330 likes | 463 Views
ANZUIAG 2009 Adelaide. Session 8: Fraud Masterclass. Phil Procopis, Director: Assurance & Risk Management Services Wayne Gorrie, KMPG Mark Leishman, KPMG. ANZUIAG. HIGHER EDUCATION. Current fraud trends. ANZUIAG Conference October 2009. ADVISORY. Terror hits London.
E N D
ANZUIAG 2009 Adelaide Session 8: Fraud Masterclass Phil Procopis, Director: Assurance & Risk Management Services Wayne Gorrie, KMPG Mark Leishman, KPMG ANZUIAG
HIGHER EDUCATION Current fraud trends ANZUIAG Conference October 2009 ADVISORY
Terror hits London • Make a donation to the London Bombings Relief Charitable Fund • The Mayor of London has established the London Bombings Relief Charitable Fund, in association with the British Red Cross. The money raised by this charity will be used to assist the victims of the attacks, their families and dependants and to support any other projects that its Trustees consider appropriate.The London Bombings Relief Charitable Fund is concentrating on asking the public and businesses to give donations generously at this time of immense grief and suffering among the victims and their families. It is therefore not agreeing other fundraising proposals such as auctions, sale of products and events such as concerts at this time.
Common headlines K&S fights off fraud TRANSPORT company K&S Corporation is accelerating along the road to recovery after being hit by a $20.8 million fraud in April. DEFENCE SUES EX STAFFER, ACCUSES HIM OF STEALING $107 MILLION. Hewlett-Packard Canada Inc agreed to refund the Federal Government $150 million saying it was a victim of a massive fraud ‘‘Woman jailed for $1.3 m theft’ ‘Money laundering accountant, author jailed for fraud’
Impact of fraud Direct damage / cash drain Financial Investigation costs Damage Loss of customers Reputation damage / Loss of confidence Political damage Indirect-financial Absorption of management’s attention Exposure to the press, the public, auditors, others Breach of trust issues for colleagues
Objective • To raise participants awareness of how fraud and unethical conduct can threaten a University’s assets and reputation, and how such matters can be prevented, detected and responded to
Agenda • Key definitions • Local fraud trends • Strategies to mitigate fraud loss • Case studies • Investigations – responding to fraud Please ask questions throughout
What is fraud? • “Dishonestly obtaining a benefit by deception or other means” • Source: Commonwealth Fraud Control Guidelines
Fraud Examples Financial statement fraud Theft of assets Corruption & misconduct • Fictitious revenue • Timing of revenue • Conceal liabilities • Deferral of expenditure • Improper disclosures • Improper asset valuation • Inappropriate related party transactions • Capitalise expenditure • Conflict of interest • Diversion of sales to own business • Kickbacks/gifts • Supplier favouritism • Sale of information • Insider trading • Theft of inventory/cash • Theft of information or intellectual property • False invoicing • Payroll fraud • On-line banking transfer • Fraudulent cheque • Accounts receivable fraud • External attack How • Performance bonus • Market expectation • Continuation of employment • Conceal fraudulent conduct • Appease regulator • Underpin share price • Evade / minimise taxation • Greed/Lifestyle • Gambling • Financial hardship • Revenge • Culture • Drugs Why
Fraud trends in Australia Source: Australian Institute of Criminology
KPMG Fraud Survey 2008 • 8th biennial survey since 1993 • February 2006 to January 2008 • Survey design • 20% response rate (420 respondents out of 2018) • Aimed to provide an insight into the prevalence, motivations and types of fraud in Australia and New Zealand
What we found? • 45% experienced at least one fraud incident • More than 222,000 incidents • Value of fraud $301 million • Average loss - $1,500,000 • Gambling major motivator • Identity fraud involved in 15% of major frauds • 15% of perpetrators had a history of dishonesty
Profile of a fraudster • Male non-management employee aged 38 years • Acting alone • No known prior dishonesty with a previous employer • Six years with the organisation • Misappropriated funds to an average of $262,000 • Motivated by greed, personal financial pressure (and gambling) • Detected by fraud detection procedure after 11 months • Recovery rate only 11%.
Conditions that allow fraud Rationalisation $ Incentive / Pressure Opportunity
An overarching fraud control strategy Example deliverables • Fraud Control Policy, Strategy & Plan • Organisation-wide Fraud Awareness Program • Employee due diligence • Co-ordinated fraud detection program • CACM / Routine data analysis • Post-transaction review • Reporting channels • Allegation handling and referral protocol • Investigation capability • Escalation procedures
What are organisations doing to prevent fraud? Prevention is better than cure! If you have these are they disseminated throughout your University?
What are organisations doing to detect fraud? Detection controls designed to discover fraud when it occurs because you cannot entirely prevent fraud from occurring.
What are organisations doing to respond to fraud? Few organisations know how to respond appropriately when a fraud occurs.
Case study #2 • Case: • Entire family regularly attends conferences with all expenses borne by the Academic’s Consultancy account. • Academic claims they owns 100% of the IP to his research and have been selling it other organisations. • Academic’s private practice is accused of Medicare fraud • Spends 90% of his time working on his research,10% teaching and publishing • Holds Directorships with organisations and has shares in pharmaceutical companies pecuniary interests/conflict of interest • Testing found that Research – i.e. completing research then applying for funding for the completed research to fund the upcoming research • Questions: • Would the average University Internal Auditor have conflicting views/opinions to the average academic on the points raised? • What are some of the pressures that you as an investigator may experience which confuse your ethical judgements? • For each potential fraud: • How should the University have protected its interests • What actions would you take • What should the University disclose
Case study #3 • Case: • Managing the people issues with regard to a fraud investigation: • Handling the breach of trust (personally) • Whistleblower • Witnesses • Suspect/perpetrator • Victim • Other staff in the area who are affected • Management of the area • Communication during the overall investigation processes • Questions: • How would you approach each person/requirement • How will you as Internal Audit ensure that Management is engaged throughout the process • How would you deal with the gossip which occurs
Case study 4 • Case: • A whistle blower has raised an issue with regard to their superior sighting the following: • Sexual harassment of a colleague • Fraudulent qualifications, awards – degrees etc • Hiring of their partner • Acceptance of entertainment and gifts • Questions: • Map out the steps that you would to address this situation?
First steps at the scene of a crime • Take stock • Assess the credibility and the context in which allegations are made, or suspicions reported. • Evaluate the quality and accuracy of evidence provided. • Evaluate other potential sources of evidence such as financial information, analyses, Internal • Refer to the Fraud Response Plan
Response to allegations of fraud or misconductFraud Investigation – ‘The Big Picture’ Resolution Reporting & Publicity Investigation Evidence/ prosecution Detection/ prevention/ response Monitoring Educate Review Risk Assessment Testing Obtain evidence Regulators? Mitigate risk Tell employees? Impartiality Report to Mgmt? Conduct interviews Confidentiality Media release? Legal rights Law enforcement Evidential trail Satisfy courts Resources Reporting channels Interview technique Contain/ quarantine Training & awareness Response Plan Witness management
Who does what? • Investigation – in-house, external specialists or the Police? • Assess in-house investigative skills and establish who will perform investigations. Is there a policy about reporting to Police or otherwise. • Ensure that you can react rapidly when an incident occurs – time is of the essence. Consider what other experts will be needed to assist - lawyers, forensic accountants etc. • Do they provide “menus” of services that you can draw on short of a full scale investigation? • Will you need these experts to perform a complete investigation? • Police – may investigate the allegations • Insurers – can assist with advice in respect of insurance cover and steps to take
Suspect’s rights – avoiding prejudicing a successful investigation • Ensure that company employment policies (discipline, conduct, grievance) are adhered to. • Ensure that relevant legislation is incorporated into the Response Plan i.e. Human Rights. • Advise suspects/interviewees of their rights including the right to be accompanied or represented where applicable. • Will interviews be under caution in accordance with the relevant legislative requirements.
Documentary Evidence • Documentary evidence may be subjected to any of the following types of forensic analysis: • Fingerprinting • Handwriting analysis • Document analysis – paper stock, tears/rips, indentations, ‘cover up’, stamps/postal marks • Content analysis/accounting analysis
Electronic evidence can relate to: Contents of a file: Characters or words Auditory or visual (mp3’s, movie files) Information about a file: Ownership Editors Locations on disk or device Dates and times General actions taken in relation to file Electronic evidence
Electronic evidence cont.. • Electronic evidence can provide very strong evidence • Ability to follow the electronic trail…. • Typical functions: • Recovery of deleted files • Password recovery or cracking • Log file analysis and interpretation • Specific keyword searches
Mark Leishman Partner KPMG Australia and New Zealand +61 7 3233 9683+64 9 367 5939 mleishman@kpmg.com.au www.kpmg.com.au