Fraud Prevention and Detection in a Manufacturing Environment

Similar documents
Process Control Optimisation with SAP

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Customer Data and Reputational Risk in the Pharmaceutical Industry

Capital Projects and Construction: Building in Risk Management and Project Controls

Fraud Prevention and Deterrence

Chapter 15 Auditing the Expenditure Cycle

FRAUD RISK ASSESSMENT

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

Office of the Inspector General

1/17/2013 FRAUD RISK MANAGEMENT PROGRAM SESSION OBJECTIVE AND OUTLINE

PROTIVITI FLASH REPORT

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

Proactive Fraud Detection with Data Mining Fear not the computer You play ball with it and it will play ball with you

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

THE ABC S OF DATA ANALYTICS

Accounts Payable Best Practices

Proactive Risk Management with SAP BusinessObjects

KEYS TO AN EFFECTIVE DIRECTOR CORPORATE COMPLIANCE AND INTERNAL AUDIT MULTICARE HEALTH SYSTEM TACOMA, WA

Fraud Prevention: The Prevention and Detection of Fraud Begins with You

Is There Anyway to Prevent Fraud? Bill Gady, CGA CPA Partner

Introductions, Course Outline, and Other Administration Issues. Ed Ferrara, MSIA, CISSP Copyright 2015 Edward S.

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

Auditing for Value in the Procure to Pay Cycle Dallas IIA Chapter. October 1, 2009

Strong Corporate Governance & Internal Controls: Internal Auditing in Higher Education

Fraud Awareness Training

Types of Fraud and Recent Cases. Developing an Effective Anti-fraud Program from the Top Down

ISOLATE AND ELIMINATE FRAUD THROUGH ADVANCED ANALYTICS. BENJAMIN CHIANG, CFE, CISA, CA Partner, Ernst and Young Advisory Singapore

An Introduction to Continuous Controls Monitoring

SEC FLASH REPORT. SEC Issues Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934

Internal Controls, Fraud Detection and ERP

RED FLAGS OF FRAUD MAY 13, 2014 IIA AUSTIN CHAPTER

Being protected Using data analytics to detect fraud

TECHNOLOGY YOU CAN USE AGAINST THOSE WHO USE TECHNOLOGY FRAUD ANALYTICS: TAKING DATA ANALYSIS TO THE NEXT LEVEL

Forensic Audit Building a World Class Program

Developing and Implementing a Fraud Risk Assessment. Josh Shilts CPA/CFF, CFE

How To Get A Tech Startup To Comply With Regulations

GOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in

How To Find Out If A Company Misstatement Is True

PROTIVITI FLASH REPORT

Policy-Standard heading. Fraud and Corruption Policy

Antifraud program and controls assessment grid*

Leveraging Big Data to Mitigate Health Care Fraud Risk

Fraud Risk Management providing insight into fraud prevention, detection and response

Vendor Audit and Cost Recovery: Improving Bottom Line Results WHITE PAPER

Presented by: Donald F. Conway, CPA Mercadien, P.C., Certified Public Accountants. Forensic Accounting, Political Corruption & White Collar Offenses

Enterprise Risk Management

FRAUD RISK IN PUBLIC PROCUREMENT NATIONAL PUBLIC ENTITIES RISK MANAGEMENT FORUM

Fraud Prevention Training

Misplaced Trust: Vendor Fraud. IIA/ACFE Conference Patrick Mitchell, Managing Director Sharon Delgado, Senior Manager

September 28, Audit s Role in Governance, Risk Management and Internal Control

Guide to Internal Control Over Financial Reporting

Deloitte Forensic Fraud Risk Management

Advanced Data Analytics, the Fraudsters Worst Enemy

7/22/2014. From Treadway To the Cube ( ) So, Who is COSO? What Does COSO Do?

Using Technology to Automate Fraud Detection Within Key Business Process Areas

Financial Services Group

Procurement Fraud Identification & Role of Data Mining

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

SUBSIDIARY LEDGER MANAGEMENT AND INTERNAL CONTROLS

Auditing Capital Projects and Project Controls. March 2013

Financial Close Optimization: Five Steps for Identifying and Resolving Systems and Process Inefficiencies

Continuous Monitoring and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

Part of the Deloitte working capital series. Make your working capital work for you. Strategies for optimizing your accounts payable

IPPF Practice Guide. Internal Auditing and Fraud

Fraud and Fraud Detection. A Data Analytics Approach + Website. Wiley Corporate F&A

FRAUD PREVENTION STRATEGIES FOR HEALTH CARE A FORENSIC ACCOUNTANT S PERSPECTIVE

Fraud Checklist. From the enquiries made and procedures performed in completing Part B of this checklist we consider the risk of irregularities to be

Practical Guidance for Market Participants in the Gold and Precious Metals Industry

Module # 2 Management/Key Employee Assessment

PREPARING AUDITORS IN THEIR USAGE OF DATA ANALYTICS TOOL IN FRAUD PREVENTION PROGRAM

10-1. Auditing Business Process. Objectives Understand the Auditing of the Enteties Business. Process

B Resource Guide: Implementing Financial Controls

Audit Program for Accounts Payable and Purchases

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

These are some labor burden test queries that auditors can make if they have the contractor s or vendor s labor burden breakdown:

Fraud Prevention Checklist for Small Businesses

Fraud Risk Management

PMS 288 Blue or CMYK = C100-M85-Y0-C43 PMS 1255 Ochre / Yellow or CMYK = C0-M35-Y85-C30. Tax Technology

Products Currency Supply Chain Management

REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE

SECURITY RISK MANAGEMENT

Stages of the Audit Process

SHARED SERVICES. An Enabler for Managing Risk. Steve Tracy, Principal Consultant, ISG.

Managing Regulatory Compliance and AML Risk in a Virtual Currency World

Operational Risk Management Program Version 1.0 October 2013

Weaknesses in the Smithsonian Tropical Research Institute s Financial Management Require Prompt Attention

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Transcription:

Fraud Prevention and Detection in a Manufacturing Environment Introduction The Association of Certified Fraud Examiners (ACFE) estimated in its 2008 Report to the Nation on Occupational Fraud and Abuse that organizations lose 7 percent of annual revenues to occupational fraud. This represents a 40 percent increase from the estimate in its 2006 report. In other words, fraud is an increasing risk in an organization s risk portfolio that must be addressed. This is particularly relevant to manufacturing companies. During periods of economic uncertainty, fraudulent activity generally tends to rise. Prior to the current economic crisis, the 2008 ACFE study revealed the following about the manufacturing environment: Manufacturers had the fourth most reported fraud cases and ranked second in total dollars lost. Manufacturers experienced the third highest median loss among all industry groups. In industries with at least 50 reported cases of fraud, the largest median losses occurred in manufacturing. The most common fraud schemes were corruption, fraudulent disbursements and fraudulent statements. Some other interesting facts from the 2008 ACFE report: Typical fraud lasts two years before it is detected. Occupational fraud is more likely to be detected through tips or by accident than by internal audit, internal controls and external audit combined. Lack of adequate internal controls was most commonly cited as the factor that allows fraud to occur. Nearly half of all occupational fraud was committed by personnel in accounting and executive/upper management, with personnel in operations and sales accounting for nearly 30 percent. The implementation of anti-fraud controls, including a robust fraud risk management program, resulted in lower losses.

Fraud and misconduct threaten the ability of an organization to build its reputation, wealth and success. Laws and regulations enacted to address previous fraud scandals have charged organizations boards of directors, executive management and internal audit personnel with the responsibility for fraud risk management. However, these laws and regulations have not been sufficiently prescriptive on how to implement controls or programs that address fraud. In light of this, what steps can a manufacturing company take to deter fraud in its organization? Proven strategies include: Assessing the robustness of its fraud risk management program elements Performing a thorough fraud risk assessment of possible scenarios for the organization s environment Preventing and detecting fraud through technology solutions An Effective Fraud Risk Management Program Many organizations have formalized various components of their fraud risk management programs, but have neglected to conduct a thorough assessment of these programs to identify blind spots or weak links. In 2008, The Institute of Internal Auditors (IIA), American Institute of Certified Public Accountants (AICPA), and the ACFE put forth a comprehensive guide, Managing the Business Risk of Fraud: A Practical Guide, that defines key principles and theories for fraud risk management. At a high level, Managing the Business Risk of Fraud details five principles, as well as essential elements that organizations should consider when developing a fraud risk management program: 1 Principle 1: As part of an organization s governance structure, a fraud risk management program should be in place. It should include a written policy (or policies) to convey the expectations of the board of directors and senior management regarding fraud risk. Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate the possibility of damage to the organization. Fraud Risk Management Program Elements Roles and responsibilities Commitment Fraud awareness Affirmation process Conflicts disclosure Fraud risk assessment Reporting procedures and whistleblower protection Investigative process Corrective action Quality assurance Continuous monitoring 1 Managing the Business Risk of Fraud: A Practical Guide, 2008, publication sponsored and co-developed by the American Certified Fraud Examiners (www.acfe.org), the American Institute of Certified Public Accountants (www.aicpa.org) and The Institute of Internal Auditors (www.theiia.org). Protiviti 2

Principle 4: Detection techniques should be established to uncover fraud events in case preventive measures fail or unmitigated risks are realized. Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and in a timely manner. A Thorough Fraud Risk Assessment An essential component of an effective fraud risk management program is the assessment of fraud and misconduct risk. A fraud risk assessment helps management understand areas of the organization that are most susceptible to fraud by ascertaining where potential fraud and misconduct could occur, who might commit such acts and what controls are in place to mitigate such risk. There is no one size fits all approach to conducting a fraud risk assessment for manufacturing organizations. Size, structure and geographic location are important factors in determining who participates in a fraud risk assessment, as well as how fraud risk is identified and then evaluated by management. An effective fraud risk assessment process incorporates the following: Identification of inherent fraud risks by developing fraud scenarios for the organization with input from board members, management and process owners Assessment of likelihood and significance of inherent fraud risks based on interviews with management and process owners, volume of transactions, significance to financial reporting, subjectivity, complexity of underlying transactions, and historical information, among other factors Identification of mitigating controls for fraud and misconduct risks rated as medium- to high-risk and assessment of controls effectiveness at reducing risk to a residual risk level that is acceptable to management Identification of gaps and performance of a cost-benefit analysis to determine whether the organization can implement preventive or detective measures Protiviti 3

The following table details just some of the many examples of fraud risk within a manufacturing environment. Method of Fraud Classification Potential Red Flags Corruption Conflicts of interest Bribery Illegal gratuities Abnormal vendor selection Complaints from bidders/suppliers Price outliers on awarded contracts Close association with suppliers (including gifts and social events) Common names or addresses of payees or customers Vague terms in cost-plus contracts No right to audit clause in contracts Contracts not reviewed by legal, supervisor or other party independent of buyer Returns/deductions trends by customer Fraudulent disbursements Fraudulent statements Billing schemes Expense reimbursement schemes Check tampering Asset overstatements Revenue overstatements Payments outside the accounting system (including manual checks and petty cash) Unusual payment patterns Missing documents/support for payment requests Alterations on documents (e.g., backdating) Increase in spot buys Consistent invoice amounts under certain approved thresholds High level of related party transactions Results that continually outperform expectations Increased shipments at period end and/or customer returns after period end Short payments on receivables Unexplained reconciling items Inconsistent, vague or implausible responses arising from inquiries or analytical procedures Missing inventory or physical assets, including an increase in physical inventory count differences (wall-to-wall or cycle) Difficulty in collecting receivables Sizable inventory increase without comparable sales increases Protiviti 4

Detecting Fraud Through Technology Solutions Techniques to help detect fraud within manufacturing organizations encompass a variety of manual and automated solutions, which are dependent upon technology systems, as well as the availability of accurate data. More manufacturing organizations have found it is necessary to employ techniques to analyze large amounts of data effectively and efficiently in order to eliminate the human error associated with manual controls. Enterprise resource planning (ERP) applications, such as SAP and Oracle, are widely used by manufacturing companies and should be part of the first line of defense in helping to monitor for fraud risk. While segregation of duties (SoD) is often relied upon by management as an internal control, many companies today do not manage their security processes effectively, and SoD issues proliferate across the enterprise. It is not uncommon to find many ERP users with broad access to sensitive data and the ability to enter conflicting transactions, such as creating a vendor and vendor payments. Given the size of many organizations and the complexity of leading ERP systems, it is virtually impossible to manage SoD properly without some type of SoD or identity management tool to complement the ERP system. In addition, configurable controls are the user-defined settings in an ERP system that determine tolerance limits and ranges, data integrity checks, data field requirements and workflow approvals, among other areas. Typically, these are not configured correctly when the software is shipped, and often, from a compliance standpoint, they are configured poorly during implementation. Through a detailed review of configurable controls, companies can take full advantage of the controls built into the software and strengthen the checks and balances that will help prevent fraud. Another valuable mechanism to assist internal auditors in combating fraud is through data analysis or computer-assisted audit techniques (CAATs). The early detection of fraud schemes can help control an organization s losses and may prevent the escalation of a fraud event into the national spotlight. Through implementing data analysis or CAATs, there is strong potential for companies to reduce the burden of manual-intensive testing while achieving more valuable results and enhancing the monitoring of fraud-related risks. Several fraud scenarios that may go undetected during limited sampling, manual testing can be uncovered through the use of data analysis. Of note, Protiviti conducts an annual Internal Audit Capabilities and Needs Survey that includes responses from hundreds of chief audit executives, internal audit directors and other professionals. In the most recent study, respondents ranked CAATs and continuous auditing as the top audit process areas in need of improvement. 2 Data analysis provides the ability to look into 100 percent of the population, which can include years of transactions. This ability offers the advantage of trending transactions, using tools such as the Benford Analysis, which identifies deviations between actual and expected occurrences of transaction dollar amounts. These analytics enable auditors to focus their efforts on nonroutine or unusual transactions, increasing the likelihood of detection of fraudulent occurrences. 2 For more information, read Protiviti s 2009 Internal Audit Capabilities and Needs Survey, available at www.protiviti.com. Protiviti 5

Following are common analytics used in a manufacturing environment: Examples of Data Analytics in a Manufacturing Environment Cash Disbursements Inventory Sales/Accounts Receivable Check validity of payments made to P.O. boxes. Identify checks out of sequence. Identify vendors who are also employees. Identify duplicate payments via manual checks. Identify purchases just under the dollar limit that require additional approval. Identify unusually close sequential patterns of invoice numbers. Identify vendors with the same address. Verify existence of vendors with common names. Identify duplicate invoices. Extract invoices posted with duplicate purchase orders. Identify duplicate SKU numbers and description or cost. Analyze the difference between standard costs and actual costs. Divide inventory into classes and compare percent investment. Reconcile unmatched pay and remittances to freight invoices. Report on items with high value balances and age. Assess the financial viability of LIFO versus FIFO management. Extract products with zero quantities or zero prices. Identify obsolete inventory by sorted turnover analysis. Isolate stock lines where the cost is greater than retail price. Compare inventory levels and turnover rates. Review associate purchases for large amounts. Determine return rates for promotional products. Identify high-volume refund customers. Identify higher than average returns over time. Identify refunds paid to company employees. Review customers with a significant percentage of low or negative margins. Identify duplicate invoices. Identify all customers in sales who are not in accounts receivable. Identify any customers with no phone number. Identify accounts without collector assignments. Identify any customers with a contact phone number the same as the company s. Conclusion Industry statistics show that fraud is on the rise and that manufacturing organizations are particularly susceptible. As a result, the risk and associated cost of fraud to companies is on the rise as well. Therefore, manufacturing organizations should ensure that management has an appropriate focus on fraud risk management, including: Proactively assessing compliance with leading practices and elements, focusing on understanding the key threats and vulnerabilities of fraud to the organization Leveraging or implementing preventive and detective fraud controls built into existing technology systems Utilizing detective analysis techniques to determine whether the preventive mechanisms are operating as intended Protiviti 6

About Protiviti Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. We help solve problems in finance and transactions, operations, technology, litigation, governance, risk, and compliance. Our highly trained, results-oriented professionals provide a unique perspective on a wide range of critical business issues for clients in the Americas, Asia-Pacific, Europe and the Middle East. Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. About Our Industrial Products Practice Protiviti s Industrial Products professionals can assist your company with strengthening compliance efforts, information for decision-making and business processes to improve overall performance and lower costs. Some of the many challenges management faces in the manufacturing environment include supply interruption, customer dissatisfaction, bottlenecks in the supply chain, forecasting issues, excess and obsolete inventory, quality concerns, work stoppages and an inadequate ERP system. Industrial products companies understand these concerns because of the complex supply chains they have that deliver value to end customers. Combined with regulatory requirements, these companies need to manage an ever-challenging landscape of operating risks. At Protiviti, our professionals understand the issues your organization is facing. Our solutions will help you deal with, overcome and turn your issues into competitive advantages. We combine industry competency with internal audit, corporate governance, diagnostics, process design and cost-optimization to help you achieve a competitive advantage. For additional information about the issues reviewed in this white paper or Protiviti s services, please contact: Sharon Lindstrom Managing Director +1.312.476.6386 sharon.lindstrom@protiviti.com 2009 Protiviti Inc. An Equal Opportunity Employer. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information