Upload
dezuva
View
218
Download
0
Embed Size (px)
DESCRIPTION
Fraud Detection, Audit Procedure
Citation preview
This template was provided to AuditNet under the Auditors Sharing Audit Programs initiative. However, while we have attempted to provide accurate information no representation is made or warranty given as to the completeness or accuracy of the template. In particular, you should be aware that the template may be incomplete, may contain errors, or may have become out of date. While every reasonable precaution has been taken in the preparation of this template, neither the author nor AuditNet assumes responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. The information contained in this document is believed to be accurate. However, no guarantee is provided. Use this information at your own risk.
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
2
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
Audit Objectives (AO) Audit Material(s) RequiredTo ensure that: To be obtained prior to the audit:(a) Fraud Containment Officers are fully knowledgeable of the * Company Policies & Procedures - Fraud Company Policies & Procedures regarding the fraud detection Detection Process process; * 5 Watch Merchant files each for Eastern,(b) a thorough investigation was carried out for all files in accordance Central and Western regions (15 total) with the established rules; * 5 Closed Merchant files each for Eastern,(c) fraud files contain the mandatory documentation and information; Central and Western regions (15 total)(d) all systems are concisely memoed throughout the investigation;(e) monitoring is done by the Team Leader and/or Manager on a monthly basis to assess the quality of the investigation and of the files
Audit ProceduresComments Initials
1. Conduct an interview with no less than 2 Fraud Containment Officers , the Team Leader and Manager to assess their knowledge of their daily responsibilities
AO (a)2. Select 5 "Watch" and 5 "Closed" merchant files from each centre (eastern, central & western): (a) Examine the location of the files to determine if they are controlled in a central area of the unit and are accessible to all members of the group: (i) verify that the centres are properly colour-coded as follows: Eastern= Purple; Central=Red; Western=Yellow (ii) verify all files are signed off by management; (iii) ensure all Watch files contain the following: Checklist; Cover Sheet; System Screen Prints; Authorization Logs; Signed ID Letter; Copy of Application Case, Contract, Credit Bureau; Listing of fraud cards and transaction value; CIRF/MATCH prints; Relevant chargeback information; Fraud Awareness Package sent out (iv) ensure all Termination files contain all of the items in (iii), with the addition of: Signed Cancellation Letter (to replace ID Letter); POS Advice (electronic or faxed copies); Branch advised (by phone or fax); Fax table; Bank Account statements/cheques (if applicable) (v) in cases where a merchant is willing to accept any potential chargebacks, ensure there is something in writing from the merchant stipulating the agreement (vi) ensure all screen prints indicate proper memos are placed in all appropriate systems
AO (b)-(d)
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
3
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
3. Review 5 random write-off entries to ensure proper
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
4
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
authority was received
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
5
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
4. Examine any tracking tools that management has and
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
6
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
ensure a review of work is done on a monthly basis
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
7
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
AO (e)
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
8
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
5. Findings Summary
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
9
AUDIT PROGRAM Merchant Fraud Detection Report
Group: Operational Risk & Processing Prepared By:Date: October, 2001 Approved By:
Overview: The Merchant Fraud Control Report 006 is a report within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the report areas.The Fraud Containment Officers are assigned a specific region and must work the corresponding reportsfor that region on a daily basis.
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
10
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
* Company Policies & Procedures - Fraud
* 5 Watch Merchant files each for Eastern, Central and Western regions (15 total)* 5 Closed Merchant files each for Eastern, Central and Western regions (15 total)
WP Page No.
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
11
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
12
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
13
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
14
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
15
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
16
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MATCH=Merchant Account ChangeCIRF=Consolidated Information Reference FilePOS=Point of Sale
17
ProcessMap
#20
The Fraud Containment Officers are assigned a specific region and must work the corresponding reports
MRMS=Merchant Risk Management SystemCIRF=Consolidated Information Reference FilePOS=Point of Sale
18
AUDIT PROGRAM Process Merchant Fraud Detection MRMS Map
#19
Group: Prepared By: C. MacieriDate: October, 2001 Approved By: C. Simpson
Overview: The Merchant Risk Management System (MRMS) is a system within the Fraud Containment group that captures all merchants that have broken any of the pre-determined rules in one or more of the MRMS queues.The Fraud Containment Officers are assigned a specific region and must work the corresponding queuesfor that region on a daily basis.
Audit Objectives (AO) Audit Material(s) RequiredTo ensure that: To be obtained prior to the audit:(a) Fraud Containment Officers are fully knowledgeable of the * Moneris Policies & Procedures - Fraud Moneris Policies & Procedures regarding the fraud detection Detection Process process; * 5 Watch Merchant files each for Eastern,(b) a thorough investigation was carried out for all files in accordance Central and Western regions (15 total) with the established rules; * 5 Closed Merchant files each for Eastern,(c) fraud files contain the mandatory documentation and information; Central and Western regions (15 total)(d) all systems are concisely memoed throughout the investigation;(e) monitoring is done by the Team Leader and/or Manager on a monthly basis to assess the quality of the investigation and of the files
Audit ProceduresComments Initials
1. Conduct an interview with no less than 2 Fraud Containment Officers , the Team Leader and Manager to assess their knowledge of their daily responsibilities Leader
AO (a)2. Select 5 "Watch" and 5 "Closed" merchant files from each centre (eastern, central & western): (a) Examine the location of the files to determine if they are controlled in a central area of the unit and are accessible to all members of the group: (i) verify that the centres are properly colour-coded ~ All files are properly colour as follows: coded Eastern=Purple; Central =Red; Western=Yellow (ii) verify all files are signed off by management; ~ 7 out of 30 files not signed off (iii) ensure all Watch files contain the following: Checklist; Cover Sheet; System Screen Prints; ~ 7 out of 15 files missing Authorization Logs; Signed ID Letter; Copy of documentation Application Case, Contract, Credit Bureau; Listing of fraud cards and transaction value; CIRFprints; Relevant chargeback information; Fraud Awareness Package sent out (iv) ensure all Termination files contain all of the items in (iii), with the addition of: ~ 3 out of 15 files missing Signed Cancellation Letter (to replace ID Letter); documentation POS Advice (electronic or faxed copies); Branch advised (by phone or fax); Fax table; Bank Account statements/cheques (if applicable) (v) in cases where a merchant is willing to accept any~ No such cases part of sample size potential chargebacks, ensure there is something in writing from the merchant stipulating the agreement (vi) ensure all system screen prints indicate proper ~ All systems memoed accordingly memos are placed accordingly
AO (b)-(d)3. Review 5 random write-off entries to ensure proper
~ All entries properly authorized authority was received4. Examine any tracking tools that management has and ~ Team Leaders review month-end ensure a review of work is done on a monthly basis statistics for all staff
Operational Risk & Processing (MasterCard)
WP Page No.
Refer to WP
#19-1
~ Interviewed Manager and Team
Refer to WP
#19-2
Refer to WP
#19-4
MRMS=Merchant Risk Management SystemCIRF=Consolidated Information Reference FilePOS=Point of Sale
19
AO (e)5. Findings Summary
Refer to WP
#19-4
Refer to WP #19-5