Forensic Audit Building a World Class Program · Procedures Interviewing Analysis of Financial Transactions CAATs ACL / IDEA software Continuous Controls Monitoring Event-Driven CAATs

1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Forensic AuditBuilding a World Class ProgramPAUL E. ZIKMUND

DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT


In response to a crisisConcern from the Board or Audit CommitteeExternal Auditors or Consultant’s recommendationsSarbanes OxleyBenchmarkingInternal need to enhance existing antifraud programs and controlsIncrease in fraud casesTarget of external investigationCentralized function to address fraud risk management programs and controls

Why the Need for Forensic Audit Program


Recipe for Success

Sponsorship

Staffing

Execution & Results

Building the Network

ROI


Organizational policies and proceduresHotlineEthics and Compliance programsCode of ConductExecutive sponsorshipVisibility to Board/Audit CommitteeEngagement by Business Segments/OpCo’sRespect from Legal & Human ResourcesClear understanding of roles and responsibilitiesAssignment of costs

Sponsorship & Support


Proper background and experienceRecruit internally and externallyCombined set of skills (CFE, CIA, CPA, M.B.A.)Invest in trainingPrevious corporate investigative experience a plusLaw enforcement versus auditingProper headcountStrong external relationshipsWell networkedData Analytics & Computer Forensics skills a plus

Staffing


High-quality resultsBuild a brand (think like a consultant)Regionally basedTraining and awareness programsBe proactiveThink beyond investigations (Compliance, Internal Controls, ERM, etc.)Avoid territorialismSolicit feedback (example: have legal review your reports)Network, network, & network

Execution & Results


Litigation SupportAudit Committee presentationsExecutive Management visibilityRegional awareness of the teamAttend training and awareness programsERMCorporate ComplianceInformation SystemsThink Big!Temporary assignments (rotation program)Develop policies and procedures

Build the Network


Recovery of assetsRemediation of lossesInternal controls/root cause analysis feedbackInformal feedback on people and processesIncreased transparency of reporting fraud and misconductReduction in fraudGreater credibility from external agencies (DOJ, Auditors)Stronger control environmentAudit Committee assuranceConsistent approach to managing fraud risk

Return on Investment


Lack of policies and proceduresLack of a champion or executive management support and sponsorshipImproperly positioned/located within the organizationImproperly staffed (headcount & skillsets)No budgetFailure to embed AFPC within organizational frameworkFear of travelMyopic thinkingFailure to networkBeing reactive

Roadblocks


Proactive Fraud Risk Management Approach

4. Investigation

7. Analysis

11. Training

1. Prevention Programs

10. Testing For Compliance

12. Proactive Auditing 2. Incident (Fewer)

3. Incident Reporting

5. Action

6. Resolution8. Publication

9. Implementation of Controls


AFPCExternal Auditors

Internal Auditors

Management Board of Directors

Audit Committee

Compliance

Anti-Fraud Roles & Responsibilities


GIFA - Fraud Risk Management Process

Fraud Deterrence

Policies & ProceduresPolicies &

ProceduresFraud Risk

AssessmentFraud Risk

AssessmentAnti-Fraud

CultureAnti-Fraud

Culture

Fraud Detection

Forensic Audit

Techniques

Forensic Audit

TechniquesCAATsCAATs

Detective Processes &

Controls

Detective Processes &

Controls

Fraud Investigation

Investigation Guides

Investigation Guides

Evidence Management

Evidence Management ReportingReporting

Fraud Remediation

Root Cause Analysis

Root Cause Analysis

Recovery of Assets

Recovery of Assets

Internal Controls Review



GIFA - Fraud Deterrence Sub-Process

Policies & Procedures

Code of ConductCode of Conduct

Fraud ResponsePolicies

Fraud ResponsePolicies

Human Resources

Policies

Human Resources

Policies

Fraud Risk Assessment

Identify Fraud Risk FactorsIdentify Fraud Risk Factors

Define Fraud Schemes & Scenarios

Define Fraud Schemes & Scenarios

Determine Residual

Fraud Risk

Determine Residual

Fraud Risk

Anti-Fraud Culture

Whistleblower Hotline

Whistleblower Hotline

Control Environment

Control Environment

Employee Surveys

Employee Surveys

Fraud Deterrence

Policies & Procedure

s


s

Fraud Risk Assessme

nt

Fraud Risk Assessme

ntAnti-Fraud

CultureAnti-Fraud

Culture

Fraud Detection

Forensic Audit

Techniques

Forensic Audit

Techniques

CAATsCAATsDetective Processes & Controls

Detective Processes & Controls

Fraud Investigation

Investigation GuidesInvestigation Guides

Evidence Managem

ent

Evidence Managem

entReportingReporting

Fraud Remediation

Root Cause

Analysis

Root Cause

AnalysisRecovery of AssetsRecovery of Assets




GIFA - Fraud Detection Sub-Process

Forensic Audit

TechniquesAnalytical

ProceduresAnalytical

Procedures InterviewingInterviewingAnalysis of Financial

Transactions

Analysis of Financial

Transactions

CAATs ACL / IDEA software

ACL / IDEA software

Continuous Controls

Monitoring

Continuous Controls

MonitoringEvent-Driven

CAATsEvent-Driven

CAATs

Detective Controls

Segregation of Duties

Segregation of Duties

Monitoring & IT Controls

Monitoring & IT Controls

Safeguarding Company

Assets

Safeguarding Company

Assets

Fraud Deterrence


s


s

Fraud Risk Assessme

nt

Fraud Risk Assessme

ntAnti-Fraud

CultureAnti-Fraud

Culture

Fraud Detection

Forensic Audit

Techniques

Forensic Audit

Techniques



Fraud Investigation


Evidence Managem

ent

Evidence Managem


Fraud Remediation

Root Cause

Analysis

Root Cause





GIFA - Fraud Investigation Sub-Process

Investigative Guidelines

Processes & Flowcharts

Processes & Flowcharts

Fraud Response Team

Fraud Response Team

Defined Roles & ResponsibilitiesDefined Roles & Responsibilities

Evidence Management

Document Reviews & Labeling

Document Reviews & Labeling

Computer ForensicsComputer Forensics

Chain of CustodyChain of Custody

Reporting Report Guidelines

Report Guidelines

Attorney-Client Privilege

Attorney-Client Privilege

Presentation of Findings

Presentation of Findings

Fraud Deterrence


s


s

Fraud Risk Assessme

nt

Fraud Risk Assessme

ntAnti-Fraud

CultureAnti-Fraud

Culture

Fraud Detection

Forensic Audit

Techniques

Forensic Audit

Techniques



Fraud Investigation


Evidence Managem

ent

Evidence Managem


Fraud Remediation

Root Cause

Analysis

Root Cause





GIFA - Fraud Remediation Sub-Process

Root Cause Analysis



Issues Tracking System

Issues Tracking System

Management Accountability

Program

Management Accountability

Program

Recovery of Assets

Civil / Criminal Action

Civil / Criminal Action

Disciplinary Action

Disciplinary Action

Insurance Claims

Insurance Claims

Information & Communication

Awareness Programs

Awareness Programs

Policy & Procedure Updates

Policy & Procedure Updates

Surveys & Certification Programs

Surveys & Certification Programs

Fraud Deterrence


s


s

Fraud Risk Assessme

nt

Fraud Risk Assessme

ntAnti-Fraud

CultureAnti-Fraud

Culture

Fraud Detection

Forensic Audit

Techniques

Forensic Audit

Techniques



Fraud Investigation


Evidence Managem

ent

Evidence Managem


Fraud Remediation

Root Cause

Analysis

Root Cause





Global Integrity & Forensic Audit – Policies & Procedures Overview

GIA Charter

Fraud Response

Policy

Fraud Response Protocols

Allegations Matrix

GIFA Investigation Guidelines

GIA Charter

Defines the purpose of GIA

Provides authority to conduct audits

Defines areas of responsibility

Fraud Response Policy

Details guiding principles for managing fraud risk

Assigns responsibility for addressing complaints

Fraud Response Protocols

Defines principles for conducting internal Compliance/GIFA investigations of fraud and misconduct

Details the 7-step protocol to address allegations or detection of fraud and/or misconduct

Allegations Matrix

Defines various types of allegations

Prioritizes allegations in three separate levels (A,B,C)

Identifies ownership for investigating the allegations

GIFA Investigative Guidelines

Serves as a guide and reference to enroll investigative procedures and processes during the collection of facts and evidence in matters where illegal, unethical or otherwise improper acts are alleged

Defines GIFA’s philosophy and core values


Global Integrity & Forensic Audit - Vision & Mission

Vision – To ensure the development, implementation, and sustainability of a comprehensive fraud risk management process designed to reduce Bunge’s risk of asset loss, reputational damage, and legal liability resulting from incidents of fraud and misconduct.

Mission – To develop comprehensive anti-fraud programs and controls designed to deter, detect, investigate, and remediate incidents of fraud and misconduct within Bunge, including but not limited to:

Promptly respond to reports of illegal, unethical, or improper acts committed by company employees or non-employees who are engaged in company business,

Conducting fraud awareness training for company employees,

Completion of a fraud risk assessment,

Enhanced fraud detection through data analytics and forensic audit techniques,

Provide litigation support and forensic due diligence for legal and regulatory matters, and

Collaborate with compliance and risk management teams to evaluate risks, review processes, and analyze trending.


Investigation of Fraud, Abuse, and/or MisconductAccounting Irregularities

Occupational Fraud (Embezzlement, Skimming, Fictitious Invoices, T&E, etc.)

Conflicts of Interest

Bribery & Corruption

Litigation SupportAntitrust, Intellectual Property, Securities Trading

Fraud Risk Assessment

Global Integrity & Forensic Audit - Scope of Work (1 of 2)


Proactive Fraud Awareness TrainingInternal Audit (forensic audit techniques)

Operating Companies

Functions (Finance, Sales, etc.)

M&A Due DiligenceEthics & Integrity Case StudiesIT Investigative Technology/Computer ForensicsFCPA/Third-Party Compliance

Third-Party Proactive Reviews

Anti-bribery Audits

Security Audits/Surveys/Reviews

Global Integrity & Forensic Audit - Scope of Work (2 of 2)


Scope of Work - Differentiation

Compliance policies & proceduresEthics programsCompliance investigations oversight (FCPA)Allegations matrixCompliance reporting 3rd-party compliance programs

Fraud investigationsAnti-fraud training & awarenessLitigation supportFraud protocols & investigation guidelines Security auditsM&A due diligenceFraud risk assessments

Physical security programs (facilities, cargo, inventory, etc.)Personal securityTravel securitySecurity policies and proceduresSecurity investigations (thefts, product tampering, etc.)

Compliance Function GIFA Security Function


Legal Counsel

Legal adviceLitigation supportAttorney-client privilegeReview reports for languageCommunication with the Board, Audit Committee, Senior ManagementCo-sponsored training


Human Resources

Investigative support• Interviewing• Prior disciplinary actions – incidents• Personnel files

Report distributionDisciplinary actionEmployee surveysStaffing (compensation, career planning)


Information Technology

Electronic evidence collectionData retrieval – where/when/howEmail reviewsHard drive imagingInternet activityLog in/out data


Security

Support investigationsPhysical access documentationInterviewing skillsPrior incidentsLocation background


Outside Fraud Experts

Investigative experience/expertiseInterviewing skillsData-mining techniquesComputer forensicsReport-writing skillsForensic auditing expertiseExpert witness – render opinions


Audit

Control weaknesses reviewRoot-cause analysesData miningDocument reviewEmail/electronic evidence reviewsProactive forensic auditsResource poolForensic rotation programFraud training programs


Audit Committee/Management

Periodic updatesAnnual presentationImmediate notification of serious fraud issuesRoot-cause analysisPatterns of behaviorLegal liabilityOversight of investigative activitySponsorship


FindingsContinuous UpdatesKnowledge of Business & PeopleRemediation of FindingsProcess ImprovementsCause & Root Cause AnalysisInternal Control RecommendationsTraining & Awareness

Management


Questions

“Association of Certified Fraud Examiners,”

“Certified Fraud Examiner,” “CFE,” “ACFE,” and

the ACFE Logo are trademarks owned by the

Association of Certified Fraud Examiners, Inc.

The contents of this paper may not be

transmitted, re-published, modified, reproduced,

distributed, copied, or sold without the prior

consent of the author.

Documents

Forensic Audit Building a World Class Program · Procedures Interviewing Analysis of Financial Transactions CAATs ACL / IDEA software Continuous Controls Monitoring Event-Driven CAATs