Fraud Prevention Hanna C Quffa CPA, CFE Auditing vs. Fraud Examination Issue Auditing Fraud Examination Timing Recurring Nonrecurring Scope Objective Relationship General Opinion Nonadversarial Specific Affix blame Adversarial Methodology Audit techniques Presumption Professional skepticism Fraud examination techniques Proof Defining Occupational Fraud and Abuse The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets Elements of Fraud A material false statement Knowledge that the statement was false when it was uttered Reliance on the false statement by the victim Damages resulting from the victim’s reliance on the false statement Opportunity Fraud Triangle Pressure Rationalization Major areas of exposure corruption, which includes conflicts of interest, bribery (including kickbacks), illegal gifts, and economic extortion; misappropriation of assets, which includes skimming, larceny, and asset misuse; and financial statement fraud, which can include financial (either asset or revenue over- or understatements) and non-financial components Prevention VS Detection An ounce of prevention is better than a ton off treatment In order to prevent fraud there is a need to make your organization immune against fraud Reducing the risk of fraud The means to reduce risk Prevention Reduce the opportunity for Deterrence (punishment) Detection Detection of fraud is much more costly Responsibility of Fraud Prevention Management has the responsibility and means to implement measures to reduce the risk of fraud Good corporate governance reduces the risk Elements of prevention Create and Maintain a culture of honesty and high ethics Evaluate the risk and implement policies, procedures, and controls to mitigate the risk and reduce the opportunity Develop appropriate oversight processes Create a culture of honesty Setting the tone at the top Positive work place environment Hiring & promoting appropriate employees Training Conformation Discipline Setting the tone at the top Lead by example (words and actions) Management has to Behave Ethically Communicate it’s intolerance for dishonest and unethical behavior Employees must be treated equally with disregard to position Setting the tone at the top Set achievable financial goals (not to create undue pressure) Create a code of ethics and implement it The code of ethics should be clear, understandable and developed in a positive participatory manner Code of conduct The code of conduct should reflect the core values of the entity and guide employees in making appropriate decisions during their workday. The code of conduct might include such topics as ethics, confidentiality, conflicts of interest, intellectual property, sexual harassment, and fraud. Code of conduct Employees should be given the opportunity to help in development and updating of code of conduct to create ownership Employees should be encouraged to report violation of code or wrong doing A hotline (anonymous is preferred to avoid fear or retribution ) Positive work place environment wrongdoing occurs less frequently when employees have positive feelings about an entity than when they feel abused, threatened, or ignored Without a positive workplace environment, there are more opportunities for poor employee morale, which can affect an employee’s attitude about committing fraud against an entity Factors that detract from a positive work environment Top management that does not seem to care about or reward appropriate behavior Negative feedback and lack of recognition for job performance Perceived inequities in the organization Autocratic rather than participative management Factors that detract from a positive work environment cont. Low organizational loyalty or feelings of ownership Unreasonable budget expectations or other financial targets Fear of delivering “bad news” to supervisors and/or management Less-than-competitive compensation Poor training and promotion opportunities Lack of clear organizational responsibilities Poor communication practices or methods within the organization Factors that help create a good environment Recognition and reward systems that are in tandem with goals and Equal employment opportunities Team-oriented, collaborative decision-making policies Professionally administered compensation programs Professionally administered training programs at all organizational levels Career development A good HR Department is instrumental Hiring & promoting appropriate employees Hire the best sited for the job with integrity Equivalence of effort to reward Promotion biased on evaluation When people are under pressure and there is a perceived opportunity some people will behave dishonestly rather than face negative consequences of honest behavior Proactive hiring and promotion procedures Conducting background investigations on individuals being considered for employment or for promotion to a position of trust Thoroughly checking a candidate’s education, employment history, and personal references Periodic training of all employees about the entity’s values and code of conduct, (training is addressed in the following section) Incorporating into regular performance reviews an evaluation of how each individual has contributed to creating an appropriate workplace environment in line with the entity’s values and code of conduct Continuous objective evaluation of compliance with the entity’s values and code of conduct, with violations being addressed immediately Training New employees should be trained at the time of hiring about the entity’s values and its code of conduct. This training should explicitly cover expectations of all employees regarding Their duty to communicate certain matters; A list of the types of matters, including actual or suspected fraud, to be communicated along with specific examples; Information on how to communicate those matters. Training Cont. The training should be at the time of hiring as well as refresher training periodically Training should be specific to an employee’s level within the organization, geographic location, and assigned responsibilities. Confirmation Management needs to clearly articulate that all employees will be held accountable to act within the entity’s code of conduct. All employees within senior management and the finance function, as well as other employees in areas that might be exposed to unethical behavior (for example, procurement, sales and marketing) should be required to sign a code of conduct statement annually, at a minimum. Discipline The way an entity reacts to incidents of alleged or suspected fraud will send a strong deterrent message throughout the entity, helping to reduce the number of future occurrences. The consequences of committing fraud must be clearly communicated throughout the entity. Response to an alleged incident of fraud A thorough investigation of the incident should be conducted. Appropriate and consistent actions should be taken against violators. Relevant controls should be assessed and improved. Communication and training should occur to reinforce the entity’s values, code of conduct, and expectations. EVALUATING ANTIFRAUD PROCESSES AND CONTROLS Fraud can not occur without a perceived opportunity to commit and conceal the act. Organizations should be proactive in reducing fraud opportunities by (1) (2) (3) Identifying and measuring fraud risks, Taking steps to mitigate identified risks, and Implementing and monitoring appropriate preventive and detective internal controls and other deterrent measures. Internal Control Feed back Feed forward process process input C input output C output process input output C Controls Existence of a control even if non- operational can be a deterrent and act as a real control DEVELOPING AN APPROPRIATE OVERSIGHT PROCESS Audit Committee or Board of Directors Management Internal Auditors Independent Auditors Certified Fraud Examiners Audit Committee’s purpose To monitor compliance with laws Integrity of financials Asses external auditor qualifications & independence Follow up on internal audit Thank you