david clements1.15201539

Financial Advisory Services

Saudi Aramco Shell Refinery Company - SASREF

Contractor Ethics and Fraud Workshop

1 June 2013

David Clements

Director Deloitte Forensic

2013 Deloitte Corporate Finance Limited. Private and confidential

2013 Deloitte Corporate Finance Limited - Private and confidential

Introduction to the Ethics & Fraud booklet

Defining Theft, Corruption and Bribery

Fraud Control

Whistleblower hotlines

Setting the Scene


The Ethics and Fraud Booklet


Ethics & Fraud Handbook Structure

1 Business Ethics

2 Information & Confidentiality

3 Fraud Awareness

4 Fraud Control Plan


Business Ethics

1

Corporate Values

Ethical Business Principles

2

Tone at the Top

Ethics Committee / Champion

3

Code of Business Conduct

Annual Declaration

4

Avoiding Conflict of Interest

Gifts & Hospitability

5

Ethics Training & Awareness

Reporting & Whistleblowing


What is Business Ethics

What does it mean to

act in an ethical manner?

To act honestly and fairly

To put companys interests

ahead of your personal

interests while doing

business of companys

behalf

To respect confidentiality of

the information you are

entrusted with

To safeguard reputation of

company

To comply with letter and

intent of the internal and

external mandates

Business Ethics are

commonly discussed in

relation to

Conflicts of interest

Release of confidential

information

Receiving gifts and

entertainment

Avoiding corrupt practices

Internal and external

communications


Business Ethics

Is this illegal (local and country laws)?

Does this contradict your policies?

Does this conflict with your values and culture?

Could this adversely impact any company stakeholders?

(customers, shareholder, employees, suppliers)

Would you feel concerned if this appeared as a newspaper

headline?

Could this impact your company if all employees did this?

Decision appears appropriate

No

No

No

No

No

Ye

s

No

Ye

sY

es

Ye

sY

es

Ye

s

S

T

O

P


Not everyone that we do business with is ethical.

Offers may be made to you:

some may be acceptable

others will not

You may be placed in a difficult position.

You need to develop judgment

Business Ethics


Confidential information should be kept secure at all times

Use approved hardware & systems to store and access your data

Ensure you have Non Disclosure Agreements with your business partners

Suspected loss of confidential information should be reported

Information and Confidentiality

Confidential Information

Educate and communicate to employees

that everyone has a duty to handle

information about the Company responsibly.

Intellectual Property

It is illegal to use another companys

intellectual property without the appropriate

licenses or permissions.

Bribery and corruption


Offering, giving, soliciting or accepting of an inducement or

reward, which may influence the action of any person.

That is, an individual receives a bribe as a reward or incentive

for action or inaction contrary to the proper conduct of his or her

duties, for the direct benefit of a third party.

Direct or indirect loss.

Bribery and Corruption

Bribery Definition


Bribery relates to the giving AND/OR receiving of bribes.

It is also the offering or promising of a bribe, or the requesting or agreeing to

receive not only actual payment / receipt.

Not only cash/money, it is any item of benefit.

Amounts are irrelevant, does not matter how small the amount, it is the

intention that counts.

Bribes can influence a person to either perform an action or not perform an

action.

Bribery and corruption adds up to 10% to the total cost of doing business

globally, and up to 25% to the cost of procurement contracts in developing

countries.



Dishonest activity in which a director, executive, manager, employee or contractor of

an entity acts contrary to the interests of the entity and abuses his/her position of trust

in order to achieve some personal gain or advantage for him or herself or for another

person or entity.

The concept of corruption also involves corrupt conduct by the entity, or a person

purporting to act on behalf of and in the interests of the entity, in order to secure some

form of improper advantage for the entity either directly or indirectly.

Corruption


Fraud definedTypes of fraud


A generally accepted definition is:

Dishonestly obtaining a benefit (causing harm) by deception or other means

This definition includes:

Theft.

Obtaining property, a financial advantage or any other benefit by deception.

Providing false or misleading information to the organisation.

Making, using or possessing forged or falsified documents.

Definition of Fraud

Fraud definedTypes of fraud


There are also in general three types of fraud:

Type 1 Wrongdoing perpetrated by an individual acting alone where the principal benefit goes to the individual

Type 2 Wrongdoing perpetrated by more than one individual acting collusively, where the principal benefit goes to the individuals or the organization

Type 3 Wrongdoing perpetrated by an outsider against the organization, where the principal benefit goes to the third party.

Fraud Defined


The wrongdoing can take the form of:

Fraudulent financial reporting

Misappropriation of assets

Corruption

Fraud Defined


Types of Fraud

Conflicts

of interestBribery

Illegal

gratuities

Cash

Theft

Securities

Fraudulent

disbursements

Non

financial

Corruption and

illegal activities

Asset

misappropriation

Fraudulent

statements

FinancialKickbacks

Skimming


Misappropriation of assets involves the theft of an entitys assets and is often perpetrated by

employees in relatively small and immaterial amounts. However, it can also involve management

who are usually more able to disguise or conceal misappropriations in ways that are difficult to

detect.

Misappropriation of assets can be accomplished in a variety of ways including:

Stealing money

Stealing physical assets or intellectual property

Causing an entity to pay for goods and services not received

Using an entitys assets for personal use

Types of Fraud Misappropriation of assets

Fraud definedTypes of contract and procurement fraud


Types of Contract and Procurement Fraud

Bid submission

scheme

Defective

Pricing

Scheme

Bid-rigging

scheme

Bid

suppression

scheme

Leakage of

information

Phantom bids

scheme

Bid rotation

scheme

Complementary

bids schemeContract and

Procurement Fraud

Accounting

Mischarges

Scheme

Conflict of

Interest

Fraud examples

TYCO

The U.S. DOJ investigation determined that among others, bribes were

Bribes were paid by Tyco Valves & Controls Middle East Inc. to employees

of four different state owned customers located in three Gulf countries

between 2003 and 2006.

The total amount of bribes paid to employees of these four companies

was reported by the DOJ to total $488,479. The $26 million fine assessed

against Tyco was a penalty for the global pattern of corruption in which it

was engaged for over 10 years, and $2.1 million of the total fine related to

Tycos crimes in the Arabian Gulf.

An Aramco technical specialist employees employment was terminated in2009 for violating Aramcos Conflict of Interest and Business Ethicspolicies by receiving bribes and kickbacks from various companies.

Fraud ExamplesCorruption and Illegal Activities


25

Bribery (KSA example)

An employee collaborated with three contractors, all registered with the employees company, to

intentionally overestimate change orders and purchase orders relating to a project whereby

contractors would pay him the value of the overpriced change of the order. He received

approximately SAR 24,870,990 which was 'laundered' through companies which he owned via

bank accounts and associate companies.

Kickbacks/ Illegal Gratuities (KSA examples)

An employee sought USD 1 per ton kickback from two suppliers of raw material through their

agent in KSA for supply to his employers company. He also sought USD 7000 from a potential

vendor to assist with registration process.

An employee from an inspection team asked for and received a laptop computer from one

supplier and a Samsung tablet from another supplier in order to approve their products.



26

Collusion and substitution of materials (KSA example)

A number of European valve suppliers to a KSA company colluded together to obtain cheaper

Chinese valves and passed them off as their own manufactured valves. The fraud included

falsifying certificates of authenticity and stamping the companies logos on the fake valves. The

fake valves were inferior to those approved by the end user, causing significant production

problems.

Substitution of materials (UAE example)

A supplier of specialist pipes to an oil production company fraudulently replaced approved pipes

with inferior pipes and attempted to pass them off as genuine by organising to have its logo

stamped on the fake pipes. The fraud was discovered when the thickness of the pipe was found

to be half the required measurement.



27

Fraudulent behaviour by contractor (UAE example)

A contractor to an oil production company entered into a 10 year contract to supply oil

production labour. The contract included an amount payable for the supply of food to the

contract employees as the oil company had no meal facilities.

Two years into the contract, the oil company built a restaurant facility which was used by the

contractors workforce at no cost to them. Although the contractor was aware of the change in

contract conditions it failed to notify the oil company and continued to receive the additional food

allowance for the remainder of the contract period.

Fraudulent behaviour by contractor (Overseas example)

A contractor was paid an hourly rate by a mining company for his workforce. A subsequent

investigation identified that the contractor was falsely reporting increased numbers of hours

worked by his staff. On a number of occasions timesheets showed that the same employee was

working in different areas of the mine site at the same time.



28

Cash Theft (KSA example)

An employee falsely claimed travel & accommodation expenses from his employer, when they

were paid for by vendors. He kept the money without declaring that he had not incurred any

expense.

Company U sold approximately 500 pipes (2000 tons) for SAR 2 million to a scrap yard. The

pipes were left over from a project and had previously been paid for by the project owner.

Company T also sold approximately 200 pipes for SAR 300,000 to a scrap yard from another

Saudi project where the pipes had previously been paid for by the project owner.

Theft of Non-Cash Assets (KSA example)

An employee was provided with confidential information from a number of tenderers during a

tendering process. He passed on other companies' confidential information to a company with

which he had a relationship via a work email. He also passed on confidential company

information to the same company.

Fraud ExamplesAsset Misappropriation


Multiple Frauds Over Two Years

The CEO had been previously advised by a staff member about the fraudster but he took no action.

A number of red flags were evident but were not followed up:

Manual manipulation of data

Unexplained expenses

Inappropriate relationships

Aggressive management

External complaints and concerns were ignored

Fraud ExamplesInternal Fraud


30

$1.6 Million Stolen Over 10 Months

The suspect held the position of IT manager and had responsibility for the organisations $10

million IT budget. He was not required to justify costs. The co-signatory to the purchase orders

had no idea what equipment/service he was authorising. There were a number of duplicate

services and pieces of equipment/consumables ordered in a short time frame.

The IT manager was able to use his administrator access to go into the accounts payable

system and delete entries. He was able to create a vendor file for his own company and three

other related companies without anyone else having line of sight over the process.

His team initially refused to assist investigators because he had built an environment where no

one in the team ever challenged his actions.

Senior management was unaware of what systems and processes he controlled.



Overseas collusion with an external party

An overseas company decided to build a manufacturing plant in India. Its Indian CFO was

involved in the purchase of land for the plant.

Unknown to the company, the CFO colluded with the seller of the land and the company paid

double the market rate for the land.

The deal was that the seller of the land, who was also a property developer, gave the CFO an

apartment in a new block he was building.

The matter only came to the attention of the company leadership because of a whistleblower in

the Indian business who knew of the collusion and had a subsequent falling out with the CFO.



Fraud detection and prevention


The most important objective in any fraud risk strategy is minimising opportunity.

This is achieved by the systematic application of internal controls which should be set out in a

Fraud Control Strategy.

Fraud Risk Strategy

Incentive/ Pressure

Fraud Risk

Triangle

Opportunity Rationalisation


Key Elements to an Effective Fraud Control Strategy

Fraud Control Plan

Fraud Control

Resources

Internal audit activity in control

of fraud

Investigation

Internal reporting and escalation

Disciplinary procedures

External reporting

Civil action for recovery of

losses

Review of internal controls

Insurance

Implementing a fraud detection

program

Role of the external auditor

Avenues for reporting

suspected fraud

Whistleblower protection

program

Senior management

commitment

Line management

accountability

Internal control

Assessing fraud risk

Communication &

awareness

Employment screening

Supplier and

customer vetting

Planning Prevention Detection Response


Detection of Economic Crime

of Economic Crime identified in a recent survey was detected by a

fraud risk management program which can also include:70%

Whistleblowing

Internal tip-off

Data analytics

/detection tools

External tip-off

Methods of Detection


The process is to identify how the fraudster/s could get these assets.

This will normally involve some brainstorming and workshops. It may also require mapping

the process to identify what and how controls would need to be circumvented.

History shows that is easier for insiders to commit fraud as they are already inside a number of

controls to prevent external fraud. But dont forget external fraud and collusion.

Also, most fraudsters tend to commit ongoing frauds. But dont forget the possibility of a

large one-off fraud which will be detected but will provide the fraudster with enough money

to leave immediately.

Entities should adopt a protocol for the systematic identification and management of potential fraud

and corruption risks having regard to the entitys characteristics and the jurisdiction and industry

sector in which it operates.

Fraud Risk Analysis


The most important element in any anti-fraud strategy is minimising opportunity for fraud. This is

achieved by the systematic application of internal controls which should be set out in a Fraud

Control Policy. These controls can include:

Senior management commitment and risk management

Core values and Code of Conduct

Responsibility

Investigation policy and zero tolerance

Whistleblowers Protection Policy

Training and education

Employment screening

Segregation of duties

Management information systems

External and internal audit

Fraud Control


Lifestyle changes

Rumours and complaints

Hostile reaction to routine enquiries

Significant after hours work

Failure to take annual leave

Changes in social relationships

Document deficiencies

Covering up inefficiencies

Increasing number of adjusting journal entries

Fraud Behavior Indicators


Most fraud are committed by or in collusion with internal staff

Organisational culture is a critical issue in preventing fraud

Proactive fraud risk scenario training and process mapping is essential in

identifying potential loopholes in systems and procedures

Staff selection and training is essential thorough pre-employment checking

and staff fraud awareness

Contractors need to be checked as thoroughly as staff

Lessons learned

Whistleblowing


A whistleblower program is an important element in detecting corrupt, illegal or other undesirable

conduct within an entity, and as such, is a necessary ingredient in achieving good corporate

governance.

Whistleblowing


Recognition of whistleblowers.

Anonymity and confidentiality of disclosure.

Protection from reprisal.

Right of redress.

Confidentiality of information.

Protection of the subject of the disclosure

Whistleblower Protection

Key principles of a typical policy

A typical whistleblower policy should:

Encourage and facilitate disclosures of improper conduct committed by staff, directors and

contractors.

Provide protection for:

Persons who make those disclosures

Persons who may suffer reprisals in relation to those disclosures

Provide for the proper investigation and disposition of the disclosures.

Whistleblower Protection


The biggest barrier to

effective fraud &

corruption control is

probably the belief

that it wouldnt happen here

A final thought

DAVID CLEMENTS

DIRECTOR DELOITTE FORENSIC

[email protected]

david clements1.15201539

Documents

business partners

business ethicswhat

confidential offering

business of companys

fraud workshop1

confidentialthe ethics

judgmentbusiness ethics

company stakeholders