Chapter 8

Risk of Fraud and Illegal Acts

 Learning Objectives
 Understand the prevalence of fraud and illegal acts in today’s world.

 Compare and contrast various illegal acts/fraud definitions.

 Describe the fraud triangle and why all three elements must exist for fraud to
occur.

 Define the types of fraud and fraud risk factors.

 Define governance, risk management, and control in the context of fraud.

 Describe fraud prevention, deterrence, and detection techniques.

 Understand the behavioral aspects of fraudsters.

 Understand evolving responsibilities of the internal audit function, including the

involvement of forensic accountants and fraud examination specialists.
 Learning Objective 1

Understand the prevalence of fraud and

illegal acts in today’s world.
 Overview of Fraud in Today’s Business World

 Fraud is not limited to only certain countries or industries

 Examples of large accounting scandals:

 USA: Enron and WorldCom
 Other countries: see Exhibit 8-2
 Indonesia: ?????

Impact?

A loss of confidence in the capital markets

1-5
Exhibit 8-2
 Survey Result by ACFE - 2012

 Organizations lose 5% of their annual revenues to fraud

 Occupational fraud schemes tend to be extremely costly

 Occupational frauds schemes frequently for years before they

are detected

 Occupational frauds are much likely to be detected by a tip

than by audits, controls, or other means

 The most common fraud schemes were asset misappropriation

 Corruption and billing schemes pose the greatest risks to

organizations throughout the world

 The longer a perpetrator has worked for an organization, the

higher the fraud losses tend to be

1-7
 Survey Result by ACFE - 2012

 Industries most commonly victimized were banking and

financial services, government and public administration and
manufacturing

 Occupational fraud were most often committed by individuals

working in one of six departments: accounting, operations, sales,
executives/upper management, customer service, and purchasing

 Occupational fraudsters are generally first-time

offenders.

 Common fraud perpetrator red flags:

 Living beyond their means
 Experiencing financial difficulties
 Excessive organizational pressure

1-8
 Learning Objective 2

Compare and contrast various illegal

acts/fraud definitions.
Apakah Yang
Dimaksud Dengan
Fraud?
What Is Fraud?

Restaurant Fraud

1-11
 Illegal Acts

 Are activities that violate laws and regulations of

particular jurisdictions where a company is operating

1-14
 Fraudulent financial reporting

 Fraudulent financial reporting involves intentional

misstatements or omissions of amounts or disclosures in
financial statements designed to deceive financial
statement users.

 Accomplished by:
 Manipulating, falsifying, or altering accounting records or
supporting documents from which the financial statements
are prepared.
 Misrepresenting, or intentionally omitting from, the financial
statements events, transactions, or other significant
information.
 Intentionally misapplying accounting principles relating to
amounts, classification, manner of presentation, or
disclosure.

1-15
 Misappropriation of assets

 Pilferage = pencurian

 Embezzlement = penggelapan, pencurian, korupsi

 Defalcation

1-16
 Exhibit 8-6
Occupational Fraud:

• Falsification of
financial statements

• Asset misappropriation

• corruption
 Learning Objective 3

Describe the fraud triangle and why all three

elements must exist for fraud to occur.
 Conceptual framework

 Donald Cressey  Fraud Triangle

 Perceive need/pressure
 Perceived opportunity
 Rationalization of fraudulent behavior

1-20
Quotes

“Biasakanlah yang benar dan

janganlah membenarkan yang
biasa”

1-22
 Learning Objective 4

Define key principles for managing fraud risk.

 Key principles for managing fraud risks

 The Fraud Guide outlines five core

principles that organizations would be
well-advised to follow:
1. Fraud Risk Governance
2. Fraud Risk Assessment
3. Fraud Prevention and Detection
4. Fraud Reporting, Investigation, and Resolution
 Key principles for managing fraud risks

 The Fraud Guide outlines five core

principles that organizations would be
well-advised to follow:
1. Fraud Risk Governance
2. Fraud Risk Assessment
3. Fraud Prevention and Detection
4. Fraud Reporting, Investigation, and Resolution
 Fraud Risk Governance

There must be a structure in place to

oversee the identification and
management of fraud risks
Governing board:
 Helps set the tone for fraud risk management
 Encourage management to establish policies
 Responsible for monitoring the effectiveness of the
organization’s fraud risk management program
 Key principles for managing fraud risks

 The Fraud Guide outlines five core

principles that organizations would be
well-advised to follow:
1. Fraud Risk Governance
2. Fraud Risk Assessment
3. Fraud Prevention and Detection
4. Fraud Reporting, Investigation, and Resolution
 Fraud Risk Assessment

Management should understand the

inherent fraud risks the organization faces
Steps:
 Identify the potential fraud events or scenarios
 Assess the impact and likelihood of each risk
 Decide what fraud risk responses are appropriate
 Key principles for managing fraud risks

 The Fraud Guide outlines five core

principles that organizations would be
well-advised to follow:
1. Fraud Risk Governance
2. Fraud Risk Assessment
3. Fraud Prevention and Detection
4. Fraud Reporting, Investigation, and Resolution
 Fraud Prevention and Detection

Prevention controls may include policies,

procedures, training and communication.
Detection controls may include manual or
automated activities that will recognize
timely that a fraud has or is occurring.
 Key principles for managing fraud risks

 The Fraud Guide outlines five core

principles that organizations would be
well-advised to follow:
1. Fraud Risk Governance
2. Fraud Risk Assessment
3. Fraud Prevention and Detection
4. Fraud Reporting, Investigation, and Resolution
 Fraud Reporting, Investigation and Resolution

 Establishing a reporting system to facilitate and

encourage reporting of potential fraud incidents
 Whistleblower system

 Establishing a sound investigation process

 Internal or external legal counsel.
 Other function in the organization

 Timely resolution will help ensure prosecution or

disciplinary actions can be taken
 Learning Objective 5

Define governance, risk management, and

control in the context of fraud.
 Governance Over the Fraud Risk
Management Program

 Developing corporate cultures

 Board ownership of agendas and information flow
 Access to multiple layers of management and effective
control of a whistleblower hotline
 Independent nomination processes
 Effective senior management team
 A code of conduct
 Board evaluation

1-34
 Governance Over the Fraud Risk
Management Program

 Roles and responsibilities

 Board of directors
 Management
 Employees
 The internal audit function

1-35
 Governance Over the Fraud Risk
Management Program

 Components of a fraud risk management program

 Commitment
 Fraud awareness
 An affirmation
 A conflict disclosure
 Fraud risk assessment
 Reporting procedures and whistleblower protection
 An investigation process
 Disciplinary and/or corrective actions
 Process evaluation and improvement
 Continuous improving

1-36
 Fraud Risk Assessment

 Involving individuals with varying knowledge

 Accounting and finance personnel
 Legal and compliance personnel
 Risk management personnel
 Internal auditors
 Other internal or external parties

1-37
 Fraud Risk Assessment

 Three key steps

1. Identify inherent fraud risks;
2. Assess impact and likelihood of the identified risk; and
3. Develop responses to those risks

1-38
 Learning Objective 6

Describe fraud prevention and detection

techniques.
 Fraud Prevention

Common elements in preventing fraud:

 Performing background investigations

 Providing anti-fraud training.

 Evaluating performance and compensation programs.

 Conducting exit interview.

 Authority limits.

 Transaction-level procedures.

1-40
 Fraud Detection

Common detection methods:

 Whistleblower hotlines

 Process control.

 Proactive fraud detection procedures.

1-41
 Fraud Investigation and Corrective Action

Steps in this stage

 Receiving the allegation

 Evaluating the allegation

 Establishing investigation protocols

 Determining appropriate actions

1-42
 Key principles for managing fraud risks

Steps in this stage

 Receiving the allegation
 Evaluating the allegation
 Establishing investigation protocols
 Determining appropriate actions
 Receiving the Allegation

 Received from various sources

 Should include a process for:
 Categorizing issues
 Confirming the validity of the allegation
 Escalating the severity of the allegation
 Referring issues outside the scope of the program
 Conducting the investigation and fact-finding
 Resolving or closing the investigation
 Listing types of information that should be kept confidential
 Defining how the investigation will be documented
 Managing and retaining documents and information
 Key principles for managing fraud risks

Steps in this stage

 Receiving the allegation
 Evaluating the allegation
 Establishing investigation protocols
 Determining appropriate actions
 Evaluating the Allegation

 Not all allegation of fraud prove to be acts

of fraud.
 Steps:
 Does the allegation require a formal investigation or is there
enough information now to draw a conclusion?
 Who should lead the investigation?
 Are there special skills or tools needed to conduct the
investigation?
 Who needs to be notified and when?
 Establishing formal protocols
 Key principles for managing fraud risks

Steps in this stage

 Receiving the allegation
 Evaluating the allegation
 Establishing investigation protocols
 Determining appropriate actions
 Establishing Investigation Protocols

• To ensure an investigation achieves its

objectives.
• Factors to be considered:
• Time sensitivity.
• Notification
• Confidentiality
• Legal privileges
• Compliance
• Securing evidence
• Objectivity
• Goals
 Key principles for managing fraud risks

Steps in this stage

 Receiving the allegation
 Evaluating the allegation
 Establishing investigation protocols
 Determining appropriate actions
 Determining Appropriate Actions

Possible actions include:

 Legal actions, whether criminal or civil
 Disciplinary actions, such as warning, demotions,
censure, suspension, or termination
 Insurance claims if losses from the act are covered by
insurance policies
 Redesign or reinforcement of processes and controls
that may have been inadequate designed or that
operated ineffectively, allowing the incident to occur.
 Learning Objective 7

Understand the behavioral aspects of

fraudsters.
 Potential red flags

 Exhibit a lifestyle that appears to be well beyond their

current means

 Are experiencing extreme financial problem and/or have

overwhelming personal debts.

 Are suffering from depression or other emotional

problems.

 Appear to have a gambling obsession.

 Have a need or craving for status, and believe money

can buy that status

1-52
 Learning Objective 8

Understand evolving responsibilities of the

internal audit function, including the
involvement of forensic accountants and
fraud examination specialists.
 Fraud Proficiency and Due Professional Care

 Standard 1210.A2 - Internal auditors must have sufficient

knowledge to evaluate risk of fraud and the manner in which it
is managed by the organization, but are not expected to have
the expertise of a person whose primary responsibility is
detecting and investigating fraud.

 Standard 1220.A1 – Internal auditors must exercise due

professional care by considering the … probability of significant
errors fraud, or noncompliance.

 Standard 2060 – the chief audit executive must report

periodically to senior management and the board on … fraud
risks…

 Standard 2120.A2 – the internal audit [function] must evaluate

the potential for the occurrence of fraud and how the
organization manages fraud risk.
1-54
 Opportunities For Insight

 Assist the organization in the development of

comprehensive fraud risk assessment.

 Develop processes for early detection fraud.

 Develop data analysis tools that can be used to detect

fraud in the early stages.

 Assist with the development of hotline call procedures.

 Provide fraud awareness training throughout the

organization.

 Act decisively on significant fraud events.

1-55
 Opportunities For Insight

 Assist in postmortem analysis when fraud occurs.

 Inform management of potential legal acts that are risks

to the organization.

 Assist management in developing a culture of ethical

behavior and low tolerance of fraud.

 Stay abreast and inform management of emerging issues

and developing issues related to compliance and
regulations.

1-56
End of Chapter 8

57