FORENSIC Fraud warning signs Fraud risk management Ian
- Slides: 36
FORENSIC Fraud warning signs & Fraud risk management Ian Colebourne and Alexander Sokolov 23 October 2006 ADVISORY
Agenda 1. Introduction 2. Profile of a fraudster 3. Fraud risk indicators 4. Changing business landscape 5. Fraud risk management 6. Questions & answers © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 1
Active consideration of Fraud • What do you know of past fraud and risk of fraud occurring in your business? • Has responsibility for managing fraud risk been clearly defined? • What systems are in place to detect fraud and irregularity? • Are staff aware of the reporting channels? © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 2
Introduction
Definitions “Fraud is a broad legal concept that generally refers to an intentional act committed to secure an unfair or unlawful gain. ” (Bryan A. Garner, Editor, Black’s Law Dictionary, Eighth Edition, West Group, 2004) Misconduct is also a broad concept, generally referring to violations of laws, regulations, internal policies, and market expectations of ethical business conduct. © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 4
Types of fraud Asset Misappropriation Fraudulent Financial Reporting Other Questionable or Improper Business Practices © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 5
Fraud losses ACFE Fraud Loss Estimates 100% 5% Fraud loss Annual revenue Source: 2006 ACFE Report to the Nation On Occupational Fraud & Abuse © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 6
Fraud losses by industry Source: 2006 ACFE Report to the Nation On Occupational Fraud & Abuse © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 7
Fraudster profile
Fraudster profile • KPMG UK analysed a sample of 100 frauds investigated over a three year period - Directors or Senior Managers perpetrated 2/3 of frauds; - 32% had worked for company for between 10 and 25 years; - 51% involved some collusion between two or more people in business and in 10% of cases, more than 5 people involved; - 70% of cases involved only men; - Typical ages: 39% were between 36 and 45; - Finance was most likely area hit in 42% of cases with procurement next most likely at 12. 5%. © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 9
Fraud impact Position of Perpetrator - Median Loss 1, 000 $ Median Loss 1, 000 800, 000 600, 000 218, 000 400, 000 200, 000 0 78, 000 Employee Manager Owner / Executive Position of Perpetrator Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 10
Why does fraud happen? Motive Opportunity Rationale © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 11
Fraud indicators
Fraud Risk Factors Matrix Business Culture High hope value / Aggressive forecasts Complex corporate structure • Management dominated by one person or small group • Lavish lifestyles • Significant investment in new market • Aggressive financial targets & expectation for management • Unwarranted complexity in structures • Bottlenecks with reporting through one individual. Lack of trust / poor auditor relationship Business culture High analyst or other pressures Related party arrangements Remote operations • Web of companies owned or linked to key individuals in the business • Poor management oversight of remote subsidiaries and JVs • Remote units managed by autocratic CEO Undue secrecy Questionable practices Significant director transactions Declining industry / earnings High hope value / Aggressive forecasts Organisational change Highly leveraged rewards Aggressive accounting policies Unique products / unique risks Cash / funding gap Results exceed market trend High management turnover Profit warnings /credit warnings Complex structure Related party arrangements Multiple banking arrangements Remote operations © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 13
Personal red flags Although the level of fraud risk at an organisation may be assessed as low, individuals in the business can have a personal motivation to commit fraud – Personal pressures – Individual performance targets – Infiltration by organised crime Controls may be overridden or ignored by certain individuals: – Powerful (overrides controls, staff intimidated) – Successful (not to be bothered, too busy earning money) – Trusted (responsibility has moved beyond their job description) © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 14
Changing business landscape
Converging Forces Sarbanes. Oxley NYSE/NASDAQ Listing Standards Director & Officer Liability Federal Sentencing Guidelines Enforcement & Litigation Corporate Governance and Responsibility Global Standards of Business Conduct Demands for Transparency and Accountability Rating Agency, Investment Criteria Shareholder Activism © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. Reputation and Credibility 16
Russian business environment • • Economic boom (partially a result of record oil prices) Competition limited by developed countries standards Rapidly growing markets – high sales growth Relatively high profitability … Our experience suggests that in such environment, effective anti-fraud governance can be ascribed low priority or be undetected because the current level of profitability allows for fraud loses to be absorbed within existing profit margins. Do tougher times lie ahead? ? ? What would those tougher times bring? ? ? Government tightening regulations? © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 17
Don’t look back “Vedomosti Test”? Legal / Regulatory Standards Behaviour / Activity Now 2 – 3 years from now Time © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 18
A recent development… Position is better if you can show: CBR Accounts Russian Bank Tax Authorities • Good tendering • Supplier vetting Supplier Non-Payment Services E. g. Logistics Claimed Liability International Company © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 19
A recent development… CBR Russian Bank “Financial Services” Accounts Tax Authorities Supplier CBR reported to have 35 banks under priority review for ML / cash conversion in the Moscow region Fees for cash conversion are understood to have increased significantly – from 2 to 5/6% Non-Payment $ Black-cash (less commission) Claimed Liability – ? Prosecution ? Fictitious Services E. g. Legal / “Consulting” International Company © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 20
How are companies responding? Source: KPMG Fraud Survey (2005) © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 21
Fraud risk management – strategy & tactics
Strategy & tactics “Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. ” Sun Tzŭ c. 490 BC, Chinese military strategist © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 23
Detection Management Internal Controls Internal Audit Whistle-blowing ? Они говорят по-русски? Reliance © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 24
Barriers to the effective implementation of controls = = = = = Good controls on paper are not strictly followed in practice Grey areas in the rules – open to interpretation Lack of segregation of duties Collusion Management override Failure of senior management to lead by example Bureaucracy &/or formulaic compliance Failure to share knowledge of fraud experience, control weaknesses and control improvements Clash of cultures © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 25
Three objectives for FRM strategy controls designed to reduce the risk of fraud and misconduct from occurring in the first place controls designed to take corrective action and remedy the harm caused by fraud or misconduct controls designed to discover fraud and misconduct when it occurs © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 26
What measures should be taken to help prevent, detect and respond to fraud? Prevent fraud and misconduct Detect occurrence Respond appropriately if discovered © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 27
Control components l Fraud and misconduct risk assessment l Hotlines and whistleblower mechanisms l Internal investigation protocols © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 28
Fraud risk assessment Before an organisation can develop an effective program to prevent and detect fraud, it must first understand the types of fraud risk, including specific types of frauds and schemes, to which it may be vulnerable. Significance / Impact Qualitative factors in the assessment include: • the accounting system • complexity, volume and nature of transactions • internal controls in place • compliance, training and monitoring Incorporates the views of: • management; • control functions; • line employees Likelihood Management are then able to: • • Prioritise identified risks and evaluate the existing controls Link each risk to specific controls and commit resources to implement any enhancements © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 29
Fraud reporting channels Surveys suggest that: 1. Over 50% of frauds are discovered as a result of information provided by staff 2. Losses after an introduction of a whistle-blowing hotline can be reduced by up to 60%. 3. Staff prefer the following reporting channels: Ø 57%: a telephone hotline; Ø 20%: conventional mail; and Ø 16%: e-mail. © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 30
Effectiveness of a hotline Source: 2006 ACFE Report to the Nation on Occupational Fraud & Abuse © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 31
What does a good hotline look like? Confidentiality Anonymity Availability Assistance – Real Time Procedures Classify & Notify Communicate All matters treated confidentially; reported on a need to know basis Process should allow for anonymous submission & resolution Should be available in remote outposts, not just head office A ‘live’ response – operators need to be qualified, trained & able to provide advice Consistent protocols to gather information and manage the call Qualified staff assess the allegation; protocols establish basis for escalation & investigation Publicise the hotline prominently; commit to, & test for, non-retaliation © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 32
Response Objective is to take corrective action & remedy the harm caused by fraud or misconduct: • Examine the primary cause of the control breakdown, ensuring that risk is mitigated and controls are strengthened. • Discipline those involved in the inappropriate actions, as well as those in management positions who failed to detect or prevent such events. • Communicate to the wider population of employees that management took appropriate, responsive action. © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 33
Investigations Consideration should be given to: • Data and information gathering; • Interviewing techniques; • Appropriate resource; • Analytical tools such as data mining; and • Corporate intelligence information. © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 34
Questions & contact details Ian Colebourne Forensic Partner Tel: +7 495 937 2524 Email: Ian. Colebourne@kpmg. ru Alexander Sokolov Forensic Director Tel: +7 495 937 4477 extn 2781 Email: Alex. Sokolov@kpmg. ru The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2006 KPMG Limited, a company incorporated under the Guernsey Companies Act and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 35