Managing Fraud Risk: New Professional Guidance

Similar documents
Audit Committee Performance Evaluation

ISACA San Francisco Chapter

Measuring Corporate Culture: Enhancing the Board s Understanding

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Audit Committee Performance Evaluation Form

Effective implementation of COSO s new anti-fraud guidance

AUDITING. Auditing PAGE 1

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

Fraud, bribery and corruption Protecting reputation and value

COSO 2013: Updated internal control framework

Bearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Aligning the Workplace with Today s Nontraditional Workforce

Audit committee performance evaluation

Internal Audit Services. March 2017

ACFE FRAUD PREVENTION CHECK-UP ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

Anti-Fraud Programs and Control Policy

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Internal Audit Procurement Policies and Controls

Audit committee performance evaluation

Fraud in focus March Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond

An Overview of the 2013 COSO Framework. August 2013

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

Presented by Ed Williamson and Erica Bailey

Global Expectations for Addressing Fraud Risk and the Investigative Process

Audit quality Independent Audit

Setting Strategy: How Should the Board Be Involved?

Heads Up. Control Integrated Framework. COSO Enhances Its Internal. In This Issue: Enhancements in the 2013 Framework

Fraud Risk Management

Cairngorms National Park Authority

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

COSO Framework Update Webcast. May 23, 2013

Protecting your private business from fraud

SOX Optimization: Improving Compliance Efficiency and Effectiveness

THE BACKGROUND OF AUDIT QUALITY ASSURANCE (AQA) Presentation by: CPA Anne Muraya Audit & Assurance Leader, Deloitte East Africa Tuesday, 1 August

MANAGING FRAUD RISK. Teresa D. Thamer, CPA, CFE Brenau University

Creating a Risk Intelligent Enterprise: Risk governance

Fraud risk management in not for profit organisations

Evaluating Many Rivers Microenterprise Development Program. 2nd Interim Outcomes Evaluation November 2014

Minimizing fraud exposure with effective ERP segregation of duties controls

United Nations Development Programme Office of Audit and Investigations CHARTER OF THE OFFICE OF AUDIT AND INVESTIGATIONS.

A Discussion About Internal Controls February 2016

OPERATIONAL DIRECTIVE REF. OD.ED INTERNAL AUDIT AND INVESTIGATIONS CHARTER

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

Business integrity and sustainable growth: making the intelligent connection Fraud Investigation & Dispute Services

Internal Audit Charter

IT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams

Alternative Operating Structures, Governance Best Practices and Fraud Risk Management

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

The Deloitte Tax Short-term Global Assignment Survey

European CEI. Compliance 101

A Strategic Approach to Bank Fraud

Digital Testing and Controls Automation A transformative approach to automating your control environment

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

With Jodi Kippe, CPA & Partner Retail Dealer Practice at Crowe Horwath LLP. Moderated by Mike Bowers, Executive Editor at DealersEdge

Fraud Risk Management

EY Center for Board Matters. Leading practices for audit committees

With Jodi Kippe, CPA & Partner Retail Dealer Practice at Crowe Horwath LLP. Moderated by Mike Bowers, Executive Editor at DealersEdge

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Utility Debt Securitization Authority

Risk Advisory Services Developing your organisation s governance for competitive advantage

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Quality Assessments what you need to know

Building a Fraud-Resistant Organization January 8, 2015

Managing the Business Risk of Financial Fraud for Higher Education Providers

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

Internal Audit. Providing Assurance Over Project Delivery. Chris Nugent Institute of Internal Audit - 11 March 2014

Managing the Business Risk of Fraud: A Practical Guide

SAMPLE BOARD PERFORMANCE EVALUATION: Prepared by DELOITTE & TOUCHE, 2013

Strengthening Control and integrity: A Checklist for government Managers

Managing the Business Risk of Fraud: A Practical Guide

Risk Committee Charter ISSUE DATE: 15 NOVEMBER 2018 RISK COMMITTEE CHARTER. ISSUE DATE 15 NOVEMBER 2018 PAGE 1 OF 7

Deloitte Consulting LLP. Merger Aftershocks. Surviving the people challenges of a post-merger integration

APPENDIX A. Audit Findings Report. For the Year ended March 31, 2017

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Fraud Risk Management

Enhancing Audit Committee Excellences through Internal Audit. 21 November 2017

Securing the Future - RSL (Queensland Branch) Governance Model Final Report December 2017

At the anti-corruption compliance crossroads

Headline Verdana Bold Build your own board potential What it means to be a board April 2018

Internal Audit s Role in Preventing, Deterring and Detecting Fraud Working as Part of a Fraud Management Team The Way Forward

PREVENTING FRAUD. Take-and-Use Guidelines for Chubb Crime Insurance Customers

Ramifications of the New COSO Framework & Recent PCAOB Actions

Chapter 2. The CPA Profession

Central Florida Expressway Authority

Agenda 11/26/13. Updated COSO Framework

Policies, Procedures and Guidelines

2013 COSO Internal Control Framework Update. September 5, 2013

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

EFFICIENT USE OF AUDIT COMMITTEES

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Workplace Safety and Insurance Board Workwell Program 2011 Value for Money Audit. Executive Summary March 2012

Federal CFO Insights Real solutions to win the fight against improper payments and fraud, waste and abuse

Internal audit insights High impact areas of focus

Deloitte Governance Framework and Maturity Model

Product Architecture. Donna Schlegel Kelly Cusick, ACAS, MAAA Deloitte Consulting LLP March 12, 2013

Public Internal Control Systems in the European Union

Transcription:

Managing Fraud Risk: New Professional Guidance Mohammed Ahmed & Toby J.F. Bishop Deloitte Financial Advisory Services LLP September 10, 2007 Objectives Make you aware of the new guidance Show how you can take advantage of it in your work Illustrate how it will bring greater focus on key compliance and ethics program elements Discuss how to use it to obtain greater management support The views expressed herein are our own and not necessarily those of Deloitte Financial Advisory Services LLP. Mention of any product is for educational purposes only and does not indicate an endorsement of that product. 1 1

Purpose of Guidance Inform management and boards of better practices for managing fraud risk Show linkage between managing fraud risk, corporate governance and ethics & compliance programs Help manage a challenging and costly business risk Encourage process enhancements Drive greater quality and consistency 2 Why Develop New Guidance? High jump record: 2.45 meters Pole vault record: 6.14 meters Tools can raise performance 3 2

Fraud Guidance Project Joint project of IIA, AICPA & ACFE Led by Dave Richards, president of The IIA Over 30 experienced practitioners contributing knowledge To be released in exposure draft form this Fall 4 Managing Fraud Risk Guidance Sections on: Fraud Risk Governance Fraud Risk Assessment Fraud Prevention Fraud Detection Investigation and Response Appendices with reference materials 5 3

Fraud Risk Governance Fraud Risk Governance Rising risks and penalties relating to fraud and corruption require an organizational response Board and senior management need to direct anti-fraud and anti-corruption activities Strong corporate governance is a foundation A fraud control policy is an important tool in fraud risk governance 7 4

Fraud Risk Governance The Board: Helps set the tone at the top for senior management Has responsibility to ensure management designs effective fraud risk management policies Oversees management s fraud risk assessment and antifraud controls Appoints a senior executive responsible for fraud risk management Ensures adequate resources are provided Monitors effectiveness of fraud risk management program 8 Fraud Risk Governance Management: Sets the tone at the top for employees Implements effective fraud risk management policies Defines fraud risk management roles & responsibilities Provides fraud awareness training for employees Performs regular fraud risk assessments and evaluates anti-fraud controls Manages investigation and resolution of issues identified Periodically evaluate and improve the effectiveness of the fraud risk management program 9 5

Fraud Risk Assessment Fraud Risk Assessment Structured rational approach Fraud risk identification Assessment of significance and likelihood Determination of fraud risk response Brainstorming Consider risk of management override of controls Population of fraud risks Inherent risk and residual risk Board oversight of cost/benefit decisions in fraud risk responses based on risk tolerance 11 6

Example of a Strong Fraud Risk Assessment 12 Typical Weaknesses Appropriate personnel are not involved in the process Assessment consists of an identification of risk factors only, and does not include an identification of schemes & scenarios Potential perpetrators are not identified (which can lead to insufficient consideration of management override) Does not adequately consider collusive fraud and management override of controls Lack of monitoring by the Audit Committee/Board 13 7

Example of a Weak Fraud Risk Assessment 14 Fraud Prevention 8

Fraud Prevention Prevention is rarely absolute it s also deterrence A regular internal controls framework has limitations in effectively preventing fraud The risk assessment process drives the prevention control activities Successful fraud prevention is dependent upon continuous communication and reinforcement 16 Fraud Prevention Entity-level controls Fraud awareness training Code of conduct Background investigations Exit interviews Process-level controls IT access controls Segregation of duties Can be preventive and detective 17 9

Fraud Detection Fraud Detection Hotline/helpline Multilingual, 24x7x365 Single case management system Benchmarking Process-level detection controls Proactive fraud auditing by internal auditors Data analysis technology Continuous auditing Email analysis 19 10

Fraud Detection Sample performance measures: Number of fraud audits performed by internal auditors Number of hotline/helpline calls received Number of fraud allegations received that required investigation Number and value of fraud losses detected 20 Hotline Benchmarking Report 2006 Corporate Governance and Compliance Hotline Benchmarking Report Published November 2006 by The Network, CSO Executive Council and the ACFE Based on 200,000 incident reports over 4 years Addresses effectiveness of a key antifraud control Permits benchmarking by industry segment 21 11

Hotline Benchmarking Report Testing effectiveness considerations Assess employee communication and training Evaluate employee confidence in hotline by survey Evaluate objective data: Report frequency Incident mix Tone at the top (anonymity use) Local management (prior notification) Case resolution See Bishop/Temkin article in April 2007 issue of Compliance & Ethics Magazine 22 Fraud Investigation & Response 12

Fraud Investigation & Response Board oversight of process Cases involving senior management or financial reporting Predefined roles & responsibilities Predefined investigation protocols Reporting of results Recovery/corrective actions Include business process and control remediation Consistency of discipline organization-wide (using a case management system may assist) 24 Fraud Investigation & Response Sample performance measures: Average time to resolve an issue (of each type) Proportion of incidents that repeat past wrongdoing Value of losses recovered and future losses prevented 25 13

Conclusion Conclusion Managing Fraud Risk will get attention from boards and management Changes will be expected to enhance fraud risk management practices Compliance & ethics personnel can use this publication to support enhanced management of fraud risks and to strengthen ethics and compliance programs 27 14

What Questions Do You Have? Mohammed Ahmed mahmed@deloitte.com (212) 436-4703 Toby Bishop tobybishop@deloitte.com (312) 486-5636 28 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 140 countries. With access to the deep intellectual capital of approximately 150,000 people worldwide, Deloitte delivers services in four professional areas audit, tax, consulting, and financial advisory services and serves more than 80 percent of the world s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names Deloitte, Deloitte & Touche, Deloitte Touche Tohmatsu, or other related names. In the United States, Deloitte & Touche USA LLP is the U.S. member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP, and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the U.S. member firm are among the nation s leading professional services firms, providing audit, tax, consulting, and financial advisory services through nearly 40,000 people in more than 90 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the U.S. member firm s Web site at www.deloitte.com 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback