Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
“RAISE THE RED FLAG”AN AUDITORS WORKING GUIDE TO EVALUATING FOR FRAUD
Lynn Fountain, CGMA, [email protected]
1Copyright 2017 - Lynn Fountain - No duplication
Raise The Red Flag• RaisetheRedFlag combinesprinciplesandtheoriesoffraudpreventionanddetectionwithreal-worldscenariosandhands-onprocedures.
• Whetheryouaredeterminingyourinternalauditdepartment’spreparednesstosupportyourorganization’santi-fraudeffortsorinvestigatingactualallegationsoffraud, RaisetheRedFlag providesvaluabletechniquesandapproachesyoucanputintopracticerightaway.
• Withprofessionalskepticismandaquestioningmind,internalauditorswillknowwhentoraisetheredflag– andwhattodoaboutit
Copyright 2017 - Lynn Fountain - No duplication 2
Introduction• Thetopicoffraudcontinuestobeontheradarofinvestors,shareholders,andregulators.
• RecentfraudsurveybyKrollAdvisoryfoundthattheproportionofcompaniesthatsufferedanincidentwasapproximately75%.
• However,ongoingtechnologicaladvancesinITinfrastructure,newandemergingfraudmethodsarecontinuallybeingidentified.
3Copyright 2017 - Lynn Fountain - No duplication
Introduction• Auditorsarenotexpectedtohavethespecialtyexpertiseofforensicinvestigators.
• Shouldmaintainadequateknowledgeoftheaspectsoffraudandaskepticalmindwhenreviewingpotentialviolations.
• Fraudcontinuestoevolveandauditorsmuststayabreastofitsrootcausesandsuggestedmitigationandinvestigationtechniques.
• WhetheryouarepartofalargeIAorsmallIAgroup,itisimportantforallauditprofessionalstounderstandprocessesthatcouldinvolvefraud.
4Copyright 2017 - Lynn Fountain - No duplication
US Fraud Stats – Kroll Global Fraud Report
2015-2016 2013-2044Prevalenceofcompaniesaffectedbyfraud
75% 66%
Average% ofrevenuelosttofraud
.9% 1.2%
Areasoffrequentloss • Theftofphysicalassets–22%• Vendor, supplier,
procurement- 19%• Informationtheft,lossor
attack- 17%
• Managementconflictofinterest-21%
• Informationtheft,lossorattack–20%
• Theftphysicalassets–20%
Biggestdriverofincreasedexposure
• Highstaffturnover – 34%• Increasedoffshoringand
outsourcing– 15%• Increasedcollaboration
betweenfirms– 14%
• ITcomplexity– 44%
Copyright 2017 - Lynn Fountain - No duplication 5
Agenda• Thepsychologyoffraud.• Examinehowpastfraudincidentshaveimpactedtheauditor’srole.
• IPPFresponsibilitiestocomplywithfraud.• EmployingCOSO2013conceptswithininternalauditfraudwork.
• Understandingfraudredflags- actualfraudandcontrolgaps.
• Fraudevaluationvs.fraudinvestigation.• Newagedigitalfraud.• Fraudreporting.
6Copyright 2017 - Lynn Fountain - No duplication
PSYCHOLOGY OF WHITE COLLAR CRIMEConnection to Fraud Triangle and Fraud Diamond
7Copyright 2017 - Lynn Fountain - No duplication
Fraud Defined• Fraudisanyintentional actoromissiondesignedtodeceiveothers.• Resultsinthevictimsufferingalossand/ortheperpetratorachievingagain.
• Organizationdon’twanttobelievefraudcanoccurintheircompany.• Iffraudisidentified,thereisadesireto“handleitourselves”.
• Auditorsandorganizationsmustbeawareofcertainpsychologicalaspectsoffraud.
8Copyright 2017 - Lynn Fountain - No duplication
Companies affected by Fraud and Vulnerable To ITTypesofFraud %
Companiesimpactedinpast12months
%Describingthemselvesashighlyormoderatelyvulnerable
IPtheft 45% 37%
Theftofphysicalassets 22% 62%
Vendor, supplierorprocurementfraud
17% 49%
Information theft 14% 51%
ManagementCOI 12% 36%
Regulatoryor compliancebreach 12% 40%
Corruptionandbribery 11% 40%
Internal financialfraud 9% 43%
Companyfundmisappropriation 7% 40%
Moneylaundering 4% 34%
Marketcollusion 2% 26%
Copyright 2017 - Lynn Fountain - No duplication 9
Perpetrators ofknownfraud %offirmshitbyfraudwheresomeoneinnamedgroupwasperpetrator
Junioremployees 45%
Seniorormiddlemanagement 36%
Moneylaundering 34%
Agents andintermediaries 23%
Vendors,Suppliers 18%
JVpartners 8%
Regulators 7%
Customers 5%
Governmentalofficials 3%
Other 3%
Source: Kroll 2015/2016 Fraud Report
Top 5 Drivers of Increased Fraud Risk• Highstaffturnover– 33%• Increasedoutsourcing/offshoring– 16%• Entrytonew/riskermarkets– 13%• Complexityofproductsorservicessold– 11%• Increasedcollaborationbetweenfirms– 10%
Copyright 2017 - Lynn Fountain - No duplication 10
Source: Kroll 2015/2016 Fraud Report
Fraud Evolution• Whydoesthetopicoffraudseemsoprevalent?• Majorcorporatedownfalls,• Newlegislation/regulation,• High-profilecases,• Increasedfraudawarenessbyconsumers,
• Enhancedinformationtechnologyprocessesandcyberfraud,
• Moresophisticatedfraudsters.
11Copyright 2017 - Lynn Fountain - No duplication
Psychological Dynamics of Fraud• Isallfraudintoday’sbusinessworldconnectedafinancialloss?• Ultimatelyitmaybeextrapolatedtosomelossbutistherealternativemotivepossibilities?• Doeseveryonesharethesamemoralcompass?• Howdoindividualsdefinewhatisright/wrong?• Iseverythingalwaysblackandwhite?(Shouldmedicalmarijuanabelegal?)
• Howdoperceptionsimpactreality?• Howdotoday’spressuresimpactthepsychologyofindividualswhomaycommitfraudulentacts?
12Copyright 2017 - Lynn Fountain - No duplication
Fraud Theories
Fraud Triangle Fraud Diamond
13Copyright 2017 - Lynn Fountain - No duplication
Think Out of The Box• Thefraudtrianglelistspressureasthefirstlegwithopportunityandrationalizationfallingnext.
• Today’sbusinessenvironmentbegsthequestionofwhether“pressure”istrulylegone.
• Individualswhoperpetratefraudmaydosobecausetheyfirst:• Recognizethe“opportunity”andthen…• Findsomewayto“rationalize”theirbehavior.
• Pressureiscertainlyanelementbutmaynotalwaysbethedrivingforce.
14Copyright 2017 - Lynn Fountain - No duplication
Opportunity Considerations• Auditorsrecognizeopportunitycantiecloselytopoorlydesignedcontrols,controlgapsorcontrolavoidance.
• Controlgapscreateopportunityforthefraudstertotakeadvantageofanduseittoperpetuatefraud.
15Copyright 2017 - Lynn Fountain - No duplication
Opportunity Considerations• Opportunityextendsbeyondthisdefinedconcept.
• Personwhoidentifiesopportunitytoperpetuateafraudthroughapoorlydesignedcontroldoesnotnecessarilyhavetobeapersoninatrustpositionoracurrentfinancialpredicament.
• Inoriginalfraudtriangletheory,thepersonmustseesomewayhecanusehispositionoftrusttosolvehisfinancialproblemwithalowperceivedriskofgettingcaught.
16Copyright 2017 - Lynn Fountain - No duplication
Added Dimension: Capability Concept• Individualswhocommitfraudhavecertaintraitsthatallowthemtohavethecapability tocarrythroughontheiractions.
• Technical skillstounderstandopportunityandtakeadvantage.
• Coercionskillstoconvinceotheremployeestomisstateinformation,becomplicitin/concealthefraud,orassistwithcarryingouttheactualfraud.
• Deceptionskillstolieandmaintainlieovertime.
17Copyright 2017 - Lynn Fountain - No duplication
Added Dimension: Capability Concept• Ability todealwiththestressofcontinuingthedeception.
• Organizationalpositioning providesopportunitynotavailabletoothers.
• Intelligencetounderstand/exploitinternalcontrolweakness.
• Egotobelievetheywillnotbedetected.• Stressmanagementskillsthatallowthepersontomanagestresswellasthefraud.
18Copyright 2017 - Lynn Fountain - No duplication
The Psychology Behind Fraud• Auditorlesson- takethecapabilitytraitsintoconsiderationwhenattemptingtoprioritizeormeasurethefraudthreatpotentialofidentifiedcontrolweaknesses.
• Inclusionofthisconsiderationmayassisttheauditorinappropriatelycalibratingcontrolfindings.
• Considerhowyourorganizationsetstheir“moralcompass”.
• Doesmanagementuseconsistenttheorieswhendetermining“whatisright”?
19Copyright 2017 - Lynn Fountain - No duplication
Examples – Digging Deeper• AuditorInquiry:“Tellmeabouthowtheresourcingforyourdepartmenthasbeenmanagedoverthepastfewyears.”
• Listenfor“clues”thatrepresentpressureonresourcingissues.• Indicationofhighturnover?Canyouidentifyrootcause?• Constraintstofillopenpositions?Impactonemployees?Excessiveovertime?Areemployeesrequiredtoonresponsibilitiesnotpartofnormaljob?
• ResourcingissuesduetoLTperiodsofPTObycertainemployees– isthereunduepressureonotheremployees?
• Isthereexcessiveovertimewhichmayputpressureonpersonnel?Isthereareasonwhythedepartmenthasnotbeenabletoaddresources?
20Copyright 2017 - Lynn Fountain - No duplication
Lessons Learned• Rememberthefraudtriangle!
• Rationalization,opportunity,pressure.• Considerimplicationsofthefrauddiamond.• Managementmustmakebesteffortstodefineblackvs.white.(Difficultconcept).
• Leavingjudgmentsopenforinterpretationwillimpactoutcomes.• Withoutcleardefinitionoutcomesbecomedependentonindividualmoralities.
• Theclearerthepath……
Copyright 2017 - Lynn Fountain - No duplication 21
Past Fraud Incidents
Copyright 2017 - Lynn Fountain - No duplication 22
2000
SECallegesEnronFalseFilings
Xeroxfalsifiedearningsfor5years
2001
SECinitiatesEnroninvestigation
BristolMyersinflatedrevenuesby$1.5M(channelstuffing
2002
AAConvictedandbeginstofallapart
Adelphia($3.1Binoffbalancesheetloans
AOL,Tyco,WorldComScandal
CMSEnergyRoundTripTrades
2003
MassiveMutualFundFraud
HealthSouthindictedon85countsofconspiracy
MarthaSteward
FreddieMacEarningSmoothing
HCApays$1.7Btosettle9yearfraud.
2004-2006
FannieMaetorestateearningsbackto2001
Stewardconvicted
Ebbersconvicted
Skilling/Layconvicted
Broadcomandoptionsscandal
Past Fraud Incidents
Copyright 2017 - Lynn Fountain - No duplication 23
2007
NewCenturyandBearSternsBankruptcy
FannieMaylossescontinue
WSJaccusesbanksofLiborScandal
SalyamCEOresignsandadmitsfraud
Madoffsentencedto15years
2010
FormerLouisianaUniversityDeanpleadsguiltytofraud
BPagreestopay$20B
AuditorsforWAMUtestifyinfrontofcongress
2008-2009 2011
J&Jagreesto$77MFCPAsettlement
FirstcompanyconvictedunderFCPA
DirectoratGoldmanSach,pays$10Mtosecurebailforchargesofinsidertrading.
Olympusscandal
2012-2013
GlaxoSmithKlinefraud
CapitolOnefined$210Mdeceivingcustomers
Wal-MartAllegations
FiestaBowlchiefguiltyfunnelingpoliticalcontributions
BestBuyScandalLiborRigging
911Firefighterdisabilityfraudclaims
Targetcreditcardhacking
Past Fraud Incidents
Copyright 2017 - Lynn Fountain - No duplication 24
20162014- 2015
Portfoliomanager- SACCapitalAdvisershedgefundfoundguiltyon5countsofinsidertrading.Resultedinconvictionsof77people.
JPMorganChasepaid$2.6BtotheU.S.govt.B.MadoffvictimstosettleallegationsthebankfailedtotellauthoritiesaboutsuspicionsoffraudatMadoff'sfund.
WorldHealthAlternativesCEOsentencedfor$41Mfraudscheme.
TheIRSpaid$3.6Binfraudulenttaxrefundstoidentitythieves.
Sept.2016,MichaelHudson orderedtopayrestitutionof$3.1MtoFrisch’sRestaurant,$505KtoTravelersInsuranceand$970KtotheIRSforwirefraudandfalseIRSreturns.
LogitechInternationalpaid$7.5Mforfraudulentlyinflatingfiscalyear2011financialresultstomeetearningsguidanceandcommittingotheraccounting-relatedviolationsduringa5yr.period.
ThreeexecutivesatEner1paidpenaltiesforthecompany’smateriallyoverstatedrevenuesandassetsforyear-end2010andoverstatedassetsinthefirstquarterof2011.
FRAUD AND THE IPPF FRAMEWORK
Copyright 2017 - Lynn Fountain - No duplication 25
Auditors and the IPPF• Asinternalauditors,welooktoTheIIA’sIPPFtoguidehowwecanmosteffectivelyexecuteourresponsibilities.
• ThemannerinthesestandardsareappliedmayvarydependentonmanyfactorsincludingIA’sstatedcharterandstaffing.
• Fraudandallofitsimplicationsisoneofthoseareasthathasbeenmanagedavarietyofwaysbyorganizations.
• WiththeimpetusoftheCOSO2013updateorganizations’responsibilitiesforassessingtheriskoffraudhavebecomeclearer.
26Copyright 2017 - Lynn Fountain - No duplication
IPPF Standards Related to Fraud• DoesyourorganizationunderstandandrecognizetheIIAstandardrequirements?
• WhenwasthelasttimeyoureviewedtherequirementswithyourCFO/CEOorauditcommittee?
• Manyauditcommittee’sandmanagementdonotfullyunderstandandembracetheIIAstandards.Why?
Copyright 2017 - Lynn Fountain - No duplication 27
Auditors and the IPPF• InternalauditorscanapplytheprinciplesinCOSO’s2013tosolidifytheirroleandhowtheyworkwithmanagementonvariousfraudinitiatives.
• AuditorsshouldensuretheirworkdirectlysupportstheStandards,includingStandard2120.A2,RiskAssessment:• “Theinternalauditactivitymustevaluatethepotentialfortheoccurrenceoffraudandhowtheorganizationmanagesfraudrisk.”
• HowdoesyourorganizationmeetStandard2120.A2?
28Copyright 2017 - Lynn Fountain - No duplication
When Management Objects?• Managers mayperceivethatincluding“fraud”testsduringanauditreflectsbadlyontheirabilitiestomanageaprocessarea.• Includingfraudtestsmayseemlikeanaccusationaboutimproperactsoccurringwithintheirsphereofcontrol.
29Copyright 2017 - Lynn Fountain - No duplication
When Management Objects?• IAmustbeabletoprovidemanagementwithsufficientinformationaboutwhysuchevaluationsareappropriate.
• ConsiderclarifyingtheIndividualObjectivityStandard1210.A2:• “Internalauditorsmusthavesufficientknowledgetoevaluatetheriskoffraudandthemannerinwhichitismanagedbytheorganization,butarenotexpectedtohavetheexpertiseofapersonwhoseprimaryresponsibilityisdetectingandinvestigatingfraud.”
30Copyright 2017 - Lynn Fountain - No duplication
IPPF Standards and Auditor’s Challenge• TheIIAisnotalawmaking/enforcingbody.• Theyestablishguidelinesandstandardsthatarenotalwaysrecognizedbyallorganizations.
• Therearenopenaltiestoorganization’sfornotfollowingstandards.
• Auditor’sdonotcarrya“licensetopractice”
• ProfessionisnotviewedinthesamemannerasthosethatmaycarryalicensetopracticelikelawyersandCPAs.
Copyright 2017 - Lynn Fountain - No duplication 31
IPPF Standards• Auditorsmusttakeapro-activeapproachtoeducatingmanagementandtheboardontheIIAstandardsandrelatedbenefits.
• Thisincludesensuringmanagementunderstandsthestandardsrelatedtotherequirementsforfraudevaluations.
• HOWEVER– InternalAuditmustensuretheyarequalifiedandpreparedtoengageinthevarioustypesoffraudrelatedwork.• Don’tjustdoitbecauseitsoundsinteresting.
• WhatroleshouldIAplay?
Copyright 2017 - Lynn Fountain - No duplication 32
1. ClarifytomanagementtheIPPFstandards.2. Establishinternalprocedurestosupportinternalauditors
whenexecutingoncompetencyandprofessionalskepticism.3. Haveastructuredfraudmethodologyinplaceforinternal
audit.4. Ensureprofessionalsassignedtofraudworkhavethe
organizationalknowledgeandperceivedstandingtoadequatelyexecuteontheirprofessionalskepticism.
5. Neversendanauditoronafraudinterviewalone.6. Encourageauditorstocheckthefactstwiceand assess
evidencewithoutbeingoverlycriticalorsuspicious.7. Followalltrailsofevidence.
Copyright 2017 - Lynn Fountain - No duplication 33
Potential Steps• ClarifytomanagementtheIPPFstandards.
• Internalauditorshaveguidelinesjustlikelawyersanddoctors.
• Ensureyourgrouphastheabilitytomeetthecompetencystandardsrelatedtofraudevaluations.• Ifyoudon’thaveadequatequalifications,executionmaybeadifficultthing.
• Establishinternalprocedurestosupportinternalauditorswhenexecutingoncompetencyandprofessionalskepticism.
34Copyright 2017 - Lynn Fountain - No duplication
Internal Steps• Haveastructuredfraudmethodologyinplaceforinternalaudit.• Methodology shoulddefinehow,when,whyetc.youwillgetinvolvedwithissuesthatmaybeinvolvedinfraud.
• Protocol shouldincludecommunicationprocedureswithmanagement,theboardandanyregulatoryauthorities.
• Involve yourLegalgroup– Knowtherulesofevidence.• Understandthedifferencebetweenidentifyingredflagsandidentifyingfraud.
• Knowthedifferencebetweendoingafraudinvestigationversusafraudevaluation.
• Understand thetypesoffraudprevalentinyourindustry.
Copyright 2017 - Lynn Fountain - No duplication 35
Internal Steps• Ensureprofessionalsassignedtofraudworkhavetheorganizationalknowledgeandperceivedstandingtoadequatelyexecuteontheirprofessionalskepticism.
• Acknowledge noteveryoneusesthesameapproach.• Noteveryonewillcometothesameconclusionormakethesameintuitiveinterpretation.
• Quickestwaytostopprofessionalsfromexercisingaquestioningmindistotightentheropeeverytimeamisjudgmentoccurs.
36Copyright 2017 - Lynn Fountain - No duplication
Internal Steps• Neversendanauditoronafraudinterviewalone.
• Evenanexperiencedauditor,canhaveahesaid/shesaidexperience.
• Encourageauditorstocheckthefactstwiceand assessevidencewithoutbeingoverlycriticalorsuspicious.
• Executingprofessionalskepticismrequiresemployingabalanceofquestioningmindandensuringfactsarecorrect.
• Managementmaydistrustobservationsofauditorswhojumptoconclusionsordonothaveallthefacts.
37Copyright 2017 - Lynn Fountain - No duplication
Internal Steps• Followalltrailsofevidence.
• Itcanbetemptingtoacceptanansweratfacevalue.• Remember,oneperson’sperceptionofblack/whitemaybedifferentthananotherperson’s.
• Itisnotsufficienttointerviewonlytoplevelexecutives.• Ifyouquestionaccuracyoftheinformation,youmustuseduecaretofollowuponthatquestion.
• Importanttoindependently/objectivelypursueallavenuesofinquiry.
38Copyright 2017 - Lynn Fountain - No duplication
INTERNAL AUDIT’S RESPONSIBILITY
39Copyright 2017 - Lynn Fountain - No duplication
Determining Your Role• ConsiderFraudAwareness:
• Fraudawarenesswithinanorganizationassistsinminimizingcollusionactivities.
• Personnelbecomeawareoftheconsequencesofbecominginvolvedintheunacceptablebehavior.
• Lackofawarenesstacticsislikeasilent“acceptance”ofbehavior.
• Toexecutefraudawarenessroll,auditor’smustunderstandthebusiness.• Understandthemanytypesoffraudthatcanoccurinyourindustry.
• Obtainstatisticsonfraudincidentsandemergingtrends.
40Copyright 2017 - Lynn Fountain - No duplication
Internal Audit’s Role• Whatarethekeystoright-sizingIA’sresponsibilityforfraudactivities?• Intoday’sworldofdoingworkfaster,moreefficiently,andwithfewerresources,itisdifficulttobalancerequirements.
• Theunexpectedoftenoccursandresourcesgetpulledindifferentdirections.
• Participationinfraudworkcanbeoneofthoseareaswheretheunexpectedoccursandtimeallocationisnotsufficient.
• Considerthesestepsandwhendefiningyourroleandtimeallocation.
41Copyright 2017 - Lynn Fountain - No duplication
Types of Roles• Considerthepotentialthattheremaybea“requiredrole”anda“potentialrole”forIAwhenitcomestofraudwork.• Requiredrole:MeettheintentoftheIIARiskAssessmentStandard.
• Potentialrole:Involvementinfraudevaluations,investigationsorholisticriskassessments.
Copyright 2017 - Lynn Fountain - No duplication 42
Required Role• MeetingStandard2120.A2:Theinternalauditactivitymustevaluatethepotentialfortheoccurrenceoffraudandhowtheorganizationmanagesfraudrisk.
• Considerthismeansmorethanperiodicevaluationthroughtheannualauditassessment.
• Whatwouldbeinvolvedinfulfillingtherequiredrole?
Copyright 2017 - Lynn Fountain - No duplication 43
Potential Steps: Required Role• Internalauditmusthaverelevantmethodologiesinplacerelatedtothefollowing:• Inclusionoffraudriskevaluationwithintheannualauditplan.
• Providedirectionforevaluationofthepotentialforfraudriskwithineachindividualaudit.
• Includeaprotocolforauditorstofollowwhenredflagsareidentifiedeitherduringanauditorthroughanotherindependentmanner.
Copyright 2017 - Lynn Fountain - No duplication 44
Potential Steps: Required Role• Internalauditmustprovideadequatesupportforstaffincluding:• Ensurestaffhaverequiredtrainingandunderstandingtoevaluatethepotentialforfraudredflags.
• Ensurestaffcanadequatelyexecuteprofessionalskepticismwhenexecutingprojects.
• Ensurestaffunderstandthesensitivitiesofthetopicandthepropercommunicationprotocols.
Copyright 2017 - Lynn Fountain - No duplication 45
Defining Potential Role • DoestheIAdepartmenthaverelevantpersonnelexpertise?
• DoesdepartmentalCFEhavethe“experience”tobeinvolvedinsignificantfraudinvestigations?
• Isthereaprotocolforhowtimewillbeassignedandreallocatedintheeventafraudprojectarises?• Willcompletionoftheauditplanbeimpacted?• Howdoesmanagement/auditcommitteeviewIA’srole?
• WhatdoesyourIAchartersay?• Whatisthelegaldepartment’sroleandwhomanagesthehotline?
• Isthereacleardefinitionofvariancebetweenfraudevaluations/fraudinvestigationsandrequirementsofeach?
Copyright 2017 - Lynn Fountain - No duplication 46
Steps: Potential Role1. Ensureroleisagreedtoby
managementandtheAC.2. Developaninternalholisticfraud
methodologythatdifferentiatesbetweenassessments,evaluationsandinvestigations.
3. Definerequirementsforeachtypeoffraudwork.(e.g.:auditorskillset,background,needforspecialtyexperience).
Copyright 2017 - Lynn Fountain - No duplication 47
Steps: Potential Role4. Identifyhowprojectswillbe
resourced(e.g.internally,externally).5. Establishapre-defined
communicationprotocolforvarioustypesoffraudwork.(Knowwhenanevaluation,investigationorassessmentshouldbemovedtothenextstep).
6. Haveadefinedmethodologyforprojectdocumentation.(Knowwhentoconsultwithlegal).
Copyright 2017 - Lynn Fountain - No duplication 48
Steps: Potential Role7. EnsureprofessionalsinIA
assignedtofraudworkhavetherequiredexperience,organizationalknowledgeandperceivedstandingtoadequatelyexecuteontheirprofessionalskepticism.
8. Ensureauditorshavethepropersupport(resourcesandmoral)relatedtotheproject.
Copyright 2017 - Lynn Fountain - No duplication 49
Steps: Potential Role9. Encourageauditorstocheckthe
factstwiceandassessevidencewithoutbeingoverlycriticalorsuspicious.
• Executingprofessionalskepticismrequiresemployingabalanceofaquestioningmindandensuringallfactsarecorrect.
• Managementmaydistrustobservationsofauditorswhojumptoconclusionsordonothaveallthefacts.
Copyright 2017 - Lynn Fountain - No duplication 50
Right-Sizing Steps1. Clarifyyourdepartmentcharter.
• ClarifytheroleIAwillplayinfraudawarenessanddetection.• Determinehowthatrolewillworkwithinyourauditplan.
2. ValidatethattheACandmanagementagreewithrole.• EnsurerolesasidentifiedinthecharterarefullyunderstoodbytheACandmanagement.
• Ifthereisa“dropeverything”perceptionwhenitcomestotheneedforIAtobeinvolvedinafraudinvestigation,thismustbeclearlyunderstoodbymanagementandtheboard.
51Copyright 2017 - Lynn Fountain - No duplication
Right Sizing Steps3. Evaluatetheneedforfraudspecificauditors.
• Ifthecompanyisinahighriskfraudindustry,IAmayhavededicatedfraudauditors.
• Whenplanningworkload,don’tfallintotrapofonlyconsideringpasthours.Circumstanceschange,businessevolve.Timeallocationresourcesmayneedtochange.
4. Beproactivewhenidentifyingtheneedforoutsideexperts.• Ifyourcharterincludesinvolvementinfraudinvestigations,butIAdoesnottypicallyhaveresourcesfortheeffort,ensurethecharterprovidestheabilitytoenlistoutsideexperts.
52Copyright 2017 - Lynn Fountain - No duplication
Right Sizing Steps5. Assessneedtouseothersubjectmatterexperts.
• Assistanceofindividualsfromotherbusinessareas.• Establishrelevantrelationshipsupfront.(Subjectmatterexperts)
6. Considerallocationof“specializedhours”asaplaceholder.• Isthis“padding”theauditplan?• Theallocationof“specializedhours”canincludecomplianceissues,regulatoryissues,orfraudinvestigations.
• Ensureyouhaveadequatelyassessedyourpotentialneedsfortheauditplanandsupportitwithyourfraudriskassessment,pastexperience,andevaluationofongoingandemergingrisksinyourbusiness.
53Copyright 2017 - Lynn Fountain - No duplication
COSO 2013 AND THE CRITICAL LINK TO FRAUD
Copyright 2017 - Lynn Fountain - No duplication 54
COSO and Fraud• WhenexaminingtheCOSO’sdefinitionofCE;akeyphrasehelpsunderstandhowandwhythetopicoffraudcanimpactanorganizationscontrolenvironmentandculture.• “Thecontrolenvironmentsetsthetoneofanorganization,influencingthecontrolconsciousnessofitspeople. Itisthefoundationforallothercomponentsofinternalcontrol,providingdisciplineandstructure.”
Copyright 2017 - Lynn Fountain - No duplication 55
COSO and Fraud• Whenexecutingyourfiduciarydutyrelatedtofraudevaluations,rememberconceptsoftheIIAstandardsaswellasCOSO2013andprinciple8.• Challenge:HowdoyoumeetthePrincipleonFraudrelatedtoCOSO2013.
Copyright 2017 - Lynn Fountain - No duplication 56
COSO and Fraud• Keyphrase
• “influencingthecontrolconsciousnessofitspeople”.
• Phraserecognizessomeoftheattributesidentifiedinthefraudtriangle-rationalizationandpressure.
• Anotheremergingphilosophyisthefrauddiamondandrequirestheconsiderationof“capability”asacomponent.
Copyright 2017 - Lynn Fountain - No duplication 57
8. Organization considers the potential for fraud in assessing risks to the achievement of objectives.
Risk Assessment
COSO 2013 Principles
• Principle 8 possesses the most direct tie to managements responsibility for fraud processes.
Copyright 2017 - Lynn Fountain - No duplication 58
Points of Focus• Considers various types of fraud• Assesses incentive and pressures• Assesses opportunities• Assess attitudes and rationalizations
Principle 8 - Point of Focus
• Doesyourorganizationassessthepotentialforalltypesoffraudincluding:• Fraudulentreporting(financialandoperational),• Corruptionfrommisconduct,• Incentives/pressures,• Opportunitiesforunauthorizedacquisition,useordisposalofassetsorassetloss,
• Alteringoftheentity’sreportingrecords,• Howmanagementandotherpersonnelmightengageinorjustifyinappropriateactions.
Copyright 2017 - Lynn Fountain - No duplication 59
FRAUD RED FLAGS –ACTUAL FRAUD VS. CONTROL GAPS
60
Variance• FraudRedFlags arewarningsignsthatmayindicateahigherfraud risk.
• TheyareNOT evidencethatfraud hasoccurred.• Acontrolgapdoesnotmean“fraud”occurred.• Internalauditorsmustrecognizethedifferenceandbecautiouswhenevaluatingandreportingoncontrolgapsvs.fraudredflags.
• Ifitisaredflag– canyouidentifythepotentialimpactandlikelihood?• Howwillyouevaluatewhethertherecouldbepotentialmisdoingsorwhetheritisaninternalcontrolgap?
Copyright 2017 - Lynn Fountain - No duplication 61
Fraud Red Flags • Financialstabilitythreatenedbyeconomic/industry/operatingconditions.
• Recurringnegativecashflows/inabilitytogeneratecashflow.• Excessivepressureonpersonneltomeetfinancialgoals.• Significantaccountsoroperationsintax-havenjurisdictions.• Complex/unstableorganizationalstructure.• Inadequateorineffectiveinternalcontrols.• Excessiveinterestbymanagementinmaintainingorincreasingstockprice/earningstrend.
• Managementfailuretocorrectknownreportableconditions.• Recurringattemptsbymanagementtojustifymarginal/inappropriateaccounting.
Copyright 2017 - Lynn Fountain - No duplication 62
Fraud Red Flags• Unusual/suspiciousitemsinvolvingaccountingrecords.
• Missingdocuments,excessivevoidsorcredits.• Commonnames,telephonenumbers,oraddressees.• Counterfeit/alterationsofdocuments.
• Managementoverrides,topsidedentries.• JEadjustmentsatornearendofreportingperiod.• Unusualrequestsmadenearcloseperiods.• Significantestimatesthatdeviatingfromtrends.• Transactionsoutsidenormalcourseofbusiness.• Shakethetrees!!!
Copyright 2017 - Lynn Fountain - No duplication 63
Anti-Fraud Controls• Thepresenceofanti-fraudcontrolsiscorrelatedwithsignificantdecreasesinthecostanddurationofoccupationalfraudschemes.
• Victimorganizationsthatimplementanyofthecommonanti-fraudcontrols,experiencelowerlossesandtime-to-detectionthanorganizationslacking.
• Don’tcloseyoureyes…..don’tassumeitissomeoneelse'sworry….speakup…..
Copyright 2017 - Lynn Fountain - No duplication 64
EVALUATIONS VS. INVESTIGATIONS
Copyright 2017 - Lynn Fountain - No duplication 65
Evaluation vs. Investigation• Evaluations– systematicexaminationsofanarea’smerit,worthandsignificance.• Usesspecificcriteriagovernedbyasetofstandards.• Primarypurposeistogainaninsightintoanareatoenablemorein-depthanalysis
• Resultinganalysiswillhelpidentifyrootcausesandgapsincontrols.
• Investigation– thescientificmethodofgatheringandexamininginformationaboutaparticulareventtodetermineandfinalizeanassessment.
Copyright 2017 - Lynn Fountain - No duplication 66
Evaluations• Evaluationsmayoccurinthenormalcourseofanaudit:
• Anomaliesinaprocessareidentifiedandfurtherreviewiswarranted.• Intheseinstances,theevaluationfocusesonaspecificprocessareaorpossiblyevenagroupofindividuals.
• Observationsareresultofindividualaudits.• Iffraudriskisincludedinanaudit,evaluationmayidentifytheneedforfurthertargetedresearch.
Copyright 2017 - Lynn Fountain - No duplication 67
Evaluation Considerations• Complexityoftheprocess.• Howthetransactionflows.• Sophisticationofthesystem.
• Legacysystems• NewSystems
• Hastheprocessareexperiencedpastissuesthatappeartobesystematicorarenotaddressed?
• Understandthecontrolenvironmentoftheprocessandpersonnelinvolved?
Copyright 2017 - Lynn Fountain - No duplication 68
Investigation• Investigationmayentail:
• Interviews/observationsdesignedtogainrelevantevidencetoprovecasefacts.
• Backgroundcheckofallegedperpetrators.• Subpoenasforspecificdocumentaryevidence:bankrecords,titlesearches,otherlegaldocumentsnotreadilyaccessible.
• Assetsearchestodetermineownershipissues.• Recordanalysestoevaluateddocumentationofinformationrelatedtotheallegeact.
• Surveillanceofspecificprocessorindividuals.• Interrogationofspecificpersonnelwhomayhaveknowledgeoftheincident.
Copyright 2017 - Lynn Fountain - No duplication 69
THE NEW AGE DIGITAL FRAUD
Copyright 2017 - Lynn Fountain - No duplication 70
The New Age Digital Fraud• Digitalfraudstersareonestepahead.Fraudsterstakeadvancedstepswithknowledgefromthedigitalworld.
• Digitalfraudhascreatedseamlessboundarieswhichincreasetheperpetuationoffraud.
• Whatisdigitalfraud?• Webcrawlers,chatroomormaliciousbots,• Automatedprogramsthatrunovertheinternet• Digitalnetworksthattransmitvoice,video,data• Identifytheftandcreditcardtheft,securitycodehacking• E-mailscams,• Thelistisendless…• SeeAppendix
Copyright 2017 - Lynn Fountain - No duplication 71
Cyber attack realities• Noturnkeycybersolution.• Buildafortressbutsecureitfromtheinside.
• Notedlackofinvestmentininternalmonitoringsystems.• Datalossisasymptomofabiggerproblemtobeinvestigated.
• Mustinvestigatetofindthesourceandtoexplaintotheregulatorhowyouhavefixedtheproblem.
• Theattackeroftenstaysinthesystemaftertheattack.• Thegoalofonlineattackersistostaywithinasystemforaslongastheycan.Attackedsystemsmustbemonitored.
• Cyberfatigueisreal,butnotanexcuseforinaction.• Inabilitytoaddresswillencouragethefraudsterstocontinuetomoveforward.
Copyright 2017 - Lynn Fountain - No duplication 72
Cryptocurrency• Cryptocurrencygoesbymanygenericnames.• Itisoftenreferredtoasvirtualcurrency.• ThesimplestdefinitioncomesfromFinCEN:
• “‘virtual’currencyisamediumofexchangethatoperateslikeacurrencyinsomeenvironments,butdoesnothavealltheattributesofrealcurrency.Inparticular,virtualcurrencydoesnothavelegaltenderstatusinanyjurisdiction.”
• Transactionanonymityandirreversibilityofpayments,havemadethesecurrenciesattractivetocyber-criminals,drugdealers,moneylaunderersandthoseinvolvedinglobalfraud.
• Commonexampleisbitcoins.
Copyright 2017 - Lynn Fountain - No duplication 73
Bitcoin• Bitcoinsarenotissuedbyacentralbankorgovernment,butarepurchasedfromaBitcoinexchanger.• ExchangersacceptconventionalcurrenciesandexchangethemforBitcoinsbasedonafluctuatingexchangerates.
• Bitcoinsarestoredinadigitalwalletassociatedwith“theuser’sBitcoin‘address,’analogoustoabankaccountnumber,whichisdesignatedbyacomplexstringoflettersandnumbers.”
• ABitcointransaction,whichtakestheformofatransferofvaluebetweenBitcoinwallets,isrecordedinapublicledgercalleda“blockchain”.
Copyright 2017 - Lynn Fountain - No duplication 74
Benefits of Bitcoin for Fraud• Virtualcurrenciesrepresentachallengeforlawenforcement.• Theyposetheriskofcriminalactivities,includingmoneylaundering,tradinginillicitdrugsandglobalfraud.
• Thefollowingtraitsmakevirtualcurrenciesattractivetothefraudster:• Anonymityoftransaction• Globalreach• Speed• Non-reversible• Difficultforauthoritiestotrack
Copyright 2017 - Lynn Fountain - No duplication 75
Identity Theft• Broadlydefinedastheuseofoneperson’sidentityorpersonalidentifyinginformationwithoutthepersonspermission.
• Canbecommittedagainstanindividualororganization.• Thefederalcriminaldefinitionofidentitytheftiswhensomeone”knowinglytransfers,possesses,oruses,withoutlawfulauthority,ameansofidentificationofanotherpersonwiththeintenttocommitfraud.
Copyright 2017 - Lynn Fountain - No duplication 76
Identity Theft• Until1996,identitytheftwasnotrecognizedasacrimeatthestatelevel.
• ArizonawasthefirststateintheUnitedStatestopasslawsagainstidentitytheft.
• OnMay10,2006,PresidentBushissuedExecutiveOrder13402thatestablishedtheIdentityTheftTaskForce.
• Manytypesofidentitytheft:
Copyright 2017 - Lynn Fountain - No duplication 77
CriminalIdentityTheft
MedicalIdentifyTheft
InsuranceIdentifyTheft(Auto,Homeowners,Life,Business, Malpractice)
ChildIdentityTheft
ProfessionalIdentity Theft
BusinessIdentityTheft
NewAccountFraud
AccountTakeover
Cloning CreditCardIdentity
SyntheticIdentity GovernmentBenefitsTheft
Governmentdocumentsidentify theft
EmploymentFraud
UtilityFraud Bankruptcy
TaxReturnIdentity
Digital Fraud Summary• Digitalfraudisadvancingfasterthanthebusinessworldprefers.• Organizationsmustbediligentinunderstandingcyberthreatsandthevarioustypesofdigitalfraudthatcanoccur.
• Organizationsshouldestablishadigitalfraudriskinventory.• WorkwithmanagementandtheCIOtounderstandwhatareastheorganizationcanbeexposedtodigitalfraud.
• Ensurerelevantfocusisplacedonthisemergingrisk.• Ifyoudon’thavetheresources– findthem.
• BecautiouswhenusingoutsourcedprovidersandrelyingonSSAE16ServiceOrganizationControlReports(SOCReports).
Copyright 2017 - Lynn Fountain - No duplication 78
FRAUD REPORTING
Copyright 2017 - Lynn Fountain - No duplication 79
Conceptual Reporting Thoughts• Buildingaframeworkforafinalreportingprotocolisbeneficialandcanassistinensuringprocessesfollowconsistentandestablishedsteps.• Forgetthe“F”word• Revisitthefacts• Accountforthedetail• Understandanypoliticalorsensitivereportingimplications• Don’t“accuse”unlessyoucanactuallyprove.
Copyright 2017 - Lynn Fountain - No duplication 80
Reporting Considerations• Formalreportingofinvestigativeprocessthatmayhaveimplicationsoffraudwillbesensitive.Auditormustremember:• Formalreportsareretainedoninformationsystems.• Considerconfidentialityrequirements.• Written/formalreportsareseenbyBOD/legalcounsel.Liketheinternet,reportswrittenexistforperpetuity.
• AfraudevaluationcompletedbyIAmaynotlenditselftonormalreportingprotocols.
• Determinebestmethodofcommunicationofthefacts.• Maybeinaformalmemo,PowerPointorevenformalverbalpresentation.
Copyright 2017 - Lynn Fountain - No duplication 81
Reporting Considerations• Willtheissuehavelegalimplications?• Doesanypartoftheevaluationcomeunderlegalprivilege?• Isthereportdiscoverablebyoutsideparties?• Doestheevaluationrequireaformalwrittensummaryasasourceofevidence?
• Whoaretherecipientsofthereport?
Copyright 2017 - Lynn Fountain - No duplication 82
Lessons Learned• Rememberthefraudtriangle!
• Rationalization,opportunity,pressure.• Considerimplicationsofthefrauddiamond.• Managementmustmakebesteffortstodefineblackvs.white.(Difficultconcept)
• Leavingjudgmentsopenforinterpretationwillimpactoutcomes.• Withoutcleardefinitionoutcomesbecomedependentonindividualmoralities.
• Theclearerthepath……
83Copyright 2017 - Lynn Fountain - No duplication
APPENDIXTOP 10 SCAMS OF 2017
84
2017 Top Scams• Techsupportscams
• Calleraskforaccesstoyourcomputertofixaproblem.• Fake/counterfitmerchandiseschemes
• Scammerssetupgenericonlinestoressellingnamebranditemsormimicwebsitesofbignamebrands.
• Scammerssellfakeorcounterfeitproductsatsignificantlyreducedpricesdesignedtoattractbuyerslookingforbigdealsonnamebrandmerchandise.
• PetsforSaleScams• Fakewebsitesclaimingtobeassociatedwithpetadoption/animalnurseries.Offerpetsforadoptionorsaleatpricessignificantlybelowthenorm.
• Victimstoldtheymustpayforatleasttheinsurance,shippingandotherservicesforprocessinganddeliveringthepets.
• Victimsarerequiredtomaketheirpurchasesand/orpayfeeswithnon-returnablecash-likeformsofpayment.
Copyright 2017 - Lynn Fountain - No duplication 85
2017 Top Scams• GrantScams
• Acquireconsumerpersonaldetailsfromunsuspectingadvertisingagencieswhorunleadgenerationcampaignstargetingconsumersinneedofloans.
• ThencontactthepeoplefromtheselistsandclaimtheyrepresenttheU.S.government.
• CollectionAgencyScams• Resentingafakecollectionagency,scammersmakecoldcallstovictimsandthreatenlawsuitsorembarrassingon-the-jobconfrontationsunlessthevictimsstartmakingpayments.
Copyright 2017 - Lynn Fountain - No duplication 86
2017 Top Scams• House/Vacantpropertyrentals
• Scammersadvertisepropertiestheydon'townonclassifiedadswebsites,suchasCraigslist.
• Paymentsarerequestedvianon-returnablemethodslikeMoneygram,WesternUnion,Vanillaandwiretransfer.
• PaydayLoanScams• Relyheavilyonlegitimateleadsgatheredbypaydayloanaffiliatewebsitecompaniesoradvertisingagencies.
• Oncetheinformationisgathered,theysellittoothercompaniesandre-sellitoverandoveruntilascammingcompanyposingasalegitimatecompanygainsaccesstoit.
Copyright 2017 - Lynn Fountain - No duplication 87
2017 Top Scams• TimeshareResaleScams
• Tellvictimstheyhavebuyersorrenters,readytotaketimeshare.• Requireanupfrontfeetomoveforwardwiththeprocess.• Scammersgivevictimsawiderangeofreasonsforthefee,includingappraisal,marketinganalysisandfees
• Datingandrelationshipscams• Workfromhomeinspectingandshippingmerchandise
• Scammerssetupprofessional-lookingwebsitesandclaimthatthesitesareownedbyshippingandlogisticsintermediaries.
• Oncevirtualworkersarehired,scammersusestolencreditcardstopurchasemerchandiseandshipittotheirnewwork-at-home"employees"withinstructionsonhowtoopenthepackages,inspectthemerchandiseandshipitelsewhere.
Copyright 2017 - Lynn Fountain - No duplication 88
TYPES OF DIGITAL FRAUDS
89
Digital Scams • Phishing
• GainPI,(usernames,passwords,SSnumbers,creditcardnumbers)forpurposesofidentitytheft.
• Accomplishedbyusingfraudulente-mailmessagesthatappeartocomefromlegitimatebusinesses.
• Whaling• Phishingafterverylargescores.• Donewhenhighnetworthindividualsaretargetedorwhencorporationsaretargetedinordertogetcreditcardinformationfromalargenumberofcustomersatonetime.
Copyright 2017 - Lynn Fountain - No duplication 90
Digital Scams• Vishing
• ObtainingPIoverthephone.Callinformingindividualstheyhavewonaprizebuttheyneedtopaytaxesorshippingfees.
• Fakeacallfromalocalbusinesswhereanindividualshopstoverifycreditcardinformationonatransaction.
• Pharming• Avirusormalicioussoftwaresecretlyloadedontothevictim’scomputerandhijacksthewebbrowser.
• Whenthevictimtypesintheaddressofalegitimatewebsite,theyarereroutedtoafictitiouscopyofthesitewithoutrealizingit.
Copyright 2017 - Lynn Fountain - No duplication 91
Digital Scams• SocialMedia
• Usessocialmediawebsitestogatherinformationonvictims.• Friendsandrelativesinadvertentlypostthevictim’sPIontheirsocialmediasites.
• Hacking• StealPIfromgovernmentandbusinesscomputers.• EmployeescopythePIcontainedontheiremployer’scomputersandselltheinformation.
• FraudulentRecruiterScam• Retrievethevictims’contactinformationfromtheironlineresumesandsendtheme-mailsposingasrecruiters.
Copyright 2017 - Lynn Fountain - No duplication 92
Digital Fraud• Pretexting
• PerpetratorposesaslegitimategovernmentofficialormemberoflegitimatebusinessandcallsvictimsaskingforPI.
• Convincevictiminformationisneededtocompleteatransactionandthatsomeoneistryingtoaccesstheiraccount.EncouragevictimtoverifyPI.
• Spoofing• Fraudulente-mailactivitywheresender’saddressorotherpartsofthee-mailheaderarealteredtoappearthee-mailoriginatedfromadifferentsource.
Copyright 2017 - Lynn Fountain - No duplication 93
Digital Frauds• Skimming
• Attachesadevicetoamachinethatrecordstheinformationonthecard’smagneticstrip.
• Informationcanbeimprintedonothercards.• MiniaturecamerasusedtocapturethePINsenteredbythevictims.
• FreePublicWi-Fi• SetupfreepublicWi-Finetworksinairports,nearhotels,andinotherpublicplaces.
• Informationonvictim’scomputersandotherelectronicdevicesishacked.
• Cangaincontrolofe-mailaccounts,bankaccounts,socialmediaaccounts,andsoon.
Copyright 2017 - Lynn Fountain - No duplication 94
Digital Fraud• Malware
• Placedoncomputersorcellphonestohijackthecomputers,stealdata,orencryptthedataforransom.
• DataBreeches• Stealingdatafromcomputersystemsbelongingtocompanies,governmentalunits,andevennot-for-profitorganizations.
• Largeamountsofinformationarestoleninashortamountoftime.
Copyright 2017 - Lynn Fountain - No duplication 95
RAISE THE RED FLAGChapter Outline
96
Raise The Red Flag - Outline• Chapter1:TheIPPFFrameworkandtheAuditorsresponsibility
• FraudandtheIPPF.• Valueaddedrolesinfraudpreventionfortheinternalauditor.• CommunicatingonIAsdutyrelatedtofraudprocesses.• Right-sizingIA’sresponsibilityforfrauddetection.• MonitoringforfraudandunderstandingtheextentoftheIAauditrole.
• Chapter2:FraudandconnectiontotheCEandCOSO2013.• TheimpactoffraudontheControlEnvironmentandcorporateculture.• Determiningimpactoffraudissuesontheidentificationofdeficiencystatus.
• Chapter3:TheIA’sdilemmawheninvestigatinginternalfraud.• Managingtherequestprocessforinternalinvestigation.• DeterminingwhetherIAshouldbeinvolvedintheinvestigation.• Methodstoemployforinternalinvestigations.
Copyright 2017 - Lynn Fountain - No duplication 97
Raise The Red Flag - Outline• Chapter4:ConductingaFraudRiskAssessmentfortheCompany.
• Evaluatingthecorporateculturetoprepareforafraudriskassessment.• IA’sroleinfacilitatingaproperfraudriskassessment.• Stepsinidentifyingpotentialfraudscenariosandtheirimpact/likelihood
• Chapter5:Includingfraudanalysisandevaluationwithineachaudit.• Techniquesforconductingafraudriskassessmentforindividualaudits.• Determiningrelativesignificanceandimpactofidentifiedinappropriatebehavior.
• Chapter6:Evaluationvs.investigation• Understandingwhenanissuemovesfromevaluationtoinvestigation.• DeterminingIA’songoingrolewhenissueanalysisturnstoinvestigation.• Methodsforcommunicationissuestomanagementandtheboard.
Copyright 2017 - Lynn Fountain - No duplication 98
Raise The Red Flag - Outline• Chapter7:Isdataanalysissufficient?
• Theroleofdataanalysisinongoingmonitoringforfraud.• Determininghow,what,whereandwhentoenhancemonitoring.• Supportingmanagement’smonitoringprocess.• HowtoanalyzetheeffectivenessofFraudPreventionprograms.
• Chapter8:COSO2013– Thecriticalcomponentofmonitoringactivities• Managingtheexpectationof“waittilltheauditorscomein”.• Whattodowhenmanagementfailstoreportinappropriateactivity.• Ensuringoperationalmonitoringiseffectivelyexecuted.
• Chapter9:Reportingproceduresforaneffectivefraudprogram• Howmuchreliancetoplaceonthewhistleblowerhotline.• Internalreportingandlegalprivilege.• Reportingissuestotheboardandauditcommittee.
Copyright 2017 - Lynn Fountain - No duplication 99