View
183
Download
0
Category
Preview:
Citation preview
FORENSIC ACCOUNTING & VALIDATION FORUM 2015
7 July 2015
Intercontinental Hotel, Nairobi, Kenya
Running an Investigation
By
Mr. Felix T. Maromo, CFE, CPFA, Msc.Financial Crime Compliance ManagerStandard Charted Bank Zimbabwe
1. Introduction - Fraud Investigation Defined2. Running an investigation
What is involved in running an investigation? Key statistics and fraud trends.
3. Explore sources of evidence using: Open source and public information Forensic data analytics Fieldwork and interviews Electronic evidence Discussion - ways of reporting and presenting
evidence 4. Conclusion5. Question & Answer Session
Disclaimer:Information and views in this presentation represents solely the presenter's personal views and comments.
Contents
Fraud Investigation DefinedFraud in simple terms involves misrepresentation with an intent to deceive. It
involves an abuse of position, or false representation, or prejudicing someone’s rights for personal gain.
Fraud Investigation has several definitions, however in general terms it entails gathering evidence relating to specific fraud allegations to determine the facts relating to the matter and to assist in deciding what, if any, action should be taken in relation to the matter(s).
Corporate fraud, including embezzlement, asset misappropriation, and financial statement manipulation can severely damage a company’s reputation, erode shareholder confidence and even result in the collapse of major corporations.
Many times, when fraud is uncovered, executives and boards of directors are surprised by the incident, and even more surprised by the fact that the auditors did not detect the fraud sooner, or at all. Isn't that what auditors are supposed to do?
Auditor versus Fraud Examiner Both an auditor and fraud examiner share common attributes but their roles differ
significantly and it is important to understand the differences.Many companies will call in a fraud examiner to conduct an investigation once
fraud is suspected, but the external auditor is the initial investigator when an indicator of potential fraud (referred to as a red flag) is identified.
Introduction
Auditor versus Fraud Examiner
Introduction Cont’d…
Issue Auditing Fraud Examination Timing Audits are conducted on a regular
reoccurring basis Nonrecurring; fraud examinations are conducted with sufficient predication
Scope The scope of an audit is an examination of financial data
Specific: conducted to resolve specific allegations
Objective An audit is conducted for the purpose of expressing an opinion on the financial statements
Affix Blame: the fraud examination is conducted to determine whether fraud has occurred or is occurring and to determine who is responsible
Relationship The audit is nonadversaril in general
Because the purpose is to affix blame, fraud examinations are adversarial in nature
Methodology Audits are conducted by examining financial data and obtaining corroborating evidence
Fraud examinations conducted by 1) document examination, 2) review of outside data and 3) interviews
Presumption Auditors are required to approach audits with professional skepticism
Fraud examiners approach examination by attempting to establish sufficient proof to
Running an investigation - What it entails!!!
Initial Analysis
Follow up
Reporting
Analysing the
Evidence
Planning & Leading
Fact Finding,
Interviewing & Reinter
viewingFraud Investigation
StepsSimplified Model
Running an investigation - What it entails!!! Cont’d... INNITIAL ANALYSISWho is alleged to have acted
wronglyWhat is the alleged violationIs an investigation necessaryInternal or external
timing/deadlineNeed for immediate actionEscalation of matter within the
entityInvestigation AccountabilityNeed to preserve evidence Maintaining confidentiality at his
early stage
PLANNING & LEADINGEstablishing a need to know listMethod of communication to be
usedCreating an Investigation PlanPrepare a chronology of facts
known andAllegations madeEvaluate available information/
documents?Identify who should be
interviewed, Order of Interviews Setting up a case/investigation file
FACT FINDING, INTERVIEWING & REINTER VIEWINGWhat is the goal of interview? Developing the facts Elements?PlanningArrangingOpeningConductingNote takingClosingTo be discussed in detail below.
ANALYSING EVIDENCEAssess if there is sufficient factual
basis for decision makers to reach a conclusion
Examine each piece of evidence gathered
Analyse what is missingIs there a need to re-interview .Quality: clarity, detail, logical,
speculation, first handQuantity: corroboration,
contradictionCredibility findings: rarely, and if
done, use care and provide factual support
Findings: “of fact” vs. “conclusion”
REPORTINGMain aim is:Showing there has been a
professional, thorough and fair investigation
Presenting the decision makers with sufficient facts to conclude outcome
Establishing documentation relating to the investigation that will stand in future times
Highlighting any internal processes/controls that may need attention
FOLLOWING UPManagement notification of
decisionsNotification to complainant (if
applicable) and investigation subject.
When allegation are proved, complainant is told a violation was found, corrective action was taken, and request for continued confidentiality.
When allegation not proved, complainant
and investigation subject are told (in writing
Record keeping – Document retention
Running an investigation - Key Fraud Statistics & Trends
Summary of FindingsTypical organization loses 5% of revenues each year to fraud.The median loss by frauds was noted as $145,000.The median duration — the amount of time from when the fraud
commenced until it was detected — for the fraud cases reported was found to be 18 months.
Occupational frauds: (Asset misappropriations, Corruption and Financial statement fraud)a) Asset misappropriations are the most common fraud, occurring in 85% of
the cases in studies conducted, causing a median loss of $130,000.b)Financial statement fraud constituted 9%, but those cases had the
greatest financial impact, with a median loss of $1 million.c) Corruption schemes fell in the middle in terms of both frequency (37% of
cases) and median loss ($200,000).Many cases involve more than one category of occupational fraud.Tips are consistently and by far the most common detection method.
Running an investigation - Key Fraud Statistics & Trends Cont’d...Summary of FindingsOrganizations with hotlines were much more likely to catch fraud by a tipThe smallest organizations tend to suffer disproportionately large losses
due to occupational fraud. The banking and financial services, government and public administration,
and manufacturing industries continue to have the greatest number of cases reported.
The presence of anti-fraud controls is associated with reduced fraud losses and shorter fraud duration.
The higher the perpetrator’s level of authority, the greater fraud losses tend to be.
Collusion helps employees evade independent checks and other anti-fraud controls, enabling them to steal larger amounts.
Approximately 77% of the frauds in the study were committed by individuals working in one of seven departments: accounting, operations, sales, executive/upper management, customer service, purchasing and finance.
It takes time and effort to recover the money stolen by perpetrators, and many organizations are never able to fully do so.
Running an investigation - Key Fraud Statistics & Trends Cont’d...
US Sub Saharan Africa
Asia-Pacific Western Europe Eastern Europe & Western/ Central
Asia
Canada Latin America & Carebbean
Southern Asia Middle East & North Africa
646 173 129 98 78 58 57 55 5348.0% 12.8% 9.6% 7.3% 5.8% 4.3% 4.2% 4.1% 3.9%
100000 120000
240000200000
383000
250000200000
56000
248000
Geographical Location of Victim OrganizationsNo. of Cases Percent of Case Median Loss (US$)
Running an investigation - Key Fraud Statistics & Trends Cont’d...
Region No. of Cases Percent of Case Median Loss (US$)
US 646 48.0% 100000
Sub Saharan Africa 173 12.8% 120000
Asia-Pacific 129 9.6% 240000
Western Europe 98 7.3% 200000
Eastern Europe & Western/ Central Asia 78 5.8% 383000
Canada 58 4.3% 250000
Latin America & Carebbean 57 4.2% 200000
Southern Asia 55 4.1% 56000
Middle East & North Africa 53 3.9% 248000
Sources of Information - Open source and public informationOpen-source information a) This relates to data collected from publicly available sources.b) Open information can be obtained overtly, instead of using
hidden/covert means. c) There are Open Source software used to extract open source data. d) Open information can be extracted from:
Media: newspapers, magazines, radio, television, and computer-based information.
Web based information or from social-networking sites Public data: government reports, official data such as budgets,
demographics etc Observation and reporting Professional and academic information
Sources of Information - Open source and public information Cont’d...Public information a) Is information that is collected, assembled, or maintained under a law or
ordinance or in connection with the transaction of official business: By a governmental body; or For a governmental body and the governmental body owns the
information or has a right of access to it. a) The media on which public information is recorded may include: paper;
Video recording; a magnetic, optical, or solid state device that can store an electronic signal or tape.
b) The general forms in which the media containing public information exist include a book, paper, letter, document, printout, photograph, film, tape, microfiche, microfilm, Photostat, sound recording, map, and drawing and a voice, data, or video representation held in computer memory.
Sources of Information - Forensic data analytics
Forensic Analytics reviews and shows how twenty substantive and rigorous tests can be used to detect fraud, errors, estimates, or biases in your data.
Data forensics can involve many different tasks, including data recovery or data tracking.
Data forensics might focus on recovering information on the use of a mobile device, computer or other device.
It might cover the tracking of phone calls, texts or emails through a network.
Digital forensics investigators may also use various methodologies to pursue data forensics, such as decryption, advanced system searches, reverse engineering, or other high-level data analyses.
Some experts make a distinction between two types of data collected in data forensics.
Persistent data - which is permanently stored on a drive and is therefore easier to find.
Volatile data - or data that is transient and elusive. Data forensics often focuses on volatile data, or on a mix of data that
has become difficult to recover or analyze for some reason.
Sources of Information - Fieldwork and interviews
Assembling the Team Fraud investigation and should rely on the competency of others to assist when necessary. Consider the following specialized areas for inclusion as part of the team:•Forensic Accountants•Legal Counsel•Information Technology/Computer Forensics•Company Security Personnel•Company Management•Fraud Examiners/Investigators
Sources of Information - Fieldwork and interviewsInvestigative Fieldwork Once the team is assembled, the begins investigative fieldwork to
establish the validity of the allegation. This stage involves examination of documents, analytical procedures,
evidence collection, and witness and subject interviews. This stage of the process normally requires the most time. If substantiated, the results of the investigation may possibly conclude in
a civil and/or criminal proceeding. Fieldwork may include the following:
Public Document Reviews & Background InvestigationsInterviews of Relevant PersonsConfidential SourcesAnalysis of Electronic EvidencePhysical & Electronic SurveillanceUndercover OperationsAnalysis of Financial Transactions
Sources of Information - Ways of reporting ReportingFraud Investigator uses various report writing styles and formats. A fraud examination report should contain (although the order may vary) the
following key sections:a) Executive Summaryb) Estimated Loss and Recoveryc) Evidence Collectedd) Procedures Performede) Findingsf) Final Disposition
The writer should be considerate of the target audience for the report, which could consist of one or more of the following:a) Managementb) Internal/external auditc) Legal counsel – plaintiff’s attorney, defense attorney, prosecuting attorneyd) Judge/Jurye) Law enforcementf) Employeeg) Audit committeeh) Insurance company
Recommended