Managing fraud risk : a practical guide for directors and managers

Content: Acknowledgements xv     Introduction 1     Making me an offer that I can't refuse 1     Opening remarks 2     About this book 3     1. Personal experiences 4     2. Courses, delegates and the Fraud Awareness Quiz 7     3. Interviews and interviewees 8     Concepts and focus 8     Fraud: the gorilla in the room? 9     1. The Bernie Madoff effect 10     2. Corporate fraud highlighted by the international media 11     3. General fraud highlighted by the national media in the UK 12     Closing remarks 14     1 Responsibility 17     What a mess - how could all this have been allowed to happen? 17     Introduction 19     Answers to the Quiz 20     Responsibility Framework 22     Introduction 22     International best practice 23     Practical application 24     The linkage between risk management and internal controls 25     Overview 25     Control design linked to risk 26     The importance of evidence 26     Introduction 26     Examples 27     Evidence of management of fraud risks 28     The role of audit in fraud prevention and detection 29     Overview 29     Little training for auditors on fraud awareness 29     Problems and remedies 30     The strategic approach to managing fraud risk 30     Best practice guidance 30     The Fraud Risk Management Framework 31     Introduction 31     Summary - Five Key Learning Points for Directors and Managers 33     2 Meaning 35     The hairs on the back of my neck 35     Introduction 36     Answers to the Quiz 36     Fraud definitions 38     Key word - deception 39     Key word - intentional 40     ACFE occupational fraud typology 41     1. Fraudulent financial statements schemes 42     2. Asset misappropriation 44     3. Corruption 47     The ACFE's "Report to the Nation" 49     Fraud and the law 50     Introduction 50     The Fraud Act 2006 50     Commentary 51     Some examples of what the term "fraud" actually includes 51     1. Fraud as abuse of systems and control procedures 51     2. Fraud as abuse of working practices 51     3. Fraud as financial engineering 53  4. Fraud as corruption 55     5. Fraud as collusion 55     Fraud costs - scale and direction of travel 56     1. Costs of fraud 56     2. Direction of travel 59     Answers to the Quiz 62     Summary - Five Key Learning Points for Directors and Managers 63     3 People 65     Appearances can be deceptive 65     Introduction 66     Answers to the Quiz 66     Answers with very low percentage scores for total honesty 67     Answers with very high percentage scores for total honesty 69     The results of the research into honesty 70     The Fraud Triangle - the key behaviourial model 71     Motivation 72     Opportunity 72     Rationalisation 73     Motives of fraudsters - bringing the Fraud Triangle up to date 74     Albrecht, Howe and Romney 74     Hollinger and Clark 75     Ditton and others 76     Wolfe and Hermanson 77     Classification of fraudsters 78     First-time offenders 78     Recidivists 79     Those who commit fraud to benefit the organisation 79     Outsiders 79     Profile of a fraudster 80     Introduction 80     The greatest risk lies at the top 80     Tenure 80     The squeezed middle 81     The fraudster's department 82     Motives of fraudsters - the business perspective 82     Summary - Five Key Learning Points for Directors and Managers 85     4 Risk 87     We are all risk managers now 87     Introduction 88     Answers to the Quiz 89     Risk management primer 92     Introduction 92     Culture 92     Risk soundings exercise 93     Avoid the tick-box attitude 99     Strategic risk management and the "4Ts" approach 100     Risk management cycle 100     The "4Ts" approach 100     The "4Ts" approach - exercise 101     The use of insurance 101     The key risk - reputation 102     Reputation risk - the Arthur Andersen/Enron case 104     Verdict overturned 105     Reputation and ethics 105     Taking a risk-based approach to financial crime 105     Introduction 105     Approach to bribery and corruption 106     Approach to money laundering and terrorist financing 106     Taking a holistic approach to financial crime 107     Taking a risk-based approach to fraud 108     Overview 108     1. Fraud risk profile 109     2. Strategic approach to fraud risk 110     Summary - Five Key Learning Points for Directors and Managers 112     The "4Ts" approach - answer to the exercise 113     (a) Bottom left-hand quadrant   TOLERATE 113     (b) Top right-hand quadrant   TERMINATE 114     (c) Bottom right-hand quadrant   TREAT 114     (d) Top left-hand quadrant   TRANSFER 114     5 Governance 117     People disappear in Texas 117     Introduction 118     Answers to the Quiz 119     Background 119     Governance as compliance 120     The performance element 120     Board conformance and board performance 121     Enron - a failure of corporate governance 122     Introduction 122     Company history 122     Consequences of scandal 123     Governance failure 123     Enron by the numbers - part 1 124     Governance overview - relationships and agency risk 126     Background 126     The key governance players 127     Agency risk and the role of independent non-executive directors 127     The development of corporate governance codes and legislation 128     Rules-based and principles-based governance regimes 128     The US and the UK governance regimes 129     1. The Sarbanes-Oxley Act 2002 130     2. The UK Corporate Governance Code 135     Competency and behaviour - the key drivers of board performance 138     1. The competency of directors 138     2. The behaviour of directors 141     The corruption component of fraud 144     Introduction 144     Corrupt business practices 145     The US position - the Foreign Corrupt Practices Act 146     The United Nations position - the UN Convention against Corruption Act 2005 146     The UK position - the Bribery Act 2010 147     The Satyam fraud 149     Introduction 149     Background 150     Satyam's accounting fraud 150     Consequences and commentary 151     Summary - Five Key Learning Points for Directors and Managers 152     6 Controls 155     Getting run over by a bus 155     Introduction 156     Answers to the Quiz 157     Internal controls overview 160     Background 160     Control characteristics 161     Preventative and detective controls 161     Manual and automated controls 161     Hard controls and soft controls 162     Internal control structure 162     Overview 162     Broad perspective 163     Avoid negative attitudes 163     Making the commitment 164     Custom and practice 165     Modern internal controls frameworks 167     Overview 167     1. The COSO Framework - 1992 168     2. The COCO Framework - 1995 171     3. The Turnbull Guidance - 1999 172     4. The SOX - 2002 174     5. ERM Framework - 2004 175     The role of audit in fraud prevention and detection 175     Introduction 175     Perception and realities 176     The external audit 176     Introduction 176     Definitions 177     External audit essentials 177     Should external auditors discover fraud? 178     Reasonable assurance 180     Internal auditing 180     Introduction 180     Definitions 180     Internal audit essentials 181     Should internal auditors discover fraud? 182     Limitations of traditional audit techniques 182     Poor understanding of fraud risk 183     Audit testing based on small sample sizes 183     SAS 99: Considerations of Fraud in a Financial Statement Audit 184     Introduction 184     What SAS 99 and ISA 240 say about fraud auditing 185     Commentary 185     The role of the audit committee 186     Introduction 186     Role of the audit committee in the fight against fraud 186     Examples of poor performance by audit committees 187     Example 2 - Enron 188     Summary - Five Key Learning Points for Directors and Managers 189     7 Prevention 191     A question of black or white 191     Introduction 192     Answers to the Quiz 193     Fraud prevention controls 195     Introduction 195     The concept of the control environment 196     Key aspects of prevention - generic controls 197     Overview 197     (a) Segregation of duties 197     (b) Delegations of authority and authorisation limits 199     (c) Physical and computer security over assets, records and information 200     Control inhibitors and concealment strategies 201  Introduction 201     Management override of controls 201     Collusion 202     Processing a transaction below the "control radar" 202     False documentation 203     Blocking the flow of information 203     Specific anti-fraud prevention controls 204     Introduction 204     The six key fraud prevention controls 205     Introduction 205     Fraud prevention - the three hard controls 205     Fraud prevention - the three soft controls 215     5-Point fraud prevention plan 220     Summary - Five Key Learning Points for Directors and Managers 221     8 Detection 223     "But he seemed like such a nice guy, he still lives with his mother" 223     Introduction 224     Answers to the Quiz 225     The deterrence factor 226     Overview - what is meant by deterrence 226     The perception of detection 226     Ways to increase the deterrence factor 228     Fraud detection 236     Introduction 236     The three key fraud detective measures 236     Summary - Five Key Learning Points for Directors and Managers 252     9 Investigation 255     Don't crash the car 255     Introduction 256     Answers to the Quiz 256     Fraud investigation case study 257     Fraud investigation - best practices 273     Introduction 273     Handling the initial allegations 274     Setting the overall objectives 275     Reporting lines and the investigation team 277     The use of covert techniques 279     Evidence 281     Guidelines for interviews 283     The litigation process and involving the police 286  Overview 286     Civil litigation 286     The police and criminal proceedings 287     Insurance - the quantum of loss statement and making claims 288     Communication issues 288     Introduction 288     Media contingency planning 289     Managing internal communications 289     Summary 290     Fraud investigations - practical examples 290     Summary - Five Key Learning Points for Directors and Managers 293     10 Ethics 295     The RICE model 295     Introduction 296     Answers to the Quiz 297     The business ethics framework 299     Introduction 299     The golden rule of reciprocity 300     The key concepts of integrity and trust 301     Business ethics and the law 302     The "3Rs" ethical roadmap 303     Individual responsibility 304     Corporate culture 305     Pressure, incentives and short-term targets 306     The business ethics toolbox 309     Introduction 309     Value statements 309     Codes of ethics and conduct 311     Confidential reporting lines 313     Ethical training and development programmes 313     Business ethics in action 315     Integrated approach 318     Summary - Five Key Learning Points for Directors and Managers 319     Epilogue 321     Distinguished merit 321     References 323     Index 329