Fraud Risk Management providing insight into fraud prevention, detection and response



Similar documents
For Private circulation only Creative. Clear. Focused. Forensic Services

Deloitte Forensic Protecting your business in the Banking sector

Deloitte Forensic Fraud Risk Management

Fraud Risk Management

Forensic Audit Building a World Class Program

Fraud Prevention and Deterrence

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Cyber Security Evolved

Fraud Prevention Policy

Antifraud program and controls assessment grid*

Fraud and the Government Internal Auditor

Risk Considerations for Internal Audit

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Addressing Cyber Risk Building robust cyber governance

2016 The global ABB integrity program.

February Audit committee performance evaluation

The Internal Audit fraud challenge Prevention, protection, detection

ISOLATE AND ELIMINATE FRAUD THROUGH ADVANCED ANALYTICS. BENJAMIN CHIANG, CFE, CISA, CA Partner, Ernst and Young Advisory Singapore

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

FRAUD PREVENTION STRATEGY FOR UGU DISTRICT MUNICIPALITY (UGU)

Fraud Prevention Checklist for Small Businesses

Forensic Services. kpmg.hu

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Fraud Prevention and Detection in a Manufacturing Environment

BDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.

Compliance in motion A closer look at the Corporate Sector. Deloitte Risk Services March 2015

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

ACFE FRAUD PREVENTION CHECK-UP

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

The Companies Act The Social and Ethics Committee and the management of the Ethics Performance of the Company

Being protected Using data analytics to detect fraud

Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you

Deloitte Analytics. Trusting big data: Perspective on data governance as a customer analytics investment

Compliance Requirements for Healthcare Carriers

Deloitte Forensic. Deloitte Forensic. Capability Statement

Strong Corporate Governance & Internal Controls: Internal Auditing in Higher Education

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

Glossary 2. About this chapter About fraud and corruption prevention and control 4

Managing social media risks to reputation risk A hot topic on the board agenda

NamCode. The Corporate Governance Code for Namibia

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Preemptive security solutions for healthcare

Fifth annual survey. Look before you leap Navigating risks in emerging markets

U.S. SQUASH Whistleblower Policy

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

RISK MITIGATION SERVICES. Take-and-Use Guidelines for Chubb Crime Insurance Customers

Cybersecurity and internal audit. August 15, 2014

Fraud Risk Management

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

SPG 223 Fraud Risk Management. June 2015

Compliance and Ethics at the Federal Reserve Bank of New York

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

ICC Guidelines on Whistleblowing

CAPABILITY STATEMENT CONTROL RISKS MEXICO

Guidance ETHICAL PROCUREMENT AND SUPPLY

Puerto Rican Family Institute, Inc.

FFIEC Cybersecurity Assessment Tool

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

The Informatica Solution for Improper Payments

Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Fraud Risk Management Procedures

IBM SECURITY QRADAR INCIDENT FORENSICS

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Introducing SAP Fraud Management. Jérôme Pugnet

Into the cybersecurity breach

Cybersecurity The role of Internal Audit

Introduction to Social Compliance & Its Business Benefits

Internal Auditing: Assurance, Insight, and Objectivity

Data synthesis in fraud detection and prevention for telecommunications service providers

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

CYBER SECURITY TRAINING SAFE AND SECURE

KNOW YOUR THIRD PARTY

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs

WHITE PAPER Third-Party Risk Management Lifecycle Guide

FRAUD PREVENTION STRATEGIES FOR HEALTH CARE A FORENSIC ACCOUNTANT S PERSPECTIVE

Regulatory Compliance Management for Energy and Utilities

Continuous Network Monitoring

Transcription:

Fraud Risk Management providing insight into fraud prevention, detection and response For private circulation only www.deloitte.com/in

Fraud follows opportunity and attacks weakness. Know where you are vulnerable and how to take control. 2

Introduction Increase in the levels of scrutiny by Appearing in the form of Regulators Government 58% Documented of respondents have increased their focus on fraud risk management Fraud Policy Increased Employee communication Enhanced fraud risk monitoring Having a reputation for integrity is crucial to safeguarding market confidence and public trust. Unfortunately, fraud and misconduct can seriously undermine such efforts, exposing an organisation to legal, regulatory, or reputational damage. That is why experienced business leaders work to ensure that they have an effective approach to mitigating these risks. This is especially important in an environment marked by intense scrutiny and rising enforcement. The area of fraud risk management is increasingly attracting mainstream attention as various stakeholders have begun to comprehend the negative effects of uncontained risk. With 58 percent of respondents to Deloitte s (UK/ LLP) 2012 report on The Internal Audit Fraud Challenge having said that the new regulatory environment has led them to an increased focus on fraud risk management - is definitely a positive sign. A strong anti-fraud stance and proactive, comprehensive approach to combating fraud is now gradually becoming a pre-requisite and any organisation that fails to protect itself appropriately, faces increased vulnerability to fraud. Fraud Risk Management 3

Deloitte s Fraud Risk Management Services We are accustomed to working with clients in a variety of situations, particularly when the level of scrutiny is high and the margin for error is low. Examples include when: Your company experiences a problem and you want to take steps to reduce the likelihood of recurrence Your industry is under scrutiny and you need to assess that your programs and controls can meet stakeholder expectations Your board needs to demonstrate performance of its fiduciary duty to evaluate periodically whether your compliance program is designed and operating effectively Your internal audit or compliance functions would benefit from heightened levels of objectivity or specialization in assessing your program Your employees and third-party agents are operating in environments with added pressures and opportunities to commit fraud or other illegal acts to meet targets Your budget owners need to identify and cut unnecessary costs associated with occupational theft, waste, and abuse Your management team needs to identify fraud and misconduct risks when performing due diligence on acquisition targets or business partners Your company needs to adopt more formalized governance mechanisms and antifraud controls as part of an initial public offering A robust fraud risk management thus, requires more than just ensuring an effective system of internal controls. It also requires clearly defined and implemented actions designed to reduce fraud risk and an ongoing assessment of the effectiveness of the organisation's approach to managing the business risk of fraud. 4

A 360 o approach to fraud risk management: The anti-fraud controls roadmap Continuous Improvement: Diagnose, Detect and Respond Steps Generally Include Diagnose vulnerability to fraud Detect gaps in anti-fraud controls Recommend Mitigating Antifraud Controls Continuous or Periodic Monitoring Develop Fraud Response Plan Investigate cases of alleged fraud Evaluate the current status and effectiveness of the organisation s anti-fraud control environment - this involves assessing the culture, attitude, and awareness amongst employees about their knowledge of and response to any issues of fraud or misconduct Evaluate management s existing fraud risk management framework to detect potential gaps of antifraud controls in the processes Establish fraud risk profiles by analysis and ranking of fraud risks (as high/ medium/ low) against existing anti-fraud controls Recommend enhancement of existing controls or mitigating antifraud controls for implementation, based on antifraud control gaps detected Enable continuous monitoring of controls using technology; and/or Perform forensic data analytics of transactions periodically at the process level to alert Management of fraud signals Develop a fraud response plan to address cases of alleged or confirmed fraud Investigate cases of alleged or confirmed fraud Assist in the investigation of cases of alleged or confirmed fraud within the organisation Incorporate identified fraud risks and schemes into fraud risk management framework based on findings from investigation Tools Employees Ethics Survey (DIAGNOSE) Fraud Risk Management Tool (DETECT) Recommend mitigating anti-fraud Controls (RESPOND) Forensic data analytics (DETECT) Develop Fraud Response Plan (RESPOND) Investigate cases of alleged fraud (RESPOND) To think, we know and understand all risks around us is misleading, to think we can manage all of them, if they hit us, is an illusion, and to turn a blind eye to them is sheer foolishness. Fraud Risk Management 5

I. Comprehensive evaluation of anti-fraud programs and controls, ethics and compliance program Organisations need to realize the growing importance of addressing / controlling the risk of fraud in a comprehensive and integrated manner, which would in turn benefit them in a number of ways. 1 Know exposure to fraud risks or vulnerabilities Evaluating anti-fraud programs, controls, ethical conduct and compliance with policies and procedures in the business process by assessing its vulnerability to fraud is the foundation on which effective anti-fraud processes are built. Does the management conduct, document and update fraud vulnerability assessment periodically (typically annually)? Can the management explain key fraud risks that may affect the company s brand, reputation and assets? Deloitte assists organisations in conducting a comprehensive periodic evaluation of anti-fraud controls with the help of fraud risk management tools that are tailored to an organisation s processes and specific industry that help check the adequacy of your existing anti-fraud programs and controls. 4 Investigate the signals cases of confirmed and alleged fraud A 360º approach to anti-fraud control measures 3 Recommend remediation measures and tools to implement. Treat the fraud signals. 2 Detect the gaps in the existing fraud prevention and detection control measures Lack of effective corporate governance seriously undermines any fraud risk management programme. Only meticulous and ongoing effort by an organisation can protect itself against significant acts of fraud. 6

II. Fraud vulnerability diagnostic tool: A web-enabled employee ethics and fraud awareness survey tool Deloitte s web-enabled fraud and ethics survey tool assesses an organisation s ethical culture, the attitude of its employees towards fraud, the awareness of fraud-related policies and procedures, and an employees willingness to report fraud and other serious misconduct. The web-enabled survey can also provide employees a chance to offer their suggestions to improve the control environment. This survey gathers anonymous feedback from employees and management by guiding them through a series of questions covering key areas such as: Awareness of policies and communication Organizational culture and code of conduct Raising a concern about fraud and misconduct Fraud risk management assessment Conflicts of interest Areas of improvement The process also includes the analysis and production of an interpreted report of findings that includes identification of key issues, practical recommendations, and suggested steps. III. Employee fraud awareness training(s): Essential element of fraud control Making employees aware of their obligations concerning fraud and misconduct controls begins with practical communication and training. Like any other compliance effort, effective fraud control means educating your employees to understand the critical role they play in preventing, detecting and deterring fraud. Your organisation s philosophy and expectations in relation to fraud control and ethical behavior should be planned, prioritized and clearly communicated. Employees at all levels need to be aware of antifraud activities, have a clear understanding of what is expected of them, know that the organisation takes the threat of fraud seriously, and knows where to seek assistance and advice. In formulating a training and communications plan, management should consider developing fraud and misconduct awareness initiatives that are: Comprehensive and based upon job functions and risk areas Integrated with other training efforts, whenever possible Effective in a variety of settings, using multiple methods and techniques Regular and frequent, covering the relevant employee population Deloitte has experienced fraud training facilitators who can assist you by designing and delivering fraud awareness training tailored to the specific needs of your organisation. The issues generally covered are: Organizational expectations and obligations Relevant codes and policies Understanding the concept of fraud and the fraud triangle How to and the benefits of preventing fraud Unearthing typical fraud indicators or red flags Recognizing conflicts of interest and taking steps to resolve them Reporting fraud and seeking assistance Fraud Risk Management 7

IV. Tip-offs Anonymous: Deloitte s whistle blowing service An important aspect to encourage accountability and transparency within an organisation is a mechanism to enable all individuals to voice concerns internally in a responsible and effective manner when they discover information which they believe shows serious malpractice. Implementing an employee whistleblowing hotline gives your employees a voice to confidentially report workplace concerns and enables you to identify and rectify problems before they damage your business, reputation and employee morale. Companies are also slowly beginning to realize the importance of integrating a whistleblower service/ independent helpline as part of the fraud risk management strategy. Additionally, it has been proved to be one of the most effective ways to detect fraud (as per the ACFE 2014 Global Fraud Study) 1. Deloitte s Tip-offs Anonymous is a whistleblowing facility that provides callers the opportunity to raise a concern regarding an incident of wrongdoing, fraud or unethical behaviour within the workplace, and report it to an independent party. What does it entail? 24/7 operation Telephone, email, web, fax, text Over 16 languages supported Support with Ethics, Whistle-blowing, Fraud or Governance Policies Effective communication and awareness campaigns Privacy compliant Compliance with whistle-blower legislation Complete information security V. Forensic data analytics tool: Leveraging technology to proactively detect, prevent and control fraud Data assessment and continuous analysis Deloitte s DTect TM, a forensic data analytics proprietary tool, can profile and analyse financial and non-financial data across various areas and disparate systems to find anomalous relationships, transactions or unusual patterns, such as, duplicate supplier invoicing, ghost employees, altered payees, etc. This rigorous analysis can help organisations identify fraudulent activity; prioritize case management and investigation; and improve the false positive rate of a detection and prevention strategy. Deloitte s forensic data analytics tool enables us to analyze data to help answer some of the following: What happened? Where did it happen? How many times did it happen? What is the volume / value involved? What ruled or thresholds have been breached? Are there any non-compliance issues with contracts and anti-fraud control gaps in processes? This analytical tool can be used to detect various fraudulent issues and raise red flags by performing tests that can identify and isolate suspicious transactions within the vast data fields that hum away in the course of everyday business. Deloitte makes use of DTect, to interrogate data across the business, based on which electronic data analysis is conducted and specific fraud risk management issues are investigated. This therefore acts as a comprehensive Health Check for your business or for detecting anomalies and potential fraud in your business processes or functions. An effective fraud risk management framework will enable organisations to have controls that first prevent the fraud from occurring, detect as soon as a fraud happens and respond effectively to fraud incidents when they occur. 1 The Association of Certified Fraud Examiners ( ACFE ) report is based on data compiled from a study of 1,483 cases of occupational fraud that occurred that were reported by the Certified Fraud Examiners (CFEs) who investigated them. These offenses occurred in nearly 100 countries across six continents, thus providing a view into the global nature of occupational fraud. 8

VI. Develop a Fraud Response Management Plan Has the company developed a fraud response management plan to react to the allegations of major fraud or corruption? Does that plan include assigned responsibilities for management and advisers to help drive actions and communications that will sustain confidence? It is critical for an organisation to develop fraud response strategies, which would help in minimizing the impact of frauds that occur, or are discovered, and come to the attention of the company, authorities and other interested parties. Deloitte assists organisations in setting up an effective Fraud Response Management program / plan that is designed to allow the organisation to react to various types of fraud and misconduct allegations in a measured and consistent manner. These plans can be valuable in implementing a robust response to allegations under severe time pressure and intense scrutiny from the media, regulators, investors, and law enforcement. The overarching goal of a fraud response program is to protect the organisation from the economic, reputational and legal risks associated with the fraud allegation. One of the elements also included in a substantive fraud response strategy is the capability to conduct sound investigations. Additionally, pre-determining investigative resources and protocols can accelerate the pace of an investigation and also help reduce the risk of ineffective investigations. We believe that most organisations could benefit from incorporating leading practices into their investigative response plans, including: Establishing and documenting fraud investigation protocols Identifying fraud investigation resources, especially global response teams, before the occurrence of a crisis Implementing a case management system to track and log the resolution of fraud allegations Implementing processes and control improvements enterprise-wide to gain efficiencies and prevent recurrences Fraud Risk Management 9

Conclusion: Responding to the business risk of fraud Given below is a pragmatic approach of the top focus areas of fraud prevention and detection strategies within a fraud risk management programme that can help provide the board of directors and the senior management with actionable results: Web-based survey to understand ethical culture Fraud awareness training Conduct whistle blowing system assessments and benchmarking Data and Technology Forensic data analytics to identify transaction anomalies and unusual patterns Computer Forensics Fraud vulnerability diagnostic (FRM tools used to evaluate anti-fraud controls) Business Intelligence services Corporate Fraud Investigation Culture Controls Make fraud risk management strategy a priority. Have a discussion about the organisation s fraud risk management strategy that involves senior management, the board of directors and audit committee to garner top-level support. Build a cross-departmental fraud risk management committee. Talk about fraud risks and how organisations can benefit by enhancing their fraud risk management capabilities and share examples of fraud schemes in the news or from the organisation s past experiences effective risk management comes with openness and awareness. Plan and execute a fraud risk management programme. Establish clear roles, responsibilities and accountability for fraud risk management. Set goals and timelines and measure the progress in implementing improvements. Put an annual process in place to update the fraud risk management plan and re-evaluate the fraud risk management strategy based on changes in the business and risk environment. Perform an anti-fraud control gap analysis. Compare the organisation s fraud risk management practices with leading global practices using appropriate fraud risk management tools. This will help make the organisation s anti-fraud controls robust as well as stay one step ahead of the fraudster. Identify the missing elements and determine priorities for how anti-fraud control gaps, if any should be addressed. For those practices, which the organisation already has in place, use the recommended leading practices to help uncover further performance improvement opportunities. Using the fraud risk management tool, which also provides a risk rating system (based on evaluation of business processes vis-à-vis their fraud vulnerability and its impact) proves to be an efficient and effective way to periodically evaluate the robustness of anti-fraud control measures. Fraud risk management is not a one-time exercise but a continuous process. As businesses change and grow, so do their fraud risks. We therefore recommend a continuous improvement approach to the fraud risk management strategy that requires regular measurement of where the business is and where it wants to be in terms of effectively preventing, detecting, and deterring fraud. We call this approach the Diagnose, Detect and Respond Strategy. 10

What sets us apart? Presence & Infrastructure Expertise and Experience Robust Tools, Flexibility and Scalability Proven Global Delivery Model Technology Deloitte has significant geographic presence in India, with offices in 13 locations including Bengaluru, Chennai, Hyderabad, Kolkata, Mumbai and New Delhi. We have a highly developed infrastructure that has more than ten years of maturity. We have a highly talented and globally competitive workforce, offering experience and expertise in a wide range of services. Professionals in our Forensic & Dispute Services practices have worked on some of the largest and most complex investigations of fraud and corruption within India and globally. Our team has assisted clients on a number of anti-bribery engagements that include anti-bribery due diligence, compliance reviews and investigations. Our key differentiator is the use of robust tools in all our various forensic engagements, right from preventive services like the fraud risk management assessment to reactive services like the investigations that results in building efficiency and effective delivery of engagements, which in turn benefits our clients with outputs substantially exceeding their expectations. We have the flexibility and scalability to quickly ramp up to support large projects at short notice. We are able to staff projects, both virtually and on-site. Deloitte has a proven global delivery model, working seamlessly across time zones and cultures to deliver high quality work on time. Depending on engagement requirements, we adjust our timetables to meet client requirements. Deloitte operates one of the largest electronic discovery labs in Asia (and the largest in India), utilizing advanced technology to collect, process, host, and analyze electronically stored information (emails, user files, metadata, etc.) in support of forensic investigations. A timely detection of fraud incidents will go a long way in containing the losses and improving the chances of recovery. It is now time for organisations to ensure that their current fraud risk management strategies are revised to ensure that they are in line with the current fraud trends and adequate to take care of future growth besides increasing ways of detecting frauds proactively. Fraud Risk Management 11

Our key team leaders in India and their contact details are: Rohit Mahajan National Leader & Senior Director, Forensic Services Deloitte Touche Tohmatsu India Pvt. Ltd. Tel: +91 22 6185 5180 Email: rmahajan@deloitte.com Veena Sharma Director Forensic Services Deloitte Touche Tohmatsu India Pvt. Ltd. Tel: +91 22 6185 5213 Email: vesharma@deloitte.com Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. This material and the information contained herein prepared by Deloitte Touche Tohmatsu India Private Limited (DTTIPL) is intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of such subject(s). None of DTTIPL, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this material, rendering professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this material. 2014 Deloitte Touche Tohmatsu India Private Limited. Member of Deloitte Touche Tohmatsu Limited

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information