Professional Documents
Culture Documents
INTRODUCTION
Fraud can happen anywhere. While only relatively few major frauds are picked up by
the media, huge sums are lost by all kinds of businesses as a result of the high number
of smaller frauds that are committed. The risks of fraud may only be increasing, as we
see growing globalisation, more competitive markets, rapid developments in
technology, and periods of economic difficulty.
WHY FRAUD
Most managers and owners eventually discover a case of fraud and abuse in their
organization. The fraudster is often a trusted, long-time employee or manager who
had or created access to some of the organization’s assets and helped him or
herself to it.
1
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
The answer is not simply greed, but most, maybe even all, people want things and
want more things. There are studies that show an amazingly high proportion of
employees or managers have taken small things from their organization. However,
there is a line between this petty theft and intentional fraud that a few people cross
over.
What is fraud?
Definition of fraud
The term ‘fraud’ commonly includes activities such as theft, corruption, plot,
cheating, money laundering, bribery, and coercion. The legal definition varies from
country to country.
Fraud can mean many things and result from many varied relationships
between offenders and victims.
2
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
This guide focuses on fraud against businesses, typically by those internal to the
organisation. According to the Association of Certified Fraud Examiners (ACFE), there
are three main categories of fraud that affect organisations. The first of these is asset
misappropriations, which involves the theft or misuse of an organisation’s assets.
Examples include theft of plant, inventory or cash, false invoicing, accounts receivable
fraud, and payroll fraud.
The second category of fraud is fraudulent statements. This is usually in the form of
falsification of financial statements in order to obtain some form of improper benefit
The final of the three fraud categories is corruption. This includes activities such as
the use of bribes or acceptance of ‘kickbacks’, improper use of confidential
3
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
information, conflicts of interest and collusive tendering. These types of internal fraud
are summarised in Figure 1.
Surveys have shown that asset misappropriation is the most widely reported type of
fraud in UK, although corruption and bribery are growing the most rapidly.
There is no single reason behind fraud and any explanation of it needs to take
account of various factors. Looking from the fraudster’s perspective, it is necessary
to take account of:
4
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
• Pre-planned fraudsters, who start out from the beginning intending to commit
fraud. These can be short-term players, like many who use stolen credit cards
or false social security numbers; or can be longer-term, like bankruptcy
fraudsters and those who execute complex money laundering schemes.
• Intermediate fraudsters, who start off honest but turn to fraud when times get
hard or when life events, such as irritation at being passed over for promotion
or the need to pay for care for a family member, change the normal mode.
5
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
The ACFE report also found that the type of person committing the
offence depends on the nature of the fraud being perpetrated.
Employees are most likely to be involved in asset misappropriation,
whereas owners and executives are responsible for the majority of
financial statement frauds. Of the employees, the highest percentage of
schemes involved those in the accounting department. These
employees are responsible for processing and recording the
organisation’s financial transactions and so often have the greatest
access to its financial assets and more opportunity to conceal the fraud.
6
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
management in setting these policies with reporting in place to convey the required
information about the program and its performance to them. The tone from the top
will be reflected in the perception of fraud prevention and detection throughout the
organization.
The foundation for the prevention and detection of fraud is a structured risk
assessment that addresses the actual risks faced by the organization as determined
by its purpose, industry (products or services), complexity, scale, and exposure to
network risks. The goal of the assessment is to determine the type, likelihood, and
potential cost of risks in a traditional expected value framework. This allows the
organization to tailor program efforts toward cost effective mitigation, which may
include a greater or lesser toleration of a specific risk.
7
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
opportunities compose one of the legs of the Fraud Triangle that is mostly
determined by the organization itself. As such, the risk assessment effort has to be
very clear and detailed about how controls, policies, and procedures interact with
specific roles. It is important to note that the sources of these risks may be external
as well as internal, especially in highly networked and data dependent operations.
3. Fraud Prevention
Preventing fraud is far preferable to detecting it after the fact. In practice, the same
systems and controls established to prevent fraud may help in detecting it (e.g.,
segregation of duties for a certain procedure may help boost the chances that
someone will be in place to report potential fraud).
4. Fraud Detection
Controls, monitoring, and reporting promote faster detection of fraud. Key detection
measures include a whistle-blower policy, reports designed to highlight potential and
common indicators of non-standard outcomes over time, and other controls that alert
people to potential fraud. It goes without saying that installing these indicators will
have no effect if they are not monitored.
Creating information that does not get to the right person to take action is useless.
One of the key elements in the initial planning for a fraud prevention program is to
set up responsibilities and processes to ensure that timely information is reported to
someone who can address a problem. These systems trigger responses that have
strong legal implications, so one of the essential components is review for legal
rights of affected parties and compliance with applicable law.
8
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
Summary
A major reason why people commit fraud is because they are allowed to do so. There
are a wide range of threats facing businesses. The threat of fraud can come from
inside or outside the organisation, but the likelihood that a fraud will be committed is
greatly decreased if the potential fraudster believes that the rewards will be modest,
that they will be detected or that the potential punishment will be unacceptably high.
The main way of achieving this must be to establish a comprehensive system of control
which aims to prevent fraud, and where fraud is not prevented, increases the likelihood
of detection and increases the cost to the fraudster.
RISK MANAGEMENT
DEFINITION
Learn how to conduct effective Risk Analysis to identify and manage risk in your
organization.
9
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
Risk Analysis is a process that helps you identify and manage potential problems that
could undermine key business initiatives or projects.
To carry out a Risk Analysis, you must first identify the possible threats that you face,
and then estimate the likelihood that these threats will materialize.
Risk Analysis can be complex, as you'll need to draw on detailed information such as
project plans, financial data, security protocols, marketing forecasts, and other
relevant information. However, it's an essential planning tool, and one that could save
time, money, and reputations.
• When you're planning projects, to help you anticipate and neutralize possible
problems.
• When you're deciding whether or not to move forward with a project.
• When you're improving safety and managing potential risks in the workplace.
• When you're preparing for events such as equipment or technology failure,
theft, staff sickness, or natural disasters.
• When you're planning for changes in your environment, such as new
competitors coming into the market, or changes to government policy.
1. Identify Threats
10
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
The first step in Risk Analysis is to identify the existing and possible threats that you
might face. These can come from many different sources. For instance, they could
be:
You can use a number of different approaches to carry out a thorough analysis:
• Run through a list such as the one above to see if any of these threats are
relevant.
• Think about the systems, processes, or structures that you use, and analyze
risks to any part of these. What vulnerabilities can you spot within them?
• Ask others who might have different perspectives. If you're leading a team,
ask for input from your people, and consult others in your organization, or
those who have run similar projects.
•
11
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
END
12
K MOODLEY FRAUD & RISK MANAGEMENT NOTES
13