FRAUD RISK MITIGATION MEASURES

FRAUD RISK MITIGATION MEASURES PowerPoint PPT Presentation


  • 252 Views
  • Uploaded on
  • Presentation posted in: General

2. Personal Integrity ?Extinct Human Trait. Be good for goodness sake My Word is My Bond . 3. Sharp Media Scrutiny. Deteriorating Ethical StandardsExamples of Widespread unethical Behavior. 4. Regulatory Prescriptions ? No panacea. Values and personal integrity matters a lot than regulatory pr

Download Presentation

FRAUD RISK MITIGATION MEASURES

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. 1 FRAUD RISK MITIGATION MEASURES At ASSOCHAM National Conference on Enhancing Transparency & Accountability in Corporate India April 21, 2010 N K Jain Secretary & CEO Fraud Risk Mitigation Measures Fraud Risk Mitigation Measures

2. 2 Personal Integrity –Extinct Human Trait Be good for goodness sake My Word is My Bond The occasion reminded me of an old “Christmas Song” “be good for goodness sake.” Being good is having commonsense to know how to treat stakeholders decently. It in fact does so much more than just making good business sense. The theme of the conference also reminded me of old day’s famous motto “My Word is My Bond.” It reflects a guarantee of the integrity of a person- Sadly it does not have much currency today. The concept of ethics with its connotation of values and widely accepted standards of behaviour lost their glamour today.The occasion reminded me of an old “Christmas Song” “be good for goodness sake.” Being good is having commonsense to know how to treat stakeholders decently. It in fact does so much more than just making good business sense. The theme of the conference also reminded me of old day’s famous motto “My Word is My Bond.” It reflects a guarantee of the integrity of a person- Sadly it does not have much currency today. The concept of ethics with its connotation of values and widely accepted standards of behaviour lost their glamour today.

3. 3 Sharp Media Scrutiny Deteriorating Ethical Standards Examples of Widespread unethical Behavior Perhaps, we all feel disheartened when we look at daily newspapers., Not a single day seems to go by without some reference to a breakdown in ethical behaviour and personal integrity. There are many examples of widespread unethical behaviour nationally and internationally. Enron, Anderson, Worldcom and Satyam are now infamous names. What story will tomorrow’s newspaper bring?You never know. I have to admit that, over the thirty five years that I have spent in corporate sector; ethical standards have certainly not improved and indeed may have worsened. The deteriorating ethical standards is perhaps the only reason, only tempting force behind frauds and mis-governance, in corporate world. Perhaps, we all feel disheartened when we look at daily newspapers., Not a single day seems to go by without some reference to a breakdown in ethical behaviour and personal integrity. There are many examples of widespread unethical behaviour nationally and internationally. Enron, Anderson, Worldcom and Satyam are now infamous names. What story will tomorrow’s newspaper bring?You never know. I have to admit that, over the thirty five years that I have spent in corporate sector; ethical standards have certainly not improved and indeed may have worsened. The deteriorating ethical standards is perhaps the only reason, only tempting force behind frauds and mis-governance, in corporate world.

4. 4 Regulatory Prescriptions – No panacea Values and personal integrity matters a lot than regulatory prescription No amount of regulatory prescription can stop recurrence of such delinquent behaviour as it is more a matter of ethics, values and personal integrity than the regulatory prescriptions. There is therefore a clear need for improving the ethical system to reach the level of good old day’s motto of “My Word is My Bond.” No amount of regulatory prescription can stop recurrence of such delinquent behaviour as it is more a matter of ethics, values and personal integrity than the regulatory prescriptions. There is therefore a clear need for improving the ethical system to reach the level of good old day’s motto of “My Word is My Bond.”

5. 5 Fraud Risk Fraud Risks are more of internal All organizations are subject to fraud risks. Large frauds have led to the downfall of entire organizations, massive investment losses, significant legal costs, imprisonment of key individuals, and erosion of good will and investor confidence. Publicized fraudulent behavior of key executives has adversely impacted the reputations, brands, and images of many organizations around the globe. So the impact of Fraud risk is huge. Most of internal frauds relate to - asset misappropriation (both cash and non cash), fraudulent statements (both financial and non-financial), Corruption (bribery and conflict of interest.All organizations are subject to fraud risks. Large frauds have led to the downfall of entire organizations, massive investment losses, significant legal costs, imprisonment of key individuals, and erosion of good will and investor confidence. Publicized fraudulent behavior of key executives has adversely impacted the reputations, brands, and images of many organizations around the globe. So the impact of Fraud risk is huge. Most of internal frauds relate to - asset misappropriation (both cash and non cash), fraudulent statements (both financial and non-financial), Corruption (bribery and conflict of interest.

6. 6 Fraud Risk Mitigation Ethical Attitude is Crucial Attitudes across the organisation Requirement of mapping of required and existing ethical standards Embedding of ethical standards into the culture of organisation Effective business ethics programmes for enhancing ethical attitude Friends, attitudes among employees, Senior Management, Board members often lay the foundation for a high or low fraud risk environment. Organisations is required to take the time to consider where they stand on ethical issues and filling up of gaps in these issues would bring long term benefi ts as customers, suppliers, employees and the community realise that they are dealing with a trustworthy organisation.. Ethical behaviour is embedded within the culture of an organization. Commitment from senior Management percolate down to several layers. Effective business ethics programmes help in preventing, detecting and deterring fraudulent acts. The Board of Directors should ensure that the board itself is governed properly. The board is also responsible for ensuring effective fraud risk management system within the organization. The Audit Committee of the Board should have a proactive approach to fraud risk management. The fraud risk mitigation within the organisation has to reiterate the commitment of organisation to high legal, ethical and moral standards in all its activities and its approaches. The board should be absolutely committed in maintaining an honest, open and well intentioned atmosphere within the organisation. The Board of Directors should ensure that its own governance practices set the tone for fraud risk mitigation and that management implements policies that encourage ethical behaviour. Friends, attitudes among employees, Senior Management, Board members often lay the foundation for a high or low fraud risk environment. Organisations is required to take the time to consider where they stand on ethical issues and filling up of gaps in these issues would bring long term benefi ts as customers, suppliers, employees and the community realise that they are dealing with a trustworthy organisation.. Ethical behaviour is embedded within the culture of an organization. Commitment from senior Management percolate down to several layers. Effective business ethics programmes help in preventing, detecting and deterring fraudulent acts. The Board of Directors should ensure that the board itself is governed properly. The board is also responsible for ensuring effective fraud risk management system within the organization. The Audit Committee of the Board should have a proactive approach to fraud risk management. The fraud risk mitigation within the organisation has to reiterate the commitment of organisation to high legal, ethical and moral standards in all its activities and its approaches. The board should be absolutely committed in maintaining an honest, open and well intentioned atmosphere within the organisation. The Board of Directors should ensure that its own governance practices set the tone for fraud risk mitigation and that management implements policies that encourage ethical behaviour.

7. 7 KPMG Fraud Survey 2010 Ineffective control systems and diminishing ethical values are key contributors Volatile economic conditions coupled with increasing business and technological complexities have led to increased opportunities for fraud KPMG’s Forensic practice in India undertakes the India Fraud Survey once every two years since 1995 to provide India Inc. with insights into the degree of fraud awareness, nature of fraud risks, trends in fraudulent activities, and the required mitigation strategies. KPMG Fraud Survey Report 2010 reveals the rise in the incidence of fraud and ineffective control systems and diminishing ethical values have been found as key contributors to this trend. In addition, Volatile economic conditions coupled with increasing business and technological complexities have led to increased opportunities for fraud. KPMG’s Forensic practice in India undertakes the India Fraud Survey once every two years since 1995 to provide India Inc. with insights into the degree of fraud awareness, nature of fraud risks, trends in fraudulent activities, and the required mitigation strategies. KPMG Fraud Survey Report 2010 reveals the rise in the incidence of fraud and ineffective control systems and diminishing ethical values have been found as key contributors to this trend. In addition, Volatile economic conditions coupled with increasing business and technological complexities have led to increased opportunities for fraud.

8. 8 KPMG Fraud Survey 2010 Ineffective whistle-blowing systems Lack of objective and independent internal audit functions with forensic skills Inadequate oversight of senior management activities by the audit committee The survey cited Weak internal control systems, eroding ethical values and a reluctance on the part of the line managers to take decisive action against the perpetrators as the most vital underlying reasons for rising trends of frauds. Another important reason is desire to achieve / exceed targets and earnings of senior executives linked to financial performance are the reasons for senior management involvement in such frauds. Ineffective whistle-blowing systems, lack of objective and independent internal audit functions, inadequate oversight of senior management activities by the audit committee and weak regulatory environment have been found to be the reasons for growing worries in respect of financial statement fraud.The survey cited Weak internal control systems, eroding ethical values and a reluctance on the part of the line managers to take decisive action against the perpetrators as the most vital underlying reasons for rising trends of frauds. Another important reason is desire to achieve / exceed targets and earnings of senior executives linked to financial performance are the reasons for senior management involvement in such frauds. Ineffective whistle-blowing systems, lack of objective and independent internal audit functions, inadequate oversight of senior management activities by the audit committee and weak regulatory environment have been found to be the reasons for growing worries in respect of financial statement fraud.

9. 9 KPMG Fraud Survey 2010 Indian companies have a reactive approach to dealing with fraud Fraud risk management program should be a shared responsibility across the company board, senior management, internal audit and risk functions. Indian companies have a reactive approach to dealing with fraud. Even amongst those that do undertake a fraud risk assessment, the focus is more on financial frauds rather than a holistic assessment. It has been suggested that a fraud risk management program should be a shared responsibility across the company board, senior management, internal audit and risk functions.Indian companies have a reactive approach to dealing with fraud. Even amongst those that do undertake a fraud risk assessment, the focus is more on financial frauds rather than a holistic assessment. It has been suggested that a fraud risk management program should be a shared responsibility across the company board, senior management, internal audit and risk functions.

10. 10 KPMG Fraud Survey 2010 Strengthening of Corporate Governance and Fraud Risk Management are the mitigation tools for responding, detecting and preventing frauds. The report reveals that strengthening of Corproate Governance and Fraud Risk Management are the mitigation tools for responding, detecting and preventing frauds.The report reveals that strengthening of Corproate Governance and Fraud Risk Management are the mitigation tools for responding, detecting and preventing frauds.

11. 11 PricewaterhouseCoopers' Economic Crime Survey 2009 Percentage of Frauds detected through various tools Internal Audit - 17% Tip-off (internal) 16% Fraud Risk Management 14% By accident 13% Tip-off (External) 11% Whistle Blowing 7% Suspicious Transaction Reporting 5% Corporate Scrutiny 5% Rotation of personnel 5% Other Detection methods 4% By Law enforcement 3% Based on interviews with 5,400+ companies in 40+ countries, PWC Global Economic Crime Survey 2009 revealed that 30 percent of respondents reported suffering one or more significant economic crimes.  The global recession was cited for heightened risk of fraud by 40 percent of all respondents who said that their organisation faced greater risk of economic crime in the downturn.  Many respondents identified underlying business pressures related to the downturn as the motivation for rising fraud, citing difficulty in achieving business targets and fear of losing jobs. As per this survey internal audit remained key to the detection of fraud. Anti-fraud controls, especially risk management, were reported having detected more frauds.  Combination of an anti-fraud culture and effective anti-fraud controls, appears to be improving the detection of economic crime.     Based on interviews with 5,400+ companies in 40+ countries, PWC Global Economic Crime Survey 2009 revealed that 30 percent of respondents reported suffering one or more significant economic crimes.  The global recession was cited for heightened risk of fraud by 40 percent of all respondents who said that their organisation faced greater risk of economic crime in the downturn.  Many respondents identified underlying business pressures related to the downturn as the motivation for rising fraud, citing difficulty in achieving business targets and fear of losing jobs. As per this survey internal audit remained key to the detection of fraud. Anti-fraud controls, especially risk management, were reported having detected more frauds.  Combination of an anti-fraud culture and effective anti-fraud controls, appears to be improving the detection of economic crime.   

12. 12 key principles for proactively establishing an environment to effectively manage fraud risk. Here I would like to refer “Managing the Business Risk of Fraud”- A Practical Guide by The Institute of Internal Auditors, The Americal Institute of Certified Public Accountants, and Association of Certified Fraud Examiners. They believe that Only through diligent and ongoing effort can an organization protect itself against significant acts of fraud. They have identified certain Key principles for proactively establishing an environment to effectively manage an organization’s fraud risk. Here I would like to refer “Managing the Business Risk of Fraud”- A Practical Guide by The Institute of Internal Auditors, The Americal Institute of Certified Public Accountants, and Association of Certified Fraud Examiners. They believe that Only through diligent and ongoing effort can an organization protect itself against significant acts of fraud. They have identified certain Key principles for proactively establishing an environment to effectively manage an organization’s fraud risk.

13. 13 Principle 1 Need for fraud risk management program Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. Corporate governance has been defined in many ways, including “The system by which companies are directed and controlled,” and The process by which corporations are made responsive to the rights and wishes of stakeholders.” Corporate governance is also the manner in which management and those charged with oversight accountability meet their obligations and fiduciary responsibilities to stakeholders. Some organizations have developed corporate cultures that encompass strong board governance practice. These corporate cultures also include board assurance of business ethics considerations in hiring, evaluation, promotion, and remuneration policies for employees as well as in all aspects of their relationships with customers, vendors, and other business stakeholders. Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. Corporate governance has been defined in many ways, including “The system by which companies are directed and controlled,” and The process by which corporations are made responsive to the rights and wishes of stakeholders.” Corporate governance is also the manner in which management and those charged with oversight accountability meet their obligations and fiduciary responsibilities to stakeholders. Some organizations have developed corporate cultures that encompass strong board governance practice. These corporate cultures also include board assurance of business ethics considerations in hiring, evaluation, promotion, and remuneration policies for employees as well as in all aspects of their relationships with customers, vendors, and other business stakeholders.

14. 14 Principle 2 Periodical Assessment of Fraud risk exposure Principle 2:Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Organizations can identify and assess fraud risks in conjunction with an overall enterprise risk assessment or on a stand-alone basis. The foundation of an effective fraud risk management program should be seen as a component of a larger enterprise risk management (ERM) effort and is rooted in a risk assessment that identifies where fraud may occur and who the perpetrators might be. A fraud risk assessment generally includes three key elements: • Identifing inherent fraud risk — Gather information to obtain the population of fraud risks that could apply to the organization. Included in this process is the explicit consideration of all types of fraud schemes and scenarios; incentives, pressures, and opportunities to commit fraud; and IT fraud risks specific to the organization. • Assess likelihood and significance of inherent fraud risk — Assess the relative likelihood and potential significance of identified fraud risks based on historical information, known fraud schemes, and interviews with staff, including business process owners. • Respond to reasonably likely and significant inherent and residual fraud risks — Decide what the response should be to address the identified risks and perform a cost-benefit analysis of fraud risks over which the organization wants to implement controls or specific fraud detection procedures. Principle 2:Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Organizations can identify and assess fraud risks in conjunction with an overall enterprise risk assessment or on a stand-alone basis. The foundation of an effective fraud risk management program should be seen as a component of a larger enterprise risk management (ERM) effort and is rooted in a risk assessment that identifies where fraud may occur and who the perpetrators might be. A fraud risk assessment generally includes three key elements: • Identifing inherent fraud risk — Gather information to obtain the population of fraud risks that could apply to the organization. Included in this process is the explicit consideration of all types of fraud schemes and scenarios; incentives, pressures, and opportunities to commit fraud; and IT fraud risks specific to the organization. • Assess likelihood and significance of inherent fraud risk — Assess the relative likelihood and potential significance of identified fraud risks based on historical information, known fraud schemes, and interviews with staff, including business process owners. • Respond to reasonably likely and significant inherent and residual fraud risks — Decide what the response should be to address the identified risks and perform a cost-benefit analysis of fraud risks over which the organization wants to implement controls or specific fraud detection procedures.

15. 15 Principle 3 Need for Prevention techniques to avoid potential key fraud risk events Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. Prevention is the most proactive fraud-mitigation measure. The design and implementation of control activities should be a coordinated effort spearheaded by management with an assembled cast of employees. Collectively, this cross section of the organization should be able to address all of the identified risks, design and implement the control activities, and ensure that the techniques used are adequate to prevent fraud from occurring in accordance with the organization’s risk tolerance. Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. Prevention is the most proactive fraud-mitigation measure. The design and implementation of control activities should be a coordinated effort spearheaded by management with an assembled cast of employees. Collectively, this cross section of the organization should be able to address all of the identified risks, design and implement the control activities, and ensure that the techniques used are adequate to prevent fraud from occurring in accordance with the organization’s risk tolerance.

16. 16 Principle 4 Need to Establish Detection techniques Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Whistle Blower hotlines, Documentation of Fraud detection techniques, continuous monitoring would help in this regard. Having effective detective controls in place is one of the strongest deterrents to fraudulent behavior. Used in tandem with preventive controls, detection controls enhance a fraud risk management program’s effectiveness by providing evidence that preventive controls are working as intended and identifying fraud that occurs. Organizations can never eliminate the risk of fraud entirely. There are always people who are motivated to commit fraud, and an opportunity can arise for someone in any organization to override a control or collude with others to do so. Therefore, detection techniques should be flexible, adaptable, and continuously changing to meet the various changes in risk. Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Whistle Blower hotlines, Documentation of Fraud detection techniques, continuous monitoring would help in this regard. Having effective detective controls in place is one of the strongest deterrents to fraudulent behavior. Used in tandem with preventive controls, detection controls enhance a fraud risk management program’s effectiveness by providing evidence that preventive controls are working as intended and identifying fraud that occurs. Organizations can never eliminate the risk of fraud entirely. There are always people who are motivated to commit fraud, and an opportunity can arise for someone in any organization to override a control or collude with others to do so. Therefore, detection techniques should be flexible, adaptable, and continuously changing to meet the various changes in risk.

17. 17 Principle 5 Need for Reporting Process Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. Here it involves receiving the allegation, evaluating the allegation, investigation protocols, reporting the results and corrective actions takes place. It is essential that any violations, deviations, or other breaches of the code of conduct or controls, regardless of where in the organization, or by whom, they are committed, be reported and dealt with in a timely manner. Appropriate punishment must be imposed, The board should ensure that the same rules are applied at all levels of the organization, including senior management. Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. Here it involves receiving the allegation, evaluating the allegation, investigation protocols, reporting the results and corrective actions takes place. It is essential that any violations, deviations, or other breaches of the code of conduct or controls, regardless of where in the organization, or by whom, they are committed, be reported and dealt with in a timely manner. Appropriate punishment must be imposed, The board should ensure that the same rules are applied at all levels of the organization, including senior management.

18. 18 Indian Examples Infosys has Enterprise-wide Fraud Management Framework with respect to payments ACC Limited Has fraud Risk Management Policy Fraud Risk Management Committee Ambuja Cements Has fraud Risk Management Policy Fraud Risk Management Committee HCL’s Risk Management policy covers Fraud Risks ACC/Ambuja This policy aims to protect the brand, reputation and assets of the Company from loss or damage, resulting from suspected or confirmed incidents of fraud / misconduct. The policy provides guidance to all employees (including third parties) on reporting any suspicious activity and handling critical information and evidence. The Fraud Risk Management Policy helps to strengthen the existing anti-fraud culture by raising the awareness across the Company and: • Promote an open communication culture • Promote zero tolerance to fraud / misconduct • Encourage all employees to report suspicious cases of fraud / misconduct (it will be ensured that no employee is discriminated or unfairly treated for reporting such cases) • Spread awareness amongst employees and educate them on risks faced by the company The Board through this policy constitutes a Fraud Risk Management Committee (FRMC), which is responsible for investigating all complaints of dishonest behavior, fraud or misconduct and taking suitable actions as per company’s disciplinary procedures. ACC/Ambuja This policy aims to protect the brand, reputation and assets of the Company from loss or damage, resulting from suspected or confirmed incidents of fraud / misconduct. The policy provides guidance to all employees (including third parties) on reporting any suspicious activity and handling critical information and evidence. The Fraud Risk Management Policy helps to strengthen the existing anti-fraud culture by raising the awareness across the Company and: • Promote an open communication culture • Promote zero tolerance to fraud / misconduct • Encourage all employees to report suspicious cases of fraud / misconduct (it will be ensured that no employee is discriminated or unfairly treated for reporting such cases) • Spread awareness amongst employees and educate them on risks faced by the company The Board through this policy constitutes a Fraud Risk Management Committee (FRMC), which is responsible for investigating all complaints of dishonest behavior, fraud or misconduct and taking suitable actions as per company’s disciplinary procedures.

19. 19 Proactive Approach towards Fraud Risk A proactive approach to mitigate fraud risk is one of the best steps Effective Fraud Risk Management System is Essential A proactive approach to managing fraud risk is one of the best steps organizations can take to mitigate exposure to fraudulent activities. Although complete elimination of all fraud risk is most likely unachievable or uneconomical, organizations can take positive and constructive steps to reduce their exposure. The combination of effective fraud risk governance, a thorough fraud risk assessment, strong fraud prevention and detection (including specific anti-fraud control processes), as well as coordinated and timely investigations and corrective actions, can significantly mitigate fraud risks. Although fraud is not a subject that any organization wants to deal with, the reality is most organizations experience fraud to some degree. It is important to note that dealing with fraud can be constructive, and forward-thinking, and can position an organization in a leadership role within its industry or business segment. Strong, effective, and well-run organizations exist because management takes proactive steps to anticipate issues before they occur and to take action to prevent undesired results. It should be recognized that the dynamics of any organization require an ongoing reassessment of fraud exposures and responses in light of the changing environment the organization encounters.A proactive approach to managing fraud risk is one of the best steps organizations can take to mitigate exposure to fraudulent activities. Although complete elimination of all fraud risk is most likely unachievable or uneconomical, organizations can take positive and constructive steps to reduce their exposure. The combination of effective fraud risk governance, a thorough fraud risk assessment, strong fraud prevention and detection (including specific anti-fraud control processes), as well as coordinated and timely investigations and corrective actions, can significantly mitigate fraud risks. Although fraud is not a subject that any organization wants to deal with, the reality is most organizations experience fraud to some degree. It is important to note that dealing with fraud can be constructive, and forward-thinking, and can position an organization in a leadership role within its industry or business segment. Strong, effective, and well-run organizations exist because management takes proactive steps to anticipate issues before they occur and to take action to prevent undesired results. It should be recognized that the dynamics of any organization require an ongoing reassessment of fraud exposures and responses in light of the changing environment the organization encounters.

20. 20 Thank you

  • Login