slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Fraud Risk Assessment: Think Like a ‘Demon’ & Add IA Value PowerPoint Presentation
Download Presentation
Fraud Risk Assessment: Think Like a ‘Demon’ & Add IA Value

Loading in 2 Seconds...

play fullscreen
1 / 37

Fraud Risk Assessment: Think Like a ‘Demon’ & Add IA Value - PowerPoint PPT Presentation


  • 167 Views
  • Uploaded on

The Institute of Internal Auditor Los Angeles Chapter. Annual Fraud Conference. Fraud Risk Assessment: Think Like a ‘Demon’ & Add IA Value. April 10, 2013 2:30p – 3:30p. Mark P. Ruppert CPA, CIA, CISA, CHFP, CHC Director, Internal Audit (CAE). Fraud Risk Assessment.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Fraud Risk Assessment: Think Like a ‘Demon’ & Add IA Value' - blaise


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

The Institute of Internal Auditor Los Angeles Chapter

Annual Fraud Conference

Fraud Risk Assessment:

Think Like a ‘Demon’ & Add IA Value

April 10, 2013

2:30p – 3:30p

Mark P. RuppertCPA, CIA, CISA, CHFP, CHC

Director, Internal Audit (CAE)

fraud risk assessment
Fraud Risk Assessment

IA Perspective on Fraud Risk

Why Care? Why Consider Fraud Risk?

What is Fraud Risk?

Engaging Management in the Fraud Risk Discussion:

  • Fraud Risk Assessment
  • ‘Angels & Demons’ Data Collection Exercise

Incorporating Fraud Risk into Internal Audit Work Plans

Addressing Fraud Risk on an Ongoing Basis and in Individual Audits

  • IA Perspective on Fraud Risk
  • Why Care? Why Consider Fraud Risk?
  • What is Fraud Risk?
  • Engaging Management in the Fraud Risk Discussion:
        • Fraud Risk Assessment
        • ‘Angels & Demons’ Data Collection Exercise
  • Incorporating Fraud Risk into Internal Audit Work Plans
  • Addressing Fraud Risk on an Ongoing Basis and in Individual Audits

2

ia s perspective fraud risk
IA’s Perspective: Fraud Risk

Heightened Risk & Challenge:

  • IIA professional standards
  • Ever increasing legal & compliance requirements
  • Management and Board expectations
  • High risk environment for fraud, corruption & abuse
  • Ever increasing ingenuity on the part of fraudsters

Huge IA Opportunity:

  • Get a better sense of management intuition around fraud matters
  • Improve organization’s financial performance
  • Protect brand value and professional reputation
  • Mitigate criminal, regulatory and civil legal risk
  • Enhance IA prestige/relevance
slide4

Fraud Risk AssessmentWhy?

  • Federal Sentencing Guidelines require that compliance programs:
    • address specific areas of potential fraud
    • use audits and/or other risk evaluation techniques to monitor compliance and assist in the reduction of identified problem areas

4

slide5

Fraud Risk AssessmentWhy?

United States Sentencing Guidelines (USSG)

  • Effective 11/2004 = USSG amended to provide greater guidance regarding compliance program criteria for an effective program to prevent and detect violations of the law:
  • (USSC Guidelines Manual §8B2.1. Effective Compliance and Ethics Program)

(a)(1) exercise due diligence to prevent and detect criminal conduct

(a)(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law

        • (b)(1)Establish standards and procedures to prevent and detect criminal conduct

(c) periodically assess the risk of criminal conduct and take appropriate steps to…..to reduce the risk of criminal conduct identified

5

slide6

Fraud Risk AssessmentWhy?

Like Compliance Professionals, Internal Audit Professionals must also address fraud risk…

IIA Standards and Fraud Practice Guide Emphasize Internal Audit’s Role in Addressing Fraud

  • Antifraud Programs & Controls Assessment: Must evaluate how organization manages risk (IIA Standard 2120)
  • Fraud Risk Assessment: CAE must report periodically to management /board on significant fraud risk exposures (IIA Standard 2060)
  • Individual Audits: Must consider fraud when developing engagement objectives (IIA Standards 1220, 2210)
  • Proficiency: Evaluate the risk of fraud & the manner in which it is managed by the organization(IIA Standard 1210)

6

slide7

Fraud Risk AssessmentWhy?

Look at what companies are saying! -- 2010 Global Fraud Trends*

  • % of survey respondents hit by fraud in past year = 88%
    • More “viruses” than “diseases”: under $100M
  • “Fraudsters’ take” = increased 20% from 2009
    • Up to $1.4M per $1B sales
  • Theft of information and electronic data = #1 reported fraud
    • Overtakes Physical Theft for first time
    • #3 & #4= Management Conflict of Interest, Vendor/Supplier Fraud
  • Fear of fraud is dissuading 48% of companies from operating in other countries
    • China & Africa = most affected (corruption #1 concern)
  • Companies appear unprepared for heightened FCPA enforcement and lack adequate understanding
    • 2005-2009: 60 DOJ cases (more than 1977-2005)
    • 2010: already 130 open cases
  • Fraud is largely an inside job
    • 44% employees, 11% agents/intermediaries
  • Industry Lens: Fraud Prevalence
    • Declining: Natural Resources, Construction, Health/Pharma/Bio, Travel, Manufacturing
    • Increasing: Financial, Professional Services, Tech/Media/Telecom, Retail, Consumer

* [Source: 2010 Global Fraud Survey – Economist Intelligence Unit/Kroll Consulting (www.kroll.com)]

slide8

Fraud Risk AssessmentWhy?

  • US government admits losing 10%of spending to fraud; US government realizes a $9.75 : 1 on fraud management
  • Effective fraud management produces 8:1 ROI for financial services industry
  • ACFE estimate: companies lose $1 trillion or 7% of revenue to misconduct
  • PwC GECS survey
    • 40% increase in fraud, before the recession
    • Controls paradox
  • Economist Intelligence Unit:85% of companies detected significant frauds over past 3 years)
    • 10% suffer >$100 million
    • Large companies - $23 million
    • Small companies - $8.2 million average loss

Don’t Forget Operational & PersonalImpact!

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

8

slide9

Fraud Risk AssessmentWhy?

To Address the Impact of Healthcare Reform:

Fed Unveils New Plan for Fraud Detection

  • The What: Enhanced enforcement requirements detailed in the reform law = Medicare, Medicaid and CHIP
  • The Why:
    • Medicare ‘Improper Payments’ in 2009: 8% of 4.5 million claims per day = $24 Billion
    • Goal to increase fraud detection and increase certainty of punishment
  • The Impact: Depending on provider type = more work, more expense, getting personal
    • Easier for CMS to suspend Medicare payments if credible fraud allegations & to prevent new enrollments in higher-risk service areas
  • The When:
    • Sept 2010: Proposed regs released (all 187 pages of it!)
    • Sept – Nov 2010: Comment period
    • March 2011: Implementation

* [Source: “Cracking Down”, Modern Healthcare – 9/27/10]

now more than ever compliance internal audit must have the fraud triangle in focus
Now More Than Ever, Compliance & Internal Audit Must Have the Fraud Triangle in Focus!!!
  • Incentives / Pressures
  • Loss avoidance
    • Job
    • Money
    • Prestige
  • Dissatisfaction with the company
  • Management & 3rd party pressures
  • Community relationships
  • Loss of health coverage
  • Long term unemployment
  • Rationalization
  • Job dissatisfaction
  • Family priorities
  • Health priorities
  • “Everybody else” syndrome
  • Self-denial of consequences to company
  • Temporary loans
  • Opportunity
  • Insufficient internal controls
  • “Survival” mode
  • External collaboration
  • Management over-ride
  • Internal collaboration
  • Corrupt business customs

If Economic Downturn is the “Perfect Storm” for Fraud and Waste, will an Upturn be Even More Perfect?

10

so why bother
So, Why Bother?

It makes good business sense!!

  • Demonstrate you administer an effective Compliance Program and Internal Audit Function by documenting an understanding of how and where fraud might occur.
  • Minimize revenue leakage, cut costs, and safeguard assets.
  • Safeguard company and employee reputation.
  • Avoid and/or reduce criminal, civil and regulatory penalties, should misconduct occur.
  • Help avoid/reduce government sanctions
  • Increase IA relevance and add value!

Detected Losses QUADRUPLE when Anti-Fraud Controls are Enhanced!

- pwc 2009 Global Economic Crime Survey

11

fraud risk defined applied
Fraud Risk: Defined / Applied

Fraud:(defined)

- Any intentional act committed to secure an unfair/unlawful gain

Fraud:(defined)

- Any intentional act committed to secure an unfair/unlawful gain

*

Federal Sentencing Guidelines:

- Intentnot required

“Apply the Fraud Lens to Enterprise Risks”

12

fraud risk types and categories leakage vs liability fraud
Fraud Risk: Types and Categories"Leakage” vs. “Liability” Fraud

GREEN Fraud= Leakage related activities, that when prevented or detected early, leads to improved financial results

(“Risk Type = “Opportunity” )

RED Fraud

= Liability related activities, that if not prevented, leads to government sanctions, and damage to brand value and reputation of individual members of the Board and senior management

(Risk Type = “Hazard”)

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

13

fraud risk types leakage expenditure leakage
Fraud Risk Types: “Leakage”Expenditure Leakage
  • Illustrations:
  • Orders from fictitious vendor
  • Kickbacks in return for allowing supplier to inflate price
  • Advertiser charges for advertising not delivered
  • Vendors/contractors charge for work not performed
  • “Double dips” on p-card and credit card
  • Salesperson obtains reimbursement for fictitious travel expenses

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

14

fraud risk type liability unauthorized expenses disposal of assets
Fraud Risk Type: “Liability”Unauthorized Expenses / Disposal of Assets
  • Illustrations:
  • Payments to public officials for permits or patents
  • Payments to public officials for patents
  • Gifts to public officials to evade taxes
  • Payments to agents to facilitate sales
  • Illegal disposal of goods/waste

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

15

fraud risk assessment1
Fraud Risk Assessment

A comprehensive fraud risk assessment (FRA) is critical to the effectiveness of an organization’s overall antifraud programs and controls.

An FRAexpands upon traditional risk assessment. It is scheme and scenario based.

The assessment considers the various ways that fraud and misconduct can occur by and against the company.

The execution of the assessment requires:

Internal Audit to:

“Think out of the box”!

Get creative and get out into/work with the business!

Management to:

Be participative in the process

Openly share schemes, scenarios, concerns, events

Reinforces risk and the control ownership!

16

fraud risk assessment a five component process

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Fraud Risk Assessment: A Five Component Process

Assess Antifraud Programs and Controls against PwC Framework

Inventory of High Impact Scenarios & Evaluate Existing Response

Inventory of High Impact Scenarios & Evaluate Existing Response

  • Practical Execution – Theory to Practice:
      • Approach
      • Challenges
      • Benefits
      • Lessons learned

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

identifying significant fraud risk exposures planning

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Planning

Assess Antifraud Programs and Controls against PwC Framework

Inventory of High Impact Scenarios & Evaluate Existing Response

  • Assemble team
  • Consider scope and objectives
    • Overall antifraud program assessment
    • Categories of fraud and depth within organization
    • Controls evaluation
    • Risk response
    • Use and sustainability
  • Design process
    • Format of deliverable (e.g., PwC template)
    • Organize by business unit, function, geography or combination
    • Role and interviews of management
    • Sustainability
  • Cedars-Sinai Plan:
  • Board and senior management support built into internal audit plan and compliance work plan development and approval processes.
  • Combined Internal Audit and PwC resources including PwC SMEs in key areas.
  • Initial Internal Audit Team fraud risk discussion for full day.
  • Second phase, facilitated sessions with key director-level groups.
  • Roll results into annual planning processes and individual project processes for ongoing update.

18

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

identifying significant fraud risk exposures gaining senior management sponsorship

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Gaining Senior Management Sponsorship

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • Cedars-Sinai C-Suite Buy-In:
  • Internal Audit Planning and Compliance Work Plan processes involve the C-suite for input on risk and project selection.
  • Plans are approved by C-suite.
  • Plans presented to Audit Committee for review, input and approval.
  • Plans presented to Board for review, input and approval.
  • Formal meeting C-Suite meeting not held relative to kick off.
  • Vitally important that senior management embrace and sponsor the assessment
  • Senior management ideally would communicate to middle management the importance of the initiative (drafted by IA or Compliance)
  • Recommend an initial meeting with C-suite representatives to:
    • Explain business benefits of FRA process
    • Obtain their perspective of high impact monetary, compliance and financial reporting fraud risks
    • Seek input regarding making process efficient and effective

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

19

identifying significant fraud risk exposures evaluating antifraud program controls

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Evaluating Antifraud Program & Controls

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • Begin with high level assessment of how organization manages fraud risk (e.g., PwC Antifraud, Corruption and Misconduct Assessment Tool)
    • Self-Evaluation:“Where are we as an organization?”
  • Conductvalidation procedures as needed
  • Cedars-Sinai Assessment:
  • Internal Audit Team Assessment
  • PwC Tool
  • Overall Assessment Results:
    • Corporate Fraud Policy
    • Coordinated Investigation Resources
    • Consistency in Criminal Prosecution and Employee Discipline Decisions
    • High Level Fraud Risk & Individual Audit Fraud Risk Considerations

20

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

slide21

Identifying Significant Fraud Risk Exposures:

PwC Anti-Fraud Assessment Tool

21

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

predicting the unpredictable is key
Predicting the Unpredictable is Key!!
  • Think Like A Criminal When Assessing the Risk of Fraud, Corruption & Abuse!

How would a criminal manage your XYZ business unit?

What would happen if a criminal were a XYZ vendor or customer?

What if a criminal were hired as a XYZ associate?

What if a trusted employee begins to think like a criminal?

22

identifying significant fraud risk exposures create straw schemes list the what

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Create “Straw” Schemes List: “the What”

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • Create a list of inherent fraud risks
    • Inventory of common and sector specific fraud and abuse scenarios by selected process areas
    • Past allegations, suspicions and investigations
    • Industry research of frauds at other companies, organizational vendors, customers, etc
    • Brainstorming among business, compliance, internal audit and fraud experts
    • Operational, design and other deficiencies identified during business reviews, compliance monitoring activity and internal and external audits
  • Cedars-Sinai Inventory:
  • Upcoding; Claims for Services not Provided; A/R & Rate Manipulation / Outliers
  • Theft: Radiology Incident; Heparin Incident; EMTALA
  • Bribery: Siemens – 2008 global fraud
  • Imaging Room; Chillers; Data Manipulation; Vendor Relationships
  • Look at potential impact of identified control deficiencies; broken processes; significant hand-off requirements, etc.

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

23

identifying significant fraud risk exposures create straw schemes list the how

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Create “Straw” Schemes List: “the How”

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • Determine Fraud Risk Classifications
    • i.e. - Revenue, Expenditure, Reporting
  • Take your fraud risks and think/discuss HOW they could occur
    • Think SCHEMES and SCENARIOS!
    • Get creative!
    • Never mind controls!!
    • Utilize group facilitation sessions!
    • Create your master Gross Risk list
  • CSHS: practical application and lessons learned
  • Fraud classifications: Revenue, Expense or Reporting Impact
  • Brainstorm scenarios by organizational lines of authority and three impact areas
  • Director and Manager Level Focus Group Discussions; decision of with/without VP’s
  • Angels and Demons!!
  • Scribe

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

24

identifying significant fraud risk exposures narrow to significant residual risks

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Narrow to Significant Residual Risks

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • Narrow list to capture high impact vulnerabilities
    • Consider likelihood
    • Qualitative and quantitative impact, as well as, direct and indirect consequences
    • Establish thresholds (risk tolerance) to measure impact on reputation, operations, financial, legal, compliance, and strategic objectives
  • Consider the design of existing controls
  • Consider whether existing processes and controls are able to withstand intentional misconduct
  • Examine incentives pressures and opportunities to collude, circumvent and override
  • CSHS: practical application and lessons learned
  • Two Hour facilitated Sessions Necessary for:
      • Schemes
      • Likelihood & Impact
      • Controls
  • Director/Manager but not both
  • Scribe
  • Focus on Schemes (how it’s done – criminal perspective)
  • Common beliefs / identified schemes across sessions

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

25

identifying significant fraud schemes brainstorming exercises
Identifying Significant Fraud SchemesBrainstorming Exercises!!

“Angels & Demons”

Select a Business Area: i.e.- Hospital Admissions

How it can happen!

Demons :Identify Potential Fraud Schemes

Why it won’t!

Angels:Recommend & Evaluate

Anti-fraud Controls

Schemes

Controls

Impact/Likelihood

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

identifying significant fraud schemes brainstorming exercises1
Identifying Significant Fraud SchemesBrainstorming Exercises!!

“Angels & Demons”

Demons - Identify Potential Fraud Risks & Schemes

This is how I would do it son…

This is how it can happen!

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

identifying significant fraud schemes brainstorming exercises2
Identifying Significant Fraud SchemesBrainstorming Exercises!!

“Angels & Demons”

Angels - Recommend & Explain Anti-fraud Controls

Sorry, partner- it ain’t gonna happen…

If you did, I would know because…

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

identifying significant fraud risk exposures tailor to business units functions

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Tailor to Business Units & Functions

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • CSHS: practical application and lessons learned
  • Provide fraud background/concepts
  • Business units – positive response to facilitate sessions and Angels and Demons; engage audience
  • Lot’s of Aha’s and Really?’s in sessions
  • Positive comments from Senior Mgmt!
  • Entity Level Assessment – Proof remains to be seen.
  • Entity level of assessment = very limited business value
  • Assessment needs to be conducted and tailored to individual business units/functions, particularly in high risk markets; focus on both internal and external risks
  • Tailored assessments & group facilitation sessions simultaneously reinforce that management “owns” risk
  • Hold focus groups of management & staff to tailor inventory
  • Meet and validate results with business unit leaders
  • Capture assessment for senior management and board
    • Self Assessment; A&D Results (Gross & Residual risk); discuss Risk Tolerance; plans to update universe

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

29

identifying significant fraud risk exposures update internal audit risk universe

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Update Internal Audit Risk Universe

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • CSHS: practical application and lessons learned
  • If not already categorized in your risk universe, add category or metadata for easy identification
  • Refining can be time consuming
  • Annual update development in progress, to be completed through:
      • Improved annual interviewing
      • Individual Audit Capture
    • Complete redevelopment of risk model using TeamMate in progress
  • Based upon final listing of scenarios update audit risk universe for key risk factors and indicators
  • Refine any pre-existing audit risks based upon additional risk assessment procedures
  • Incorporate into annual update process of audit and/or compliance risk universe

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

30

identifying significant fraud risk exposures integrate into audit plan

Planning and Obtaining Senior Management Support and Sponsorship

Update Audit Risk Universe

Integrate into Audit Plan

Identifying Significant Fraud Risk Exposures:Integrate into Audit Plan

Inventory of High Impact Scenarios & Evaluate Existing Response

Assess Antifraud Programs and Controls

  • Evaluate whether any current year audits should be updated based on new risk universe
  • Determine appropriate way to keep fraud risk assessment process evolving rather than static
    • As new investigations or industry trends occur
    • Automated controls are added into environment
  • CSHS: practical application and lessons learned
  • In addition to current year updates, could identify new priority audits
      • Annual interviewing
      • Individual audits
      • Possible facilitate session repeats
    • Integrate into individual audit plans as well by already having the risk scenarios to consider

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

31

integrating fraud risk into individual compliance and audit engagements
Integrating Fraud Risk Into Individual Compliance and Audit Engagements:
  • Planning
      • Brainstorming among team and forensics
      • Past incidents
      • Past audits and business reviews
      • Management inquiries
      • Industry research
      • Tailor procedures
    • Execution
      • Design and operating effectiveness of existing response
      • Consider need for substantive testing
  • Execution (cont’d)
      • Fraud risk factors & indicators
      • Analytics - - not just ACL
      • Interview, interview, interview!!
    • Completion
      • Documentation is essential
      • Identify planning and how audit tailored

Close the Loop!

Use findings to strengthen controls, develop & deliver education/awareness to process owners & mgmt!

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

32

creating value while meeting fraud standards raising auditor fraud proficiency
Creating Value While Meeting Fraud StandardsRaising Auditor Fraud Proficiency
  • Knowledge
    • Scheme components
    • Preventive & detective controls
    • Key risk factors & indicators
    • Detection procedures
    • Operations knowledge
  • Skills
    • Critical thinking!
    • Scheme and scenario risk assessment
    • Assessing how organization manages risk
    • Devising fraud audit procedures
    • Forensic investigation
    • Interviews
    • Use of electronic data tools
    • Working ‘with’ the business!

Raising Management Awareness

In addition to scheme discussions and fraud risk identification, management is also getting interactive awareness training

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

33

slide34
Creating Value While Meeting Fraud StandardsAntifraud Tools of a Highly Equipped Compliance and/or Internal Audit Function
  • Specialized fraud examiners on staff
  • Antifraud training for staff
  • Investigative training for staff
  • Use of Computer Assisted Audit Techniques to promote fraud detection
  • Focused fraud risk assessment with inclusion of functional management and employees of all levels
  • Direct and regular interaction with senior management and audit committee
  • Use of specific and targeted fraud audit techniques – SAS 99
  • Can lead and/or support investigation and/or remediation efforts

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

34

other activities compliance and or ia departments are taking to deliver value

Creating Value While Meeting Fraud Standards

Other Activities Compliance and/or IA Departments are Taking to Deliver Value
  • Equip front line to serve as an effective first line of defense; fraud education!!
  • Conduct a “good” fraud risk assessment pilot at a high risk entity to develop a sustainable and repeatable process
  • Expand FCPA and other compliance reviews to identify opportunities to cut revenue leaks, cut costs and safeguard assets
  • Form a “fraud council” comprised of key business and corporate stakeholders
  • Host a “perfect crime” dinner and/ or facilitate “angels v. demons” exercise for management, internal audit and/or compliance
  • Create on-line or live interactive learning modules tailored to specific functions, e.g., procurement, sales, controllers

pwc Fall 2010 IART – Fraud Risk Assessment – 11/4/10

35

perspectives from ia industry leaders

Creating Value While Meeting Fraud Standards

Perspectives From IA Industry Leaders*

“ I currently see a lot more management awareness of the possibility of fraud, which in turn is causing a lot more people to come forward and ask Internal Auditing, ‘Is this right?, Is this appropriate?’’ --Richard Schmidt, Vice President of Internal Audit, Del Monte Foods

“ Internal auditing is often the only proactive source of fraud detection that management has. Auditors are out there looking for indicators of fraud during every engagement they conduct; no one else in the organization plays this vital role.”

--Kim Hatley, Assistant VP of Internal Audit, Hospital Corporation of America (HCA)

“ It is management’s responsibility to institute, establish and monitor controls and uncover fraudsters. Internal Auditing’s job is to encourage management to undertake what is necessary and then provide assurance to the audit committee that management is getting it right.” --Douglas Anderson, former Corporate Auditor, The Dow Chemical Co.

* [Source: Internal Auditor magazine, October 2010]

36

IIA - San Gabriel Valley Chapter: 2010 Fraud Symposium, 11/1/10

slide37

Don’t be this guy!

Stamp out…

?

Mark P. Ruppert, CPA, CIA, CISA, CHFP, CHC

Director, Internal Audit

Conflict of Interest Administrator

Cedars-Sinai Health System

Los Angeles, California

323-866-6900 office

323-866-6901 fax

Mark.Ruppert@cshs.org

37