Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption



Similar documents
STAYING AHEAD OF THE PACK: EMERGING TRENDS & ISSUES WHISTLEBLOWING AFTER DODD-FRANK: A NEW WORLD

Developing a Fraud Risk Management Program

Fraud Prevention and Deterrence

Deloitte Forensic Fraud Risk Management

Centre for Corporate Governance. Sample listing of fraud schemes

Developing and Implementing a Fraud Risk Assessment. Josh Shilts CPA/CFF, CFE

Red flags of fraud. Joseph Chianese Ian Haimoff John McSwain Melissa Wiseman

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Fraud Control Theory

Using analytics in banks Smarter continuous monitoring. Deloitte Forensic Center

February Audit committee performance evaluation

COSO 2013 Internal Control Framework

Forensic Audit Building a World Class Program

Centre for Corporate Governance. Managing the business risk of fraud: New guidance for a new risk environment

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

7/22/2014. From Treadway To the Cube ( ) So, Who is COSO? What Does COSO Do?

Fraud Risk Management providing insight into fraud prevention, detection and response

Antifraud program and controls assessment grid*

Fraud Prevention and Detection in a Manufacturing Environment

Analytics for Shared Services The three-minute guide

SEC WHISTLEBLOWER RULES UNDER DODD- FRANK. Presented by: Michael A. Saslaw September 12, 2013 Matthew J. Jacobs David R. Woodcock Barefoot Bankhead

Consideration of Fraud in a Financial Statement Audit

Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you

Can Financial Statement Auditors Detect More Fraud? How Can PCAOB Make that Happen?

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Fraud Risk Management

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS

Fraud and Role of Information Technology. September 2008

Risk Considerations for Internal Audit

Cybersecurity The role of Internal Audit

Shrinking retail shrink Using analytics to help detect fraud and grow margins

Fraud-Related Compliance

Does Providing Tax Services Impair Auditor Independence? Evidence from Assessing Tax Accrual Quality

Service Organization Control (SOC) Reports

2015 FINRA and SEC Examination Priorities Summary and Comparison. January 2015

Deloitte Forensic Center. Anti-corruption practices survey 2011 Cloudy with a chance of prosecution?

2016 Audit service S plan North Simcoe Muskoka Local Health Integration Network

For Private circulation only Creative. Clear. Focused. Forensic Services

The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements

SEC s Whistleblower Program Under the Dodd-Frank Act

INTERNATIONAL STANDARD ON AUDITING 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Tax analytics The three-minute guide

FRAUD RISK ASSESSMENT

Deloitte Adriatic Forensic Services Save 5% of your income. Say NO to fraud.

Sustainability Analytics The three-minute guide

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

6 TH ANNUAL JOINT ACFE & IIA FRAUD CONFERENCE The Whistleblower Programs. April 17, Presented by:

Extending Security Analytics to support Operational Efficiency. John A. Greco Deloitte & Touche LLP Cyber Risk Services

U.S. CFO Program The Four Faces of the CFO Deloitte Touche Tohmatsu

Fraud Analytics The three-minute guide

Key Elements of Effective FCPA Remediation: Earning DOJ and SEC s High Premium Jonny Frank Rex Homme * February 2013

How To Understand And Understand Forensic Accounting

RISK ASSESSMENT CHECKLIST

The Dodd-Frank Act: Update on Whistleblowing and Anti-retaliation

Internal Audit Landscape 2014

Centre for Corporate Governance. Fraud Response Management: Is your organization prepared to execute an efficient and effective response?

IPPF Practice Guide. Internal Auditing and Fraud

LGMA Qld Governance and Corporate Planning Village Forum

Leveraging Big Data to Mitigate Health Care Fraud Risk

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA

1/17/2013 FRAUD RISK MANAGEMENT PROGRAM SESSION OBJECTIVE AND OUTLINE

FINANCIAL REFORM LEGISLATION OFFERS WHISTLEBLOWERS LUCRATIVE INCENTIVES AND ROBUST PROTECTION. Philip H. Hilder 1 Sunida A.

FRAUD PREVENTION STRATEGIES FOR HEALTH CARE A FORENSIC ACCOUNTANT S PERSPECTIVE

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

Reducing claims fraud A cross-industry issue

Performing Fraud Risk Assessments

Diploma in Forensic Accounting (Level 4) Course Structure & Contents

Reporting misconduct

Fraud Risk Management Procedures

SPIES AMONG US? Understanding and Demystifying the New Dodd-Frank Whistleblower Provisions

UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION. SECURITIES EXCHANGE ACT OF 1934 Release No / June 24, 2010

SAMPLE FRAMEWORK FOR A FRAUD CONTROL POLICY

Fraud Prevention Policy

Preparing for a Post Dodd Frank World

Dodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now

Addressing Cyber Risk Building robust cyber governance

Managing Risk Beyond a Plan's Direct Control: Improving Oversight of a Health Plan's First Tier, Downstream, and Related (FDR) Entities

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

FRAUD RISK & INTERNAL AUDIT

CHAPTER 12 AUDITING LONG-LIVED ASSETS: ACQUISITION, USE, IMPAIRMENT, AND DISPOSAL

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Whistleblower Provisions of the Dodd-Frank Act. Agenda. Dodd-Frank Act 9/13/2010

The Differentiator A Great Internal Auditor. The Institute of Internal Auditors of Thailand

Developing Your Strategic Plan

February Sample audit committee charter

Sample risk committee charter

Sprint with Scrum and get the work done. Kiran Honavalli, Manager Deloitte Consulting LLP March 2011

Managing the Business Risk of Fraud: A Practical Guide

Fraud Risk Management and Internal Audting

SEC s Proposed Rules for Implementing Dodd-Frank Whistleblower Provisions: Important Implications for Employers. November 12, 2010

Risk Assessment Standards Toolkit. Practical Guidance in Implementing SFAS

ENTERPRISE RISK MANAGEMENT POLICY

Preventing Fraud: What are the central securities depositories doing to mitigate this risk? Cancún, May 21, 2015

Information Memo Securities Law June 2011

Escrow Accounting and Internal Controls

Consumer products analytics The three-minute guide

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Deloitte Forensic Protecting your business in the Banking sector

Transcription:

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption Toby Bishop, Director, Deloitte Forensic Center Deloitte Financial Advisory Services LLP Contents Why corporate resiliency? What can we do differently? A COSO-consistent approach to fraud risk management Fraud risk management improvement opportunities Evaluating your organization s fraud risk management capability Questions & answers Conclusion 1 1

Why corporate resiliency? A convergence of factors Globalization Risk surprises Risk management process issues Greater enforcement 3 2

suggest a different risk management strategy may be desirable Recognize the prevailing risks of fraud and corruption Plan to survive and succeed despite them Corporate Resiliency 4 What can we do differently? 3

Some steps toward corporate resiliency 1. Fraud risk ownership and oversight 2. Proactive risk management strategies 3. Advance preparation of responses to fraud 4. Focus on antifraud performance, not just compliance 6 ACOSO it t h A COSO-consistent approach to fraud risk management 4

A COSO-consistent approach to fraud risk management Tone at the top Code of conduct/ethics Whistleblower hotline Investigation process Creating a Control Environment Identify fraud risk factors, fraud risks and fraud schemes Monitoring effectiveness of antifraud programs and controls Monitoring Activities AFPC Performing Fraud Risk Assessments Effective communication of antifraud programs and controls throughout Sharing Information and Communication Designing and Implementing Antifraud Control Activities (AFPC = Antifraud Programs & Controls) Link or map identified fraud risks to control activities 8 F d i k t Fraud risk management improvement opportunities 5

The Antifraud Roadmap Evaluate Identify Action Plan Mitigate Monitor Respond Evaluate current status and effectiveness of an organization s approach to implementing antifraud programs and controls Assess, define, and document fraud risks and control effectiveness. Establish fraud risk profile by analysis of risk against controls. Develop a fraud action plan based on findings and identify activities that defines next steps to address an organization's antifraud program activities. Enhance, implement, and maintain preventative and detective control activities, which mitigate fraud risks identified during assessment. Enable continuous monitoring activities through technology and ongoing review activities to alert management of potential fraud. Incorporate findings into annual fraud risk assessment process. Assist in responding to potential occurrences of fraud. Culture/ Attitude Survey Fraud Risk Assessment Fraud Risk Action Plan Fraud Awareness Training Continuous Monitoring Tools Fraud Case Management Tools Diagnosis Mitigate Deficiencies Data Analytics Fraud Response 10 Management s fraud risk assessment sample detailed documentation Fraud Risk Factor Fraud Risk Fraud Scheme/ Scenarios Account Balance Affect Potential Person(s) involved Type Likelihood Significance Inherent Risk Control Activities Control Type CDER CIER CRR Residual Risk 1 Public Overstatement of companies for the same amount within a Accounts Transactions may include sales between Revenue/ Company/U nrealistic Sales short time period, or they may involve a receivable Earnings Roundtrip loan to or investment in a customer so Expectations Transactions that the customer has the ability to purchase the goods (vendor financing). Liberal exchange or return policies without appropriate reserve improper accounting for liberal or unconditional right of return Other sham transactions or on products shipped for trial or evaluation purposes Sales agents Finance Management F2 4 4 8 High 22.1.1.1. Business Approval Matrix Prior to booking a contract, does a member of Sales accounting (or local equivalent) review the contract package to ensure that all appropriate p approvals and required documentation have been obtained in accordance with the documented policy (business approval matrix)? P 2 2 4 12 effective residual controls risk 22.1.1.2 standard contract review checklist is such review documented in the standard contract review checklist and signed off sales accounting management (or local equivalent) for all contracts? P 22.1.1.3 Revenue Recognition Review Contracts > $1M Prior to booking, are contracts with either a gross value of greater than $1 million or have non standard terms reviewed for revenue recognition considerations by the revenue recognition senior manager? Is such review and approval documented? d? (Such review is typically done in the proposal stage) (Corporate) P 22.1.1.4 Internal Audit Review contracts > $1M Internal audit anticipates that management can override controls and performs procedures, such as confirming the particulars of the contract with the customer in writing, on a regular basis to test against the override of controls. D 11 6

Management s fraud risk assessment sample heat map summary 7 2 3 1 1. Intentionally recording sales prematurely 2. Bribery/corruption 3. Creating fictitious sales 8 6 5 4 4. Fraudulent claims by retail customers 5. Intentional overcharges by vendors 6. Intentional overstatement of assets used to secure finance Significan nce 10 Likelihood Sample fraud & corruption risk heat map only. Ratings will vary by 9 company. 7. Unauthorized trades in financial markets 8. Unsupportable product performance statements 9. False employee expense report claims 10. Employee embezzlements 12 Whistleblowing and the new race to report The Dodd-Frank Wall Street Reform and Consumer Protection Act Section 922 Created awards of 10-30 percent of monetary sanctions For whistleblowers who report to the SEC Original information Leading to securities law enforcement actions that recover more than $1 million 13 7

Whistleblowing and the new race to report The Dodd-Frank Wall Street Reform and Consumer Protection Act Section 922 Created awards of 10-30 percent of monetary sanctions For whistleblowers who report to the SEC Original information Leading to securities law enforcement actions that recover more than $1 million 14 Potential strategic use of technology to deter and detect fraud Significan nce Focused use to test transactions and timely detect unexpected high-risk violations Generally reactive use to assess the extent of violations identified Likelihood Data mining and continuous auditing to detect expected violations Selective use to test and enhance processes and controls and to deter fraud Treating basic CAATS skills as a core competency for all internal auditors could enhance fraud deterrence and detection Sampling 100% and publicizing it enhances deterrence and detection Reconciling data provided to G/L helps ensure data is complete 15 8

Evaluating your organization s fraud risk management capability Evaluating your organization s fraud risk management performance Managing the Business Risk of Fraud A Practical Guide Produced by IIA, AICPA and ACFE Free download at www.theiia.org/guidance/additionalresources/managing-the-business-risk-of-fraud/ Corporate Resiliency Self-Assessment Tool Found on pages 42-44 of the book Corporate Resiliency: Managing the Growing Risk of Fraud and Corruption by Toby Bishop and Frank Hydoski (Wiley, 2009) www.deloitte.com/us/corporateresiliency Deloitte Anti-fraud Programs & Controls Diagnostic Ask your Deloitte partner for more information 17 9

Anti-fraud Programs and Controls Diagnostic Sample Results Survey Results The radar chart is comprised of 5 key components of Antifraud Program and Controls derived from COSO s Internal Control Integrated Framework. The chart provides a graphical representation of review results. Evaluation helps identify opportunities for performance improvement, not just the minimum standards for compliance with SOX 404 Non-Existent COSO Consistent 18 Deloitte Forensic Center resources Book: Corporate Resiliency: Managing the Growing Risk of Fraud and Corruption (Wiley, 2009) Article: Mapping Your Fraud Risks, in Harvard Business Review (October 2009) More information at: www.deloitte.com/forensiccenter 19 10

What questions do you have? Conclusion 1) Discoveries of fraud are expected to increase 2) Companies would be wise to prepare 3) Understand, d prioritize iti and manage your company's fraud risks 4) Have a robust program to prevent, deter, detect, and respond to fraud 5) Proactive tools and data analytics may help you identify frauds earlier Corporate resiliency doesn't guarantee survival and success, but a lack of resiliency 21 11

Contact information Toby Bishop Director, Deloitte Forensic Center Deloitte Financial Advisory Services, LLP +1 312 486 5636 tobybishop@deloitte.com Deloitte Forensic Center www.deloitte.com/forensiccenter 22 Disclosure This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice di or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. 23 12

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Member of Deloitte Touche Tohmatsu Limited 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information