© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F. Bishop CFE CPA FCA President & Chief Executive Officer Association of Certified Fraud Examiners
© 2002 Association of Certified Fraud Examiners. All rights reserved. Current Fraud Concerns Fraudulent financial reporting Legal risks for executives –Civil liability –Criminal (jail time) Financial losses for investors Reputation damage to companies/brands Crisis of confidence
© 2002 Association of Certified Fraud Examiners. All rights reserved. An Appropriate Response Fraud prevention is 80% of the solution Objective evaluation of an entity’s fraud prevention processes Prompt action to fix gaps/breakdowns Annual testing Ongoing fraud education and training
© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup A high-level checkup of an entity’s fraud prevention processes Form available free at Identifies major gaps Provides an overall score
© 2002 Association of Certified Fraud Examiners. All rights reserved. Benefits to Entities That Use This Tool It provides insights that senior management, the board of directors and audit committee will value highly It could save the entity from catastrophic financial and reputational losses It could help build confidence in the entity internally and by the public It’s simple and inexpensive
© 2002 Association of Certified Fraud Examiners. All rights reserved. Benefits for CFEs Who Apply This Tool It provides insights that senior management, boards of directors and audit committees will value highly It can be performed very inexpensively It can help you win new clients and deepen existing relationships It is being promoted in the media by the ACFE
© 2002 Association of Certified Fraud Examiners. All rights reserved. But CFEs Should Manage Their Liability Risks Risk of false perception of assurance Be careful not to guarantee “no fraud” Anti-fraud controls in existence vs. operating effectively Ongoing frauds may be uncovered Legal risks to entity evaluated if control gaps are identified but not fixed
© 2002 Association of Certified Fraud Examiners. All rights reserved. Who Should Perform the Checkup? Ideally a collaboration between a Certified Fraud Examiner and knowledgeable people inside the entity (e.g., internal auditors) Helpful to interview senior management But also talk to other levels of employees to get a reality check
© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup The seven elements: –Fraud risk oversight (20 pts) –Fraud risk ownership (10 pts) –Fraud risk assessment (10 pts) –Fraud risk tolerance and risk management policy (10 pts) –Process level controls/anti-fraud re-engineering (10 pts) –Environment level controls (30 pts) –Proactive fraud detection (10 pts)
© 2002 Association of Certified Fraud Examiners. All rights reserved. Fraud Risk Oversight To what extent has the entity established a process for oversight of fraud risks by the board of directors or others charged with governance (e.g., an audit committee)?
© 2002 Association of Certified Fraud Examiners. All rights reserved. Scoring – Risk Oversight Score: Award from 0 (process not in place) to 20 points (process fully implemented, tested within the past year and working effectively). Note: For all questions, award no more than half the available points if the process has not been tested within the past year.
© 2002 Association of Certified Fraud Examiners. All rights reserved. Fraud Risk Ownership To what extent has the entity created “ownership” of fraud risks…? Chief Executive currently “owns” the risk, but needs to make others responsible too A member of senior management, and All business unit managers
© 2002 Association of Certified Fraud Examiners. All rights reserved. Fraud Risk Assessment To what extent has the entity created an ongoing process for identifying the significant fraud risks to which the entity is exposed? –Potentially catastrophic risks –Costly risks –Tailored to the particular entity –Can be part of enterprise risk management
© 2002 Association of Certified Fraud Examiners. All rights reserved. Fraud Risk Tolerance and Risk Management Policy To what extent has the entity identified and had approved by the board of directors: –Its tolerance for different types of fraud risks? –A policy on how it will manage its fraud risks? Align risk tolerance of management with that of board of directors & audit committee Business decisions to reduce fraud risks
© 2002 Association of Certified Fraud Examiners. All rights reserved. Process Level Controls/ Anti-Fraud Re-engineering To what extent has the entity implemented measures to reduce each of the significant fraud risks identified in its risk assessment, through: –Anti-fraud process re-engineering (removing the opportunity)? –Process level controls to prevent, deter and detect fraud
© 2002 Association of Certified Fraud Examiners. All rights reserved. Environment Level Anti-Fraud Controls To what extent has the entity implemented a process to promote ethical decisions, deter wrongdoing and facilitate two-way communication on difficult issues? Most difficult area to evaluate Difference between existence and operating effectiveness of controls can be crucial Employee surveys are highly desirable
© 2002 Association of Certified Fraud Examiners. All rights reserved. Key Elements of Environment Level Controls Senior member of management responsible Values-based code of conduct Regular training (including fraud) Advice and reporting systems Investigation plans Monitoring of compliance
© 2002 Association of Certified Fraud Examiners. All rights reserved. Key Elements of Environment Level Controls Regular measurement of achievement of ethics/compliance and fraud prevention goals –Employee attitude surveys, fraud measures Incorporate ethics/compliance and fraud prevention goals into performance measures for evaluating/compensating employees
© 2002 Association of Certified Fraud Examiners. All rights reserved. Proactive Fraud Detection To what extent has the entity established a process to detect, investigate and resolve potentially significant fraud? –Proactive fraud detection testing –Targeted at significant fraud risks identified in the fraud risk assessment –Embedded fraud detection/audit “hooks” –Automated monitoring (where legal)
© 2002 Association of Certified Fraud Examiners. All rights reserved. Interpreting the Entity’s Overall Score Desirable score is 100 points Most entities will fall short initially Not currently considered a “material weakness in internal controls” that is a reportable condition But significant gaps should be closed promptly to avoid disaster
© 2002 Association of Certified Fraud Examiners. All rights reserved. Recommended Next Steps Study the ACFE Fraud Prevention Checkup Promote it to your current and target clients Perform checkups and identify major gaps in clients’ fraud prevention processes Providing anti-fraud consulting services to help clients fix those gaps
© 2002 Association of Certified Fraud Examiners. All rights reserved. Thank You Any questions? ACFE Fraud Prevention Checkup pdf file available at PowerPoint presentation available to members shortly. +1 (512)