480 likes | 677 Vues
Fraud Awareness Presentation for the Central Bank of Libya Royce Walker Financial Services Volunteer Corps Volunteer March 23 - 25, 2009. Fraud Awareness.
E N D
Fraud Awareness Presentation for theCentral Bank of LibyaRoyce Walker Financial Services Volunteer CorpsVolunteerMarch 23 - 25, 2009
Fraud Awareness This presentation was adapted from a fraud awareness presentation titled How to Identify and Catch a Thief in the Workplace developed by Susan Mondello, Deputy Chief Audit Officer and Associate Director, University Auditing and Advisory Services, Georgia State University, Atlanta, GA, USA.
Fraud Awareness • Introduction • Topics of Discussion: • Definition of Fraud, Occupational Fraud, and White-collar Crime • Fraud Awareness, Detection, and Prevention • Potential Fraud Indicators • Actual Fraud Cases
Fraud Awareness What is Fraud? Fraud – The intentional misrepresentation of facts that causes victims to lose money or property. Occupational Fraud – Fraud committed in the course of one’s occupation. White-collar Crime – A variety of nonviolent crimes committed in commercial settings for personal financial gain.
Fraud Awareness Why Should You be Concerned About Fraud? Fraud is likely to occur in the banking industry because fraud is generally more lucrative than other types of crime, such as theft of property. A study by the Association of Certified Fraud Examiners (ACFE) for 2004 found: • 75% of property thefts in the U.S. were worth less than $249 versus a median loss of $159,000 for 1,134 occupational fraud cases. • Property crimes were down 50%.
Fraud Awareness Why Should You be Concerned About Fraud? Fraud is: • Generally less risky in terms of penalty than other types of crime. • Increasingly part of organized crime.
Fraud Awareness Fraud Can be Stopped Stopping fraud comes down to scrutinizing “day to day processes and procedures, and making sure there are no holes big enough to drive a truck through.” Quote from: Angela Morelock, CPA, CFE, ABV, partner and member Forensics & Dispute Consulting Division, BKD, LLP
Fraud Awareness Fraud Example A government agency paid $998,798 to ship two small supply parts costing 19 cents. This was part of $20.5 million in fraudulent shipping charges paid to a parts supplier to ship $68,000 worth of parts supplies over a 6-year period.
Fraud Awareness Who Commits Occupational Fraud? Some of an organization’s “best” personnel may commit occupational fraud. The ACFE study found: • The majority of fraud was committed by long-serving, middle-aged male executives and managers. • A positive correlation existed between the size of the loss and the perpetrator’s authority level, tenure, education level, age, and male gender.
Fraud Awareness Perpetrators by position: • 61% owners/executives/ managers; 39% lower level employees • Owners/executives median loss was $1 million or 5X manager and 13X employee median loss Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness Perpetrators by tenure: • 64% over 5 years • Median loss for those with10+ years was $263,000compared to$45,000 for someone with less than 1 year Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness Perpetrators by education level: Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness Perpetrators by age: Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness Who Commits Occupational Fraud? The typical fraud perpetrator is among the most highly regarded and trusted personnel in most organizations. Therefore, controls should be held constant for everyone regardless of their position and reputation.
Fraud Awareness Who Commits Occupational Fraud? (continued) Managers typically express shock and dismay when fraud occurs. A typical comment is: “I can’t believe this happened…[the perpetrator] seemed so trustworthy.”
Fraud Awareness Who Commits Occupational Fraud? (continued) Consider the 10-10-80 rule cited by auditors: • 10% of employees will never steal. • 10% of employees will always steal. • 80% of employees will steal given the need and opportunity.
Fraud Awareness Who Commits Occupational Fraud? (continued) Those having: • Pressure • Opportunity • Ability to rationalize These elements make up the fraud triangle and exist in almost every instance of fraud.
Fraud Awareness Elements of The Fraud Triangle Pressure usually caused by financial need or the desire to live a lavish lifestyle. Example of Pressure to Commit Fraud An experienced fraud examiner identified a junior procurement officer as a fraud perpetrator because the officer drove an expensive automobile.
Fraud Awareness Elements of The Fraud Triangle (continued) Opportunity typically arises from weak controls or too much independence/control given to a single individual. Example of Opportunity to Commit Fraud A staff accountant responsible for accounts payable embezzled $7.9 million over 7 years by writing checks payable to herself, some for as much as $50,000.
Fraud Awareness Elements of The Fraud Triangle (continued) Ability to rationalize by perpetrators who make excuses for their actions because they do not think of fraud as stealing. Example of Rationalization of Fraud An individual who stole money from a bank rationalized the behavior because he believed the bankers were stealing from their customers.
Fraud Awareness How Does Occupational Fraud Occur? ACFE study identified three major fraud categories and the percentage of cases that applied to each category: • 92.7% consisted of asset misappropriation. • 30.1% consisted of corruption. • 7.9% consisted of fraudulent statements. NOTE: The above percentages total more than 100% because some cases applied to more than one category.
Fraud Awareness How Does Occupational Fraud Occur? (continued) Main methods of fraud for banking industry: • Corruption (35.7%) – Conflicts of interest, bribery, illegal gratuities, economic extortion. • Billing (19.6%) – Payments to bogus vendors, payments for personal expenses. • Larceny (17.9%) – Cash stolen after it has been recorded on bank records. • Skimming (14.3%) – Cash stolen before it has been recorded on bank records. These four methods account for almost 90% of banking industry fraud.
Fraud Awareness How is Occupational Fraud Detected? Contrary to popular belief, the majority of fraud is not detected by auditors or bank examiners. ACFE study identified the methods by which most fraud is initially detected.
Fraud Awareness Source: Association of Certified Fraud Examiners, Inc. 2006 ACFE Report to the Nation on Occupational Fraud and Abuse – study of 1134 fraud cases.
Fraud Awareness A Cautionary Note About Fraud It is easy for a person to claim that another person has committed fraud. However, it is often difficult to detect the fraud and even more difficult to prove fraud in court. There Are Potential Indicators of Fraud Fraud must be hidden to be successful. When fraud is detected, it may be more likely to be noticed because of a “red flag” that may indicate fraud.
Fraud Awareness Potential Fraud Indicators Corporate culture at risk for fraud: • Organization ambivalent about business ethics; values and beliefs are economic, political and self-centered. • Peer relationships hostile, aggressive, contentious. • High employee turnover; complaints about “burnout.” • Ambiguity defining job rules, duties, responsibility. • Inadequate operational reviews/financial audits.
Fraud Awareness Potential Fraud Indicators (continued) Personality traits of executives: • Tend to have highly material personal values. • Success means financial success, not professional recognition. • Treat people as objects, not individuals . • Appear to be reckless, careless with facts, often enlarge on them. • Appear hard working, but spend much time scheming, designing short cuts to get ahead or beat competition.
Fraud Awareness Potential Fraud Indicators (continued) Occurrences in operations (may indicate inadequate internal controls): • Account balances significantly over or understated. • Transactions not recorded completely, timely, or improperly recorded. • Missing documents. • Unexplained items on reconcilements.
Fraud Awareness Potential Fraud Indicators (continued) Occurrences in operations (may indicate inadequate internal controls): (continued) • Recurring identical amounts from the same vendor. • Multiple remittance addresses for the same vendor. • Lack of segregation of duties. • Payments made on copies of invoices, not originals. • Discovery of relationship between an employee and a third party previously unknown.
Fraud Awareness Fraud Case Study Who committed the fraud? • An Information Technology Manager who had a questionable background. What fraud was committed? • Embezzlement of $3.7 million. When was the fraud committed? • Over a 10-month period.
Fraud Awareness Fraud Case Study (continued) Where was the fraud committed? • Inside the corporation where the perpetrator worked. Why was the fraud committed? • The individual claimed to have a shopping addiction: purchased 2 homes, 34 automobiles, 2 motorcycles, 3 boats including a 47 foot long yacht, 3 Steinway pianos, 600 Barbie dolls, etc.
Fraud Awareness Fraud Case Study (continued) How was the fraud committed? • The perpetrator created a contract with a bogus consulting company. • The perpetrator forged the signature approval of the corporate Vice President to whom the perpetrator reported. • The perpetrator created, approved, and sent 200 bogus invoices to Accounts Payable with instructions to hold the checks for the perpetrator to pick up in person.
Fraud Awareness Fraud Case Study (continued) How was the fraud committed? (continued) • When questioned about where the consultants were, the perpetrator claimed the consultants rarely came to the perpetrator’s office or had just departed. • The perpetrator charged dormant project accounts to hide the payments. What happened to the fraud perpetrator? • The fraud was eventually detected and the perpetrator was sentenced to 4 years in prison.
Fraud Awareness Fraud Case Study (continued) What could have been done to prevent the fraud or detect it sooner? • Preventive Control – Criminal background and credit history checks should be performed before individuals are hired. Such checks might have detected information about the perpetrator’s background that might have prevented the individual from being hired.
Fraud Awareness Fraud Case Study (continued) What could have been done to prevent the fraud or detect it sooner? (continued) • Preventive Control – An individual with signature authority should never authorize someone else to sign that individual’s name, use a rubber stamp of that individual’s signature, or use that individual’s financial system password to approve transactions. • Detective Control – Requiring a review of the contract and verification of signature by Legal staff prior to paying invoices might have determined the consulting company was bogus or detected the forged signature.
Fraud Awareness Fraud Case Study (continued) What could have been done to prevent the fraud or detect it sooner? (continued) • Preventive Control – An individual should not be able to initiate and approve payments (separation of duties). • Detective Control – Approval of the consultant invoices by a second individual who could verify the business integrity of the transaction may have detected the fraud sooner.
Fraud Awareness Fraud Case Study (continued) What could have been done to prevent the fraud or detect it sooner? (continued) • Preventive Control – Checks issued for payment should be mailed to vendors. They should not be held for pickup by an individual involved in the initiation or approval of the invoice.
Fraud Awareness Fraud Case Study (continued) What could have been done to prevent the fraud or detect it sooner? (continued) • Detective Control – An individual other than the initiator or approver of transactions should conduct a monthly review of expenditures. A review by the Vice President or someone in the Vice President’s office with sufficient knowledge of the transactions might have detected the payments to the bogus consultants sooner. Also, dormant accounts should be reviewed for activity.
Fraud Awareness Examples of Computer Fraud Example #1 – Unauthorized Access – An accounts payable clerk used her computer to access the company’s accounting software without authorization. The individual then issued approximately 127 checks payable to her and others, some of which were deposited into personal bank accounts. The individual attempted to conceal the fraud by altering the company’s electronic check registers to make it appear the checks were payable to legitimate vendors with which the company conducted business.
Fraud Awareness Examples of Computer Fraud (continued) Example #2 – Denial of Service Attack – A computer systems administrator initiated three denial of service attacks on a private mail list server system owned by a government entity. The individual was able to shut the system down by flooding it with numerous e-mails, resulting in the computer maintaining the system needing to be shut down, taken out of operation, reconfigured, and brought back on line. The individual was identified by tracing the Internet Protocol addresses back to his personal computer.
Fraud Awareness Examples of Computer Fraud (continued) Example #3 – Malicious Systems Administrator – A disgruntled computer systems administrator used a “logic bomb” to cause more than $3 million in damages to the company’s computer network in an attempt to drive down the company’s stock price. The individual installed the logic bomb on approximately 1,000 company-owned computers. When activated, the bomb deleted the files contained on the computers. The individual purchased stock contracts hoping to profit when the stock price declined in response to activation of the logic bomb. (Stock price did not decline.)
Fraud Awareness Examples of Computer Fraud (continued) Example #4 – Illegal Data Mining – The owner of a company (company A) and some of his employees illegally accessed a computer system owned by another company (company B), and downloaded significant amounts of personal, financial, and corporate data company B stored on behalf of its clients. Company B detected the intrusions, reported them to law enforcement authorities, and the intrusions were traced back to an Internal Protocol address that belonged to one of company A’s computers.
Fraud Awareness Examples of Computer Fraud (continued) Example #5 – The Melissa Worm – A computer programmer unleashed the “Melissa” computer virus. The virus propagated by posting an infected document to a usenet newsgroup from a stolen America Online account, and was designed to evade anti-virus software and infect computers using Microsoft Windows and Word software. The virus caused substantial disruption to users of infected systems, and is estimated to have resulted in $400 million in damages to affected businesses.
Fraud Awareness Conclusion I hope this presentation has given you a better understanding of: • Why we should be concerned about fraud. • How and why occupational fraud occurs. • What internal controls can be implemented to prevent occupational fraud or help detect it sooner. Thank you for your interest and attention today!!!
Bibliography • PricewaterhouseCoopers (2005). Global economic crime survey 2005. Retrieved on July 18, 2006, from www.pwc.com/extweb/insights.nsf/docid/D1A0A606149F2806852570C0006716C0. • Association of Certified Fraud Examiners, Inc (2006). 2006 ACFE report to the nation on occupational fraud & abuse. • Finfacts Ireland. Get an education and make crime pay. Retrieved July 14, 2006, from www.finfacts.com/comment/irelandvatfraudwhitecollarcrimecomment24.htm. • Barnett, Cynthia. The measurement of white-collar crime using uniform crime reporting (ucr) data. U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Division. Retrieved July 14, 2006, from www.fbi.gov/ucr/whitecollarforweb.pdf. • Baker, John S. Jr. (2004, October 4). The sociological origins of “white-collar crime.” The Heritage Foundation. Retrieved July 24, 2006, from www.heritage.org/Research/LegalIssues/lm14.cfm. • NW3C, National White Collar Crime Center. White collar crime statistics. Retrieved July 24, 2006, from www.nw3c.org/research/site_files.cfm?mode=r. • U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. Crime characteristics. Retrieved July 24, 2006, from www.ojp.usdoj.gov/bjs/cvict_c.htm. National crime victimization survey property crime trends, 1973-2004. Retrieved July 24, 2006, from www.ojp.usdoj.gov/bjs/glance/tables/proptrdtab.htm. • AICPA Professional Standards. AU Section 316, consideration of fraud in a financial statement audit (source SAS No. 99). • Frieswick, Kris (2003, July). How audits must change: auditors face more pressure to find fraud. CFO: Magazine for Senior Financial Executives. Retrieved July 17, 2006, from www.cfo.com/article.cfm/3009752?f=related. • Coenen, Tracy L., CPA MBA, CIA. (2006, January 25). Why didn’t our auditors find the fraud? Wisconsin Law Journal. Retrieved July 17, 2006, from www.sequence-inc.com/press/auditorsfind.htm. • Durant, Andrew, CFE, FCA (2006). Schemes and scams – the many faces of procurement fraud. Presented at the 17th Annual Association of Certified Fraud Examiners Conference.
Bibliography (continued) • Wells, Joseph T. (2003, November). Follow the greenback road. Journal of Accountancy. Retrieved July 14, 2006, from www.aicpa.org/pubs/jofa/nov2003/wells.htm. • Capaccio, Tony. Pentagon paid $998,798 to ship two 19-cent washers. Bloomberg.com. Retrieved march 27, 2008, from www.bloomberg.com/apps/news?pid=20670001&refer=home&sid=a_pIZ20xQxeU. • Henning, Peter J. Did anyone notice the bookkeeper’s lavish lifestyle? White Collar Crime Prof Blog. Retrieved April 1, 2008, from www.lawprofessors.typepad.com. • Phillips, Brock, CPA, CFE, Sr. Forensic Accountant, Microsoft Corporation (2001). The CFE’s job security: internal controls and employee theft. Presented at the 17th Annual Association of Certified Fraud Examiners Conference. • Anderson, Rick (2001, January 24). Wake up and smell the coffee. Seattle Weekly. Retrieved July 18, 2006, from www.seattleweekly.com/news/0104/news-anderson2.php. • Maleng, Norm, King County Prosecuting Attorney (2001, August 1). Charges filed in Starbucks embezzlement. Retrieved July 18, 2006, from www.metrokc.gov/proatty/news/2001/Heinen.htm. • Wikipedia, Computer fraud case studies. Retrieved February 13, 2009, from http://en.wikipedia.org/wiki. • Eaton, Leslie (1997, September 14). Investing IT: Fraud Case Focuses On Internet. New York Times. Retrieved February 13, 2009, from http://query.nytimes.com/gst/fullpage.html • Johnstone, Dale, and Wong, Ellis Chung Yee, Practicing Information Technology Auditing for Fraud. Information Systems Audit and Control Association. Retrieved February 13, 2009, from http://isaca.org.