BUSINESS WITH CONFIDENCE icaew.com
Financial Fraud - catalysts and controls
26 March 2013 The webinar will begin shortly…
BUSINESS WITH CONFIDENCE icaew.com
David Luijerink
Partner
KPMG Forensics
Steve Caine
Executive Director
Fraud Investigations & Disputes Services
Ernst & Young
Introduction
BUSINESS WITH CONFIDENCE icaew.com
Ask a question
• Participate in today’s webinar
– send us a question
BUSINESS WITH CONFIDENCE icaew.com
Financial Management Faculty
• Representing 7,634 members
• All the information you need in one place from £85pa
• Interactive Website
• Monthly magazine and quarterly reports providing CPD
• Electronic newsletter
• Events and networking opportunities
• Woman in Finance Network
• Thought Leadership
• Career Progression
Icaew.com/fmfac
BUSINESS WITH CONFIDENCE icaew.com
Steve Caine: Key controls to reduce fraud risk
Steve Caine
Executive Director
Fraud Investigations & Disputes Services
Ernst & Young
BUSINESS WITH CONFIDENCE icaew.com
Reference sources: overall control environment
• Principles based and not fraud specific
– COSO Framework (1992) and COSO ERM (2004)
– COCO Framework (1995)
– Turnbull Guidance (1999)
• Rules/compliance based and financial reporting
focussed
– SOX section 404
BUSINESS WITH CONFIDENCE icaew.com
Overview of a generic fraud risk management system
Risk
assessment
Develop policies,
procedures and
controls:
prevention and
detection
Effective
implementation to
embed policies,
procedures and
controls
Monitor,
review
and
improve
Gap analysis
Top level commitment to foster ethical culture and risk appetite
Proportionality to risks assessed, scale and nature of the business
BUSINESS WITH CONFIDENCE icaew.com
Importance of top level commitment
Pressure /incentive
Opportunity
Capability
Policies,
procedures
and controls
People, culture
and behaviours
e.g. Sales and profit targets
e.g. “I need to
meet these sales
and profit targets
because that all
that matters here”
Rationalisation
Source: Fraud Triangle attributed to Dr Donald R Cressey in Joseph T Wells’ Principles of Fraud Examination; introduced into professional literature in
AICPA Statement 99. Fraud Diamond developed by David T Wolfe and Dana R Hermanson.
BUSINESS WITH CONFIDENCE icaew.com
Quantified risk assessment model
Risk
score
Impact
2 4 6 8
Pro
ba
bilit
y
4 8 16 24 32
3 6 12 18 24
2 4 8 12 16
1 2 4 6 8
Probability score Likelihood Frequency
4 Very high Probable Commonplace
3 High Very possible Frequent event
2 Medium Possible Regular event
1 Low Remote Isolated
Impact score Low Medium High Very high
2 4 6 8
Governance Breach of policy £1m fine
Operational 1 day factory closure
Stakeholders Loss <£0.5 m sales
Employees
IT Any network closure
Finance Budget variance Loss < £0.5m funds Loss >£0.5 m funds Loss >£5m funds
Reputation Any adverse Press Employees named Directors named
BUSINESS WITH CONFIDENCE icaew.com
Risk mitigation
Diversion of OTV payments to private bank
accounts with loss > £5m – no mitigation
Control 1: monthly retrospective review by
CFO of all OTV payments > £100k
Control 2: independent approval of all OTV
payments > £100k
Control 3: independent actioning of all OTV
payments > £100k
Probability Impact Risk score
3 8 24
Probability Impact Risk score
4 8 32
Probability Impact Risk score
2 8 16
Probability Impact Risk score
1 8 8
BUSINESS WITH CONFIDENCE icaew.com
Features of good risk assessment
• Realistic
– Accepts fraud risk as the business reality
– Involves those who know what actually happens in the
business
• Rigorous
– Moves beyond platitudes about fraud risk and Identifies the
specific fraud schemes to which the business is exposed
– Requires mitigating policies, procedures and controls to
specifically respond to the identified fraud schemes
• Comprehensive
– Sufficient investment of senior time is made in the risk
assessment process
– External facilitation and challenge is used
BUSINESS WITH CONFIDENCE icaew.com
Common failings of fraud risk policies,
procedures and controls
• Relying on generic controls or controls as they currently exist
(tick box approach)
– The design usually needs to be fettled to deal with the
fraud schemes identified in the risk assessment
• Assuming they operate in a particular way
– Failing to monitor what the control owner actually does
• Underestimating the scope for the policy, procedure or control
to be rendered ineffective through:
– Collusion
– Management override
– The influence of personal fiefdoms
BUSINESS WITH CONFIDENCE icaew.com
Policies, procedures and controls need to be
relevant to the risks assessed ...but:
Segregation of duties
Delegation of authority
and authorisation
Access controls: assets, financial
& IT records, information
Rotate control ownership
Mandatory two week holidays
Whistleblowing
Surprise fraud audit
Recruitment vetting
Data analytics
Generic/traditional controls Specific (less familiar) controls
Prevent controls Detect controls
BUSINESS WITH CONFIDENCE icaew.com
Key controls: whistleblowing
Source: ACFE 2012 Global Fraud Study
BUSINESS WITH CONFIDENCE icaew.com
The future: forensically based data analytics
• Audit
– Sampling based, but
there is no representative
sample for fraud
– Materiality/reasonable
assurance, but crime is
revealed in the details
– Usually after the event
– Focussed on formal
financial controls not
behaviours
• Data analytics
– Can examine the entire
population against pre-
defined fraud risk criteria:
identifies all trends,
patterns and anomalies
– Real time and/or
retrospective
– Can reflect indicators of
specific fraud schemes
and behaviours
BUSINESS WITH CONFIDENCE icaew.com
Ask a question
Participate in today’s webinar –
send us a question
Click here to
see questions
BUSINESS WITH CONFIDENCE icaew.com
Questions and answers
Steve Caine
Executive Director
Fraud Investigations & Disputes Services
Ernst & Young
BUSINESS WITH CONFIDENCE icaew.com
Future webinars
Webinars
• 20 June – Cost management
• 26 June – Business performance management
• 3 October – Fresh look at budgeting
• January 2014 – Internal reporting
• March 2014 – Financial Strategy
BUSINESS WITH CONFIDENCE icaew.com
THANK YOU FOR ATTENDING
Contact the Financial Management Faculty .
+44 (0)20 7920 8508
icaew.com/fmfac
Please take the time to fill out our
short survey