Fraud Control - PwC

1 FraudA guide to its prevention , detection and Fraud is a persistent fact of business life, affecting businesses of all sizes and across all industries. Consider the following recent statistics: of Australian businesses suffered some form of Fraud between 2005 and 2007 (PricewaterhouseCoopers Economic Crime Survey 2007) Fraud costs Australian business and government $ billion a year one-third of the total cost of all crime in Australia (Australian Institute of Criminology s 2003 report, Counting the costs of crime in Australia) of Australian respondents suffered losses in excess of $1 million between 2005 and 2007 (PricewaterhouseCoopers Economic Crime Survey 2007).

2 While there is no foolproof method of preventing Fraud , the risk can be minimised by taking a systematic and considered approach to its most organisations, internal Fraud ( Fraud committed by an organisation s employees or offi cers) is its greatest risk. In fact, the PricewaterhouseCoopers Economic Crime Survey 2007 identifi ed that of Australian Fraud was committed by internal this guide is primarily directed toward the mitigation of internal Fraud , even though many of the methods described can be used to mitigate external guide will take you on the iterative journey of Fraud risk management, providing a basic summary of better practice techniques in Fraud prevention , detection and in the Australian contextFraud controlDetectionPreventionRisk assessmentInvestigation2 Internal Fraud controlWhile there is no foolproof method of preventing Fraud .

3 Certain Fraud prevention techniques have proven to be _____ 41 Fraud risk management _____ 7 How to establish a robust framework2 Fraud prevention techniques _____ 13 Some easy-to-implement Fraud prevention techniques3 Proactive Fraud detection _____ 21 Making Fraud detection part of business-as-usual4 Effective Fraud investigation _____ 27A step-by-step plan5 Electronic investigations _____ 35 What if there s no paper trail?6 Financial statement misrepresentation _____ 39Do your numbers lie?3 Internal Fraud control44 IntroductionShell companyNon accomplice supplierPersonal purchasesGhost employeeCommission schemesWorkers compensationFalsifi ed wagesFalse voidsFalse refundsMischaracterisedexpensesOverstate d expensesFictitious expensesMultiple reimbursementsForged makerForged endorsementAltered payee Concealed chequesAuthorised makerUnrecordedUnderstatedWrite-off schemes Lapping schemesBilling schemesPayroll schemesCheque tamperingPoint of sale paymentsExpense reimbursement schemesCash on handFrom the depositOtherSalesReceivablesRefunds and otherTheft Fraudulent

4 Payments SkimmingMisuse TheftInventory and all other assetsCashAsset requisitions and transfersFalse sales and shippingPurchasing and receivingUnconcealed theftAsset misappropriationPetty cash box accessFalsifi ed documentation and/or reconciliationsFalsifi ed bank reconciliationsSafe deposit box accessKitingPersonal use of stationary and other consumablesInadequate physical security controlsInventoryPlant and equipmentIntellectual property and other assetsUtilisation for personal benefi t or gainInadequate supervision or controlsLow staff morale and disgruntled employees increases the risk of unethical behaviourLarge unexplained stocktake variances to accounting recordsInappropriate segregation of dutiesSkimming deliveriesInappropriate segregation of dutiesFictitious customersFalsifi ed transfer documentsUnauthorised write-off schemesMultiple refundsUnauthorised or fi ctitious refundsFalsifi ed delivery dockets The web of deceit O, what a tangled web we weave when fi rst we practice to deceive!

5 - Sir Walter Scott -55 The web of deceit also known as the Fraud Tree is adapted from a uniform occupational Fraud classifi cation system developed by the United States based Association of Certifi ed Fraud of risk and fraudulent schemes are grouped under the broad categories of asset misappropriation, fraudulent statements and is important when investigating incidents of Fraud to remember the concept of the web. This helps remove mental blinkers and reminds the investigator to consider all potential aspects of a perpetrator s fraudulent many cases perpetrators will use several different fraudulent schemes that are interconnected.

6 For example, invoicing schemes will often require the perpetrator to create false suppliers and then cover their tracks by creating false accounting records. These have a direct impact on an organisation s fi nancial disclosures/classifi cationsImproper asset valuationsConcealedliabilities andexpensesFictitiousrevenuesTimingdiffe rencesAsset / revenue overstatements Liabilities / expenses understatements Employment credentials Internal documents External documentsNon-fi nancial/environmentalFinancialFraudulent statements Accepting Bid Otherkickbacks rigging Purchases Sales Otherschemes schemesIllegal gratuitiesExtortionBriberyConfl icts of

7 InterestCorruptionUnrecordedUnderstatedI mproper estimatescontingenciesConcealedassetsTim ingdifferencesCorrupt practices/briberyCouncilenvironment and regulatoryreportingSide lettersImproperforecastingNon-disclosure of loss or related partiesPrivacybreachEmploymenthistoryPro fessionalaccreditationsIdentityfraudQual ifi cations Non Money Monetary monetary laundering Economic Political Social6 Fraud risk management7 Fraud risk management1 How to establish a robust framework8As a result of Fraud -related collapses, governments around the world have undertaken regulatory initiatives in the Fraud area.

8 These include rules under the Sarbanes-Oxley Act in the US and the Corporate Law Economic Reform Program (CLERP 9) in , Australian Auditing Standard (ASA) 240: The Auditor s Responsibility to Consider Fraud in an Audit of a Financial Report requires greater: transparency in corporate accounting and reporting accountability, by making board members and executives personally responsible for fi nancial Fraud risk management frameworkA Fraud risk management framework is an essential element in meeting these corporate responsibilities of transparency and accountability. Developing such a framework is a complex task that requires an understanding of Australian Standard (AS) 8001-2003: Fraud and Corruption organisation must ensure this risk management framework effectively minimises Fraud risk across all its operations, while at the same time having the fl exibility to adapt to Fraud risk management framework should include the following: 1.

9 Identify areas of high riskIdentifying high Fraud risk areas is the fi rst substantive step in dealing with the problem. This must be done before any further analysis and assessment can be undertaken. It is important that risk identifi cation is not confi ned to fi nancial risks for some Fraud such as cyber crime and information theft, damage to reputation is a key Assess the risksOnce an organisation has identifi ed its own risk areas, a Fraud risk assessment covering all relevant areas of operation can provide the platform for a framework and strategy for a sustainable, long-term monitoring and review Involve all staffIn order to capture Fraud risk information from all staff, an electronic survey tool should be considered.

10 This can be used across the organisation, or at the business unit or product-specifi c level. Electronic surveys have the following benefi ts: they greatly assist in lifting levels of Fraud risk awareness among staff they increase understanding of the effectiveness of the organisation s existing risk management framework, and its capacity to prevent and detect Fraud they can be used to validate identifi ed Fraud risks inherent in specifi c business units and/or products they give staff the opportunity to report known or alleged fraudulent a Fraud risk assessmentFraud risk assessment involves a signifi cant commitment by management and staff and should be directed or managed by people, whether staff or consultants.