Fraud is identified and caught with the aid of facts. Facts give a deeper understanding to what you could be looking at in your organization. Facts have also given rise to the mnemonic that Fraud is Always Committed by Trusted Souls. As simplistic as it may seem, it holds key to a potential trigger. Are you equipped with the necessary tools to address this challenge? Is your organization equipped with fraud Risk Management? Here are some quick slides to take you through what you need to have.

1. Embedding Fraud Risk
Management

2. Frauds occur due to…
Incentive or
Pressure (68%)
?
Attitude or
Opportunity
Rationalization
(18%)
(14%)
2

3. … and can encompass any industry…
• Misappropriation of cash by fudging accounts or opening fictitious a/c
Banking Frauds • Withdrawal from deposit accounts through forged documents.
• Trading on incorrect positions or outstanding unmatched trades
Trading Frauds • Errors in Booking and settlement of trades
• Account payable and Account receivable frauds
Financial Frauds • Easy access to blank checks, facsimile, and manual check preparation
• Unaccounted purchase order numbers or physical loss of purchase orders
Sourcing & Procurement Frauds • Vendor collusion with employees
• Access to card numbers esp. in customer service or for processing
Credit Card Frauds • Online misuse/Phishing
• Excessive inventory write-offs without documentation or approvals.
Inventory and Production Frauds • Consistent production overruns beyond sales demand and backlog orders
3

4. …resulting in reputational and financial
disruption
Source: Fraud Intelligence Report-2nd Quarter -2011 published by Mark Monitor
4

5. How do we mitigate fraud?
5

6. Embed “fraud” in the risk framework…
• Business Model
Strategic Business
• Technology Obsolescence
Change • Change Management
•
Market/ • Geo-Political
Credit • Reputation
Industry • Product development
Counterparty
Country Risks • Pricing
Data Protection, Business • Information & Physical Security
privacy Continuity
• Registrations & Taxations
Enterprise and IP
Engagement • Legal & Contractual
Regulatory
Security Compliance
Compliance • Customer needs & Concentration
External
Fraud
Physical & Execution • Infrastructure
Environmental Management
• Leadership & Culture
Operational Employment
Risks
• Operation Efficiency
Internal & Work Business Business
Fraud place Safety Interruptions Practices • Knowledge capital
6

7. …create deterrence…
IDENTIFICATION
Fraud
Vendors/ Detection Govt.
Partners
MITIGATION
REVIEW
Fraud
Deterrence
Fraud Fraud
Prevention Response
Customers Employees
CONTROL
7

8. ... and have structured governance using
Culture & Policies Structure & Process Systems & Legislation
Capabilities
Enterprise Standards Control Definition across Internal Audit Team Cyber protection
Operational Policies functions Internal and external IT act
Disciplinary Policy Control Self Assessment Vulnerability Testing Data protection laws and
& 3rd party review of Disciplinary Process governance
Awareness Programs & Controls
Training Modules Analytics and Forensics
Incident Handling
Whistle blower Domain & subject matter
Scenario planning & expertise
Code of Conduct Testing
Trigger and red flags
Internal Audit
8

9. Infosys approach to manage fraud
Process Map of Risks for all businesses
Failure analysis across functions
1
Set Triggers Key Risk Indicator
Likely Changes
Loss
Approach Estimation and
Benchmarks
Consequence
Severity 3
Mode Analysis
Level of Severity 4
Control Log review & Control Levels and Cost of control
definition Failure Analysis 2 review considerations
Incident Inventory from past experience
Process Level Risk Assessment and Mitigation
9

10. Fraud management – Maturity Model
Monitor
Check
Continuous
Monitoring and
Auditing
Using Software's
Act that trigger alerts
techniques for -
High value
and creates reports transactions
Establishing pre for financial
defined values or processes
attributes (Red
Flags)
Identify & Plan
Creation of Fraud Management
Checklist for the process and
identifying the fraud prone areas
and implementing appropriate
controls
10

11. To Summarize…
• Embed the culture of “risk” within the organization
• Enable the organization to own “risk”
• Have a Risk Reporting mechanism where all employees can report
risks they see
• Have an Incident Handling system that focuses on root cause
analysis rather than closure
• Have systems and analytics in place to monitor triggers and “red
flags”
11

12. THANK YOU
www.infosysbpo.com
The contents of this document are proprietary and confidential to Infosys Limited and may not be disclosed in
whole or in part at any time, to any third party without the prior written consent of Infosys Limited.
© 2012 Infosys Limited. All rights reserved. Copyright in the whole and any part of this document belongs to
Infosys Limited. This work may not be used, sold, transferred, adapted, abridged, copied or reproduced in
whole or in part, in any manner or form, or in any media, without the prior written consent of Infosys Limited.