Fraud Risk Management and Internal Audting

Similar documents
Fraud-Related Compliance

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Fifth annual survey. Look before you leap Navigating risks in emerging markets

How To Understand And Understand Forensic Accounting

Forensic Audit Building a World Class Program

Fraud Risk Management Procedures

1/17/2013 FRAUD RISK MANAGEMENT PROGRAM SESSION OBJECTIVE AND OUTLINE

FCPA Compliance: An Investigator s Perspective. By Joseph Picarello

TRANSNATIONAL JOINT VENTURES. & the importance of fcpa compliance

The SEC's New Whistleblower Program: What It Means for Companies and How to Respond. July 22, 2011

September 28, Audit s Role in Governance, Risk Management and Internal Control

Fraud and the Government Internal Auditor

PHILIP H. HILDER H I L D E R A N D A S S O C I A T E S, P. C L O V E T T B L V D. H O U S T O N, T E X A S W W W

Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you

Sharon Kurek, CPA, CFE Director of Internal Audit

6 TH ANNUAL JOINT ACFE & IIA FRAUD CONFERENCE The Whistleblower Programs. April 17, Presented by:

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Securities Litigation Alert The Foreign Corrupt Practices Act: The Next Corporate Scandal?

A Framework for Managing Crime and Fraud

BDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.

COMPLIANCE: THE NEW INTERNATIONAL LAW

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA

Antifraud program and controls assessment grid*

Fraud Prevention and Deterrence

Fraud-Related Compliance

Regulation for Compliance with Anti-Corruption Acts

Michael Volkov Partner, Washington, DC Richard M. Rosenfeld Partner, Washington, DC

Fraud-Related Compliance

APEC General Elements of Effective Voluntary Corporate Compliance Programs

ANTI BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

Managing the Business Risk of Fraud: A Practical Guide

Fraud and Role of Information Technology. September 2008

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

FCPA and International Compliance

Does Fraud Matter? ASIS Middle East Security Conference and Exhibition Dubai, February 16, Torsten Wolf, CPP Head of Group Security Operations

Warning Signs and the Red Flag System

Deloitte Forensic Fraud Risk Management

Worldwide Anti-Corruption Policy

FRAUD PREVENTION STRATEGIES FOR HEALTH CARE A FORENSIC ACCOUNTANT S PERSPECTIVE

Introduction to the U.S. Foreign Corrupt Practices Act

BUILDING AN EFFECTIVE COMPLIANCE AND ETHICS PROGRAM

Guidance from the FCPA Experience Building an Effective Approach to the UK Bribery Act

PHOENIX NEW MEDIA LIMITED FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

The Compliance and Ethics Essentials Toolkit

U.S. Foreign Corrupt Practices Act for Beginners

The Long Arm of the U.S. Foreign Corrupt Practices Act: Complying with the FCPA in the Vietnamese Landscape

Glossary 2. About this chapter About fraud and corruption prevention and control 4

For Private circulation only Creative. Clear. Focused. Forensic Services

FCPA 10 Hallmarks Self- Assessment

Diploma in Forensic Accounting (Level 4) Course Structure & Contents

Managing FCPA (Foreign Corrupt Practices Act) Risks

SPIES AMONG US? Understanding and Demystifying the New Dodd-Frank Whistleblower Provisions

The ITAR and the FCPA: What You Disclose May Hurt You. October 7, 2014

WHISTLE BLOWING POLICY & PROCEDURES

LATEST ON THE DODD-FRANK ACT AND INTERNATIONAL COMPLIANCE RISKS

Foreign Corrupt Practices Act Policy August 19, 2015

Understanding the Foreign Corrupt Practices Act. A training program for Evergreen

Riverside Community College District Policy No Human Resources

Fraud Control Theory

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

Developing and Implementing a Fraud Risk Assessment. Josh Shilts CPA/CFF, CFE

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

Key Trends, Issues and Best Practices in Compliance 2014

RISK ASSESSMENT CHECKLIST

N a t i o n a l F u n e r a l D i r e c t o r s A s s o c i a t i o n

Fraud Prevention Policy

Michael B. Schwartz. An anti-money laundering and Bank Secrecy Act compliance. Principal, Advisory KPMG Forensic SM

LANTHEUS HOLDINGS, INC. Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy

FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY

Anti-Bribery Provisions of the Foreign Corrupt Practices Act: Application to Foreign Corporations and Individuals

FCPA / Anti-Corruption Due Diligence What You Don't Know Can Hurt You

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

Professional Certificate in Ethics and Anti-Corruption Compliance

2016 The global ABB integrity program.

Transcription:

Fraud Risk Management and Internal Audting Waheed Alkahtani CFE and CCEP-I Saudi Aramco Internal Auditing Special Audits Division Copyright 2015, Saudi Aramco. All rights reserved. February 2015 What do you know of Fraud Risks occurring in our business? Is it the tip of the ICEBERG? Has responsibility for managing fraud risk been clearly defined? What systems are in place to detect fraud and irregularity? Do you have reporting channels and are staff aware of them? Questions: Getting the Big Picture 1

What Why Who How Today s Agenda is Fraud Risk Management? is it important? is Responsible? to establish a forensic accounting unit. Fraud Risk Management Section One Fraud: is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Fraud Risk Management: a process, effected by an entity s board/council, management and other personnel, applied in strategic setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the achievement of entity objectives. Fraud and Risk Management 2

Assessment Risk Management Mitigation Plan Fraud Risk Management Why It is Risky? The top 10 risks that Internal Audit departments will focus on across the next 6 12 months. Corruption and Bribery Risky Areas 2013 CEB Audit Leadership Council 3

All organizations are subject to fraud risks. Frauds have led to the downfall of entire organizations. Massive investment losses. Significant legal costs. Loss of key individuals and image. Many fraud cases involve safety. Why do we want to Control FRAUD? Lack of formal fraud risk management processes represents the highest risk, beyond those identified in ordinary business operations. Ethic Resource Center (ERC) Fraud Risk Management Company Boeing Artificial joint makers Tenet Columbia/HCA AIG Marsh & McLennan Fannie Mae KPMG Tyco Cardinal Health Pharmas Siemens Prudential UnitedHealth Group Cost $615 million $317 million $900 million $1.7 billion $1.5 billion $850 million $400 million $465 million $750 million $600 million $2.4 billion $463 million $2.8 billion, + fines $915 million Bob Rudloff, Vice President, Internal Audit, MGM MIRAGE The Cost of Fraud 4

Siemens $1.6 billion (2009) Bribery on an institutional scale across countries Halliburton $177 million (2009) EPC contract scheme in Nigeria for disgorgement of profits KBR $402 million (2009) Bribes related to payments to Nigerian officials Baker Hughes $11 million (2008) Related to bribes to Kazakhstan officials for a Kazakhstan project. Chevron $4.7 million (2010) FCPA violations Marathon Oil $4.7 million (2010) FCPA violations Shell $236.5 million (2010) FCPA customs bribery issues in Nigeria Alcatel Lucent $92 million (2010) Failure of responsible executive to conduct appropriate due diligence on a third-party IBM $10 million (2011) Penalties for bribes for Korean and Chinese officials Foreign Corrupt Practices Act (FCPA) Technology Competition Mergers JV Global Operations Risks Transformation Organizational Risks Local Employment and labor laws Global Anti-trust and Anti-corruption regulations, such as FCPA and UK bribery acts. Organizational Risks 5

Know Do we Now Why it is important? Who Owns Fraud Risks? Section Three The Gate Keeper 6

IA LAW HR Security Who manages the RISK? Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. In relation to fraud, this means that internal auditing provides assurance to the board and to management that the controls they have in place are appropriate, given the organization s risk appetite. Internal Auditing Fraud Risk Assessment Internal auditors should consider the organization s assessment of fraud risk when developing their annual audit plan and periodically review management s fraud management capabilities. Communicate and Report They should interview and communicate regularly with those conducting the organization s risk assessments, as well as others in key positions throughout the organization, to help them ensure that all fraud risks have been considered appropriately. Internal Controls When performing engagements, internal auditors should spend adequate time and attention to evaluating the design and operation of internal controls related to fraud risk management. Role of the Internal Audit IIA Practice Advisory 2130-1 21 7

Watch Red Flags They should exercise professional skepticism when reviewing activities and be on guard for the signs of fraud. Respond Active Role Potential frauds uncovered during an engagement should be treated in accordance with a well-defined response plan, consistent with professional and legal standards. Internal auditing should also take an active role in support of the organization s ethical culture. Role of the Internal Audit IIA Practice Advisory 2130-122 Standards and Procedures Oversight Education and Training Monitoring and Auditing Report Enforcement and Discipline Response and Prevention The 7 elements Society of Corporate compliance and Ethics (SCCE) The 7 Elements HR IA LAW Standards and procedures Standards and procedures Review and evaluate Education and Training Periodically Risk Assessed Monitoring and Auditing Report Enforcement and discipline Response and Prevention Basic compliance elements 24 8

Cyber Crimes White Collar Crimes Property Crimes Violent Crimes Who Manages Fraud? White-collar Crime Occupational Money laundering Identity theft Copyright infringement Black/White Gray Area White-Collar Crime Classes of Occupational Fraud 9

Cyber Crimes Property Crimes White Collar Crimes Violent Crimes Occupational Fraud Occupational Fraud Independent Authorized Competent Consistency Who Investigates Fraud? Best Practice ACFE, AICPA, IIA, and SCCE National Anti Corruption Commission Independent and report directly to the cabinet Dubai Financial Audit Department Directly to the ruler of Dubai Fraud Investigation in Government Sectors 10

1. Total, Internal Auditing. 2. ConocoPhillips, The Company s Audit and Finance Committee will oversee treatment of employee concerns. 3. ExxMobile, Internal Audit has primary responsibility for investigating violations of the Corporation's internal controls. 4. Chevron, Investigative Audits, the Audit Committee. 5. Statoil, Chief Auditor. 6. Dow Chemical, Fraud Investigative Services, Corporate Auditor. Fraud Investigation in Private Sectors As director of Fraud Investigation Services, I report directly to Dow's Corporate Auditor. We have four full-time staff members, all directly involved in investigations. Their backgrounds vary and include accounting, business administration, criminal justice, law and certified fraud examination. Much of our time is spent analyzing data and documents, interviewing employees, documenting findings, and traveling approximately 30% to 40% of the time in North America and overseas. The Dow Chemical Company's Success Story For every $1 we spend on investigating fraud, we recover nearly $4, which is very high by industry standards. Oh one more thing 11

The How to Question Section Four Assess Adjust Change Management Build Measure Change Management Theory Correction Policy Investigation Reporting Behavior Analysis Changing Minds Transparency Assessment Fraud Risk Assessment Consider potential fraud schemes Evaluate he likelihood and significance Mitigation Plans Correction Fraud Prevention Code of Conduct Business Ethics Whistleblower Policy Hotline Hotline Unscheduled Audits Red Flags/Fraud Indicators Monitoring and Data Mining Detection Awareness Top Management New Hires Vendors and Contractors All means Anti-Fraud Program Minimum Level of Protection 12

What... Can Should Must Be Done? You must be the change you wish to see in the world. Set the Tone from the Top Building Blocks 13

Gray Area Not Enough Accountability Overlapping Inefficient Redundancy Dark No Accountability Gap Analysis Methodology Small Establish ownership and accountability. Outsource. Medium Establish ownership and accountability. Formation of forensic investigations. Large Internal unit to address prevention, detection, investigation and remediation of fraud. How to respond to an incident SCCE ACFE Five vs. Seven 14

Standards and Procedures Oversight Education and Training Monitoring and Auditing Report Enforcement and Discipline Response and Prevention The 7 elements Principle 1 Principle 2 Principle 3 Principle 4 Principle 5 Policy to convey the expectations of the board of directors regarding managing fraud risk. Periodically Risk Assessed. Prevention and awareness techniques to avoid potential key fraud risk events. Detection techniques should be established to uncover fraud events. A monitoring and reporting process should be in place to solicit input on potential fraud. The 5 Principles The following elements should be found within a fraud risk management and compliance program: 1. Fraud Prevention and Awareness Services 2. Fraud Forensic and Validation Services 3. Fraud Investigation and Correction Services 4. Business Compliance Services Elements of an Anti-Fraud Program 15

Awareness Program Hotline Administration Case validation Computer Forensic Data Mining Prevention Validation Compliance Manager Compliance Investigation Compliance assessment Fraud Indicators and Trends Reporting Investigation Correction The New Model Allegation Initial Assessment Investigation Reporting Management Actions Anonymous Tip Verification/ Evaluation Proponent Notification Relevant Facts Proponent Internal Audit Management Data Analysis IT Forensics IT Forensics/ Data Mining Case Outline General Auditor Authorizes an Investigation Interviews/ Profiling Case Recommends Review by Personnel Review by Legal GA Hotline Baseline Interviews Document Examination Quality Review COI and SRC Rev & Decision Data Analysis Government Agencies In Conclusion Final section 16

It is a danger zone with a high risk area. FCPA Company will be liable if it knows or has reason to know. It will not protect you. 17

Don't think there are no crocodiles because the water is calm. If you ever think you re too small to be effective, you have never been in bed with a mosquito. Act now Q&A 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information