8/9/2019 Top10 Risk 2010

1/44

Top10 risk 2010

By: Gholamhossein Davani

NYSSCPA,IACPA,CFE,CAAA,

AIA,

May 2010

8/9/2019 Top10 Risk 2010

2/44

Corporate FraudCorporate fraud can cover a wide

range of issues, including,

commercial theft, corruption,misappropriation of trade

secrets/confidential information,procurement fraud

8/9/2019 Top10 Risk 2010

3/44

8/9/2019 Top10 Risk 2010

4/44

IMPACTImpact: Accountability Standards Raised

y Sarbanes-Oxley: US corporate reform law (public companies)

y Institute Internal Auditors proposed new governance standards

y Enhancing corporate control environment - strong ethicsculture- adopting mechanisms to permit reporting without

reprisal

8/9/2019 Top10 Risk 2010

5/44

Six Documents That Changed Audit Committee Charters

y 1987 The Report of the National Commission on Fraudulent Financial Reporting ,

better known as the Tread way report, prepared by the Committee of

Sponsoring Organizations (COSO).Those organizations were the AICPA, the

American Accounting Association, the Financial Executives Institute, the

Institute of Internal Auditors and the Institute of Management Accountants.

y 1988 The Macdonald Report , prepared by the Commission to Study the Public's

Expectations of Audits, formed by the Canadian Institute of CharteredAccountants.

y 1991 The Federal Deposit Insurance Corporation Improvement Act of 1991

(FDICIA), passed by the U.S. Congress in response to the savings and loan

scandals.

y 1992 Internal Control, Integrated Framework , published by COSO.

y 1993 In the Public Interest, A Special Report , by the Public Oversight Board (POB)

of the SEC practice section of the AICPA division for CPA firms (the 1993 POB

report).

y 1995 Directors,Management, and Auditors, Allies in Protecting ShareholderInterests , by

the POB (the 1995 POB report).

8/9/2019 Top10 Risk 2010

6/44

FRAUD HOTLINES

y FRAUD HOTLINES

Organizations with fraud hotlines cut their losses by

50% per scheme (Association of Certified FraudExaminers, 2002 Report to the Nation)

Advantages-include deterrence ( perception of

detection) and centralized reporting mechanism

Disadvantages- include nuisance calls and associated costs

8/9/2019 Top10 Risk 2010

7/44

Which are Top 10 Risk 2010y Risk management forms an integral part of the business planning

and review cycle. The companys risk and control policy is

designed to provide reasonable assurance that objectives are met

by integrating management control into the daily operations, by

ensuring compliance with legal requirements and by safeguardingthe integrity of the companys nancial reporting and its related

disclosures. It makes management responsible for identifying the

critical business risks and for the implementation oft-for-

purpose risk responses. Philips risk management approach is

embedded in the areas of corporate governance, Philips Business

Control Framework and Philips General Business Principles

8/9/2019 Top10 Risk 2010

8/44

Strategic change management

The upheaval of the past year and the desire to seize opportunities

during the recovery will make for a lot of changes, including

mergers, acquisitions, and divestitures. These shifts leave a lot of

room for controls to fall through the cracks and can create newliabilities

8/9/2019 Top10 Risk 2010

9/44

Capacity

Faced with uncertain demand, companies risk both over- and

understaffing. Timing capital expenditures, such as new

facilities or equipment, will also pose a challenge.

8/9/2019 Top10 Risk 2010

10/44

Incentive plans

Compensation is under extreme scrutiny in the wake of the

recession and could pose a risk for public companies.

8/9/2019 Top10 Risk 2010

11/44

Human resources

Layoffs have left many companies with skill gaps and possible

holes in their compliance structures.

8/9/2019 Top10 Risk 2010

12/44

Fraud

Widely thought to pick up (or be revealed) in down times,

fraud can be easier to commit at companies that are short-

staffed and under pressure, which would describe most

businesses today

8/9/2019 Top10 Risk 2010

13/44

Innovation/R&D

Companies that have cut back in this area during the downturn

risk falling behind their competitors.

8/9/2019 Top10 Risk 2010

14/44

Third-party relationships

The collapse of Lehman Brothers opened CFOs' eyes to just

how careful and far-reaching they need to be in evaluating

third parties.

Generally third parties are hole of fraud

8/9/2019 Top10 Risk 2010

15/44

Shared services

Under pressure to cut costs, finance executives are exploring

new locations for their back-office functions. These changes

can affect companies' control structures and processes.

8/9/2019 Top10 Risk 2010

16/44

Inflation/Deflation

Currency risk remains an open question for 2010.

8/9/2019 Top10 Risk 2010

17/44

Tax management

Recession-scarred states are looking to raise funds through new

taxes and stricter enforcement of existing tax laws.

8/9/2019 Top10 Risk 2010

18/44

Graphical RISKPROFILER

8/9/2019 Top10 Risk 2010

19/44

Four Step to follow Risk

Stage 1 - Risk and Issue Identification

Stage 2 - Evaluation and Planning

Stage 3 - Risk and Issue Management and Control

Stage 4 - Management Reporting

8/9/2019 Top10 Risk 2010

20/44

The main Task ofStage 2

I. confirm the project success criteria

II. prepare the risk breakdown structure (RBS)

III. identify and document potential areas of risk

IV. identify and document potential or known issues

V. allocate risk and issue owners

VI. assess the probability and potential impact of each risk

VII. assess the impact of each issueVIII. categorise both the risk and issue

8/9/2019 Top10 Risk 2010

21/44

The main Task ofStage 2I. prepare an approach to risk reduction containing the

mitigation strategies for the risk and specify the trigger, anevent or date that indicates the occurrence of the risk andthe need to initiate the contingency strategy

II. plan the contingency strategiesIII. prepare the Issue management strategies

IV. if appropriate determine any relationships between risks,other risks and issues

quantify the risks (optional)V. develop the risk and issue management plan for the project

phase

8/9/2019 Top10 Risk 2010

22/44

The main Task ofStage 3

I. initiate the mitigating strategies

II. monitor the activities at risk and invoke the contingency

strategies should the risk manifest itself

III. initiate the issue management strategiesIV. regularly reassess the risks and issues and their contingency

strategies

8/9/2019 Top10 Risk 2010

23/44

The main Task ofStage 4I. maintain and generate project objectives and success

criteria

II. generate the project Risk Matrix

III. generate risk reports as appropriate

IV. generate risk data sheets, either individually or for thewhole project

V. maintain the Risk and Issue Register

VI. maintain and publish MS PROJECT plans

VII. generate risk exposure graphs, both Monte Carlocumulative probability curves and time based riskexposure graphs.

8/9/2019 Top10 Risk 2010

24/44

Factors of perfect storm fraud

1-External auditors are primarily concerned about MATERIAL

fraud in the context of SOX 404 and financial statement

audits.

2-Controls related to SOX section 404 have often beendesigned to only prevent and detect MATERIAL fraud

because many companies have had their controls designed by

Big 4 auditors who are primarily trained to prevent and

detect MATERIAL fraud.

8/9/2019 Top10 Risk 2010

25/44

Factors of perfect storm fraud(2)

3-Segregation of duties is one of the primary means to prevent

fraud and there is little consensus about best practices related

to segregation of duties (SOD), even several years since SOX

went into effect.

4-SOD testing is primarily focused on system controls and is

driven by IT auditors.

5-Processes and testing of internal controls are well-

documented, leaving those wishing to commit fraud to know

which dark alleys to choose in order to commit fraud.

8/9/2019 Top10 Risk 2010

26/44

Factors of perfect storm fraud (3)

6-Most SOD testing fails to take into account process outside

the system and ways actualtheft can occur.

7-Many companies have implemented new ERP systems in the

past 10 years and ERP systems have been primarily

architected for efficiency, not with an internal controls focus.

8-ERP systems have primarily been implemented by those who

have little skills in the design or implementation of internal

controls.

8/9/2019 Top10 Risk 2010

27/44

8/9/2019 Top10 Risk 2010

28/44

Section 404 controls are designed to prevent MATERIAL

misstatement

In many cases, a companys internal controls over financial reporting

have been developed by a Big 4 firm other than their external

auditor. These controls have been designed to prevent MATERIAL

misstatements in a companys financial statements. For example, a

company we consulted with allowed their AP clerks to both entersuppliers and enter AP invoices against those suppliers. The

primary mitigating control, designed by a big 4 firm, for such

access was a review of a Final Payment Register and supporting

documentation for all checks over $30,000. This control was a

reasonable control to prevent MATERIAL fraud, but left the

company exposed to fraud below the $30,000 level.

8/9/2019 Top10 Risk 2010

29/44

What is Fraud Risk Analysis?

y Fraud risk analysis is an assessment process to determine the

likelihood of a fraud being committed, what can be done to

prevent it, and which that prevention technique is

commercial to undertake. Once the risk of losses from fraud

and actions to prevent that fraud have been identified,

controls based on a cost/benefit analysis they must

determine.

y Risk assessment identifies fraud risks and helps determine

what controls should be implemented. It is similar to finding

the biggest leaks and plugging them in the most commercial

manner.

8/9/2019 Top10 Risk 2010

30/44

Conducting a Fraud Risk Assessment

Seven actions or decisions are used to determine a level of risk, the likelihood of a loss,

possible controls, and the cost of implementing these controls. They apply to any type of

risk, not just the risk of loss from fraud. These are:

1. Determine what threats face the business, in the different areas of the business;

2. Estimate the likelihood of a loss occurring from each particular threat;3. Estimate the quantum of any loss from each particular threat;

4. Determine what control procedures could be applied to prevent or detect that

particular threat;

5. Estimate the costs of implementing and maintaining each control;

6. Decide whether the cost of a control is worth the benefit of having the control;

7. Implement controls where cost / benefit assessment is favorable or desirable.

8/9/2019 Top10 Risk 2010

31/44

Four general steps for Risk Fraud actions or

decisions

1. Identify the possible threats

2. Estimate the risk of that threat

occurring and the potential loss3. Identify potential controls

4. Conduct a cost / benefitanalysis

8/9/2019 Top10 Risk 2010

32/44

Whyfraud against organizations is a costlybusiness

problem

y Fraud Losses Reduce Net

Income $ for $

y If Profit Margin is 10%,

Revenues Must Increase by 10times Losses to Recover Affect

on Net Income

y Losses. $1 Million

y Revenue.$1 Billion

y Fraud Robs Income

Revenues $100 100%

Expenses 90 90%

Net Income $ 10 10%

Fraud 1

Remaining $ 9

To restore income to $10, need $10 more

dollars of revenue to generate $1 more dollar

of income.

8/9/2019 Top10 Risk 2010

33/44

Whyfraud against organizations is a costlybusiness

problem

y General Motors

y $436 Million Fraud

y Profit Margin = 10%

y $4.36 Billion in RevenuesNeeded

y At $20,000 per Car, 218,000

Cars

y Bank

y $100 Million Fraud

y Profit Margin = 10 %

y $1 Billion in RevenuesNeeded

y At $100 per year per

Checking Account, 10

Million New Accounts

8/9/2019 Top10 Risk 2010

34/44

Largest Bankruptcy Filings(1980 to Present)

from BankruptcyData.com

Company Assets(Billions)

When Filed

1. WorldCom $103.9 July 2002

2. Enron $63.4 Dec. 2001

3. Conseco $61.4 Dec. 20024. Texaco $35.9 April 1987

5. Financial Corp of America $33.9 Sept. 1988

6. Global Crossing $30.2 Jan. 2002

7. PG&E $29.8 April 2001

8. UAL $25.2 Dec. 2002

9. Adelphia $21.5 June 2002

10. MCorp $20.2 March 1989

8/9/2019 Top10 Risk 2010

35/44

How to integrate fraud topics into

accounting courses

y What is an assetWorldCom

y What are revenuesLincoln Savings & Loan

y What is an expenseTyco

y What is an entityEnron

y When is an auditor not independentWaste Management

y What is a reserveWaste Management

y What is a liabilityAdelphia

y Internal controlsfraud against organizations (Sumitomo, etc.)

y See the AICPA Fraud Education Integration Matrixhttp://www.aicpa.org/antifraud/educators_students/integrate_curriculum/framework_f

or_study/140.htm

8/9/2019 Top10 Risk 2010

36/44

Case Year Nature Named Parties Size State of Work

A 2003 Fraud by Executives AA $billions New York

B 2003 Fraud by Executives BB $2.8 billion Chicago

C 2003 Fraud by Executives CC $400 million Florida

D 2002 Hedge Fund Fraud DD $150 million Florida

E 2002 Fraud by Executives EE $2.8 billion Illinois

F 2001 Fraud by Vendor FF $210 million Texas

G 2001 Commodities Trading Fraud GG $2.6 billion New York/Tokyo

H 2001 Fraud by Executives HH $65 million Florida

I 2001 Fraud by Major

Stockholders

II $11 million Utah

J 2000 Fraud by Executives JJ $400 million Illinois

K 2000 Fraud by Executives KK $600 million Illinois

L 1999 Fraud by Customer LL $5 million Utah

M 1998 Fraud by Executives MM $95 million. Georgia

N 1998 Fraud by Executives NN $240 million Illinois

Cases in which Prof. Albrecht testified

8/9/2019 Top10 Risk 2010

37/44

37

Citigroup claimed the title of top global financial advisor for announced M&A transactions, advising on80 transactions valued at over US$340.7 billion in Q1 2006. This represented a 244% increase in dealvolume from the comparable time period last year. Goldman Sachs ranked second with US$337.5 billionin M&A activity while JPMorgan rounded out the top three with deals valued at US$274 billion.

(US$m)

1. Citigroup $340,671

2. Goldman Sachs $337,456

3. JP Morgan $274,0444. Lehman Brothers $265,4875. Merrill Lynch $224,3246. UBS $208,7247. Morgan Stanley $196,6308. Deustche Bank $165,5119. BNP $145,80910. Rothschild $133,20911. Credit Suisse $131,699

12. Evercore $120,16213. HSBC $114,20914. Lazard $95,86615. Rohatyn $89,43216. Calyon $72,20817. ABN AMRO $70,721

M&A

8/9/2019 Top10 Risk 2010

38/44

8/9/2019 Top10 Risk 2010

39/44

Fraud Experienced by survey respondents

by sector

8/9/2019 Top10 Risk 2010

40/44

2006 2007 2008 2009 2010

Asset

Price/Indebtedness

Asset

Price/Indebtedness

Asset Asset price collapse Further falls in asset

price

Chinese growth

slowing to

8/9/2019 Top10 Risk 2010

41/44

UK Bribery Act - New legislation

affectingUK business April 2010y Giving a bribe: offering, promising or giving an advantage,

financial or otherwise, to another person to bring about improperperformance or reward.

y Receiving a bribe: requesting, agreeing to or receiving anadvantage linked to an intended improper performance or reward.

y Bribing a private or public official: offering, promising or givingbribes directly/indirectly to a private or public official to obtain orretain business or a business advantage, intended to influence thedecision and gain an advantage.

y Negligently failing to prevent a bribe: a person* performing

services for the company bribes another person in connectionwith the business and those responsible for preventing bribery1,negligently fail to do so.

8/9/2019 Top10 Risk 2010

42/44

Dayarayan Auditing & Financial Services Firm42

Warren Buffett

Chairmans Letter to shares holders of Berkshire Hathaway

Financial instruments are time bombs and "financial weapons of mass destruction their

buyers and sellers, but the whole economic system.Large amounts of risk have become concentrated in the hands of relatively few

derivatives dealers ... which can trigger serious systemic problems . During the past 37

years, the company has delivered an average annual return of 22.6%. Since 1965 the

company's book value has gone up by 194,936%.

BBC News-Tuesday, 4 March, 2003

8/9/2019 Top10 Risk 2010

43/44

Dayarayan Auditing & Financial Services Firm43

Some Figures and Statistics

Global equity capital $51.2 trillion (Wikipedia: Reuters March

2007) $165 trillion "total traded securities" (Economist, 19/01/2008)

Global physical trade

Daily ForEx trade volume $3.2 Trillion (BIS 2007)Total Derivatives Nominal $516 trillion (BIS 2007)

Total Derivatives Value $11.1 trillion (BIS 2007)

Total Swaps Nominal $408 trillion, 79% of all derivatives

% Interest Rate Swaps 75 (BIS 2007)

8/9/2019 Top10 Risk 2010

44/44

Sources1-AuditNet: The Global Resource for Auditors - FraudArticle

www.auditnet.org/articles/JTH200810.htm

2- Current Trendsin Fraud and itsDetection

http://www.informaworld.com/smpp/content~content=a791772911&db=all

3- Climate change: sailing through the perfect storm

www.telegraph.co.uk/.../Climate-change-sailing-through-the-

perfect-storm.html