FRAUD RISK

MANAGEMENT.

AN INTERNAL AUDIT
PERSPECTIVE

1
2
 FRAUD DEFINITION :

Fraud : Any intentional act committed to secure an

unfair or unlawful gain and falls under the
following categories of risk which can undermine a
company’s reputation for integrity:
• Fraudulent financial reporting (e.g., improper
revenue recognition, overstatement of assets,
understatement of liabilities)
• Misappropriation of assets (e.g., embezzlement,
payroll fraud, external theft, procurement fraud,
royalty fraud, counterfeiting)

3
• Revenue or assets gained by fraudulent or illegal
acts (e.g., over-billing customers, deceptive sales
practices, accelerated revenue, bogus revenue)
• Expenses or liabilities avoided by fraudulent or
illegal acts (e.g., tax fraud, wage and hour abuses,
falsifying compliance data provided to regulators)
• Expenses or liabilities incurred for fraudulent or
illegal acts (e.g., commercial or public bribery,
kickbacks)
• Other misconduct (e.g., conflicts of interest, insider
trading, discrimination, theft of competitor trade
secrets)

4
•Fraud is one of the key risks that needs to be
managed as a threat to businesses but has been the
“corporate F word” since it rarely appears in
management best sellers ,graduate courses or as part
of management training and consultancy .Business
is awash with “best practice” on generating and
maximizing profits ,but lacking in knowledge of
how to minimize and manage losses .
•The practice of fraud risk management includes
fraud prevention, deterrence ,disruption ,reporting
,detection ,examination ,investigation ,enforcement
and recovery .

5
The Fraud triangle

6
 Fraud triangle term definitions :
Incentive/Pressure : This refers to the encouragement
to commit fraud e.g. Excessively high targets
,gambling debts ,shylock debts ,etc.

Opportunity : This refers to the chance for a fraudster

to commit fraud, e.g. due to weak controls and
oversights on the part of management.

Rationalization : Where a fraudster tries to justify the

risk worthiness of the fraud that they are committing.

This three pronged approach has long been a useful

tool for auditors seeking to manage and understand
fraud risks and has formally been adopted by the
auditing profession.
7
 Considering an Additional dimension to the fraud
triangle :

Capability : Referring to personal traits and abilities

which may play a major role in facilitating the other
three fraud elements .

There are several essential traits to committing a

fraud namely ; Organizational position ,Level of
intelligence and experience ,ability to coerce and
motivation for power.

8
FRAUD RISK MANAGEMENT :

Key objectives : Prevention, Detection, Response

An effective, business-driven fraud risk
management approach encompasses controls that
have the following objectives:
• Prevent. Reduce the risk of fraud and misconduct
from occurring.
• Detect. Discover fraud and misconduct when it
occurs.
• Disruption : Ensures the fraudsters are always
under pressure and on the move
• Respond. Take corrective action and remedy the
harm caused by fraud or Misconduct.

9
 INTERNAL AUDITS ROLE AS REGARDS THE FRAUD
TRIANGLE.
(REVIEW ADEQUACY OF THE CONTROL FRAMEWORK)

10
 Internal audits role in Fraud risk management
•Review & critique management’s fraud risk
assessment
• Support management’s construction of an
auditable fraud risk management programme /
fraud strategy
• Central to shaping the debate on fraud
• Fraud Auditing – address residual risk and
detection
• Report instances of fraud to management and/or
the Audit Committee
• Directing or supporting remediation efforts
• Regular status reporting to the Audit Committee

11
Continuation (role of internal audit) .

•Facilitating fraud and reputation-risk assessments

at the corporate, management-unit and business-
process levels
•Assisting the fraud risk ownership structure in
Linking (and documenting) antifraud control
activities to identified fraud risks.
• Evaluating and testing the design and operating
effectiveness of antifraud programmes and controls.
• Supporting investigations into alleged or
suspected fraud or other misconduct.

12
 Strategies for the management of fraud risk :

Strategies for the management of fraud risk can be divided

into two levels :

• Entity level : Deals with the attitudes ,actions and tone

set at the “top” in the acceptance of the significance of the
fraud risk .
• Process level : Involves the functional level
departments ownership and execution of fraud risk
management initiatives.

13
Entity level Fraud risk management strategies
(Senior Management role) :

3.Develop an integrated strategy for fraud

prevention and control .
4.Develop and ownership structure which cascades
downwards throughout the organization and which
promotes proper risk management ,governance and
control practices .
5.Introduce a fraud policy statement .
6.Introduce an ethics policy .
7.Introduce a whistle blowing policy .
8.Introduce a reporting “hotline”.
9.Develop appropriate information and
communication systems for monitoring purposes.
14
1. Actively promote the policies throughout the
organization.
2. Establish a sound control environment.

Process level Fraud risk management (Role of

functional/process managers) :
• Establish sound control activities and control
procedures.
• Ensure that there is an adequate and overall
fraud education ,training and awareness
programme on all the fraud management
initiatives approved by management.
• Introduce a fraud response plan ,as an integral
element of organizational contingency planning.

15
1. Constantly review all policies and procedures .
2. Constantly monitor adherence to controls and
procedures.
3. Establish a ‘learn from experience group ‘ and
‘fraud risk assessment sessions’ to determine
whether the bank is adequately dealing with
current and potential frauds so as to reduce or
eliminate their risk.

16
Common Mistakes and beliefs organizations and
staff make thus facilitating fraud risk.

• The control framework alone can reduce the

probability of fraud occurring .Fraud occurrence is
mainly determined by the motivation of a fraudster
finding an opportunity and exploiting it.
• The responsibility of fraud risk management
depends entirely on management .
• Major change initiatives being executed without
proper risk assessments .
• Functional management not cascading fraud
awareness and training information to the staff
members that they are responsible for .

17
 Conclusion :
• Fraud risk management is the responsibility of all
members of staff and utmost involvement in
initiatives meant to reduce such risks should be
embraced positively.

18