Global Expectations for Addressing Fraud Risk and the Investigative Process

Similar documents
Effective implementation of COSO s new anti-fraud guidance

Fraud Risk Management

Global Anti-Corruption Programs:

Managing Fraud Risk: New Professional Guidance

Bearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013

European CEI. Compliance 101

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

INTEGRATING FORENSIC INVESTIGATION TECHNIQUES INTO INTERNAL AUDITING

Measuring Compliance Program Effectiveness

Society of Corporate Compliance & Ethics: West Coast Regional

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

A Discussion About Internal Controls February 2016

Corporate Governor. Providing vision and advice for management, boards of directors and audit committees Winter 2015

Why Reporting Hotlines Are Considered a Best Practice

10/3/2013 MAPPING YOUR PROGRAM TO THE FEDERAL SENTENCING GUIDELINES FOR ORGANIZATIONS (FSGO) AGENDA HOW MUCH DO YOU KNOW ABOUT THE FSGO?

EFFICIENT USE OF AUDIT COMMITTEES

Auditing for Fraud. Planning & Approaches

Managing Compliance Risk in M&A, and Special Considerations for Joint Ventures

SETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

PostNL group procedure

Compliance & Audit Rocks On

Mitigating the threat of fraud and corruption

Global Benchmark. Role of data analytics for internal fraud detection

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

PHARMACEUTICALS. Forensic Services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY

Sheryl Vacca, CHC-F, CCEP-F, CHRC, CCEP-I, CHPC. SVP/Chief Compliance & Audit Officer University of California

ebook FROM DETECT TO PREVENT : HOW TO USE TRANSLATION SOLUTIONS AS A PREVENTATIVE TOOL PAGE 1 library

CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE

Benchmarking 101: Shaping your E&C Program for Maximum Value

Government-private partnership: anti-corruption & anti-bribery practice

Third Party Risk Management ( TPRM ) Transformation

7 Bottom-Line Measures of Compliance Program Effectiveness

Office of the Utah Legislative Auditor General. Fraud Prevention. Utah Government Finance Officers Association. Spring 2017 Conference

Fraud Prevention: How to Identify and Protect Your Higher Ed Institution

TNT POLICY Title TNT Policy on Fraud, Corruption and Bribery

Using a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness

Mitigating Corruption Risk When Acquiring Companies in High-Risk Jurisdictions

ATTACHMENT C CORPORATE COMPLIANCE PROGRAM

MITSUI & CO., LTD. Anti-Corruption Policy. Contents

Fraud and the Small Business Owner

2017 The Global ABB Integrity Program.

CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM

BUILDING AN EFFECTIVE COMPLIANCE PROGRAM

Henkel s Compliance Management System (CMS)

ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

FCPA COMPLIANCE PROGRAMS

FINAL ASSESSMENT M.C. DEAN, INC.

Answering the Call. Increased Ethics, Governance & Compliance through the implementation of a Whistleblower Hotline.

Managing the Supply Chain

Compliance Culture in Global Operations Cedric Mulfinger- Global Business Compliance Program Manager

Global Third Party Due Diligence

KAP Industrial Holdings Limited KING IV APPLICATION REGISTER Page 0

Strengthening Control and integrity: A Checklist for government Managers

1. INTERNAL AUDIT CHARTER (PDF)

The Siemens Compliance System Seminario internacional - 24/08/2016 Escándalos Empresariales en Primera Persona: Volver a ponerse de pie

Fraud Risk Management

Internal Oversight Division. Internal Audit Strategy

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

FRAUD AND PROFESSIONAL ETHICS IN HIGHER EDUCATION

Challenges in Corporate Governance: The Role of Corporate Directors in Overseeing Financial Reporting

KYC compliance strategies that your customers will love

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

Fraud Risk Management

INTERNAL AUDIT Fraud Investigation Process Campus Administrative Training Series April 24, 2017

ACFE FRAUD PREVENTION CHECK-UP ASSOCIATION OF CERTIFIED FRAUD EXAMINERS

Westfield Corporation Slavery and Human Trafficking Statement. Financial Year Ended 31 December 2016

TEEKAY TANKERS LTD. STANDARDS OF BUSINESS CONDUCT POLICY

Auditing for Fraud. Planning & Approaches

Compliance in Belgium A closer look at the corporate sector. 8 December 2014

BRIBERY AND CORRUPTION

Fraud, bribery and corruption Protecting reputation and value

Compliance Plans. Kelly S. McIntosh July 20, 2017

ETHICS AND BUSINESS INTEGRITY POLICY

Risk Based Internal Audit Plan

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

Leading the Global. Next Decade Doing More with Less The Lean Internal Audit Model. Larry Rieger

International Finance Corporation

A Case Study: How Effective Risk Management Drives Global Supply Chain Optimization.

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

BEATING THE BENCHMARK. A comprehensive guide for assessing and benchmarking compliance program effectiveness

IBM AML compliance solution

See your auditor clearly. Transparency report: How we perform quality audit engagements

Association Fraud: How It Happens and What You Should Know

AUDITING. Auditing PAGE 1

Can the public sector deliver a zero tolerance approach to corruption risk?

CARNIVAL CORPORATION & PLC

SAMSUNG HEAVY INDUSTRIES

Thomson Reuters SCREENING RESOLUTION SERVICE

Compliance Program Effectiveness Guide

Fraud Prevention, Detection, and Internal Controls

ISACA. The recognized global leader in IT governance, control, security and assurance

International Operational Auditing

DIIR Audit Standard No. 5 STANDARD FOR THE AUDIT OF THE ANTI-FRAUD MANAGEMENT SYSTEM BY THE INTERNAL AUDIT ACTIVITY

The (W)Right Coaching cc

The New Era of Transparent Internal Audit: What You Should Know

Leading Practices to Leverage Forensic Data Analytics in Compliance Monitoring and Investigation

Transcription:

Global Expectations for Addressing Fraud Risk and the Investigative Process Waheed Alkahtani CFE, CISA, and CCEP-I Saudi Aramco Internal Auditing Special Audits Division Copyright 2014, Saudi Aramco. All rights reserved. March 2014

What do you know of Fraud Risks occurring in our business? Is it the tip of the ICEBERG? Has responsibility for managing fraud risk been clearly defined? What systems are in place to detect fraud and irregularity? Do you have reporting channels and are staff aware of them? Questions:

Getting the Big Picture

What is Fraud Risk Management? Why is it important? Who is Responsible? How to establish a forensic accounting unit. Today s Agenda

Fraud Risk Management Section One

Fraud: is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Fraud Risk Management: a process, effected by an entity s board/council, management and other personnel, applied in strategic setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the achievement of entity objectives. Fraud and Risk Management

Assessment Risk Management Mitigation Plan Fraud Risk Management

It is Why Risky?

The top 10 risks that Internal Audit departments will focus on across the next 6 12 months. Corruption and Bribery Risky Areas 2013 CEB Audit Leadership Council

All organizations are subject to fraud risks. Frauds have led to the downfall of entire organizations. Massive investment losses. Significant legal costs. Loss of key individuals and image. Many fraud cases involve safety. Why do we want to Control FRAUD?

Lack of formal fraud risk management processes represents the highest risk, beyond those identified in ordinary business operations. Ethic Resource Center (ERC) Fraud Risk Management

Company Boeing Artificial joint makers Tenet Columbia/HCA AIG Marsh & McLennan Fannie Mae KPMG Tyco Cardinal Health Pharmas Siemens Prudential UnitedHealth Group Cost $615 million $317 million $900 million $1.7 billion $1.5 billion $850 million $400 million $465 million $750 million $600 million $2.4 billion $463 million $2.8 billion, + fines $915 million Bob Rudloff, Vice President, Internal Audit, MGM MIRAGE The Cost of Fraud

Siemens $1.6 billion (2009) Bribery on an institutional scale across countries Halliburton $177 million (2009) EPC contract scheme in Nigeria for disgorgement of profits KBR $402 million (2009) Bribes related to payments to Nigerian officials Baker Hughes $11 million (2008) Related to bribes to Kazakhstan officials for a Kazakhstan project. Chevron $4.7 million (2010) FCPA violations Marathon Oil $4.7 million (2010) FCPA violations Shell $236.5 million (2010) FCPA customs bribery issues in Nigeria Alcatel Lucent $92 million (2010) Failure of responsible executive to conduct appropriate due diligence on a third-party IBM $10 million (2011) Penalties for bribes for Korean and Chinese officials Foreign Corrupt Practices Act (FCPA)

Technology Competition Mergers JV Global Operations Risks Transformation Organizational Risks

Local Employment and labor laws Global Anti-trust and Anti-corruption regulations, such as FCPA and UK bribery acts. Organizational Risks

Know Do we Now Why it is important?

Who Owns Fraud Risks? Section Three

The Gate Keeper

IA LAW HR Security Who manages the RISK?

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. In relation to fraud, this means that internal auditing provides assurance to the board and to management that the controls they have in place are appropriate, given the organization s risk appetite. Internal Auditing

Fraud Risk Assessment Internal auditors should consider the organization s assessment of fraud risk when developing their annual audit plan and periodically review management s fraud management capabilities. Communicate and Report They should interview and communicate regularly with those conducting the organization s risk assessments, as well as others in key positions throughout the organization, to help them ensure that all fraud risks have been considered appropriately. Internal Controls When performing engagements, internal auditors should spend adequate time and attention to evaluating the design and operation of internal controls related to fraud risk management. Role of the Internal Audit IIA Practice Advisory 2130-1 21

Watch Red Flags They should exercise professional skepticism when reviewing activities and be on guard for the signs of fraud. Respond Potential frauds uncovered during an engagement should be treated in accordance with a well-defined response plan, consistent with professional and legal standards. Active Role Internal auditing should also take an active role in support of the organization s ethical culture. Role of the Internal Audit IIA Practice Advisory 2130-1 22

Standards and Procedures Oversight Education and Training Monitoring and Auditing Report Enforcement and Discipline Response and Prevention The 7 elements Society of Corporate compliance and Ethics (SCCE)

The 7 Elements HR IA LAW Standards and procedures Standards and procedures Review and evaluate Education and Training Periodically Risk Assessed Monitoring and Auditing Report Enforcement and discipline Response and Prevention Basic compliance elements 24

Cyber Crimes White- Collar Crimes Property Crimes Violent Crimes Who Manages Fraud?

White-collar Crime Occupational Money laundering Identity theft Copyright infringement Black/White Gray Area White-Collar Crime

Classes of Occupational Fraud

Cyber Crimes White Collar Crimes Property Crimes Violent Crimes Occupational Fraud Occupational Fraud

Independent Authorized Competent Consistency Who Investigates Fraud? Best Practice ACFE, AICPA, IIA, and SCCE

National Anti Corruption Commission Independent and report directly to the cabinet Dubai Financial Audit Department Directly to the ruler of Dubai Fraud Investigation in Government Sectors

1. Total, Internal Auditing. 2. ConocoPhillips, The Company s Audit and Finance Committee will oversee treatment of employee concerns. 3. ExxMobile, Internal Audit has primary responsibility for investigating violations of the Corporation's internal controls. 4. Chevron, Investigative Audits, the Audit Committee. 5. Statoil, Chief Auditor. 6. Dow Chemical, Fraud Investigative Services, Corporate Auditor. Fraud Investigation in Private Sectors

As director of Fraud Investigation Services, I report directly to Dow's Corporate Auditor. We have four full-time staff members, all directly involved in investigations. Their backgrounds vary and include accounting, business administration, criminal justice, law and certified fraud examination. Much of our time is spent analyzing data and documents, interviewing employees, documenting findings, and traveling approximately 30% to 40% of the time in North America and overseas. The Dow Chemical Company's Success Story

For every $1 we spend on investigating fraud, we recover nearly $4, which is very high by industry standards. Oh one more thing

The How to Question Section Four

Assess Adjust Change Management Build Measure Change Management Theory

Correction Policy Investigation Reporting Behavior Analysis Changing Minds Transparency Assessment Fraud Risk Assessment Consider potential fraud schemes Evaluate he likelihood and significance Mitigation Plans Correction Fraud Prevention Code of Conduct Business Ethics Whistleblower Policy Hotline Hotline Unscheduled Audits Red Flags/Fraud Indicators Monitoring and Data Mining Detection Awareness Top Management New Hires Vendors and Contractors All means Anti-Fraud Program Minimum Level of Protection

What... Can Should Must Be Done?

You must be the change you wish to see in the world. Set the Tone from the Top

Building Blocks

Gray Area Not Enough Accountability Overlapping Inefficient Redundancy Dark No Accountability Gap Analysis Methodology

Small Establish ownership and accountability. Outsource. Medium Establish ownership and accountability. Formation of forensic investigations. Large Internal unit to address prevention, detection, investigation and remediation of fraud. How to respond to an incident

SCCE ACFE Five vs. Seven

Standards and Procedures Oversight Education and Training Monitoring and Auditing Report Enforcement and Discipline Response and Prevention The 7 elements

Principle 1 Policy to convey the expectations of the board of directors regarding managing fraud risk. Principle 2 Periodically Risk Assessed. Principle 3 Prevention and awareness techniques to avoid potential key fraud risk events. Principle 4 Detection techniques should be established to uncover fraud events. Principle 5 A monitoring and reporting process should be in place to solicit input on potential fraud. The 5 Principles

The following elements should be found within a fraud risk management and compliance program: 1. Fraud Prevention and Awareness Services 2. Fraud Forensic and Validation Services 3. Fraud Investigation and Correction Services 4. Business Compliance Services Elements of an Anti-Fraud Program

Awareness Program Hotline Administration Case validation Computer Forensic Data Mining Prevention Validation Compliance Manager Compliance Investigation Compliance assessment Fraud Indicators and Trends Reporting Investigation Correction The New Model

Allegation Initial Assessment Investigation Reporting Management Actions Anonymous Tip Verification/ Evaluation Proponent Notification Relevant Facts Proponent Internal Audit Management Data Analysis IT Forensics IT Forensics/ Data Mining Interviews/ Profiling Case Outline General Auditor Authorizes an Investigation Case Recommends Review by Personnel Review by Legal GA Hotline Baseline Interviews Document Examination Quality Review COI and SRC Rev & Decision Data Analysis Government Agencies

In Conclusion Final section

It is a danger zone with a high-risk area.

FCPA Company will be liable if it knows or has reason to know.

It will not protect you.

Don't think there are no crocodiles because the water is calm.

If you ever think you re too small to be effective, you have never been in bed with a mosquito. Act now

Q&A

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback