Ran a Fraud Investigation session online for The Institute of Chartered Accountants of Pakistan. These are slides for day 2. Link for session 1 slides at the bottom of the description. These slides cover considerations for fraud interviews, report writing, legal considerations during investigations, roles and responsibilities, some input on understanding fraud prevention and fraud risk management (another link below for a detailed slide deck on this topic), some nuances of modern fraud investigations, and selected specific fraud and corruption scenarios. The last topic was covered in the session for the audiences where I shared some interesting aspects; will probably cover those in a blog post soon for wider sharing.
Links:
Fraud Investigations Session 1 slides: https://www.slideshare.net/ZeeshanShahid1/fraud-investigations-session-1-slides
Fraud Risk Management - High level perspective
https://www.slideshare.net/ZeeshanShahid1/fraud-risk-management-high-level-perspective-for-the-board-of-directors
2. Overview
• Introduction and context
• Common factors in reported frauds and
Pakistan Perspective
• Perpetrator behavioral analysis
• Fraud investigations
• Fraud interviews
• Report writing
• Legal considerations during
investigations
• Roles and responsibilities
• Understanding fraud prevention
• Nuances of modern fraud investigations
• Selected specific fraud and corruption
scenarios
Photo by John Fowler on Unsplash
3. Introduction and
context
Fraud defined
Introduction to Fraud tree
Introduction to Fraud triangle and diamond
Common factors in
fraud and Pakistan
perspective
Findings of ACFE’s Report to the Nations 2020 based on research from data of 125 countries, 23 major industry categories,
and 2,504 cases; Importance of whistle-blowing systems and fraud awareness trainings emphasized.
Perpetrator behavioral analysis; most common behavioral red-flags and perspective from Pakistan
Fraud investigation
process
Brain storming;
planning;
collection;
evidence gathering through analysis;
reporting and closure
Review of topics covered in last session
4. Brainstorming
• Identify parties,
investigation
parameters and risks as
input to the plan.
Planning:
• Thorough planning
determines focus and
helps manage the
investigation
Collection phase:
• Information gathering
in a forensically sound
manner
Evidence gathering
through analyses:
• issue-tailored analyses
performed to obtain
evidence
Reporting and
closure:
• Reporting of findings
The Fraud Audit / Investigation Process
Problem recognition and definition
Refine and amend
hypothesis
Analyze data;
create and test
hypothesis
6. Admission-seeking stage
Interview of suspect
Confirmation phase
Corroborative interviews with withnesses Interviews of co-conspirators
Evidence-gathering phase
Collection and evidence gathering through
anlaysis (excl. human info)
Preliminary observation drafting
Corroborative or information seeking
interviews with neutral persons
Fraud interviews
7. Types of communications
Chronemic; use of
time to convey
meaning, attitudes and
desires (respondent
late in keeping
appointments or
delaying; potentially
avoiding
Proxemic; use of
interpersonal space to
convey meaning
Paralinguistic; using
volume, pitch and
voice quality to
convey meaning
Kinetic; use of body
movements to convey
meaning
Overarching considerations
8. Preparation
• Review case files
• Have clear objectives
• Determine order of interviews
• Determine type of information expected to be received
• Select a comfortable and secure venue
• Select members of investigation team as interviewers
• Formulate a brief outline of key points to discuss
9. Types of questions
• Introductory; used to provide intro, establish rapport, set theme and baselining behaviour; do not use
sensitive questions or emotive words at this stage
• Informational; used to gather unbiased facts; could be open, closed or leading; however, questioning should
be general to specific
• Closing; used to reconfirm facts gathered; see if additional information can be gathered; and to achieve a
pleasant end to the process
• Assessment; used to evaluate credibility
• Admission seeking; only used for individuals whose culpability is reasonably certain; designed to obtain legal
admission of wrongdoing; reasonable certainty is achieved when there is reasonable probability about the
culpability of suspect and reasonable investigation steps already taken; convey absolute confidence with
accusation, do not become a moral judge, be firm with empathy; offer a moral excuse; diffuse defenses.
10. Mechanics and other considerations
• Do not react to difficult persons or conversations
• Prepare the room appropriately; privacy; door closed but not locked and easily reachable by
interviewee; communicate that they’re free to leave anytime; keep interviewer chairs apart; interviewee
should not be behind any physical barrier
• At least two interviewers in an admission seeking interviews
11. Things to cover in verbal confessions
• Knowledge of action being wrong; demonstrating intent
• Facts known only to perpetrator
• Motive; may need to dig further
• Facts about offense (timing, continuing or stopped, others involved, evidences, location of any assets
misappropriated)
12. Things to cover in signed confessions
• Statement that the confession is voluntary
• Intent
• Facts about fraud (dates, amount of loss, instances, etc)
• Willingness to cooperate
• Confessor’s rationalization
• Acknowledgement that confessor has read the statement
• Truthfulness of the statement
• Witness signatures (HR and/or Legal Counsel should be included)
Consult your lawyer for your
jurisdiction’s requirements
with respect to confession
statements.
14. • Background
• The background section is generally about two paragraphs. It should state very briefly why the fraud
examination was conducted.
• Executive Summary
• In this section the reporter summarizes what actions were performed during the fraud investigation, such as
reviewing documents, interrogating witnesses, conducting analyses or tests, etc. Doing so provides the reader
with an overview of what was done during the examination process. At the end of this section, you should
summarize the outcome of the examination. For example, “PKR 500,000 in checks was deposited into an
account owned by YZ. When confronted with this information, Ya stated that he had only borrowed the money
and meant to pay it back.
Report writing
15. • Scope
• This section consists of just one paragraph explaining the scope of the fraud examination. For example,
“Determine whether accounts receivables were manipulated in the books record,” or “Determine why cash
inventory recorded is not matching with actual quantity in the warehouse.
• Approach and methodology
• This section gives a brief description of the following items:
• Fraud examination team members
• Procedures performed (generally what documents were reviewed or what tests were conducted)
• Individuals interviewed
• Any limitations
• It provides a handy reference as to who was involved in the fraud examination, what the team reviewed, what
tests or analyses were conducted, and what individuals the team interviewed.
Report writing (cont’d)
16. • Findings
• This section contains the details of the fraud examination. It will generally consist of several pages. In this
section, you should describe what actions or duties the reporter performed and what was found. Provide enough
detail so that the reader understands what occurred, but not so much detail that the reader begins to lose interest
or becomes bogged down in the details.
• The reader wants to know how many instances occurred, who was involved, how they did it, what proof you
have, etc. If the findings section is long, you might use subheadings for particular topics or individuals to make
it easier for the reader to stay organized. The information can be presented either chronologically or by topic—
whatever makes it easier for the reader to follow.
• Approach
• This section should be one or two paragraphs and should briefly summarize the results of the fraud
investigation. It should be similar to the outcome stated at the end of the Executive Summary section
Report writing (cont’d)
17. • Impact
• This section consists of how the fraud impacted the overall business. The reporter can provide an estimate amount of
loss or any other tangible or intangible damage suffered by the victim and also which might affect in future.
• Recommendation
• The organizations mainly look for the recommendations as they are willing to implement the changes. However, this
section is optional. There might be instances where fraud investigator wish to discuss remedial measures or specific
recommendations in a separate document. If investigator do wish to include this section, then should state what
follow-up action is necessary or recommended, including remedial measures such as a review of internal controls,
introduction of a whistle blower - hotline, increased security, etc.
• Limitations and caveats
• Standard caveats
• Identify any matter outstanding
Report writing (cont’d)
18. • Opinions and conclusions:
• Conclusions need to be self-evident, not requiring to be pointed out
• Opinions regarding guilt or innocence are not allowed
• Fraud examiner should not include any statement of opinion as to the integrity or veracity of any witness.
Report writing (cont’d)
20. • Collection sensitivities; what can and cannot be examined
• Labor laws sensitivities; will the investigation be challenged subsequently in the court?
• Evidence admissibility; are there any conjecture in the report rather than facts? Are the facts
sufficiently establishing beyond reasonable doubt the culpability of suspect?
• Interviews; what is the admissibility of the interview process?
• Disciplinary options in light of laws
• Any statutory reporting responsibility?
• Consult legal counsel throughout the process
Legal considerations during investigations
22. • Primary responsibility for fraud prevention
• Responsible for ensuring appropriate policies and procedures are implemented in the organization.
• Developing and maintaining an adequate system of internal control as well as maintaining accounts,
records, and books that accurately and fairly record and represent company transactions are statutory
obligations.
• COSO principle: The organization considers the potential for fraud in assessing risks to the
achievement of objectives.
Board and management
23. • International Standards for the Professional Practice of Internal Auditing (IPPF Standards) require:
• 1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in
which it is managed by the organization, but are not expected to have the expertise of a person whose
primary responsibility is detecting and investigating fraud.
• 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the
organization manages fraud risk.
• 2210.A2 – Internal auditors must consider the probability of significant errors, fraud, noncompliance, and
other exposures when developing the engagement objectives.
• Additionally other IPPF Standards also include fraud, including standards relating to role of internal
audit in evaluating organization’s ethics and values.
• Source: https://na.theiia.org/standards-guidance/public%20documents/ippf-standards-2017.pdf
(please check for updates)
Internal auditor
24. • ISA 240: ‘The Auditor’s Responsibility To Consider Fraud in an Audit of Financial Statements’, an auditor conducting an
audit in accordance with ISAs is responsible for obtaining reasonable assurance that the financial statements taken as a
whole are free from material misstatement, whether caused by fraud or error.
• In planning and performing the audit to reduce audit risk to an acceptably low level, the auditor should consider the
risks of material misstatements in the financial statements due to fraud; if risk is high; involve expert.
• Only two types of misstatements concern the auditor: misstatements resulting from fraudulent financial reporting
and misstatements resulting from misappropriation of assets.
• Due to significant inherent limitations in case of misstatement from fraud, particularly management fraud, auditor is
responsible for maintaining professional skepticism throughout the audit, considering the potential for management
override of controls. A subsequent discovery of fraud does not necessarily imply non-compliance with ISAs.
• Auditor is expected to identify and assess the risks of material misstatement due to fraud and design procedures to
detect such misstatement.
• Source: https://www.ifac.org/system/files/downloads/2008_Auditing_Handbook_A080_ISA_240.pdf
(please check for updates)
External auditor
26. Training Fraud reporting mechanism
Tone at the top / Code of
conduct
Internal audit / Surprise audit
Data mining (proactively
looking for anomalies)
Anti-fraud controls
•Segregation of duties
•Safeguard of assets
•Management authorization and review
•Job rotation
•Mandatory vacation
•Background checks / Due diligence
Disciplinary actions
Anti-fraud better practices
27. • Fraud Risk Management is a process that results in board and upper management and all other staff
deterring fraud in their organization.
• Fraud deterrence is a process of eliminating factors that may cause fraud to occur.
• Key considerations:
• All organization are subject to fraud risks.
• Elimination of all fraud in all organizations impossible.
• Some sort of principle needed to create procedures and make environment risk free.
• BoD, top management and personal at all levels have responsibility for managing fraud risk.
• Fraud risk management framework helps organizations develop a program to deter fraud
Fraud risk management
28. Visible and rigorous fraud governance
process
Effective fraud control processes and
procedures
Periodic Fraud Risk Assessment
Swift allegation response and appropriate
action against wrong-doers
Attributes of a deterrence
creating FRM process
Fraud risk management
30. • Mobile devices
• Personal data on official machines
• BYOD
• Cloud and network forensic
• OSINT (external sources, public records, court records, property records, tax records, business filings
with regulators); Social Catfish (or use programming skills to build your own VM)
• WayBackMachine (notable mention!)
• Privacy issues when collecting social media; best practices (screen capture; print; PDF etc.)
• Email headers
Nuances of modern fraud investigations
32. Financial services sector
• Islamic bank private lending scheme
• Large commercial bank trade finance fraud investigation
• Microfinance bank (investigations; methodology; AML/CFT)
• AMC – Fraud against customers
• SWIFT fraud
• Service provider to large commercial bank making improper arrangements
Government and WorldBank
• Review of program with branchless banking nuances
• Pakistan Railways (draft)
Selected investigations
33. Tech / Startup:
• Investigation of procurement fraud
• Staff’s Anti-Corruption due diligence
Pharma
• Frauds in Hardship cases
• Vaccine fraud
• Compliance audit of distributors
• ABAC DD
• Medical devices company distributor FCPA
NPO
• Forensic of Pakistan operations
• Afghanistan foreign government charity (Head investigation; Ops investigation)
Selected investigations
34. HNW fraud
• Trading PPP platform scam
Oil and gas
• Foreign company investigation of conflict of interest
FMCG
• ABAC / FCPA DD
• Trust fraud
Hospitality
• Multinational fast-food chain; senior management fraud
Selected investigations
35. ONE:
No opinions in report
TWO:
Interview and question
types
THREE:
Responsibilities of fraud
prevention, detection and
investigation
FOUR:
Fraud prevention including
FRM
FIVE:
Whether you’re an internal
or external auditor, engage
an expert when situation
calls for it.
SIX:
Legal considerations
Key Takeaways
37. Become certified, get
access to leading
resources and part of an
expert community of
fraud fighters around the
globe.
Stay away from
‘Diploma Mills’!
39. Zeeshan Shahid
• Chartered Accountant; Certified Fraud Examiner;
>18y experience; served as partner in Deloitte
and Yousuf Adil
• >10y running country’s first dedicated Forensic
practice in Deloitte; Experience of investigating
allegations of fraud, abuse, bribery, corruption
and misconduct in public (federal, provincial and
corporate), private (domestic and MNCs for
FCPA/UKBA), non-profit (foreign government
and NGO)