-
8/9/2019 Risk & Fraud Final(1)
1/80
Paul Lower 2010
FRAUD DETECTION & CONTROL
Risk and Fraud
-
8/9/2019 Risk & Fraud Final(1)
2/80
Paul Lower 2010
Introduction
Key course topics
The nature and types of risk
-
8/9/2019 Risk & Fraud Final(1)
3/80
Paul Lower 2010
FRAUD DETECTION & CONTROL
The Nature and Types of Risk
-
8/9/2019 Risk & Fraud Final(1)
4/80
Paul Lower 2010
The Nature and Types of Risk
What is risk?
-
8/9/2019 Risk & Fraud Final(1)
5/80
Paul Lower 2010
The Nature and Types of Risk
What is risk?
Risk:
the effect ofuncertainty on objectivesISO 31000
-
8/9/2019 Risk & Fraud Final(1)
6/80
Paul Lower 2010
The Nature and Types of Risk
What is risk?
Risk arises out ofuncertainty
The exposure to various kinds of damage, loss or gain
Financial loss or gain
Physical damage, injury or delay
-
8/9/2019 Risk & Fraud Final(1)
7/80
Paul Lower 2010
The Nature and Types of Risk
What is risk?
Risk arises out of uncertainty
The exposure to various kinds of damage, loss or gain
Concept of risk has two aspects
The likelihood of something happening
The consequences if it happens
-
8/9/2019 Risk & Fraud Final(1)
8/80
Paul Lower 2010
The Nature and Types of Risk
A recent study by IBM found that 62% of companieswith revenues
exceeding $5bn had encountered amaterial risk event in the previous
3 years
And 42% had not been prepared for it!
-
8/9/2019 Risk & Fraud Final(1)
9/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks internal to the organisation
Risks external to the organisation
-
8/9/2019 Risk & Fraud Final(1)
10/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks can come from a multitude of sources
Uncertainty in financial markets
Project failures
Accidents
Natural disasters
Deliberate attacks
Fraud
-
8/9/2019 Risk & Fraud Final(1)
11/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks can be categorised
Strategic risks
Risks to achievement of organisations plans
-
8/9/2019 Risk & Fraud Final(1)
12/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks can be categorised
Strategic risks
Commercial risks
Risks to commercial & contractual relationships
-
8/9/2019 Risk & Fraud Final(1)
13/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks can be categorised
Strategic risks
Commercial risks
Operational risks
Risks to core organisational activities
-
8/9/2019 Risk & Fraud Final(1)
14/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks can be categorised
Strategic risks
Commercial risks
Operational risks
Technical risks
Risks of equipment or systems failures
-
8/9/2019 Risk & Fraud Final(1)
15/80
Paul Lower 2010
The Nature and Types of Risk
Classifying types of risk
Risks can be categorised
Strategic risks
Commercial risks
Operational risks
Technical risks
Compliance risks
Failure to meet regulatory requirements
-
8/9/2019 Risk & Fraud Final(1)
16/80
Paul Lower 2010
The Nature and Types of Risk
Classifying risk Mitchell & Jones1
Suggest that risks fall in to three categories
Catastrophic failure
Can be terminal to survival of the organisation
Examples:natural disasters, wars, terrorism,termination of legal
charter, large scale fraud
Examples: 9/11 attacks, Enron, Union Carbide
1Anthony Mitchell and Marc Jones Ashridge Business School
Rethinking Business Risk
-
8/9/2019 Risk & Fraud Final(1)
17/80
Paul Lower 2010
The Nature and Types of Risk
Classifying risk Mitchell & Jones
Suggest that risks fall in to three categories
Catastrophic failure
Strategic failure
Pursuing inappropriate strategy
Due to flawed external analysis
Misunderstanding of organisation's capabilities
Woolworths is recent UK example
-
8/9/2019 Risk & Fraud Final(1)
18/80
Paul Lower 2010
The Nature and Types of Risk
Classifying risk Mitchell & Jones
Suggest that risks fall in to three categories
Catastrophic failure
Strategic failure
Operational failure
Failure to deliver value to key stakeholders
Poor internal execution often to blame
Examples: UK NHS patient system
-
8/9/2019 Risk & Fraud Final(1)
19/80
Paul Lower 2010
FRAUD DETECTION & CONTROL
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
20/80
Paul Lower 2010
Identifying Risk
How can risks be identified?
Common sense
If we do this its possible that
Ive seen this happen before
-
8/9/2019 Risk & Fraud Final(1)
21/80
Paul Lower 2010
Identifying Risk
How can risks be identified?
Common sense
Checklists
Assesses plans and situations against known risks
Common risks exist for different industries etc.
New risks should always be added to checklists
-
8/9/2019 Risk & Fraud Final(1)
22/80
Paul Lower 2010
Identifying Risk
How can risks be identified?
Common sense
Checklists
Brainstorming
-
8/9/2019 Risk & Fraud Final(1)
23/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
24/80
Paul Lower 2010
Identifying Risk
Barclays Bank PLC
Barcalys Bank PLC Annual Report 2009
Largest global financial services provider
Second largest UK bank
Revenue 29.9bn in 2009 : EBITDA 5.5bn
What kind of risks might Barclays identify?
Total assets 1,379bn at end 2009
-
8/9/2019 Risk & Fraud Final(1)
25/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
26/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
27/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
28/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
29/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
30/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
31/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
32/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
33/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
34/80
Paul Lower 2010
Identifying Risk
-
8/9/2019 Risk & Fraud Final(1)
35/80
Paul Lower 2010
Identifying Risk
Other risks identified:
Legal risk
Taxation risk
Strategic risk
Change risk
Brand management risk
-
8/9/2019 Risk & Fraud Final(1)
36/80
Paul Lower 2010
FRAUD DETECTION & CONTROL
Effective Risk Management
-
8/9/2019 Risk & Fraud Final(1)
37/80
Paul Lower 2010
Effective Risk Management
Should we seek to avoid risk
Risk presents opportunities as well as threats
Outcome from risk events can be beneficial
Managed effectively risk allows for improvements
Its impossible to avoid risk anyway
-
8/9/2019 Risk & Fraud Final(1)
38/80
Paul Lower 2010
Effective Risk Management
What is risk management?
Risk management:
The systematic identification, analysis, assessment and
prioritisation of risk
followed by application of resources:
to monitor and control the probability and impact ofadverse
events
or maximise realisation of opportunities
-
8/9/2019 Risk & Fraud Final(1)
39/80
Paul Lower 2010
Effective Risk Management
-
8/9/2019 Risk & Fraud Final(1)
40/80
Paul Lower 2010
FRAUD DETECTION & CONTROL
Fraud Risk
-
8/9/2019 Risk & Fraud Final(1)
41/80
Paul Lower 2010
Fraud Risk
Fraud(noun)
deceit, trickery, or breach of confidence,
perpetrated for profit or to gain some
unfair or dishonest advantage
-
8/9/2019 Risk & Fraud Final(1)
42/80
Paul Lower 2010
Fraud Risk
Fraud in the 21st century
Companies fall victims to many types of fraud
Systems needed to deal with all types
Fraud has been around since 19th century
But has reached new heights in last 25 years
Why do companies fall victim to fraud?
-
8/9/2019 Risk & Fraud Final(1)
43/80
Paul Lower 2010
Fraud Risk
The myths that perpetuate fraud
Management understands all the risks
-
8/9/2019 Risk & Fraud Final(1)
44/80
Paul Lower 2010
Fraud RiskA
recent study by IBM found that 62% of companieswith revenues
exceeding $5bn had encountered amaterial risk event in the previous
3 years
And 42% had not been prepared for it!
-
8/9/2019 Risk & Fraud Final(1)
45/80
Paul Lower 2010
Fraud Risk
The myths that perpetuate fraud
Management understands all the risks
It can never happen to us
Company has controls
But controls are inadequate
Managers are oblivious of true risk level
-
8/9/2019 Risk & Fraud Final(1)
46/80
Paul Lower 2010
Fraud Risk
The myths that perpetuate fraud
Management understands all the risks
It can never happen to us
We cannot afford the control systems
Naivety dressed up as good cost control?
Real cost includes loss through undetected fraud
-
8/9/2019 Risk & Fraud Final(1)
47/80
Paul Lower 2010
Fraud Risk
The myths that perpetuate fraud
Management understands the risks
It can never happen to us
We cannot afford the control systems
Security is bad for employee morale
Our auditors would detect the fraud
Perhaps the biggest of myth of all?
-
8/9/2019 Risk & Fraud Final(1)
48/80
Paul Lower 2010
Fraud Risk
The obligations of the auditor (EU)
Set out in EU 4 th Directive
Primary requirement of the auditor
Examine the accounts
Express an opinion on true and fair view
-
8/9/2019 Risk & Fraud Final(1)
49/80
Paul Lower 2010
Fraud Risk
The obligations of the auditor
Set out in EU 4 th Directive
Primary requirement of the auditor
Additional requirement to determine that
Financial statements meet legal requirements
Directors report meets legal requirements
Company complies with memorandum ofassociation
-
8/9/2019 Risk & Fraud Final(1)
50/80
Paul Lower 2010
Fraud Risk
Model Audit Letter of Engagement
-
8/9/2019 Risk & Fraud Final(1)
51/80
Paul Lower 2010
Fraud Risk
Detecting fraud through audit
No requirement for auditors to detect fraud
Letter of engagement sets out auditors obligations
LOE will not oblige auditors to detect fraud
In fact LOE will warn that this is outside scope
-
8/9/2019 Risk & Fraud Final(1)
52/80
Paul Lower 2010
Fraud Risk
Model Audit Letter of Engagement
-
8/9/2019 Risk & Fraud Final(1)
53/80
Paul Lower 2010
Fraud Risk
Model Audit Letter of Engagement
-
8/9/2019 Risk & Fraud Final(1)
54/80
Paul Lower 2010
Fraud Risk
Detecting fraud through audit
Onus is on management to detect fraud
Management is sometimes complicit in fraud
This can lead to fraud on a spectacular scale
-
8/9/2019 Risk & Fraud Final(1)
55/80
Paul Lower 2010
Fraud Risk
Fraud in the 21st century
The new century brought the largest frauds in history
Enron
-
8/9/2019 Risk & Fraud Final(1)
56/80
Paul Lower 2010
Fraud Risk
Formed in 1985 by Kenneth Lay
By 1992 was largest US natural gas merchant
Used accounting loopholes to hide massive debt
Misled board and audit committee
Pressurised auditors to ignore accounting issues
-
8/9/2019 Risk & Fraud Final(1)
57/80
Paul Lower 2010
Fraud Risk
Enron reported spectacular growth in sales
Corresponding increase in share price
Management focussed on Wall Street reaction to results
Fraudulent accounting flattered sales and profit figures
Maintaining high share price
-
8/9/2019 Risk & Fraud Final(1)
58/80
Paul Lower 2010
Fraud Risk
Enron reported spectacular growth in sales
Corresponding increase in share price
Executive compensation scheme based on share options
Company and management focussed on Wall Street
-
8/9/2019 Risk & Fraud Final(1)
59/80
Paul Lower 2010
Fraud Risk
Fraudulent accounting flattered sales and profit figures
Maintaining high share price
Final demise in 2001 revealed multiple accounting frauds
Ken Lay faced to 165 years in jail butdiedof heart attack before
starting the sentence
-
8/9/2019 Risk & Fraud Final(1)
60/80
Paul Lower 2010
Fraud Risk
Revenue recognition
Reported full sales value of agent commission deals
-
8/9/2019 Risk & Fraud Final(1)
61/80
Paul Lower 2010
Fraud Risk
Revenue recognition
Mark to market accounting
Contract values based on unearned future income
-
8/9/2019 Risk & Fraud Final(1)
62/80
Paul Lower 2010
Fraud Risk
Revenue recognition
Mark to market accounting
Special purpose entities hid Enrons financial risks
-
8/9/2019 Risk & Fraud Final(1)
63/80
Paul Lower 2010
Fraud Risk
Fraud in the 21st century
The new century brought the largest frauds in history
Enron
MCI Worldcom
-
8/9/2019 Risk & Fraud Final(1)
64/80
Paul Lower 2010
Fraud Risk
WorldCom grew by acquisition through 1990s
Formed MCI WorldCom in US$37bn merger in 1997
Rising share price made CEO Bernard Ebbers wealthy
But still took $400m loan from the company
Fraudulent accounting used to support share price
-
8/9/2019 Risk & Fraud Final(1)
65/80
Paul Lower 2010
Fraud Risk
Capitalising current year operating expenses
Inflating revenue with bogus accounting entries
Bernie Ebbers was convictedof an
$11bn fraudandsentencedto 25 years
-
8/9/2019 Risk & Fraud Final(1)
66/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Enacted in response to accounting scandals
Set new standards for US public companies
But does not apply to private companies
Created Public Company Accounting Oversight Board
PCAOB regulates and inspects accounting firms
Debate over perceived benefits and costs
-
8/9/2019 Risk & Fraud Final(1)
67/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections including
Auditor Independence Limits conflicts
Partner rotation requirements
-
8/9/2019 Risk & Fraud Final(1)
68/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Auditor Independence Corporate Responsibility
Senior executives responsible for accuracy offinancial
statements
Principal officers (CEO/CFO) must certifyintegrity of financial
statements
-
8/9/2019 Risk & Fraud Final(1)
69/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Auditor Independence Corporate Responsibility
Enhanced Financial Disclosures
Conflict of Interest Disclosure
-
8/9/2019 Risk & Fraud Final(1)
70/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Studies and Reports SEC to report on role of banks in Enron
and
others
-
8/9/2019 Risk & Fraud Final(1)
71/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Studies and Reports Corporate and Criminal Fraud
Accountability
Sets outs penalties for false accounting
-
8/9/2019 Risk & Fraud Final(1)
72/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Studies and Reports Corporate and Criminal Fraud
Accountability
White Collar Crime Penalty Enhancement
Failure to certify financial statements becomes
a criminal offence
-
8/9/2019 Risk & Fraud Final(1)
73/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Studies and Reports Corporate and Criminal Fraud
Accountability
White Collar Crime Penalty Enhancement
Corporate tax returns
Must be signed by CEO
-
8/9/2019 Risk & Fraud Final(1)
74/80
Paul Lower 2010
Fraud Risk
SarbanesOxley Act of 2002 (SOx)
Sox contains 11 sections
Corporate fraud accountability Corporate fraud becomes a
criminal offence
Record tampering made criminal offence
-
8/9/2019 Risk & Fraud Final(1)
75/80
Paul Lower 2010
Fraud Risk
Fraud in the 21st century
The new century brought the largest frauds in history
Enron MCI Worldcom
But where do we draw the line?
Goldman Sachs
-
8/9/2019 Risk & Fraud Final(1)
76/80
Paul Lower 2010
Fraud Risk
-
8/9/2019 Risk & Fraud Final(1)
77/80
Paul Lower 2010
Fraud Risk
Goldman Sachs
Banking, broking, investments, commodity trading
Revenue $51.7bn in 2009 : Operating profit $19.8bn
Currently being sued by SEC for alleged civil fraud
Total assets $849bn at end 2009
Alleges that GS materially misstated and omittedfacts in
connection with sale of Abacus 2007-AC1
-
8/9/2019 Risk & Fraud Final(1)
78/80
Paul Lower 2010
Fraud Risk
SEC fraud action against Goldman Sachs
Abacus 2007 AC-1 was a synthetic collateralised debtobligation
backed by sub-prime mortgages
GS failed to disclose that Paulson hedge fund helped toselect
the underlying mortgage package
Goldman Sachs made $15m for its work on the deal
Paulson had short sold the package to make $1bn
Buyers of Abacus 2007 AC-1 lost the same amount
-
8/9/2019 Risk & Fraud Final(1)
79/80
Paul Lower 2010
Fraud Risk
Goldman Sachs
GS assert that charges are unfounded in law and fact
Some say it depends on materiality of undisclosed facts
Others say that buyers were sophisticated investorscapable of
assessing the real risk involved
-
8/9/2019 Risk & Fraud Final(1)
80/80
Fraud Risk
Fraud(noun)
deceit, trickery, or breach of confidence,
perpetrated for profit or to gain some
unfair or dishonest advantage
Did Goldman Sachs commit a fraud
or, as GS asserts, did they just satisfy the demand for
products
giving buyers the specific risk exposure they wanted
