- 1. The Certified Fraud Examiners Fraud Prevention Checkup - An
Introduction Toby J.F. Bishop CFE CPA FCA President & Chief
Executive Officer Association of Certified Fraud Examiners
2. Current Fraud Concerns
- Fraudulent financial reporting
- Legal risks for executives
- Financial losses for investors
- Reputation damage to companies/brands
3. An Appropriate Response
- Fraud prevention is 80% of the solution
- Objective evaluation of an entitys fraud prevention
processes
- Prompt action to fix gaps/breakdowns
- Ongoing fraud education and training
4. The Certified Fraud Examiners Fraud Prevention Checkup
- A high-level checkup of an entitys fraud prevention
processes
- Form available free atwww.CFEnet.com
- Provides an overall score
5. Benefits to Entities That Use This Tool
- It provides insights that senior management, the board of
directors and audit committee will value highly
- It could save the entity from catastrophic financial and
reputational losses
- It could help build confidence in the entity internally and by
the public
- Its simple and inexpensive
6. Benefits for CFEs Who Apply This Tool
- It provides insights that senior management, boards of
directors and audit committees will value highly
- It can be performed very inexpensively
- It can help you win new clients and deepen existing
relationships
- It is being promoted in the media by the ACFE
7. But CFEs Should Manage Their Liability Risks
- Risk of false perception of assurance
- Be careful not to guarantee no fraud
- Anti-fraud controls in existence vs. operating effectively
- Ongoing frauds may be uncovered
- Legal risks to entity evaluated if control gaps are identified
but not fixed
8. Who Should Perform the Checkup?
- Ideally a collaboration between a Certified Fraud Examiner and
knowledgeable people inside the entity (e.g., internal
auditors)
- Helpful to interview senior management
- But also talk to other levels of employees to get a reality
check
9. The Certified Fraud Examiners Fraud Prevention Checkup
-
- Fraud risk oversight (20 pts)
-
- Fraud risk ownership (10 pts)
-
- Fraud risk assessment (10 pts)
-
- Fraud risk tolerance and risk management policy (10 pts)
-
- Process level controls/anti-fraud re-engineering (10 pts)
-
- Environment level controls (30 pts)
-
- Proactive fraud detection (10 pts)
10. Fraud Risk Oversight
- To what extenthas the entity established aprocessfor oversight
of fraud risks by theboard of directors orothers charged with
governance (e.g., anaudit committee )?
11. Scoring Risk Oversight
- Score: Award from 0 (process not in place) to 20 points
(process fully implemented, tested within the past year and working
effectively).
- Note: For all questions, awardno more than half the available
pointsif the process has not been tested within the past year.
12. Fraud Risk Ownership
- To what extent has the entity created ownership of fraud
risks?
- Chief Executive currently owns the risk, but needs to make
others responsible too
- A member of senior management,and
- All business unit managers
13. Fraud Risk Assessment
- To what extent has the entity created anongoing processfor
identifying thesignificantfraud risks to whichthe entityis
exposed?
-
- Potentially catastrophic risks
-
- Tailored to the particular entity
-
- Can be part of enterprise risk management
14. Fraud Risk Tolerance and Risk Management Policy
- To what extent has the entity identified and had approved by
the board of directors:
-
- Itstolerancefor different types of fraud risks?
-
- Apolicyonhowit willmanageits fraud risks?
- Align risk toleranceof management with that of board of
directors & audit committee
- Business decisions to reduce fraud risks
15. Process Level Controls/ Anti-Fraud Re-engineering
- To what extent has the entity implemented measures to reduce
each of the significant fraud risks identified in its risk
assessment, through:
-
- Anti-fraud process re-engineering (removing the
opportunity)?
-
- Process level controls to prevent, deter and detect fraud
16. Environment LevelAnti-Fraud Controls
- To what extent has the entity implemented a process to promote
ethical decisions, deter wrongdoing and facilitate two-way
communication on difficult issues?
- Most difficult area to evaluate
- Difference between existence and operating effectiveness of
controls can be crucial
- Employee surveys are highly desirable
17. Key Elements of Environment Level Controls
- Senior member of management responsible
- Values-based code of conduct
- Regular training (including fraud)
- Advice and reporting systems
18. Key Elements of Environment Level Controls
- Regular measurement of achievement of ethics/compliance and
fraud prevention goals
-
- Employee attitude surveys, fraud measures
- Incorporate ethics/compliance and fraud prevention goals into
performance measures for evaluating/compensating employees
19. Proactive Fraud Detection
- To what extent has the entity established a process to detect,
investigate and resolve potentially significant fraud?
-
- Proactive fraud detection testing
-
- Targeted at significant fraud risks identified in the fraud
risk assessment
-
- Embedded fraud detection/audit hooks
-
- Automated e-mail monitoring (where legal)
20. Interpreting the Entitys Overall Score
- Desirable score is 100 points
- Most entities will fall short initially
- Not currently considered a material weakness in internal
controls that is a reportable condition
- But significant gaps should be closed promptly to avoid
disaster
21. Recommended Next Steps
- Study the ACFE Fraud Prevention Checkup
- Promote it to your current and target clients
- Perform checkups and identify major gaps in clients fraud
prevention processes
- Providing anti-fraud consulting services to help clients fix
those gaps
22. Thank You
- ACFE Fraud Prevention Checkup pdf file available
atwww.CFEnet.com .PowerPoint presentation available to members
shortly.