Professional Documents
Culture Documents
and Fraud
Everhard Carstens
1
Risk Management –
Role of Internal Audit
Definition of Internal Audit:
2
Internal Audit
The Institute of Internal Auditors (IIA) UK
and Ireland issued a position paper on
“The Role of Internal Audit in Enterprise-
wide Risk Management” in Sept 2004.
This statement defines core audit roles,
legitimate roles as well as roles that
should NOT be undertaken by internal
audit. The latter includes:
• Setting the risk appetite.
• Imposing risk management processes.
• Management assurance on risks.
• Taking decisions on risk responses.
• Implementing risk responses on management's behalf.
3
Internal Audit Role
Five core internal audit roles
4
Internal Audit Role
Five core internal audit roles
5
6
Auditing Risk Management
Assessing Adequacy of RM process
Types of Audit Procedures
Research and review reference materials and
background information on risk management
methodologies – Best Practice
Review developments, trends, industry
information related to the business
conducted by the organization
Review the adequacy and timeliness of
reporting on risk management results
Ensure qualifications of risk management
personnel are adequate
7
Auditing Risk Management
8
Auditing Risk Management
Types of Audit Procedures
Determine whether operational personnel
understand and formally accept residual risk
subsequent to each assessment, i.e. – proof of
acceptance and sign-off.
Review previous risk evaluation reports by
management & other assurance services
Assimilate information to independently
evaluate the effectiveness of risk mitigation,
monitoring, and communication of risks and
associated control activities.
9
Auditing Risk Management
Types of Audit Procedures
Assess the appropriateness of reporting lines
for risk monitoring activities.
Review the completeness of management’s
risk analysis, actions taken to remedy issues
raised by risk management processes, and
suggest improvements.
Ensure risk assessment documentation
complies with the adopted risk management
methodology and
documentation is appropriately prepared and
maintained
10
Auditing Risk Management
Such documentation could
include:
Details on process adopted & reference to
methodology adopted.
Description of significant risks linked to individual
business objectives.
Risk scoring criteria & overall prioritization
results.
Heat maps graphically depicting high, moderate
and low threats.
Risk action plans
11
Auditing Risk Management
observations,
direct tests of control and
monitoring procedures,
testing the accuracy of information
used in monitoring activities,
12
DISCUSSION TOPICS
Background
What is a Red Flag?
Why are Red Flags important?
General Red Flags
Structural red flags
Management Red Flags
Personnel red flags
Operational red flags
Accounting system red flags
Financial performance red flags
Professional service red flags
Red Flags in organisational Processes 13
Background
69% of South African respondents indicated
that they had experienced economic crime,
which is nine percentage points higher than
in 2011.
There has been an alarming shift in the
perpetrator profile in South Africa. Senior
management is now the main perpetrator of
economic crimes committed by insiders.
PwC Global Economic Crime Survey
14
Background
Bribery & corruption has been the fastest
growing economic crime category in South
Africa since 2011.
Formal fraud risk management
programmes have become the most
effective fraud detection method. Despite
this, a significant portion of South African
organisations do not carry out fraud risk
assessments.
PwC Global Economic Crime Survey
15
What is a Red Flag?
A red flag is an event or set of
circumstances that ought to alert an
entity to the presence of risk. Within
the organisation, individuals need to be
alert to red flags - what to look out for,
how to respond, how to follow-up. By
responding appropriately to red flags,
fraud can be detected sooner and, in
some cases, prevented altogether.
16
What is a Red Flag?
Fraud indicators are only symptoms or
characteristics of possible fraud. An
indicator may be caused by the
fraudulent act itself or may result from
an attempt to hide the fraudulent
scheme. In addition, the auditor must
consider the total picture when deciding
whether to refer a suspected irregularity
17
IPPF
1210 – Proficiency
Internal auditors must possess the knowledge, skills, and
other competencies needed to perform their individual
responsibilities. The internal audit activity collectively
must possess or obtain the knowledge, skills, and other
competencies needed to perform its responsibilities.
18
Your Role
Effective fraud
awareness is anchored
in understanding and
remaining alert for the
red flags and warning
signs of fraud.
19
Why are Red Flags Important
Internal frauds are a big issue for organisations and are usually
triggered by one of four situations:
Opportunistic crime - employees commit fraud for their own
benefit
Lack of a corporate ethic - low-level fraud may appear to be
condoned by both employer and employee.
The recruited criminal - some individuals seek employment
with the deliberate intention of defrauding their employer
Employee intimidation - organised crime groups are
increasingly involved in the intimidation of staff to directly
participate in frauds
An introduction to fraud indicators.pdf
20
Umbrella Themes
BEHAVIOURAL
Employees who consistently work longer hours than their
colleagues for no apparent reason.
Employees who are reluctant to take holidays and/or time
off.
Employees who are excessively secretive in relation to
their work.
Employees known by others to be under duress for personal
reasons.
Employees with a sudden change of lifestyle and/or social
circle.
Employees under apparent stress without identifiable
pressure.
21
Umbrella Themes
BEHAVIOURAL
Employees who are aggressive or
defensive when challenged and/or
controlling of certain colleagues.
Employees who are subject to complaints
and/or tend to break the rules.
Employees who delay providing
information or who provide different
answers to different people.
22
Umbrella Themes
BEHAVIOURAL
Employees who ask to defer internal audits or
inspections to ‘properly prepare’.
Employees with new and unusual relationships
with other individuals or departments within
the organisation.
Employees who request significant detail
about proposed internal audit scopes or
inspections.
Excessively high or low staff turnover and/or
new employees resigning quickly.
23
Umbrella Themes
FINANCIAL
Cash-only transactions.
Poorly reconciled cash expenses or
customer accounts.
Rising costs with no explanation or
that are not commensurate with an
increase in revenue.
Large volume of refunds to customers.
Unusually large inventories.
24
Umbrella Themes
FINANCIAL
Unusual transactions or inter-account
transfers (even for small amounts).
Remuneration disproportionately linked to
activities such as sales.
Employees known by others to be under
external financial pressure.
Employees who appear to make a greater
than normal number of mistakes,
especially where these lead to financial
loss through cash or account transactions.
25
Umbrella Themes
FINANCIAL
Employees with unexplained sources of
wealth.
Employees with competing or
undeclared external business interests.
Employees who submit inconsistent
and/or unreasonable expense claims.
Employees at the highest level of
performance (e.g. sales) where there
might be a concern that they are
achieving this through suspect activity.
26
Umbrella Themes
PROCEDURAL
Employees making procedural or computer-
system enquiries inconsistent or not related
to their normal duties.
New employees with knowledge of industry
procedures but no such experience disclosed
on their CV.
Prospective employees who are reluctant to
provide full background information or who
provide inaccurate or inconsistent
information.
Key managers with too much hands-on
control.
27
Umbrella Themes
PROCEDURAL
Insufficient oversight/audit applied.
An unusual number of customer
complaints.
Customers or suppliers insisting on
dealing with just one individual.
Managers who avoid using the
purchasing department.
28
Umbrella Themes
PROCEDURAL
Tendering to one supplier only or to
the same suppliers.
Lack of transparency.
Poor engagement with corporate
governance philosophy.
Too much delegation by senior
managers without proper review
procedures.
29
Specific Red Flags
PROCUREMENT AND CONTRACTING
ADMINISTRATION
PERSONNEL
CASHIER OPERATIONS
CONSULAR OPERATIONS
Detail Fraud Indicators.docx
30
Developing the Fraud Checklist
35
Who is the Typical Fraudster?
36
The Fraudster
37
38
39
Profile of a Fraudster
profile-of-a-fraudster.pptx
40
Fraud Prevention
Best Practices
Fraud Awareness and Education
Management of Fraud Control
Effective Fraud Control Policies
Monitoring Fraud Control Policies
Personnel Monitoring
Pre-Employment Integrity Screening
On-going Monitoring of Integrity
41
Fraud Prevention
Transaction Monitoring
Software to Analyse Normal
Transaction Patterns
Payment Authorisation
Centralised Reporting
Personal Identification
Biometric Identification
Databases
Counterfeiting Prevention
Computer Systems Monitoring
Legal Deterrence
43
44