• No results found

Forensic Audit Building a World Class Program

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Forensic Audit Building a World Class Program"

Copied!
34
0
0

Loading.... (view fulltext now)

Download now ( 34 Page )

Full text

(1)

Forensic Audit

Building a World Class Program

PAUL E. ZIKMUND

DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT

(2)

2 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

In response to a crisis

Concern from the Board or Audit Committee

External Auditors or Consultant’s recommendations Sarbanes Oxley

Benchmarking

Internal need to enhance existing antifraud programs and controls

Increase in fraud cases

Target of external investigation

Centralized function to address fraud risk management programs and controls

Why the Need for Forensic Audit Program

(3)

Recipe for Success

Sponsorship

Staffing

Execution &

Results Building the

Network

ROI

(4)

4 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Organizational policies and procedures Hotline

Ethics and Compliance programs Code of Conduct

Executive sponsorship

Visibility to Board/Audit Committee

Engagement by Business Segments/OpCo’s Respect from Legal & Human Resources

Clear understanding of roles and responsibilities Assignment of costs

Sponsorship & Support

(5)

Proper background and experience Recruit internally and externally

Combined set of skills (CFE, CIA, CPA, M.B.A.) Invest in training

Previous corporate investigative experience a plus Law enforcement versus auditing

Proper headcount

Strong external relationships Well networked

Data Analytics & Computer Forensics skills a plus

Staffing

(6)

6 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

High-quality results

Build a brand (think like a consultant) Regionally based

Training and awareness programs Be proactive

Think beyond investigations (Compliance, Internal Controls, ERM, etc.)

Avoid territorialism

Solicit feedback (example: have legal review your reports) Network, network, & network

Execution & Results

(7)

Litigation Support

Audit Committee presentations Executive Management visibility Regional awareness of the team

Attend training and awareness programs ERM

Corporate Compliance Information Systems Think Big!

Temporary assignments (rotation program) Develop policies and procedures

Build the Network

(8)

8 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Recovery of assets Remediation of losses

Internal controls/root cause analysis feedback Informal feedback on people and processes

Increased transparency of reporting fraud and misconduct Reduction in fraud

Greater credibility from external agencies (DOJ, Auditors) Stronger control environment

Audit Committee assurance

Consistent approach to managing fraud risk

Return on Investment

(9)

Lack of policies and procedures

Lack of a champion or executive management support and sponsorship

Improperly positioned/located within the organization Improperly staffed (headcount & skillsets)

No budget

Failure to embed AFPC within organizational framework Fear of travel

Myopic thinking Failure to network Being reactive

Roadblocks

(10)
(11)

Proactive Fraud Risk Management Approach

4. Investigation

7. Analysis 11. Training

1. Prevention Programs

10. Testing For Compliance

12. Proactive Auditing 2. Incident (Fewer)

3. Incident Reporting

5. Action

6. Resolution 8. Publication

9. Implementation

of Controls

(12)

12 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

AFPC

External Auditors

Internal Auditors

Management Board of Directors

Audit Committee

Compliance

Anti-Fraud Roles & Responsibilities

(13)

GIFA - Fraud Risk Management Process

Fraud Deterrence

Policies &

Procedures Policies &

Procedures

Fraud Risk Assessment Fraud Risk Assessment

Anti-Fraud Culture Anti-Fraud

Culture

Fraud Detection

Forensic Audit Techniques

Forensic Audit Techniques

CAATs CAATs

Detective Processes &

Controls Detective Processes &

Controls

Fraud Investigation

Investigation Guides Investigation

Guides

Evidence Management

Evidence

Management Reporting Reporting

Fraud Remediation

Root Cause Analysis Root Cause

Analysis

Recovery of Assets Recovery of

Assets

Internal Controls

Review Internal Controls

Review

(14)

14 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

GIFA - Fraud Deterrence Sub-Process

Policies &

Procedures

Code of Conduct

Code of Conduct

Fraud Response

Policies Fraud Response

Policies

Human Resources

Policies Human Resources

Policies

Fraud Risk Assessment

Identify Fraud Risk Factors Identify Fraud

Risk Factors

Define Fraud Schemes &

Scenarios Define Fraud

Schemes &

Scenarios

Determine Residual Fraud Risk

Determine Residual Fraud Risk

Anti-Fraud Culture

Whistleblower Hotline Whistleblower

Hotline

Control Environment

Control Environment

Employee Surveys Employee

Surveys

Fraud Deterrence

Policies &

Procedure s Policies &

Procedure s

Fraud Risk Assessme

nt Fraud Risk Assessme

nt

Anti-Fraud Culture Anti-Fraud

Culture

Fraud Detection

Forensic Audit Technique

s Forensic

Audit Technique

s

CAATs CAATs

Detective Processes

& Controls Detective Processes

& Controls

Fraud Investigation

Investigati on Guides Investigati on Guides

Evidence Managem

ent Evidence Managem

ent

Reporting Reporting

Fraud Remediation

Root Cause Analysis Root Cause Analysis

Recovery of Assets Recovery of Assets

Internal Controls Review Internal Controls Review

(15)

GIFA - Fraud Detection Sub-Process

Forensic Audit Techniques

Analytical Procedures

Analytical

Procedures Interviewing Interviewing

Analysis of Financial Transactions

Analysis of Financial Transactions

CAATs ACL / IDEA software ACL / IDEA

software

Continuous Controls Monitoring Continuous

Controls Monitoring

Event-Driven CAATs Event-Driven

CAATs

Detective

Controls Segregation of Duties Segregation

of Duties

Monitoring &

IT Controls Monitoring &

IT Controls

Safeguarding Company

Assets Safeguarding

Company Assets

Fraud Deterrence

Policies &

Procedure s Policies &

Procedure s

Fraud Risk Assessme

nt Fraud Risk Assessme

nt

Anti-Fraud Culture Anti-Fraud

Culture

Fraud Detection

Forensic Audit Technique

s Forensic

Audit Technique

s

CAATs CAATs

Detective Processes

& Controls Detective Processes

& Controls

Fraud Investigation

Investigati on Guides Investigati on Guides

Evidence Managem

ent Evidence Managem

ent

Reporting Reporting

Fraud Remediation

Root Cause Analysis Root Cause Analysis

Recovery of Assets Recovery of Assets

Internal Controls Review Internal Controls Review

(16)

16 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

GIFA - Fraud Investigation Sub-Process

Investigative

Guidelines Processes &

Flowcharts Processes &

Flowcharts

Fraud Response Team

Fraud Response Team

Defined Roles &

Responsibilities Defined Roles &

Responsibilities

Evidence Management

Document Reviews &

Labeling Document Reviews &

Labeling

Computer Forensics Computer Forensics

Chain of Custody Chain of Custody

Reporting Guidelines Guidelines Report Report Attorney-Client Privilege Attorney-Client

Privilege

Presentation of Findings Presentation of

Findings

Fraud Deterrence

Policies &

Procedure s Policies &

Procedure s

Fraud Risk Assessme

nt Fraud Risk Assessme

nt

Anti-Fraud Culture Anti-Fraud

Culture

Fraud Detection

Forensic Audit Technique

s Forensic

Audit Technique

s

CAATs CAATs

Detective Processes

& Controls Detective Processes

& Controls

Fraud Investigation

Investigati on Guides Investigati on Guides

Evidence Managem

ent Evidence Managem

ent

Reporting Reporting

Fraud Remediation

Root Cause Analysis Root Cause Analysis

Recovery of Assets Recovery of Assets

Internal Controls Review Internal Controls Review

(17)

GIFA - Fraud Remediation Sub-Process

Root Cause Analysis

Internal Controls

Review Internal Controls

Review

Issues Tracking

System Issues Tracking

System

Management Accountability

Program Management Accountability

Program

Recovery of Assets

Civil / Criminal

Action Civil / Criminal

Action

Disciplinary Action Disciplinary

Action

Insurance Claims Insurance

Claims

Information &

Communication

Awareness Programs Awareness

Programs

Policy &

Procedure Updates Policy &

Procedure Updates

Surveys &

Certification Programs Surveys &

Certification Programs

Fraud Deterrence

Policies &

Procedure s Policies &

Procedure s

Fraud Risk Assessme

nt Fraud Risk Assessme

nt

Anti-Fraud Culture Anti-Fraud

Culture

Fraud Detection

Forensic Audit Technique

s Forensic

Audit Technique

s

CAATs CAATs

Detective Processes

& Controls Detective Processes

& Controls

Fraud Investigation

Investigati on Guides Investigati on Guides

Evidence Managem

ent Evidence Managem

ent

Reporting Reporting

Fraud Remediation

Root Cause Analysis Root Cause Analysis

Recovery of Assets Recovery of Assets

Internal Controls Review Internal Controls Review

(18)
(19)

Global Integrity & Forensic Audit – Policies & Procedures Overview

GIA Charter

Fraud Response

Policy

Fraud Response

Protocols Allegations

Matrix GIFA

Investigation Guidelines

GIA Charter

Defines the purpose of GIA

Provides authority to conduct audits Defines areas of responsibility Fraud Response Policy

Details guiding principles for managing fraud risk Assigns responsibility for addressing complaints Fraud Response Protocols

Defines principles for conducting internal Compliance/GIFA investigations of fraud and misconduct

Details the 7-step protocol to address allegations or detection of fraud and/or misconduct

Allegations Matrix

Defines various types of allegations

Prioritizes allegations in three separate levels (A,B,C) Identifies ownership for investigating the allegations GIFA Investigative Guidelines

Serves as a guide and reference to enroll investigative procedures and processes during the collection of facts and evidence in matters where illegal, unethical or otherwise improper acts are alleged

Defines GIFA’s philosophy and core values

(20)

20 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Global Integrity & Forensic Audit - Vision & Mission

Vision – To ensure the development, implementation, and sustainability of a

comprehensive fraud risk management process designed to reduce Bunge’s risk of asset loss, reputational damage, and legal liability resulting from incidents of fraud and misconduct.

Mission – To develop comprehensive anti-fraud programs and controls designed to deter, detect, investigate, and remediate incidents of fraud and misconduct within Bunge, including but not limited to:

Promptly respond to reports of illegal, unethical, or improper acts committed by company employees or non-employees who are engaged in company business, Conducting fraud awareness training for company employees,

Completion of a fraud risk assessment,

Enhanced fraud detection through data analytics and forensic audit techniques, Provide litigation support and forensic due diligence for legal and regulatory matters, and

Collaborate with compliance and risk management teams to evaluate risks,

review processes, and analyze trending.

(21)

Investigation of Fraud, Abuse, and/or Misconduct

Accounting Irregularities

Occupational Fraud (Embezzlement, Skimming, Fictitious Invoices, T&E, etc.) Conflicts of Interest

Bribery & Corruption

Litigation Support

Antitrust, Intellectual Property, Securities Trading

Fraud Risk Assessment

Global Integrity & Forensic Audit - Scope of Work (1 of 2)

(22)

22 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Proactive Fraud Awareness Training

Internal Audit (forensic audit techniques) Operating Companies

Functions (Finance, Sales, etc.)

M&A Due Diligence

Ethics & Integrity Case Studies

IT Investigative Technology/Computer Forensics FCPA/Third-Party Compliance

Third-Party Proactive Reviews Anti-bribery Audits

Security Audits/Surveys/Reviews

Global Integrity & Forensic Audit - Scope of Work (2 of 2)

(23)

Scope of Work - Differentiation

Compliance policies

& procedures Ethics programs Compliance investigations oversight (FCPA) Allegations matrix

Compliance reporting 3

rd

-party compliance programs

Fraud investigations Anti-fraud training &

awareness

Litigation support Fraud protocols &

investigation guidelines Security audits

M&A due diligence Fraud risk

assessments

Physical security programs (facilities, cargo, inventory, etc.) Personal security Travel security

Security policies and procedures

Security investigations (thefts, product

tampering, etc.)

Compliance Function GIFA Security Function

(24)
(25)

Legal Counsel

Legal advice

Litigation support

Attorney-client privilege

Review reports for language

Communication with the Board, Audit Committee, Senior Management

Co-sponsored training

(26)

26 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Human Resources

Investigative support

• Interviewing

• Prior disciplinary actions – incidents

• Personnel files

Report distribution Disciplinary action Employee surveys

Staffing (compensation, career planning)

(27)

Information Technology

Electronic evidence collection Data retrieval – where/when/how Email reviews

Hard drive imaging Internet activity

Log in/out data

(28)

28 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Security

Support investigations

Physical access documentation Interviewing skills

Prior incidents

Location background

(29)

Outside Fraud Experts

Investigative experience/expertise Interviewing skills

Data-mining techniques Computer forensics

Report-writing skills

Forensic auditing expertise

Expert witness – render opinions

(30)

30 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Audit

Control weaknesses review Root-cause analyses

Data mining

Document review

Email/electronic evidence reviews Proactive forensic audits

Resource pool

Forensic rotation program

Fraud training programs

(31)

Audit Committee/Management

Periodic updates Annual presentation

Immediate notification of serious fraud issues Root-cause analysis

Patterns of behavior Legal liability

Oversight of investigative activity

Sponsorship

(32)

32 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL

Findings

Continuous Updates

Knowledge of Business & People Remediation of Findings

Process Improvements

Cause & Root Cause Analysis

Internal Control Recommendations Training & Awareness

Management

(33)

Questions

(34)

“Association of Certified Fraud Examiners,”

“Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc.

The contents of this paper may not be

transmitted, re-published, modified, reproduced, distributed, copied, or sold without the prior

consent of the author.

References

Download now ( PDF - 34 Page - 2.96 MB )

Related documents

Surveillance Visit Report for the Norway North Sea saithe fishery

This report contains the findings of the second annual MSC Fisheries surveillance audit conducted for Norway North Sea saithe fishery on 18 and 19 May 2015.. The purpose of this

The Capital Structure of Multinational Companies under Tax Competition

gradual increase in reputation allows governments to attract a greater amount of FDIs... response is therefore to lower the tax rate in order to alleviate the negative impact

External corrosion and its effects on mechanical properties of buried metal pipes

Figure 5.26 Phases of steel specimens after 28 days of corrosion in various solutions Figure 6.1 Effect of varying acidity on K Q of cast iron in soil of high saturation..

Xtext Documentation. September 26, 2014

In order to test drive this language, you will have to generate the respective language infrastructure. Therefore, choose Run As - > Generate Xtext Artifacts from the context..

Estimating Risk Preferences from Deductible Choice

d The last column attempts to translate the ARA estimates into relative risk aversion. We follow the literature, and do so by multiplying the ARA estimate by average annual income.

Prospect Theory, Life Insurance, and Annuities

Proposition 7 shows that prospect theory consumers choose annuity paths with this pattern: Consistently with the hit-by-a-bus argument, they initially purchase small amounts

Stop Violence Against Girls in School : A cross country analysis of baseline research from Ghana, Kenya and Mozambique

Each of the countries has plans for local implementation of some policies that support the protection of girls from violence, through for example in mozambique at local level

Risk analysis for container shipping: from a logistics perspective

This paper has used empirical data to analyse the risks faced by container shipping companies from a logistics perspective in relation to three different types