SlideShare uma empresa Scribd logo

How to prepare for your first anti fraud review

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

As stated in the Institute of Internal Auditors IPPF, “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk (2120.A2)”. How is your auditing function meeting this professional expectation? The time to test fraud controls is before you have a fraud. Testing fraud controls is more commonly referred to as an “anti-fraud” assessment and is typically conducted by auditors as a consulting service. How long has it been since a comprehensive review was conducted at your organization? Once completed, as the company changes over time, sections of the first review should be updated. This webinar will cover: · How strong are your controls? · Are you looking for fraud or is fraud looking for you? · The time to detect directly impacts the chances of recovery · Shell Vendors uncovered made the headlines in 2016 · Looking for signs of complacency in the workplace · A robust organizational COSO based framework that organizes your work from cradle to grave · Working paper and check list recommendations · Actual audit report sample (with author identification removed)

Dados e análise
1 de 37
Baixar para ler offline
12/20/2017 1 How to Prepare for your First Anti-Fraud Review About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
12/20/2017 2 About AuditNet® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,800 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE. • If you meet the criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • Please complete the evaluation questionnaire to help us continuously improve our Webinars.
12/20/2017 3 IMPORTANT INFORMATION REGARDING CPE! • SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions! • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC
12/20/2017 4 How to Prepare for your First Anti-Fraud Review Don Sparks SmartCAATTs, LLC 407-756-0375 don@smartcaatts.com Ongoing Monitoring Governance “Tone at the Top” Event & Risk Assessment “Think like a Fraudster” Controls Testing “Looking for Fraud” Incident Response “Suspected Fraud” POLLING QUESTION #1
12/20/2017 5 Schedule • Executive Summary & Looking For Shell Vendors • International Professional Practices Framework (The IIA Red Book) • Committee of Sponsoring Organizations (COSO) • Association of Certified Fraud Examiners (ACFE) • Anti-Fraud Life Cycle Detail • Q&A Executive Summary • Test internal controls before you have a fraud [anti-fraud assessment] • Are you looking for fraud? Be sure your organization has a Fraud Policy! • Time to detect negatively impacts recovery and investigation dollars • An anti-fraud assessment is not a one time and forget exercise! • Fraud is an Adaptive Crime and you do need to LOOK for it: • Business units have finite and predictable list of schemes, typically 5 to 7 • Each scheme permutation creates a finite and predictable scenario • The key to finding is to “proactively” look where it typically occurs • You need to know what fraud looks like, particularly “in the data” • Internal Auditors need to be “approachable”, are you?
12/20/2017 6 Resources - Great Take Aways if you do not already have: • Credit Balances on Cancelled Accounts • Fraud Risk Assessment Audit Report • Corporate Policy on Fraud • Fraud Auditing - GTAG 13 • Red Flags Squirrel File • ACFE Report to the Nations • Fraud Investigation Report Is Fraud a Problem? Our company does not have a fraud problem Our employees are honest & would not commit fraud We only hire honest employees We follow all government regulations so we are protected against fraud Small frauds are not important to bother with
12/20/2017 7 Do You Have a Robust Ethics Committee Process? Secure Leadership buy-in Choose Committee Members Train Members and Staff Write Committee Charter/Guiding Principles Establish Committee Process – when to meet Initiate Process and Deliberate Anti-Fraud is a Journey not a Destination • Fraudsters – Learn how to create the fraud and have the time and patience to get good at it. Start out slow, easy to explain and then increase the activity. May be creative at disguising fraud. • Auditors – Must learn what fraud looks like in the work place. Per the PCAOB, auditors are often too predictable, polite, and easily sidetracked with heavy workloads. • Anti-Fraud - The purpose is to bring awareness to all employees about the potential for fraud, what constitutes fraud, how to prevent fraud, how to report suspected fraud and how to handle any allegations of fraud. The ultimate goal is to eliminate all fraudulent activity.
12/20/2017 8 POLLING QUESTION #2 Role of Internal Auditing in Fraud • What does your Charter say? • Reference to GTAG 13 – Questions for CAE to ask senior management and Audit committee. • Audit Committee Event Matrix.
12/20/2017 9 Fraud Detection Sources Internal Auditing continues to stay in the top spots according to the ACFE RTTN. In the 2016 report Internal Auditing was second behind tip. This report contains an analysis of 2,410 cases of occupational fraud that were investigated between January 2014 and October 2015. The frauds in this study took place in 114 different countries throughout the world. TIP 39.1 INTERNAL AUDIT 16.5 MANAGEMENT REVIEW 13.4 BY ACCIDENT 5.6 OTHER 5.5 DOCUMENT EXAM. 3.8 EXTERNAL AUDIT 3.8 BY LAW ENFORCEMENT 2.4 SURVELIANCE MONITOR 1.9 IT CONTROLS 1.3 CONFESSION 1.3 2016 % POLLING QUESTION #3
12/20/2017 10 The Institute of Internal Auditors’ IPPF defines fraud as: Fraud encompasses a wide range of irregularities and illegal acts characterized by intentional deception or misrepresentation. “Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.” ACFE Categories of Fraud • Asset Misappropriation • Financial Statement • Corruption Asset misappropriation was by far the most common form of occupational fraud, occurring in more than 83% of cases, but causing the smallest median loss of $125,000. Financial statement fraud was on the other end of the spectrum, occurring in less than 10% of cases but causing a median loss of $975,000. Corruption cases fell in the middle, with 35.4% of cases and a median loss of $200,000.
12/20/2017 11 Examples of Fraud Fraud is perpetrated by a person knowing that it could result in some unauthorized benefit to him or her, to the organization, or to another person, and can be perpetrated by persons outside or inside the organization. Some common fraud schemes include: Fraud Schemes Asset misappropriation is stealing cash or assets (supplies, inventory, equipment, and information) from the organization. In many cases, the perpetrator tries to conceal the theft, usually by adjusting the records. Skimming occurs when cash is stolen from an organization before it is recorded on the organization’s books and records. For example, an employee accepts payment from a customer, but does not record the sale. Payroll fraud occurs when the fraudster causes the organization to issue a payment by making false claims for compensation. For example, an employee claims overtime for hours not worked or an employee adds ghost employees to the payroll and receives the paycheck.
12/20/2017 12 Fraud Schemes (continued) Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services, inflated invoices, or invoices for personal purchases. For example, an employee can create a shell company and then bill the employer for nonexistent services. Other examples include fraudulent health care claims (billings for services not performed, unbundled billings instead of bundled billings), unemployment insurance claims by people who are working, or pension or social security claims for people who have died. Fraud Schemes (continued) Financial statement fraud involves misrepresenting the financial statements, often by overstating assets or revenue or understating liabilities and expenses. Financial statement fraud is typically perpetrated by organization managers who seek to enhance the economic appearance of the organization. Members of management may benefit directly from the fraud by selling stock, receiving performance bonuses, or using the false report to conceal another fraud.
12/20/2017 13 Fraud Schemes (continued) Expense reimbursement fraud occurs when an employee is paid for fictitious or inflated expenses. For example, an employee submits a fraudulent expense report claiming reimbursement for personal travel, nonexistent meals, extra mileage, etc. Information misrepresentation involves providing false information, usually to those outside the organization. Most often this involves fraudulent financial statements, although falsifying information used as performance measures can also occur. Conflict of interest occurs where an employee, manager, or executive of an organization has an undisclosed personal economic interest in a transaction that adversely affects the organization or the shareholders’ interests. Fraud Schemes (continued) Corruption is the misuse of entrusted power for private gain. Corruption includes bribery and other improper uses of power. Corruption is often an off-book fraud, meaning that there is little financial statement evidence available to prove that the crime occurred. Corrupt employees do not have to fraudulently change financial statements to cover up their crimes; they simply receive cash payments under the table. In most cases, these crimes are uncovered through tips or complaints from third parties, often via a fraud hotline. Corruption often involves the purchasing function. Any employee authorized to spend an organization’s money is a possible candidate for corruption.
12/20/2017 14 Fraud Schemes (continued) Bribery Is the offering, giving, receiving, or soliciting of anything of value to influence an outcome. Bribes may be offered to key employees or managers such as purchasing agents who have discretion in awarding business to vendors. In the typical case, a purchasing agent accepts kickbacks to favor an outside vendor in buying goods or services. The flip side of offering or receiving anything of value is demanding it as a condition of awarding business, termed economic extortion. Another example is a corrupt lending officer who demands a kickback in exchange for approving a loan. Those paying bribes tend to be commissioned salespeople or intermediaries for outside vendors. Other Fraud Schemes:  A diversion is an act to divert a potentially profitable transaction to an employee or outsider that would normally generate profits for the organization.  Unauthorized or illegal use or theft of confidential or proprietary information to wrongly benefit someone.  Related-party activity is a situation where one party receives some benefit not obtainable in a normal arm’s length transaction.  Tax evasion is intentional reporting of false information on a tax return to reduce taxes owed.
12/20/2017 15 POLLING QUESTION #4 Be Alert For the “Red Flags” of Fraud Create a record of business rules to use your favorite data mining tool. Your staff should be able to add and adjust items on the list on a regular basis. See a portion of Don’s “Squirrel File”.
12/20/2017 16 2015 “The Year of Shell Vendor Frauds” Industry A Large Hospital A Large City Detection Tip to CAE Tip by employee Duration 14 years 7 years Amount $10 million/ 200 payments $7 million/175 payments Scheme Account Payables Account Payables Scenario Payments sent to PO Box belonging to an employee who created, reviewed and approved invoices Payments sent to former employee in a relationship with city manager – 3 additional shell companies identified Data Mining Tool ??? IDEA How to Identify Fictitious (Shell) Vendors • Approved to be paid through a P.O. Box (for several years) • Not an approved vendor for goods or services • Above average amounts (payouts) in relation to other vendors • Cross check with employee address, zip code, bank account, or phone • No taxpayer identification number or an invalid one • Names consisting of initials cross checked with employee initials • Invoice numbers are consecutive numbers with little or no gap • Invoices with even dollar amounts and/or no taxes • Cross check with Secretary of State records on principals or agents
12/20/2017 17 Common Information in Master Files • Most auditors and fraud examiners recommend cross-matching data. For example, the customer master file and the employee master file looking for unusual circumstances and possible fraud. • Prior to IDEA version 9.2 when the @SimilarPhrase function was introduced, there basically were two best practices: Cross Matching Using the First 8 Characters; or, Using @JustNumbers. • Now, using the @SimilarPhrase brings in the levenshtein matching logic and in addition to returning 100 % matches, returns a distance percentage to identify close matches. • A short demonstration follows: Cross Match with @SimilarPhrase The Levenshtein distance between two strings is defined as the minimum number of edits needed to transform one string into the other, with the allowable edit operations being insertion, deletion, or substitution of a single character.
12/20/2017 18 Select Visual Connect
12/20/2017 19 Append Distance Field (Decimals = 6)
12/20/2017 20 Analytics Journey Data Information Insight Data Analysis Process Source: Aberdeen Group May 2012 How Can The IIA Help? The Standards • 2120.A1 – The IA activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the: • Achievement of the organization’s strategic objectives. • Reliability and integrity of financial and operational information. • Effectiveness and efficiency of operations and programs. • Safeguarding of assets. • Compliance with laws, regulations, policies, procedures, and contracts. • 2120.A2 – The IA activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. [Changed from “should “ to MUST in 2012]
12/20/2017 21 How Can COSO help? Ongoing Monitoring Governance “Tone at the Top” Event & Risk Assessment “Think like a Fraudster” Controls Testing “Looking for Fraud” Incident Response “Suspected Fraud” It Should Be a CRIME to Not Know COSO • THE CONTROL ENVIRONMENT - foundation for the IC system with discipline and structure. [Control testing] • RISK ASSESSMENT - identification/analysis by management—not IA — risks relevant to achieve predetermined objectives. [think like a fraudster] • CONTROL ACTIVITIES - policies, procedures, and practices to be sure management objectives are achieved and risk mitigation strategies are carried out. [Tone at the Top] • INFORMATION AND COMMUNICATION - support all IC components by communicating IC responsibilities to employees and provides information that allows people to carry out their duties. [current fraud review] • MONITORING - oversight of IC by management or others outside the process; manual or automated; evidence objectives are met. [Ongoing monitoring]
12/20/2017 22 The 2013 COSO Internal Control Framework Added 17 Principles, including: •Principle 8: “The organization considers the potential for fraud in assessing risks to the achievement of objectives” Monitoring Activities • Principle 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning • Principle 17: The organization evaluates and communicates internal control deficiencies in a timely manner ….. How can ACFE help? “Proactive” vs. “Reactive”
12/20/2017 23 End Result: Anti-Fraud Life Cycle Step 5 Ongoing Monitoring Step 1 Governance “Tone at the Top” Step 3 Event & Risk Assessment “Think like a Fraudster” Step 5 Controls Testing “Looking for Fraud” Step 2 Incident Response “Suspected Fraud” Use the framework as the Audit program, working papers and audit report outline. The permanent file is repeated at regular but varying intervals to Identify the organization’s readiness to fight fraud. Step 1: Governance – Tone at the Top 1 External Audit of Financial Statements 11 Hotline 2 Code of Conduct 12 Fraud Training for employees 3 Management Certification of Financial Statements 13 Surprise Audits 4 Manage Review/approvals/line of authority 14 Job rotation/mandatory vacation 5 Internal Auditing Function 15 Rewards for Whistleblowers 6 External Audit of ICOFR 16 Key performance measuring/monitoring 7 Independent Audit Committee 17 Hiring - background and reference checks 8 Employee Support Programs 18 Termination - exit interview process 9 Fraud Training for Managers/executives 19 Crime coverage - list of employees covered 10 Fraud Investigation Policy 20 Appoint A Chief of Company Anti-Fraud Policy
12/20/2017 24 Auditing Tone at the Top • Review Board Minutes • Did management attend Code of Conduct Training • Audit Expense Reports • Hotline “reports” Follow-up • Handling Code of Conduct “exceptions” • Review Board of Directors duty training • Did BoD conduct a self-assessment? • Benchmark against peer organizations
12/20/2017 25 Step 2: Fraud Investigation Policy 1 How and when to start an investigation 8 How & when to elevate the investigation 2 Who can approve 9 Consistency & uniformity, similar offenses treated alike 3 Documentation Requirements 10 Guidance - how far to pursue investigation 4 Data Analysis Needs 11 Communications - before, during & after investigation 5 Designate the members of the team 12 Extent of recovery efforts to be conducted 6 Process for adding experts to the team 13 Issue final written report 7 Access, evaluate & mitigate internal controls 14 Records retention Source GTAG 13
12/20/2017 26 Internal Audit May Not Be Aware of Fraud • Adding experts skilled in data analysis can get the complete picture. • Why not use internal auditing staff? • Impact changes if the company has a crime or fidelity insurance policy. A theme park employee admitted to defrauding the park of $209,000 in park tickets over an 18 month period. She agreed to repay the to avoid prosecution. Internal audit was not involved but noticed the employee worked 4 years. Using the scheme already determined they calculated the employee actually stole over $1 million in tickets. Sequence of Fraud Activities Preventative Controls Detection & Monitoring Investigation & Prosecution Lessons Learned influence future use of prevention and control processes.
12/20/2017 27 Step 3: Fraud Risk Assessment – The CSA • Understand where fraud is likely to occur – use ACFE RTTN report • Invite representatives to discuss each process under review • Some employees will have difficulty in envisioning fraud happening • Use anonymous polling tools to open discussions in sensitive areas • Consider everyone’s opinion (outlier concerns) • Be sure the person documenting the discussion catches key information ACFE Report to the Nations – Fraud Schemes Financial ReportingCorruption
12/20/2017 28 POLLING QUESTION #5 Events & Risk Assessment Find one that includes the data file and data elements required
12/20/2017 29 Fraud Risk Assessment Heat Map Quantification Risks identified in the assessment process must now be prioritized. The methodology for prioritization will be to assess the impact and likelihood of each risk. Impact is the result or effect of an event. Likelihood is the possibilit POLLING QUESTION #6
12/20/2017 30 Example “CSA Brainstorming Session” 1. Cashiers handle the same number of sales 2. Cashiers should receive about the same number of refunds or returns 3. Employees should not receive “refunds” 4. All invoices should be sequential without gaps 5. Refunds are computed amounts, distribution should follow Benford’s law 6. An automated system should not allow duplicate refunds 7. Customer can not be refunded more than what they paid originally 8. Supervisor overrides should all be within normal business hours 9. Correlation between sales and refunds should follow the sales (trending) Step 4: Controls Testing - Look for Fraud • Just because you have completed the fraud risk assessment does not mean you are done. • Many companies do not proactively test their fraud readiness until after a fraud occurs. • By taking advantage of the rich knowledge embedded in the fraud risk assessment template, internal auditing can incorporate detail audit tests into their audit universe. • As future audit schedules are developed, the more important risks to the organization should float to the top of the priority scale.
12/20/2017 31 Step 4. Testing Entity & Process Controls Are fraud risk flags imbedded into audit programs? Is the staff fully trained in technology? If you do not look, then who will…. Data Analysis is not the same as Data Mining Data analysis is the science of examining raw data. The purpose is to determine if this data contains information (good or bad). Sampling can be a perfectly acceptable feature. Data Mining is using the results of data analysis to search through 100% of the data to find matching patterns. Matches may be false positives but the exercise is looking for true positives. A false positive is a record that meets the pattern but is not a correct record that fits the desired result.
12/20/2017 32 Step 5: Monitoring Activities Monitoring = Compliance? • Insurance Companies & banks in some states are required to do an anti-fraud report • COSO principles 16 & 17 • USA Sentencing guidelines • OECD Good Practice • UK Bribery Act • OECD Good Practice • UK Bribery Act Organization for Economic Co-operation & Development
12/20/2017 33 POLLING QUESTION #7 Data Analysis Tips To Keep In Mind • Work on a COPY of Client’s data – never make changes to client data • Document all actions taken with data • Audit tests repeatable with same results • Maintain custody & security of data • Properly store and destroy data
12/20/2017 34 Six Tips for Successful Data Analytics Integration: 1. Start with a high-priority, high-return project 2. Focus on efficiency and effectiveness 3. Communicate 4. Be brief; be thorough; be gone 5. Exercise patience 6. Use the Tool Provider Help Desk Lessons Learned • Good Data • Correct Analysis • Data Readily Available • Data Speaks For Itself • Offender Terminated • One Perpetrator • Best Practice For All • Only “One” Tool • “Bad” Can’t Happen • Know Tools, Competencies, Company, Industry!
12/20/2017 35 POLLING QUESTION #8 Conclusion: • Develop and implement a Fraud Policy for your organization • Implement a fraud reporting hotline • Be aware of red flag behaviors • Don’t depend solely on external audits • Small business owner? Be vigilant • Focus on prevention, not recovery
12/20/2017 36 Questions? • Any Questions? Don’t be Shy! Page 71 AuditNet® and cRisk Academy • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week
12/20/2017 37 Thank You! Page 73 Jim Kaplan AuditNet® LLC 1-800-385-1625 info@auditnet.org www.auditnet.org Don Sparks - CIA, CISA, CRMA SmartCAATTs LLC 407-756-0375 don@SmartCAATTs.com www.smartcatts.com (IDEA Training) Questions? Don Sparks, CIA, CISA, CRMA, ARM don@smartcaatts.com Thank You For Attending & Happy Holidays!

Recomendados

Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 

Recomendados

Visualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelVisualize audit sampling and fraud detection in excel
Visualize audit sampling and fraud detection in excelJim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATJim Kaplan CIA CFE
 
Top 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksTop 10 excel analytic tests to minimize fraud and process risks
Top 10 excel analytic tests to minimize fraud and process risksJim Kaplan CIA CFE
 
Technology development: What is audit's role?
Technology development: What is audit's role?Technology development: What is audit's role?
Technology development: What is audit's role?Jim Kaplan CIA CFE
 
Internal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureInternal Audit's Role in Ethics, Governance, & Culture
Internal Audit's Role in Ethics, Governance, & CultureJim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social MediaJim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal AuditorsJim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliersJim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork WebinarJim Kaplan CIA CFE
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
20160210 webinarslides
20160210 webinarslides20160210 webinarslides
20160210 webinarslidesJim Kaplan CIA CFE
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slidesJim Kaplan CIA CFE
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing BasicsJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4Jim Kaplan CIA CFE
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 

Mais conteúdo relacionado

Mais procurados

Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 

Mais procurados (20)

Auditing Social Media
Auditing Social MediaAuditing Social Media
Auditing Social Media
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
 
Fieldwork Webinar
Fieldwork WebinarFieldwork Webinar
Fieldwork Webinar
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data Analytics
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
20160210 webinarslides
20160210 webinarslides20160210 webinarslides
20160210 webinarslides
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 

Semelhante a How to prepare for your first anti fraud review

Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Criminal Psychology & Fraud Investigation
Criminal Psychology & Fraud InvestigationCriminal Psychology & Fraud Investigation
Criminal Psychology & Fraud InvestigationTommy Seah
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated AnalyticsJim Kaplan CIA CFE
 
Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation Jim Kaplan CIA CFE
 

Semelhante a How to prepare for your first anti fraud review (20)

GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
It52015 slides
It52015 slidesIt52015 slides
It52015 slides
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slides
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
 
Criminal Psychology & Fraud Investigation
Criminal Psychology & Fraud InvestigationCriminal Psychology & Fraud Investigation
Criminal Psychology & Fraud Investigation
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
 
Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation
 

Mais de Jim Kaplan CIA CFE

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceJim Kaplan CIA CFE
 

Mais de Jim Kaplan CIA CFE (10)

How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics Excellence
 

Último

Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsJoseMangaJr1
 
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...amitlee9823
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...amitlee9823
 
hybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptxhybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptx9to5mart
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...karishmasinghjnh
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteedamy56318795
 
Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -
Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -
Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -Pooja Nehwal
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramMoniSankarHazra
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...amitlee9823
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...amitlee9823
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 

Último (20)

Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter Lessons
 
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
 
hybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptxhybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptx
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
 
Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -
Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -
Thane Call Girls 7091864438 Call Girls in Thane Escort service book now -
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
 
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Rabindra Nagar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 

How to prepare for your first anti fraud review

  • 1. 12/20/2017 1 How to Prepare for your First Anti-Fraud Review About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (now available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  Recipient of the IIA’s 2007 Bradford Cadmus Memorial Award.  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2
  • 2. 12/20/2017 2 About AuditNet® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 2,800 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you have indicated you would like CPE you must answer the polling questions (all or minimum required) to receive CPE. • If you meet the criteria for earning CPE you will receive a link via email to download your certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • Please complete the evaluation questionnaire to help us continuously improve our Webinars.
  • 3. 12/20/2017 3 IMPORTANT INFORMATION REGARDING CPE! • SUBSCRIBERS/SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via NoReply@gensend.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There is a processing fee to have your CPE credit regenerated post event. • NON-SUBSCRIBERS/NON-SITE LICENSE USERS - If you attend the Webinar and answer the polling questions (all or minimum required) and requested CPE you must pay a fee to receive your CPE. No exceptions! • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • Anyone may register, attend and view the Webinar without fees if they opted out of receiving CPE. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC
  • 4. 12/20/2017 4 How to Prepare for your First Anti-Fraud Review Don Sparks SmartCAATTs, LLC 407-756-0375 don@smartcaatts.com Ongoing Monitoring Governance “Tone at the Top” Event & Risk Assessment “Think like a Fraudster” Controls Testing “Looking for Fraud” Incident Response “Suspected Fraud” POLLING QUESTION #1
  • 5. 12/20/2017 5 Schedule • Executive Summary & Looking For Shell Vendors • International Professional Practices Framework (The IIA Red Book) • Committee of Sponsoring Organizations (COSO) • Association of Certified Fraud Examiners (ACFE) • Anti-Fraud Life Cycle Detail • Q&A Executive Summary • Test internal controls before you have a fraud [anti-fraud assessment] • Are you looking for fraud? Be sure your organization has a Fraud Policy! • Time to detect negatively impacts recovery and investigation dollars • An anti-fraud assessment is not a one time and forget exercise! • Fraud is an Adaptive Crime and you do need to LOOK for it: • Business units have finite and predictable list of schemes, typically 5 to 7 • Each scheme permutation creates a finite and predictable scenario • The key to finding is to “proactively” look where it typically occurs • You need to know what fraud looks like, particularly “in the data” • Internal Auditors need to be “approachable”, are you?
  • 6. 12/20/2017 6 Resources - Great Take Aways if you do not already have: • Credit Balances on Cancelled Accounts • Fraud Risk Assessment Audit Report • Corporate Policy on Fraud • Fraud Auditing - GTAG 13 • Red Flags Squirrel File • ACFE Report to the Nations • Fraud Investigation Report Is Fraud a Problem? Our company does not have a fraud problem Our employees are honest & would not commit fraud We only hire honest employees We follow all government regulations so we are protected against fraud Small frauds are not important to bother with
  • 7. 12/20/2017 7 Do You Have a Robust Ethics Committee Process? Secure Leadership buy-in Choose Committee Members Train Members and Staff Write Committee Charter/Guiding Principles Establish Committee Process – when to meet Initiate Process and Deliberate Anti-Fraud is a Journey not a Destination • Fraudsters – Learn how to create the fraud and have the time and patience to get good at it. Start out slow, easy to explain and then increase the activity. May be creative at disguising fraud. • Auditors – Must learn what fraud looks like in the work place. Per the PCAOB, auditors are often too predictable, polite, and easily sidetracked with heavy workloads. • Anti-Fraud - The purpose is to bring awareness to all employees about the potential for fraud, what constitutes fraud, how to prevent fraud, how to report suspected fraud and how to handle any allegations of fraud. The ultimate goal is to eliminate all fraudulent activity.
  • 8. 12/20/2017 8 POLLING QUESTION #2 Role of Internal Auditing in Fraud • What does your Charter say? • Reference to GTAG 13 – Questions for CAE to ask senior management and Audit committee. • Audit Committee Event Matrix.
  • 9. 12/20/2017 9 Fraud Detection Sources Internal Auditing continues to stay in the top spots according to the ACFE RTTN. In the 2016 report Internal Auditing was second behind tip. This report contains an analysis of 2,410 cases of occupational fraud that were investigated between January 2014 and October 2015. The frauds in this study took place in 114 different countries throughout the world. TIP 39.1 INTERNAL AUDIT 16.5 MANAGEMENT REVIEW 13.4 BY ACCIDENT 5.6 OTHER 5.5 DOCUMENT EXAM. 3.8 EXTERNAL AUDIT 3.8 BY LAW ENFORCEMENT 2.4 SURVELIANCE MONITOR 1.9 IT CONTROLS 1.3 CONFESSION 1.3 2016 % POLLING QUESTION #3
  • 10. 12/20/2017 10 The Institute of Internal Auditors’ IPPF defines fraud as: Fraud encompasses a wide range of irregularities and illegal acts characterized by intentional deception or misrepresentation. “Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.” ACFE Categories of Fraud • Asset Misappropriation • Financial Statement • Corruption Asset misappropriation was by far the most common form of occupational fraud, occurring in more than 83% of cases, but causing the smallest median loss of $125,000. Financial statement fraud was on the other end of the spectrum, occurring in less than 10% of cases but causing a median loss of $975,000. Corruption cases fell in the middle, with 35.4% of cases and a median loss of $200,000.
  • 11. 12/20/2017 11 Examples of Fraud Fraud is perpetrated by a person knowing that it could result in some unauthorized benefit to him or her, to the organization, or to another person, and can be perpetrated by persons outside or inside the organization. Some common fraud schemes include: Fraud Schemes Asset misappropriation is stealing cash or assets (supplies, inventory, equipment, and information) from the organization. In many cases, the perpetrator tries to conceal the theft, usually by adjusting the records. Skimming occurs when cash is stolen from an organization before it is recorded on the organization’s books and records. For example, an employee accepts payment from a customer, but does not record the sale. Payroll fraud occurs when the fraudster causes the organization to issue a payment by making false claims for compensation. For example, an employee claims overtime for hours not worked or an employee adds ghost employees to the payroll and receives the paycheck.
  • 12. 12/20/2017 12 Fraud Schemes (continued) Disbursement fraud occurs when a person causes the organization to issue a payment for fictitious goods or services, inflated invoices, or invoices for personal purchases. For example, an employee can create a shell company and then bill the employer for nonexistent services. Other examples include fraudulent health care claims (billings for services not performed, unbundled billings instead of bundled billings), unemployment insurance claims by people who are working, or pension or social security claims for people who have died. Fraud Schemes (continued) Financial statement fraud involves misrepresenting the financial statements, often by overstating assets or revenue or understating liabilities and expenses. Financial statement fraud is typically perpetrated by organization managers who seek to enhance the economic appearance of the organization. Members of management may benefit directly from the fraud by selling stock, receiving performance bonuses, or using the false report to conceal another fraud.
  • 13. 12/20/2017 13 Fraud Schemes (continued) Expense reimbursement fraud occurs when an employee is paid for fictitious or inflated expenses. For example, an employee submits a fraudulent expense report claiming reimbursement for personal travel, nonexistent meals, extra mileage, etc. Information misrepresentation involves providing false information, usually to those outside the organization. Most often this involves fraudulent financial statements, although falsifying information used as performance measures can also occur. Conflict of interest occurs where an employee, manager, or executive of an organization has an undisclosed personal economic interest in a transaction that adversely affects the organization or the shareholders’ interests. Fraud Schemes (continued) Corruption is the misuse of entrusted power for private gain. Corruption includes bribery and other improper uses of power. Corruption is often an off-book fraud, meaning that there is little financial statement evidence available to prove that the crime occurred. Corrupt employees do not have to fraudulently change financial statements to cover up their crimes; they simply receive cash payments under the table. In most cases, these crimes are uncovered through tips or complaints from third parties, often via a fraud hotline. Corruption often involves the purchasing function. Any employee authorized to spend an organization’s money is a possible candidate for corruption.
  • 14. 12/20/2017 14 Fraud Schemes (continued) Bribery Is the offering, giving, receiving, or soliciting of anything of value to influence an outcome. Bribes may be offered to key employees or managers such as purchasing agents who have discretion in awarding business to vendors. In the typical case, a purchasing agent accepts kickbacks to favor an outside vendor in buying goods or services. The flip side of offering or receiving anything of value is demanding it as a condition of awarding business, termed economic extortion. Another example is a corrupt lending officer who demands a kickback in exchange for approving a loan. Those paying bribes tend to be commissioned salespeople or intermediaries for outside vendors. Other Fraud Schemes:  A diversion is an act to divert a potentially profitable transaction to an employee or outsider that would normally generate profits for the organization.  Unauthorized or illegal use or theft of confidential or proprietary information to wrongly benefit someone.  Related-party activity is a situation where one party receives some benefit not obtainable in a normal arm’s length transaction.  Tax evasion is intentional reporting of false information on a tax return to reduce taxes owed.
  • 15. 12/20/2017 15 POLLING QUESTION #4 Be Alert For the “Red Flags” of Fraud Create a record of business rules to use your favorite data mining tool. Your staff should be able to add and adjust items on the list on a regular basis. See a portion of Don’s “Squirrel File”.
  • 16. 12/20/2017 16 2015 “The Year of Shell Vendor Frauds” Industry A Large Hospital A Large City Detection Tip to CAE Tip by employee Duration 14 years 7 years Amount $10 million/ 200 payments $7 million/175 payments Scheme Account Payables Account Payables Scenario Payments sent to PO Box belonging to an employee who created, reviewed and approved invoices Payments sent to former employee in a relationship with city manager – 3 additional shell companies identified Data Mining Tool ??? IDEA How to Identify Fictitious (Shell) Vendors • Approved to be paid through a P.O. Box (for several years) • Not an approved vendor for goods or services • Above average amounts (payouts) in relation to other vendors • Cross check with employee address, zip code, bank account, or phone • No taxpayer identification number or an invalid one • Names consisting of initials cross checked with employee initials • Invoice numbers are consecutive numbers with little or no gap • Invoices with even dollar amounts and/or no taxes • Cross check with Secretary of State records on principals or agents
  • 17. 12/20/2017 17 Common Information in Master Files • Most auditors and fraud examiners recommend cross-matching data. For example, the customer master file and the employee master file looking for unusual circumstances and possible fraud. • Prior to IDEA version 9.2 when the @SimilarPhrase function was introduced, there basically were two best practices: Cross Matching Using the First 8 Characters; or, Using @JustNumbers. • Now, using the @SimilarPhrase brings in the levenshtein matching logic and in addition to returning 100 % matches, returns a distance percentage to identify close matches. • A short demonstration follows: Cross Match with @SimilarPhrase The Levenshtein distance between two strings is defined as the minimum number of edits needed to transform one string into the other, with the allowable edit operations being insertion, deletion, or substitution of a single character.
  • 20. 12/20/2017 20 Analytics Journey Data Information Insight Data Analysis Process Source: Aberdeen Group May 2012 How Can The IIA Help? The Standards • 2120.A1 – The IA activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the: • Achievement of the organization’s strategic objectives. • Reliability and integrity of financial and operational information. • Effectiveness and efficiency of operations and programs. • Safeguarding of assets. • Compliance with laws, regulations, policies, procedures, and contracts. • 2120.A2 – The IA activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. [Changed from “should “ to MUST in 2012]
  • 21. 12/20/2017 21 How Can COSO help? Ongoing Monitoring Governance “Tone at the Top” Event & Risk Assessment “Think like a Fraudster” Controls Testing “Looking for Fraud” Incident Response “Suspected Fraud” It Should Be a CRIME to Not Know COSO • THE CONTROL ENVIRONMENT - foundation for the IC system with discipline and structure. [Control testing] • RISK ASSESSMENT - identification/analysis by management—not IA — risks relevant to achieve predetermined objectives. [think like a fraudster] • CONTROL ACTIVITIES - policies, procedures, and practices to be sure management objectives are achieved and risk mitigation strategies are carried out. [Tone at the Top] • INFORMATION AND COMMUNICATION - support all IC components by communicating IC responsibilities to employees and provides information that allows people to carry out their duties. [current fraud review] • MONITORING - oversight of IC by management or others outside the process; manual or automated; evidence objectives are met. [Ongoing monitoring]
  • 22. 12/20/2017 22 The 2013 COSO Internal Control Framework Added 17 Principles, including: •Principle 8: “The organization considers the potential for fraud in assessing risks to the achievement of objectives” Monitoring Activities • Principle 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning • Principle 17: The organization evaluates and communicates internal control deficiencies in a timely manner ….. How can ACFE help? “Proactive” vs. “Reactive”
  • 23. 12/20/2017 23 End Result: Anti-Fraud Life Cycle Step 5 Ongoing Monitoring Step 1 Governance “Tone at the Top” Step 3 Event & Risk Assessment “Think like a Fraudster” Step 5 Controls Testing “Looking for Fraud” Step 2 Incident Response “Suspected Fraud” Use the framework as the Audit program, working papers and audit report outline. The permanent file is repeated at regular but varying intervals to Identify the organization’s readiness to fight fraud. Step 1: Governance – Tone at the Top 1 External Audit of Financial Statements 11 Hotline 2 Code of Conduct 12 Fraud Training for employees 3 Management Certification of Financial Statements 13 Surprise Audits 4 Manage Review/approvals/line of authority 14 Job rotation/mandatory vacation 5 Internal Auditing Function 15 Rewards for Whistleblowers 6 External Audit of ICOFR 16 Key performance measuring/monitoring 7 Independent Audit Committee 17 Hiring - background and reference checks 8 Employee Support Programs 18 Termination - exit interview process 9 Fraud Training for Managers/executives 19 Crime coverage - list of employees covered 10 Fraud Investigation Policy 20 Appoint A Chief of Company Anti-Fraud Policy
  • 24. 12/20/2017 24 Auditing Tone at the Top • Review Board Minutes • Did management attend Code of Conduct Training • Audit Expense Reports • Hotline “reports” Follow-up • Handling Code of Conduct “exceptions” • Review Board of Directors duty training • Did BoD conduct a self-assessment? • Benchmark against peer organizations
  • 25. 12/20/2017 25 Step 2: Fraud Investigation Policy 1 How and when to start an investigation 8 How & when to elevate the investigation 2 Who can approve 9 Consistency & uniformity, similar offenses treated alike 3 Documentation Requirements 10 Guidance - how far to pursue investigation 4 Data Analysis Needs 11 Communications - before, during & after investigation 5 Designate the members of the team 12 Extent of recovery efforts to be conducted 6 Process for adding experts to the team 13 Issue final written report 7 Access, evaluate & mitigate internal controls 14 Records retention Source GTAG 13
  • 26. 12/20/2017 26 Internal Audit May Not Be Aware of Fraud • Adding experts skilled in data analysis can get the complete picture. • Why not use internal auditing staff? • Impact changes if the company has a crime or fidelity insurance policy. A theme park employee admitted to defrauding the park of $209,000 in park tickets over an 18 month period. She agreed to repay the to avoid prosecution. Internal audit was not involved but noticed the employee worked 4 years. Using the scheme already determined they calculated the employee actually stole over $1 million in tickets. Sequence of Fraud Activities Preventative Controls Detection & Monitoring Investigation & Prosecution Lessons Learned influence future use of prevention and control processes.
  • 27. 12/20/2017 27 Step 3: Fraud Risk Assessment – The CSA • Understand where fraud is likely to occur – use ACFE RTTN report • Invite representatives to discuss each process under review • Some employees will have difficulty in envisioning fraud happening • Use anonymous polling tools to open discussions in sensitive areas • Consider everyone’s opinion (outlier concerns) • Be sure the person documenting the discussion catches key information ACFE Report to the Nations – Fraud Schemes Financial ReportingCorruption
  • 28. 12/20/2017 28 POLLING QUESTION #5 Events & Risk Assessment Find one that includes the data file and data elements required
  • 29. 12/20/2017 29 Fraud Risk Assessment Heat Map Quantification Risks identified in the assessment process must now be prioritized. The methodology for prioritization will be to assess the impact and likelihood of each risk. Impact is the result or effect of an event. Likelihood is the possibilit POLLING QUESTION #6
  • 30. 12/20/2017 30 Example “CSA Brainstorming Session” 1. Cashiers handle the same number of sales 2. Cashiers should receive about the same number of refunds or returns 3. Employees should not receive “refunds” 4. All invoices should be sequential without gaps 5. Refunds are computed amounts, distribution should follow Benford’s law 6. An automated system should not allow duplicate refunds 7. Customer can not be refunded more than what they paid originally 8. Supervisor overrides should all be within normal business hours 9. Correlation between sales and refunds should follow the sales (trending) Step 4: Controls Testing - Look for Fraud • Just because you have completed the fraud risk assessment does not mean you are done. • Many companies do not proactively test their fraud readiness until after a fraud occurs. • By taking advantage of the rich knowledge embedded in the fraud risk assessment template, internal auditing can incorporate detail audit tests into their audit universe. • As future audit schedules are developed, the more important risks to the organization should float to the top of the priority scale.
  • 31. 12/20/2017 31 Step 4. Testing Entity & Process Controls Are fraud risk flags imbedded into audit programs? Is the staff fully trained in technology? If you do not look, then who will…. Data Analysis is not the same as Data Mining Data analysis is the science of examining raw data. The purpose is to determine if this data contains information (good or bad). Sampling can be a perfectly acceptable feature. Data Mining is using the results of data analysis to search through 100% of the data to find matching patterns. Matches may be false positives but the exercise is looking for true positives. A false positive is a record that meets the pattern but is not a correct record that fits the desired result.
  • 32. 12/20/2017 32 Step 5: Monitoring Activities Monitoring = Compliance? • Insurance Companies & banks in some states are required to do an anti-fraud report • COSO principles 16 & 17 • USA Sentencing guidelines • OECD Good Practice • UK Bribery Act • OECD Good Practice • UK Bribery Act Organization for Economic Co-operation & Development
  • 33. 12/20/2017 33 POLLING QUESTION #7 Data Analysis Tips To Keep In Mind • Work on a COPY of Client’s data – never make changes to client data • Document all actions taken with data • Audit tests repeatable with same results • Maintain custody & security of data • Properly store and destroy data
  • 34. 12/20/2017 34 Six Tips for Successful Data Analytics Integration: 1. Start with a high-priority, high-return project 2. Focus on efficiency and effectiveness 3. Communicate 4. Be brief; be thorough; be gone 5. Exercise patience 6. Use the Tool Provider Help Desk Lessons Learned • Good Data • Correct Analysis • Data Readily Available • Data Speaks For Itself • Offender Terminated • One Perpetrator • Best Practice For All • Only “One” Tool • “Bad” Can’t Happen • Know Tools, Competencies, Company, Industry!
  • 35. 12/20/2017 35 POLLING QUESTION #8 Conclusion: • Develop and implement a Fraud Policy for your organization • Implement a fraud reporting hotline • Be aware of red flag behaviors • Don’t depend solely on external audits • Small business owner? Be vigilant • Focus on prevention, not recovery
  • 36. 12/20/2017 36 Questions? • Any Questions? Don’t be Shy! Page 71 AuditNet® and cRisk Academy • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week
  • 37. 12/20/2017 37 Thank You! Page 73 Jim Kaplan AuditNet® LLC 1-800-385-1625 info@auditnet.org www.auditnet.org Don Sparks - CIA, CISA, CRMA SmartCAATTs LLC 407-756-0375 don@SmartCAATTs.com www.smartcatts.com (IDEA Training) Questions? Don Sparks, CIA, CISA, CRMA, ARM don@smartcaatts.com Thank You For Attending & Happy Holidays!