Managing Fraud Risk

Steve Giles is a chartered accountant with over 20 years experience of fighting fraud. This began with his involvement in the Polly Peck investigation in the early 1990s and continued with a variety of forensic accounting assignments whilst still at Deloitte. Now a consultant, Steve has worked on many fraud investigation cases in the UK, Continental Europe and the US, whilst also advising his clients on the most effective measures that they can take to prevent, deter and detect fraud in their organisations. Today he lectures extensively around the world on fraud and financial crime matters generally and also on the broader subjects of corporate governance, risk management, auditing and business ethics. He is an Associate Member of the Institute of Chartered Accountants in England and Wales.

Acknowledgements xv Introduction 1 Making me an offer that I can t refuse 1 Opening remarks 2 About this book 3 1. Personal experiences 4 2. Courses, delegates and the Fraud Awareness Quiz 7 3. Interviews and interviewees 8 Concepts and focus 8 Fraud: the gorilla in the room? 9 1. The Bernie Madoff effect 10 2. Corporate fraud highlighted by the international media 11 3. General fraud highlighted by the national media in the UK 12 Closing remarks 14 1 Responsibility 17 What a mess how could all this have been allowed to happen? 17 Introduction 19 Answers to the Quiz 20 Responsibility Framework 22 Introduction 22 International best practice 23 Practical application 24 The linkage between risk management and internal controls 25 Overview 25 Control design linked to risk 26 The importance of evidence 26 Introduction 26 Examples 27 Evidence of management of fraud risks 28 The role of audit in fraud prevention and detection 29 Overview 29 Little training for auditors on fraud awareness 29 Problems and remedies 30 The strategic approach to managing fraud risk 30 Best practice guidance 30 The Fraud Risk Management Framework 31 Introduction 31 Summary Five Key Learning Points for Directors and Managers 33 2 Meaning 35 The hairs on the back of my neck 35 Introduction 36 Answers to the Quiz 36 Fraud definitions 38 Key word deception 39 Key word intentional 40 ACFE occupational fraud typology 41 1. Fraudulent financial statements schemes 42 2. Asset misappropriation 44 3. Corruption 47 The ACFE s Report to the Nation 49 Fraud and the law 50 Introduction 50 The Fraud Act 2006 50 Commentary 51 Some examples of what the term fraud actually includes 51 1. Fraud as abuse of systems and control procedures 51 2. Fraud as abuse of working practices 51 3. Fraud as financial engineering 53 4. Fraud as corruption 55 5. Fraud as collusion 55 Fraud costs scale and direction of travel 56 1. Costs of fraud 56 2. Direction of travel 59 Answers to the Quiz 62 Summary Five Key Learning Points for Directors and Managers 63 3 People 65 Appearances can be deceptive 65 Introduction 66 Answers to the Quiz 66 Answers with very low percentage scores for total honesty 67 Answers with very high percentage scores for total honesty 69 The results of the research into honesty 70 The Fraud Triangle the key behaviourial model 71 Motivation 72 Opportunity 72 Rationalisation 73 Motives of fraudsters bringing the Fraud Triangle up to date 74 Albrecht, Howe and Romney 74 Hollinger and Clark 75 Ditton and others 76 Wolfe and Hermanson 77 Classification of fraudsters 78 First-time offenders 78 Recidivists 79 Those who commit fraud to benefit the organisation 79 Outsiders 79 Profile of a fraudster 80 Introduction 80 The greatest risk lies at the top 80 Tenure 80 The squeezed middle 81 The fraudster s department 82 Motives of fraudsters the business perspective 82 Summary Five Key Learning Points for Directors and Managers 85 4 Risk 87 We are all risk managers now 87 Introduction 88 Answers to the Quiz 89 Risk management primer 92 Introduction 92 Culture 92 Risk soundings exercise 93 Avoid the tick-box attitude 99 Strategic risk management and the 4Ts approach 100 Risk management cycle 100 The 4Ts approach 100 The 4Ts approach exercise 101 The use of insurance 101 The key risk reputation 102 Reputation risk the Arthur Andersen/Enron case 104 Verdict overturned 105 Reputation and ethics 105 Taking a risk-based approach to financial crime 105 Introduction 105 Approach to bribery and corruption 106 Approach to money laundering and terrorist financing 106 Taking a holistic approach to financial crime 107 Taking a risk-based approach to fraud 108 Overview 108 1. Fraud risk profile 109 2. Strategic approach to fraud risk 110 Summary Five Key Learning Points for Directors and Managers 112 The 4Ts approach answer to the exercise 113 (a) Bottom left-hand quadrant TOLERATE 113 (b) Top right-hand quadrant TERMINATE 114 (c) Bottom right-hand quadrant TREAT 114 (d) Top left-hand quadrant TRANSFER 114 5 Governance 117 People disappear in Texas 117 Introduction 118 Answers to the Quiz 119 Background 119 Governance as compliance 120 The performance element 120 Board conformance and board performance 121 Enron a failure of corporate governance 122 Introduction 122 Company history 122 Consequences of scandal 123 Governance failure 123 Enron by the numbers part 1 124 Governance overview relationships and agency risk 126 Background 126 The key governance players 127 Agency risk and the role of independent non-executive directors 127 The development of corporate governance codes and legislation 128 Rules-based and principles-based governance regimes 128 The US and the UK governance regimes 129 1. The Sarbanes-Oxley Act 2002 130 2. The UK Corporate Governance Code 135 Competency and behaviour the key drivers of board performance 138 1. The competency of directors 138 2. The behaviour of directors 141 The corruption component of fraud 144 Introduction 144 Corrupt business practices 145 The US position the Foreign Corrupt Practices Act 146 The United Nations position the UN Convention against Corruption Act 2005 146 The UK position the Bribery Act 2010 147 The Satyam fraud 149 Introduction 149 Background 150 Satyam s accounting fraud 150 Consequences and commentary 151 Summary Five Key Learning Points for Directors and Managers 152 6 Controls 155 Getting run over by a bus 155 Introduction 156 Answers to the Quiz 157 Internal controls overview 160 Background 160 Control characteristics 161 Preventative and detective controls 161 Manual and automated controls 161 Hard controls and soft controls 162 Internal control structure 162 Overview 162 Broad perspective 163 Avoid negative attitudes 163 Making the commitment 164 Custom and practice 165 Modern internal controls frameworks 167 Overview 167 1. The COSO Framework 1992 168 2. The COCO Framework 1995 171 3. The Turnbull Guidance 1999 172 4. The SOX 2002 174 5. ERM Framework 2004 175 The role of audit in fraud prevention and detection 175 Introduction 175 Perception and realities 176 The external audit 176 Introduction 176 Definitions 177 External audit essentials 177 Should external auditors discover fraud? 178 Reasonable assurance 180 Internal auditing 180 Introduction 180 Definitions 180 Internal audit essentials 181 Should internal auditors discover fraud? 182 Limitations of traditional audit techniques 182 Poor understanding of fraud risk 183 Audit testing based on small sample sizes 183 SAS 99: Considerations of Fraud in a Financial Statement Audit 184 Introduction 184 What SAS 99 and ISA 240 say about fraud auditing 185 Commentary 185 The role of the audit committee 186 Introduction 186 Role of the audit committee in the fight against fraud 186 Examples of poor performance by audit committees 187 Example 2 Enron 188 Summary Five Key Learning Points for Directors and Managers 189 7 Prevention 191 A question of black or white 191 Introduction 192 Answers to the Quiz 193 Fraud prevention controls 195 Introduction 195 The concept of the control environment 196 Key aspects of prevention generic controls 197 Overview 197 (a) Segregation of duties 197 (b) Delegations of authority and authorisation limits 199 (c) Physical and computer security over assets, records and information 200 Control inhibitors and concealment strategies 201 Introduction 201 Management override of controls 201 Collusion 202 Processing a transaction below the control radar 202 False documentation 203 Blocking the flow of information 203 Specific anti-fraud prevention controls 204 Introduction 204 The six key fraud prevention controls 205 Introduction 205 Fraud prevention the three hard controls 205 Fraud prevention the three soft controls 215 5-Point fraud prevention plan 220 Summary Five Key Learning Points for Directors and Managers 221 8 Detection 223 But he seemed like such a nice guy, he still lives with his mother 223 Introduction 224 Answers to the Quiz 225 The deterrence factor 226 Overview what is meant by deterrence 226 The perception of detection 226 Ways to increase the deterrence factor 228 Fraud detection 236 Introduction 236 The three key fraud detective measures 236 Summary Five Key Learning Points for Directors and Managers 252 9 Investigation 255 Don t crash the car 255 Introduction 256 Answers to the Quiz 256 Fraud investigation case study 257 Fraud investigation best practices 273 Introduction 273 Handling the initial allegations 274 Setting the overall objectives 275 Reporting lines and the investigation team 277 The use of covert techniques 279 Evidence 281 Guidelines for interviews 283 The litigation process and involving the police 286 Overview 286 Civil litigation 286 The police and criminal proceedings 287 Insurance the quantum of loss statement and making claims 288 Communication issues 288 Introduction 288 Media contingency planning 289 Managing internal communications 289 Summary 290 Fraud investigations practical examples 290 Summary Five Key Learning Points for Directors and Managers 293 10 Ethics 295 The RICE model 295 Introduction 296 Answers to the Quiz 297 The business ethics framework 299 Introduction 299 The golden rule of reciprocity 300 The key concepts of integrity and trust 301 Business ethics and the law 302 The 3Rs ethical roadmap 303 Individual responsibility 304 Corporate culture 305 Pressure, incentives and short-term targets 306 The business ethics toolbox 309 Introduction 309 Value statements 309 Codes of ethics and conduct 311 Confidential reporting lines 313 Ethical training and development programmes 313 Business ethics in action 315 Integrated approach 318 Summary Five Key Learning Points for Directors and Managers 319 Epilogue 321 Distinguished merit 321 References 323 Index 329