Document 7302477
Download
Report
Transcript Document 7302477
Auditing for Fraud.
2nd International Symposium on Auditing in Turkey
Jean-Pierre Garitte, CIA, CSSA, CISA, CFE
April 26, 2007
Understanding Fraud
Definition for Fraud (IIA)
Fraud encompasses an array of irregularities and illegal acts characterized by
intentional deception. It can be perpetrated for the benefit of or to the detriment of
the organization and by persons outside as well as inside the organization.
Examples of Fraud
Fraud designed to benefit the organization
• Sale or assignment of fictitious or misrepresented assets
• Improper payments (e.g. bribes, kickbacks, payoffs to government
officials)
• Intentional, improper representation or valuation of transactions,
assets, liabilities or income
• Intentional, improper transfer pricing
• Intentional, improper related-party transactions
• Intentional failure to record or disclose significant information to
improve the financial picture of the organization to outside parties
• Prohibited business activities (e.g. those that violate government
regulations)
• Tax fraud
Examples of Fraud
Fraud perpetrated to the detriment of the organization
• Acceptance of bribes or kickbacks
• Diversion to an employee or outsider of a potentially profitable
transactions that would normally generate profits for the
organization
• Embezzlement as typified by the misappropriation of money or
property and falsification of financial record to cover up the act
• Intentional concealment or misrepresentation of events or data
• Claims submitted for services or goods not actually provided to the
organization
"It was recently estimated that 99% of all dishonesty within a given company was
perpetrated by people who regarded themselves as honest when hired.
It is therefore apparent, that there are many employees who are as honest as
they are required to be under the system in which they work."
The Wall Street Journal
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
7
Typical Fraudster
• On the Surface
–
–
–
–
–
Long-time employee
In a position of trust
Doesn’t take vacations
Appears to be extremely dedicated
Has unexplained cash or other wealth
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
8
Typical Fraudster
• Beneath the Surface
–
–
–
–
–
–
–
Living beyond means
Gambler
Drug or alcohol problem
Behavioral changes
Extramarital affairs
Hostility toward management
General disenchantment with compensation
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
9
General ideas on fraud
Indirect trigger: the fraud triangle
• Opportunity through the organisation:
• “Everybody does it”
• no clear rules boundaries
• “I’ve been doing overtime
unpaid”
• weak/deficient internal control
• “I was doing it as a favor to
show the internal control
weaknesses”
• Individual opportunity:
• good operational knowledge
• “key to the organisation”
• “I was passed for promotion”
Motive
• Financial problems
• Unrealistic goals set by organisation
• Lifestyle pressures
Auditing for fraud / Jean-Pierre Garitte
• Debt
©2007 Deloitte Belgium
10
Managing the Triangle
•
•
•
•
•
The 10/80/10 Rule
Employees will be no more ethical than those who run the company
Challenge is to manage the 80%
Justify their activity as non-criminal
Even when convicted, don’t see themselves as criminals
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
11
A Statistical Certainty...
…and the basis of our practice
“At any given moment, there is a certain
percentage of the population that’s up to no
good.”
J. Edgar Hoover
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
12
Why all the Fraud?
• What’s the motivation?
– Corporate Culture
• Downsizing
• Diminished loyalty
• Bottom-line pressures
– Changing Technology
– Globalization
– Organized Crime Influence
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
13
A Vulnerable Organization
• Corrupt management
• Internal controls weak or unmonitored
• Company or department dominated by one or two managers
• Management compensation linked to short-term results
• Employees poorly managed, trained or paid
• Top management incompetent or focused solely on short-term profits
• Lack of internal audit function
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
14
Common Management Fraud Schemes
•
•
•
•
•
•
•
•
Pre-billing clients for shipments not yet made
Booking sales before final
Altering invoices
Altering credit card receipts
Charging personal expenses
Overstating revenues and assets
Understating expenses and liabilities
Inadequate provisions for allowance for doubtful accounts…
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
16
Why?
• Shares of management and administrators
• Weak financial results
• High expectations of the market
• Bonus of management
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
17
How?
• Manipulation of revenues
• Manipulation of costs
• Manipulations in the balance sheet
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
18
Financial statement fraud
Five classifications
• Fictitious revenues
• Timing differences
• Improper asset valuation
• Concealed liabilities/expenses
• Improper disclosures
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
19
Detective and investigative
techniques
…it’s everyone’s responsibility
Financial Statement Fraud Analytical Procedures
Examples of consistency and inter-relationship tests:
• Net income to cash flow
• Relative movements in inventory, A/P, sales, cost of sales
• Comparison to industry trends, such as bad debt write-offs
• Production, inventory, sales relationships
• Comparing results of an entity to those of competitors provides valuable
information as to whether (and how) the entity is outperforming or
underperforming other entities in the industry
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
24
Proactive Anomaly
•
•
•
•
•
•
Address Verification
Duplicate Payments
Unexpected Relationships
Overpayments
Identification Number Testing
Shared Elements Testing
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
25
Corporate Awareness:
How to defend against
fraud?
…it’s everyone’s responsibility
Creating a Control Environment
Fraud Deterrence – Create a control environment where honesty and integrity are
expected. Communicating a process of detection and the consequences of
prosecution to dissuade the attempt at fraud
•
•
•
•
•
Tone at the Top
Code of Business Conduct
Whistleblower Hotline
Communications
“Walk” the walk, and “talk” the talk
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
27
Code of ethics
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
29
Corporate Awareness
…every employee
has responsibility
Know Your
Operations
Know Your
Vendors
Know Your
Employees
Know Your
Customers
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
30
Know Your Employees, Know Your Customers
• Your front-line staff is your front line of defense. They are key to identifying fraud.
• If they are fraudsters themselves, you begin to see the “circle of co-conspirators.”
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
31
Know Your Employee
Employee
($60,000 median loss)
Managers/Executives
($250,000 median loss)
Managers & Employees
conspiring in a fraud scheme
($500,000 median loss)
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
32
Know Your Employees, Know Your Customers
•
•
•
•
Ignorance is NOT an excuse
Thoroughly verify identities
What you don’t know CAN hurt you
Assertiveness is key to knowing the truth
Auditing for fraud / Jean-Pierre Garitte
©2007 Deloitte Belgium
33
Corporate Awareness is
Everyone’s Responsibility!
Member of
Deloitte Touche Tohmatsu