Embed Size (px)
Citation preview
©2012
THE IMPORTANCE OF AUDITING IN AN ANTI-FRAUD WORLD FORENSIC AUDIT: BUILDING A WORLD-CLASS PROGRAM
This session will provide you with a practical approach to successfully developing and
implementing a forensic audit program designed to deter, detect, and investigate instances of
fraud and misconduct. Learn the essential elements of a comprehensive and effective program,
and leave with tools, techniques, and methodologies to develop or improve your own anti-fraud
programs.
PAUL ZIKMUND, CFE, CFFA
Director Global Integrity & Security Audit
Bunge
White Plains, NY
Paul Zikmund is responsible for managing and conducting investigations of fraud and
misconduct, implementing fraud detective techniques, administering Bunge’s fraud risk
assessment process, and managing anti-fraud programs and controls designed to reduce the risk
of fraud within the company. He possesses nearly 20 years of experience in this field, and has
effectively managed global fraud and forensic teams at various Fortune 500 companies.
“Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the
ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of
this paper may not be transmitted, re-published, modified, reproduced, distributed, copied, or sold without
the prior consent of the author.
6/4/2012
1
1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Forensic Audit
Building a World Class Program PAUL E. ZIKMUND
DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT
2 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
In response to a crisis
Concern from the Board or Audit Committee
External Auditors or Consultant’s recommendations
Sarbanes Oxley
Benchmarking
Internal need to enhance existing antifraud programs and
controls
Increase in fraud cases
Target of external investigation
Centralized function to address fraud risk management programs
and controls
Why the Need for Forensic Audit Program
3 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Recipe for Success
Sponsorship
Staffing
Execution & Results
Building the Network
ROI
6/4/2012
2
4 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Organizational policies and procedures
Hotline
Ethics and Compliance programs
Code of Conduct
Executive sponsorship
Visibility to Board/Audit Committee
Engagement by Business Segments/OpCo’s
Respect from Legal & Human Resources
Clear understanding of roles and responsibilities
Assignment of costs
Sponsorship & Support
5 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Proper background and experience
Recruit internally and externally
Combined set of skills (CFE, CIA, CPA, M.B.A.)
Invest in training
Previous corporate investigative experience a plus
Law enforcement versus auditing
Proper headcount
Strong external relationships
Well networked
Data Analytics & Computer Forensics skills a plus
Staffing
6 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
High-quality results
Build a brand (think like a consultant)
Regionally based
Training and awareness programs
Be proactive
Think beyond investigations (Compliance, Internal Controls,
ERM, etc.)
Avoid territorialism
Solicit feedback (example: have legal review your reports)
Network, network, & network
Execution & Results
6/4/2012
3
7 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Litigation Support
Audit Committee presentations
Executive Management visibility
Regional awareness of the team
Attend training and awareness programs
ERM
Corporate Compliance
Information Systems
Think Big!
Temporary assignments (rotation program)
Develop policies and procedures
Build the Network
8 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Recovery of assets
Remediation of losses
Internal controls/root cause analysis feedback
Informal feedback on people and processes
Increased transparency of reporting fraud and misconduct
Reduction in fraud
Greater credibility from external agencies (DOJ, Auditors)
Stronger control environment
Audit Committee assurance
Consistent approach to managing fraud risk
Return on Investment
9 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Lack of policies and procedures
Lack of a champion or executive management support and
sponsorship
Improperly positioned/located within the organization
Improperly staffed (headcount & skillsets)
No budget
Failure to embed AFPC within organizational framework
Fear of travel
Myopic thinking
Failure to network
Being reactive
Roadblocks
6/4/2012
4
11 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Proactive Fraud Risk Management Approach
4. Investigation
7. Analysis
11. Training
1. Prevention Programs
10. Testing For
Compliance
12. Proactive Auditing 2. Incident (Fewer)
3. Incident Reporting
5. Action
6. Resolution 8. Publication
9. Implementation
of Controls
12 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
AFPC External Auditors
Internal Auditors
Management Board of Directors
Audit Committee
Compliance
Anti-Fraud Roles & Responsibilities
6/4/2012
5
13 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
GIFA - Fraud Risk Management Process
Fraud Deterrence
Policies & Procedures
Fraud Risk Assessment
Anti-Fraud Culture
Fraud Detection
Forensic Audit
Techniques CAATs
Detective Processes &
Controls
Fraud Investigation
Investigation Guides
Evidence Management
Reporting
Fraud Remediation
Root Cause Analysis
Recovery of Assets
Internal Controls Review
14 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
GIFA - Fraud Deterrence Sub-Process
Policies & Procedures
Code of Conduct
Fraud Response
Policies
Human Resources
Policies
Fraud Risk Assessment
Identify Fraud Risk Factors
Define Fraud Schemes & Scenarios
Determine Residual
Fraud Risk
Anti-Fraud Culture
Whistleblower Hotline
Control Environment
Employee Surveys
Fraud Deterrence
Policies & Procedure
s
Fraud Risk Assessme
nt
Anti-Fraud Culture
Fraud Detection
Forensic Audit
Techniques
CAATs Detective
Processes & Controls
Fraud Investigation
Investigation Guides
Evidence Managem
ent Reporting
Fraud Remediation
Root Cause
Analysis
Recovery of Assets
Internal Controls Review
15 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
GIFA - Fraud Detection Sub-Process
Forensic Audit
Techniques
Analytical Procedures
Interviewing Analysis of Financial
Transactions
CAATs ACL / IDEA software
Continuous Controls
Monitoring
Event-Driven CAATs
Detective Controls
Segregation of Duties
Monitoring & IT Controls
Safeguarding Company
Assets
Fraud Deterrence
Policies & Procedure
s
Fraud Risk Assessme
nt
Anti-Fraud Culture
Fraud Detection
Forensic Audit
Techniques
CAATs Detective
Processes & Controls
Fraud Investigation
Investigation Guides
Evidence Managem
ent Reporting
Fraud Remediation
Root Cause
Analysis
Recovery of Assets
Internal Controls Review
6/4/2012
6
16 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
GIFA - Fraud Investigation Sub-Process
Investigative Guidelines
Processes & Flowcharts
Fraud Response Team
Defined Roles & Responsibilities
Evidence Management
Document Reviews &
Labeling
Computer Forensics
Chain of Custody
Reporting Report Guidelines
Attorney-Client Privilege
Presentation of Findings
Fraud Deterrence
Policies & Procedure
s
Fraud Risk Assessme
nt
Anti-Fraud Culture
Fraud Detection
Forensic Audit
Techniques
CAATs Detective
Processes & Controls
Fraud Investigation
Investigation Guides
Evidence Managem
ent Reporting
Fraud Remediation
Root Cause
Analysis
Recovery of Assets
Internal Controls Review
17 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
GIFA - Fraud Remediation Sub-Process
Root Cause Analysis
Internal Controls Review
Issues Tracking System
Management Accountability
Program
Recovery of Assets
Civil / Criminal Action
Disciplinary Action
Insurance Claims
Information & Communication
Awareness Programs
Policy & Procedure Updates
Surveys & Certification Programs
Fraud Deterrence
Policies & Procedure
s
Fraud Risk Assessme
nt
Anti-Fraud Culture
Fraud Detection
Forensic Audit
Techniques
CAATs Detective
Processes & Controls
Fraud Investigation
Investigation Guides
Evidence Managem
ent Reporting
Fraud Remediation
Root Cause
Analysis
Recovery of Assets
Internal Controls Review
6/4/2012
7
19 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Global Integrity & Forensic Audit – Policies & Procedures Overview
GIA Charter
Fraud Response
Policy
Fraud Response Protocols
Allegations Matrix
GIFA Investigation Guidelines
GIA Charter
Defines the purpose of GIA
Provides authority to conduct audits
Defines areas of responsibility
Fraud Response Policy
Details guiding principles for managing fraud risk
Assigns responsibility for addressing complaints
Fraud Response Protocols
Defines principles for conducting internal Compliance/GIFA
investigations of fraud and misconduct
Details the 7-step protocol to address allegations or detection
of fraud and/or misconduct
Allegations Matrix
Defines various types of allegations
Prioritizes allegations in three separate levels (A,B,C)
Identifies ownership for investigating the allegations
GIFA Investigative Guidelines
Serves as a guide and reference to enroll investigative
procedures and processes during the collection of facts and
evidence in matters where illegal, unethical or otherwise
improper acts are alleged
Defines GIFA’s philosophy and core values
20 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Global Integrity & Forensic Audit - Vision & Mission
Vision – To ensure the development, implementation, and sustainability of a
comprehensive fraud risk management process designed to reduce Bunge’s risk of
asset loss, reputational damage, and legal liability resulting from incidents of fraud
and misconduct.
Mission – To develop comprehensive anti-fraud programs and controls designed to
deter, detect, investigate, and remediate incidents of fraud and misconduct within
Bunge, including but not limited to:
Promptly respond to reports of illegal, unethical, or improper acts committed by
company employees or non-employees who are engaged in company business,
Conducting fraud awareness training for company employees,
Completion of a fraud risk assessment,
Enhanced fraud detection through data analytics and forensic audit techniques,
Provide litigation support and forensic due diligence for legal and regulatory
matters, and
Collaborate with compliance and risk management teams to evaluate risks,
review processes, and analyze trending.
21 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Investigation of Fraud, Abuse, and/or Misconduct
Accounting Irregularities
Occupational Fraud (Embezzlement, Skimming, Fictitious Invoices, T&E, etc.)
Conflicts of Interest
Bribery & Corruption
Litigation Support
Antitrust, Intellectual Property, Securities Trading
Fraud Risk Assessment
Global Integrity & Forensic Audit - Scope of Work (1 of 2)
6/4/2012
8
22 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Proactive Fraud Awareness Training
Internal Audit (forensic audit techniques)
Operating Companies
Functions (Finance, Sales, etc.)
M&A Due Diligence
Ethics & Integrity Case Studies
IT Investigative Technology/Computer Forensics
FCPA/Third-Party Compliance
Third-Party Proactive Reviews
Anti-bribery Audits
Security Audits/Surveys/Reviews
Global Integrity & Forensic Audit - Scope of Work (2 of 2)
23 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Scope of Work - Differentiation
Compliance policies
& procedures
Ethics programs
Compliance
investigations
oversight (FCPA)
Allegations matrix
Compliance reporting
3rd-party compliance
programs
Fraud investigations
Anti-fraud training &
awareness
Litigation support
Fraud protocols &
investigation guidelines
Security audits
M&A due diligence
Fraud risk
assessments
Physical security
programs (facilities,
cargo, inventory, etc.)
Personal security
Travel security
Security policies and
procedures
Security investigations
(thefts, product
tampering, etc.)
Compliance Function GIFA Security Function
6/4/2012
9
25 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Legal Counsel
Legal advice
Litigation support
Attorney-client privilege
Review reports for language
Communication with the Board, Audit Committee, Senior Management
Co-sponsored training
26 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Human Resources
Investigative support
• Interviewing
• Prior disciplinary actions – incidents
• Personnel files
Report distribution
Disciplinary action
Employee surveys
Staffing (compensation, career planning)
27 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Information Technology
Electronic evidence collection
Data retrieval – where/when/how
Email reviews
Hard drive imaging
Internet activity
Log in/out data
6/4/2012
10
28 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Security
Support investigations
Physical access documentation
Interviewing skills
Prior incidents
Location background
29 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Outside Fraud Experts
Investigative experience/expertise
Interviewing skills
Data-mining techniques
Computer forensics
Report-writing skills
Forensic auditing expertise
Expert witness – render opinions
30 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Audit
Control weaknesses review
Root-cause analyses
Data mining
Document review
Email/electronic evidence reviews
Proactive forensic audits
Resource pool
Forensic rotation program
Fraud training programs
6/4/2012
11
31 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Audit Committee/Management
Periodic updates
Annual presentation
Immediate notification of serious fraud issues
Root-cause analysis
Patterns of behavior
Legal liability
Oversight of investigative activity
Sponsorship
32 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Findings
Continuous Updates
Knowledge of Business & People
Remediation of Findings
Process Improvements
Cause & Root Cause Analysis
Internal Control Recommendations
Training & Awareness
Management
33 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL
Questions
