Risk Management
-
Upload
ron-steinkamp -
Category
Documents
-
view
10 -
download
0
Transcript of Risk Management
![Page 1: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/1.jpg)
Fraud Risk Management
Ron Steinkamp, CPA, CIA, CFE, CRMA, [email protected]
6 CityPlace Drive, Suite 900 │ St. Louis, Missouri 63141 │ 314.983.1200 1.888.279.2792 │ www.bswllc.com
![Page 2: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/2.jpg)
Discussion Topics
© 2014 All Rights Reserved Brown Smith Wallace LLC
What is Fraud
ACFE Fraud Study
Fraud Risks/Schemes
How to Identify & Assess Fraud Risks
Fraud Mitigation
Fraud Self Assessment
![Page 3: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/3.jpg)
START HERE
What is Occupational Fraud?
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 4: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/4.jpg)
The use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets.
Three general categories:
Asset misappropriation
Corruption
Financial statement fraud
Definition
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 5: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/5.jpg)
Employee steals or misuses an organization’s assets/resources.
- Examples:• Skimming cash receipts.• Falsifying voids and refunds.• Tampering with company checks.• Overstating expenses.• Creating a ghost employee.• Creating a fictitious vendor and false invoice.
Asset Misappropriation
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 6: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/6.jpg)
Employee’s use of his/her influence in business transactions in a way that violates his/her duty to the employer for the purpose of obtaining benefit for him/herself or someone else.
- Examples:• Conflicts of interest.• Illegal gratuities.• Bribery.
Corruption
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 7: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/7.jpg)
Intentional misstatement or omission of material information in the organization’s financial reports with the intent to mislead.
- Examples:• Inflating revenues on the financials to show greater profit.• Concealing liabilities.• Forcing actual expenditures to match budget by moving
expenses between accounts.• Improperly accounting for revenues and expenditures.
Financial Statement Fraud
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 8: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/8.jpg)
2014 ACFE Global Fraud StudyReport to the Nations on Occupational
Fraud and Abuse
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 9: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/9.jpg)
Summary of Findings
© 2014 All Rights Reserved Brown Smith Wallace LLC
1. Typical organization loses 5% of annual revenue to fraud – applied to 2013 Gross
World Product translates to potential fraud loss of more than $3.7 trillion annually.
2. Median loss in the study was $145,000 with more than 22% of the cases involving
losses over $1 million.
3. Fraud lasted a median of 18 months.
4. Asset misappropriation schemes (fraudulent disbursements, theft of cash receipts,
other asset misappropriations) were the most common form of fraud, representing
85% of the cases and least costly at a median loss of $130,000.
5. Financial statement fraud schemes were the least common form of fraud,
representing 9% of the cases and most costly at a median loss at $1 million.
![Page 10: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/10.jpg)
Summary of Findings
© 2014 All Rights Reserved Brown Smith Wallace LLC
6. Corruption schemes fell in the middle, comprising just over 37% of cases and
causing a median loss of $200,000.
7. Occupational frauds are most likely to be detected by tips (40%) followed by
management review (15%) and Internal Audit (14%).
8. Small organizations are disproportionately victimized by occupational fraud.
9. Government/public administration was one of the most commonly
victimized industries.
10. Anti-fraud controls appear to help reduce the cost and duration of occupational
fraud schemes.
11. High-level perpetrators cause the greatest damage to their organizations.
![Page 11: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/11.jpg)
Summary of Findings
© 2014 All Rights Reserved Brown Smith Wallace LLC
12. 77% of frauds were committed by individuals in one of six departments:• Accounting• Operations• Sales• Executive/upper management• Customer service• Purchasing• Finance
13. More than 85% of fraudsters had never been previously charged or convicted for
a fraud-related offense.
14. Fraud perpetrators often display warning signs – most common behavioral red
flag reported in the survey were perpetrators living beyond their means (36%)
and experiencing financial difficulty (27%).
15. Nearly half of victim organizations do not recover any losses that they suffer due
to fraud.
![Page 12: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/12.jpg)
How are Frauds Detected?
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 13: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/13.jpg)
Source of Tips
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 14: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/14.jpg)
Conclusions and Recommendations
© 2014 All Rights Reserved Brown Smith Wallace LLC
• Occupational fraud is a universal problem – trends in fraud schemes, perpetrator characteristics and anti-fraud controls are similar regardless of where the fraud occurred.
• The longer frauds last, the more financial damage they cause. Proactive detection methods – hotlines, management review procedures, internal audits, employee monitoring mechanisms – are vital in catching frauds early and limiting losses.
• Small businesses/organizations are disproportionately victimized by fraud and under protected by anti-fraud controls.
• External financial audits are among the least effective controls in combating fraud – primary detection method of fraud in 3% of cases versus 7% of cases detected by accident.
• Many of the most effective anti-fraud controls are being overlooked – data monitoring and analysis, surprise audits, fraud risk assessment.
• Majority of fraudsters are first-time offenders – don’t over rely on background checks.
![Page 15: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/15.jpg)
Red Flags
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 16: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/16.jpg)
The Fraud Triangle
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 17: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/17.jpg)
Pressure “Red Flags”
© 2014 All Rights Reserved Brown Smith Wallace LLC
• High personal debts.
• Living beyond their means.
• Excessive investment speculation.
• Excessive gambling.
• Substance abuse.
• Extra-marital affairs.
• Job frustration.
• Resentment of superiors.
![Page 18: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/18.jpg)
Opportunity “Red Flags”
© 2014 All Rights Reserved Brown Smith Wallace LLC
• Inadequate internal controls.
• Too “cozy” with suppliers.
• Annual vacation or sick days not taken.
• Weak management or excessive turnover.
• Ineffective or no internal audit.
• No rotation of job duties among employees.
• Procedures not well understood/always in crisis mode.
• Large amounts of cash on hand or processed.
![Page 19: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/19.jpg)
Rationalization “Red Flags”
© 2014 All Rights Reserved Brown Smith Wallace LLC
• Not compensated fairly.
• No recent raises/cost of living adjustments.
• Everyone else does it.
• Intended to pay it back.
• Needed the money.
• Felt cheated and wanted revenge.
• Bribe/kickback to tempting.
![Page 20: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/20.jpg)
7 Keys
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 21: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/21.jpg)
Client Logo© 2014 All Rights Reserved Brown Smith Wallace LLC
Anti-Fraud Culture
Fraud Policy
Fraud Awareness/Training
HotlineAssess Fraud Risks
Review/Investigation
Improved Controls
![Page 22: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/22.jpg)
• Set the tone at the top = Lead by Example– Responsibility of elected officials and City management– Behave ethically and openly communicate expectations to
employees– Treat all employees equally– Zero tolerance
• Create a positive workplace environment– Focus on employee morale– Empower employees– Communicate
• Hire and promote appropriate employees– Conduct background investigations before hiring or promoting– Check candidate’s education, employment history, references– Continuous and objective evaluation of compliance with entity
values– Violations addressed immediately
Client Logo
1. Anti-Fraud Culture
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 23: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/23.jpg)
• Code of Conduct– Formalized and founded on integrity– Defines acceptable employee behavior– Communicated to all employees– All employees are held accountable for compliance
• Discipline– Sends a strong message throughout the entity– Should be appropriate and consistent– Consequences of committing fraud clearly communicated
throughout the entity
Client Logo
1. Anti-Fraud Culture
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 24: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/24.jpg)
• Oversight Process– City Council/Elected Officials
• Evaluate management’s “tone at the top”, identification of fraud risks and implementation of anti-fraud controls
• Ensure that management implements anti-fraud measures• Consider the potential for management override of controls
– Management• Directs, implements and monitors anti-fraud controls• Sets the ethical tone• Trains employees
– Internal Auditor (if available)• Identifies fraud indicators• Assesses fraud risks• Evaluates anti-fraud controls• Recommends actions to mitigate risks• Investigates potential frauds
Client Logo
1. Anti-Fraud Culture
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 25: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/25.jpg)
• Demonstrate commitment to combating fraud
• Apply to all Elected officials, City management, employees, consultants, vendors, contractors, etc.
• Should include:– Statement of organization’s position on fraud– Scope of the policy – who does it apply to– Management’s responsibility for prevention and detection of
fraud– Definition of fraud– Actions constituting fraud– Fraud reporting process/procedures– Fraud investigation process/procedures– Unit responsible for administration of the policy and
investigating fraud allegations– Statement on anonymity/confidentiality– Consequences
Client Logo
2. Fraud Policy
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 26: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/26.jpg)
• Reviewed and updated regularly.
• Signed off and agreed to by the City Council/Mayor.
• See the ACFE for an example Fraud Policy http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Sample_Fraud_Policy.pdf
Client Logo
2. Fraud Policy
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 27: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/27.jpg)
• All new employees should be trained at time of hiring on the Code of Conduct and Fraud Policy.
• Training should include:– Their duty to communicate certain matters– A list of the types of matters to be communicated along with
examples– How to communicate those matters– Affirmation from senior management regarding employee
expectations and communication responsibilities
• Refresher training periodically
Client Logo
3. Fraud Awareness/Training
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 28: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/28.jpg)
• Enable employees, vendors, customers and others to communicate concerns about known or suspected wrongdoing.
• Telephone, email, internet.
• Anonymous.
• Adequately publicized.
• Internal or External.
• Complaint monitoring and investigation/resolution.
Client Logo
4. Hotline
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 29: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/29.jpg)
• Conduct an annual fraud risk assessment.– Assists management in systematically identifying where and how
fraud may occur and who may be in a position to commit fraud
– Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.
– General steps:• Identify areas and processes to assess• Identify potential fraud schemes in each area/process• Assess likelihood and significant of each scheme• Map existing anti-fraud controls to potential fraud schemes• Test operating effectiveness of antifraud controls• Identify any control gaps and/or deficiencies = Residual risks• Document and report on the fraud risk assessment
Client Logo
5. Assess Fraud Risks
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 30: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/30.jpg)
• Mitigate Fraud Risks– Make changes to activities and/or processes = transfer or eliminate
the risks– Improve anti-fraud controls
• Monitor Fraud Risks– Develop data analytics for management to use to monitor fraud risks– Utilize Internal Audit to conduct audits of risk areas.
Client Logo
5. Assess Fraud Risks
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 31: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/31.jpg)
• All concerns/suspicions of wrongdoing should be reviewed and determination made whether a fraud investigation is warranted.
• Develop a policy for fraud reviews and investigations that specifies:– Who is responsible for the review/investigation– Roles of Legal Counsel, Human Resources, Internal Audit, others– Process for conducting the review/investigation– Documentation requirements– Reporting requirements– When to involve law enforcement
Client Logo
6. Fraud Review/Investigation
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 32: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/32.jpg)
• Gather sufficient information and perform procedures necessary to determine:– Whether fraud has occurred– Loss or exposure associated with the fraud– Who was involved and how it happened
• Must prepare, document and preserve evidence sufficient for potential legal proceedings.
• Include experts = Certified Fraud Examiner (CFE)
Client Logo
6. Fraud Review/Investigation
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 33: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/33.jpg)
• Use lessons learned from any fraud reviews or investigations to improve anti-fraud controls.
• All fraud review and investigations should include a report to management with recommendations for control improvement.
Client Logo
7. Improved Controls
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 34: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/34.jpg)
34
1. Separation of duties 2. Documentation 3. Authorization and
approval 4. Security of assets 5. Reconciliation and review
© 2014 All Rights Reserved Brown Smith Wallace LLC Client Logo
Top 10 Governmental Internal Controls
6. Policies and procedures 7. Fraud Policy and reporting8. Access to systems9. Physical control10. Verification (i.e. pre-
employment)
To ensure proper stewardship of public funds:
![Page 35: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/35.jpg)
Fraud Self Assessment
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 36: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/36.jpg)
Code of Conduct
© 2014 All Rights Reserved Brown Smith Wallace LLC
![Page 37: Risk Management](https://reader036.fdocuments.net/reader036/viewer/2022062711/55ce119cbb61ebeb488b4604/html5/thumbnails/37.jpg)
Ron Steinkamp, CPA, CIA, CFE, CRMA, CGMA
Principal, Risk Advisory Services
Brown Smith Wallace LLC
314.983.1238 (Direct)
© 2014 All Rights Reserved Brown Smith Wallace LLC
Contact Information