370 likes | 441 Views
FORENSIC. Fraud warning signs & Fraud risk management. Ian Colebourne and Alexander Sokolov 23 October 2006. ADVISORY. Agenda. Introduction Profile of a fraudster Fraud risk indicators Changing business landscape Fraud risk management Questions & answers. Active consideration of Fraud.
E N D
FORENSIC Fraud warning signs &Fraud risk management Ian Colebourne and Alexander Sokolov 23 October 2006 ADVISORY
Agenda • Introduction • Profile of a fraudster • Fraud risk indicators • Changing business landscape • Fraud risk management • Questions & answers
Active consideration of Fraud • What do you know of past fraud and risk of fraud occurring in your business? • Has responsibility for managing fraud risk been clearly defined? • What systems are in place to detect fraud and irregularity? • Are staff aware of the reporting channels?
Definitions • “Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain.”(Bryan A. Garner, Editor, Black’s Law Dictionary, Eighth Edition, West Group, 2004) • Misconduct is also a broad concept, generally referring to violations of laws, regulations, internal policies, and market expectations of ethical business conduct.
Types of fraud Asset Misappropriation Fraudulent Financial Reporting Other Questionable or Improper Business Practices
Fraud losses • Source: 2006 ACFE Report to the Nation On Occupational Fraud & Abuse ACFE Fraud Loss Estimates 100% 5% Fraud loss Annual revenue
Fraud losses by industry • Source: 2006 ACFE Report to the Nation On Occupational Fraud & Abuse
Fraudster profile • KPMG UK analysed a sample of 100 frauds investigated over a three • year period • Directors or Senior Managers perpetrated 2/3 of frauds; • 32% had worked for company for between 10 and 25 years; • 51% involved some collusion between two or more people in business and in 10% of cases, more than 5 people involved; • 70% of cases involved only men; • Typical ages: 39% were between 36 and 45; • Finance was most likely area hit in 42% of cases with procurement next most likely at 12.5%.
Fraud impact Position of Perpetrator - Median Loss 1,000,000 1,000,000 800,000 600,000 Median Loss 218,000 400,000 78,000 200,000 0 Employee Manager Owner / Executive Position of Perpetrator • Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse $
Why does fraud happen? Rationale Motive Opportunity
Fraud Risk Factors Matrix Related party arrangements Complex corporate structure High hope value / Aggressive forecasts Business Culture Remote operations • Web of companies owned or linked to key individuals in the business • Unwarranted complexity in structures • Bottlenecks with reporting through one individual. • Significant investment in new market • Aggressive financial targets & expectation for management • Management dominated by one person or small group • Lavish lifestyles • Poor management oversight of remote subsidiaries and JVs • Remote units managed by autocratic CEO • Lack of trust / poor auditor relationship • Business culture • Undue secrecy • Questionable practices • Significant director transactions • High analyst or other pressures • Declining industry / earnings • High hope value / Aggressive forecasts • Organisational change • Highly leveraged rewards • Aggressive accounting policies • Unique products / unique risks • Cash / funding gap • Results exceed market trend • High management turnover • Profit warnings /credit warnings • Complex structure • Related party arrangements • Multiple banking arrangements • Remote operations
Personal red flags Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraud • Personal pressures • Individual performance targets • Infiltration by organised crime Controls may be overridden or ignored by certain individuals: • Powerful (overrides controls, staff intimidated) • Successful (not to be bothered, too busy earning money) • Trusted (responsibility has moved beyond their job description)
Converging Forces NYSE/NASDAQ Listing Standards Director & Officer Liability Federal Sentencing Guidelines Enforcement & Litigation Sarbanes-Oxley Corporate Governance and Responsibility Global Standards of Business Conduct Demands for Transparency and Accountability Rating Agency, Investment Criteria Shareholder Activism Reputation and Credibility
Russian business environment • Economic boom (partially a result of record oil prices) • Competition limited by developed countries standards • Rapidly growing markets – high sales growth • Relatively high profitability • … Our experience suggests that in such environment, effective anti-fraud governance can be ascribed low priority or be undetected because the current level of profitability allows for fraud loses to be absorbed within existing profit margins. • Do tougher times lie ahead??? What would those tougher times bring??? Government tightening regulations?
Don’t look back “Vedomosti Test”? Behaviour / Activity Now 2 – 3 years from now Legal / Regulatory Standards Time
A recent development… CBR Accounts Tax Authorities Supplier Non-Payment Services E.g. Logistics Claimed Liability International Company • Position is better if you can show: • Good tendering • Supplier vetting Russian Bank
A recent development… CBR “Financial Services” Accounts Tax Authorities Supplier Non-Payment Payment Fictitious $ Black-cash (less commission) Claimed Liability – ? Prosecution ? CBR reported to have 35 banks under priority review for ML / cash conversion in the Moscow region Fees for cash conversion are understood to have increased significantly – from 2 to 5/6% Russian Bank Services E.g. Legal / “Consulting” International Company
How are companies responding? Source: KPMG Fraud Survey (2005)
Strategy & tactics • “Strategy without tactics is the slowest route to victory. • Tactics without strategy is the noise before defeat.” • Sun Tzŭ c. 490 BC, Chinese military strategist
Detection Reliance Management Whistle-blowing Internal Controls Internal Audit ? Они говорят по-русски?
Barriers to the effective implementation of controls • Good controls on paper are not strictly followed in practice • Grey areas in the rules – open to interpretation • Lack of segregation of duties • Collusion • Management override • Failure of senior management to lead by example • Bureaucracy &/or formulaic compliance • Failure to share knowledge of fraud experience, control weaknesses and control improvements • Clash of cultures
Three objectives for FRM strategy controls designed to reduce the risk of fraud and misconduct from occurring in the first place controls designed to take corrective action and remedy the harm caused by fraud or misconduct controls designed to discover fraud and misconduct when it occurs
What measures should be taken to help prevent, detect and respond to fraud? Prevent fraud and misconduct Detect occurrence Respond appropriately if discovered
Control components • Internal investigation protocols • Fraud and misconduct risk assessment • Hotlines and whistle-blower mechanisms
Fraud risk assessment • Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable. • Qualitative factors in the assessment include: • the accounting system • complexity, volume and nature of transactions • internal controls in place • compliance, training and monitoring • Incorporates the views of: • management; • control functions; • line employees Significance / Impact Likelihood • Management are then able to: • Prioritise identified risks and evaluate the existing controls • Link each risk to specific controls and commit resources to implement any enhancements
Fraud reporting channels • Surveys suggest that: • Over 50% of frauds are discovered as a result of information provided by staff • Losses after an introduction of a whistle-blowing hotline can be reduced by up to 60%. • Staff prefer the following reporting channels: • 57%: a telephone hotline; • 20%: conventional mail; and • 16%: e-mail.
Effectiveness of a hotline • Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse
What does a good hotline look like? Confidentiality All matters treated confidentially; reported on a need to know basis Anonymity Process should allow for anonymous submission & resolution Availability Should be available in remote outposts, not just head office Assistance – Real Time A ‘live’ response – operators need to be qualified, trained & able to provide advice Procedures Consistent protocols to gather information and manage the call Classify & Notify Qualified staff assess the allegation; protocols establish basis for escalation & investigation Communicate Publicise the hotline prominently; commit to, & test for, non-retaliation
Response • Objective is to take corrective action & remedy the harm caused by fraud or misconduct: • Examine the primary cause of the control breakdown, ensuring that risk is mitigated and controls are strengthened. • Discipline those involved in the inappropriate actions, as well as those in management positions who failed to detect or prevent such events. • Communicate to the wider population of employees that management took appropriate, responsive action.
Investigations • Consideration should be given to: • Data and information gathering; • Interviewing techniques; • Appropriate resource; • Analytical tools such as data mining; and • Corporate intelligence information.
Questions & contact details Ian Colebourne Forensic Partner Tel: +7 495 937 2524 Email: IanColebourne@kpmg.ru Alexander Sokolov Forensic Director Tel: +7 495 937 4477 extn 2781 Email: AlexSokolov@kpmg.ru The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.