Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012

Similar documents
Bilgi Teknolojileri Risk Yönetimi Uygulamaları

Credit Union Liability with Third-Party Processors

Business Resiliency Business Continuity Management - January 14, 2014

Third Party Risk Management 12 April 2012

HOCH CAPITAL LTD PILLAR 3 DISCLOSURES As at 1 February 2015

As of July 1, Risk Management and Administration

Campus Recruiting. Tax. kpmgcampus.com

Introduction. More time to run their business, Less HR cost to reinvest back to their organization and

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Howelliott (Aero)

A Guide to Crowdfunding for Companies Seeking to Raise Capital

FORD UNIVERSITY. Stuart Rowley Vice President and Controller

How to Develop Successful Enterprise Risk and Vendor Management Programs

RISK MANAGEMENt AND INtERNAL CONtROL

Framework for Enterprise Risk Management

Commodity Price Risk Management (CPRM) - Trends and Challenges for Corporates

Capital Requirements Directive Pillar 3 Disclosure. December 2015

LIST OF AVAILABLE COURSES

MANAGING RISK IN EMERGING MARKETS OUR CORE BUSINESS

mysap ERP FINANCIALS SOLUTION OVERVIEW

Enterprise Risk Management & Information Technology

Governance, Risk and Compliance Management SAP Solutions for GRC. Holly Roland GRC Solutions Marketing SAP

NAPCS Product List for NAICS 54161: Management Consulting Services

[Name of Company] [ ] [ ] [ ] [ ] (4) List of states and foreign countries in which qualified to do business. [ ] [ ] [ ] [ ] (5) All Business Plans.

Our Service Offering to SASOL

Microsoft Cloud Strength Highlights Second Quarter Results

How To Manage Risk

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Forensic Services. Third Party Risks. March 2013

Forensic Services. kpmg.hu

8/12/2013. Then. Now. Managing risk and compliance. August 14, 2013

Veritiv Corporation 2Q14 Financial Results. August 13, 2014

KPMG s Financial Management Practice. kpmg.com

Risks and uncertainties

Information about 2015 Inspections

Cyber security Building confidence in your digital future

Domain 1 The Process of Auditing Information Systems

Financial Risk Management Top priorities for Corporate treasuries

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles

Welcome to today s training on how to Effectively Sell SAP ERP! In this training, you will learn how SAP ERP addresses market trends and

Enterprise Data Management

building a business case for governance, risk and compliance

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Information Security Program

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

Change is happening: Is your workforce ready? Many power and utilities companies are not, according to a recent PwC survey

Power issues A PwC üdvözli PwC s services Győrt for the energy sector PwC welcomes Győr

Ford Credit Earns Full-Year 2014 Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion*

Accounting and Management Information Systems Course Descriptions

HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results

a. employees Company; or

Claims Management Services Get help to analyze the problem and execute an effective remediation plan

Vendor Risk Management Financial Organizations

What is reputation / reputation risk? What is a reputation risk?

Strategies for Corporate Social Responsibility

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY

Inca One Gold Corp. Insider Trading Policy

Competency Requirements for Executive Director Candidates

White Paper Governance, Risk Management and Compliance: Sustainability and Integration supported by Technology

462 IBN18 (MAURITIUS) LIMITED. IBN18 (Mauritius) Limited

Saxo Capital Markets CY Limited

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

Appendix A. Specific Learning Objectives by Course

Guide to Internal Control Over Financial Reporting

LGMA Qld Governance and Corporate Planning Village Forum

Operational risk in Basel II and Solvency II

Risk Considerations for Internal Audit

February Audit committee performance evaluation

U.S. SQUASH Whistleblower Policy

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

Procurement Capability Standards

Managing Data as a Strategic Asset: Reality and Rewards

Third-Party Cybersecurity and Data Loss Prevention

Strength in Microsoft Cloud Highlights Q3 Results

Important matters for Securities CFD

Fraud Prevention and Deterrence

Controls and accounting policies

Entrepreneurs Programme - Business Growth Grants

Governance, Risk & Compliance Management. Julian Hunn, Operations Manager Professional Standards

Accenture Advanced Enterprise Performance Management Solution for SAP

Blending Corporate Governance with. Information Security

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

TITLE: Fraud Prevention and Detection Program IDENTIFIER: S-FW-LD-1008 APPROVED: Executive Cabinet (Pending)

TENET HEALTHCARE CORPORATION S QUALITY, COMPLIANCE AND ETHICS PROGRAM CHARTER. Updated May 7, 2014

Governance, Risk and Compliance (GRC) software Business needs and market trends

Fraud Risk Management Procedures

How To Understand The Role Of An Internal Audit

Forensic Audit Building a World Class Program

Transcription:

Anti-Fraud Management Example In Accounts Payable Michael Heckner October 12, 2012

GRC Top Reasons Customers Invest Today Business Process Improvements Systematic, reliable processes Improve predictability and performance Avoid Negative Business Issues Prevent irregularities such as fraud Prevent human errors Avoid financial losses Avoid damage to reputation Compliance Comply with governmental regulations and legislation Comply with industry regulations Comply with internal company policies 2011 SAP AG. All rights reserved. 2

Economic Crime and Errors What Is the Damage Caused by Fraud and Errors? Economic Crime Average fraud loss: 5% of annual revenue One-fourth of the frauds caused at least $1 million in losses ( 2010 Report to the Nation, 2010 by the Association of Certified Fraud Examiners, Inc.) 46% of organizations with 1000+ employees reported suffering at least one significant economic crime in the past 12 months. In addition to direct financial impact there is indirect or collateral damage incl. employee morale, business relations, reputation/brand, relations with regulators, share price, etc. (PwC Global Economic Crime Survey Nov 2009) 40% believe there is a greater risk of fraud in the current economy. Staff reductions resulting in fewer resources deployed on internal controls. (PwC Global Economic Crime Survey Nov 2009) Employee Errors More frequent than crime? Insufficient controls can result in: Procurement Errors Overpayments to Vendors Excessive Rebates to Customers Changes to Payment Terms Accidental Leakage of Intellectual Property Etc. Nearly impossible to track the total financial impact of employee errors Estimates are hard to get Grey zone of criminal behavior High number of unreported cases 2011 SAP AG. All rights reserved. 3

Overview SAP GRC Top-down and bottom-up risk management/ compliance SAP GRC Risk Management Policy Management SAP GRC Process Control Company Wide Procure to Pay Order to Cash IT (General) SAP GRC Access Control Internal Audit Management 2011 SAP AG. All rights reserved. 4

Enterprise Risk Management Business Risks Cause Majority of Losses Head of Risk Management 87% of risks are not financial Operational Hurricane Katrina Data center outage Delivery risk Blast furnace cold run ERP application crash Plant disaster causing production stoppage Environmental/Health West Nile Virus Safety crisis Compliance with environmental standards Food sanitary management problem Climate change Environment pollution Financial Currency exchange rates Interest issue and increasing reserves Accuracy of realistic balance sheet reporting Ability to manage cash Non-transparent markets Economic recession Energy and commodity costs Legal & Compliance Fraud Product liability claims Missed time line for legal changes Embezzlement of parts Safety of goods or products Material risk events encountered in the past three years (for enterprises over US$5 billion in revenue) Strategic Industry consolidation and globalization Error-filled release of software upgrade Change in core product demand Cancellation of major customer contracts Performance standards and service quality Political/Geopolitical Change of government and minority governments Grants and budget changes Constant change of ministers Federal Accountability Act Terrorism Source: IBM Global Business Services, The Global CFO Study 2008. 2011 SAP AG. All rights reserved. 6

Examples of Enterprise Risks (Transportation Industry) Examples of Enterprise Risks Strategic Risks Financial Risks Operational Risks Compliance Risks Freight Rates Liquidity Major Safety Incidents Oil & Gas Prices Credit Risk Major Environ. Incidents Political Risks Foreign Exchange War, terrorism or piracy attack Information Risk Procedures and Human Rights (OECD Standards) Tax Anti-corruption, competition and export control Insurance (Self-Insurance) 2011 SAP AG. All rights reserved. 7

Examples of Enterprise Risks Governance Strategy and Planning Operations Compliance Reporting Corp. Governance Ethics Corp. Responsab./ Sustainab. External Factors Planning Strategy Corp. Assets Finance Human Resources Information Technology Legal Product Development Sales, Marketing & Communic. Supply Chain Compliance Reporting Board Effectiveness / Knowledge Management Addressing Allegations Biodiversity Competition Business Continuity Management (BCM) Alliances Facilities and Equipment Accounting Corporate Culture Architecture Bankruptcy Discontinuance and Divestiture Branding and Reputation Planning Communication and Training Compliance with Accounting Standards and Policies Board Structure and Leadership Communication Climate Change Credit Rating Capital Planning Business Concentration Intangible Assets Audit Quality Health and Welfare Benefits Asset Management Competition Innovation, Research and Development Communication Sourcing Compliance Culture Financial Disclosures Compensation / Performance Incentives / Alignment Corrective Actions and Discipline Community Investment Customer Demands Knowledge Management Business Model Personal Safety Capital Management Human Resources Policies and Procedures Business Continuity Management (BCM) Contract Management Launch Customer Relations / Customer Support Production Compliance Information Management Financial Information Availability Corporate Responsibility & Sustainability Ethical Culture / Tone at the Top Energy Management and Alternative Sourcing Economic Conditions / Industry Trends Operational Planning Customers Physical Security Credit Implications of Significant Events Change Management Corporate Investigations Liability Distribution Delivery Compliance Organization Financial Statement Fraud Reputation / Shareholder Relations Ethics Reporting Fair Trade Certification External Fraud Performance Management Extended Enterprise Process Management Financial Asset Management Labor Relations Contracting and Outsourcing Environmental, Health and Safety Product Design / Quality E-Commerce / Internet Strategy Returns Compliance Reporting Management Reporting Risk Oversight Investigation Natural Resource Utilization and Accounting Geopolitical Scenario Planning Growth Taxation Insurance and Hedging Organization Structure Information Security Finance and Accounting Production Investor Relations and Monitoring Regulatory Reporting Transparency & Financial Integrity Monitoring and Auditing Philanthropy Hazards / Catastrophic Loss Innovation Utilization Liquidity Payroll Operations Government Investigations Substitution Marketing Programs Policies and Procedures Reporting Quality Policies and Procedures Project Financing Laws and Regulations Markets Pensions Performance / Talent Management and Compensation Physical and Environmental Intellectual Property Technology Obsolescence Market Research Risk Assessment Statutory Reporting Program Assessment and Evaluation Resource Scarcity Markets Mergers / Acquisitions / Divestitures Planning / Budgeting / Forecasting Retirement Programs Privacy and Data Protection Labor and Employment Issues Testing Marketing Strategy Supervision Sustainability Reporting Structure and Oversight Sustainability Strategy Third Party / Joint Venture Requirements Outsourcing Taxation Talent Pipeline / Recruitment Problem Management Legal and Regulatory Compliance Timing Public Relations Tax Reporting Training Sustainable Water Quality Policy Training and Development Project Management Legal Entity Planning Sales Strategy Waste Reduction and Closed Loop Production Pricing Records Management Litigation and Dispute Resolution Technology Technology Licensing Privacy and Security Laws Vision, Mission, and Values Records Information Management 2011 SAP AG. All rights reserved. Source: Deloitte Risk Intelligence Map, 8 2009

SAP Risk Management Heatmap Fraudulent AP activities 2011 SAP AG. All rights reserved. 9

Risk Fraudulent Accounts Payable Chief Security Officer / IT Prevent Accounts Payable risk (errors and fraud) 2011 SAP AG. All rights reserved. 10

Risk Fraudulent Accounts Payable Chief Security Officer / IT Prevent Accounts Payable risk (errors and fraud) 1 st Risk Driver: Lack of SoD 2011 SAP AG. All rights reserved. 11

Risk Fraudulent Accounts Payable Chief Security Officer / IT Prevent Accounts Payable risk (errors and fraud) (resulting from lack of SoD) 1 st First Driver: Lack of SoD 2011 SAP AG. All rights reserved. 12

Risk Fraudulent Accounts Payable Chief Security Officer / IT Prevent Accounts Payable errors and fraud (resulting from lack of SoD) Access Control 2011 SAP AG. All rights reserved. 13

Risk Fraudulent Accounts Payable Head of Internal Head of Compliance Chief Security Officer / IT Question: Prevent Are Accounts SoD violations Payable the only errors risk to and the fraud Accounts (resulting Payable from lack Process??? of SoD) IT General Control 1: Access Control 2011 SAP AG. All rights reserved. 14

Risk Fraudulent Accounts Payable Head of Internal Audit,, Compliance Chief Security Officer / IT Example: What about abuse of one time vendor accounts??? Process-Level Control 1: Accounts Payable IT General Control 1: Access Control 2011 SAP AG. All rights reserved. 15

Risk Fraudulent Accounts Payable Head of Internal Audit,, Compliance Chief Security Officer / IT Payments Example: What about abuse of one time vendor accounts??? Date Vendor Amount 1.10. ABC Chemicals 1,599.- 2.10. Anonymous1 1,000.- 2.10. Northstar Energy 563.- 5.10. Anonymous1 10,000.- 9.10. Hardware Central 23,618.- Process-Level Control 1: Accounts Payable IT General Control 1: Access Control 2011 SAP AG. All rights reserved. 16

Risk Fraudulent Accounts Payable Head of Internal Audit,, Compliance Chief Security Officer / IT Example: What about other process level risks in Accounts Payable??? Process-Level Control 1: Accounts Payable Process-Level Control n: Accounts Payable IT General Control 1: Access Control 2011 SAP AG. All rights reserved. 17

Risk Fraudulent Accounts Payable Head of Internal Audit,, Compliance Chief Security Officer / IT Business Necessity: Process and Access Level to protect AP process Process-Level 1-n: Accounts Payable IT General Control 1: Access Control 2011 SAP AG. All rights reserved. 18

Other Risks? In Other Processes? At the IT-Level? Head of Internal Audit,, Compliance Chief Security Officer / IT What about other processes and their controls? Process 1: Procure to Pay Process n: Order to Cash IT General Control 1: Access Control IT General Control n: 2011 SAP AG. All rights reserved. 19

Other Risks? In Other Processes? At the IT-Level? Head of Internal Audit,, Compliance Chief Security Officer / IT Group/Entity: Company Wide Group/Entity: Company Wide Process 1: Procure to Pay Process n: Order to Cash IT General Control 1: Access Control IT Control n: (IT General) 2011 SAP AG. All rights reserved. 20

SAP Process Control Control at all levels Head of Internal Audit,, Compliance Chief Security Officer / IT SAP Process Control Group/Entity: Company Wide Group/Entity: Company Wide Process 1: Procure to Pay Process n: Order to Cash IT General Control 1: Access Control IT Control n: (IT General) 2011 SAP AG. All rights reserved. 21

Risk-based Approach to Internal Head of Risk Management Head of Internal Audit,, Compliance Chief Security Officer / IT SAP Risk Management SAP Process Control Group/Entity: Company Wide Group/Entity: Company Wide Process 1: Procure to Pay Process n: Order to Cash IT General Control 1: Access Control IT Control n: (IT General) 2011 SAP AG. All rights reserved. 22

Continuous Monitoring Example Accounts Payable Manager - Dashboard 2011 SAP AG. All rights reserved. 23

Continuous Monitoring Example Accounts Payable Manager: Issues Report 2011 SAP AG. All rights reserved. 24

Continuous Monitoring Example Drill-Down into One-Time Vendor Issue 2011 SAP AG. All rights reserved. 25

Continuous Monitoring Example Accounts Payable Manager: Issues Report 2011 SAP AG. All rights reserved. 26

Continuous Monitoring Example Drill down into Segregation of Duties Issue 2011 SAP AG. All rights reserved. 27

Achieving Higher Confidence # controls Manual time Today 2011 SAP AG. All rights reserved. 28

Achieving Higher Confidence Lower Cost # controls Cost Reduction Less Manual Labor Less Pushback from the Business Lower Cost of Preparing for an Audit Manual Automated Manual time Today Maturity Level 1 2011 SAP AG. All rights reserved. 29

Achieving Higher Confidence Lower Cost and Business Process Improvement # controls Cost Reduction and Process Improvement Less Manual Labor Less Pushback from the Business Lower Cost of Preparing for an Audit More controls More granularity Higher frequency of checks Consistency Automated Manual Automated Manual Manual time Today Maturity Level 1 Maturity Level 2 2011 SAP AG. All rights reserved. 30

Achieving Higher Confidence Lower Cost and Business Process Improvement # Cost Reduction and Process Improvement Automated Assurance Manual Automated Manual Manual Cost Time Today Maturity Level 1 Maturity Level 2 2011 SAP AG. All rights reserved. 31

Managing Risk and Compliance SAP GRC Solutions CEO / CFO Managing Risk and Compliance ensures all categories of risk across the organization are aggregated at the enterprise level and managed holistically Head of Risk Management Head of Compliance/ / Internal Audit Head of Internal Audit/ Chief Security Officer Head of Internal Audit Enterprise Risk Management Risk-Based Internal Access Management Audit Management Risk Planning SAP GRC Solution Risk Risk SAP Identification Analysis Risk Response SAP Risk Mgmt Risk Monitoring Document Compliance Process Initiatives Control Plan and Perform Assessments and Tests SAP Remediate Issues and Certify Results Access Planning Control Access Analysis & Response SAP Access Monitoring NetWeaver Planning Audit Mgmt Manage Audit Engagements Remediation 2011 SAP AG. All rights reserved. 32

Questions? Michael Heckner Sr. Director, EMEA Solutions Business Development Phone +49 (170) 8 555 125 Michael. Heckner @ sap. com www.sap.com/grc 2011 SAP AG. All rights reserved. 33

Thank You! Contact information: Michel Heckner Sr. Director, EMEA Solution Business Development (GRC) Zeppelinstrasse 2 85399 Hallbergmoos/München + 49 6227 7 54143

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information