The document discusses various techniques for detecting and preventing fraud, including: 1) Establishing prevention techniques like controls, job rotation, and education to avoid fraud risks. 2) Implementing detection methods such as data analysis, forensic auditing, and link analysis to uncover fraud. 3) Asking vital questions within 24 hours of a fraud allegation to properly investigate and prevent future fraud.

1. Fraud Risk Assessment (Part 2)
Detection and Prevention Techniques
TAHIR ABBAS
CIA,CISA,CFE,CRMA

2. The only certainty is uncertainty
Event:
Occurrence of a particular set of circumstances.
Frequency:
A measure of the number of occurrence's per unit of time.
Hazard:
A source of potential harm or a situation with a potential to
cause loss.
Consequence:
Outcome or impact of an event.
Likelihood:
A general description of probability or frequency.

3. Fraud Risk Assessment
Foundations of an effective fraud risk
management
• Identify inherent fraud risk
• Assess the likelihood and significance of inherent
fraud risk
• Developing a response to reasonably likely and
significant inherent and residual fraud risk

4. Fraud Risk Assessment
– Identify inherent fraud risk
• Where could things go wrong
• Industry, geo-political risks
• Company risks
– Incentive plans
– Growth rate
– Consolidation
• Risk of management override
– Assess the likelihood and significance of inherent
fraud risk
• Likelihood – remote, possible, probably
• Significance – not just dollars; reputation,
management time

5. Risk/Control Sample Matrix

6. Procurement Fraud Risk Assessment
Corruption
Context
Document
Fraud Risk- List down
Likelihood
Impact
Control

7. Procurement Fraud Red Flags
• Repeated awards to the • Awards to non-lowest
same entity. bidder.
• Competitive bidder • Contract scope changes.
complaints and protests. • Numerous post-award
• Complaints about quality contract change orders.
and quantity. • Urgent need or sole
• Multiple contracts awarded source.
below the competitive • Questionable
threshold. minority/disabled
• Abnormal bid patterns. ownership.
• Agent fees. •
• Questionable bidder.

8. Key Principle for Fraud Risk Management
• As part of an organization’s governance structure, a fraud risk
management program should be in place, including a written policy (or
policies) to convey the expectations of the board of directors and senior
management regarding managing fraud risk
• Fraud risk exposure should be assessed periodically by the organization
to identify specific potential schemes and events that the organization
needs to mitigate.
• Prevention techniques to avoid potential key fraud risk events should be
established, where feasible, to mitigate possible impacts on the
organization.
• Detection techniques should be established to uncover fraud events
when preventive measures fail or unmitigated risks are realized a reporting
process should be in place to solicit input on potential fraud, and a
coordinated
• Approach to investigation and corrective action should be used to help
ensure potential fraud is addressed appropriately and timely.

9. Preventing Fraud – A Summary
Create a culture of Honesty, Eliminate Opportunities
Openness, and Assistance
Implement Have good
Employee internal controls
Assistance Discourage
Programs Collusion
Have a Code of Ethics Provide tip
hotlines
Publicize company
Create a Positive Create an policies
Work expectation of
Environment punishment Proactively audit
Hire honest people and for fraud
provide fraud awareness
training Monitor
employees

10. Controls
Existence of a control even if
non operational can be a
deterrent and act as a real
control

11. Deterrence and Prevention
Deterrence modifies the person's behavior through
perception of being caught and being punished
while Prevention focuses on removing the root cause of the
problem, hence prevention and correction logically go
together.

12. Prevention
• Analytical reviews
• Mandatory vacation
• Job rotation
• Surprise audit
• Oversight
• Employee education
• Open door polices

13. Prevention
Dishonest employees may not commit a fraud if they know
the organization has an oversight and confirmation
process. After giving the code of ethics to all employees (in
both hard and soft copy if possible), require that they sign
a statement that says they have read and understood the
code's requirements and will comply with them. The fraud
prevention plan should include an accountability matrix that
lists the anti-fraud functions and which staff have primary,
secondary or a shared responsibility. This then eliminates
the excuse of ignorance.

14. The Death Penalty
For Corporations
If we are going to consider the corporation to be a person
and afford it the same kinds of rights and freedoms
that are extended to the individual, perhaps it is time to
revise the methods by which we hold the corporate
"person" accountable. We should impose the same kind
of punishments that we have established for
individuals. If a corporation is convicted in the courts
for a violation of law, we should curtail its freedom to
conduct business for a period of time. In the event of
repeat offenses, the penalties should be increased. In
those instances where a corporation severely violates
the public trust, it should cease to exist. The corporate
charter should be revoked, the assets seized and the
corporation dissolved.

15. Reactive Fraud Detection

16. Fraud Prevention Checklist
Is ongoing anti-fraud training provided to all
employees of the organization?
 Understand what constitutes fraud?
 Have the costs of fraud to the company and everyone in
it — including lost profits, adverse publicity, job loss and
decreased morale and productivity — been made clear
to employees?
 Do employees know where to seek advice when faced
with uncertain ethical decisions, and do they believe that
they can speak freely?
 Has a policy of zero-tolerance for fraud been
communicated to employees through words and
actions?

17. Fraud Prevention Checklist
Is an effective fraud reporting mechanism in
place?
 Have employees been taught how to communicate
concerns about known or potential wrongdoing?
 Is there an anonymous reporting channel available to
employees, such as a third-party hotline?
 Do employees trust that they can report suspicious activity
anonymously and/or confidentially and without fear of
reprisal?
 Has it been made clear to employees that reports of
suspicious activity will be promptly and thoroughly
evaluated?

18. Fraud Prevention Checklist
Are strong anti-fraud controls in place and
operating effectively, including the
following?
 Proper separation of duties
 Use of authorizations
 Physical safeguards
 Job rotations
 Mandatory vacations

19. Detection
– Process controls
– Anonymous Reporting/hotline
– Internal Audit
– Benchmark
– Measurements
– Computer Checks for Anomalies
– Interviews

21. Forensic Accounting
Forensic accounting or financial forensics is
the specialty practice area of accountancy that
describes engagements that result from actual or
anticipated disputes or litigation. "Forensic" means
"suitable for use in a court of law", and it is to that
standard and potential outcome that forensic
accountants generally have to work. Forensic
accountants, also referred to as forensic auditors
or investigative auditors, often have to give expert
evidence at the eventual trial.

22. Forensic Auditing
Forensic auditing is a type of auditing that
specifically looks for financial misconduct,
and abusive or wasteful activity.
It is most commonly associated with
gathering evidence that will be presented
in a court of law as part of a financial crime
or a fraud investigation.

23. Forensic Accounting Factors
• Time: Forensic accounting focuses on the past,
although it may do so in order to look forward
(e.g., damages, valuations).
• Purpose: Forensic accounting is performed for a
specific legal forum or in anticipation of
appearing before a legal forum.
• Peremptory: Forensic accountants may be
employed in a wide variety of risk management
engagements within business enterprises as a
matter of right, without the necessity of
allegations (e.g., proactive).

24. Forensic Audit Approaches
• Direct methods involve probing missing income
by pointing to specific items of income that do not
appear on the tax return. In direct methods, the
agents use conventional auditing techniques such as
looking for canceled checks of customers, deed
records of real estate transactions, public records
and other direct evidence of unreported income.
• Indirect methods use economic reality and
financial status techniques in which the taxpayer’s
finances are reconstructed through circumstantial
evidence.

25. Indirect Methods
An indirect method should be used when:
• The taxpayer has inadequate books and records
• The books do not clearly reflect taxable income
• There is a reason to believe that the taxpayer has
omitted taxable income
• There is a significant increase in year-to-year net
worth
• Gross profit percentages change significantly for that
particular business
• The taxpayer’s expenses (both business and
personal) exceed reported income and there is no
obvious cause for the difference

26. How internal controls Can detect fraud?
• Can internal controls detect fraud?

27. Method for detecting frauds
• Percentage markup method for proving income
• Data Analysis
• Fraud Assessment tools
• Bedford analysis
• Link Analysis
• Interviewing strategies
• Linguistic Text Analysis

28. Percentage markup method for proving
Income

29. Data Analysis
• Article provided
• Ratios, hor , vertical

30. Bedford analysis
Article provided

31. Link Analysis
Given the complexity of serious fraud investigations, and the significant
number of individuals and entities ordinarily involved, the employment
of an analytic procedure known as 'link network diagramming' -
commonly referred to as 'link analysis' - should be considered to
facilitate the investigation and case structuring. Link analysis is
essentially a graphic method for integrating and displaying large
amounts of data which are related to complicated criminal activities
and civil wrongs. The construction of a link analysis diagram should
enhance the integration and presentation of relevant evidence or
information that is:
• connected to various financial accounts, individuals and entities;
• collected by or from different sources; and
• spread over a protracted period of time.

32. Link Analysis
Essentially, the link analysis technique is comprised of two sequential
steps. The first step is the conversion of written material containing
summaries of investigative findings into a graphic form called an
'association matrix'. The second step is the conversion of the matrix
into a diagram intended to facilitate understanding of the relationships
contained therein. The association matrix is essentially an interim step
in producing graphic material to assist investigators, prosecutors and
civil litigation counsel. The goal is the development of pictorial data
which clearly shows the relationships between people, organizations
and activities. It allows an analyst or a trier-of-fact ready access to the
big picture in complex matters. As the final diagram depicts
relationships (or links) between people, organizations and activities,
the generally accepted name for such pictorial data is a 'link analysis'
diagram.

33. Interviewing strategies
• Interviewing

35. Linguistic Text Analysis
 Lack of self-reference  Euphemisms
 Verb tense  Alluding to actions
 Answering Q with Q  Lack of Detail
 Equivocation  Narrative balance
 Oaths  Mean Length

37. Linguistic Text Analysis
• ON SLIDE NO 77 AND 78 OF FIRST PART
PRESENTATION ALREADY PROVIDED
• http://www.fraud-magazine.com/article.aspx?id=4294971184

38. 11 vital questions to answer within the
first 24 hours of a fraud allegation:
• Does the alleged activity constitute fraud?
• Who is involved?
• How should those who were involved in the fraud be
handled?
• Are there any co-conspirators?
• How much was lost to fraud?
• During what period did the fraud occur?
• How did the fraud occur?
• How was the fraud identified?
• Could the fraud have been detected earlier?
• What can be done to prevent similar frauds?
• Should the conduct be disclosed to the authorities?

39. Tone at top
• What is the “tone at the top”?
• Major fraud factors
– Meeting analysts’ expectations
– Compensation and incentives
– Pressure to reach goals
• Why employees don’t report
unethical conduct????

40. Tone at top
• COMMON ETHICAL VIOLATIONS
• Abusive or intimidating behavior of superiors
toward employees (21 percent)
• Lying to employees, customers, vendors, or the
public (19 percent)
• A situation that places employee interests over
organizational interests (18 percent)
• Violations of safety regulations (16 percent)
• Misreporting actual time or hours worked (16
percent)

41. COMMON ETHICAL VIOLATIONS
Stealing, theft, or related fraud (11 percent)
• Sexual harassment (9 percent)
• Provision of goods or services that fail to meet
specifications (8 percent)
• Misuse of confidential information (7 percent)
• Price fixing (3 percent)
• Giving or accepting bribes, kickbacks, or inappropriate gifts
(3 percent)
• E-mail and Internet abuse (13 percent)
• Discrimination on the basis of race, color, gender, age, or
similar categories (12
• percent)