Upload
lytuyen
View
272
Download
6
Embed Size (px)
Citation preview
The Unique Alternative to the Big Four®
IIA Practice Guide: Fraud and Internal Audit
2010 Western Regional ConferenceSeptember 19-22, 2010 / Anaheim, CA, USA
© 2010 Crowe Horwath LLP 2Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Disclaimer & Copyright Notice
The views expressed herein may not necessarily reflect those of Crowe Horwath
LLP. Thus, Crowe Horwath LLP is not, by means of this presentation, rendering
business, accounting, legal advice, or other professional advice or services.
This presentation is not a substitute for such professional advice or services, nor
should it be used as a basis for any decision or action that may affect your
business. Before making any decision or taking any action that may affect your
business, you should consult a qualified professionals. Crowe Horwath LLP, its
affiliates, and related entities shall not be responsible for any loss sustained by any
person or entity that relies on this publication.
All materials including but not limited to graphics, photographs, and text appearing
in this presentation are protected by Copyright.
Reproduction or redistribution in any form is prohibited.
© 2010 Crowe Horwath LLP 3Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
The Fraud Environment
© 2010 Crowe Horwath LLP 4Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Definition of Fraud
IIA’s IPPF definition: Any illegal act characterized by deceit, concealment, or
violation of trust. These acts are not dependent upon the threat of violence or
physical force. Frauds are perpetrated by parties and organizations to obtain
money, property, or services; to avoid payment or loss of services; or to secure
personal or business advantage.
AICPA EDP Fraud Review Task Force: ―Any intentional act, or series of acts,
that is designed to deceive or mislead others and that has an impact or potential
impact on an organization’s financial statements.‖
The Accountant’s Handbook of Fraud & Commercial Crime: ―Fraud is criminal
deception intended to financially benefit the deceiver.‖
© 2010 Crowe Horwath LLP 5Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Should Fraud Be A Concern? You Bet it Should!
Of 4,000 high school students with A and B averages, 75 percent admit to
cheating to get ahead. 92 percent of those who said they cheated were never
caught. - Who’s Who Among American High School Students
Almost 80 percent of college students admit to cheating at least once. - The
Center for Academic Integrity
The percentage of resumes and job applications that contain lies and
exaggerations has been estimated between 30 and 80 percent. - Security
Management Magazine
© 2010 Crowe Horwath LLP 6Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Wheel of Misfortune
© 2010 Crowe Horwath LLP 7Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Putting the Freud in Fraud™
© 2010 Crowe Horwath LLP 8Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
White Collar Crime
White collar crime involves embezzlement, forgery, or fraud committed in the
course of normal business practice, but is highly unethical and violates accepted
accounting principles or the public trust.
Like the crime of conspiracy, deception and cover up are the hallmarks of white
collar crime.
According to various studies conducted by the ACFE, approximately 95% of
white collar criminals have no previous criminal record. In fact, the higher the
monetary value of the economic crime, the less likely it is that the perpetrator will
have a previous criminal record.
White collar criminals know that people live on the hope of a better financial
future. The white collar criminal’s job is to feed people’s hope with their spin and
lies.
© 2010 Crowe Horwath LLP 9Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Verify
The white collar criminal hopes that you will never verify what they say or present
to you.
Even if you do verify, your skepticism of the criminal’s deceptive answers may be
corroded by your comfort level. In other words, you will accept the criminal’s
deceptive answers as factual.
© 2010 Crowe Horwath LLP 10Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Why the Fraud Triangle is
Not Good Enough Anymore
© 2010 Crowe Horwath LLP 11Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
The Evolution
Knowing what might provoke an employee, even an otherwise lawful individual,
to blur the line between legal and illegal activity is the key to fighting fraud
effectively.
Famed criminologist Donald R. Cressey first identified three elements –
opportunity (including general knowledge and technical skill), pressure, and
rationalization – as the ―fraud triangle‖ in the 1950s to explain why people
commit fraud.
Cressey’s classic fraud triangle helps to explain many but not all situations.
Source: Donald R. Cressey, Other People’s Money: A Study in the Social Psychology of Embezzlement. New York: Free
Press, 1953.
© 2010 Crowe Horwath LLP 12Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Then…..1950’s
Fraud is more likely to occur when someone has:
1. Opportunity – Weak controls provide the opportunity for a person to commit fraud.
2. Pressure - Incentive to commit fraud
3. Rationalization – Ability to rationalize fraudulent behavior (attitude)
Source: Donald R. Cressey, Other People’s Money: A Study in the Social Psychology of Embezzlement. Free Press, 1953.
© 2010 Crowe Horwath LLP 13Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Then and Now
1950s
Straight-line reporting authority
Manual processes
Dual responsibility
Single suppliers
Local or regional service area
Step-up salary structure
2000s
Matrixed organizations
Automation
Autonomous authority
Multiple vendors and global trading
partners
Global reach
Performance-based pay
© 2010 Crowe Horwath LLP 14Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Now…
The fraud triangle
has morphed into a
Fraud Pentagon™ .
Unchecked, these
five elements -
pressure,
opportunity,
rationalization,
competence, and
arrogance - can
provoke employees
to commit fraud.
© 2010 Crowe Horwath LLP 15Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Elements of Fraud - Arrogance
Many frauds are committed by people in very senior positions with ―Big Egos‖.
They believe that the rules don’t apply to them.
They think they can circumvent internal controls and not get caught.
Bully-attitude
―..remember that many crimes are committed without economic gain for reasons of
ego, status, and sheer arrogance.‖
Source: Sam E. Antar, convicted felon.. Ex-CFO Crazy Eddie
© 2010 Crowe Horwath LLP 16Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Elements of Fraud - Competence
Competence gives the perpetrator the opportunity to turn desire into
reality.
There are six common traits of personal competence:
Functional authority within the organization
Sufficient intelligence to understand and exploit a situation
Strong ego and personal confidence
Strong coercive skills
Effective at being deceptive
High tolerance for stress
© 2010 Crowe Horwath LLP 17Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Greed is Good
―The point is, ladies and gentleman, that greed, for lack of a better word, is good.
Greed is right, greed works. Greed clarifies, cuts through, and captures the
essence of the evolutionary spirit. Greed, in all of its forms; greed for life, for
money, for love, knowledge has marked the upward surge of mankind. And
greed, you mark my words, will not only save Teldar Paper, but that other
malfunctioning corporation called the USA. Thank you very much. ‖
© 2010 Crowe Horwath LLP 18Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
The Business Case: The Impact of Fraud
© 2010 Crowe Horwath LLP 19Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
ACFE 2010 Report on Fraud in the U.S.
Survey participants estimated that the typical
organization loses 5% of its annual revenue to
fraud. Applied to the estimated 2009 Gross World
Product, this figure translates to a potential global
fraud loss of more than $2.9 trillion.
The median loss caused by the occupational fraud
cases in our study was $160,000. Nearly one-quarter
of the frauds involved losses of at least $1 million.
Small organizations are disproportionately victimized
by occupational fraud. These organizations are
typically lacking in anti-fraud controls compared to
their larger counterparts, which makes them
particularly vulnerable to fraud.
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 20Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Perpetrators of Fraud
High-level perpetrators cause the greatest damage to their organizations.
Frauds committed by owners/executives were more than three times as costly as
frauds committed by managers, and more than nine times as costly as employee
frauds. More than 85% of fraudsters in the study had never been previously
charged or convicted for a fraud-related offense.
Fraud perpetrators often display warning signs that they are engaging in illicit
activity.
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 21Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Initial Detection of Occupational Fraud
The frauds lasted a median of 18 months before being detected.
Occupational frauds are much more likely to be detected by tip than by any other
means. This finding has been consistent since 2002 when the ACFE began
tracking data on fraud detection methods.
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 22Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Control Weaknesses that Contributed to Fraud
Survey participants were asked which of several circumstances they believed
was the most important contributing factor that allowed the fraud to occur.
Lack of internal controls, lack of management review, and override of existing
internal controls were the three most commonly cited factors that allowed fraud
schemes to succeed.
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 23Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
ACFE: Anti-Fraud Works!
Anti-fraud controls appear to help reduce the cost and duration of occupational
fraud schemes. The ACFE looked at the effect of 15 common controls on the
median loss and duration of the frauds. Victim organizations that had these
controls in place had significantly lower losses and time-to-detection than
organizations without the controls.
© 2010 Crowe Horwath LLP 24Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Median Loss - Presence of Anti Fraud Controls
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 25Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Duration - Presence of Anti Fraud Controls
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 26Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Per the 2010 ACFE Report to the Nation
In response to the discovery of the fraud, more than 80% of the victim
organizations in our study implemented or modified internal controls.
While this percentage is quite high, it indicates that nearly 1 out of 5 victims
retained the same control system — or lack thereof — that was ineffective in
preventing the reported fraud schemes.
Of those that did implement or modify their internal controls in response to the
fraud, more than 60% increased segregation of duties, more than 50% added
formal review of internal controls by management and 23% implemented
surprise audits.
© 2010 Crowe Horwath LLP 27Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
The Cost of Fraud
“More money has been stolen at
the point of a pen than at the
point of a gun.”
*Source: Towards a Sociology of Organizational Crime, Frank Schmalleger, Ph.D 1991
© 2010 Crowe Horwath LLP 28Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
The True Costs of Fraud
The true costs of fraud to an
organization go beyond dollar
losses.
These include:
Public scrutiny
Reputation loss
Government investigations
Loss of market capital
Severe financial penalties
Loss of investor confidence
© 2010 Crowe Horwath LLP 29Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Red Flags of Fraud
© 2010 Crowe Horwath LLP 30Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Employee Red Flags of Fraud
Wheeler-dealer attitude
Never out of balance
Secretive, territorial
Intellectual challenge to "beat the system"
Criminal record
Not taking vacations of more than two or three days
A department that does not enforce proper procedures for
authorization of transactions
© 2010 Crowe Horwath LLP 31Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Employee Red Flags of Fraud
Unusually high personal debts
Living beyond one's means
Excessive gambling habits
Alcohol problems
Drug problems
Feeling of being underpaid
Feeling of insufficient recognition for job performance
Poor credit rating
Consistent rationalization of poor performance
© 2010 Crowe Horwath LLP 32Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Examples of Fraud Schemes
© 2010 Crowe Horwath LLP 33Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Occupational
Fraud and
Abuse
Classification
System
© 2010 Crowe Horwath LLP 34Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Banking/Financial Services – Fraud Schemes
Banking / Financial Services ranked first in number of frauds, but ranked
12th out of 22 in median loss
Corruption - 33.9%
Cash on Hand - 21.5%
Billing - 12.4%
Check Tampering - 11.7%
Non-Cash - 11.1%
Skimming -10.7%
Larceny - 9.7%
Expense Reimbursements - 6.7%
Financial Statement Fraud - 5.4%
Payroll - 3.0%
Register Disbursements - 2.7%
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 35Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Fraud Schemes – Banking Industry
“Classic” frauds:
DDA-related, e.g. check kiting, fraudulent official checks, misuse of dormant
accounts
Fraudulent, nonexistent or "compromised" loans or loan collateral
Money laundering
Payment/credit card fraud
Identity theft
Rogue securities traders (exceeding risk exposure & position limits)
Fraudulent wire transfers or other "automated" cash transactions
Theft of (vault) cash, covered by fraudulent balancing sheets, etc.
© 2010 Crowe Horwath LLP 36Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Fraud Schemes – Banking Industry (continued)
Current hot-button frauds:
Loan underwriting based on fraudulent input information
Fraudulent valuation of mortgage loan collateral
Fraudulent securities valuation and/or classification (as trading vs. investment)
Valuation of "exotic" investments in turbulent financial markets
Internet-based scams (e.g. ―phishing‖)
Fraudulent counterparties to derivative transactions
Fraudulent classification of bank assets and liabilities (for purposes of determining regulatory capital, loan concentration, legal lending limits)
Third party/outsourcing risks, e.g. third party responsible for replenishing ATM machines taking cash
Remote deposit capture – a form of third party risk due to insertion in the capture process
© 2010 Crowe Horwath LLP 37Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
IPPF
Standards and Guidance
© 2010 Crowe Horwath LLP 38Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Relevant IPPF Standards
IIA Standard 1200: Proficiency and Due Professional Care
1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk
of fraud and the manner in which it is managed by the organization, but are not
expected to have the expertise of a person whose primary responsibility is
detecting and investigating fraud
IIA Standard 1220: Due Professional Care
1220.A1 – Internal auditors must exercise due professional care by considering:
Extent of work needed to achieve the engagement’s objectives.
Related complexity, materiality, or significance of matters to which assurance
procedures are applied.
Adequacy and effectiveness of governance, risk management, and control processes.
Probability of significant errors, fraud, or noncompliance.
Cost of assurance in relation to potential benefits.
© 2010 Crowe Horwath LLP 39Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Relevant IPPF Standards (continued)
IIA Standard 2060: Reporting to Senior Management and the Board
The chief audit executive (CAE) must report periodically to senior management
and the board on the internal audit activity’s purpose, authority, responsibility,
and performance relative to its plan. Reporting must also include significant risk
exposures and control issues, including fraud risks, governance issues, and
other matters needed or requested by senior management and the board.
IIA Standard 2120: Risk Management
2120.A2 – The internal audit activity must evaluate the potential for the
occurrence of fraud and how the organization manages fraud risk.
IIA Standard 2210: Engagement Objectives
2210.A2 – Internal auditors must consider the probability of significant errors,
fraud, noncompliance, and other exposures when developing the engagement
objectives.
© 2010 Crowe Horwath LLP 40Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Internal Audit Responsibilities
During Internal Audit Engagements
Consider fraud risks when assessing control design
Be on the lookout for red flags
Be alert to opportunities that can allow fraud
Has Management addressed previously reported control deficiencies
Evaluate indicators of fraud
Recommend investigation when appropriate
Communicate with the Board
Fraud audits and coordination with others
Roles and Responsibilities
Fraud concerns and issues
Fraud Risk Assessment
IA’s Role in Investigations should be defined in the Internal Audit Charter
Primary Responsibility
Need skill set
A Secondary Resource
No Involvement – need to maintain independence
© 2010 Crowe Horwath LLP 41Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Preventing and Detecting Fraud
© 2010 Crowe Horwath LLP 42Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
IIA Guidance
An effective fraud management program includes:
Company ethics policy - ―tone at the top‖ from senior management.
Fraud awareness - understanding the nature, causes, and characteristics of fraud.
Fraud risk assessment - evaluating the risk of various types of fraud.
Ongoing reviews - an internal audit activity that considers fraud risk in every audit and
performs appropriate procedures based on fraud risk.
Prevention and detection - efforts taken to reduce opportunities for fraud to occur and
persuading individuals not to commit fraud because of the likelihood of detection and
punishment.
Investigation - procedures and resources to fully investigate and report a suspected
fraud event.
© 2010 Crowe Horwath LLP 43Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Importance of Control in Detecting or Limiting Fraud - Rankings by CFEs as to
importance of anti-fraud controls in detecting or limiting the fraud
Source: 2010 ACFE Report to the Nation
© 2010 Crowe Horwath LLP 44Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Crowe’s Anti-Fraud Model
© 2010 Crowe Horwath LLP 45Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Be Curious
© 2010 Crowe Horwath LLP 46Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Be a ―Skeptoid‖
© 2010 Crowe Horwath LLP 47Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Have Courage
© 2010 Crowe Horwath LLP 48Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Closing Thoughts
Regardless of an organization’s industry, size, or fraud scheme used, the
majority of fraud is still detected by accident or tip.
Clear need for a proactive approach to fraud deterrence and detection
Trust is a professional hazard---verify, verify, verify, and verify!
© 2010 Crowe Horwath LLP 49Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate
and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any
other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or
any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member
of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance
specific to your organization from qualified advisers in your jurisdiction. © 2010 Crowe Horwath LLP
For more information, contact:
Mike Miller, CIA, CISA, CRP
Direct 973-422-4536