee
on payroll
12
Leakage vs. Liability Risk: Expenditure Leakage
Illustrations:
Revenue
Leakage
Misappropriation
of Assets
Expenditure
Leakage
Financial
Reporting &
Disclosure
Manipulation
Unauthorized
Receivables /
Acquisition of
Assets
• Orders from fictitious vendor
• Kickbacks in return for allowing supplier
to inflate price
• Advertiser charges for advertising not
delivered
• Vendors/contractors charge for work not
performed
• “Double dips” on p-card and credit card
• Salesperson obtains reimbursement for
fictitious travel expenses
Unauthorized
Expenses /
Disposal of
Assets
13
Leakage vs. Liability Risk: Unauthorized Expenses / Disposal
of Assets
Revenue
Leakage
Financial
Reporting &
Disclosure
Manipulation
Illustrations:
• Payments to public officials for permits
• Payments to public officials for patents
• Gifts to public officials to evade taxes
Misappropriation
of Assets
Expenditure
Leakage
Unauthorized
Receivables /
Acquisition of
Assets
• Payments to agents to facilitate sales
• Illegal political contributions
Unauthorized
Expenses /
Disposal of
Assets
14
Leakage vs. Liability Risk: Unauthorized Receivables /
Acquisition of Assets
Revenue
Leakage
Illustrations:
Financial
Reporting &
Disclosure
Manipulation
• Overbilling customers
• Antitrust and restraint of trade
• Improperly obtaining rebates
Unauthorized
Receivables /
Acquisition of
Assets
Misappropriation
of Assets
• Marketing devices for off label
use
• False marketing statements
• Overcharging customers
Expenditure
Leakage
Unauthorized
Expenses /
Disposal of
Assets
15
Leakage vs. Liability Risk: Financial Reporting & Disclosure
Manipulation
Revenue
Leakage
Misappropriation
of Assets
Expenditure
Leakage
Financial
Reporting &
Disclosure
Manipulation
Illustrations:
• Improper revenue recognition
• Manipulation of significant management
estimates
Unauthorized
Receivables /
Acquisition of
Assets
Unauthorized
Expenses /
Disposal of
Assets
• Inconsistent or improper accounting of
intercompany transactions to improve
operating performance of business
units.
• Transactions with related parties on
non-arms length terms
• False statements in MD&A
• Deceptive marketing
16
So, What Steps are Organizations Taking to Maximize
Opportunities & Minimize Risk?
Control environment
Fraud event identification and risk assessment
•
•
•
•
Identity entity
level scheme
& scenario risks
Board oversight
Codes of ethics/conduct
Anonymous reporting
Other entity level activities
Incident response & remediation
Continuous
reassessment
•
•
•
•
Investigate
Perform root cause analysis
Search for other misconduct
Enhance controls
Assess
likelihood
& impact
Conduct self-assessment
at function & local business
unit levels
Develop a
risk response
Monitoring activities
Entity and business process level control activities
• Monitor fraud risk
factors & indicators
• Audit for ‘Red flags’
Develop new/
enhance
existing controls
Validate
operating
effectiveness
Evaluate
controls
design
People
Process
Build three lines of defense – business, finance and internal audit/compliance
Identify significant risks, evaluate vulnerability to collusion, monitor/audit for
red flags
Technology
Disaggregate schemes into key risk indicators, develop data analytics,
maximize available technology
17
Identifying and Responding to High Impact Risks &
Opportunities
Create
Inventory
Likelihood &
Significance
Factors &
Indicators
Design &
Operating
Effectiveness
Monitor
& Audit
18
The Future of Fraud Management is Advanced Data
Analytics and Forensic Technology
Significant on-line reporting with drilldown capabilities
19
Suggested Next Steps
Everybody:
• Play “Angels v. Demons” or host “A Perfect Crime Dinner”, and
• Contact me for Fraud Case Digest.
Practitioners:
• Assess how organization addresses fraud risk,
• High impact “good” and “bad” fraud risks, and
• Develop a strategy to identify, maximize and mitigate.
Students:
• Consider a career in fraud auditing or forensic accounting,
• Take specialized courses, e.g., Baruch Forensic Accounting
Certificate, and
• Consider fraud aspects of courses in traditional curriculum.
20
Questions & Discussion
21
Facilitator Contact & Biographical Information
Jonny J. Frank
jonny.frank@us.pwc.com
1.646.471.8590
Jonny Frank has over 30 years public and private sector experience and over 20 years university teaching experience in preventing,
detecting and investigating business irregularities. He is an award winning author of over 30 articles and book chapters, including the
IIA's Thurston Award for outstanding scholarship. Jonny earned his LLM from Yale Law School in 1983 and his JD from Boston College
Law School in 1980, where he ranked no.1 in a class of 250 and graduated summa cum laude.
Executive Assistant United States Attorney, Eastern District of New York
Jonny began his professional career as a Federal prosecutor in the early 1980s in the U.S. Department of Justice, where he served for
12 years. His prosecutorial career included investigating and prosecuting over 1,000 economic crimes cases involving Fortune 500
companies across every business sector. In the mid-1990s, the Justice Department appointed Jonny to serve as Special Counsel to the
New York City Mayoral Commission on Police Corruption. He also led trips to train former Soviet bloc prosecutors and judges on the
investigation of economic crime.
Co-founder, PwC Investigations
PwC recruited Jonny to join the firm as a partner in 1997 to help develop and lead the firm's investigations practice. Leveraging this
public sector experience, Jonny developed a global practice, focusing on investigation and remediation of fraud and corruption. Jonny
led over 1000 engagements during his five years as practice leader.
Founder, PwC Fraud Risks & Controls (FR&C)
Following Enron, PwC appointed Jonny to build and lead a practice devoted to prevention, detection, and remediation. The practice has
professionals in Africa, Canada, Central, Eastern & Western Europe, India, South America, and the United Kingdom.
In 2003, Jonny pioneered PwC's "scheme and scenario" fraud risk assessment framework, which the SEC, AICPA, IIA, and COSO
have embraced. FR&C have embedded this framework at numerous internal audit departments and finance functions, in addition to
using it on over 1500 PwC audits.
Jonny also developed a fraud auditing training methodology, comprised of classroom and on-the-job coaching. PwC applied this
methodology to train over 350 experienced audit managers to serve as fraud specialists on their engagements.
Yale School of Management, Fordham University, Brooklyn Law School
Simultaneous to his DOJ and PwC career, Jonny has taught for over 20 years at the professional school level. He serves as an Adjunct
Professor of Law at Fordham University Law School (1988 – present) (ranked no. 3 nationally in evening law programs) and previously
taught at Yale School of Management (Senior Faculty Fellow 2003 – 2006) and Brooklyn Law School (1089 – 2004).
pwc.com
The information contained in this document is for general guidance on matters of interest only. The application and impact of laws can vary widely based on
the specific facts involved. Given the changing nature of laws, rules and regulations, there may be omissions or inaccuracies in information contained in this
document. This document is provided with the understanding that the authors and publishers are not herein engaged in rendering legal, accounting, tax, or
other professional advice and services. It should not be used as a substitute for consultation with professional accounting, tax, legal or other competent
advisers. Before making any decision or taking any action, you should consult a PricewaterhouseCoopers professional.
While we have made every attempt to ensure that the information contained in this document has been obtained from reliable sources,
PricewaterhouseCoopers is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this
document is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without
warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no
event will PricewaterhouseCoopers, its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for
any decision made or action taken in reliance on the information in this document or for any consequential, special or similar damages, even if advised of the
possibility of such damages.
© 2009 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to
PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other
member firms of the network, each of which is a separate and independent legal entity. *connectedthinking is
trademark of PricewaterhouseCoopers LLP (US).
PwC