DEMYSTIFYING THE FRAUD RISK TO BUSINESSES …dhc.co.in/uploadedfile/1/2/-1/Demystifying the Fraud...

1

DEMYSTIFYING THE FRAUD RISK TO BUSINESSES AND THE IMPERATIVE MEASURES

A Guide to enhance the Business Integrity and Ethical Infrastructure…

CONTENTSBUSINESS ENVIRONMENT OF TODAY AND FRAUD CONNECTION .......................... 1

SOME OF THE HIGH PROFILE FRAUDS OF THE PAST ........................................ 2

IMPORTANT FACTS ABOUT FRAUD ............................................................. 5

What is Fraud? What does it mean? ......................................................... 5 What are the major Fraud categories? ....................................................... 5 Why do people commit Fraud? ............................................................... 6 WhyFraudshappenatthefirstplace?...................................................... 6 What is the extent of Fraud? ................................................................ 6SOME OF THE LESS KNOWN FACTS ABOUT FRAUD ......................................... 7

Company Size ................................................................................ 7 Initial Detection of Occupational Frauds .................................................... 8 Source of Tips ............................................................................... 8 Control Weaknesses That Contributed to Fraud ............................................ 9 Industry of Victim organisation ............................................................. 10UNDERSTANDING PERPETRATORS AND THEIR BEHAVIOURAL PATTERNS ................ 11

Position ........................................................................................ 11 Age ............................................................................................ 12 Tenure ......................................................................................... 12 Education Level .............................................................................. 13 Department ................................................................................... 14 Behavioural Red Flags ........................................................................ 14THE INDIAN CONTEXT ........................................................................... 16

ANTI-FRAUD CONTROL FRAMEWORK ............................................................... 17Hari-bhakti Business Integrity Civilisation Framework ............................................ 18 Anti-Fraud Framework (Fraud Free): ........................................................ 18 Fraud Risk Assessment ....................................................................... 19 Fraud Discovery and Investigation: .......................................................... 20 Uncovering the Perpetrator .................................................................. 22 The Revival Strategy ......................................................................... 23 An Ongoing Validation ........................................................................ 23LAWS TO CURB CORPORATE FRAUDS ......................................................... 24

AFTERMATH OF FRAUD .......................................................................... 25

CONCLUSION ...................................................................................... 26

OUR SKILLS ........................................................................................ 27

INVESTIGATION OF INDIA CORPORATE FRAUDS BY SFIO .................................. 28

CASE STUDIES-HARIBHAKTI INDIA ............................................................. 29

1

In today’s business environment; opportunities for fraud are many and varied. Opportunity, rationalisation and employee pressure, all work collectively to cultivate an environment where fraud might presently be taking place or could take place in future.

Many companies assume that the greatest risks come from those outside the company, but many a times fraud is committed by those employees who have served the organisation for a long time and who knows how to work the system and disguise financial leak or by disgruntled workers who feel that thecompany owes them something. Creating an anti-fraud policy is not enough; organisations should build an anti-fraud programme and conduct regular assessments to mitigate such a risk.

There have been attempts made to measure the true extent of fraud, but compiling reliable statistics for fraud is not an easy exercise. One oftheaspectsoffraudisdeception;itcanbedifficulttoidentifyandsurveytheresultsthatreflectinstancesoffraud,whichhavebeenexposed. It is estimated that a majority of frauds go undetected and when a fraud has been detected, it may not be reported. During the year 2012 The Transparency International’s Corruption Perceptions Index had ranked India at the 94th position, out of 176 countries.

Determining fraud is perhaps the important part of understanding the depth of problem. News reports provide visibility to largest cases. Obtaining a comprehensive measure of fraud’s financialimpact is often challenging and sometimes impossible. Because fraud inherently involves efforts for concealment, many fraud cases will never be detected and in those cases which are detected, the fullamountoffinanciallossmightneverbedeterminedorreported.

In its 2012 report, The Association of Certified Fraud Examiners (ACFE) estimated that organisations loss indicates an estimated 5% of their revenues to occupational fraud.

Some interesting facts from the 2012 ACFE report are as under:-

• Typicalfraudlaststwoyearsbeforedetected

• Asset misappropriations are the most common type ofoccupational fraud, comprising 87% of cases followed by Financial statement fraud which accounted for 8%

• Occupationalfraudismorelikelytobedetectedthroughtipsthan by other methods

• Industries which were most commonly victimized in thestudy, were banking and financial services, government &public administration and manufacturing sectors

• 77% of all frauds were committed by individuals workingin anyone of the six departments: accounting, operations, sales, customer service and purchasing

• Fraudsterdisplayedoneormorebehaviouralredflagsin81%cases associated with fraud

A Fraud survey conducted by a leading firm reported that in India,

• wehavethehighestnumberofcompaniesat68%affectedbyfraud than any region

• average loss to fraud stood at 1.2% of revenues which ishigher than global average at 0.9%

• 22%ofIndiancompanieswereaffectedbyinternal financialfraud

• Vendororprocurementfraudwasaccountedat20%

• Thenumberoffirmsaffectedbycorruptionis20%

Identifying the factors that provide the opportunity for a fraud to take place is an important part of preventing similar frauds from reoccurring in future. An outright lack of controls is the primary weakness followed by the perpetrator overriding existing controls. Lack of management’s review is another key control weakness that contributes to occurrence of fraud.

BUSINESS ENVIRONMENT OF TODAY AND THE FRAUD CONNECTION

2

EnronEnron was forced to file for bankruptcy in December 2001. Thetrouble for Enron began when investors who were promised to get rich dividends from sale of gas and electricity did not get their returns, as planned. In this position the company sought to hide truth from public by borrowing additional funds to bridge the gap.

Root cause of this failure was

• TheofficersfromEnronmanipulatedthecompany’s financialstatements

• M/s.ArthurAndersenwastheConsultantsandtheStatutory AuditorsforEnrontherebycreatingaconflictofinterest

Consequences of the scandal

• 4500employeeslosttheirjobsandInvestorslostcloseto USD60billionwithinfewdays

• TheauditingfirmArthurAndersonlostitsaccreditation

• Rulesforfinancialreportingofcompaniesweredrastically sharpened: Sarbanes-Oxley Act (2002) was put in place

Aftermath of Fraud

• Company’soperationcouldnotberestored

WorldcomBetween January 2001 and March 2002 the second largest longdistance phone company from the United States admitted that, theirprofitshadbeenartificiallyinflatedbyUSD3.8billion.Later,it was detected that the Chief Financial Officer, had improperlybooked expenses as an investment to make company look healthier.


• Booking ‘line costs’ (interconnection expenses with othertelecommunication companies) as capital in the balance sheet of that company instead of charging as revenue expenses

• ViolatedGAAPRegulationsandadjustedearningstothetuneofUSD11billionduringtheyears1999-2002


• During July, 2002 Worldcom filed for a bankruptcy protection

• TheCEOofthecompany,wassentencedto25years’in prison

Aftermath of Fraud

• During 2003, the company renamed itself MCI and emerged frombankruptcyproceedings in 2004and later during2005,itwasacquiredbyVerizonCommunications

DaewooDaewoowentbankrupt,withdebtsofabout80billionwon($84.3million).In2005,theChairmanofDaewooGroup,waschargedformasterminding an accounting fraud amounting to 41 trillionwon($43.4billion), illegally borrowing 9.8 trillionwon ($10.3billion)andsmugglingUSD3.2billionfromcountry


• TheAccountingFraudatDaewoowasattributedtoits unsuccessfulCorporateGovernance

• Thedownfallremainshighlycontroversialbecauseofthe sheer importance of chaebols in Korean economy and a belief that Daewoo and other Korean conglomerates were “too big to fail”. Such belief led many bankers and investors to continually invest money in bailouts, despite the sign that Daewoo was unable to engineer a turnaround and repay these bad loans


• Daewoofoundersentencedto10years’inprisonfor masterminding the accounting fraud

Aftermath of Fraud

• The group was restructured under three companies: DaewooCorporation,DaewooEngineering&Construction and Daewoo International Corporation

• GeneralMotorsacquiredDaewoobrandofvehiclesandit was branded as Chevrolet

• Daewoocommercialvehiclemanufacturerwastakenover by Tata Motors

SOME OF THE HIGH PROFILE FRAUDS OF THE PAST

3

Indian EnronThe fourth largest IT Company of India was charged with manipulating its company Balance Sheet by illegal means. Companies operatingmarginwasnot24%asshowninitsaccountswhichwereaudited byGlobalAudit Firm, but itwas only 3%. The companyhadreportedasumofRs.5,360Crores($1.1billion)cashpile inits Balance Sheet as against the correct amount of $78 million. During January 2009, theChairman confessed the scam involvingRs. 7,100 Crores. The CID informed the Court that actual number of employeeswere40,000andnot53,000asreportedandeverymonththe chairman had been allegedly with drawing cash amounting to Rs. 20 Crores (US$4 million) for paying the non-existent 13,000employees.


• Falsificationofcompanyaccounts

• CBI confirmed that theAuditorswhowerepartnerswith GlobalAuditFirm,Bangalore,wronglysignedunderthe nameofGlobalAuditFirmwhereastheassignmentwas outsourcedtoanotherfirmi.e.Lovelock&Lewes


• chairman along with 2 others who were accused of scandal were arrested and have been granted bail

• 2partnersofGlobalAuditFirmhavebeenchargedby India’s CBI in connection with the Satyam scandal

• 2 accountants of Lovelock & Lewes has been barred by ICAI and their registration removed

Aftermath of Fraud

• 46%stakeinofthecompanywaspurchasedbyanother ITES company. Company branded its services under the new ITES company management

Stock and Investment Scam - IBernie Madoff former non-executive Chairman of the NASDAQ stockmarketwassentencedto150yearsinprison,themaximumsentence that could be imposed on anyone convicted of a corporate fraud.Herana“Ponzi”scheme,showingfalsifiedprofitsandgainswith the money that clients gave for investment.


• Failuretouncoverthefraudexecuted;throughnumerous staff members by investigation agencies of Securities and Exchange Commission who had conducted repeated investigation


• SEC conducted an internal investigation into agency’s failures.Despiteaseriesofredflagsandtips,theearlier investigators did not decode fraud. Eight SEC employees were disciplined

• Securities and Exchange Commission believed that the actual fraud amounted to be somewhere in the region of USD14&17billion

Aftermath of Fraud

• Liquidation of Bernard L. Madoff Investment Securities LLC is undergoing under the Securities Investor Protection Act (“SIPA”)

Stock and Investment Scam - IIIn1992,HarshadMehtatriggeredariseinBombayStockExchangeby trading in shares at premium across many segments. Taking advantage of loophole in banking system, Harshad and his associates triggeredsecurities scamofRs.4000Croresdiverting funds frombanks to stockbrokers.


• Bank of Karad and the Metropolitan Co-operative Bank issued fake Bank Receipts (BRs) without the guarantee of any government securities. Once they issued fake BRs, Mehta passed them to other banks who in turn lent him the money. This money was used to enhance share prices in stockmarket. Shares were sold for significant profits money was returned to bank for retired BRs


• Indexfellfrom4500to2500representingafinancialloss of Rs. 100,000 Crores in market capitalisation

• SEBI Act was passed in 1992; SEBI was entrusted with primary task of protecting the interests of investors. It was also entrusted with twin objective of developing and regulating stock market

Aftermath of Fraud

• After the death of the accused, the Income Tax DepartmentandPublicSectorBanksrecoveredasignificant portion of their claims emerging out of the securities scam fromhisliquidatedassets

Stock and Investment Scam - IIIKetan Parekh targeted smaller exchanges like Allahabad and Calcutta Stock Exchanges; bought shares in fictitious names. HelaterborrowedRs.250CroresfromGlobalTrustBank(GTB).Ketanand associates received financing amounting to Rs.1000 Croresfrom Madhavpura Mercantile Co-operative Bank. There was an evidenceofpricerigginginscripsofGTB,ZeeTelefilms,HFCL,LupinLaboratories, Aftek Infosys and Padmini Polymer.


• Joint Parliamentary Committee criticised RBI on failure to supervise urban co-operative banks due to the increase in number of UCBs, size of their deposits and involvement in stock markets


• Co-operativebanksarenolongerallowedtolendagainst shares to individuals or organisations

• Scam and the market crash had wiped out over Rs.2,00,000Croresofmarketwealth

• Sensexcrashedtoa28-monthlowof3183.77pointsand the Indian Rupee weakened against American Dollars to Rs.47

Aftermath of Fraud

• Global Trust Bank and the Madhavpura Mercantile Co-operative Bank were driven to bankruptcy as the money they had lent, went into an abyss with his reportedly favourite K-10 stocks

4

Stock and Investment Scam - IVBhansali scamresulted inafinancial lossofoverRs.1200Crores.HefirstlaunchedafinancecompanybynameCRBCapitalMarkets,followed by CRB Mutual Fund and CRB Share Custodial Services. CRB Capital Markets raised a whopping Rs.176 Crores in three years.In1994CRBMutualFundsraisedRs.230CroresandRs.180Croresviafixeddeposits.BhansalisucceededtoriseaboutRs.900Croresfrom markets. Money was transferred to shell companies that never existed and investors were paid interest from further borrowings.


• 1995 Stock market collapsed; he tried to borrow more funds from market which led to the downfall

• Prior to admission of scam RBI’s investigative team highlighted massive irregularities in its report on the ways by which CRB were using public moneys, but no further follow-up action was taken


• Registration of NBFCs with RBI wasmandated. In March 1994, out of 37,880 applications received by RBI, only 9000werefoundeligibleandtheremaining28,500NBFCs didnothadtherequirednetownedfunds

Aftermath of Fraud

• SEBIappointedanadministratorforCRB’sArihantscheme and finalised a scheme for payment to unit holders. Under this scheme the investors were prematurely paid Rs.4.95perunit.BydoingthisasumofRs.1.07Crores waspaidto19,396unitholderstotheextentof300units eachand68%ofunitholderswerepaidoff

• Non-individual unit holders were also paid for 300 units. After disposing of the entire unlisted and non-traded shares, the other unit holders were paid off. Unitholdersgotapproximately50%ofsumwhichtheyhad invested

Stock and Investment Scam - V Dinesh Dalmia, MD of DSQ Software Limited was arrested by CBI for hisinvolvementinastocksscamofRs.630Crores.Duringtheyear2001 theCompany had allegedly issued duplicate shares throughstockbroker Harish Biyani and his associates. It is also alleged that officialsinNSDLassistedindematerialisingtheseshares.


• Investigation showed that Rs 1.30 Crores (13 million) shares of DSQ Software Ltd. were not listed on stock exchange

• ItisallegedthatofficialsofNSDLdematerialisedunlisted stock by creating retail accounts


• DineshDalmiawasimprisonedfortwoyears

Aftermath of Fraud

• DSQ Software has been suspended from trading since October2005

Finance Portal ScamSanjayAgarwal’s finance portalwas a veil to cover up his shadydeals.He swindledawhoppingRs.600Crores frommore than25co-operativebanks.Governmentsecurities(gilt)scamof2001wasexposed when the RBI checked the accounts of co-operative banks following unusual activities in gilt market.


• He took money from co-operative banks to buy government securities and then allegedly sold the same securities to other banks

• Co-operative banks may have erred in not demanding deliveryoftheoriginalG-secs


• During 2005 Sanjay Aggarwal along with his associates Ketan Seth and Subodh Bhandari were arrested

Aftermath of Fraud

• TheCentralgovernmenthadtorecapitaliseco-operative banks to the extent of Rs.7,000 Crores

Cobbler ScamSohin Daya, was main accused in the multi-crore shoe scam. DayaofDawoodShoes,RafiqueTejaniofMetroShoesandKishoreSignapurkar of Milano Shoes were arrested for creating several leather co-operative societies which did not exist. Scam was exposedin1995.


• Accused created fictitious co-operative society of cobblers to take advantage of government loans through various schemes

• Officials of Maharashtra State Finance Corporation, Citibank, Bank of Oman, Dena Bank, Development Credit Bank, Saraswat Co-operative Bank and Bank of Bahrain and Kuwait were charged


• Cobblers ofMumbaiweremajorly affected by the Scam as they were not benefited by a single rupee of the Scheme which was meant only for them

Aftermath of Fraud

• ScamcostGovernmentofIndiaaroundRs.1200Croresor USD600million

• Politicians, bureaucrats and top shoe manufacturers in Maharashtra were also affected. Shoe manufacturers have to shut their shoe outlets as their business plummeted

5

What is Fraud? What does it mean? Fraud commonly includes activity like theft, corruption, conspiracy, bribery, extortion, money laundering and embezzlement. Fraud means many things resulting from varied relationships between offenders and victims.

• crimesbyindividualsagainstconsumers,clientsorother business people

• employeefraudagainstemployers

What are the major Fraud categories? Fraudcanbeclassifiedintothefollowingcategories:-

• Assetmisappropriation:employeestealsormisusesorganisation’sresources

• Corruption:employeesmisuseinfluenceinbusinesstransactionstogaindirect/indirectbenefit

• Financialstatementfraud:deliberatelycausingmisstatementoromissionofmaterialinformation

10.30%

26.90%

88.70%

4.80%

32.80%

86.30%

7.60%

33.40%

86.70%

0.00% 20.00% 40.00% 60.00% 80.00% 100.00%

Financial

Statement Fraud

Corrup�on

Asset

Misappropria�on

Percent of Cases

Type

of

Frau

d

Fraud Types

201220102008

IMPORTANT FACTS ABOUT FRAUD

• crimesbybusinessesagainstinvestors,consumersand employees

• crimesbyindividualsorbusinessesagainstgovernment

• crimesbyprofessionalcriminalsagainstmajor organisations

• employeeobtainsbenefittheyarenotentitledtoor deliberately refrains to report the change in event

• e-crimebypeopleusingcomputersandtechnology

6

• Lack of employee awareness: Employees do not report unethical conduct due to their fear of retaliation from management and co-workers. The company should provide ongoing and continuing training for their employees and should reinforce the organisation’s values, code of conduct and expectations

• Non-Committed Promoters: Promoters and the senior management have to lead by example and actions. Their actions should include both rewarding for good ethical behaviour and also for punishing unethical actions. There should be sanctions for engaging in, tolerating, or condoning improper conduct

• Absence of a code of ethics: Organisations should produce a clear statement of management philosophy. It should include concise compliance standards that are consistent with management’s ethics policy relevant to business operations

• Senior management overriding the internal controls: The Management of an organisation may decide to override controls so as to intentionally misstate the nature and or timing of revenue or other transactions by

o recordingfictitioustransactionsorchangingthe recorded timings of a legitimate transaction

o establishing or reversing reserves to manipulate the result of operation

o alteringrecordandtermsrelatedtosignificantor unusual transactions

• Ineffective disciplinary measures: No control environment will be effective unless there is consistent enforcement of discipline for ethical violations. A consistent discipline requires a well defined set of sanctions for violations and strict adherence to the prescribed disciplinary measures

• Casual screening of job applicants: One of the easiest ways to establish a strong moral tone for an organisation is to hire morally sound employees. Organisations should conduct thorough background checks on all new employees. Such background checks should include a thorough examination of candidate’s educational credentials, criminal record, if any, history of employment and references. Speaking with former employers or supervisors provides valuable information about person’s trustworthiness, moral conduct and loyalty aspect

• Management Performance Incentive: The degree of fear and pressure associated with meeting numerical goals and targets also play a major role in fraud. Pressure and fear are correlated and effects employee in meeting revenue goals

What is the extent of Fraud?Fraud is an issue that all organisations face regardless of their size, industry or country. Where the organisation has valuable property (cash, goods, information or services) then fraud may be attempted. While the frauds committed in high profile large /multinationalorganisations are reported in the media, smaller organisations may feel that they are unlikely to be a target of fraudsters

Why do people commit Fraud? Theappallingrisksafflictingorganisationsofallsizesarethepeoplewho do dishonest things. The sociology and criminology literature describe fraud perpetrators as “trust violators.” In other words, trust violators are people you wouldn’t be normally suspected of committing fraud. These perpetrators are categorised into a model built on the premise that fraud is likely to result from a combination of three factors: motivation, opportunity and rationalisation.

• Motivation: Based on either greed or need. Other causes cited include problem from debts & gambling. People are also faced with opportunity to commit fraud and only a minority of them are greedy and needy, do so

• Opportunity: Fraud in companies is likely where internal control system is weak or security over company property is poor, or the fear for getting exposed is nonexistent and the likelihood of the detection or non- implementation of unclear policies are not prevalent

• Rationalisation: People obey law because they believe it and/or they are afraid of being shamed or disgraced by people they care, if they are caught. However, some people may be able to rationalise fraudulent actions as:

o necessary – especially when done for the business

o harmless – because the victim is capable to absorb the impact

o justified–because‘thevictimdeservedit’or‘Iwas mistreated’

FRAUD FACTORS

RATIONALISATIONOPPORTUNITY

MOTIVATION

Why Frauds happen at the first place?Employees look to management for direction. Management must be conscious of signals it sends to its employees. Absence of creating ethical values within an organisation by “Tone at the Top” increases theriskforfinanciallossesduetofraud,harmtoloyaltyandmorale.

Given below are some of the key reasons for Fraud in waiting to happen:

• Poor tone at the top: When the upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will are more prone to commit fraud because employees may feel that ethical conduct is not a focus or priority within the organisation

The rising distance between the top and supervisory management, lack of awareness and inadequate communication channels to disseminate the acceptable standards of business conduct and business values are essential reasons for existence of the fraud

7

No.

of

Empl

oyee

s

10000+

100-999

<100

18.9%

19.5%

3 0

28.1%

38.2%

3.8%1.8%

Company Size

Percent of Cases

1000-9999

0.0% 0.0%5.0% 15.0% 20.0%

20.6%

20.6%

20.0%

22.8%

23.0%25.9%

25.0% 30.0% 35.0% 40.0% 45.0%

201220102008

SOME OF THE LESS KNOWN FACTS ABOUT FRAUD

Smallbusinesses(classifiedthosewithlessthan100employees)sufferfraudmorefrequentlythanlargeorganisationsandare hit by higher average losses. When small companies are hit by large fraud losses, they are less likely to be able to absorb the damage - ACFE report,

There is a lot to learn from the past, most important being:a) the impact on share prices, reputation & businessb) lesson on installation of code of business conduct & ethicsc) regulation of related party transactionsd) investing on the right set of internal controlse) inspecting the behavioural patterns of un-usual activitiesf) awareness about the fraud response and escalation plang) importance of disciplinary measures

Company Size

8

Initial Detection of Occupational Frauds

Management Review

Det

ecti

on M

etho

d

By Accident

Internal Audit

0.80%

1.00%1.50%

2.60%1.90%1.80%3.00%

4.60%3.30%

1.10%

0.00%

Tip

5.20%4.10%

6.10%4.80%

8.30%7.00%

13.90%14.40%

10.00%

15.40%14.60%

40.20%43.30%

20.00% 30.00% 40.00% 50.00%

Fraud Detection

Account Reconcilliation

Document Examination

External Audit

Notified by Police

Surveillance/Monitoring

Confession

IT Controls

Percent of Cases

20122010

Source of TipsIdentifyingthemostcommonsourcesof‘tips’isessentialtocraftasystemthatencouragesindividualstostepforwardwithinformation.ACFEreportedthat12%oftipscamefromananonymoussource.

Sour

ce o

f Ti

ps

Employee

Customer

Anonymous

Competitor

Vendor

Other

Shareholder/... 2.30%

1.50%

12.40%

11.60%

9.00%

22.10%

50.90%

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00%

Source of Tips

Percent of Tips

‘Tip’followedbymanagementreviewandinternalauditsplayaprevalentroleindetectingfrauds.-ACFEreports

9

Control Weaknesses that Contributed to FraudIdentifying the factors that provided the opportunity for a fraud to occur is an important part of preventing similar frauds from occurring again in future.

Below mentioned in the chart are the primary control weakness observed by CFEs.

Contr

ibuti

ng

Fac

tors

Lack of Internal Controls

Lack of Management Review

Lack of Independent Checks/Audits

Lack of Employee Fraud Education

Lack of Clear Lines of Authority

Lack of Reporting Mechanism

Lack of Competent Personnel in Oversight Roles

Poor Tone at the Top

Override of Existing Internal Controls

0.60%

1.80%

1.90%

5.60%

0.30%

1.80%

2.50%

3.30%

Percent of Cases

30.00%20.00%10.00%0.00%

35.50%37.80%

19.40%19.20%

8.40%

6.90%7.30%

9.10%

17.90%18.70%

40.00%

Primary Internal Control Weakness Observed by CFE

20122010

An effective internal control environment enabled by electronic and automated controls and digital

monitoring techniques can curb and detect most of the corporate frauds.

10

Industry of Victim organisationBankingandfinancialservices,government&publicadministrationandmanufacturingaccountedforacombined37%offraudcasesasreported by ACFE. Although they had highest number of fraud cases, they were not as severely impacted by reported median value of fraud comparedtootherindustries.MiningsectorparticularlyhadhighfraudlossvaluefollowedbyRealEstate,ConstructionandOil&Gas.

Indu

stry

Banking and Financial Services

Government and Public Administration

Manufacturing

Health Care

Education

Retail

Insurance

Services (Professional)

Services (Other)

Construction

Oil and Gas

Telecommunications

Technology

Transportation and Warehousing

Arts, Entertainment and Recreation

Wholesale Trade

Real Estate

Religious, Charitable or Social Services

Mining

Utilities

Agriculture, Forestry, Fishing and Hunting

Communications and Publishing

0.7%

0.0% 5.0% 10.0% 15.0% 20.0%

0.9%

1.5%

2.5%

3.2%

2.3%

2.7%

3.4%

3.6%

2.1%

3.2%

2.3%3.9%

2.8%4.0%

0.7%

0.7%

1.5%

1.8%

2.0%

2.0%

2.3%

2.6%

2.8%

3.1%

3.2%

3.4%4.3%

3.5%4.9%

Victim Organisation

5.1%

6.6%

5.9%

5.7%

6.1%

6.4%5.0%

6.7%

Percent of Cases

10.7%10.1%

10.3%9.8%

16.6%16.7%

20122010

IndustryMining

Real Estate

Construction

Oil and Gas

Banking and Financial Services

Top 5 Industry Sorted by Median Loss as reported by ACFE

0.70%

2.00%

3.40%

3.20%16.70%

Percent of Cases 28,000,000.00

21,000,000.00

14,000,000.00

12,992,000.00

16,800,000.00

Median Loss (INR)

11

Fraudperpetratorscanbeidentifiedbyunderstandingcommoncharacteristicsbasedondemographicinformationoffraudperpetrators,includinglevelofauthority,department,tenure,educationlevel,age,criminalandemploymenthistoryandbehaviouralredflagsexhibitedprior to detection of frauds.

Position ProfilingFraudsterscanbedistributedintothreebroadlevelsofauthority—employee,managerandowner/executiveandapproximately42%offraudsterswereemployees,38%weremanagers,18%wereowner/executivesand2%werecategorisedothers.

Thereisalsoastrongcorrelationbetweenthefraudster’slevelofauthorityandthelossesresultingfromthefraud.Owner/executivescaused losses approximately thrice that of managers and managers caused losses approximately thrice that of employees.- ACFE report.

2012

2010

2008

Posi

tion

0.00% 10.00%

16.90%

20.00% 30.00%

17.60%37.50%

37.10%

40.00%

Percent of Cases

23.30%

39.70%

41.60%

41.00%42.10%

50.00%

Owner / Executive

Manager

Employee

UNDERSTANDING PERPETRATORS AND THEIR BEHAVIOURAL PATTERNS...

Fraud has a behavioural side which is related to an interpersonal space of an individual, his background, outlook and his belief system. To eliminate fraud, it is important to eliminate the bad side of an individual and not the individual himself. The correction of behaviour is required which is only possible by first understanding the behavioural side…

12

Age ProfilingMentionsthatapproximately54%ofallfraudsterswerebetweentheagesof31and45.Fraudlosses,however,tendedtorisewithageofthe perpetrator. There is an incremental increase noted for each advancing age range- ACFE report

Perc

ent

of C

ases

5.2%

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

<26 >60

9.6%

5. 8 %

9.8%

26–30 31–35 36–40 41–45 46–50 51–55 56–60

16.1%16.1%

19 .3% 19.3%

Age

13.7%

19. 6 %

13.5%

9.4% 9.0%

5.2%

2.2%3.1%

5.2%

18.0%

20122010

TenureIndividuals who work in an organisation for longer period of time will enjoy more trust from their supervisors and co-workers; this may mean less scrutiny over their actions. Experience gives them better understanding of organisation’s internal controls that enables to successfully execute and conceal fraud.

Approximately42%ofoccupationalfraudstershadbetweenoneandfiveyearsoftenureattheirorganisations.Fewerthan6%ofperpetratorscommittedfraudwithinfirstyearonthejob.

Perc

ent

of C

ases

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%

50.00%

7. 4 % 5.7% 5.9%

40.5%

45.7%

41.5%

24.6%

Tenure

23.2%

27.2% 27.5%25.4% 25.3%

Less than 1 Year 1 to 5 Years 6 to 10 Years More than 10 Years

201220102008

13

Education LevelApproximately54%offraudperpetratorshadacollegedegreeorhigher.Highlyeducatedindividualshavegreaterlevelsofauthoritywithintheir employing organisations. Individuals with higher education might also possess better technical ability to engineer fraud- As reported by ACFE.

Perc

ent

of C

ases

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

Postgraduate Degree College Degree Some College High School Graduateor Less

14.0%

16.9%

34.4%

38.0%36.9%

Education Level

20.8%

17.1%

20.5%

33.9%

28.8%

25.3%

10.9%

201220102008

14

Departments involved77%ofallthecasesreportedtoACFEaccountedfrom5commondepartmentswhereperpetratorsworkedareaccounting,operations,sales, customer service and purchasing.

Depa

rtm

ent

Human Resources

Marketing/Public Relations

Research and Development

Board of Directors

Information Technology

Manufacturing and Production

Legal

Internal Audit

Finance

Purchasing

Warehousing/Inventory

Sales

Customer Service

Accounting

Operations

Executive/Upper Management

0.2%

0.00% 5.00% 10.00% 15.00% 20.00% 25.00%

0.5%

0.8%

2.0%

1.3%

1.4%

1.7%

2.8%

0.6%

0.6%

0.7%

1.1%

1.2%

1.4%

1.9%

2.0%

6.2%4.2%

4.2%

4.7%3.7%

7.2%

5.7%

6.9%

Percent of Cases

12.8%

11.9%13.5%

13.5%

18.0%17.4%

22.0%22.0%

20122010

Behavioural Red FlagsAccording to the ACFE, overwhelming majority of frauds against organisations is committed by insiders.

• Behaviour:Most occupational fraudsters’ crimes aremotivated by financial pressure. In addition,while committing a fraud, anindividualwillfrequentlydisplaycertainbehaviouraltraitsassociatedwithstressorfearofbeingcaught.Thesebehaviouralredflagscan often be a warning sign that a fraud is being committed

• Position: Position of a perpetrator gives an insight into varying motivations and pressures that affect fraudsters at different levels. Owner/executivesaremuchmorelikelythanemployeesormanagersexperiencepressuretoperformintheorganisation.Employees,conversely,arerelativelyunlikelytoexhibittheseredflagsbutaremuchmorelikelythanexecutivestobemotivatedbyfinancialdifficulties

• Fraud Type: Fraud committed by perpetrator engaged in corruption exhibits unusually close linkswith vendor/customer.Theseperpetratorswouldlivefrequentlybeyondtheirmeansanddisplayseriouscontrolissuesorunwillingnesstoshareprofessionalduties.Perpetratorsengagedinfinancialstatementfacepressurefromorganisations,butarelesslikelytolivebeyondmeans/experiencefinancialdifficulties.

15

POSITIONPERIOD

FRAUD TYPE

CorruptionManager Asset Mis-appropriation

FinancialStatementFraud

Owner/Executive

BehaviouralRed Flags

Living BeyondMeans

FinancialDifficulties

Unusually CloseAssociation on with Vendar/Customer

Control Issues,Unwilling ness toShare Duties

Divorce/ FamilyProblems

Wheeler- DealerAttitude

Irritability,Suspiciousnessor Defensiveness

AddictionProblem

PastEmployment-RelatedProblems

ComplainedAboutInadequate Pay

Refusal to takeVacations

ExcessivePressure fromOrganisation

Past LegalProblems

ComplainedAbout Lack ofAuthority

Family/PeerPressure forSuccess

Life InstabilityCircumstances

23.00%

21.70%

24.30%

13.20%

26.00%

14.00%

7.20%

6.00%

3.40%

12.80%

7.70%

3.80%

4.30%

3.00%

7.70%

39.60%

Employee

5.20%

8.30%

10.50%

8.10%

9.70%

9.00%

5.40%

4.50%

4.70%

4.50%

6.50%

32.70%

30.50%

11.90%

11.20%

17.10%

9.20%

7.70%

7.70%

7.00%

5.60%

5.60%

4.00%

4.80%

4.40%

38.10%

29.20%

17.50%

18.30%

15.90%

14.20%

12.80%

19.00%

18.10%

33.30%

21.90%

22.90%

22.90%

11.40%

4.80%

9.50%

6.70%

4.80%

20.00%

7.60%

5.70%

3.80%

4.80%

2012

14.80%

5.30%

4.80%

4.70%

4.10%

35.60%

27.10%

19.20%

18.20%

14.80%

12.60%

8.40%

8.10%

7.90%

6.50%

6.50%

39.10%

21.40%

40.60%

24.00%

12.70%

23.10%

15.10%

6.80%

7.10%

9.90%

6.70%

9.50%

6.70%

6.90%

6.00%

2.80%

37.20%

25.00%

27.20%

23.40%

15.00%

16.90%

13.20%

9.60%

7.00%

8.00%

9.20%

6.00%

4.80%

6.00%

6.40%

2.60%

Figures reported by ACFE represent multiple Behavioural Red Flags displayed by Perpetrators:

16

Organisations are expected to assess and evaluate controls that prevent and detect fraud. Assessment leads to the determination of a fraud prone area and those systems or sub-systems that enable fraud. Fraud enablers cross cut the fraud landscape and are used to defraud victims of all types. The reasons of enabling fraud in Indian context are discussed as below:

• Social and Economic Inequality: Social and economic inequality is on the rise; income, wealth and power is shifted towards the higher ranking groups in society which result in easy blockage to access money, careers and positions among the lower ranks. The lower ranks are more susceptible to rewards. They co-operate in illegal behaviour as people are less willing to blow the whistle on illegal behaviour at the top. This might particularly result from the fact, that the middle and lower ranks in organisations are easily integrated into corruption schemes

• Senior Management overrides: Management is primarily responsible for design, implementation and maintenance of internal controls. When the opportunity to override internal controls is combined with powerful incentives to meet accounting objectives, senior management may engageinfraudulentfinancialreporting.Thus,otherwise effective internal controls cannot be relied upon to prevent, detect, or deter fraudulent financial reporting perpetrated by senior management

• Family oriented Business:According to a journal published by the Confederation of Indian Industry and Family Business Network, in Indiaanestimated95%ofall thebusinesses arefamilyowned.Outofthe30companiesthatcomprise the benchmark Sensex, 11 companies are family run and account for about 30% of the totalmarket value of the Sensex. Indian business families currently face challenges

that include forming a family council, attracting independent directors, opening up to private equity investments and fraud risk management

• Lifestyle Fraud:Onceaperpetratormeetstheirfinancial needs, they usually continue to steal, using embezzled funds to improve their lifestyle. Lifestyle fraud (embezzlement) is committed by perpetrators in order to live above their means or deal with an addiction and is often committed by trusted employees, whichmakesdetectingitallthemoredifficult

• Management Style: A dictatorial management style, in a company or a department, may encourage people who believe them to have been harshly treated to strike back. Equally, unrestrained empowerment leads to increased incidence of fraud

• Rewards and Incentive: Incentives that align with CEO’s interests with those of shareholders create pressures whichareinoftenconflictwiththeshareholdersinterest. Executives are not primarily motivated by pay, but rather by the intrinsic satisfaction of successful performance

• Executive Behaviour: Compensation schemes along-with misalignment of long-term interest and short-term focus have a truly negative effect by encouraging fraudulent behaviour. Under perverse incentive plans, executives’ dominant strategy is to commit fraud regardless of whether they belong to a “bad” or “good” firm. CEOs are more likely to manipulate corporate earnings when they have more out-of-the-money options and/or lower stock ownership. Executives who hold a larger proportion of their compensation in stock options are more likely to exploit their accounting discretion and manage earnings to meet their performance goals

THE INDIAN CONTEXT

The Indian business environment is very unique, providing tremendous opportunities to perpetrate a fraud. Fraud in India, many a times occur owing to fundamentally different reasons such as rising distance between the top, middle and bottom level, inadequate investment in the internal controls, compliance based tick-box approach to meet regulatory requirements, inadequate awareness to blow the whistle, family orientation and style of management, and socio-economic lifestyles…..

17

FraudRiskManagementrequirestheimplementationofanumberofkeycontrolstrategieswhichcontributetoaneffectivefraudcontrolframework. These strategies are interdependent and subject to a cyclic process of review and enhancement.

Instituteof InternalAuditors (IIA),American InstituteofcertifiedPublic Accountants (AICPA) and ACFE put forth a comprehensive guide,whichdefineskeyprinciplesofFraudRiskManagement.

• Principle 1: As part of an organisation’s governance structure, a fraud risk management programme should be in place, including a written policy to convey the expectations of the board of directors and senior management regarding managing fraud risk.

• Principle 2: Fraud risk exposure should be assessed periodically bytheorganisationto identifyspecificpotential schemesand events that organisations need to mitigate

ANTI FRAUD CONTROL FRAMEWORK

• Principle 3:Preventiontechniquestoavoidpotentialkeyfraud risk events should be established, where feasible, to mitigate possible impacts on organisation

• Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail/ unmitigated risks are realised

• Principle 5: A reporting process should be in place to solicit input on potential fraud and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely

18

Anti-Fraud Framework (Fraud Free):1) Policy Environment: A corporate strategy and action to combat corruption is carriedout within the framework of its policy on good governance. Corporate strategy calls for effective internal measures and safeguards mechanisms by

o Abiding to Law of Country

o Adhering to guidelines on Internal Procedures

2) Fraud Risk Scenario: Is the infrastructure to management that helps to strengthen their ability to evaluate, mitigate and monitor risks arising from fraud, corruption

and misconduct. It is a process that ensures adequate controls are in place for each fraud scenario as they

o Provide snapshot on fraud areas and corrupt conduct

o Identify threats to business objectives from fraud perspective

o Provide basis for developing effective Fraud Control Plan

o Identify and review effectiveness of Key Policies andGuidelines

o Increases employee awareness on fraud prevention and controls

An effective business integrity framework is the one which is comprehensive enough to address fundamental root causes of fraud, enables assessment of risk of fraud, enables detection using automated and digital mechanisms, educates and creates awareness on response plans. It focuses on prevention more than the detection and curing, based on the ideology “Prevention is better than the cure”…..

Discussed below is Haribhakti Business Integrity Civilisation Framework and good practices followed.

Haribhakti Business Integrity Civilisation FrameworkMost effective way to deal with the problem of fraud is to adopt methods that will decrease motive, restrict opportunity and limit the ability for potential fraudsters to rationalise their actions. In case of deliberate acts, aim is to reduce opportunity and remove temptation from potential offenders.

19

3) Ethical Business Conduct/Code of Conduct: Business ethics is a form of professional ethics that examines ethical principles and moral. It applies to all aspects of business conduct and is relevant to the conduct of individuals and entire organisations

o Business Ethics

o Employee Ethics

o Professional Ethics

4) Standard Operating Procedure (SOP) and Policy Framework: SOP provides a clear message against fraud and corruption to its employees and stakeholders. It sets a clear direction for maintaining an anti-fraud and corruption procedures

o Trial Run on approved SOP

o Training on SOP before implementation

o Conduct audit to ensure SOP is followed

5) Top Management Commitment towards Integrity Measures: Attitudes within organisation lay foundation for high or low fraud risk environment. Organisations with high ethical standards bring long term benefits as customers, suppliers, employees and community realise that they are dealing with a trustworthy organisation

o Assessment of current status

o Develop communication to infuse organisations value,vision and strategy

o Embed new practices into organisational culture

6) Fraud risk awareness and training: It is important to raise awareness through a formal education and training programme. Particular attention should be paid to those managers and staff operating in high risk areas. Fraud training module should broadly cover,

o Ethics Awareness and Education

o Fraud Education

o Ethics and Fraud Surveys and Workshops

7) Continuous Monitoring: Is the process and technology used to detect compliance and risk issues associated with anorganisation’sfinancialandoperationalenvironment

o Continuous Audit

o Continuous Controls Monitoring

o Continuous Transaction Inspection

8) Reporting mechanisms and Whistle-blowing: Many frauds are suspected by people who are not involved. Having a whistle-blower program is an important source of information

o Policy framework on reporting illegal or unethical practices

o Creationofconfidential24/7hotline

Fraud Risk Assessment1) Authority and Segregation of Duties (SoD) Matrix: SoD is the concept of having more than one employee required to complete a task. Separation by sharing of more than one individual in one single task shall prevent from fraud and error

o AdequatetrainingtomanageFraudrisk appropriately

o IT systems and access restriction to maintain SOD

2) IT Application Controls: These are specific activities performed by employees or systems designed to meet business objectives. IT control objectives relate to confidentiality, integrity and availability of data and overall IT management of enterprise. IT can actively reduce fraud by

o ContinuousAuditing/Monitoring

o Data Mining and Integrated Audits

3) Job Rotation: Job rotation is a control to detect errors and frauds. It reduces the risk of collusion between individuals

o Succession Planning

o CreatingRight-EmployeeJobfit

o Testing employees skill and competence

4) Control self-assessment of fraud risk: In order to manage fraud risk, organisations should identify areas and processes of business and then assess in terms of impact and likelihood

o Enterprise Risk Management Model

o IdentificationofInherentandResidualRisks

o LikelihoodandSignificanceHeatmap

5) Effectiveness of internal control: Although auditors are not primarily responsible for fraud prevention and detection, auditors should include methods for identifying potential cases of fraud when planning and conducting audit

o Internal auditors measure the effectiveness of internal control

o Internal auditors assess whether controls are properly designed, implemented and working effectively and make recommendations on how to improve internal control

6) Internal control systems: A well-structured Internal Control System supports corporate governance by systematically monitoring and enhancing efficiency and effectiveness of operational processes, financial reporting and compliance

o Controls testing to verify approval and authorisation of processes, access restrictions, transaction controls, account reconciliations and physical security

7) Vigilance & Antifraud: Vigilance and anti-fraud is an integral part of management function and an essential aspect of service involving monetary transactions

o Impact analysis on the effect of the fraud

o Evidence to support the case for a full investigation

o Action plan to protect the organisation from further damage

8) Fraud Risk Register: Fraud risk should be included in every risk register and reviewed regularly at board meetings. The resulting document is often referred to as a risk register.

o Assessment of the likelihood of the fraud occurring

o Determining Inherent and Residual Risk

20

o Assessmentoftheseriousness/consequenceofthe fraud

o Mitigating Actions, responsibility and timeline

9) Pattern and behaviour monitoring: Monitoring behaviour is the process of observing and recording information about employees. Behaviour differs from one employee to that of the other, as well as being different from a fraudster

o Design Behavioural plan by recording patterns in company data, people, places, systems and event to prevent fraud

o Develop real-time monitoring and reporting system

10) IT general Controls: In this control environment computer-based application systems are developed, maintained and operated. Objectives of general controls are to ensure proper governance around development and implementation of applications and the integrity of programmeanddatafilesaswellascomputeroperations

o Data security and physical controls

o Physical/logicalaccessandsecuritycontrols

o Backup/Recoverycontrols

o Network security, anti-virus and Firewall controls

11) Roles and Responsibilities: Each major entity in corporate governance has a role to play. All personnel should be responsible for communicating upward problems in operations, non-compliance with code of conduct or other policy violations or illegal actions on observation

o Organisational Structures

o Effective Board and Audit Committee Oversight

o Code of Conduct

12)Know Your Customer/Party (KYC/KYP): KYC/KYP refer to due diligence activities that financial institutions and other companies perform to ascertain relevant information from their clients for the purpose of doing business with them. Know Your Party are employed by companies of all sizes for the purpose of ensuring their proposed agents’, consultants’ or distributors’ anti-bribery compliance. KYC is important to prevent

o Customer and enhanced due-diligence

o Identificationofhigh-riskcustomers/parties

o EstablishingRiskprofile

Fraud Discovery and Investigation:1) Digital Forensics: Digital forensics encompasses the recovery and investigation of material found in digital devices, often in relation to computer crime

o Typical forensic process encompasses seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence

2) External and Internal Audit: Unlike external auditors who look only into financial risks and statements the role of internal audit is to provide independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively. The main issues to be addressed in this regard are as follows:-

o Anti-Fraud Control Effectiveness Assessment on periodic basis

o Suggest and implement control improvements on ongoing basis

o Implement other best Practices like GRC framework, Control Self-Assessment etc.

3) Investigation of Expenses: Expense report may represent risk exposure in certain organisations. On most cases, employees are assumed to be honest and trustworthy and reports go unexamined. Some of the internal controls that may be maintained as safeguards to prevent fraud are

o Develop travel reimbursement policy or guidelines

o Implement use of corporate charge cards

o Annually audit sample of employees expense reports

Approximately14.5%ofallassetmisappropriationsinvestigated involved expense reimbursement fraud- ACFE report

4)Management Review and Interview: Interview Top management to understand,

o If they review quality of their process at planned intervals to ensure its continuing suitability, adequacyandeffectiveness?

o Are opportunities for improvement and the need for changes to the system, including policy and objectives, reviewed during the review?

o Are records of management reviews maintained asqualityrecords?

5) Employee and Third party due diligence: Screening applicants reduces likelihood of people with history of dishonest/fraudulent behaviour being given role in company. Organisations should consider screening for executives, employees and supplemental workforce who have unrestricted access to work environment including facilities, IT systems and materials

o Duediligencequestionnaires

o Cross-checks against external data sources

o Training internal and supplemental work force on company expectations

o Investigations

6) Investigation of Revenue leakage: The objective of Revenue Assurance is to ensure that policies of the organisation are well implemented and that no or minimal revenue leakage is occurring

o Process assessment

o Analyse root cause for leakages

o Implement corrective action and Periodic review

7) Process Validation: Process Validation is defined as the collection and evaluation of data, from the process design stage throughout production/service, which establishes scientific evidence that a process is capable of consistently delivering quality products/service. Validations includes

o Design

o Assurance

o Installation

21

ImpactonHotlines:Organisationswithhotlineinplacesawlikelihoodofafraudwouldbedetectedbyatipat51%comparedto35%foran organisation without hotline -ACFE reported

Account Reconciliation

Document Examination

By Accident

Surveillance/Monitoring

Notified by Police

IT Controls

Confession

Management Review

Det

ecti

on M

etho

d

Impact of Hotlines

0.00%

Other

External Audit

Tip

Internal Audit

5.70%

1.00%

1.80%

3.70%

1.50%

5.80%

4.80%

1.00%

1.00%

1.30%

1.30%0.50%

1.70%

2.40%

2.80%11.30%

3.00%

4.50%

10.00%

16.50%

12.80%13.80%

16.30%

20.00% 30.00%

34.60%

40.00%

50.90%

50.00%

Organisations With Hotlines

Organisations Without Hotlines

60.00%

Percent of Cases

o Operational

o Performance

8) Predictive Data Modelling: The expertise and experience of domain experts is translated into formal rules for pre- screening data for fraud or the possibility of reduced loss. The fraud detection analyses and systems based on data mining and predictive modelling techniques serve as the method for improving the fraud detection system

o Automated scoring models using sophisticated rules and complex data mining

9) Data analytics: Is the process of taking existing disparate sets of data that organisations routinely collect in normal course and extract additional value by making a series of comparisons, summaries and aggregations to detect anomalies that indicate fraud or other misconduct

o Data driven segmentation

o Strategic data and Evaluation

22

•Cultural issues •Absence of an anti-fraud policy and culture •Failure of management to implement internal control •Management issues •Lackoffinancialmanagementexpertiseandprofessionalisminkeyaccountingprinciples •Historyoflegal/regulatoryviolationwithinorganisation/claimsallegingsuchviolation •Strainedrelationshipinorganisationbetweenmanagementandinternal/externalauditor •Employee issues •Inadequaterecruitmentprocessesandabsenceofscreening •Potential or actual labour force reductions or redundancies •Poor management accountability and reporting systems •Poor physical security of assets •Lackofand/orinadequacyofinternalcontrols

•Management compensation dependent on meeting aggressive performance targets •Significantpressuresonmanagementtoobtainadditionalfinance •Extensiveuseoftaxhavenswithoutclearbusinessjustification •Useofcomplexfinancialproducts •Rapidchangesinprofitability

•Theintroductionofnewaccountingorotherregulatoryrequirements •Highlycompetitivemarketconditionsanddecreasingprofitabilitylevels •The organisation operating in a declining business sector •Rapid technology changes •Significantchangesincustomerdemand

•Unauthorised access to systems by employees or external attackers •The wealth of malicious codes and tools available to attackers •Rapid changes in information technology •Breaches in data security and privacy •Sensitive data being stolen leaked or lost

Business Risk

Financial Risk

Environmental Risk

IT & Data Risk

Uncovering the PerpetratorInitial detection of a fraud is often the most crucial moment in fraud examination process. Decisions must be made quickly tosecure evidence, mitigate losses and execute best investigation strategy. The method by which a fraud is uncovered can open or close several options for an organisation.

Fraudpreventiontechniqueswillnotstopallpotentialperpetrators.Organisations should ensure that systems are in place that will

highlight occurrences of fraud in a timely manner. A fraud detection strategy should involve use of analytical and other procedures to highlight anomalies.

Internal auditors are found to be most successful in identifying serious frauds. Risk management procedures are also found to be a useful method.

Some examples of organisational indicators to detect fraud risk as mentionedbelow.These indicatorsareclassifiedasbusinessrisk,financialrisk,environmentalriskandITanddatarisk.

23

The Revival StrategyOrganisationsshoulddocumentaplanforrespondingtosuspected/detectedcases.Fraudresponseplanshouldemphasisoncorporatepolicywithregardtodealingwithfraudandsetroles&responsibilitiesofthoseinvolvedinrespondingtosuspicion.Itshouldoutlinehowinvestigation should be handled, ensuring due process is followed and integrity of evidence maintained. Possible actions should include one or more of the following:

An Ongoing ValidationEffective fraud risk management approach provides an organisation with tools to help manage risk in a manner consistent with regulatory requirementsaswellastheentity’sbusinessneedsandmarketplaceexpectations.Asdescribedbelow,developingsuchanapproachcanbe achieved in key phases:

INTERNALCONTROL/BUSINESSPROCESS REMEDIATION

•ENHANCEINTERNAL CONTROLS TO REDUCE THE RISK OF SIMILAR FRAUDSGOINGUNDETECTED IN THE FUTURE

•ORGANISATIONTO RE-ENGINEERITSBUSINESS PROCESSES COST- EFFECTIVELY TO REDUCE OR REMOVE THE OPPORTUNITY FOR SIMILAR FRAUDS IN THE FUTURE

INVESTIGATIONANDDISCIPLINARY ACTION

•CONDUCTAROOT CAUSE ANALYSIS AND PERFORM AN EXTENDED INVESTIGATIONTOIDENTIFY SIMILAR MISCONDUCT IN ORGANISATION

•INTERNALDISCIPLINARY ACTION TO INCLUDE TERMINATION, SUSPENSION (WITH OR WITHOUT PAY), DEMOTIONORWARNINGS

CRIMINALAND/ORCIVILACTION

•LAWENFORCEMENTHAS ACCESS TO ADDITIONAL INFORMATION AND RESOURCES

•REFERRALSFORCRIMINAL PROSECUTION MAY INCREASE THE DETERRENT EFFECT

•ALSOCIVILACTION CANBEPURSUEDAGAINST PERPETRATORS TO RECOVER FUNDS

INSURANCE

•THEORGANIZATION MAY BE ABLE TO PURSUE AN INSURANCE CLAIM FOR SOME OR ALL OF ITS LOSSES

ASSESSMENT OF RISKS

•ASSESSINGNEEDSOFORGANISATIONBASEDONTHE NATURE OF FRAUD AND MISCONDUCTS THAT RISKCONTROLSAREINTENDEDTOMITIGATEANDTHEADEQUACYOFEXISTINGCONTROLS

DESIGN

•DEVELOPINGCONTROLSTOPREVENT,DETECT,AND RESPOND TO IDENTIFIED RISKS IN A MANNER CONSISTENTWITHLEGALANDREGULATORYCRITERIAANDOTHERLEADINGPRACTICES

EVALUATION

•EVALUATINGTHEDESIGNANDOPERATINGEFFECTIVENESSOFCONTROLSTHROUGHCONTROL SELF-ASSESSMENT, SUBSTANTIVE TESTING,ROUTINEMONITORINGANDSEPARATEEVALUATIONS

IMPLEMENTATION

•DEPLOYINGAPROCESSTOIMPLEMENTNEWCONTROLSANDASSIGNINGRESPONSIBILITYTO INDIVIDUALS WITH REQUISITE LEVEL OF AUTHORITY, OBJECTIVITY AND RESOURCES TO SUPPORT PROCESS

24

LAWS TO CURB CORPORATE FRAUDS

Fraud and Corruption is not dealt with a single regulation and it is the combination of the following laws that are exercised to act against cases relating to fraud, bribery and corruption.

Indian Penal Code •FraudulentactivitiesarecoveredbytheIndianPenal.TheexpressionfraudoccursinSections169,171,206,207,208,210,239,

240,242,243,246,247,250,252,253,261,262,263,415,421to424,471,474,477,482,487and488

The Prevention of Corruption Act 1988 •This law is enacted by Parliament to combat corruption and bribery among public servants. Under this Act public servant or a

person expecting to be a public servant, who accepts or obtains or agrees or attempts to obtain from any person any recompense asamotiveorrewardfordoingorforbearingtodoanyofficialact,orforshowingfavourordisfavour,isguiltyofthecrimeoftaking a bribe

Public service rules •Prescribesacodeofconducttobeobservedbypublicservantsandoutlinetherulespertainingto,amongotherthings,accepting

gifts and hospitality

PreventionofBriberyofForeignPublicOfficialsandOfficialsofPublicInternationalOrganisationsBill •Newsectionsof2011billcriminalisesacceptance/solicitationofbribesbyFPOs&OPIOsandcriminaliseoffers/promisestogive

bribes to FPOs and OPIOs for obtaining or retaining business

PublicInterestDisclosureandProtectiontoPersonsMakingtheDisclosuresBill2010 •TheBillaimstosetuparegularmechanismtoencouragepersonstodiscloseinformationoncorruptionorwilfulmisuseofpower

bypublicservants,includingministers.Italsoaimsatprovidingadequateprotectiontopersonsreportingcorruptionorwilfulmisuse of discretion that causes demonstrable loss to the government or commission of a criminal offence

CompaniesBill2012 •SeriousFraudInvestigationOffice(SFIO)bytheCentralGovernmentandClause212empowersCentralGovernmenttoassignthe

investigation into the affairs of the said company to the SFIO

Data Privacy laws •Topreventuseorgatheringofpersonalinformationwithouttheknowledgeoftheconcernedpersonsandtoprotectpersonal

information,financialinformationsuchasbankaccounts,creditordebitcardsorotherpaymentinstrumentdetails

The Competition Act •Anti-competitiveagreements,abuseofdominantpositionandregulationrelatingtocombination

IndianContractAct,1872 •FrauddefinedunderIndianContarctAct,1872meansandincludeanyofthefollowingactscommittedbyapartytoacontract,

or with his connivance, or by his agents, with intent to deceive another party thereto his agent, or to induce him to enter into a contract

Clause49 •Clause49hasmadechangesindefinitionofindependentdirectors,strengtheningtheresponsibilitiesofauditcommittees,

improvingqualityoffinancialdisclosures,requiringBoardstoadoptformalcodeofconduct,requiringCEO/CFOcertificationoffinancialstatementsandforimprovingdisclosurestoshareholders

25

AFTERMATH OF FRAUD

Legal proceedings and loss recovery efforts are initiated on the aftermath of a fraud. The victim organisation refers the case to law enforcement authorities for criminal prosecution.

Victim organisations also may not refer all cases to law enforcement due to any of following reasons.

• LackofEvidence

• LegalPenalties

• PrivateSettlement

• InternalDisciplineSufficient

• ReputationRisk

• PerpetratorDisappeared

AspertheACFEreport49%ofvictimshadnotrecoveredanylosses.40% and 50% of victim organisations do not recover any of theirfraudlosses.Incontrast,lessthan16%ofvictimshadmadeafullrecovery through restitution, insurance claims or other means.

26

CONCLUSION

A proactive approach to managing fraud risk is one of the best steps organisations can take to mitigate exposure to fraudulent activities. Although complete elimination of all fraud risk is most likely unachievable or uneconomical, organisations can take positive and constructive steps to reduce their exposure. The combination of effective fraud risk governance, a thorough fraud risk assessment, strongfraudpreventionanddetection(includingspecificanti-fraudcontrol processes), as well as coordinated and timely investigations andcorrectiveactions,cansignificantlymitigatefraudrisks.

As per the study conducted by ACFE, they indentified lack ofinternal controls as a serious lapse with victim organisation. More than 80% of victim organisations used external audits of financial statements as common control which resulted in only 3% of frauds being reported and only two-thirds of victims had independent audits of their internal controls over financial reporting.

An outright lack of controls factor was noted as the primary weaknessinmorethan35%ofcasessurveyed.In19%ofthecases,the perpetrator overrode existing controls to carry out his or her scheme and a similar number of respondents had stated that lack of management’s review was the key control weakness that contributed to the fraud. An inadequate or inappropriate level of ‘Tone at the Top’ contributed to 9% of all the fraud cases reported.

A major reason why people commit fraud is because they are allowed to do so. There is wide range of threats facing businesses. The threat of fraud can come from inside or outside the organisation, but the likelihood that a fraud will be committed is greatly decreased if the potential fraudster believes that the rewards will be modest, that they will be detected or that the potential punishment will be relatively severe.

The main way of achieving this must be to establish a comprehensive system of control which aims to prevent fraud and where fraud is not prevented, increases the likelihood of detection and increases the cost to the fraudster.

A proactive approach which is business contextual and risk based and which deploys contemporary automated

detective mechanisms and which is oriented to educating people and creating awareness on anti-fraud measures help

in creating fraud free organisational environment…….

27

OUR SKILLS

Defending Your BusinessDiscovering a fraud can be a particularly unnerving event for those who have not previously faced such a challenge. The receipt of a whistleblowingletter,thediscoveryofanaccounting‘blackhole’ortwosetsofconflictingfinancialstatementscancauseanger,anxietyand frustration. Fortunately, expert help is a phone call away to discuss how our team can help resolve the problem.

Exceptional ExperienceOur team are well versed in undertaking large complex investigations where lateral thinking, the ability to quickly establish rapport,confidentiality, enthusiasm, technical ability and intuition arecrucial in bringing about well reasoned and strong conclusions from the investigation.

Physical Security InvestigationsOur team excels at uncovering and developing facts, including evidencefromdocumentverificationandcrimesceneinvestigationslikefinger-print&DNAanalysis.Wecandiscretelyhelpkeepyourbusiness safe from real-world threats that your adversaries and unscrupulous entities will exploit.

• Physicalsecurityassessmentsfornew/existingventures

• Backgroundchecksforindividualsandcompanies

• Corporateintelligencecounter-measures,suchasbug- sweeping

• Firesafetyassessment,traininganddrills

• Documentscrutinyandverification

• DNAprofilingandfinger-printanalysis

• Audio&videoauthentication

• Physicalsecuritytraining

Financial InvestigationsPractically in every fraud, there is money lost; where money’s lost, there’s a money trail. You need experts who understand the intricacies and loopholes of accounting, payments, kick-backs and financial regulation and compliance issues. We bring specialised

expertise in collection, analysis and verification of financialrecords,quantifying your losses, seekingdamages andultimatelysaved resources.

• Financialfraudaudits

• Damagequantification

• Litigationsupport

• Embezzlementinvestigations

• Forensicaccounting/monitoring

• Financialfraudtraining

Digital InvestigationsYou rely on IT systems for almost every facet of your business. They are critical target for internal fraudsters and external attackers. Since every investigation involves electronic data, you need a team that is adept at protecting IT assets and securing digital evidence during an incident. We have the most technically skilled and experienced teams in industry for safe-guarding your digital information.

• Electronicevidencepreservationandcertification

• E-mail/hacking/data-theftforensicinvestigations

• Ethicalhackingsimulations(Fornetworkand web-applications)

• Softwaresecurityassessments

• Securecommunicationsystems

• Digitalsecuritytraining

Call us if you need help with: • Generatingafraudresponseplan

• Preparinganddeliveringfraudawarenessworkshops

• Dealingwithawhistleblowerletter

• Chattingthroughanissueincompleteconfidence

• Investigationofafraud

• DisputeResolutionandInvestigation

• Anyfraud-relatedissues

28

Serious Fraud Investigation Office (SFIO) is a multi-disciplinaryInvestigatingAgencyofGovernmentofIndia,whereinexpertsfromthefieldsofBanking,CapitalMarket,CompanyLaw,Law,ForensicAudit, Taxation, Information Technology etc. work together to unravel a corporate fraud.

During the course of investigation by SFIO over the years, different types of frauds/fraudulent activities have been unearthed. Somemajor types of frauds are discussed below.

Project Financing: • An Indian company imported second-hand plant and

machinery from its parent company at a very high price. This over-valued plant and machinery was used to obtain higher term loans from funding institutions. The loan amount thus obtained was transferred to parent company as payment liability against such plant and machinery. The Indian company received multiple invoices for submission to separate Government agencies for majority of its machinery. The company under investigation also procured major parts of its raw material requirement at highly over inflated price from its overseas parent company which resulted in siphoning of working capital funds borrowed from banks

Frauds during operation:

• An Indian company raised bills showing trading of diamonds among its various group companies in a circular manner viz company “A” to “B”, “B” to “C” and “C” back to “A”. In this process, no goods were transferred and only sale and purchase bills were raised. Bills were discounted with banks and company received huge amount of money as advance from banks against such bills. Initially the company complied in repayment as specified in the discounted bills. After sometime, payment was stopped and main promoter of the company whowas controlling all the affairs fled the country and the company stopped functioning resulting into huge amount of bank funds becoming NPA

• In another case, huge payments were shown to have been made to petty suppliers of steel items or to group companies during the period of construction of project

by recording of supply of materials made. All these supplies were reflected in the books of account as work-in-progress, which was not verifiable, and these petty suppliers were found either nonexistent or not traceable. Group companies were also found to be either wound-up or non-operational with no director of those companies being traceable. Funds transferred to these entities showing supply of material found cash rotation through certain accounts or showing payments fornon-verifiableexpenses

Falsification of Financial Statements:

• By following two accounting years, a company was showing losses or very nominal profit in Profit & Loss account filed to Income tax department.However, huge profitwasshownintheProfit&Lossaccountsfiledwith stock exchanges, ROC etc. Different amount of profits in two sets of Profit & LossAccount for the same year was shownby resorting to valuation of stock at inflated value in the Profit & Loss Account that was filed with ROC, Stock exchanges following the accounting year otherthanfinancialyear.Saleshavingheavyprofitmargin were recorded in those months, which were included in the accounting year, followed for preparing the Profit& LossAccountfiledwithROC.

Fraud through Capital Market:

• A company adopted a dubious method of creating equity capital by mere circulation of cheques through bank accounts of its associate companies without having any funds inaccounts. In fact, therewasnoactualflow of funds to the accounts of the company. Whatever moneywasshowntohavecomein,equivalentamount ofchequeswere issued in favourofthecompanies from whom cheques were received mostly on the same or couple of days. The mere debit and credit entries in the bank accounts were utilised for creating equity capital. This company also adopted different accounting methods/systems for the purposes of Company Law and Income Tax law to project a misleading picture to public while avoiding payment of tax to Income Tax department.

INVESTIGATION OF INDIA CORPORATE FRAUDS BY SFIO

29

Case Study 1: • We were appointed by one of the leading banks to

conduct fraud investigation on a pharmaceutical company who were into both bulk and formulation of drug manufacturing. Bankers along with other consortium bankers had sanctioned and released working capital loanandtermloantothetuneofRs.200Crorestothis Pharma company. On investigation we reported non- adherence to SOP resulting in inflated margins, errors committed in computing drawing power and overstated working capital by Rs. 16 Crores. Inconsistency were reported in raw material inputs and production outputs. Substandard raw materials and intermediate products were obtained at a premium. Sales and inventory details were inflated by falsifying books of account and misrepresenting facts. Due Diligence on customers and suppliers revealed that godowns of suppliers and customers never existed and the transactions were stopped.Atoffice/godownaddressesoffewsuppliersand customers, we found existence of other suppliers and customers

Case Study 2: • FraudriskreviewonprocurementtopaycycleofaFMCG

company was investigated and it was observed that duplicate/double payments were made due to improper authority structure and actual/routine payments were approved through emergency payments and supporting documents for such transactions were not verified prior to making payments. Purchase orders were generated after receipt of invoices. The company also did not have a documented procurement to pay process.

Case Study 3: • A German-based manufacturing company into

manufacturing and suppliers of printing consumables like printing rollers, dust removal chemicals, etc. was investigated. Inventory rigging, unauthorised discounts to customers and inflated sales figures to obtain bigger performance incentive by creating fake customers’ accounts and non-existence of a warehouse and transactions thereof were reported. Unauthorised withdrawal of cash by the country manager was siphoned for his personal benefit byway of salary and allowance which were not in accordance with his terms of contract. The country manager also owned warehouses and the rent charged to the company was twice than that of the prevailing market rate. Stock books did not tally with the physical stock in warehouses

Case Study 4: • AuditCommitteeofalargepublicsectorbankappointed

the firm to conduct investigation of a case which apparently had staff accountability aspects. The branch head collided with the customer and conducted fraudulent activities and sanctioned current account facility by granting Demand Draft purchase facility. The total of unpaid DDs came up to Rs. 1.15 Crores.Assets created out of diverted and siphoned money was to the extentof50-60%,andbalancewasdivertedforpurchase of business assets such as machinery and inventory.

CASE STUDIES-HARIBHAKTI INDIA

CONTACT US

Registered Office:42,FreePressHouse, 215,NarimanPoint,Mumbai-400021. Tel:+91(22)61326999Fax:+91(22)22856237 Website: www.bdoindia.co.in

Ahmedabad 703,VenusAtlantis,100FtRoad,CorporateRoad PrahladNagar,Ahmedabad-380015. Tel:+91(79)40320441/40320442

Bengaluru (Bangalore) No.45,1stFloor,2ndMain,SankeyRoad, (Above Indian Bank) Lower Palace Orchards, Bengaluru-560003. Tel:+91(80)64542545/64542546

Chennai (Madras) 5B,ABlock,5thFloor,MenaKampalaArcade, NewNo18&20,OldNo113/114,TheyagarayaRoad, T.Nagar,Chennai–600017. Tel:+91(44)42132024/45544143 Fax:+91(44)43546876

Coimbatore ShreeShanmugappriya,2ndFloor,454,PonnaiyanStreet,CrosscutRoad,Gandhipuram, Coimbatore–641012. Tel:+91(422)2237793/2238793 Fax:+91(422)2233793

Disclaimer: This publication has been carefully prepared, but it has been written in general terms and should be seen as broad guidance only. The publication cannot be relied upontocoverspecificsituationsandyoushouldnotact,orrefrainfromacting,upontheinformationcontainedthereinwithoutobtainingspecificprofessionaladvice.PleasecontactHaribhakti&Co,CharteredAccountants,todiscussthesemattersinthecontextofyourparticularcircumstances.Haribhakti&Co,CharteredAccountants,itspartners,employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this publication or for any decision based on it.

Hyderabad RajaPushpaHouse,3rdfloor,PlotNo-34,SiliconValley, Madhapur,Hyderabad–500081. Tel:+91(40)42007771/0Fax:+91(40)42007772

Jaipur ManishMansion,PlotNo.247,1stFloorFrontierColony, Near Punjab National Bank, Adarsh Nagar, RajaPark,Jaipur-302004. Tel:+91(141)2604743

Kolkata (Calcutta) UshaKiranBuilding,FlatNo.4A,4thFloor, 12A,CamacStreet,Kolkata–700017. Tel:+91(33)32016298

Mumbai (Bombay) 701 Leela, Business Park, Andheri-Kurla Road, Andheri(E),Mumbai-400059. Tel:+91(22)66729999Fax:+91(22)66729777

New Delhi 3rdFloor,52-B,OkhlaIndustrialEstate, NewDelhi-110020. Tel:+91(11)47119999Fax:+91(11)47119998

Pune C-10,GodrejEternia,OldMumbai-PuneHighway, Wakdewadi,Pune-411005. Tel:+91(020)67299500/501Fax:+91(020)67299555

OUR TEAM

Saket Mehra Partner, Risk and Advisory Services Direct:+911147119966 Direct:+919899008822 Email: [email protected]

Vishal Shah Partner, Risk and Advisory Services Direct:+912266729805 Mobile:+919833943303 Email: [email protected]

Bhupendra Bangari ChiefOperatingOfficer&National Head-Risk and Advisory Services Direct:+912266729605Mobile:+919833334778 Email: [email protected]

Sunil Birla Partner, Risk and Advisory Services Direct:+918064542545 Mobile:+919820505922 Email: [email protected]

Kartik B. Radia Partner and Head-Western Region,Risk and Advisory Services Direct:+912266729786 Mobile:+919833589919 Email: [email protected]

S. Sundararaman Partner, Risk and Advisory Services Direct:+914445544143 Mobile:+919790928047 Email: [email protected]

DEMYSTIFYING THE FRAUD RISK TO BUSINESSES …dhc.co.in/uploadedfile/1/2/-1/Demystifying the Fraud...

Documents

Transcript of DEMYSTIFYING THE FRAUD RISK TO BUSINESSES …dhc.co.in/uploadedfile/1/2/-1/Demystifying the Fraud...