C3-2 Anti-Fraud and Compliance Controls · Anti-Fraud and Compliance Controls – ... In the Post-Sarbanes Oxley worldview ... • Company stakeholders have elevated expectations

Anti-Fraud and Compliance Controls –

The Critical Role of Internal Audit

Nick D’Ambrosio, DirectorForensicKPMG LLP; Houston

The Institute of Internal AuditorsSan Antonio Chapter 1st Annual I Love Audit Conference, February 13, 2015San Antonio

© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

1

Disclaimer

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

Restriction on Disclosure and Use of PowerPoint Version –The recipient agrees that the PowerPoint version of this presentation will only be used to present the content through a projection device during the live training session on February 13, 2015. The PowerPoint version (and related file) shall not be disclosed, used, or duplicated, in whole or in part, for any other purpose without KPMG LLP’s express written consent.


2

Agenda

1. Profile of the fraudster

2. Who is responsible for fraud prevention?

3. Role of internal audit in anti-fraud and compliance

Profile of the Fraudster


4

KPMG 2013 Survey – Global profile of the fraudster

• Age – 70% between the ages of 36 and 55

• Employment – 61% are employed by the victim organization.

Of these, 41% were employed there for more than 6 years

• Collusion – In 70% of frauds, the perpetrator colluded with others

• Type

The most prevalent fraud is misappropriation of assets (56%), of which embezzlement comprises 40% and procurement fraud makes up 27%

The second most prevalent fraud is revenue or assets gained by fraudulent or illegal acts (24%)


5

KPMG 2013 Survey – Global profile of the fraudster

• Duration

When fraudsters acted alone, 69% of frauds were perpetrated over one to five years.

When acting in collaboration, 74% of frauds were perpetrated over one to five years.

• Nature of transactions

93% of frauds were committed in multiple transactions.

For 42% of these frauds, the average value per individual transaction was between $1,000 and $50,000


6


7

Opportunist vs. Predator


8

Corruption Propensity by Industry

• In every industry, fraud tends to be shaped by the kind of opportunities for malfeasance.

Corruption was more prevalent in pharmaceuticals, financial services and energy & natural resources (ENR)

In the case of pharmaceuticals and financial services, this occurred despite the fact that organizations in these industries operate in a highly regulated environment.

• Fraud of choice

In financial services, pharmaceuticals, consumer and industrial markets, the most common fraud is embezzlement.

But in ENR, the public sector and information, communications & entertainment, the most common fraud is procurement.


9

The last guy or gal you’d expect …


10

Motives


11

The changing face of fraudsters

Out with the old …


12

Cyber Fraud

… in with the new.


13

Hackers are winning …


14

No company is safe …

Who is responsible for fraud prevention?


16

Traditional role of internal audit

A clear trend is that corporate stakeholders are placing increasing demands on internal audit to take on a more strategic and central role in compliance.


17

Thomson Reuters/Accelus – State of Internal Audit Survey 2014


18

In the Post-Sarbanes Oxley worldview ...

• Company stakeholders have elevated expectations about the ability of boards to reduce and eliminate fraud risk.

• In reality, fraud risk remains and will never be eliminated.

• Inevitable result is:

• Boards and Chief Audit Officers are looking for internal audit to close the gap.

Fraud Prevention Expectation Gap


19

PwC 2012 State of the Internal Audit Profession StudyAligning internal audit: Are you on the right floor?

53% of audit committee chairs, board members and senior management thought fraud and ethics risks were well managed ...

… only 35% of CAEs shared that sentiment.

Fraud Prevention Expectation Gap


20

Fraud and corruption mitigation - not my job …

• Professor Peter Tickner, City University Business School in London analysis indicated that:

“Top management was convinced that one of the key roles of their chief audit executive was to deal proactively with the risks around fraud and corruption whereas generally CAEs saw it as senior management’s problem and responsibility.”

While internal auditors are becoming more “fraud savvy” many continue to view their role as “purely identification of what senior management would rather not face up to.”

Role of internal audit in anti-fraud and compliance


22

Leveraging internal audit to narrowing the gap

• Internal audit needs to demonstrate its competence in fraud and corruption mitigation to maximize its credibility across the company and in the board room.

• The audit committee needs to:

Visibly support internal audits effort in fraud and corruption mitigation

If management fails to adequately respond to internal audit recommendations, intervene and send a strong message that IA’s role in fraud and corruption mitigation is important

Focus on incentive risks

Understand related party and non-routine transactions

Monitor efforts at fraud training

Assure personnel rotation

Be vigilant for undue pressures on management to “make the numbers”


23

Internal audit’s antifraud activities

• Assisting in planning and conducting evaluations of the design and operating effectiveness of antifraud programs and controls

• Assisting in the organization’s fraud risk assessment and helping draw conclusions as to appropriate mitigation strategies

• Considering the results of the fraud risk assessment when developing the annual internal audit plan

• Reporting to the audit committee on internal control assessments, audits, investigations, and related activities.


24

Internal audit’s expanding toolbox

• Using computer-assisted audit techniques including data mining to:

Proactively audit for misappropriation of assets and information misrepresentations

Detect particular types of fraud

Find unusual items

Perform detailed analysis of high-risk accounts and transactions to identify potential fraud

• Continuous monitoring

Contact Information

© 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

Nick D’AmbrosioKPMG LLP811 Main StreetHouston, TX 77002Phone: +1 (713) 319-2296Email: [email protected]

Documents

C3-2 Anti-Fraud and Compliance Controls · Anti-Fraud and Compliance Controls – ... In the Post-Sarbanes Oxley worldview ... • Company stakeholders have elevated expectations