Embed Size (px)
Citation preview
Emerging Trends in Financial Statement Fraud, Electronic Fraud and Investigating
Presentation by:
Chrisantus M. KhulabeManager, Data Analytics and Digital Forensics, Deloitte East Africa
Friday, 30th November 2018
Uphold public interest
Contents
Introduction to Financial Statement FraudRecent trends in Financial Statement FraudIntroduction to Electronic/Digital FraudRecent trends in Electronic/Digital FraudInvestigations
IntroductionTypes of Fraud
There are three types of fraud:
Misappropriation of Assets
Corrupt Business Practices
Fraudulent Financial Reporting
Fraud
Financial Statement FraudIntroduction
Financial statement fraud is the deliberate misrepresentation of the financial condition
of an enterprise accomplished through the intentional misstatement or omission of
amounts or disclosures in the financial statements to deceive financial statement users.
According to the ACFE 2018 Report to the Nations, Financial statement fraud schemes
are the least common, however they are the most costly.
They comprise of 10% of all fraud cases with a median loss of USD 800,000.
• Smoothing earnings / meeting expectations (e.g., investors, debt covenants)
• Achieving compliance with contractual terms (e.g., debt covenants)
• Facilitate the use of non-GAAP earnings (e.g., EBITDA)
• Meet bonus targets
• Increase value of stock-based compensation
• Cover inability to generate cash flows
• Obtain financing or more favorable terms on existing financing
• Avoid negative market perceptions
• Personal financial pressures
• Corrupt corporate culture
Financial Statement Fraud Why Commit it?
Financial Statement FraudEffects on the Financial Statements
Practice
Improper Expense
Capitalization
Overvalue Assets
Undervalue/Under-Record Liabilities
Effect on Balance Sheet
Overstate Assets
Overstate Assets
Understate Liabilities
Effect on Income Statement
Defers current expenses to succeeding periods
Postpones depreciation expenses or moves losses
to later periods
Postpones expense or losses to later periods
Recent Trends in Financial Statement FraudFraud Detection
• It is extremely unlikely to find a fraud by reading the financial statements
• The typical fraud scheme lasts 16 months before it is detected
• 4% of fraud schemes are initially detected by external auditors
SOURCE: 2018 ACFE Report to the Nation on Occupational Fraud & Abuse
Recent Trends in Financial Statement FraudCommon Fraud Schemes
• Improper Capitalization of Expenses
• Vendor Allowance Manipulations
• Improper Bill and Holds
• Roundtrip Transactions
• “Refreshed” Receivables
• “Off -Site” or Fake Inventory
• Adjustments to Estimations
• Phony Shipping Documentation
• Moving Inventory Between Locations
• Related Parties That “Create” Transactions
• Unjustified Consolidation Entries
• Splitting of Multiple-Element Deals
• Improper Asset Valuations
• Holding Periods Open
• Phony “Investment Deals”
• Income Manipulations Affecting Other
Accounts
• Bribery, Corruption & Kickbacks
• Phony Joint Venture Contributions
• Money Laundering
• Fraudulent Audit Confirmations
• Early Recording of Rebates
• Off Balance Sheet Liabilities
• Undocumented Rights of Return
Recent Trends in Financial Statement FraudCommon Fraud Schemes
->Domination of management by a single person or small group without compensating controls.
-> Recurring negative cash flows from operations
-> Rapid growth or unusual profitability, especially compared to that of other companies in the same industry.
-> Highly complex transactions, especially those close to period end that pose difficult “substance over form”
questions.
-> Significant related-party transactions not in the ordinary course of business or with related entities not audited.
-> Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality.
-> Formal or informal restrictions on the auditor that inappropriately limit access to people or information.
Electronic/Digital FraudIntroduction
Over the years, hackers have developed multipronged strategies to identify and exploit systemic weaknesses and
vulnerabilities. Common types of fraud in digital transactions include the following:
Malware
This malware can automatically perform transactions on behalf of customers after hacking into a legitimate
session or stealing credentials, including second-factor authentication.
Phishing
It refers to a method for gathering personal identifiable information (PII), using deceptive e-mails and fake
websites that can be used to access customer accounts.
Account Take Over (ATO)
A hacker poses as a genuine customer, takes control of an account and makes unauthorized transactions.
Current Trends in Digital Fraud
TREND 1: DIGITAL TRANSACTIONS ARE ON THE RISE
Global e-commerce turnover grew by 17.5% percent to reach US$2.7 trillion in 2016.
TREND 2: WITHIN DIGITAL TRANSACTIONS, CNP TRANSACTIONS AND FRAUD ARE
INCREASING
CNP transactions account for 60–70 percent of all card fraud in many developed countries, according to
Juniper Research.18 In the UK, spending on e-commerce has reached £248 billion, with CNP fraud
losses at £309 million in 2016.
Future Trends in Digital Fraud
According to World-Pay, 25 by 2020, mobile wallets will surpass both credit and debit cards, and in-
store mobile payments will exceed US$500 billion. As per Juniper Research,15 fraudulent CNP
physical goods sales will reach US$14.8 billion annually by 2022.
Digital wallets have disrupted the market by providing a seamless experience across various devices
and online platforms— integrated as gateway services on communication channels such as
Facebook—to support commercial activities.
New payment providers (such as Apple Pay) act as intermediaries between the web browser and
banking sites to facilitate online shopping. Banks are, therefore, unable to detect the middleman,
leading to fraud and subsequent losses—likely to be borne by the payment provider.
Future Trends in Digital Fraud
TREND 1: BEWARE OF BOT ATTACKS
The use of artificial intelligence (AI) bots is likely to drive fraud in mobile payments. Bots can impersonate
legitimate users, mimic human behaviors and convincingly circumvent fraud controls. In 2017, fraud by bots in
digital advertising touched US$6.5 billion, globally.
TREND 3: SPOT THE FAKE (GENEALOGY WEBSITES)
Fake “genealogy” websites. Scammers target people who are interested in ancestral research and tempt them to
register on their website. Unwary customers take the bait and share their credit card information and SSN.
TREND 4: GOING CONTACTLESS
Financial institutions are turning to emerging technologies to prevent fraud. For instance, they have rolled out
contactless cards, which are based on secure elements payment technologies such as near field communication (NFC)
and host card emulation (HCE).
Next, we are likely to see the use of Bluetooth Low Energy (BLE) technology with NFC and HCE to prevent fraud.
TREND 2: FRAUD HAS GONE SOCIAL
Social media sites have grown to become hotbeds for the new-age hacker: data harvesting zones for scammers and
an ideal platform for peddling bogus shopping deals and coupon scams.
3-Domain Secure (3DS) Layers These are real-time authentication services in transaction communication that allow issuer banks and merchants to interchange the
data provided by customers for authentication.
Dynamic one-time password (OTP) received as a text message on the user’s mobile and e-mail account.
The challenge with 3DS protocols, however, is that the information needed for enrolment (for example, SSN) is readily available in
the grey market and can be illegitimately used by hackers. If the card is already enrolled online, a simple key logger can give the
hacker access to the user’s password.
Address Verification Services (AVS) This is a mechanism that can effectively limit fraud and chargebacks. AVS verifies the information provided by a cardholder with
that available with the issuing bank, along with other factors (such as card number and expiry date). Once the information is
verified, the issuing bank sends an AVS code to the merchant’s payment gateway.
The challenge, however, is that sometimes even genuine authorized transactions get declined because of personal AVS preferences
which might lead to high processing fees.
Digital Fraud Prevention Measures
Tokenisation
It prevents the user from giving away payment credentials for each online transaction.
Two-factor Authentication (2FA)
This is widely used for securing online transactions. The user logs into a portal with the help of a password and receives a dynamic
OTP via text message on a registered mobile number to authenticate the transaction.
This makes it trickier for a hacker, who requires both the cardholder’s login password and phone to access the account.
Digital Fraud Prevention Measures
Risk Control and Fraud Prevention Measures
Risk Factors Fraud Prevention Measures
Personnel Failures
Inadequate staff employment screening • Have detailed job application forms
• Stringent checking of references and backgrounds of applicants
• Train managers to improve interview skills to identify potential fraudsters
• Regular fraud awareness staff training
Inadequate supervision of staff • On-going monitoring of integrity of employees
• Awareness of behavioral and social anomalies (e.g. gambling problems, unusual
work patterns, living beyond one's means)
• Awareness of staff not taking leave or working after-hours
• Mandatory staff recreational leave
• In-house fraud hotlines
• Implement corporate code of conduct/ ethics
Failure to segregate staff duties • Job rotation
• Clear segregation of duties, in particular, purchasing, payments and authorization of
payments
• On-going monitoring of long-serving employees and managerial staff
Risk Control and Fraud Prevention Measures
Risk Factors Fraud Prevention Measures
Account Auditing Failures
Internal auditing failures • Increase the role of audit committees
• Increase budget allocation for internal audit
• Provide fraud detection training for audit committees
• Conduct random audits
External auditing failures • Conduct random audits
• Employ active reporting
Investigations
Below are effective phases to ensure a successful forensic investigation into fraud:
Investigations
Phase 1 – Investigation preparation
This phase involves identification of risks associated with the organisation which might include the following:
• Reputational risk for the entity;
• Availability of evidence and data (ensure that evidence and data potentially relevant to the investigation are safe
and secure);
• Risk of non-cooperation by third parties;
• Risk of interference and interruptions during the investigative process;
• Understand nature of the allegations including key players, locations, and theories on methods/schemes;
• Understand whether any procedures were performed by the entity;
• Review documents provided by relevant staff; and
• Determine availability of data sources and owners, contracts, and supporting documentation.
Investigations
Phase 2 – Data Collection
In this phase, the investigators:
• Gain an understanding of what document preservation procedures have been undertaken;
• Identify relevant parties from which the data should be collected as well as devices they possess;
• Gather system information (data dictionary, table structure), and identify any system
limitations/weaknesses;
• Collect, image, load, and prepare data from machines and devices into analytical tools and document
review platforms;
• Collect hard copies and consider scanning them;
• Collect and prepare structured and unstructured data from company systems, tie to control totals;
• Perform optical character recognition (OCR) on image documents such as scanned PDF files;
• Filter relevant data;
• Gather relevant contracts, policy and procedure documentation; and
• Organize and catalogue data.
Investigations
Phase 3 – Performance of Data Analytics
In this phase, the investigators will utilize an array of tools to mine transactional and operational data from
an entity’s IT systems used for financial reporting and operations.
Use of data analysis tools, data matching, pattern recognition and data forensics, the investigators should
strive to identify potential anomalies and relationships that may indicate fraudulent behavior.
Phase 4 – Performance of background checks
In this phase, investigators will endeavour to obtain information from publicly available sources on
individuals and entities suspected to be involved in fraud or malfeasance.
It is possible to identify business relations, be it suppliers, service providers, other third parties or
individuals. This will include, as far as applicable, an investigation into further investments, trading history,
criminal record, reputation in the media and holdings of the individual or company, and possibly those of its
directors and shareholders.
Investigations
Phase 5 – Review of documents
The review of documentation includes the following:
• Read and analyze documents, supporting documentation, and policy documentation;
• Identify any relevant internal control weaknesses;
• Map out key relevant business processes (for example, Investment decisions procedures);
• Adjust key word search terms based on reviews;
• Build timelines; and
• Compare different versions of contracts and documents.
Investigations
Phase 6 – Conducting interviews
Interviews are an important element to any investigation. They provide a vehicle in which to gather many important
details and points of view in a relatively short amount of time. Interviews will also provide the investigators with
the opportunity to identify deceptive behaviors or subject matters that require further inquiry.
Interviewers should follow the following guidelines:
• Develop interview strategy;
• Craft interview questions;
• Prepare reference documents to accompany interview questions;
• Conduct interviews and take notes; and
• Based upon interviews, determine whether additional work needs to be performed.
Conducting interviews with relevant individuals in the course of an investigation is one of the ways of gathering
evidence and obtain different versions of events.
Investigations
Phase 7 – Reporting
It is essential for the success of the investigation that the investigators provide factual reports that
can be used for various purposes.
The general structure of a report should at minimum include:
the scope and limitations,
procedures performed and executive summary,
factual findings,
conclusions and recommendations.
Questions
