ACCA-IIA Singapore Seminar 2015 part 2 fraud risk governance
1. Leveraging your internal control process to
prevent and manage internal fraud
Tuesday, 6 October 2015
9:00am – 5:00pm
ACCA-IIA Singapore Seminar
Part 2
1
2. 2
Internal Auditor working with
Management Team will enhance
Effectiveness and Efficiency of
Operations on a real time basis.
An area External Auditor cannot help
Fraud is a consequence of
Material weakness in Internal control
2
3. Looking for Red Flags
The weakest links in chain of controls?
Deviations from conventional good accounting practices
are possible?
What are the simplest way to compromise the system?
3 (Source 1)
4. Identifying Red Flags
4
Potential Fraud Schemes
Common Red Flags relevant to specific
fraud scheme
Obtaining the evidence
Confronting suspects
Report findings
5. Sources of
information
Disclosures
Filings with
regulators
e.g. SFC
Company
Registry
Land office
Industry
specific
bureaus
Public
Records
e.g. internet
Confidential
sources
Internal
records
But note
personal
data
privacy
issues
5
Other Regulating Agencies
or Government Agencies
7. Fraud Risks Management
Why traditional internal control fail?
Why did External Auditor fail to indentify fraud?
How to build an effective Fraud Risks Management
Programme in your organization?
7
8. Managing the Business Risk of Fraud: A
Practical Guide
Sponsored by –
1) Institute of Internal Auditors,
2) American Institute of Certified Public
Accountants,
3) Association of Certified Fraud Examines.
Intended to be applicable globally
Defines principles and theories for fraud risk
management
8
9. Key Principles
1. Fraud Risk
Management
Program
2. Fraud Risk
Assessment
3. Fraud
Prevention
4. Fraud
Detection
5.
Escalation,
Investigatio
n and
Correction
9
10. Principle 1
As part of an organization’s governance
structure, a fraud risk management program
should be in place, including a written policy
(or policies) to convey the expectations of the
board of directors and senior management
regarding managing fraud risk.
10
11. Key Principles
11
1. Fraud Risk
Management
Program
2. Fraud Risk
Assessment
3. Fraud
Prevention
4. Fraud
Detection
5. Escalation,
Investigation
and Correction
Fraud Risk Management
Program
• Policies and procedures
• Roles and responsibilities
• Commitment
• Fraud awareness
• Affirmation process
• Conflict disclosure
• Fraud risk assessment
• Reporting procedures and
whistleblower protection
• Investigation process
• Corrective action
• Quality assurance
• Continuous monitoring
12. Fraud Risk Governance Source (4)
Corporate Governance
System by
which
companies
are directed
or controlled
Process by
which
corporations
are made
responsive to
Rights +
Wishes
Of
Stakeholders
Manner in which
management and those
charged with oversight
accountability meet their
Obligations + Fiduciary
Responsibilities
To
Stakeholders
12
13. Fraud Risk Governance (Source (4)
Strong Board Governance Practices
Board
ownerships
of Agendas
+
Information
flow
Access to
multiple layers
of
Management +
Effective control
of a
whistleblower
hotline
Independent
Nomination
Processes
Effective
evaluation of
Senior
management,
Performance
management,
Compensation
and
Succession
planning
A code of
conduct
SPECIFIC for
senior
management,
In addition to
organization’s
code of
conduct
Strong emphasis on
board own
independent
effectiveness and
process through:
• Board
evaluations
• Executive
sessions
• Active
participations in
oversight of
strategic and risk
mitigation efforts
13
14. Fraud Risk Exposure Source (4)
Board Assurance
Business Ethics Considerations
Hiring,
Evaluation,
Promotion,
Remuneration
policies
For
Employees
Ethical
Behaviors
Business
strategy
Operations
Long-term
Survival
All aspects of
Employee’s
Relationship
with
Customers
Vendors
Other
business
stakeholders
eg.
Government
Regulations
14
15. Fraud Risk Governance Source (4)
Effective Business Ethics Programs
Foundation
Prevention Detection
Deterring
Fraudulent + Criminal Acts+ +
15
16. Fraud Risk Governance Source (4)
Identify Roles + Responsibilities
Personnel at all levels of organization
Fraud Policy
Who is responsible
for oversight of fraud
control
Board Designated
committee
eg. Fraud Prevention
Committee
Management’s
Responsibility
Design Implementation
of Fraud Risk
Strategy
How different
segments of
organization can
support Fraud Risk
Management
eg. compliance,
general counsel, the
ethics office,
security, IT, internal
auditing,
audit committees16
17. Fraud Risk Governance Source (4)
Board of
Directors
Set the tone at the top.
How to govern properly?
Include:
• Independent minded Executive Directors
• Understand fraud risks
• Fraud risk is included as part of organization’s risk assessment and strategic
plans
• Periodic agenda item
• Monitor management’s reports on fraud risks, polices, and control activities
• Receiving accurate and timely information on fraud incidents from all levels
• Oversee internal control
• Set the appropriate tone at the top-through CEO job description, hiring
evaluation and succession
• Ability to engage outside experts
• Providing external auditors with evidence of Board’s active involvement in
fraud risk management17
18. Fraud Risk Governance Source (4)
Delegation of some responsibilities to a
committee of that Board
Documented in the
Board and committee
charters
Ensure the committee has
sufficient resources in the
budget and long-term plan
to enable the organization
to achieve its fraud risk
management objectives
18
19. Fraud Risk Governance Source(4)
Audit Committee
Independent Plus one financial expert
Meet regularly Long enough
Sufficient preparation
Assess Respond+
Risk of Fraud
Receive reports of
alleged fraud
Especially Management Fraud
(Override internal control
procedures)
19
20. Fraud Risk Governance Source (4)
Audit Committee
The proactive approach
Maintains active role
Oversight of the
organization’s assessment
of Fraud
Internal Auditor Designated Personnel
Monitor Fraud Risk
Existence of this
committee = Evidence
that the committee is
committed to fraud risk
management
20
21. Fraud Risk Governance Source(4)
Audit Committee
Should meet separately from
management with appropriate
individuals
eg. Chief Internal Auditor
And
Senior Financial Person
To find out how internal and
external audit strategies address
fraud risk
Auditor Management
What are they doing to prevent fraud???
21
22. Fraud Risk Governance Source(4)
Audit Committee
How an External
Auditor perform
the audit of
financial
statement
Free of
Errors
Or
Fraud?
Knowing there are
limitations
Governed by
auditing standards
Insist on honesty +
Openness with
External Auditor
Sharing
information
about possible
fraud
Aware of
reputation risk
resulting from
Seek legal advice
on allegations of
fraud
Should be taken
seriously- a duty to
investigate + report
22
23. Fraud Risk Governance Source(4)
Management Responsibility
Design +
Implement of a Fraud Risk
Management Program
Including
Set the tone from
the top
Culture of
honesty + compliance
23
24. Fraud Risk Governance Source (4)
All levels of staff (including
management)
Basic
understanding
of fraud
including
aware of red
flags
Cooperate in
investigations
Under their
roles within
internal
control
framework
How their
working
procedures
are designed
to manage
fraud risks
Non-
compliance
=
Fraud not
detected
Read +
Understand
policies+
procedures on
fraud
eg.
• Code of
conduct
• Fraud policy
• Whistleblow
er policy
Operational
procedures-
procurement
manuals
+
If required –
help to build a
strong control
environment
Report
suspicions
of fraud
24
25. Fraud Risk Governance Source (4)
Internal Auditing Definition - IIA
Independent, objective assurance + consulting
activity
Design to add value + improve an organization’s
operations
In relation to Fraud
Provides assurance to the Board –
The controls they have in place are
appropriate given the organization’s
RISK APPETITE
25
26. Fraud Risk Governance Source( 4)
Role of Internal Auditors
Considerate organization’s assessment of fraud
risk
Review management’s fraud management
capabilities periodically
Review + Communicate with
those conducting risk assessment
Help them to ensure that all fraud risks have been
considered appropriately
26
27. Fraud Risk Governance (16)
Internal Auditors
Specific Roles
• If required to perform these
duties
• IA must have the necessary
skills + Knowledge
• Law
• Fraud schemes
• Investigation techniques
Initial or
investigation
of suspected
fraud
Root cause
analysis
Control
improvement
recommendations
Monitoring of a
reporting or
whistleblowing
hotline
Providing
ethics training
sessions
27