1 / 36

Business Practices for Fraud Risk Management

Business Practices for Fraud Risk Management. A Survey of the Birmingham Chapter of. Jeffrey S. Zanzig Jacksonville State University And Dale L. Flesher The University of Mississippi. Presentation Topics. Background Information Risk Assessment and Common Control Activities

ganit
Télécharger la présentation

Business Practices for Fraud Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Practices for Fraud Risk Management A Survey of the Birmingham Chapter of Jeffrey S. Zanzig Jacksonville State University And Dale L. Flesher The University of Mississippi

  2. Presentation Topics Background Information Risk Assessment and Common Control Activities Fraud Case Management Controlling Employee Fraud Closing the Gaps

  3. I. Background Information Motivation of Research Development of Survey Topics and Ratings Gender of Respondents Organization Types Represented

  4. A. Motivation of Research Deficiencies in the fraud risk practices of organizations should be clearly identified in order to show where emphasis for improvement is needed.

  5. B. Development of Survey Topics and Ratings Current Situations Gaps Versus Desired Situations

  6. C. Gender of Respondents

  7. D. Organization Types Represented

  8. II. Risk Assessment and Common Control Activities

  9. Risk Assessment and Controls1. An organizational process is in place to perform a cost-benefit analysis of implementing controls for significant fraud exposures. Organizations are unlikely to invest in controls unless they feel like they are getting something for their investment.

  10. Risk Assessment and Controls2. Organizational policies for fraud detection include technology controls that perform continuous operations auditing by identifying unusual situations in large populations of transactions. Fraud detection can be difficult when occurrences are isolated and cleverly hidden.

  11. Risk Assessment and Controls3. An organizational process is in place to identify and assess the potential significance of fraud-related risks. An effective system of risk assessment is needed to establish proper control procedures.

  12. Risk Assessment and Controls4. Organizational policies for fraud detection include organizational process controls such as periodic reconciliation of assets with records and physical asset inspections that are regularly performed. Verification of records against assets is a long-accepted practice in audit.

  13. III. Fraud Case Management

  14. Fraud Case Management1. The organization maintains a fraud investigation program that logs all allegations of fraud into a case management system. An integrated and standardized case management system assists in proper evaluation and follow-up.

  15. Fraud Case Management2. The organization maintains a fraud investigation program that includes personnel with appropriate authority and training to evaluate allegations of fraud and determine appropriate courses of actions. Personnel with appropriate authority and talent are necessary to ensure that fraud issues are appropriately handled.

  16. Fraud Case Management3. The organization maintains a fraud investigation program that ensures that any material findings are reported to appropriate parties such as a company board of directors or audit committee. Ensuring high enough level personnel can help ensure that there is appropriate discipline and changes in company policy.

  17. Fraud Case Management4. Organizational policies for fraud detection include providing a process for the submission of anonymous tips regarding the occurrence of fraud. Preserving the anonymity of reporting parties can make people more willing to report fraud issues.

  18. IV. Controlling Employee Fraud

  19. Controlling Employee Fraud1. Employees normally understand how their job procedures are designed to manage fraud risks. Control procedures over fraud could be circumvented when situational pressures tempt employees to bypass normal procedures due to time constraints. * Distributions are significantly different.

  20. Controlling Employee Fraud2. Employee policies include a requirement that all employees receive initial and ongoing education in the organization’s fraud risk management program. Organizations sometimes feel a conflict between trust and working against fraud. * Distributions are significantly different.

  21. Controlling Employee Fraud3. Employees normally have a basic understanding of indicators of fraud. Despite the level of integrity of individual employees, a failure to recognize certain indicators of fraud could result in many situations going undetected. * Distributions are significantly different.

  22. Controlling Employee Fraud4. Employee policies include compensation and promotion practices that emphasize long-run performance on a variety of measures, rather than short-run performance using financial results. People often put more emphasis on what is measured as opposed to what is said to be important. * Distributions are significantly different.

  23. Controlling Employee Fraud5. Employees normally know how to report suspicions or incidences of fraud. Fraud awareness may do little if employees are unaware of how to report fraud. * Distributions are significantly different.

  24. Controlling Employee Fraud6. Employee policies include verification of the work history and education of job applicants. Verification can provide evidence of both the personal integrity and competence of potential employees.

  25. V. Closing the Gaps Risk Assessment and Controls Fraud Case Management Controlling Employee Fraud

  26. A. Risk Assessment and Controls * Distributions are significantly different between current and desired situations.

  27. 1. Cost Benefit Analysis • Consider both a quantitative and qualitative analysis. • Management could quantify known benefits and compute a net present value. The needed soft benefits could then be estimated (see illustration below). Illustration Assume that management is considering implementing a control procedure over the next five years and has computed a negative net present value (NPV) $10,701.20. They could estimate the needed soft benefits as follows: $10,701.20 negative NPV = $2,895.42 needed annual soft benefits 3.6959 (PVIFA 11%, 5 years)

  28. 2. Implementing Technology Controls Computer-based controls are such that they can be made a part of routine processing and be applied to all transactions relevant to the processing being conducted: • Payroll to terminated employees - termination date is less than the date of the current payroll period. • Fictitious vendors - match between the phone numbers and/or addresses of employees and vendors. “Fraud Prevention and Detection in an Automated World” published by the IIA in December 2009.

  29. B. Fraud Case Management * Distributions are significantly different between current and desired situations.

  30. 1. Logging Into a Case Management System “Our organization is very decentralized which makes it difficult to ensure that all frauds are investigated.” Integrated Storage Appropriate persons need to have access to consistent records of case information and evidence. Standardized Processing Standardization to some extent is also necessary to ensure that important company policies and laws are adhered to regarding case processing.

  31. C. Controlling Employee Fraud * Distributions are significantly different between current and desired situations.

  32. 1-3. Fraud Understanding and Education “I believe that education of employees is key in providing an effective fraud program. Additionally, management needs to stand behind the program and demonstrate support through talking about the program and holding people responsible.”

  33. 1-3. Fraud Understanding and Education(Continued) One internal audit director holds classes dealing with the prevention and detection of fraud and ends the sessions with an unusual twist that the director calls “Rip Off the Organization”. During this exercise the professionals are asked to think like crooks and consider how they could defraud their company either internally or from the outside. Banks, D.G. (2004). The Fight Against Fraud. Internal Auditor, April, pp. 34-39.

  34. 4. Compensation and Promotion Practices Although equity-based compensation increases the productive effort of management, it also has the undesirable result of making fraud more attractive to managers. Bruner, D., McKee M. and Santore R. (2008). Hand in the Cookie Jar: An Experimental Investigation of Equity-Based Compensation and Managerial Fraud. Southern Economic Journal, 75(1), pp. 261-278.

  35. 4. Compensation and Promotion Practices (Continued) The concept of a balanced scorecard considers both past financial results and forward-looking areas such as process improvements and organizational learning. People care more about how their performance is measured than what someone says is important!

  36. Thank you! We wish to express our sincere appreciation to the Birmingham Chapter of the Institute of Internal Auditors and their membership whose contributions made this research possible.

More Related