FRAUD RISK MANAGEMENT.

AN INTERNAL AUDIT PERSPECTIVE

1

2

3

FRAUD DEFINITION :

Fraud : Any intentional act committed to secure an unfair or unlawful gain and falls under the following categories of risk which can undermine a company’s reputation for integrity:• Fraudulent financial reporting (e.g., improper revenue recognition, overstatement of assets, understatement of liabilities)• Misappropriation of assets (e.g., embezzlement, payroll fraud, external theft, procurement fraud, royalty fraud, counterfeiting)

4

• Revenue or assets gained by fraudulent or illegal acts (e.g., over-billing customers, deceptive sales practices, accelerated revenue, bogus revenue)• Expenses or liabilities avoided by fraudulent or illegal acts (e.g., tax fraud, wage and hour abuses, falsifying compliance data provided to regulators)• Expenses or liabilities incurred for fraudulent or illegal acts (e.g., commercial or public bribery, kickbacks)• Other misconduct (e.g., conflicts of interest, insider trading, discrimination, theft of competitor trade secrets)

5

•Fraud is one of the key risks that needs to be managed as a threat to businesses but has been the “corporate F word” since it rarely appears in management best sellers ,graduate courses or as part of management training and consultancy .Business is awash with “best practice” on generating and maximizing profits ,but lacking in knowledge of how to minimize and manage losses . •The practice of fraud risk management includes fraud prevention, deterrence ,disruption ,reporting ,detection ,examination ,investigation ,enforcement and recovery .

The Fraud triangle

6

7

Fraud triangle term definitions :Incentive/Pressure : This refers to the

encouragement to commit fraud e.g. Excessively high targets ,gambling

debts ,shylock debts ,etc.

Opportunity : This refers to the chance for a fraudster to commit fraud, e.g. due to weak

controls and oversights on the part of management.

Rationalization : Where a fraudster tries to justify the risk worthiness of the fraud that

they are committing.

This three pronged approach has long been a useful tool for auditors seeking to manage and understand fraud risks and has formally been

adopted by the auditing profession.

8

Considering an Additional dimension to the fraud triangle :

Capability : Referring to personal traits and abilities which may play a major role in facilitating the other three fraud elements .

There are several essential traits to committing a fraud namely ; Organizational position ,Level of intelligence and experience ,ability to coerce and motivation for power.

9

FRAUD RISK MANAGEMENT :

Key objectives : Prevention, Detection, ResponseAn effective, business-driven fraud risk management approach encompasses controls that have the following objectives:• Prevent. Reduce the risk of fraud and misconduct from occurring.• Detect. Discover fraud and misconduct when it occurs.• Disruption : Ensures the fraudsters are always under pressure and on the move• Respond. Take corrective action and remedy the harm caused by fraud or Misconduct.

10

INTERNAL AUDITS ROLE AS REGARDS THE FRAUD TRIANGLE.

(REVIEW ADEQUACY OF THE CONTROL FRAMEWORK)

11

Internal audits role in Fraud risk management•Review & critique management’s fraud risk assessment• Support management’s construction of an auditable fraud risk management programme / fraud strategy• Central to shaping the debate on fraud• Fraud Auditing – address residual risk and detection• Report instances of fraud to management and/or the Audit Committee• Directing or supporting remediation efforts• Regular status reporting to the Audit Committee

12

Continuation (role of internal audit) .

•Facilitating fraud and reputation-risk assessments at the corporate, management-unit and business-process levels•Assisting the fraud risk ownership structure in Linking (and documenting) antifraud control activities to identified fraud risks.• Evaluating and testing the design and operating effectiveness of antifraud programmes and controls.• Supporting investigations into alleged or suspected fraud or other misconduct.

13

Strategies for the management of fraud risk :

Strategies for the management of fraud risk can be divided into two levels :

• Entity level : Deals with the attitudes ,actions and tone set at the “top” in the acceptance of the significance of the fraud risk .• Process level : Involves the functional level departments ownership and execution of fraud risk management initiatives.

14

Entity level Fraud risk management strategies (Senior Management role) :

1.Develop an integrated strategy for fraud prevention and control .2.Develop and ownership structure which cascades downwards throughout the organization and which promotes proper risk management ,governance and control practices .3.Introduce a fraud policy statement .4.Introduce an ethics policy .5.Introduce a whistle blowing policy .6.Introduce a reporting “hotline”.7.Develop appropriate information and communication systems for monitoring purposes.

15

8. Actively promote the policies throughout the organization.

9. Establish a sound control environment.

Process level Fraud risk management (Role of functional/process managers) :

1. Establish sound control activities and control procedures.

2. Ensure that there is an adequate and overall fraud education ,training and awareness programme on all the fraud management initiatives approved by management.

3. Introduce a fraud response plan ,as an integral element of organizational contingency planning.

16

4. Constantly review all policies and procedures .

5. Constantly monitor adherence to controls and procedures.

6. Establish a ‘learn from experience group ‘ and ‘fraud risk assessment sessions’ to determine whether the bank is adequately dealing with current and potential frauds so as to reduce or eliminate their risk.

17

Common Mistakes and beliefs organizations and staff make thus facilitating fraud risk.

• The control framework alone can reduce the probability of fraud occurring .Fraud occurrence is mainly determined by the motivation of a fraudster finding an opportunity and exploiting it.• The responsibility of fraud risk management depends entirely on management .• Major change initiatives being executed without proper risk assessments . • Functional management not cascading fraud awareness and training information to the staff members that they are responsible for .

18

Conclusion : • Fraud risk management is the responsibility of all members of staff and utmost involvement in initiatives meant to reduce such risks should be embraced positively.