Post on 13-Sep-2014
description
transcript
Establishing an Organization Wide Fraud
Policy
October 8, 2013
Special Guest Panelist:Paul McCormack, CFE
Copyright © 2013 FraudResourceNet™ LLC
Copyright © 2013 FraudResourceNet™ LLC
About Jim Kaplan, MSc, CIA, CFE
President and Founder of AuditNet®, the global resource for auditors
Auditor, Web Site Guru,
Internet for Auditors Pioneer
Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.
Author of “The Auditor’s Guide to Internet Resources” 2nd Edition
Copyright © 2013 FraudResourceNet™ LLC
About Paul McCormack, CFE
18 years of fraud, litigation and business consulting experience
Worked directly with agents from federal, state and local law enforcement agencies including the F.B.I., G.B.I., D.E.A., and the Secret Service
Previously managed fraud departments for SunTrust Bank, & Delta Air Lines
Frequently writes and speaks on topics involving fraud, cyber security, intellectual property theft and money laundering
Certified Fraud Examiner since 2002
Copyright © 2013 FraudResourceNet™ LLC
Webinar Housekeeping
This webinar and its material are the property of FraudResourceNet LLC. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. We will be recording the webinar and you will be provided access to that recording within 5-7 business days after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.
Please complete the evaluation to help us continuously improve our Webinars.Unless you are participating in a group that is viewing this Webinar on a common computer screen, you must answer the polling questions to qualify for CPE per NASBA.
Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.
If GTW stops working you may need to close and restart. You can always dial in and listen and follow along with the handout.
Copyright © 2013 FraudResourceNet™ LLC
Disclaimers
4
The views expressed by the presenters do not necessarily represent the views, positions, or opinions of FraudResourceNet LLC (FRN) or the presenters’ respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship.
While FRN makes every effort to ensure information is accurate and complete, FRN makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. FRN specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the FRN website
Any mention of commercial products is for information only; it does not imply recommendation or endorsement by FraudResourceNet LLC
Copyright © 2013 FraudResourceNet™ LLC
Today’s Agenda
Introduction: Fraud Statistics: The Growing Fraud Threat
Auditing for Fraud: Standards & Essentials Ethics policy vs. Fraud policy Components of a fraud policy Pros & Cons of a fraud policy Creation and ownership – best practices “Behind the scenes” – making the policy work Traps to avoid Embedding the policy in the corporate DNA Your Questions Conclusion
Copyright © 2013 FraudResourceNet™ LLC
Fraud: The Big Picture
According to major accounting firms, professional fraud examiners and law enforcement:
Fraud jumps significantly during tough economic times
Business losses due to fraud increased 20% in last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. (Kroll 2010/2011 Global Fraud Report)
Average cost to for each incident of fraud is $160,000 (ACFE) Of Financial Statement fraud: $2 million
Approx. 60% of corporate fraud committed by insiders (PwC)
Approx. 50% of employees who commit fraud have been with their employers for over 5 years (ACFE)
Copyright © 2013 FraudResourceNet™ LLC
The Auditor’s Role
1200: Proficiency and Due Professional Care
1220: Due Professional Care
2060: Reporting to Senior Management and the Board
2120: Risk Management
2210: Engagement Objectives
Copyright © 2013 FraudResourceNet™ LLC
Ethics Policy vs. Fraud Policy
Fraud, ethics and code of conduct are often used interchangeably – not always correct to do so
Ethics policy is a set of principles of conduct within an organization - guide “day to day” decision making and behavior. It serves as the “moral compass” for the organization
A fraud policy has a much narrower focus. It addresses fraudulent conduct by employees and third parties
Creating a stand alone fraud policy shines a much needed light on fraud prevention
Copyright © 2013 FraudResourceNet™ LLC
Fraud Policy – One Element of Ethics / Code of Conduct
Ethics Program
Discrimination & Harassment
Information Security
Compliance with Laws
Conflict of Interest
Fraud Policy
Copyright © 2013 FraudResourceNet™ LLC
Fraud Policy – Pros & Cons
• Establishes expectations
• Creates basis for HR discipline
• Ensures consistent approach
• Enhances “perception of detection” and prevents fraud
Pros
• Can alienate employees
• Creates expectations that the company may not always meet
• Can be time consuming to create and monitor over time
Cons
Copyright © 2013 FraudResourceNet™ LLC
So what does a fraud policy include?
A fraud policy contains the following: Details on what constitutes fraud and to whom the policy
applies
Details employees’ / management’s responsibility to report fraud
List of channels available to report suspect activity –multiple and independent
Areas within the company that are responsible for investigating fraud (note: it is not a “regular” employee’s job)
Statement that all investigations will be conducted in a consistent manner without consideration of rank or tenure
Copyright © 2013 FraudResourceNet™ LLC
Polling Question 1
An organization’s fraud policy should be _________ its Ethics Program
A. Part of
B. Supplemental to
C. Completely separate from
Copyright © 2013 FraudResourceNet™ LLC
So what does a fraud policy include? (cont.)
A fraud policy contains the following: Details of organization’s tip-reporting channels (hotline,
website, Email, phone, etc) and how to use them
Retaliation / Cover up not permitted
Commitment to cooperate with law enforcement as appropriate
Disciplinary ramifications for committing fraud
Periodic reporting requirements
Copyright © 2013 FraudResourceNet™ LLC
Creation and ownership – who’s on first?
• Cross divisional impact – need to ensure everyone on board
• Executive management, HR, Legal, Internal Audit, Corporate Security
Identify stakeholders
• Detail why a fraud policy is needed• Clearly define goals and objectivesDevelop a charter
• Who will create the content? Who will approve the final version within each department?
• “Behind the Scenes” - document the investigation process
Assign roles
• Which executives will approve the policy?• How will the new policy be communicated?
Secure final executive approval
• Develop a timetable to follow up and revisit the overall effectiveness of the fraud policy
Develop a follow up process
Copyright © 2013 FraudResourceNet™ LLC
ImplementationInitial Assessment • If applicable, review existing fraud
policies and procedures
• Review fraud prevention training / new hire process
• Management knowledge, investment and oversight
Detailed Analysis • Review information gathered during
initial assessment for gaps
• Document gaps and share with stakeholder. Include recommendations to bridge gaps
Future State Design and Development• Use results of the initial assessment
and gap analysis to develop fraud policy
• Prior to implementation, share fraud policy with stakeholders/executive sponsor for approval
Implementation• Once approved, develop
implementation timetable and communicate to steering committee
• Track and report status, including roadblocks encountered with stakeholders
Copyright © 2013 FraudResourceNet™ LLC
Polling Question 2
A basic fraud policy should include which of the following?A. Retaliation / Cover up not permittedB. Commitment to cooperate with law enforcement as
appropriateC. Disciplinary ramifications for committing fraudD. Periodic reporting requirementsE. All of the above
Copyright © 2013 FraudResourceNet™ LLC
“Behind the Scenes” – Clear Lines of Responsibility
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Polling Question 3
Accoording to the ACFE, ________________ is responsible for detection and prevention of fraud
A. Internal audit
B. Management
C. Audit Committee
D. Everyone who works for the organization
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Sample Fraud Policy from ACFE
Copyright © 2013 FraudResourceNet™ LLC
Traps to avoid
Strike the right tone – Fraud policy is designed to protect the company and its employees. Avoid treating all employees as “guilty until proven innocent”
Make sure everyone is on board – Fully address concerns raised by senior executives early in the process
Don’t forget foreign operations – If your company operates overseas, make sure that the policy is legally applicable
Practice what you preach – Departures from policy should be few and far between. If too prescriptive, leave it out
“Out of sight, out of mind” – Don’t create then ignore the policy
Copyright © 2013 FraudResourceNet™ LLC
Polling Question 4
An employee who reports a possible fraud should never be told not to discuss the incident with anyone else in the organization
A. True
B. False
Copyright © 2013 FraudResourceNet™ LLC
Embedding the policy in the corporate DNA
Include the fraud policy as a separate section within the code of conduct or ethics policy. Cross-reference where appropriate
Include discussion of the fraud policy/code of conduct during new hire orientation
Once a year, require mandatory training on the code of conduct (online or face to face). Training should include a final exam that includes scenarios to test the employee’s application of the code
Include a “signed” affirmation of the employee’s participation in the course as well as their final exam within their personnel file (an actual or electronic signature is appropriate)
Copyright © 2013 FraudResourceNet™ LLC
Embedding the policy in the corporate DNA (cont.)
Adhere to the fraud policy in all respects. Example: If the fraud policy stipulates that all allegations will be
investigated within X of days, make sure that takes place
Without naming names, publicize instances where the fraud policy was used to terminate an employee
Ensure that senior executives routinely mention the company’s code of conduct in their speeches and written communications to employees
Display code of conduct related posters in employee break rooms. (Make sure they are replaced if damaged or appear worn)
Copyright © 2013 FraudResourceNet™ LLC
Polling Question 5
Fraud policies should always avoid taking the tone of
A. Innocent until proven guilty
B. Guilty until proven innocent
C. Everyone in the organization should be part of the detection and prevention effort
D. None of the above
Copyright © 2013 FraudResourceNet™ LLC
Questions?
Any Questions?Don’t be Shy!
Copyright © 2013 FraudResourceNet™ LLC
Thank You!
Website: http://www.fraudresourcenet.com
Jim KaplanFraudResourceNet™
800-385-1625 jkaplan@fraudresourcenet.com
Peter GoldmannFraudResourceNet™
800-440-2261pgoldmann@fraudresourcenet.com
Paul McCormack CFEpaulmccor2008@gmail.com
Copyright © 2013 FraudResourceNet™ LLC
Coming Up This Month
“Using Data Analytics to Detect and Deter Procure-to-Pay Fraud”, with Rich Lanza, October 30