Upload
deirdre-atkinson
View
216
Download
1
Embed Size (px)
Citation preview
“Good” Fraud Management: Applying Corporate Governance to Increase Revenue, Cut Costs and Safeguard Assets & Brand Value
Jonny Frank Fraud Risks & Controls
March 2010(Preliminary Draft)
“Good Fraud” vs. “Bad Fraud”
2
Good Fraud = Leakage related activities, that when prevented or detected early, leads to improved financial results.
Bad Fraud = Liability related activities, that if not prevented, leads to government sanctions, and damage to brand value and reputation of individual members of the Board and senior management.
So How Are Organizations Maximizing Opportunities & Mitigating Risk?
1. Assess how organization manages fraud risk
2. Conduct “scheme and scenario” fraud, corruption and abuse assessment
3. Address high impact common and industry specific fraud, corruption and misconduct risks– Schemes
– Presumptive controls
– Indicators
– Audit procedures
3
Fraud Management Framework
People Build three lines of defense – business, finance and internal audit/compliance
Process Identify significant risks, evaluate vulnerability to collusion, monitor/audit for red flags
TechnologyDisaggregate schemes into key risk indicators, develop data analytics, maximize available technology
• Board oversight• Codes of ethics/conduct• Anonymous reporting• Other entity level activities
Control environment
Entity and business process level control activities
Develop new/enhance existing controls
Validateoperatingeffectiveness
Evaluatecontrolsdesign
Monitoring activities
• Monitor fraud risk factors & indicators
• Audit for ‘Red flags’
Continuousreassessment
Develop a risk response
Fraud event identification and risk assessment
Conduct self-assessment at function & local businessunit levels
Assesslikelihood& impact
Identity entitylevel scheme& scenario risks
Incident response & remediation
• Investigate• Perform root cause analysis• Search for other misconduct• Enhance controls
4
Antifraud Programs & Controls Criteria* (SEC, DOJ, PCAOB, USSG, COSO et. al.)
• Control Environment– High integrity culture– Board oversight– High level overall responsibility– Day-to-day responsibility– Front line personnel– Internal audit function– Knowledge management– Code of conduct– Anonymous reporting– Hiring and promotion– Third party relationships
• Fraud Risk Assessment (FRA)– Systematic process– Management participation– Legal, financial reporting and
operations risks
• FRA Cont’d– Management override– Tailored to local units &
functions
• Control Activities– Linkage to assessment– Vulnerability to circumvention
• Detection and Monitoring– Risk factors and indicators– Data analytics and other
technology– Contemporaneous monitoring – After the fact reviews
• Incident Response and Remediation
– Investigative process– Remediation
5
*Bolded Italics denotes common deficiency.
10 Suggested Action Steps
1. Host a “perfect crime” dinner or play “angels v. demons” with the C-suite and/or finance team.
2. Self-assess your antifraud program.
3. Conduct a “leakage audit” to identify opportunities to maximize revenue, cut costs and safeguard assets - - particularly if your company engages in business in emerging markets.
4. Equip front line personnel with knowledge and skills to function as an effective “first” line of defense.
5. Conduct a scenario analysis to identify high impact legal/reputation risks
6. Link and evaluate adequacy of transaction level controls.
7. Identify and monitor key fraud risk factors and indicators.
8. Maximize internal and 3rd party information systems and technology
9. Develop an incident response and remediation process before a crisis occurs
10. Pray that LeBron James joins the Knicks or Nets to bring winning basketball back to NYC
Facilitator Contact & Biographical Information
Jonny J. [email protected]
1.646.471.8590
Jonny Frank has over 30 years public and private sector experience and over 20 years university teaching experience in preventing, detecting and investigating business irregularities. He is an award winning author of over 30 articles and book chapters, including the IIA's Thurston Award for outstanding scholarship. Jonny earned his LLM from Yale Law School in 1983 and his JD from Boston College Law School in 1980, where he ranked no.1 in a class of 250 and graduated summa cum laude.
Executive Assistant United States Attorney, Eastern District of New York Jonny began his professional career as a Federal prosecutor in the early 1980s in the U.S. Department of Justice, where he served for 12 years. His prosecutorial career included investigating and prosecuting over 1,000 economic crimes cases involving Fortune 500 companies across every business sector. In the mid-1990s, the Justice Department appointed Jonny to serve as Special Counsel to the New York City Mayoral Commission on Police Corruption. He also led trips to train former Soviet bloc prosecutors and judges on the investigation of economic crime.
Co-founder, PwC Investigations PwC recruited Jonny to join the firm as a partner in 1997 to help develop and lead the firm's investigations practice. Leveraging this public sector experience, Jonny developed a global practice, focusing on investigation and remediation of fraud and corruption. Jonny led over 1000 engagements during his five years as practice leader.
Founder, PwC Fraud Risks & Controls (FR&C)Following Enron, PwC appointed Jonny to build and lead a practice devoted to prevention, detection, and remediation. The practice has professionals in Africa, Canada, Central, Eastern & Western Europe, India, South America, and the United Kingdom.
In 2003, Jonny pioneered PwC's "scheme and scenario" fraud risk assessment framework, which the SEC, AICPA, IIA, and COSO have embraced. FR&C have embedded this framework at numerous internal audit departments and finance functions, in addition to using it on over 1500 PwC audits.
Jonny also developed a fraud auditing training methodology, comprised of classroom and on-the-job coaching. PwC applied this methodology to train over 350 experienced audit managers to serve as fraud specialists on their engagements.
Yale School of Management, Fordham University, Brooklyn Law SchoolSimultaneous to his DOJ and PwC career, Jonny has taught for over 20 years at the professional school level. He serves as an Adjunct Professor of Law at Fordham University Law School (1988 – present) (ranked no. 3 nationally in evening law programs) and previously taught at Yale School of Management (Senior Faculty Fellow 2003 – 2006) and Brooklyn Law School (1089 – 2004).
© 2009 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity. *connectedthinking is trademark of PricewaterhouseCoopers LLP (US).
pwc.com
The information contained in this document is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, there may be omissions or inaccuracies in information contained in this document. This document is provided with the understanding that the authors and publishers are not herein engaged in rendering legal, accounting, tax, or other professional advice and services. It should not be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers. Before making any decision or taking any action, you should consult a PricewaterhouseCoopers professional.
While we have made every attempt to ensure that the information contained in this document has been obtained from reliable sources, PricewaterhouseCoopers is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this document is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will PricewaterhouseCoopers, its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this document or for any consequential, special or similar damages, even if advised of the possibility of such damages.
“Good Fraud” vs. “Bad Fraud”
11
Good Fraud = Leakage related activities, that when prevented or detected early, leads to improved financial results.
Bad Fraud = Liability related activities, that if not prevented, leads to government sanctions, and damage to brand value and reputation of individual members of the Board and senior management.
Identifying High Impact Risks: Expenditure Leakage
12
Illustrations: • Orders from fictitious vendor
• Kickbacks in return for allowing supplier to inflate price
• Advertiser charges for advertising not delivered
• Vendors/contractors charge for work not performed
• “Double dips” on p-card and credit card
• Salesperson obtains reimbursement for fictitious travel expenses
Identifying High Impact Risks: Unauthorized Expenses
13
Illustrations: • Payments to public officials for permits
and licensing
• Payments to facilitate sales
• Payments to avoid sanctions
• Leakage of private information, e.g., patient information, credit cards, etc..
• Environmental violations
Identifying High Impact Risks: Asset Misappropriation
14
Illustrations • Employee steals liquid assets,
• Salesperson steals customer list for use at a competitor
• Event planner receives 15% “commission” on rooms
• HR employees puts shadow employee on payroll
Identifying High Impact Risks: Unauthorized Receipts
15
Illustrations:• Overbilling customers
• Antitrust and restraint of trade
• Improperly obtaining rebates
• False marketing statements
Identifying High Impact Risks: Revenue Leakage
16
Illustrations:• Salesperson discounts price in return
for kickback
• Business leader runs parallel business
• Salesperson violates non-compete clause after leaving company
• Salesperson enters side agreement with customer unable to make payment, ultimately resulting in write off receivable and/or debt
Identifying High Impact Risks: Reporting & Disclosure
Illustrations:• Improper revenue recognition
• Manipulation of significant management estimates
• Inconsistent or improper accounting of intercompany transactions to improve operating performance of business units.
• False statements in MD&A
• Deceptive marketing
17