The Role of Internal Auditing in Proactively Managing Fraud Risks
The Role of Internal Auditing in Proactively Managing Fraud Risks Oklahoma City, OK Chapter of The IIA September 10, 2009
Congratulations on 60 Year...
The Role of Internal Auditing in Proactively Managing Fraud Risks Oklahoma City, OK Chapter of The IIA September 10, 2009
Congratulations on 60 Years
Discussion Topics
Highlights of surveys and articles How we performed our Fraud Risk Assessment How we keep the topic of fraud and ethics in front of our associates and suppliers How we use continuous monitoring tools
Recent Frauds in the News
FEI Study shows 60% of senior executives “lack confidence” in their risk management practices Alleged CEO insider trading nets $140 million in illegal profits Major U.S. corporation pays $50 million to settle accounting fraud A third of company directors do not understand the major risks
The IIA Standards (1210.A2) Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
Performance of a Fraud Risk Assessment
Evaluated the adequacy of controls to mitigate fraud risks Identified potential gaps in the control design Reviewed the monitoring and oversight processes to prevent and detect fraudulent activity Identified additional anti-fraud control enhancements
Fraud Risk Assessment Approach
Used a cross functional team Conducted brainstorming sessions Used a scheme and scenario based approach Mapped controls to each fraud scenario
Fraud Risk Assessment Template Business Process Owner Real Estate
Fraud Schemes/Scenarios Bribes or kickbacks paid by a contractor to obtain business.
Controls Competitive bidding for all construction jobs. Change orders approved by Senior Levels of Management not interacting with contractors. Sealed bid process with all bids opened by a selection committee. Hotline information provided to all bidders on request to bid form. Statement of Business Ethics.
Monitoring The following areas monitor these activities: Real Estate Management Capital Appropriations Committee Procurement Internal Auditing
Preventive Fraud Controls
Statement of Business Ethics Communication to our Associates Communication to our Suppliers Associate Training Background Checks Exit Interviews Measuring Performance
Statement of Business Ethics
On-line statement includes policies and procedures and real life examples Required to sign the Certification of Compliance each year and make any disclosures Follow-up mechanisms in place Must report a violation
Communication to our Associates
Senior Management sets the “Tone at the Top” Penney Idea ~ Does it square with what is right and just? Strong ethical culture and setting the right tone at the top is essential to helping to prevent fraud
Communication to our Suppliers
Understand the importance our Company places on conducting all business transactions in an ethical manner Posted to our supplier website Host an annual Supplier Summit Focused supplier letters
Associate Training
Provide on-going Ethics and Legal Compliance training Some training provided:
Insider Trading Conflicts of Interest FCPA Investigations Disclosure of Company Information
Use of Criminal Background Checks
Performed on all new hires and rehires Performed on current associates who transfer into key positions Weed out problem applicants
Exit Interviews
HR conducts exit interviews Ask associates if they are aware of any fraud or ethical issues
Measuring our Performance
Complete an annual Winning Together associate survey Survey asks questions like:
Do you feel you can report violations of law, ethics or Company policy without fear of retaliation? Would the Company take appropriate action if you were to report a possible violation?
Provides us with valuable information Survey results are provided to both our Audit Committee and the Board of Directors
Investigative Protocol
Defines who is responsible for managing the investigation Ensures allegations are adequately researched to a conclusion Maintains consistency between investigations Defines documentation and communication standards
Fraud Detection
Use of Hotlines Internal Auditing’s Role in Detecting Fraud Use of Technology in Combating Fraud Ten Commandments of Detecting Fraud
Use of Hotlines
Robust on-line database Enhanced reporting capabilities 24/7 coverage with professional call takers Multilingual service Benchmarking and trend analysis Transparency of calls
Key Roles of the Internal Auditor in Fighting Fraud
Know the fraud risk schemes/scenarios Critically assess where are your major fraud risks Consider fraud on each audit Investigate fraud cases Support an effective hotline process Support education and training
What are we doing at JCPenney to Combat Fraud?
Perform a fraud risk assessment Educate the team on the red flags of fraud Develop a fraud red flags poster Issue a quarterly Fraud and Ethics Newsletter Stress professional skepticism
What are we doing at JCPenney to Combat Fraud? ~ con’t..
Imbed fraud audit steps into our audit programs Perform data mining Review the system of internal controls Conduct awareness and ethics presentations Require the business owners to present to the Audit Committee
Quarter Close Review Process
Test select transactions Review material reserves Query the general ledger Review revenue recognition processes Review account reconciliations Review the 10-K and 10-Q
Continuous Auditing
Match vendor and associate data Review for changes in supplier critical fields Review for duplicate payments to suppliers Review for Purchase Card expenses Review for duplicate travel expenses
On-going Monitoring of our 1,100 Stores
Short cash expense by store Bad debt expense by store Fixed funds
Ten Commandments of Detecting Fraud 1
1. 2.
3. 4.
5.
Assume anyone can and will commit fraud under the right circumstances Use your knowledge of internal controls to “think dirty” and then check out your suspicions Remember that good documentation does not mean something happened; only that someone said it happened Pay attention to documents themselves and the supporting paperwork, observing the consistency of numbers, dates, dollar amounts, tax and the general condition of the document Consider the reasonableness of account balances and accounting entries, especially adjustments
1 Audit Director Roundtable – Fraud Awareness Training 2009
Ten Commandments of Detecting Fraud ~ con’t.. 1
6.
Develop relationships and pay attention to hints or rumors of wrongdoing 7. Check out hunches; first impressions are often right. Have faith in yourself. Perception increases with experience 8. Be nosy; don’t easily accept explanations, especially if you don’t understand them 9. Use statistical sampling to force you to look at items you would not generally otherwise examine 10. Look for patterns of unusual transactions (If you’re surprised, it’s unusual!) 1 Audit Director Roundtable – Fraud Awareness Training 2009