Controls for preventing Frauds and Corruption (including

Controls for preventing Frauds and Corruption

(including IT Techniques)

By. Ritika Bhatia, Principal Director

Regional Training Institute, Jammu

Background

• Have frauds started haunting us?– In India?

• What causes fraud and corruption?– Mindsets?

– System weaknesses?

• Can we prevent frauds?– Lessons learnt from a real case

– Through controls set up

– Through audit processes?

• How can technology help?

1/16/2015 2Controls for peventing Frauds and

Corruption

Some frauds reported by SAI India - 1

• Audit Report Punjab 2006

– Irregular grant of sales tax exemption to two

firms resulted in loss to government exchequer

(Rs.10.1 mn)

– Sales tax exemption was irregularly granted to

two firms which had applied after the due date,

exemption was stated to be granted on the

advice of head of office


Corruption


• Audit Report Andhra Pradesh 2007

– Payment for telecast of advertisement was madeby the Health Department, without ensuringthat the advertisements were actually telecast(Rs.125.6 mn)

– In test check of records of the healthdirectorate, audit noticed that 31 spots claimedto have been telecast by company were actuallyshown on channel not specified in contract &certificates of telecast were fake


Corruption


• Audit Report Chhattisgarh 2005

– Fraudulent payment on activity of physical verification of saw mills (Rs. 22.9 mn) involved following.

• Sanction of expenditure by CF beyond his delegated powers & without budgetary provision & administrative jurisdiction

• Unauthorised expenditure booked under wrong head -concealing the same

• Mismatch of signatures on payment rolls

• Only handful people purportedly completed large number of inspections simultaneously


Corruption

Fraudulent drawl and expenditure

A Case Study-1Background

Chief Conservator of Forest-cum-Chief conservator of Wild Life,Bihar provided additional funds of Rs.13.30 million to DivisionalForest Officer, Valmiki State trading Division (VSTD), Betia. Onthe request of Conservator of Forest, Valmiki Tiger Project, Betiaon 28-03-2001 without any requisition for such funds from theDivision to meet expenditure during 2000-01 on repair &maintenance of road, bridges & buildings & other contingentcharges like telephone, electricity, liveries & other office expensespertaining to two other divisions (Valmiki Tiger Project division Iand II) which had no sanction of Government for extension of theirlife till 31-03-2001 as the extension for operation of these divisionswas accorded by the Government on the last day of the year i.e 31-03-2001. There was neither sanction of Government for suchexpenditure of two divisions nor authorisation of AccountantGeneral for operation of Letter of Credit for transacting activitiesof these divisions during 2000-01

1/16/2015Controls for peventing Frauds and

Corruption6

Fraud Environment– To meet the expenses of the division, the Government releases

budgetary grant to the division on the last day (31-03-2001)

– As per the provisions of the Financial rules, Head of theDepartment was not empowered to divert/re appropriate thebudgetary provision of one DDO to another DDO without theapproval of the Government

– Budgetary grants for any department are passed by Legislature.

– Expenditure of Rs. 8.288 millions was shown by the DFO asincurred on unsanctioned construction and repair works bysplitting the expenditure in small sums of Rs. 5000/- each to avoidsanction of competent Authority.

– Balance amount of Rs 5 million was spent on contingent chargesand Office Expenses

– No vouchers for expenditure of Rs. 13.30 million were available inthe division.


Corruption7


A Case Study-1

Opportunity to Prevent fraud

– Controls which could have prevented /limited fraudbut were by passed :

• As per the provisions of the Financial Rules, Head of theDepartment was not empowered to divert or reappropriate funds from one DDO to another specificDDO because budgetary grants for the department arepassed by Legislature

• Vouchers for all expenditure made from grants were notproduced for audit

• Sanction from competent authority was required to beobtained for incurring expenditure


Corruption8


A Case Study-1

Act of Fraud

Divisional Forest Officer released entire amount ofRs. 13.30 million to two Range Officers between28-03-2001 and 30-03-2001. The entire amount ofRs. 13.30 million was exhibited in the division’s accountsas spent. Of this, expenditure of Rs. 8.288 million wasshown by DFO as incurred on unsanctionedconstruction and repair works by splitting theexpenditure in small amounts of Rs. 5000/- each toavoid sanction of the competent Authority. The balanceamount of Rs. 5 million was spent on contingentcharges and office expenses. No vouchers for theexpenditure were available in the division


Corruption9


A Case Study-1

Fraud through Internet

Case Study -2Background

The plaintiff, Shri Ajay, (Name has been changed) was in service at

Abudhabi. He had received e-mail from unknown lady (Mrs. Rita Basu)

through her e-mail ID [email protected]. This e-mail made Shri

Ajay & Rita Basu friends. She sent e-mail to the plaintiff inviting him

in a hotel. The plaintiff did not turn up and he avoided sending mails

to her. After that the plaintiff received a threatening e-mail from

anonymous persons. The plaintiff was warned that if he did not send e-

mails, the lady would commit suicide. By this the plaintiff got

perturbed and he informed her friend to convince Rita Basu to give up

the idea of committing suicide. Ruchira Sengupta (friend of Rita Basu)

had informed through email that Rita Basu had committed suicide and

Kolkata police were investigating. It was further warned that if he

wanted to take out his name from that case, he had to arrange for

money.


Corruption10

mailto:[email protected]



• Ruchira Sengupta was pretending to save plaintiff from falsecase. She was seeking help of Advocate S. Sinha (name changed)in this case. Ruchira Sengupta had informed plaintiff to depositmoney in Advocate S. Mitra’s bank account at State Bank ofIndia Mahul Road, Chembur branch. In order to make himbelieve, an email in the name of Kolkata ploice([email protected]) and High court was sent to thecomplainant that investigations were going on in suicide case.The plaintiff got terrified with this email & requested RuchiraSengupta and Advocate S. Sinha to make patch up betweenKolkata police and the High court.

• Ruchira Sengupta had informed plaintiff that she had succeededin her attempt to patch up the case and added that he had to paya big amount for that.


Corruption11




• After that the plaintiff received email from (second) unknown girl friend

(who live in America & her email ID was Drsudeshana@mail2

Doctor.com) communicating her desire to meet him at Dubai when she

returns from New York. It was managed to feel the plaintiff that this Dr.

lady started from New York & thereafter she was missing. After that the

plaintiff received another email from email ID nyc_police_usa.net,

because of this, the complainant felt that the email was really received from

New York. It was stated by the police in the email that Dr. Sudeshana was

missing and complaint to that effect and police were investigating that

matter. The missing lady was from Kolkata. Kolkata police and New York

police were investigating the matter jointly and they were suspecting the

plaintiff. After taking the plaintiff into confidence he was informed that the

missing lady was a relative of one Member of Parliament and if he

complaints then the plaintiff had to pay big amount.


Corruption12



• The plaintiff got frightened and contacted Advocate S. Sinha.Mr. Sinha advised him to deposit Rs. 2 million in his account.Accordingly, plaintiff deposited the amount. The plaintiff wasgiven to understand that Chandigarh police are investigatingkidnapping case of one lady and he may be arrested in that case.Again the plaintiff telephoned Advocate S. Sinha and he wasasked to deposit amount in bank. Accordingly the amount wasdeposited. Such as atmosphere was created that the plaintiff wasrequired in so many cases by the police and Rs 7.5 million wereripped off from him. The plaintiff had taken loan from the bankas his money from savings account got exhausted. In spite ofpaying this much amount, he was being troubled by the ladies sohe came from Abudhabi to Mumbai for making complaint withMumbai police. The cyber crime branch of Mumbai policeregistered a case above as told by the plaintiff.


Corruption13

Investigation

The officers from cyber crime cell had obtained following IP addresses from the headers of the emails.

• Cement company ltd. Mumbai

• Cement company Nerul, Navi Mumbai

• State Bank of India, Chembur

• The account holder Pranab Parimal Sinha was arrested.The property worth Rs. 9 million was recovered from himout of Rs 12.5 millions gulped by him.

Case is subjudice


Corruption14


Case Study -2


Case Study -2

• Lessons to Learn

• Police officer should note that the person is unknown

in cyber world.

• In cyber crime the benefit of being unknownness is

utilized and the email is sent in the persons name

who are not in existence.


Corruption15


Phishing Case -Case Study -3

Background

On 9-3-2004, a complaint was received from

one of the ICICI bank Customers, that

through e-mail and phone ICICI bank is

enquiring about their password and e-mail

Id & whether [email protected] it belongs

to their bank .


Corruption16



Phishing Case -Case Study -3Background

When the bank conducted a preliminary enquiry it was found that theenquiry was made through email id [email protected] by the bank.Vide this e-mail the customers accounts were checked and for this theiruser id, login password, transaction password etc. were asked (Thetransaction password is given to the user when the subscriber conductsmonetary transaction through internet). The e-mail link web pagehttp:infinity/icicibanks.co.in/verify.jsp belongs to ICICI bank and theinformation therein instead of going to www.all.about.notebook.comgoes to another link and gets saved. And hence the bank started tomake enquiries in the matter. At the end of the enquiry it came to theknowledge that the said site did not belong to the bank but was a fakesite created specifically. So ICICI bank notified its customers not topart with their user id, login id, transaction password through the webpage through a notice displayed on the bank’s website. A complaintwas lodged in by the ICICI bank in the instant case.


Corruption17



Phishing Case -Case Study -3

• Lessons to Learn

– It is very important to note that attempts to obtain personal identity of persons are being made in the world

– Culprits can transfer money from one account to another using user id and password obtained in this way through internet.

– You can ascertain from the bank, the PC through which money has been ordered to be transferred from one account to another (means IP Address and date and time of that IP Address).


Corruption18

What causes fraud and corruption?

• Fraud & corruption may co-exist in certain ways

– Conflict of interest situation

– Non existent company whose invoice is presented by an official involved in purchase process

– Excess purchases with a view to divert for personal use

– Split purchases to evade competitive bidding in exchange of favours

– Tax or duty evasion through false representation involving negligence of Govt. official

– Extortion

– Nepotism


Corruption

Causes of fraud and corruption - 2

• Individual mentality -

– Economic - financial gain- needs surpassing

compensation packages

– Greed

– Prestige or recognition- I matter, I can help

– Moral superiority - Westerners can do no wrong,

so its ok if they are paid more


Corruption

Causes of fraud and corruption - 3

• System weaknesses -

– Insensitive management that judges employees on shortterm results

– Vague policies, inadequate internal control &accountability, history of abuse

– Low compliance of regulatory requirement, highturnover of employees, lack of transparency in rewardsystems

– Rationalization of actions that ends justify the means,either at the individual level or at the level oforganization, the external perpetrator/accomplicemight argue that corruption is a cost of doing business


Corruption

Understanding a typical fraud

• Stamp Duty scam

– A case of an overconfident entity

– A sharp mischievous person played havoc with

the system

– Revenues lost went unnoticed for years

– Even Audit initially though this was “not likely

on the scale alleged”

– ......Many important Lessons learnt

– .......Including amending the law itself


Corruption

Can we prevent frauds?

- strong internal controls

• COSO (Committee of Sponsoring Organisations in US) study findings

Typical fraudulent financial reporting involved

– overstatement of revenues and assets

– premature or fictitious recording of revenues

– understatement of allowances for receivables

– overstatement of tangible assets

– recording of non-existent assets

– Most frauds committed in smaller corporations ($100 million assets)


Corruption


- strong internal controls

• COSO (Committee of Sponsoring Organisations in US) study findings– Frequent involvement of top senior executives

– Boards of Directors of these companies dominated by insiders

– Few audit committees

– Companies were experiencing net losses before frauds were committed

• Key messages -Significant lack of internal controls

• Controls overridden by management


Corruption


Scope and coverage of internal controls

• Control environment

• Authority delegation

• Allocation of responsibilities- authorization,

custody and recording

• Management’s philosophy and operating

style

• Internal controls , including internal audit,

personnel policies


Corruption


Audit procedure in evaluation

• Carry out a preliminary evaluation through trial testing of a few transactions

• Study of documentation in regard to controls for overall objectives and to prevent errors/omissions– Compliance tests

– When control procedures are found to exist

– Random checking of records to ascertain compliance procedures as per manual/flow-chart

– Intended to provide evidence in regard to existence, effectiveness and continuity


Corruption

Can we prevent fraud?

Extent of testing by external auditors

• Depends on the degree of independence of internal audit

• Quality of personnel

• Scope and extent of testing by internal audit

• Availability of documented work of internal audit

• Compliance by management to internal audit reports

• Above factors may increase or reduce extent of testing


Corruption

Can we prevent fraud?

Enacting and Amending Laws..

• Right to Information

• Lokpal and Lokayukta

• Central Vigilance Commission and State

Vigilance Organisation

• Information Technology Act

• Amendments to Indian Penal Code


Corruption28

Risk assessment and internal control

Internal controls Risk analysis

determines audit procedures

expression of audit opinion


Corruption

Risk assessment and internal control

(Contd.)

• Efficient and effective audit approach is

determined by:

– Risk assessment of audited entity having regard to:

• Past record of entity

• Management’s experience

• Internal controls

• Business environment

To prevent under-auditing in high-risk and over-

auditing in low-risk situations


Corruption

Preventing frauds using

Information Technology• Internet transactions have recently raised big concerns, with

some research showing that internet transaction fraud is 12 times higher than in-store fraud.

• To prevent them we need to use technology. Some possibilities: -

• Data pre-processing techniques for detection, validation, error correction, and filling up of missing or incorrect data.

• Calculation of various statistical parameters such as averages , performance metrics, probability distributions, and so on.

• Models and probability distributions of various business activities either in terms of various parameters or probability distributions.

• Time-series analysis of time-dependent data.

• Clustering and classification to find patterns / associations among group of data


Corruption

Preventing frauds using

Information Technology • Data mining to classify, cluster, and segment the data

and automatically find associations and rules in the data that may signify interesting patterns, including those related to fraud.

• Expert systems to encode expertise for detecting fraud in the form of rules.

• Pattern recognition to detect approximate classes, clusters, or patterns of suspicious behaviour either automatically (unsupervised) or to match given inputs.

• Machine learning techniques to automatically identify characteristics of fraud.

• Neural networks that can learn suspicious patterns from samples and used later to detect them.


Corruption

Thank You

Documents

Controls for preventing Frauds and Corruption (including