Fraud l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 45

Fraud PowerPoint PPT Presentation


  • 168 Views
  • Updated On :
  • Presentation posted in: General

Fraud. The Environment of Fraud Preventing Internal Fraud External Fraud. Acknowledgments. Material is from: Essentials of Corporate Fraud, T L Coenen, John Wiley & Sons, 2008 The Art of the Steal, Frank Abignale, Broadway Books, 2001 CISA Review Manual, 2009

Download Presentation

Fraud

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Fraud l.jpg

Fraud

The Environment of Fraud

Preventing Internal Fraud

External Fraud


Acknowledgments l.jpg

Acknowledgments

Material is from:

  • Essentials of Corporate Fraud, T L Coenen, John Wiley & Sons, 2008

  • The Art of the Steal, Frank Abignale, Broadway Books, 2001

  • CISA Review Manual, 2009

  • Check Fraud: A Guide to Avoiding Losses

  • The Art of Deception, Mitnick & Simon, Wiley & Sons, 2002

    Author: Susan J Lincke, PhD

    Univ. of Wisconsin-Parkside

    Reviewers:

    Funded by National Science Foundation (NSF) Course, Curriculum and Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit, Case Study, and Service Learning.

    Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and/or source(s) and do not necessarily reflect the views of the National Science Foundation.


The problem l.jpg

The Problem

  • Organizations lose 5-6% of revenue annually due to internal fraud = $652 Billion in U.S. (2006)

  • Average scheme lasts 18 months, costs $159,000

  • 25% costs exceed $1M

  • Smaller companies suffer greater average $ losses than large companies

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Internal or occupational fraud l.jpg

Internal or Occupational Fraud

Definition

  • Violates the employee’s fiduciary responsibility to employer

  • Is done secretly and is concealed

  • Is done to achieve a direct or indirect benefit

  • Costs the organization assets, revenue, or opportunity

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Fraud categories l.jpg

Fraud Categories


Vocabulary l.jpg

Vocabulary

Skimming: Taking funds before they are recorded into company records

Cash Larceny: Taking funds (e.g., check) that company recorded as going to another party

Lapping: Theft is covered with another person’s check (and so on)

Check Tampering: Forged or altered check for gain

Shell Company: Payments made to fake company

Payroll Manipulation: Ghost employees, falsified hours, understated leave/vacation time

Fraudulent Write-off: Useful assets written off as junk

Collusion: Two or more employees or employee & vendor defraud together

False Shipping Orders or Missing/Defective Receiving Record: Inventory theft

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Legal considerations of fraud l.jpg

Legal Considerations of Fraud

  • Intentionally false representation

    • Not an error

    • Lying or concealing actions

    • Pattern of unethical behavior

  • Personal material benefit

  • Organizational or victim loss

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Key elements of fraud l.jpg

Key Elements of Fraud

Motivation: Need or perceived need

Opportunity: Access to assets, information, computers, people

Rationalization: Justification for action

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


How fraud is discovered l.jpg

How Fraud is Discovered

Some fraud is discovered via multiple reporting methods,

Thus results do not sum to 100%

Tips come from Employee 64%, Anonymous 18%, Customer 11%, Vendor 7%

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


After fraud discovered l.jpg

After Fraud Discovered

Discipline -

May include

repayment

Termination

of Employment

Civil or Criminal

legal action

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Who does fraud l.jpg

Who Does Fraud?

  • Most $$$ internal frauds committed by longer-tenured, older, and more educated staff

  • Executives commit most expensive fraud: $1M

    • 4.5 times more expensive than managers: $218K

    • 13 times more expensive than line employees

  • Men & women commit fraud in nearly equal proportions, but men’s are more expensive:

    • Men’s average: $250k (or 4x)

    • Women’s average: $120k

  • 92% have no criminal convictions related to fraud

  • To steal a lot of money, you must have a position of power and access: highly degreed > HS grad, older > younger people

  • Collusion dramatically increases duration and $ loss for fraud

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Discussion points l.jpg

Discussion Points

  • What types of fraud could computer programmers or system administrators commit?

  • For each type of fraud, what methods may help to prevent such fraud?


Example 1 financial statement fraud l.jpg

Example 1:Financial Statement Fraud

Dunlap of Sunbeam had such high expectations that employees needed to meet the standards or be fired. To meet his high standards, it was necessary to play the game, and financial statement fraud was accepted.

Methods of such fraud may include: manual adjustments to accounts or improper accounting procedures

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Example 2 corruption l.jpg

Example 2: Corruption

The Chief Financial Officer had divisional controllers who oversaw various regions. When one controller left, the CFO permanently took over her responsibilities. Checks and balances between the two positions were violated, and the CFO was able to embezzle from the company.

Temporary assumption of some responsibilities may have been acceptable

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Example 3 asset misappropriation l.jpg

Example 3: Asset Misappropriation

A manager took money from one account, and when payment was due, paid via another account. When that was due, she paid via a third account, etc.

This lapping went on for years and was finally caught when a sickness resulted in her being absent from work for an extended period.

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Detecting preventing fraud l.jpg

Detecting & Preventing Fraud

How to Recognize Fraud

How to Prevent Fraud

Info. Systems Applications

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Fraud audit l.jpg

Fraud & Audit

  • Audits are not designed to detect fraud

  • Goal: Determine whether the financial statement is free from material misstatements.

  • Auditors test only a small fraction of transactions

  • Auditors must:

    • Be aware of the potential of fraud

    • Discuss how fraud could occur

    • Delve into suspicious observations and report them

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Red flags l.jpg

Red Flags

  • Significant change in lifestyle: New wealth

  • Financial difficulties may create need

    • Gambling or drug addiction

    • Infidelity is an expensive habit

  • Criminal background

  • Chronic legal problems: person looks for trouble

  • Dishonest behavior in other parts of life

  • Beat the system: Break rules commonly

  • Chronically dissatisfaction with job

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Work habits of fraudsters l.jpg

Work Habits of Fraudsters

One or more:

  • Justifying poor work habits

  • Desperately trying to meet performance goals

  • Over-protective of certain documents (poor sharing or avoids documentation)

  • Refusal to swap job duties

  • Consistently at work in off-time (early or late) or never absent

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Potential transaction red flags l.jpg

Potential Transaction Red Flags

Unusual transactions:

  • Unusual timing, too frequent or infrequent

  • Unusual amount: too much or too little

  • Unusual participant: involves unknown or closely-related party

  • Voided checks or receipts, with no explanation

  • Insufficient supervision

  • Pattern of adjustments to accounts

  • Different addresses for same vendor, or vendors with similar names

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Fraud control types l.jpg

Fraud Control Types

Time of

Fraud

After Fraud

Before Fraud:

***BEST***

Corrective

Controls:

Fix problems

and prevent

future problems

Includes:

Punishment->

Amend controls

Detective Controls:

Finding fraud when it occurs

Includes:

Anonymous hotline*->

Surprise audits*->

Monitoring activities->

Complaint or fraud

investigation

Preventive Controls**:

Preventing fraud

Includes:

Risk assessment

Develop internal controls

Physical security & data security

Authorization (Passwords, etc)

Segregation of duties

Fraud education


Techniques to discourage fraud l.jpg

Techniques to Discourage Fraud

Realistic job expectations

Adequate pay

Training in job duties

Trained in policies

and procedures

Policy enforcement

Sr. Mgmt models

ethical behavior

to customers, vendors,

employees, share

holders

Segregation of duties

Checks and balances

Job rotation

Physical security of assets

Background checks

Mandatory vacations

Examination of required documentation

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Segregation of duties l.jpg

Segregation of Duties

Authorization

Distribution

Approves

Acts on

Double-checks

Origination

Verification

CISA Review Manual 2009


Compensating controls l.jpg

Compensating Controls

When Segregation of Duties not possible, use:

  • Audit Trails

  • Transaction Logs: Record of all transactions in a batch

  • Reconciliation: Ensure transaction batches are not modified during processing

  • Exception reporting: Track rejected and/or exceptional (non-standard) transactions

  • Supervisory or Independent Reviews

    Separation of duties: authorization, distribution, verification

CISA Review Manual 2009


Software to detect fraud l.jpg

Software to Detect Fraud

  • Provide reports for customer credits, adjustment accounts, inventory spoilage or loss, fixed-asset write-offs.

  • Detect unusual anomalies such as unusual amounts or patterns

  • Compare vendor addresses and phone numbers with employee data

  • Use Range or Limit Validation to detect fraudulent transactions

  • Logged computer activity, login or password attempts, data access attempts, and geographical location data access.

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Red flags software can detect l.jpg

Red flags software can detect

  • Out-of-sequence checks

  • Large number of voids or refunds made by employee or customer

  • Manually prepared checks from large company

  • Payments sent to nonstandard (unofficial) address

  • Unexplained changes in vendor activity

  • Vendors with similar names or addresses

  • Unapproved vendor or new vendor with high activity

Essentials of Corporate Fraud, T L Coenen, 2008, John Wiley & Sons


Encourage security in it departments l.jpg

Encourage Security in IT Departments

  • Physical security

  • Segregation of duties

  • Employee monitoring

  • Surprise audits

  • Job rotation

  • Examination of Documentation

Quality

Assurance

Programmer

Analyst

Business

Analyst


Business application checks l.jpg

Business Application Checks

  • Checks locked up; access restricted

  • Physical inventory of checks at least every quarter

  • New accounts payable vendors’ existence and address double-checked by management

  • Returned checks sent to PO Box and evaluated by someone independent of Accts Payable

The Art of the Steal, Frank Abignale, Broadway Books 2001


Question l.jpg

Question

What is the MOST effective means of preventing fraud?

  • Effective internal controls

  • Fraud training program

  • Fraud hotline

  • Punishment when fraud is discovered


Question30 l.jpg

Question

A woman in the accounting department set up a vendor file with her own initials, and was able to steal more than $4 M after 3 years. The auditor should have found that:

  • The vendor was a phony company

  • Purchases from the vendor did not result in inventory received

  • The initials for the vendor matched an employee in the accounting dept.

  • Management did not authorize new vendors with a separate phone call


Question31 l.jpg

Question

What is: Origination, Authorization, Distribution, Verification?

  • Four stages of software release

  • Recommended authority allocations for access control

  • Stages for development of a Biometric Identity Management System (BIMS)

  • Categories for Segregation of Duties


External fraud l.jpg

External Fraud

Social Engineering

Check Fraud

Other Scams

From: The Art of the Steal, Frank Abignale, Broadway Books 2001 & Check Fraud: A Guide to Avoiding Losses


Social engineering i l.jpg

Social Engineering I

Email:

  • The first 500 people to register at our Web site will win free tickets to …

  • Please provide company email address and choose a password

  • You received a message from Facebook. Follow this link … log in.

  • Social engineering: Getting people to do something they would not ordinarily do for a stranger

  • Social engineering is nearly 100% effective

The Art of Deception, Mitnick & Simon, Wiley, 2002


Social engineering ii l.jpg

Social Engineering II

Telephone call from ‘IT’:

  • Some company computers have been infected with a virus that the anti-virus software cannot fix. Let me walk you through the fix…

  • We need to test a new utility to change your password…


Social engineering iii l.jpg

Social Engineering III

Phone call 1:

  • “I had a great experience at your store. Can you tell me manager’s name, address?”

    Phone call 2:

  • “This is John from X. I got a call from Alice at your site wanting me to fax a sig-card. She left a fax number but I can’t read it can you tell me? What is the code?

  • “You should be telling me the code…”

  • “That’s ok, it can wait. I am leaving but Alice won’t get her information…”

  • “The code is … “

    Phone call or fax 3:

  • “I need … Code is …”


Social engineering techniques l.jpg

Social Engineering Techniques

  • Learns insider vocabulary and/or personnel names

  • Pretends legit insider: “I am <VP, IT, other branch, other dept>. Can you …?”

  • Pretends real transaction:

    • Helping: I am in trouble <or> you need help due to …

    • <My,Your> computer is <virused, broke, busy, don’t have one>. Can you <do, tell me> …?

    • Deception: Hides real question among others.

  • Establishes relationship: Uses friendliness to gain trust for future tasks

The Art of Decption, Mitnick & Simon, Wiley 2002


Combating social engineering l.jpg

Verification Procedure

Verify requester is who they claim to be

Verify the requester is currently employed in the position claimed.

Verify role is authorized for request

Record transaction

Organization security

Data classification defines treatment

Policies define guidelines for employee behavior

Employees trained in roles, need-to-know, and policies

Combating Social Engineering


Fraud statistics l.jpg

Fraud Statistics

  • Businesses lose $400 Billion a year in fraud = 2 x US military budget

  • 1/3 of $400B is embezzlement = employees stealing from employer

  • Next highest sources (KPMG 2000)

    • Check forgery

    • Credit cards

    • Fake invoices

    • Theft

  • $350 Billion for counterfeit goods

The Art of the Steal, Frank W Abagnale, Broadway Books 2001


Check fraud examples l.jpg

Check Fraud Examples

Altered Checks: Chemicals are used to erase the payee or amount, then re-printed OR check is appended to.

  • An Argentinian modified a ticket-overpayment refund check from Miami, changing a $2 check to $1.45 Million

    Counterfeit Checks or Identity Assumption

  • Someone in your checkout line views your check, or does yard work for you

  • Fishes in a business’s in-mailbox or home’s out-mail for a check

  • Checks can be purchased on-line or mail order

    Telemarketing Fraud:

  • “You’ve won a prize” or “Would you like to open a VISA?” “Now give me your account information.”

    Hot Check: “Insufficient Funds”

  • 90% of ‘insufficient funds’ checks are numbered between 101 and 200

  • account opening year is printed on check

The Art of the Steal, Frank W Abagnale, Broadway Books 2001


Be careful printing checks l.jpg

Be Careful Printing Checks!

  • Paychecks & Accounts Payable should not be printed on blank check paper

  • Laser printer is non-impact (ink does not go into paper but sits on top)

    • Easy to remove printing

    • ‘Laser Lock’ or ‘Toner Lock’ seals laser printing

  • Matrix printer puts ink into the paper

    • Chemical ‘washing’ removes the print

  • Good Practices

    • Use larger printing: 12 font

    • Reverse toner in software: white on black

    • Control check stock and guard checks

    • Check your bank statements – you have 30 days

The Art of the Steal, Frank W Abagnale, Broadway Books 2001


Check security features l.jpg

Check Security Features

Watermark: Subtle design viewable at 45-degree angle toward light. Cannot be photo-copied

Void Pantograph: Background pattern of checks. When photo-copied, the background patter disappears or prints ‘VOID’

Chemical Voids: When check is treated with eradicator chemical, the word VOID appears

Microprinting: When magnified, the signature or check border appears to be written words. The resolution is too fine for a photo-copier

3-Dim. Reflective Holostripe: Metallic stripe contains at least one hologram, similar to credit card.

Security ink: React to eradication chemicals, distorting check

Thermochromic Ink: Ink reacts to heat and moisture by fading and reappearing

Check Fraud: A Guide to Avoiding Losses


Processing money orders l.jpg

Processing Money Orders

  • Money order information provides info on a ready checking account

  • Non-negotiable incoming wire account prevents out-going checks

I would like to send you a money order. What is your account number?

THANK YOU SO MUCH!!!

The Art of the Steal, Frank W Abagnale, Broadway Books, 2001


Fraud scams l.jpg

Fraud Scams

  • Get a receipt from the trash, ‘return’ a product

  • Copy gift certificate and cash in at multiple locations

  • Markdown sale prices reimbursed with receipt – copied and collected at multiple locations

  • Fake UPC numbers to pay low prices then return at higher price. If receipt total is sufficient, scam may work.

The Art of the Steal, Frank W Abagnale, Broadway Books 2001


Preventing scams l.jpg

Preventing Scams

  • Receipts must have security marks on them (e.g., two-colored ink on special paper, or better: thermochromatic ink)

  • Line-item detail on receipts and sales records in company database

  • Garbage bins which may receive receipts should be protected from access (e.g., bank garbage bins)

  • Register gift certificates – unique numbers

  • Shredders should be used for any sensitive information

  • Protect against shoulder surfing or device attachment for card readers

The Art of the Steal, Frank W Abagnale, Broadway Books 2001


Study questions l.jpg

Study Questions

  • What are the key elements of fraud, and what techniques can be used to counteract these key elements?

  • What are the three categories of fraud?

  • What are the legal considerations of fraud?

  • Who commits fraud, and who commits the most expensive fraud?

  • What are the red flags of potential fraud?

  • How does social engineering occur, and how can it be prevented?

  • Apply the concept of segregation of duties.


  • Login