Transcript Central Bank of Libya

Fraud Awareness Presentation for
the
Central Bank of Libya
Royce Walker
Financial Services Volunteer Corps
Volunteer
March 23 - 25, 2009
Fraud Awareness
This presentation was adapted from a fraud awareness
presentation titled How to Identify and Catch a Thief in the
Workplace developed by Susan Mondello, Deputy Chief
Audit Officer and Associate Director, University Auditing
and Advisory Services, Georgia State University, Atlanta,
GA, USA.
Fraud Awareness
• Introduction
• Topics of Discussion:
– Definition of Fraud, Occupational Fraud, and Whitecollar Crime
– Fraud Awareness, Detection, and Prevention
– Potential Fraud Indicators
– Actual Fraud Cases
Fraud Awareness
What is Fraud?
Fraud – The intentional misrepresentation of facts that
causes victims to lose money or property.
Occupational Fraud – Fraud committed in the course of
one’s occupation.
White-collar Crime – A variety of nonviolent crimes
committed in commercial settings for personal financial
gain.
Fraud Awareness
Why Should You be Concerned About Fraud?
Fraud is likely to occur in the banking industry because fraud
is generally more lucrative than other types of crime, such
as theft of property. A study by the Association of
Certified Fraud Examiners (ACFE) for 2004 found:
• 75% of property thefts in the U.S. were worth less than
$249 versus a median loss of $159,000 for 1,134
occupational fraud cases.
• Property crimes were down 50%.
Fraud Awareness
Why Should You be Concerned About Fraud?
Fraud is:
• Generally less risky in terms of penalty than other types
of crime.
• Increasingly part of organized crime.
Fraud Awareness
Fraud Can be Stopped
Stopping fraud comes down to scrutinizing “day to day
processes and procedures, and making sure there are no holes
big enough to drive a truck through.”
Quote from: Angela Morelock, CPA, CFE, ABV, partner and member Forensics
& Dispute Consulting Division, BKD, LLP
Fraud Awareness
Fraud Example
A government agency paid $998,798 to ship two small supply
parts costing 19 cents. This was part of $20.5 million in
fraudulent shipping charges paid to a parts supplier to ship
$68,000 worth of parts supplies over a 6-year period.
Fraud Awareness
Who Commits Occupational Fraud?
Some of an organization’s “best” personnel may commit
occupational fraud. The ACFE study found:
• The majority of fraud was committed by long-serving,
middle-aged male executives and managers.
• A positive correlation existed between the size of the
loss and the perpetrator’s authority level, tenure,
education level, age, and male gender.
Fraud Awareness
Perpetrators by position:
• 61% owners/executives/ managers;
39% lower level employees
• Owners/executives median loss was
$1 million or 5X manager and 13X
employee median loss
Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the
Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness
Perpetrators by tenure:
• 64% over 5 years
• Median loss for those with
10+ years was $263,000
compared to $45,000 for
someone with less than 1
year
Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the
Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness
Perpetrators by education level:
Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the
Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness
Perpetrators by age:
Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the
Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness
Who Commits Occupational Fraud?
The typical fraud perpetrator is among the most highly
regarded and trusted personnel in most organizations.
Therefore, controls should be held constant for everyone
regardless of their position and reputation.
Fraud Awareness
Who Commits Occupational Fraud? (continued)
Managers typically express shock and dismay when fraud
occurs. A typical comment is: “I can’t believe this
happened…[the perpetrator] seemed so trustworthy.”
Fraud Awareness
Who Commits Occupational Fraud? (continued)
Consider the 10-10-80 rule cited by auditors:
• 10% of employees will never steal.
• 10% of employees will always steal.
• 80% of employees will steal given the need and
opportunity.
Fraud Awareness
Who Commits Occupational Fraud? (continued)
Those having:
• Pressure
• Opportunity
• Ability to rationalize
These elements make up the fraud
triangle and exist in almost every
instance of fraud.
Fraud Awareness
Elements of The Fraud Triangle
Pressure usually caused by financial need or the desire to
live a lavish lifestyle.
Example of Pressure to Commit Fraud
An experienced fraud examiner identified a junior
procurement officer as a fraud perpetrator because the officer
drove an expensive automobile.
Fraud Awareness
Elements of The Fraud Triangle (continued)
Opportunity typically arises from weak controls or too much
independence/control given to a single individual.
Example of Opportunity to Commit Fraud
A staff accountant responsible for accounts payable
embezzled $7.9 million over 7 years by writing checks
payable to herself, some for as much as $50,000.
Fraud Awareness
Elements of The Fraud Triangle (continued)
Ability to rationalize by perpetrators who make excuses for
their actions because they do not think of fraud as stealing.
Example of Rationalization of Fraud
An individual who stole money from a bank rationalized the
behavior because he believed the bankers were stealing from
their customers.
Fraud Awareness
How Does Occupational Fraud Occur?
ACFE study identified three major fraud categories and the
percentage of cases that applied to each category:
• 92.7% consisted of asset misappropriation.
• 30.1% consisted of corruption.
• 7.9% consisted of fraudulent statements.
NOTE: The above percentages total more than 100% because
some cases applied to more than one category.
Fraud Awareness
How Does Occupational Fraud Occur? (continued)
Main methods of fraud for banking industry:
• Corruption (35.7%) – Conflicts of interest, bribery,
illegal gratuities, economic extortion.
• Billing (19.6%) – Payments to bogus vendors,
payments for personal expenses.
• Larceny (17.9%) – Cash stolen after it has been
recorded on bank records.
• Skimming (14.3%) – Cash stolen before it has been
recorded on bank records.
These four methods account for almost 90% of banking
industry fraud.
Fraud Awareness
How is Occupational Fraud Detected?
Contrary to popular belief, the majority of fraud is not
detected by auditors or bank examiners.
ACFE study identified the methods by which most fraud is
initially detected.
Fraud Awareness
Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the
Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness
A Cautionary Note About Fraud
It is easy for a person to claim that another person has
committed fraud. However, it is often difficult to detect the
fraud and even more difficult to prove fraud in court.
There Are Potential Indicators of Fraud
Fraud must be hidden to be successful. When fraud is
detected, it may be more likely to be noticed because of a
“red flag” that may indicate fraud.
Fraud Awareness
Potential Fraud Indicators
Corporate culture at risk for fraud:
• Organization ambivalent about business ethics; values
and beliefs are economic, political and self-centered.
• Peer relationships hostile, aggressive, contentious.
• High employee turnover; complaints about “burnout.”
• Ambiguity defining job rules, duties, responsibility.
• Inadequate operational reviews/financial audits.
Fraud Awareness
Potential Fraud Indicators (continued)
Personality traits of executives:
• Tend to have highly material personal values.
• Success means financial success, not professional
recognition.
• Treat people as objects, not individuals .
• Appear to be reckless, careless with facts, often enlarge
on them.
• Appear hard working, but spend much time scheming,
designing short cuts to get ahead or beat competition.
Fraud Awareness
Potential Fraud Indicators (continued)
Occurrences in operations (may indicate inadequate internal
controls):
• Account balances significantly over or understated.
• Transactions not recorded completely, timely, or
improperly recorded.
• Missing documents.
• Unexplained items on reconcilements.
Fraud Awareness
Potential Fraud Indicators (continued)
Occurrences in operations (may indicate inadequate internal
controls): (continued)
• Recurring identical amounts from the same vendor.
• Multiple remittance addresses for the same vendor.
• Lack of segregation of duties.
• Payments made on copies of invoices, not originals.
• Discovery of relationship between an employee and a
third party previously unknown.
Fraud Awareness
Fraud Case Study
Who committed the fraud?
• An Information Technology Manager who had a
questionable background.
What fraud was committed?
• Embezzlement of $3.7 million.
When was the fraud committed?
• Over a 10-month period.
Fraud Awareness
Fraud Case Study (continued)
Where was the fraud committed?
• Inside the corporation where the perpetrator worked.
Why was the fraud committed?
• The individual claimed to have a shopping addiction:
purchased 2 homes, 34 automobiles, 2 motorcycles, 3
boats including a 47 foot long yacht, 3 Steinway pianos,
600 Barbie dolls, etc.
Fraud Awareness
Fraud Case Study (continued)
How was the fraud committed?
• The perpetrator created a contract with a bogus
consulting company.
• The perpetrator forged the signature approval of the
corporate Vice President to whom the perpetrator
reported.
• The perpetrator created, approved, and sent 200 bogus
invoices to Accounts Payable with instructions to hold
the checks for the perpetrator to pick up in person.
Fraud Awareness
Fraud Case Study (continued)
How was the fraud committed? (continued)
• When questioned about where the consultants were, the
perpetrator claimed the consultants rarely came to the
perpetrator’s office or had just departed.
• The perpetrator charged dormant project accounts to
hide the payments.
What happened to the fraud perpetrator?
• The fraud was eventually detected and the perpetrator
was sentenced to 4 years in prison.
Fraud Awareness
Fraud Case Study (continued)
What could have been done to prevent the fraud or detect
it sooner?
• Preventive Control – Criminal background and credit
history checks should be performed before individuals
are hired. Such checks might have detected information
about the perpetrator’s background that might have
prevented the individual from being hired.
Fraud Awareness
Fraud Case Study (continued)
What could have been done to prevent the fraud or detect
it sooner? (continued)
• Preventive Control – An individual with signature
authority should never authorize someone else to sign
that individual’s name, use a rubber stamp of that
individual’s signature, or use that individual’s financial
system password to approve transactions.
• Detective Control – Requiring a review of the contract
and verification of signature by Legal staff prior to
paying invoices might have determined the consulting
company was bogus or detected the forged signature.
Fraud Awareness
Fraud Case Study (continued)
What could have been done to prevent the fraud or detect
it sooner? (continued)
• Preventive Control – An individual should not be able
to initiate and approve payments (separation of duties).
• Detective Control – Approval of the consultant
invoices by a second individual who could verify the
business integrity of the transaction may have detected
the fraud sooner.
Fraud Awareness
Fraud Case Study (continued)
What could have been done to prevent the fraud or detect
it sooner? (continued)
• Preventive Control – Checks issued for payment
should be mailed to vendors. They should not be held
for pickup by an individual involved in the initiation or
approval of the invoice.
Fraud Awareness
Fraud Case Study (continued)
What could have been done to prevent the fraud or detect
it sooner? (continued)
• Detective Control – An individual other than the
initiator or approver of transactions should conduct a
monthly review of expenditures. A review by the Vice
President or someone in the Vice President’s office with
sufficient knowledge of the transactions might have
detected the payments to the bogus consultants sooner.
Also, dormant accounts should be reviewed for activity.
Fraud Awareness
Examples of Computer Fraud
Example #1 – Unauthorized Access – An accounts payable
clerk used her computer to access the company’s accounting
software without authorization. The individual then issued
approximately 127 checks payable to her and others, some of
which were deposited into personal bank accounts. The
individual attempted to conceal the fraud by altering the
company’s electronic check registers to make it appear the
checks were payable to legitimate vendors with which the
company conducted business.
Fraud Awareness
Examples of Computer Fraud (continued)
Example #2 – Denial of Service Attack – A computer
systems administrator initiated three denial of service attacks
on a private mail list server system owned by a government
entity. The individual was able to shut the system down by
flooding it with numerous e-mails, resulting in the computer
maintaining the system needing to be shut down, taken out of
operation, reconfigured, and brought back on line. The
individual was identified by tracing the Internet Protocol
addresses back to his personal computer.
Fraud Awareness
Examples of Computer Fraud (continued)
Example #3 – Malicious Systems Administrator – A
disgruntled computer systems administrator used a “logic
bomb” to cause more than $3 million in damages to the
company’s computer network in an attempt to drive down the
company’s stock price. The individual installed the logic
bomb on approximately 1,000 company-owned computers.
When activated, the bomb deleted the files contained on the
computers. The individual purchased stock contracts hoping
to profit when the stock price declined in response to
activation of the logic bomb. (Stock price did not decline.)
Fraud Awareness
Examples of Computer Fraud (continued)
Example #4 – Illegal Data Mining – The owner of a
company (company A) and some of his employees illegally
accessed a computer system owned by another company
(company B), and downloaded significant amounts of
personal, financial, and corporate data company B stored on
behalf of its clients. Company B detected the intrusions,
reported them to law enforcement authorities, and the
intrusions were traced back to an Internal Protocol address
that belonged to one of company A’s computers.
Fraud Awareness
Examples of Computer Fraud (continued)
Example #5 – The Melissa Worm – A computer
programmer unleashed the “Melissa” computer virus. The
virus propagated by posting an infected document to a usenet
newsgroup from a stolen America Online account, and was
designed to evade anti-virus software and infect computers
using Microsoft Windows and Word software. The virus
caused substantial disruption to users of infected systems, and
is estimated to have resulted in $400 million in damages to
affected businesses.
Fraud Awareness
Conclusion
I hope this presentation has given you a better understanding
of:
• Why we should be concerned about fraud.
• How and why occupational fraud occurs.
• What internal controls can be implemented to prevent
occupational fraud or help detect it sooner.
Thank you for your interest and attention today!!!
Bibliography
1.
PricewaterhouseCoopers (2005). Global economic crime survey 2005. Retrieved on July 18, 2006,
from www.pwc.com/extweb/insights.nsf/docid/D1A0A606149F2806852570C0006716C0.
2. Association of Certified Fraud Examiners, Inc (2006). 2006 ACFE report to the nation on
occupational fraud & abuse.
3. Finfacts Ireland. Get an education and make crime pay. Retrieved July 14, 2006, from
www.finfacts.com/comment/irelandvatfraudwhitecollarcrimecomment24.htm.
4. Barnett, Cynthia. The measurement of white-collar crime using uniform crime reporting (ucr) data.
U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services
Division. Retrieved July 14, 2006, from www.fbi.gov/ucr/whitecollarforweb.pdf.
5. Baker, John S. Jr. (2004, October 4). The sociological origins of “white-collar crime.” The Heritage
Foundation. Retrieved July 24, 2006, from www.heritage.org/Research/LegalIssues/lm14.cfm.
6. NW3C, National White Collar Crime Center. White collar crime statistics. Retrieved July 24, 2006,
from www.nw3c.org/research/site_files.cfm?mode=r.
7. U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics.
Crime characteristics. Retrieved July 24, 2006, from www.ojp.usdoj.gov/bjs/cvict_c.htm.
National crime victimization survey property crime trends, 1973-2004. Retrieved July 24, 2006,
from www.ojp.usdoj.gov/bjs/glance/tables/proptrdtab.htm.
8. AICPA Professional Standards. AU Section 316, consideration of fraud in a financial statement audit
(source SAS No. 99).
9. Frieswick, Kris (2003, July). How audits must change: auditors face more pressure to find fraud.
CFO: Magazine for Senior Financial Executives. Retrieved July 17, 2006, from
www.cfo.com/article.cfm/3009752?f=related.
10. Coenen, Tracy L., CPA MBA, CIA. (2006, January 25). Why didn’t our auditors find the fraud?
Wisconsin Law Journal. Retrieved July 17, 2006, from www.sequenceinc.com/press/auditorsfind.htm.
11. Durant, Andrew, CFE, FCA (2006). Schemes and scams – the many faces of procurement fraud.
Presented at the 17th Annual Association of Certified Fraud Examiners Conference.
Bibliography (continued)
12.
13.
14.
15.
16.
17.
18.
19.
20.
Wells, Joseph T. (2003, November). Follow the greenback road. Journal of Accountancy.
Retrieved July 14, 2006, from www.aicpa.org/pubs/jofa/nov2003/wells.htm.
Capaccio, Tony. Pentagon paid $998,798 to ship two 19-cent washers. Bloomberg.com.
Retrieved march 27, 2008, from
www.bloomberg.com/apps/news?pid=20670001&refer=home&sid=a_pIZ20xQxeU.
Henning, Peter J. Did anyone notice the bookkeeper’s lavish lifestyle? White Collar Crime Prof
Blog. Retrieved April 1, 2008, from www.lawprofessors.typepad.com.
Phillips, Brock, CPA, CFE, Sr. Forensic Accountant, Microsoft Corporation (2001). The CFE’s
job security: internal controls and employee theft. Presented at the 17 th Annual Association of
Certified Fraud Examiners Conference.
Anderson, Rick (2001, January 24). Wake up and smell the coffee. Seattle Weekly. Retrieved
July 18, 2006, from www.seattleweekly.com/news/0104/news-anderson2.php.
Maleng, Norm, King County Prosecuting Attorney (2001, August 1). Charges filed in Starbucks
embezzlement. Retrieved July 18, 2006, from www.metrokc.gov/proatty/news/2001/Heinen.htm.
Wikipedia, Computer fraud case studies. Retrieved February 13, 2009, from
http://en.wikipedia.org/wiki.
Eaton, Leslie (1997, September 14). Investing IT: Fraud Case Focuses On Internet. New York
Times. Retrieved February 13, 2009, from http://query.nytimes.com/gst/fullpage.html
Johnstone, Dale, and Wong, Ellis Chung Yee, Practicing Information Technology Auditing for
Fraud. Information Systems Audit and Control Association. Retrieved February 13, 2009, from
http://isaca.org.