Fraud Indicators and Red Flags

Transcription

1 Fraud Indicators and Red #CW2017

2 Pekka Dare Director, Training Education & Development - ICT Jose Tabuena Chief Privacy Officer UT Southwestern Medical #CW2017

3 The Perpetrators According to KPMG a typical fraudster is: between the ages of 36 and 55 (69%) predominantly male (79%), with the proportion of women 17%, up from 13% in 2010 a threat from within (65% are employed by the company) holds an executive or director level position (35%) employed in the organization for at least six years (38%) 3X as likely to be regarded as friendly as not with only 18% described as autocratic esteemed, describing themselves as well-respected in their organization likely to have colluded with others (62%, down just slightly from 70% in 2013) motivated by personal gain (60%), greed (36%) and the sense of because I can (27%)

4 Fraud Control Process 1. Risk assessments 2. Fraud Awareness programs 3. Reducing opportunities 4. Internal controls Automated systems Physical security and access controls 5. Developing an anti-fraud culture 6. Information security

5 The Risk Management Cycle Identify risk Consistently review Assess Impact of risk Control & reduce risk

6 Risk Management Process Establish risk management group Identify risk areas Understand/assess scale of risk Develop a risk response strategy Implement and monitor Review and refine process

7 Fraud Awareness Programs Reference to fraud risk assessment and controls Company/sector specific Who? Reality is every employee within the organisation presents a possible risk Practical application Followed up to include developing trends

8 Reducing Opportunities Developing an anti-fraud culture Effective controls increase perception of detection Segregation of incompatible duties Sound authorisation and documentation processes Independent checks People controls

9 Internal Controls Automated systems Physical security and access controls

10 Identifying Red Flags Role of the 1 st Line of Defence in spotting red flags Red flags are always present but not recognized or not acted on Always take action to investigate, even if it seems minor But, sometimes an error is just an error have an open mind Role of the 2 nd Line of Defence in spotting red flags Compliance ongoing monitoring of controls Providing advice Facilitating risk management activities

11 Travel and Entertainment Red Flags Claims for T&E that never materialized Flights in first class when more modest means were available, in violation of company policy Claims for meals or entertainment in excess of per diem Auditing Travel and Entertainment Expenses Using IDEA, 2007

12 Proactive Approaches: Data Analysis Vendors Expense Disburs. HR Address Verification Benford's Law Duplicate Payments Management Reporting Unexpected Relationships Internal Controls External Data Verification Payroll Accounts Payable Shared Elements Testing High Risk Focus SSN testing Overpayments Manual & Special Payments Client-customized Testing P-Card Accounts Rec. Scoring Algorithms VENDOR Scores EMPLOYEE Scores CUSTOMER Scores 14

13 Commonalities Between Employees and Vendors Tests: Identify vendors and employees with common SSN and Tax ID #s Identify vendors and employees with common bank account #s Identify vendors and employees with common addresses Employee Name Vendor Name SS No. Tax ID Vendor Bank A/C Employee Bank A/C Vendor Address Employee Address Roe, Jane Montvale Plumbing Thomas, Betty Hillstreet Electric Stewart, Jon Daily Report 1 1 Colbert, Stephen Pundit Report Coyote, Wile E. Acme Supplies 1 1 Murphy, Heather United Circuits 1 1 Brownie, Michael Emergency Management Ball, LaVar Little Baller Murray, Sophia Polar Enterprises Utonium, Professor Powerpuff Security 1 1

14 Information Security Data theft and the misuse of data are biggest enablers of fraud Top 5 Risks Data protection regulation Mobile working BYOD Data breaches Data proliferation

15 ID Theft

16 Behavioural Profiles How many behavioural characteristics can you think of that would suggest high risk of fraud?

17 Incentive Programs Incentive programs for management are the norm and also common for the rank and file. Despite incentive programs and the potential risks being so common, the compliance team typically does not have a role in reviewing it to identify and mitigate risk prior to implementation. 52% never review: SCCE/HCCA Survey, April 2017

18 COSO Control Environment Testing Principle 5. The organization holds individuals accountable for internal control responsibilities in the pursuit of objectives. Points of focus for audit (3 rd Line of Defence): Enforces accountability through structures, authorities, and responsibilities Establishes performance measures, incentives, and rewards Evaluates performance measures, incentives, and rewards for ongoing relevance Considers excessive pressures Evaluates performances and rewards or disciplines individuals

19 Fraud Typologies Examine your allocated example of fraud detailed Compare and contrast the various vulnerabilities and failure of controls. Could each one occur in your organisation; if not, why not?

20 Fraud Case #CW2017

21 Case 1: HBOS Scam UK: Internal bank fraud 245m HBOS manager jailed over 245m loans scam Used relationship with bank to bully business owners and strip them of assets Judge [you] sold your soul, for sex, for luxury trips with and without your wife for bling and for swag! Red flags? victims ignored when trying to report what was going on one offender had 2m superyacht jewellery, luxury hotel stays, business-class flights

22 Case 2: BP Oil Spill Fraud Case US: BP Oil Spill Fraud Case 2 convicted Made up fake clients to sue BP List compiled of 40,000 people who wanted to sue BP Significant errors: Included names of the dead, people who never gave permission for representation and even a dog s name! Fraudsters passed the information up the chain to law firm Supposed to be paid from a $2.3 billion fund BP set aside to compensate fishermen

23 Case 3: China and $7.6bn Fraud Involves P2P lender Ezubao concocting fake projects to attract investment 26 people charged with fraud - including top executives of Ezubao s parent company Televised confession when principal suspect said Ezubao was "a typical Ponzi scheme" Largely unregulated peer-to-peer lending sector

24 @ComplianceWeek #CW2017