Key principles applied by Witzenberg Municipality to Manageof FraudPresented by: Gerhard Louw Internal AuditPEC Engagement25 July 2013IIA Guideline of fraud risk management
Fraud anchor principles Principle 1 - Policy and procedures Principle 2 - Periodically fraud risk assessment Principle 3 - Prevention techniques Principle 4 - Detection techniques Principle 5 - Reporting and corrective action
Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the Council and senior management regarding managing fraud risk. • Fraud prevention policy • Performance, Risk and Audit Committee • News letters – awareness – Community and internal • Fraud committee • Fraud Month
Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. • Fraud risk Identification • Put on your “fraudster cap” for each process and capital project • Think like a fraudster – “e.g. How can I beat the system?” • Implement controls to mitigate • Monthly Inter-action with local Police
Principle 3:Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization. • E.g. Various Procurement declaration required from suppliers (MBD’s) • Employees code of conduct • Suppliers code of conduct • Background checks • Transunion checks on potential suppliers • E.g bank detail fraud - one person
Principle 4: Detection techniques should be established to uncover fraud events when preventivemeasures fail or unmitigated risks are realized. • Ghost employees • Monthly select a few employees from payroll and physical verify existence and identification numbers • Inventory checks • Reconciliations • Financial System Exception reports • Audit projects – fraud considerations • Monthly SCM deviation report to council • Pre-determined/automated tests to detect abnormalities • Procurement threshold – monthly check of payments nearby threshold values – investigate exceptions
Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. • National Fraud Line - News letter and website • Risk Management reporting • Own Fraud Line – best practice
NEW IDEAS • CRO and CAE Forum needs to spend to more time on fraud detection, prevention and mitigating controls ?