09/16/2009 Meeting - Fraud In A Downturn

Fraud in a DownturnA review of how fraud and other integrity risks affect business

September 16, 2009

Presented by Kristin Rivera PartnerPresented by Kristin Rivera, Partner

Agenda

Page

1 Introduction 12 Fraud and integrity risks 103 The strategy of the proactive organization 22

Section 1Introduction

Section 1 - Introduction

The landscape

• The economic downturn is changing the nature and scale of fraud and integrity risks that organizations face.

– The speed of change increases the opportunities to commit fraud. g

– More people will feel real pressure to ‘cross the line’ or to look the other way while others do so.

The receding economic tide has exposed more frauds that have been ongoing– The receding economic tide has exposed more frauds that have been ongoing while economic conditions were good.

– As the economy rebounds, companies will feel pressure to improve performance and this may also lead to inappropriate actionsand this may also lead to inappropriate actions

• Fraud and integrity are critical business issues—not just legal and compliance issues. p

• The regulatory pendulum has swung back to its post Enron position, and public sentiment against white collar crime is one of zero tolerance.

Fraud in a Downturn • A review of how fraud and other integrity risks affect business 2


The landscape

• How are fraud, corruption, abuse and other integrity threats changing during this period of economic decline?

• What are the fraud schemes that may emerge and the likely regulatory y g y g yresponse?

• What strategies are proactive organizations implementing to manage short-term risks but also enhance long-term stakeholder value?term risks but also enhance long-term stakeholder value?



The fraud triangle

Developed by Dr. Donald Cressey, the Fraud Triangle describes three conditions that are commonly found when fraud occurs.

Incentive/pressure

!Fraud risk

Opportunity Rationalization

The global economic decline is such that each of these three factors are heightened as never before.



The fraud triangle

Incentive/Pressure

As people lose their jobs pressures increase. Those still in employment

Incentive/pressure

increase. Those still in employment feel ever more threatened, the pressure to commit fraud will increase.

When someone’s livelihood rests on!

Fraud riskWhen someone s livelihood rests on obtaining a new order, some people will make the wrong choice while others will look the other way Opportunity Rationalization

Fraud risk

others will look the other way. pp y



The fraud triangle

Opportunity

The economic downturn is forcing an unprecedented pace of change. As

Incentive/pressure

unprecedented pace of change. As change happens, gaps in the control system can and will appear.

Checks and balances put in place to!

Fraud riskChecks and balances put in place to maintain control may be abandoned and procedures whose purpose was to detect anomalies may be suspended Opportunity Rationalization

Fraud risk

detect anomalies may be suspended. pp y



The fraud triangle

Rationalization

In difficult economic times the capacity for people to rationalize fraud and

Incentive/pressure

for people to rationalize fraud and corruption increases.

“The company is fundamentally sound if I have to cross the line to get us

!Fraud risk– if I have to cross the line to get us

through the next six months, so be it.”

Opportunity Rationalization

Fraud risk

pp y


Section 2Fraud and integrity risks

Section 2 - Fraud and integrity risks

Fraud and integrity risks

Given these circumstances, what are the likely effects on corporations, investors, regulators and government?

We believe board and audit committees should be asking themselves and key stakeholders the questions below…




1. How much are fraud and abuse losses in the supply chain and through revenue leakage costing your business?

– Fraud losses can run as high as 7% of revenue.1g

– Studies show that effective fraud management produces an 8:1 return on investment,2 and strong controls reduce fraud by at least 30%.3

1 Association of Certified Fraud Examiners 2008 Report to the Nation on Occupational Fraud and Abuse.2 Nelsestuen, Rodney, Enterprise Fraud Management in Financial Services: Restoring Confidence in an Uncertain World, Tower Group, September 2007.3 Kielstra, Paul, Global Fraud Survey, The Economist Intelligence Unit, 2008.




2. Is your organization at risk of DOJ, SEC or foreign government scrutiny for public and commercial bribery in the US or overseas?

– There remains significant opportunity within global organizations to engage in g y g g g gbribery via “consulting payments” in order to win new business.

– The anti-bribery provisions of the FCPA prohibits corrupt payments to foreign officials for the purpose of obtaining or keeping business.

– Regulators are prosecuting companies and their directors and officers for the inappropriate actions of business partners in the sales channel and supply chain such as distributors and sales agents.

– Many organizations face significant reputational, legal and financial risk from inadequate due diligence and monitoring controls in relation to business partners.




3. Is your organization at risk of breaching competition laws?

– The Justice Department and Federal Trade Commission levied fines totaling billions of dollars in 2008 related to the investigation and detection of anti-competitive cartel practices.

– The regulatory fines that can be levied for price fixing, bid rigging and market sharing can be up to 10% of turnover.




4. How robust are your controls in treasury and banking operations?

– When control environments weaken, rogue traders have the opportunity to operate undetected as they trade beyond the limit of their authority.

– As companies approach banking covenant breaches, the temptation to ‘massage’ the numbers provided to their banks will increase.

– As banks face pressure to control their own costs the resources available toAs banks face pressure to control their own costs, the resources available to counter this threat are constrained.




5. Is your organization at risk of significant data theft?

– Criminal organizations have for some time recognized the value of personal data, and while bank account details continue to have a black market value, there will be a significant risk of theft.

– Consider where you are holding personal information and how this data is controlled.

– Not enough is being done to address the risk of deliberate theft by criminal organizations working in collusion with permanent, short-term or temporary staff to infiltrate organizations and circumvent existing control systems.




6. How well does your organization employ data analytics to prevent and detect misconduct?

– Where senior managers have colluded with third parties to misrepresent financial ginformation and statements, fraud can be difficult to identify unless the company has robust internal controls and processes in place.

– Fraud and forensic technologists find that even fraud that is the result of collusion can cause data anomalies that companies can identify using data analytics.




7. Are you weakening your first line of defense?

– Operations and finance personnel are the first line of defense against fraud, corruption and abuse.

– Because the legal and internal audit functions are removed from the day-to-day business, it is not wise to rely on them as the principal line of defense.

– Downsizing unless carefully planned and managed skyrocketsDownsizing, unless carefully planned and managed, skyrockets misconduct risks.

– Downsizing can eliminate critical segregation of duties. The fear of being the one selected for downsizing can lead employees to engage in fraud to cover upselected for downsizing can lead employees to engage in fraud to cover up innocent mistakes.




8. If a crisis occurred, how well prepared are you to react?

– Companies need to be ‘investigation ready’, with policies in place regarding the conduct of investigations and knowledge of where data is stored and how it can be speedily retrieved.

– e-Discovery readiness is an increasingly critical component of litigation.

– Organizations are expected to conduct comprehensive root-cause analysis andOrganizations are expected to conduct comprehensive root-cause analysis and implement and monitor controls to prevent recurrence.


Section 3The strategy of the proactive organization

Section 3 - The strategy of the proactive organization

The PwC antifraud framework

Control environment• Board oversight• Codes of ethics/conduct• Anonymous reporting

Fraud event identification and risk assessment

Identify entity level scheme & scenario risks

Assess likelihood & impact

Conduct self-assessment at functional & local

• Other entry level activities

business unit levels Develop a risk response

ContinuousIncident response & remediation• Investigate• Perform root

cause analysis

Monitoring Activities• Monitor fraud risk

factors and indicators• Audit for ‘red flags’

Entity and business process level control activities

Develop new/enhance existing

Validate operating effectiveness

Evaluate control designs

Continuous reassessment

y• Search for

other misconduct• Enhance controls

existing controls

effectiveness designs

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) developed a model for evaluating internal controls. This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control. We have adapted the COSO framework to illustrate some of the key elements of a fraud and integrity risk control framework.


Section 3 - The strategy of the proactive organization

The PwC antifraud framework

Areas to consider

• Organizational tone

Management information• Management information

• Communication and training

• Risk identification• Risk identification

• Control linkage and evaluation

• Preventive controlsPreventive controls

• Monitoring and auditing

• Incident response and remediationp


About PwC Forensic servicesAbout PwC Forensic services

About PwC Forensic servicesAbout PwC Forensic services

Fraud Prevention and Detection Experience

• PwC is a leader in the prevention, investigation and remediation of fraud.

• We have invested over 100,000 hours researching common, sector- and market-specific misconduct h i l i f d l t ti t i i ti d i i l d tschemes involving fraudulent reporting, asset misappropriation, and criminal conduct.

• Our risks and controls professionals developed manuals detailing the mechanics, controls, risk indicators and detection procedures for hundreds of fraud scenarios, which are tailored to specific client needs and circumstances.

• Hundreds of companies have used our anti-fraud framework—which has been embraced by COSO, SEC, IIA, and the AICPA—to benchmark the effectiveness of efforts to guard against misconduct.

Contact Us

K i ti RiKristin [email protected]: (415) 498-6566


© 2009 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP (a Delaware limited liability partnership) or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.

Business

09/16/2009 Meeting - Fraud In A Downturn