Auditing for Fraud.
2nd International Symposium on Auditing in Turkey
Jean-Pierre Garitte, CIA, CSSA, CISA, CFE
April 26, 2007
Understanding Fraud
Definition for Fraud (IIA)
Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. It can be perpetrated for the benefit of or to the detriment of the organization and by persons outside as well as inside the organization.
Examples of Fraud
• Sale or assignment of fictitious or misrepresented assets• Improper payments (e.g. bribes, kickbacks, payoffs to government
officials)• Intentional, improper representation or valuation of transactions,
assets, liabilities or income• Intentional, improper transfer pricing• Intentional, improper related-party transactions• Intentional failure to record or disclose significant information to
improve the financial picture of the organization to outside parties• Prohibited business activities (e.g. those that violate government
regulations)• Tax fraud
Fraud designed to benefit the organization
• Acceptance of bribes or kickbacks• Diversion to an employee or outsider of a potentially profitable
transactions that would normally generate profits for the organization
• Embezzlement as typified by the misappropriation of money or property and falsification of financial record to cover up the act
• Intentional concealment or misrepresentation of events or data• Claims submitted for services or goods not actually provided to the
organization
Fraud perpetrated to the detriment of the organization
Examples of Fraud
Auditing for fraud / Jean-Pierre Garitte
7©2007 Deloitte Belgium
"It was recently estimated that 99% of all dishonesty within a given company was perpetrated by people who regarded themselves as honest when hired.
It is therefore apparent, that there are many employees who are as honest as
they are required to be under the system in which they work."
The Wall Street Journal
Auditing for fraud / Jean-Pierre Garitte
8©2007 Deloitte Belgium
Typical Fraudster
• On the Surface– Long-time employee– In a position of trust– Doesn’t take vacations– Appears to be extremely dedicated– Has unexplained cash or other wealth
Auditing for fraud / Jean-Pierre Garitte
9©2007 Deloitte Belgium
Typical Fraudster
• Beneath the Surface– Living beyond means– Gambler– Drug or alcohol problem– Behavioral changes– Extramarital affairs– Hostility toward management– General disenchantment with compensation
Auditing for fraud / Jean-Pierre Garitte
10©2007 Deloitte Belgium
General ideas on fraudIndirect trigger: the fraud triangle
Oppor
tuni
ty
Rationalisation
Motive• Financial problems
• Unrealistic goals set by organisation
• Lifestyle pressures
• Debt
• Opportunity through the organisation:• no clear rules boundaries
• weak/deficient internal control
• Individual opportunity:• good operational knowledge
• “key to the organisation”
• “Everybody does it”
• “I’ve been doing overtime unpaid”
• “I was doing it as a favor to show the internal control weaknesses”
• “I was passed for promotion”
Auditing for fraud / Jean-Pierre Garitte
11©2007 Deloitte Belgium
Managing the Triangle
• The 10/80/10 Rule• Employees will be no more ethical than those who run the company• Challenge is to manage the 80%• Justify their activity as non-criminal• Even when convicted, don’t see themselves as criminals
Auditing for fraud / Jean-Pierre Garitte
12©2007 Deloitte Belgium
A Statistical Certainty...
…and the basis of our practice
“At any given moment, there is a certain percentage of the population that’s up to no good.”
J. Edgar Hoover
Auditing for fraud / Jean-Pierre Garitte
13©2007 Deloitte Belgium
Why all the Fraud?
• What’s the motivation?– Corporate Culture
• Downsizing• Diminished loyalty• Bottom-line pressures
– Changing Technology– Globalization– Organized Crime Influence
Auditing for fraud / Jean-Pierre Garitte
14©2007 Deloitte Belgium
A Vulnerable Organization
• Corrupt management• Internal controls weak or unmonitored• Company or department dominated by one or two managers• Management compensation linked to short-term results• Employees poorly managed, trained or paid• Top management incompetent or focused solely on short-term profits • Lack of internal audit function
Auditing for fraud / Jean-Pierre Garitte
16©2007 Deloitte Belgium
Common Management Fraud Schemes
• Pre-billing clients for shipments not yet made• Booking sales before final• Altering invoices • Altering credit card receipts• Charging personal expenses• Overstating revenues and assets• Understating expenses and liabilities• Inadequate provisions for allowance for doubtful accounts…
Auditing for fraud / Jean-Pierre Garitte
17©2007 Deloitte Belgium
Why?
• Shares of management and administrators• Weak financial results• High expectations of the market• Bonus of management
Auditing for fraud / Jean-Pierre Garitte
18©2007 Deloitte Belgium
How?
• Manipulation of revenues• Manipulation of costs• Manipulations in the balance sheet
Auditing for fraud / Jean-Pierre Garitte
19©2007 Deloitte Belgium
• Fictitious revenues• Timing differences • Improper asset valuation• Concealed liabilities/expenses• Improper disclosures
Financial statement fraudFive classifications
Detective and investigative techniques
…it’s everyone’s responsibility
Auditing for fraud / Jean-Pierre Garitte
24©2007 Deloitte Belgium
Financial Statement Fraud Analytical Procedures
Examples of consistency and inter-relationship tests:• Net income to cash flow• Relative movements in inventory, A/P, sales, cost of sales• Comparison to industry trends, such as bad debt write-offs• Production, inventory, sales relationships• Comparing results of an entity to those of competitors provides valuable
information as to whether (and how) the entity is outperforming or underperforming other entities in the industry
Auditing for fraud / Jean-Pierre Garitte
25©2007 Deloitte Belgium
Proactive Anomaly
• Address Verification• Duplicate Payments• Unexpected Relationships• Overpayments• Identification Number Testing• Shared Elements Testing
Corporate Awareness: How to defend against fraud?
…it’s everyone’s responsibility
Auditing for fraud / Jean-Pierre Garitte
27©2007 Deloitte Belgium
Creating a Control Environment
Fraud Deterrence – Create a control environment where honesty and integrity areexpected. Communicating a process of detection and the consequences ofprosecution to dissuade the attempt at fraud
• Tone at the Top • Code of Business Conduct• Whistleblower Hotline • Communications• “Walk” the walk, and “talk” the talk
Auditing for fraud / Jean-Pierre Garitte
29©2007 Deloitte Belgium
Code of ethics
Auditing for fraud / Jean-Pierre Garitte
30©2007 Deloitte Belgium
Corporate Awareness
…every employee has responsibility
Know Your Customers
Know Your Vendors
Know Your Employees
Know Your Operations
Auditing for fraud / Jean-Pierre Garitte
31©2007 Deloitte Belgium
Know Your Employees, Know Your Customers
• Your front-line staff is your front line of defense. They are key to identifying fraud.
• If they are fraudsters themselves, you begin to see the “circle of co-conspirators.”
Auditing for fraud / Jean-Pierre Garitte
32©2007 Deloitte Belgium
Know Your Employee
Employee($60,000 median loss)
Managers/Executives($250,000 median loss)
Managers & Employees conspiring in a fraud scheme
($500,000 median loss)
Auditing for fraud / Jean-Pierre Garitte
33©2007 Deloitte Belgium
Know Your Employees, Know Your Customers
• Ignorance is NOT an excuse• Thoroughly verify identities• What you don’t know CAN hurt you• Assertiveness is key to knowing the truth
Corporate Awareness is Everyone’s Responsibility!
Member ofDeloitte Touche Tohmatsu