david clements1.15201539
DESCRIPTION
fraud preventionTRANSCRIPT
-
Financial Advisory Services
Saudi Aramco Shell Refinery Company - SASREF
Contractor Ethics and Fraud Workshop
1 June 2013
David Clements
Director Deloitte Forensic
2013 Deloitte Corporate Finance Limited. Private and confidential
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Introduction to the Ethics & Fraud booklet
Defining Theft, Corruption and Bribery
Fraud Control
Whistleblower hotlines
Setting the Scene
-
2013 Deloitte Corporate Finance Limited - Private and confidential
The Ethics and Fraud Booklet
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Ethics & Fraud Handbook Structure
1 Business Ethics
2 Information & Confidentiality
3 Fraud Awareness
4 Fraud Control Plan
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Business Ethics
1
Corporate Values
Ethical Business Principles
2
Tone at the Top
Ethics Committee / Champion
3
Code of Business Conduct
Annual Declaration
4
Avoiding Conflict of Interest
Gifts & Hospitability
5
Ethics Training & Awareness
Reporting & Whistleblowing
-
2013 Deloitte Corporate Finance Limited - Private and confidential
What is Business Ethics
What does it mean to
act in an ethical manner?
To act honestly and fairly
To put companys interests
ahead of your personal
interests while doing
business of companys
behalf
To respect confidentiality of
the information you are
entrusted with
To safeguard reputation of
company
To comply with letter and
intent of the internal and
external mandates
Business Ethics are
commonly discussed in
relation to
Conflicts of interest
Release of confidential
information
Receiving gifts and
entertainment
Avoiding corrupt practices
Internal and external
communications
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Business Ethics
Is this illegal (local and country laws)?
Does this contradict your policies?
Does this conflict with your values and culture?
Could this adversely impact any company stakeholders?
(customers, shareholder, employees, suppliers)
Would you feel concerned if this appeared as a newspaper
headline?
Could this impact your company if all employees did this?
Decision appears appropriate
No
No
No
No
No
Ye
s
No
Ye
sY
es
Ye
sY
es
Ye
s
S
T
O
P
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Not everyone that we do business with is ethical.
Offers may be made to you:
some may be acceptable
others will not
You may be placed in a difficult position.
You need to develop judgment
Business Ethics
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Confidential information should be kept secure at all times
Use approved hardware & systems to store and access your data
Ensure you have Non Disclosure Agreements with your business partners
Suspected loss of confidential information should be reported
Information and Confidentiality
Confidential Information
Educate and communicate to employees
that everyone has a duty to handle
information about the Company responsibly.
Intellectual Property
It is illegal to use another companys
intellectual property without the appropriate
licenses or permissions.
-
Bribery and corruption
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Offering, giving, soliciting or accepting of an inducement or
reward, which may influence the action of any person.
That is, an individual receives a bribe as a reward or incentive
for action or inaction contrary to the proper conduct of his or her
duties, for the direct benefit of a third party.
Direct or indirect loss.
Bribery and Corruption
Bribery Definition
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Bribery relates to the giving AND/OR receiving of bribes.
It is also the offering or promising of a bribe, or the requesting or agreeing to
receive not only actual payment / receipt.
Not only cash/money, it is any item of benefit.
Amounts are irrelevant, does not matter how small the amount, it is the
intention that counts.
Bribes can influence a person to either perform an action or not perform an
action.
Bribery and corruption adds up to 10% to the total cost of doing business
globally, and up to 25% to the cost of procurement contracts in developing
countries.
Bribery and Corruption
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Dishonest activity in which a director, executive, manager, employee or contractor of
an entity acts contrary to the interests of the entity and abuses his/her position of trust
in order to achieve some personal gain or advantage for him or herself or for another
person or entity.
The concept of corruption also involves corrupt conduct by the entity, or a person
purporting to act on behalf of and in the interests of the entity, in order to secure some
form of improper advantage for the entity either directly or indirectly.
Corruption
Bribery and Corruption
-
Fraud definedTypes of fraud
-
2013 Deloitte Corporate Finance Limited - Private and confidential
A generally accepted definition is:
Dishonestly obtaining a benefit (causing harm) by deception or other means
This definition includes:
Theft.
Obtaining property, a financial advantage or any other benefit by deception.
Providing false or misleading information to the organisation.
Making, using or possessing forged or falsified documents.
Definition of Fraud
-
Fraud definedTypes of fraud
-
2013 Deloitte Corporate Finance Limited - Private and confidential
There are also in general three types of fraud:
Type 1 Wrongdoing perpetrated by an individual acting alone where the principal benefit goes to the individual
Type 2 Wrongdoing perpetrated by more than one individual acting collusively, where the principal benefit goes to the individuals or the organization
Type 3 Wrongdoing perpetrated by an outsider against the organization, where the principal benefit goes to the third party.
Fraud Defined
-
2013 Deloitte Corporate Finance Limited - Private and confidential
The wrongdoing can take the form of:
Fraudulent financial reporting
Misappropriation of assets
Corruption
Fraud Defined
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Types of Fraud
Conflicts
of interestBribery
Illegal
gratuities
Cash
Theft
Securities
Fraudulent
disbursements
Non
financial
Corruption and
illegal activities
Asset
misappropriation
Fraudulent
statements
FinancialKickbacks
Skimming
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Misappropriation of assets involves the theft of an entitys assets and is often perpetrated by
employees in relatively small and immaterial amounts. However, it can also involve management
who are usually more able to disguise or conceal misappropriations in ways that are difficult to
detect.
Misappropriation of assets can be accomplished in a variety of ways including:
Stealing money
Stealing physical assets or intellectual property
Causing an entity to pay for goods and services not received
Using an entitys assets for personal use
Types of Fraud Misappropriation of assets
-
Fraud definedTypes of contract and procurement fraud
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Types of Contract and Procurement Fraud
Bid submission
scheme
Defective
Pricing
Scheme
Bid-rigging
scheme
Bid
suppression
scheme
Leakage of
information
Phantom bids
scheme
Bid rotation
scheme
Complementary
bids schemeContract and
Procurement Fraud
Accounting
Mischarges
Scheme
Conflict of
Interest
-
Fraud examples
-
TYCO
The U.S. DOJ investigation determined that among others, bribes were
Bribes were paid by Tyco Valves & Controls Middle East Inc. to employees
of four different state owned customers located in three Gulf countries
between 2003 and 2006.
The total amount of bribes paid to employees of these four companies
was reported by the DOJ to total $488,479. The $26 million fine assessed
against Tyco was a penalty for the global pattern of corruption in which it
was engaged for over 10 years, and $2.1 million of the total fine related to
Tycos crimes in the Arabian Gulf.
An Aramco technical specialist employees employment was terminated in2009 for violating Aramcos Conflict of Interest and Business Ethicspolicies by receiving bribes and kickbacks from various companies.
Fraud ExamplesCorruption and Illegal Activities
2013 Deloitte Corporate Finance Limited. Private and confidential
-
25
Bribery (KSA example)
An employee collaborated with three contractors, all registered with the employees company, to
intentionally overestimate change orders and purchase orders relating to a project whereby
contractors would pay him the value of the overpriced change of the order. He received
approximately SAR 24,870,990 which was 'laundered' through companies which he owned via
bank accounts and associate companies.
Kickbacks/ Illegal Gratuities (KSA examples)
An employee sought USD 1 per ton kickback from two suppliers of raw material through their
agent in KSA for supply to his employers company. He also sought USD 7000 from a potential
vendor to assist with registration process.
An employee from an inspection team asked for and received a laptop computer from one
supplier and a Samsung tablet from another supplier in order to approve their products.
Fraud ExamplesCorruption and Illegal Activities
2013 Deloitte Corporate Finance Limited. Private and confidential
-
26
Collusion and substitution of materials (KSA example)
A number of European valve suppliers to a KSA company colluded together to obtain cheaper
Chinese valves and passed them off as their own manufactured valves. The fraud included
falsifying certificates of authenticity and stamping the companies logos on the fake valves. The
fake valves were inferior to those approved by the end user, causing significant production
problems.
Substitution of materials (UAE example)
A supplier of specialist pipes to an oil production company fraudulently replaced approved pipes
with inferior pipes and attempted to pass them off as genuine by organising to have its logo
stamped on the fake pipes. The fraud was discovered when the thickness of the pipe was found
to be half the required measurement.
Fraud ExamplesCorruption and Illegal Activities
2013 Deloitte Corporate Finance Limited. Private and confidential
-
27
Fraudulent behaviour by contractor (UAE example)
A contractor to an oil production company entered into a 10 year contract to supply oil
production labour. The contract included an amount payable for the supply of food to the
contract employees as the oil company had no meal facilities.
Two years into the contract, the oil company built a restaurant facility which was used by the
contractors workforce at no cost to them. Although the contractor was aware of the change in
contract conditions it failed to notify the oil company and continued to receive the additional food
allowance for the remainder of the contract period.
Fraudulent behaviour by contractor (Overseas example)
A contractor was paid an hourly rate by a mining company for his workforce. A subsequent
investigation identified that the contractor was falsely reporting increased numbers of hours
worked by his staff. On a number of occasions timesheets showed that the same employee was
working in different areas of the mine site at the same time.
Fraud ExamplesCorruption and Illegal Activities
2013 Deloitte Corporate Finance Limited. Private and confidential
-
28
Cash Theft (KSA example)
An employee falsely claimed travel & accommodation expenses from his employer, when they
were paid for by vendors. He kept the money without declaring that he had not incurred any
expense.
Company U sold approximately 500 pipes (2000 tons) for SAR 2 million to a scrap yard. The
pipes were left over from a project and had previously been paid for by the project owner.
Company T also sold approximately 200 pipes for SAR 300,000 to a scrap yard from another
Saudi project where the pipes had previously been paid for by the project owner.
Theft of Non-Cash Assets (KSA example)
An employee was provided with confidential information from a number of tenderers during a
tendering process. He passed on other companies' confidential information to a company with
which he had a relationship via a work email. He also passed on confidential company
information to the same company.
Fraud ExamplesAsset Misappropriation
2013 Deloitte Corporate Finance Limited. Private and confidential
-
Multiple Frauds Over Two Years
The CEO had been previously advised by a staff member about the fraudster but he took no action.
A number of red flags were evident but were not followed up:
Manual manipulation of data
Unexplained expenses
Inappropriate relationships
Aggressive management
External complaints and concerns were ignored
Fraud ExamplesInternal Fraud
2013 Deloitte Corporate Finance Limited. Private and confidential
-
30
$1.6 Million Stolen Over 10 Months
The suspect held the position of IT manager and had responsibility for the organisations $10
million IT budget. He was not required to justify costs. The co-signatory to the purchase orders
had no idea what equipment/service he was authorising. There were a number of duplicate
services and pieces of equipment/consumables ordered in a short time frame.
The IT manager was able to use his administrator access to go into the accounts payable
system and delete entries. He was able to create a vendor file for his own company and three
other related companies without anyone else having line of sight over the process.
His team initially refused to assist investigators because he had built an environment where no
one in the team ever challenged his actions.
Senior management was unaware of what systems and processes he controlled.
Fraud ExamplesInternal Fraud
2013 Deloitte Corporate Finance Limited. Private and confidential
-
Overseas collusion with an external party
An overseas company decided to build a manufacturing plant in India. Its Indian CFO was
involved in the purchase of land for the plant.
Unknown to the company, the CFO colluded with the seller of the land and the company paid
double the market rate for the land.
The deal was that the seller of the land, who was also a property developer, gave the CFO an
apartment in a new block he was building.
The matter only came to the attention of the company leadership because of a whistleblower in
the Indian business who knew of the collusion and had a subsequent falling out with the CFO.
Fraud ExamplesInternal Fraud
2013 Deloitte Corporate Finance Limited. Private and confidential
-
Fraud detection and prevention
-
2013 Deloitte Corporate Finance Limited - Private and confidential
The most important objective in any fraud risk strategy is minimising opportunity.
This is achieved by the systematic application of internal controls which should be set out in a
Fraud Control Strategy.
Fraud Risk Strategy
Incentive/ Pressure
Fraud Risk
Triangle
Opportunity Rationalisation
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Key Elements to an Effective Fraud Control Strategy
Fraud Control Plan
Fraud Control
Resources
Internal audit activity in control
of fraud
Investigation
Internal reporting and escalation
Disciplinary procedures
External reporting
Civil action for recovery of
losses
Review of internal controls
Insurance
Implementing a fraud detection
program
Role of the external auditor
Avenues for reporting
suspected fraud
Whistleblower protection
program
Senior management
commitment
Line management
accountability
Internal control
Assessing fraud risk
Communication &
awareness
Employment screening
Supplier and
customer vetting
Planning Prevention Detection Response
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Detection of Economic Crime
of Economic Crime identified in a recent survey was detected by a
fraud risk management program which can also include:70%
Whistleblowing
Internal tip-off
Data analytics
/detection tools
External tip-off
Methods of Detection
-
2013 Deloitte Corporate Finance Limited - Private and confidential
The process is to identify how the fraudster/s could get these assets.
This will normally involve some brainstorming and workshops. It may also require mapping
the process to identify what and how controls would need to be circumvented.
History shows that is easier for insiders to commit fraud as they are already inside a number of
controls to prevent external fraud. But dont forget external fraud and collusion.
Also, most fraudsters tend to commit ongoing frauds. But dont forget the possibility of a
large one-off fraud which will be detected but will provide the fraudster with enough money
to leave immediately.
Entities should adopt a protocol for the systematic identification and management of potential fraud
and corruption risks having regard to the entitys characteristics and the jurisdiction and industry
sector in which it operates.
Fraud Risk Analysis
-
2013 Deloitte Corporate Finance Limited - Private and confidential
The most important element in any anti-fraud strategy is minimising opportunity for fraud. This is
achieved by the systematic application of internal controls which should be set out in a Fraud
Control Policy. These controls can include:
Senior management commitment and risk management
Core values and Code of Conduct
Responsibility
Investigation policy and zero tolerance
Whistleblowers Protection Policy
Training and education
Employment screening
Segregation of duties
Management information systems
External and internal audit
Fraud Control
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Lifestyle changes
Rumours and complaints
Hostile reaction to routine enquiries
Significant after hours work
Failure to take annual leave
Changes in social relationships
Document deficiencies
Covering up inefficiencies
Increasing number of adjusting journal entries
Fraud Behavior Indicators
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Most fraud are committed by or in collusion with internal staff
Organisational culture is a critical issue in preventing fraud
Proactive fraud risk scenario training and process mapping is essential in
identifying potential loopholes in systems and procedures
Staff selection and training is essential thorough pre-employment checking
and staff fraud awareness
Contractors need to be checked as thoroughly as staff
Lessons learned
-
Whistleblowing
-
2013 Deloitte Corporate Finance Limited - Private and confidential
A whistleblower program is an important element in detecting corrupt, illegal or other undesirable
conduct within an entity, and as such, is a necessary ingredient in achieving good corporate
governance.
Whistleblowing
-
2013 Deloitte Corporate Finance Limited - Private and confidential
Recognition of whistleblowers.
Anonymity and confidentiality of disclosure.
Protection from reprisal.
Right of redress.
Confidentiality of information.
Protection of the subject of the disclosure
Whistleblower Protection
Key principles of a typical policy
-
A typical whistleblower policy should:
Encourage and facilitate disclosures of improper conduct committed by staff, directors and
contractors.
Provide protection for:
Persons who make those disclosures
Persons who may suffer reprisals in relation to those disclosures
Provide for the proper investigation and disposition of the disclosures.
Whistleblower Protection
2013 Deloitte Corporate Finance Limited. Private and confidential
-
The biggest barrier to
effective fraud &
corruption control is
probably the belief
that it wouldnt happen here
A final thought
-
DAVID CLEMENTS
DIRECTOR DELOITTE FORENSIC