Embed Size (px)
Citation preview
11 August 2020
Federation of Accounting Professions
Fraud Risk and Control in the New Normal Age
Disclaimer
This publication (or document) has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the informationcontained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the informationcontained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers ABAS, its members, employees and agents do not accept or assume any liability, responsibility orduty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
PwC
Varunee Pridanonda
Partner
Speakers today
11 August 2020
2
Governance, Risk, Compliance, and
Internal Audit Services
Varunee Pridanonda
Partner Varunee Pridanonda
Partner
Forensic Services
Shin Honma
Partner Varunee Pridanonda
Partner
Pree Preechaborisutkul
Senior manager
Broader Assurance
Services
PwC
1. Why is fraud in focus? 05
2. Fraud survey 08
3. Fraud root causes - the three elements 14
4. Fraud controls 20
5. Fraud data analytics framework 26
6. Fraud investigation 31
7. Q&A 45
8. Wrap up 46
Today’s agenda
PwC
Fraud definition
Any intention act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain.
11 August 2020
4
Source: COSO – Fraud Risk Management
Why is fraud in focus? 1
PwC 6
11 August 2020
Why is fraud in focus?
PwC 7
11 August 2020
Note: This is an ongoing case. Facts are continuing to emerge which may not be consistent
with preliminary findings
Why is fraud in focus?
2020 PwC’s Thailand
Economic Crime and Fraud Survey2
PwC
11 August 2020
9
Thailand Economic Crime and Fraud Survey 2020 - results
Respondents in Thailand
Experienced fraud
Had between two and five cases
(of those that experienced fraud)44%
33%
286
PwC
11 August 2020
10
Thailand Economic Crime and Fraud Survey 2020 - results
Who is committing fraud
• 37% Global
• 59% Thailand
Collusion between
internal and externalExternal perpetrator
• 39% Global
• 16% Thailand
• 20% Global
• 18% Thailand
Internal perpetrator
PwC
Thailand Economic Crime and Fraud Survey 2020 - results
11 August 2020
11
Type of crime experienced and most disruptive crime
14% 1% 24% 13% 4% 12% 5% 17%Most disruptive
economic crime
2020
Most disruptive and
most common
PwC
Thailand Economic Crime and Fraud Survey 2020 - results
11 August 2020
12
How fraud incidents are initially detected
Key Point:
Thai respondents are not
as effective at detecting
fraud compared to global
respondents
PwC
Thailand Economic Crime and Fraud Survey 2020 - Results
11 August 2020
13
Future spending on combating fraud in organisations
The response to fraud is critical, but doesn’t need to be expensive.
36%
18%
Key Point:
Twice as many global companies plan
to increase spending to combat fraud.
Fraud root causes –
the three elements 3
PwC
Fraud scenarios in focusWhich fraud areas in focus in the coming months
15
Cybercrime: capitalising on stress and distruption
As employees connect remotely, new infiltration opportunities arise.
Sophisticated social engineering techniques leverage increased stress
levels. IT teams and IT infrastructure systems come under pressure.
Use of unsecure
WIFI hotspots
Business
impersonation
techniques
Phishing
attempts
Evolving financial crime
While fraudsters uncover and take advantages of loopholes in government
relief packages, criminals alter their modus operandi in light of the Covid-19
outbreak to increase their illicit gains.
Abuse of
government relief
programs
Money
laundering
Fraudulent
investment
opportunities
Supply chain challenges
Organisations face unprecedented supply chain disruptions, i.e.
transportation restrictions, manufacturing interruptions and defaults on
contracts. Companies are compelled to find alternatives and perform fewer
controls due to the urgency.
Misappropriation
of goods/supplies
/payments
Inadequate due
diligence on
new vendors
Counterfeit/
substandard
products
Internal fraud rides on relaxation of controls
Standard processes and controls in sensitive areas such as approvals, pre-
transactional reviews and processing and release of payments are relaxed,
with post-transactional reviews being less effective.
Asset
misappropriation
Payroll fraud/
reimbursement
fraud
Accounting
fraud
11 August 2020
PwC
Executive
On vacation
16
Case Study #1 – Email phishing
Fraudster
Admin
Bank
A bank executive
went on vacation
• Created a fake email address similar to
the executive’s actual email address
• Sent an e-mail to the executive’s admin and
convinced admin to send a customer file
- Knew exactly what file to ask for
- Fake deadline
Sensitive customer information
11 August 2020
Background of the case
PwC
e.g., transportation restrictions, manufacturing interruptions and defaults on contracts.
17
Case Study #2 – Supply chain
Background of the case
Covid-19
Chinese supplier
Company B
Thai auto parts
company
Company ASupply chain disruption
Vietnamese supplier
Company C
Shut down
Urgent
Ordered raw material without considering any other
suppliers and a company did not perform standard due
diligence and vet the new supplier
- Received lower quality raw material
11 August 2020
PwC 18
Case Study #3 - Asset misappropriation
Condominium
Owners
Ms. X -
Accountant
2. pay fees per invoices
1. issues invoices
Bank
3. issues receipts
Income types
4. Ms. X did not deposit or partially deposited money received from owners into bank account.
For example,
Water charges: deposited
Penalty charges: deposited
Insurance fees: not deposited
Common area fees, insurance
fees, water charges, penalty
charges, key card, and others.
1
2
3
4
11 August 2020
Background of the case
PwC
The three elements of fraud
11 August 2020
19
OpportunityRationalism
Incentive/
pressure to perform
FRAUD
Source: PwC - Global Economic Crime Survey
Fraud controls4
PwC
Common fraud risk areas
11 August 2020
21
Purchasing and payroll
Sales and inventory
Cash and cheques
Physical security
Privacy, intellectual property and confidential information
PwC
Effective Fraud Risk Management
11 August 2020
22
Fraud risk management policy
Fraud risk assessment
Fraud controls
Fraud reporting
Fraud monitoring
PwC
Fraud risk and schemes
11 August 2020
23
1
2
3
4
Financial reporting
Non-financial reporting
Asset misappropriation
Illegal acts and corruption
PwC
Effective Fraud Risk Management
11 August 2020
24
Source: GAO I GAO-15-593SP
PwC
• Whistle blowing system
• Hotline, tip off
• Internal audit
• Automated reporting system
• Investigation
• Warning
• Reprimand
• Disciplinary actions
• Board oversight
• Policies and training
• Employment screening
• Fraud risk management
• Segregation of duties
• Proper documentation
• Propper recordings
• Automated system
Types of controls
11 August 2020
25
Prevention
Response Detection
Data analytics for Fraud5
PwC11 August 2020
27
Data Analytics for fraud
Analytic design Data collection
Data organization &
calculation
Findings,
Observations &
Remediation
I. Identify fraud risks • Assess data integrity and completeness
• Extract, transform to analytics platform
• Validate that data has been loaded
completely and accurately
• Execute on the analytics work
• Modify analytic as appropriate
• Request supporting
documents and validate
• Determine sample selection
• Develop remediation/
investigative plan
• Escalate finding
Issue
collection
reportR3
C3
Deliver
good
Cash
receive
C2
C1
R2
R1• High risk process
Su
b-P
roce
ss
Ind
ustr
yC
om
pa
ny
Retail
sector
Pro
ce
ss
• Supply Chain Risk
Domestic
play
• Multiple channels for
payment from retail
customer
Marketing
HRPayment
Cash
collection
• Theft of Inventory
• Supplier Risk
Low
Medium
High
Residual risk
• Control weakness
• Historical exception
Collection report
AR report
Collection
SystemCash receive
C2
R2
Sale report
Identified Fraud risk Control Activity
Fraud risk assessment matrix
Identified Fraud risk
Likelihood Significant
Existing Fraud
Control Activities
Effectiveness of
existing control
Residual risk
Fraud
response
A-Type
Existing fraud
control
B-Type
Additional fraud
control
III. Define analytics and procedures
II. Map risk to appropriate data
sources and availability
Data analytic
• Evaluate initial analytics results
• Develop soring model and
prioritize transactions
1 2
3
4
5
Admin user
Manager
Assist manager
Staff
0
200
400
600
800
1,000
1,200
1,400
Num
ber
of
transaction
Data integrity check
PwC11 August 2020
28
Example for data analytics for fraud
Admin user
Manager
Assist manager
Staff
0
200
400
600
800
1,000
1,200
1,400
Financial Non-financial2
Num
ber
of tr
ansactio
n
Inappropriate use in system1
Problem statement:
Are there any users in HR dept adjust staff information
in HR system inappropriately?
Solution: Review activity log
• Extracting activity log in system
• Grouping activity log
• Matching authorization table and log activity
Result:
Lapping cash receipt2
Problem statement:
Are there any delivery staff perform lapping cash receipt
from customer?
Solution: Analysis of shipping and collection days
• Extracting sale, inventory and cash receipt report
• Matching information (e.g. transaction ref, staff ID
and customer ID)
• Calculating shipping and collection period
Result:
1
-
2 2
1
1
1
4
2
1
-
1
2
3
4
5
6
7
8
9
10
-
1
2
3
4
5
6
9200 9201 9202 9203 9204
101 102 103
Average of Collectingperiod
Average of Shippingperiod
Count of Transaction
Average period
Nu
mb
er o
f tran
sa
ctio
ns
Ave
rag
e d
ays
To further investigate
Unusual transaction posting3
Problem statement:
Are there any unusual transaction of journal entry
posting?
Solution: Analysis transaction with Benford’s law
• Extracting general ledger from accounting system
• Calculating portion of first digital number
• Comparing with Benford’s law
Result:
Benford's lawID101
ID102ID103
ID104
-12%
-10%
-8%
-6%
-4%
-2%
0%
2%
4%
6%
1 2 3 4 5 6 7 8 9
% D
iffe
ren
ce
fro
m B
en
ford
’sla
w
PwC11 August 2020
29
Benefit and challenge from using data analytic for fraud
PwC
Improving performance
Challenges faced in using data analyticBenefit from using data analytic
Complexity
Insufficient skill set
Quality of data
Difficulty in obtaining
data
Support from the business
• Shortage of skills to
transform data into
commercial value e.g. data
analytic and IT skill
• Management support
• Business unit support
• Cost of data analytic software
• Poor quality of data
• Unstructured data
• Unconnected data point
• Insufficient in collecting data
• Non-integration across
platforms
• Evolving business processes
and activity
• Evolving of fraud schemes
Identify hidden
patternsData integration
Enhance existing
effort
Harnessing
unstructured data
• Focus detection for suspicious
transaction
• Enhance effectiveness and
provide better result
• Reduce sampling errors
• Combine data from various
sources to identify instance of
fraud or non compliance
• Boost productivity and
profitability
• Assess and improve internal
controls and policies
• Monitor trends
BasisLevel of insightLessMore
• Unstructured data can be
easier reviewed to detect and
prevent the occurrence of
frauds
PwC11 August 2020
30
What’s benefit to organization through data analytic
PwC
What’s benefit to organization?
Internal audit
Company and
Business unit
Audit committee
Management
• Receive for insight information
for making decision
• Find potential cost-saving
• Reduce the risk of fines and
sanction
• Increase efficiency of BU head
for monitoring
• Reputation
• Effectively oversight
management through
visualisation and dashboard
• Using result of analytic to to
improve internal control and
policy
• Reduce sampling risk when
perform auditImproving performance
Benefit from using data analytic
Identify hidden
patternsData integration
Enhance existing
effort
Harnessing
unstructured data
• Focus detection for suspicious
transaction
• Enhance effectiveness and
provide better result
• Reduce sampling errors
• Combine data from various
sources to identify instance of
fraud or non compliance
• Boost productivity and
profitability
• Assess and improve internal
controls and policies
• Monitor trends
• Unstructured data can be
easier reviewed to detect and
prevent the occurrence of
frauds
Fraud investigation6
PwC 32
11 August 2020
Planning and Conducting an Investigation
Results of the Initial Response Assessment
Proceed with an investigation
Do not proceed with an investigation
Identify the investigation
team
Define the goals and
scope of the investigation
Identify the relevant
evidence to collect
Develop the investigation
tasks and schedule
Collect evidence
Conduct interviews and
analyze evidence
Assess facts and form
conclusions
Wrap-up and reporting
PwC 33
11 August 2020
Types of Evidence in a Fraud Investigation
1 2 3 4
Gather digital evidence from electronic devices in the form of emails and other digital data
Digital Evidence
Document Evidence
Interview Evidence
Corporate Intelligence
Evidence
Gather from documents, paper, and other written or printed sources
Obtain testimonial evidence byinterviewing individuals
Research on individuals and organisations to assess their background and reputation
PwC
data compression
101010111
00
101010111
00
101010111
00
Digital Evidence - eDiscovery
Data collection - Imaging configuration
11 August 2020
34
eSATA
connection
MD5
SHA1
CRC
eSATA
connection
RAID Caddy
Source Hard
Drive
Write blockers
Secondary
Destination
Drive
Primary
Destination
Drive
PwC
Digital Evidence - eDiscovery (Cont’d)
Processing tools
35
It would cost too much to review all
data that is identified, and it would take
far too long, so...
Processing tools can filter the data so only
responsive documents are reviewed.
Remove duplicates
Filter data
Search data
Refine
Identify potential sources of
electronic evidence
Preserve and acquire data
sources2
Process acquired data3
Conduct substantive review4
Produce responsive
documents5
1
11 August 2020
PwC 36
11 August 2020
Key Considerations Before Starting an Investigation
✓ Assume litigation will follow
✓ Select team members with the skills needed to conduct the investigation
✓ Maintain confidentiality and avoid talking about the investigation in public
✓ Work discreetly without disrupting the office’s normal course of business
so that employees do not know that an investigation is being performed
✓ If possible and more appropriate, investigate during off hours
✓ Store all confidential documents in locked file cabinets
✓ Protect all electronic information via firewalls, encryption, and passwords
DO
PwC 37
11 August 2020
Key Considerations Before Starting an Investigation
× Don’t alert a suspect
× Don’t confront a suspect with insufficient facts
× Don’t dismiss the target before conducting or finishing an investigation
× Don’t select investigation team members who have conflicts with the targets.
× Don’t select members with a close personal or professional relationship with
the subject or the complainant
× Don’t write on or alter documentary evidence.
× Don’t mix up documents – keep them properly filed with “chain of custody
details”
× Don’t peek through the files in a suspect’s electronic device – wait to work on
the working file.
DON’T
PwC 38
11 August 2020
When you don’t investigate covertly…Installation information
“File Shredder” has been installed by
administrator.
Next morning after PwC’s first visit
PwC 39
11 August 2020
When you don’t investigate covertly…Deletion of documents
Email transactions backup were intentionally deleted
by target staff.
PwC 40
11 August 2020
Document Evidence – Basic Rules
Keep them in a secure location so that access is restricted
Obtain original documents if possible (enhancing the credibility of a case).1 2
Handle originals as few times as possible; to avoid damage or loss.
Make copies of the original documents; use copies in the investigation, originals in court.3 4Maintain appropriate “chain of custody” records.(Record how the documents were obtained and who has handled them)5
PwC 41
11 August 2020
Document Evidence – Basic Rules (Cont’d)
Examples of Suspicious Document Symptoms
• Signature appears to be not consistent or contrived
• Date on document is not consistent with other evidence.
• Paper does not seem to be the type usually used for the purpose.
• Document is a copy when original was expected.
• Erasures or a covering agent, such as a fluid correction cover-up, is present.
• If document is in electronic form, different styles or sizes of fonts were used.
• Document numbers appear to be out of sequence.
Case study Conflict of interests
PwC
11 August 2020
43
Vendor Y
Vendor Z which is owned by the Engineer’s wife used Vendor X
and Y as a middle man to hide a conflict to sell products to the
company
Background of the case
Case Study - Conflict of Interest
Engineer of
Company A Engineer of Company A has been
a) selecting and approving purchases from Vendor X and Y
b) Uses Vendor X and Y as a sole source vendor
c) Appears very close to and always supports Vendor X and Y
1
Purchase Request
Red flags
● Whistle blowing letter about bid
rigging that Vendor X and Vendor Y
have the same owner and both
have close relationships with the
Engineer
● No bidding or price comparison
● Purchases of used / unwanted
machines
● Purchases from Vendor X and
Vendor Y at a higher price
● Both vendor X and Y generate over
80% of its revenue from the
Company
PwC conducted conflict of interest
review and computer forensic
Vendor Z
Vendor X Vendor Y
Owned by the
Engineer's wife
Vendor X
2
2009-2013
2015-2017
3
Company A
4 Vendor Y and Z are related as using the same address/telephone
number
11 August 2020
43
PwC
11 August 2020
44
Summary of evidence
Case Study - Conflict of Interest
Engineer
Quotation of vendor Z
(Owned by engineer’s wife)
Quotation of Vendor X
Found quotations that Vendor Z quoted to
Vendor X during 2009 to 20141 Company A
Found quotations that Vendor X quoted to
the company during 2009 to 20142
Found name cards of the engineer and his wife as GM and MD5
Found calculation worksheet which shows that the engineer
managed the entire scheme, including calculating costs, sales
prices and sales margins for both vendor Z and Vendor X
3
Vendor Z
Vendor X
Vendor X has margin for 6.5 MB
Found similar evidence that showed that he replaced Vendor
X with Vendor Y in his scheme in 2015 to 20176
Vendor Y
Vendor Y has the same address and telephone number as Vendor Z 7
Engineer has Vendor Y templates of PO, Invoice, Quotation 8
4
Q&A7
Wrap up8
pwc.com
© 2020 PricewaterhouseCoopers ABAS Ltd. PwC refers to the Thailand member firm, and may sometimes refer to the PwC network. Each member firm is a separate
legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for
consultation with professional advisors.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 158 countries with more than 250,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com..
Thank youVarunee PridanondaPartner
+6681-645-0114
+662-844-1282
60Serving the Thai market since 1959
158offices across the world share international insights tailored to you
years experiencein Thailand
Please visit www.pwc.com/th
More than
Shin HonmaPartner
+662-844-1000 ext 1113
Pree PreechaborisutkulSenior manager
pree. [email protected]
+6684-002-5172
+662-844-1000 ext 1527
