Fraud Risk Assessment: An Expert’s Blueprint

Copyright © 2013 FraudResourceNet™ LLC

“Fraud Risk Assessment: An Expert’s Blueprint”

July 26, 2013

Special Guest Panelist:Kevin Doyle, CPA, CFE, CFF

Marriott International


About Peter Goldmann, MSc CFE

President and Founder of White Collar Crime 101

Publisher of White-Collar Crime FighterDeveloper of FraudAware® Anti-Fraud

Training Monthly Columnist, The Fraud Examiner, ACFE Newsletter

Member of Editorial Advisory Board, ACFE

Author of “Fraud in the Markets”Explains how fraud fueled the financial crisis.


About Jim Kaplan CIA CFE

President and Founder of AuditNet®, the global resource for auditors

Auditor, Web Site Guru,

Internet for Auditors Pioneer

Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.

Author of “The Auditor’s Guide to Internet Resources” 2nd Edition


About Kevin Doyle CPA CFE CFF

Lead financial and accounting fraud investigations, and other instances of malfeasance on a worldwide basis

Champion ethics awareness via training, communication platforms and education venues

Marriott has been recognized multiple times as one of the “World’s Most Ethical Companies”by the Ethisphere Institute


Webinar Housekeeping

This webinar and its material are the property of FraudResourceNet™ LLC. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. We will be recording the webinar and you will be provided access to that recording within five-seven business days. Downloading or otherwise duplicating the webinar recording is expressly prohibited.

You must answer the polling questions to qualify for CPE per NASBA.

Please complete the evaluation to help us continuously improve our Webinars.

Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.

If GTW stops working you may need to close and restart. You can always dial in and listen and follow along with the handout.


Disclaimers

The views expressed by the presenters do not necessarily represent the views, positions, or opinions of FraudResourceNet™ LLC (FRN) or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship.

While FRN makes every effort to ensure information is accurate and complete, FRN makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. FRN specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the FRN website

Any mention of commercial products is for information only; it does not imply recommendation or endorsement by FraudResourceNet LLC

5


Today’s Agenda

Introduction

Fraud Statistics

The Auditor’s Role in Fraud Detection

Why Conduct a Fraud Risk Assessment?

Setting the Right Objectives for your FRA

The Phased Process of Doing a Successful

Fraud Risk Assessment

Questions & Answers


Fraud: The Big Picture

According to major accounting firms, professional fraud examiners and law enforcement:

Fraud jumps significantly during tough economic times

Business losses due to fraud increased 20% in last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. (Kroll 2010/2011 Global Fraud Report)

Average cost to for each incident of fraud is $160,000 (ACFE) Of Financial Statement fraud: $2 million

Approx. 60% of corporate fraud committed by insiders (PwC)

Approx. 50% of employees who commit fraud have been with their employers for over 5 years (ACFE)


The Auditor’s Role

1200: Proficiency and Due Professional Care

1220: Due Professional Care

2060: Reporting to Senior Management and the Board

2120: Risk Management

2210: Engagement Objectives


Practice Guide

A fraud risk assessment is often a critical component of an organization’s larger enterprise risk management program.


Auditor’s Role

Why do a Fraud Risk Assessment? Comply with standards

It’s the right thing to do

Most importantly:To Proactively Detect and

Prevent Fraud in Your Organization


Why Perform This Initiative?

In addition to the introductory statistics: Over 43% of international businesses were victims of

fraud, average loss per company over a 2 year period $2.4m (that amount excludes undetected losses and indirect costs),

85% of companies globally suffered at least one fraud in the past 3 years.

Incidents of fraud damage reputational valueWorth repeating in context of FRA: IIA Standards 2120 and 2210: “must” (was “should”) evaluate potential of fraud…Internal auditors “must” consider probability of significant errors, fraud etc. in developing engagement objectives.


Phased Process

I. Create Strategic Fraud Risk Assessment Team

II. Create Survey Beta Execution Team

III. Fraud Benchmarking Phase

IV. Survey Phase

V. Evaluation Phase

VI. Time Commitment


I. Strategic Fraud Risk Assessment Team

Team members reflect a wide spectrum of knowledge, skills, and perspectives Recommended Members of Team:

Internal Audit Risk Management Legal/Compliance CounselHuman ResourcesInformation TechnologiesBusiness Unit LeadersExternal Consultants

Continued…


I. Strategic Fraud Risk Assessment Team(continued)

Key Activities of Strategic TeamAssess different types of risk –i.e. employee fraud,

management fraud, illegal act, books and records, bribery etc.

Identify universe of fraud risks Assimilate results Evaluate existence and adequacy of controls to

mitigate risksDevelop remediation plan to correct control gaps

Strategic Team time commitment Establish firm expectations – both time & commitment As best possible create milestone schedule;

communicate well inadvance Strategic team support is key toward success!


II. Create “BETA”/Brainstorming Teams

Team members should be reflective of the following “demographics”: Your particular corporate reporting structure The intended results of the survey (i.e. next steps/action plans) International (“boots on the ground”) vs. domestic Finance, operations, information technology, HR, Sales and Marketing, Research and Development etc.


II. Create BETA Execution Teams (continued)

Beta Team duties: Participate in pre-arranged

meetings/calls/update Via leveraging their experience, Beta team

members add/subtract/modify universe of fraud “Scenarios Types” Refer to external resources as well (industry news,

publications, trade organizations, etc.) Consider interviewing business unit leaders/key

stakeholders This is an iterative process



Beta Team duties (cont’d): Facilitate dialogue on “Potential Warning Signs” Provide input around participant selection process Provide feedback on effectiveness of fraud tool such

as:− Clarity of instructions; how will survey translate?− Survey look, feel, functionality− “Malleable-ity” of results, survey tool− Other feedback



Quantify population of fraud risks, including, but not limited to: Intentional manipulation of books and records Misappropriation of assets –hard and intangibleAt times intangible assets and “fall below the

radar” Corruption Bribes (FCPA/UK Bribery Act) Kickbacks

Regulatory or Legal Reputational


Polling Question 1

Your fraud risk assessment team should include…

A. Chief Audit Executive B. Director of Financial Fraud C. Director of InvestigationsD. Senior Finance Leaders E. All of the above


III. Fraud Experience Benchmarking Phase

Benchmark fraud prevention and detection against other companies to better understand latest trends in fraud and to build fraud resource network within the business community.

Schedule periodic calls with industry peers and host round table discussions.


IV. Survey Phase

Communicate, communicate, communicate!(then communicate some more!) Include Strategic Team/stakeholders in survey roll-out Announcement from IAD will not likely engage

participants Consider pre-announcement from Strategic

Team/stakeholders Encourage completion by sending “friendly” reminders Connectivity is key!

continued…


IV. Survey Phase (continued)

Fraud survey must be circulated to a wide enough audience to identify trends and assess possible unreported frauds or control weaknesses (blind spots!)

IAD to aggregate the data to assess risks perceived by those in the field is, and where unknown risk may lie.


V. Evaluation Phase

Compiling results:Add value to businessIncrease awareness of your company’s

susceptibilities and vulnerabilities to specific fraudsLeverage results for proactive

remediation; training purposesImplement results/survey as part of

business unit risk assessment tool


V. Evaluation Phase

Compiling results (continued):Use survey feedback to identify

regions/disciplines/ processes/business units that may have significant unreported risk.Implement corrective action plans to

mitigate the risk of potential fraud. Corrective plans may include increasing

controls or designing audit proceduresto address specific risks

Create a documented benchmark of comparing industry. Develop a systematic plan for integrating

fraud detection into the audit plan


Polling Question 2

The main goal of the survey phase is to…

A. Gather information on potential fraudstersB. Learn how to conduct fraud investigationsC. Predict potential future areas of fraudD. Identify trends and get a better idea of unreported

frauds


Results By Scenario

4

1228

4022

534 32

3 10 23 25 2 42 18 35 16 29 13 21 19 11 39 41 31 20 37 1 14 24 17 36 38 43 26 46 27 30 15 6 7 33 98 44 47 45

0

2

4

6

8

4 5 23 35 19 20 17 46 7 47

Question #KD1


Polling Question 3

Compiling the results of your Fraud Risk Assessment should (choose all that apply)

A. Increase awareness of company’s vulnerabilities to specific fraudsB. Leverage results for proactive remediation; training purposes A. Identify regions/processes/business units that may have significant unreported risk.B. All of the above

Slide 27

KD1 leave in?Doyle, Kevin, 7/18/2013


VI. Time Commitment Metrics

Strategic Team:Quarterly update meetings (1-2 hrs/QTR)Champion completion of BETA and live surveys (as

needed) Beta Team and related participants:

Initial set up: Initial meetings/review survey/provide feedback

(4hrs/MO – 1st 2-3 MOs) Goal for Beta team is to not create

data/documents but to review well conceived ideas and data and provide opinions on how to make survey efficient and effective)


VI. Time Commitment Metrics

Thereafter – refine BETA/Go Live Monthly update meetings thereafter (1 hr/MO) Champion completion of BETA and live surveys

(1 Hr/MO) Provide technical/property level support

suggestions (1hr/MO)


Polling Question 4

As part of the Evaluation Phase, it is generally important to integration fraud detection into the:

1. Internal controls process2. Survey process3. Audit plan4. Post-incident remediation


Timeline

EvaluationPhase

SurveyDue Date

Go Live

BenchmarkDiscussions

BETA Test

BETA Team / Monthly Updates

Rollout plan to Stakeholders

Strategic Team / Quarterly Updates

Q3-Yr1 Q4-Yr1 Q1-Yr2 Q2-Yr2 Q3-Yr2 X Q4-Yr2 Q1-Yr3 Q2-Yr3 Q3-Yr3

Execute Beta TestFeedback, Edits, Revisions

Quarters

Mileston

es

X – Determine final population, recipients

Q4-Y1 – Q1-Y2

Q1-Y2 - Q2-Y2

Q2-Y3

Q4-Y1 Q1-Y2 Q2-Y2 Q3-Y2 Q4-Y2 Q1-Y3

Develop Risks, Beta Tests, Revisions

Stakeholder Meetings

Q2-Y4

Peer Calls


Reporting Results

Background Executive Summary Summary of Recommend Action Plans Detail Summary of Results Other related information


Polling Question 4




Key Lessons

Introduce fraud awareness as an important discipline and “room” needs to be made at the table with the other long standing business disciplines such as HR, R&D, Legal, Sales and Marketing etc. Fraud must be addressed in a proactive vs reactive

manner. Your FRA allows you to do that. Be prepared to argue cost and return on investment

Develop key relationships – need “buy-in”

Be prepared to answer – “what’s in it for me?” “Begin with the End in Mind” (Steven Covey)

Know the “who, what, where, when” in advance


Polling Question 5




Questions?


Thank You!

Website: http://www.fraudresourcenet.com

Jim KaplanFraudResourceNet™

800-385-1625 [email protected]

Peter GoldmannFraudResourceNet™

[email protected]

Kevin Doyle, CPA, CFE, CFFSenior Director, Internal Audit

Global Financial FraudMarriott International, [email protected]


Coming Up….

"Quick Response Fraud Detection using Data Analytics: Hitting the Ground Running using Technology in a Suspected Fraud Case”, July 31

Economy & Finance

Fraud Risk Assessment: An Expert’s Blueprint