BFIA March2023

Institute of Internal Auditors Philippines
Centre for Professional Development Basics of Fraud for Internal Auditors
The image part with relationship ID rId2 was not found in the file.
Unauthorized reproduction and/or use of IIAP virtual seminar videos and materials is against copyright, intellectual property and data privacy
laws. Any violation will lead to civil or penal action.
Participant’s Introduction
Your name
Your Company and Designation

Your personal learning objective(s)
Unauthorized reproduction and/or use of IIAP virtual seminar videos and materials is against copyright, intellectual property and data privacy 2
2
All rights reserved. Institute of Internal Auditors Philippines, Inc.
OUTLINE
I. Fraud and Fraud Risk
II. Fraud Awareness
III. Fraud Prevention and Detection
IV. Fraud Risk Assessment
V. Fraud Investigation
VI. Wrap-Up
PROCESS: Working Agreement

P = Participation
R = Respect
O = Openness
C = Confidentiality
E = Enthusiasm
S = Sensitivity
S = Sense of fun 4
4
1
FRAUD AND
FRAUD RISK
OBJECTIVES
1. To define fraud and fraud risk
2. To describe the different
myths relating to fraud
3. To identify the applicable IIA
standards in relation to fraud
and fraud risk
6
2008 2005
2002 2003
1998 2002
2001 2003
2008
2009
2017 2018
2019
2019
R&L Investments
8
What is Fraud?
“Any illegal act characterized by deceit,
concealment, or violation of trust. These
acts are not dependent upon the threat of
violence or physical force. Frauds are
perpetrated by parties and organizations
to obtain money, property, or services; to
avoid payment or loss of services; or to
secure personal or business advantage”
Institute of Internal Auditors’ International Professional Practices Framework
(IIA – IPPF)
What is Fraud?
“
Fraud is any intentional act or
omission designed to deceive
others, resulting in the victim
suffering a loss and/or the
perpetrator achieving a gain.”
- Managing the Business Risk of
Fraud: A Practical Guide
10
Fraud Risk
• The vulnerability that an organization faces
from individuals capable of combining all
three elements of the fraud triangle is fraud
risk.
• Fraud risk can come from sources both
internal and external to the organization.
• Risks that are present before management
action are described as inherent risks.
• The risks that remain after management
action are described as residual risks.
• Objective: make residual risks significantly
smaller than inherent risks.
11
Fraud Risk
Factors influencing an organization’s
risk:
• Nature of the business it is in
• The environment in which it operates
• The effectiveness of its internal
controls
• The ethics and values of the company
and its employees
12
Myths and Realities

Myth No. 1
Ethics and compliance training “has us
covered”
13
Myths and Realities

Myth No. 2
Our Finance staff are qualified to protect
us against fraud
14
Myths and Realities

Myth No. 3
We have very little fraud here.
15
Myths and Realities

Myth No. 4
Fraud is a necessary cost of doing
business.
16
Myths and Realities

Myth No. 5
Implementing controls and training is
costly
17
International Standards for the
• 1200: Proficiency and Due

Professional Practice of
Attribute Diligence
Standards • 1220: Due Professional Care
Internal Auditing
• 2060: Reporting to Senior

Management and the Board
Performance • 2120: Risk Management
Standards • 2210: Engagement
Objectives
18
IIA Standard 1200: Proficiency

and Due Diligence
1210.A2 – Internal auditors must have
sufficient knowledge to evaluate the risk of
fraud and the manner in which it is
managed by the organization, but are not
expected to have the expertise of a person
whose primary responsibility is detecting
and investigating fraud.
19
IIA Standard 1220: Due

Professional Care
1220.A1 – Internal auditors must exercise
due professional care by considering the:
• Extent of work needed to achieve the
engagement’s objectives.
• Related complexity, materiality, or
significance of matters to which
assurance procedures are applied.
20
IIA Standard 1220: Due

Professional Care
• Adequacy and effectiveness of
governance, risk management, and
control processes.
• Probability of significant errors, fraud,
or noncompliance.
• Cost of assurance in relation to potential
benefits.
21
IIA Standard 2060: Reporting

to Senior Management and
the Board
The chief audit executive (CAE) must report
periodically to senior management and the board on
the internal audit activity’s purpose, authority,
responsibility, and performance relative to its plan.
Reporting must also include significant risk
exposures and control issues, including fraud risks,
governance issues, and other matters needed or
requested by senior management and the board.
22
IIA Standard 2120: Risk

Management
2120.A2 – The internal audit activity
must evaluate the potential for the
occurrence of fraud and how the
organization manages fraud risk.
23
IIA Standard 2210: Engagement

Objectives
2210.A2 – Internal auditors must
consider the probability of significant
errors, fraud, noncompliance, and other
exposures when developing the
engagement objectives.
24
2
FRAUD AWARENESS
25
OBJECTIVES
1. To identify different categories, classifications,
and examples of fraud schemes
2. To identify different warning signs of fraud
3. To understand the motivation of committing of
fraud
26
Types of Fraud
• Internal fraud or occupational fraud
• External fraud
• Fraud against individuals
27
Types of Fraud
The use of one’s occupation for personal
enrichment through the deliberate misuse
or misapplication of the organization’s
resources or assets
• External fraud
28
Types of Fraud
• External fraud
External fraud against a company covers a
broad range of schemes. This type of fraud
is perpetrated by anyone outside the
organization like customers or vendors.

29
Types of Fraud
• External fraud
Numerous fraudsters have also devised
schemes to defraud individuals (e.g.
identity theft, Ponzi schemes, phishing
schemes)
30
Categories of
Occupational Fraud
Fraudulent financial
statements
Corruption
Asset misappropriation
31
Fraudulent Financial Statements

Net worth / Net income Net worth / Net income
overstatement understatement
1 Timing difference 1 Timing difference

2 Fictitious revenue 2 Understated revenue
3 Concealed liabilities 3 Understated liabilities
and expenses and expenses
4 Improper asset 4 Improper asset
valuation valuation
5 Improper disclosures 5 Improper disclosures
32
Corruption
Conflict of
Bribery interest
Invoice Sales Economic Illegal

Kickbacks Schemes extortion gratuities
Bid Rigging Purchasing

Schemes
33
Asset Misappropriation
Fraudulent disbursements
Theft and misuse
Skimming
Payroll fraud
Expense reimbursement fraud
34
Other Examples of Fraud

Information misrepresentation
Diversion
Unauthorized or illegal use or theft of

confidential or proprietary information
Related party activity
Tax evasion
35
Theft and Misuse
Theft of cash on hand
Skimming
Larceny
36
Fraudulent Disbursements
Check and
Register
Billing schemes payment
disbursements
tampering
• Shell company • Forged maker • False voids
• Non-accomplice • Forged • False refunds
vendor endorsement
• Personal • Altered payee
purchases • Authorized
maker
37
Fraudulent Disbursements
Expense reimbursement
Payroll schemes
schemes
• Ghost employee • Mischaracterized

• Falsified wages expenses
• Commission schemes • Overstated expenses
• Fictitious expenses
• Multiple reimbursements
38
Who are the

perpetrators of
FRAUD?
39
What does a typical fraudster

look like?
40
What does a typical

fraudster look like?
A fraudster can be ANYONE in the
organization. It does not discriminate
gender, position, tenure or department
where the employee belongs.
41
Why does one

commit
FRAUD?
42
OPPORTUNITY
FRAUD
TRIANGLE
43
Fraud Triangle
The best and most widely accepted
model for explaining why people commit
fraud
Developed by Dr. Donald Cressey, a

criminologist, whose research focused
on embezzlers – people he called “trust
violators” (1953)
44
Pressure
“Source of heat for the fire” (Lister,
2007)
Often involves non-sharable financial

need
Motivation to commit fraudulent act

(Wilson, 2004)
45
Opportunity
Created by ineffective control or
governance system (internal control
weaknesses)
Ability to override fraud controls

(Wilson, 2004)
46
Rationalization
Justification that the unethical behavior
is something other than a criminal
activity
Moral and ethical argument used to

justify the act (Wilson, 2004)
47
Fraud Diamond
First presented by David T. Wolfe and
Dana R. Hermanson in the CPA Journal
(2004)
Generally viewed as the expanded

version of the Fraud Triangle
48
FRAUD
DIAMOND
49
Capability
Having the necessary traits or skills and
abilities for the person to commit fraud
Supporting elements include position,

intelligence, ego, coercion, deceit and
stress
50
Behavioral Red Flags
51
52
53
54
HR-Related Red Flags

Poor performance evaluations
Fear of or actual job loss
Cut in pay or benefits
Demotion
Involuntary cut in hours
55
Warning Signs of Fraud

Missing or altered documents
Inventory shrinkage
Spikes in invoice volume
Frequent complaints
Multiple payments
Frequent adjusting entries
56
Concealing Fraud
Other than committing the fraud per se,
fraudsters exert effort in concealing or covering
up the fraudulent act.
To better help organizations in preventing

and/or detecting these misdeeds, it is imperative
to have an understanding of the methods used by
the fraudster to conceal their crimes.
57
Concealing Fraud
Physical documents
Electronic documents
or files
Through the accounting

system
58
3
FRAUD PREVENTION
AND DETECTION
59
OBJECTIVES
1. To describe the three lines of defense
2. To describe the typical roles and
responsibilities for fraud prevention
and detection
3. To understand the different fraud
preventive and detective controls
60
Three Lines of Defense
61
Typical Roles and Responsibilities for

Fraud Prevention and Detection
• Responsible for effective and responsible corporate fraud
governance.
Board of • Oversees and monitors management’s actions to manage
Directors fraud risks
• Evaluates management’s identification of fraud risks and

the implementation of anti-fraud measures, and to provide
Audit the tone at the top that fraud will not be accepted in any
Committee form
• Oversees the activities of employees and typically does so

by implementing and monitoring processes and internal
Management controls
62

•Often be governed by the laws of each jurisdiction
•Generally acts in the best interest of the organization and also is
Legal required to preserve client confidences
Counsel
•Evaluate risks faced by their organizations based on audit plans with

appropriate testing. Internal auditors need to be alert to the signs and
Internal possibilities of fraud within an organization
Auditors
•To comply with professional standards and to plan and perform the
audit of the organization’s financial statements to obtain reasonable
assurance about whether the financial statements are free of material
External misstatement and whether the misstatements were caused by error or
Auditors fraud
63

• Deals with areas of business risk such as
crimes, disasters, accidents, and waste, which
Loss Prevention
Manager have the capabilities to cause business failure
• Responsible for the detection and investigation

Fraud of fraud, and the recovery of assets
Investigators
• Can report suspicions of fraud to an employee

hotline, the internal audit department, or a
Other
Employees member of management
64
Sample Fraud Policy Decision Matrix
65
Sample Fraud Policy Decision Matrix
66
No organization is immune to fraud.

Fraud is a crime waiting to happen.
It does not occur by itself.
IT IS A HUMAN
INTERVENTION
67
Fraud Prevention
TRUST IS NOT
ENOUGH!!!
68
Fraud Prevention
69
Fraud Preventive Controls

• Human resources procedures
• Authority limits
• Transaction-level procedures
70
Fraud Preventive Controls
71
Group Work
CASE STUDY: Healthcare Fraud
How could this fraud have been

prevented? List as many controls as you
can.
72
Group Work
Suggested answer
73
Group Work
Suggested answer
74
Anti-Fraud Policy
It is a critical tool in
communicating the organization’s
stance and processes in respect to
fraud and how it will be dealt with.
75
Anti-Fraud Policy
1. Express definition of what constitutes
a fraudulent action
2. Delegation of responsibilities for the
overall management of fraud
3. A statement that all appropriate
measures to prevent fraud shall be
taken
4. Formal procedures which employees
should follow in case a suspected
fraud occur
76
Anti-Fraud Policy
5. Notification that all instances of
suspected fraud will be investigated and
reported to the appropriate authorities
6. An unequivocal statement that all fraud
offenders will be prosecuted and that the
police will be assisted in any
investigation that is required
7. A statement that all efforts will be made
to recover wrongfully obtained assets
from fraudsters
77
Anti-Fraud Policy
8. Encouragement to employees to report
any suspicion of fraud
9. The steps to be taken in the event a fraud
is discovered and who is responsible for
taking action including:
• procedures staff should follow
• assigning responsibility for an instant
response to the occurrence
recovering funds
• dealing with the media
• preserving evidence and reporting to the
police
78
Sample Fraud Policy
79
Sample Fraud Policy
80
Sample Fraud Policy
81
Sample Fraud Policy
82
Sample Fraud Policy
83
Sample Fraud Policy
84
How is fraud detected?

Tips
Internal audit
Management review
External audit
Admission or confession
85
Fraud Detection
86
Fraud Detective Controls

• Whistleblower hotlines
• Process controls
• Proactive fraud detection procedures
87
Whistleblowing Policy
88
The policy is designed to ensure that one
can raise concerns about wrongdoing or
malpractice within the company without
fear of victimization, subsequent
discrimination, disadvantage or
dismissal.
89
1. Demonstrate trustworthiness
2. Give options for coming forward
90
ANONYMITY
VS
CONFIDENTIALITY
91
1. Demonstrate trustworthiness
2. Give options for coming forward
3. Maintain clear escalation and
dissemination plan
4. Single-hotline and third-party
hotline considerations
92
How can IA detect fraud?

• Lifestyle check
• Surprise audit
• Data analytics
93
4
FRAUD RISK
ASSESSMENT
94
OBJECTIVES
1. To discuss the importance of fraud risk
assessment
2. To determine the key elements of fraud
risk assessment
3. To understand the fraud risk
assessment process
4. To perform fraud risk assessment
95
Fraud risk exposure should be

assessed periodically by the
organization to identify specific
potential schemes and events that the
organization needs to mitigate.
96
Risk Assessment Team

Accounting/Finance
Non-financial business unit and
operations
Risk management
Legal and Compliance
Internal audit
External consultants (if needed)
97
Reasons for Conducting FRA

• Improve communication and awareness about
fraud.
• Identify what activities are the most
vulnerable to fraud.
• Know who puts the organization at the
greatest risk.
• Develop plans to mitigate fraud risk.
• Develop techniques to determine if fraud has
occurred in high-risk areas.
• Assess internal controls.
• Comply with regulations and professional
standards.
98
Elements of a Good FRA

• Collaborative Effort – share ownership
• The Right Sponsor
- Senior in organization; ideally, an independent board or
audit committee member
• Independence/Objectivity
- Whether conducted by internal or external resources
- Be mindful of personal biases
• Access to People at All Levels
• The Ability to Think the Unthinkable
- Think like a fraudster
99
Fraud Risk Management

Framework
• Identify inherent fraud risk
• Assess likelihood and significant of inherent
fraud risk
• Respond to reasonably likely and significant
inherent and residual fraud risks
100
Fraud Risk Management Framework
101

Identified Fraud Risks and Schemes:
This column should include a full list of
the potential fraud risks and schemes that
may face the organization. This list will be
different for different organizations and
should be informed by (a) industry
research, (b) interviews of employees and
other stakeholders, (c) brainstorming
sessions, and (d) activity on the
whistleblower hotline
102

Likelihood of Occurrence:
To design an efficient fraud risk
management program, it is important to
assess the likelihood of the identified
fraud risks so that the organization
establishes proper anti-fraud controls for
the risks that are deemed most likely. For
purposes of the assessment, it should be
adequate to evaluate the likelihood of
risks as remote, reasonably possible, and
probable.
103

Significance to the Organization:
Quantitative and qualitative factors should be
considered when assessing the significance of
fraud risks to an organization. For example,
certain fraud risks may only pose an immaterial
direct financial risk to the organization, but
could greatly impact its reputation, and
therefore, would be deemed to be a more
significant risk to the organization. For purposes
of the assessment, it should be adequate to
evaluate the significance of risks as immaterial,
significant, and material.
104

Framework
People and/or Department Subject to the
Risk:
As fraud risks are identified and assessed, it is
important to evaluate which people inside and
outside the organization are subject to the risk.
This knowledge will assist the organization in
tailoring its fraud risk response, including
establishing appropriate segregation of duties,
proper review and approval chains of authority,
and proactive fraud auditing procedures.
105

Framework
Existing Anti-fraud Internal Controls:
Map pre-existing controls to the relevant
fraud risks identified. Note that this occurs
after fraud risks are identified and assessed
for likelihood and significance. By
progressing in this order, this framework
intends for the organization to assess
identified fraud risks on an inherent basis,
without consideration of internal controls.
106

Framework
Assessment of Internal Controls Effectiveness:
The organization should have a process in place to
evaluate whether the identified controls are
operating effectively and mitigating fraud risks as
intended. Companies subject to the provisions of
The U.S. Sarbanes-Oxley Act of 2002 Section 404
will have a process such as this in place.
Organizations not subject to Sarbanes-Oxley
should consider what review and monitoring
procedures would be appropriate to implement to
gain assurance that their internal control structure
is operating as intended.
107

Residual Risks:
After consideration of the internal control
structure, it may be determined that
certain fraud risks may not be mitigated
adequately due to several factors, including
(a) properly designed controls are not in
place to address certain fraud risks or (b)
controls identified are not operating
effectively. These residual risks should be
evaluated by the organization in the
development of the fraud risk response.
108

Fraud Risk Response:
Residual risks should be evaluated by the
organization and fraud risk responses
should be designed to address such
remaining risk. The fraud risk response
could be one or a combination of the
following: (a) implementing additional
controls, (b) designing proactive fraud
auditing techniques, and/or (c) reducing
the risk by exiting the activity.
109
110
Group Work
• Identify three (3) fraud risks in your
assigned business process
• Prepare a fraud risk assessment
• Be ready to share your group’s output
111
5
FRAUD
INVESTIGATION
112
OBJECTIVES
1. To differentiate audit and fraud
investigation
2. To know how to conduct fraud
investigation
3. To determine the elements of a
fraud investigation report
113
Fraud examination and investigation

provide the essentials for resolving fraud
allegations from inception to deposition.
The proper procedures, techniques and
skills must be used to conduct an
effective fraud examination or
investigation.
114
Audit vs Fraud Investigation

Predication
Fraud Investigation: Should begin only when
there are circumstances that suggest a fraud has
occurred, is occurring, or will occur, and they
should not investigate beyond the available
predication.
Audit: Suspicion of fraud is not necessary
115

Objective
Fraud Investigation: To determine whether fraud
occurred, and if so, who perpetrated it
Audit: Engagement objectives must reflect the

results of preliminary assessment of the risks
relevant to the activity under review
116

Scope
Fraud Investigation: Established by the specific
allegations of fraud, targeted to specific accounts
implicated by the predication, and has the
objective of resolving the allegations by obtaining
evidence that proves or disproves fraudulent
activity
Audit: Established by the specific area being

audited based on the identified risks
117

Methodology and Applicable Professional
Standards
Fraud Investigation: Code of Professional Ethics
and Code of Professional Standards
Audit: International Professional Practices

Framework
118
Special Investigation Unit

The Special Investigation Unit is tasked to
detect, deter, and defeat insurance fraud.
SIUs exist as a subset of insurance

companies.
Insurance companies hire individuals who

have knowledge in insurance and law
enforcement.
119
Common Functions of the

Special Investigation Unit
a. Investigating potential fraudulent activity
b. Cooperating with law enforcement and

regulatory agency to pursue perpetrators
of insurance fraud
c. Training claims associates to identify

fraud
120
Fraud Investigation and

Response Protocols
A reporting process should be in place
to solicit input on potential fraud, and
a coordinated approach to
investigation and corrective action
should be used to help ensure
potential fraud is addressed
appropriately and timely.
121

Response Protocols
Investigation
protocols
Evaluating an
allegation
Receiving an
allegation
122

Response Protocols
The investigation and response system should
include a process for:
Escalating the issue
Categorizing Resolving or closing an
or investigation when
issues investigation
appropriate
Confirming the Referring issues Listing types of

validity of outside the scope of information that should
allegations the program be kept confidential
Defining Conducting the Defining how the

severity of the investigation and investigation will be
allegation fact-finding documented
123
Conducting an Investigation
The investigation team may need to include
members of different departments or
disciplines to provide the knowledge and skill
sets required
Security or Loss
Legal Counsel External Auditors
Prevention Personnel
IT Personnel /
Fraud Accountants or
Computer Forensic
Investigators Forensic Accountants
Specialists
Internal Management
HR Personnel
Auditors Representative
124
• Investigations may need to be conducted
timely due to legal requirements, to
Time sensitivity mitigate losses or potential harm, or to
institute an insurance claim
• Certain allegations may require

notification to regulators, law
Notification enforcement, insurers, or external auditors
• Information gathered needs to be kept

confidential and distribution limited to
Confidentiality those with an established need
125
Legal • Involving legal counsel early in the process
or, in some cases, in leading the
Privileges
investigation, will help safeguard work
product and attorney-client communications
• Investigations should comply with
Compliance applicable laws and rules regarding

gathering information and interviewing
witnesses
Securing • Evidence should be protected so that it is

not destroyed and so that it is admissible in
evidence
legal proceedings.
126
• The investigation team should be
removed sufficiently from the
Objectivity issues and individuals under
investigation to conduct an
objective assessment
• Specific issues or concerns should

appropriately influence the focus,
Goals scope, and timing of the
investigation
127
Gathering evidence
Documenting and
Identifying the
preserving
perpetrators
evidence
Evaluating the Determining extent

cause of fraud of the fraud
Determining the
techniques used to
perpetrate the
fraud
128
Interview Process
The fraud investigator must:
• Prepare well in advance of the statement.
• Listen carefully to the interviewee, while
at the same time watching for nonverbal
behavior that is inconsistent with the
interviewee’s words.
• Control the statement parameters and
the surroundings.
129
Components of an Interview
• Orientation
• Narration and Questioning
• Summarizing
• Closure
130
Reporting the Results

The investigation team should report
its findings to the party overseeing the
investigation, such as senior
management, directors, or legal
counsel.
131
Fraud Examination Report

Background
It should state very succinctly why the
fraud examination was conducted (e.g., an
anonymous tip was received, an anomaly
was discovered during an audit, or money
or property was missing).
You may also state who called for the

examination and who assembled the
examination team.
132

Executive Summary
In this section, you should also summarize
what actions you performed during the
fraud examination, such as reviewing
documents, interviewing witnesses,
conducting analyses or tests, etc. Doing so
provides the reader with an overview of
what you did during the examination
process. At the end of this section, you
should summarize the outcome of the
examination.
133
133

Scope
This section should consist of just one
paragraph explaining the scope of the
fraud examination.
134

Approach
This section gives a brief description of the
following items:
• Fraud examination team members
• Procedures (generally what documents
were reviewed or what tests were
conducted)
• Individuals interviewed
135

Findings
This section contains the details of the
fraud examination. In this section, you
should describe what tasks you performed
and what you found. Provide enough detail
so that the reader understands what
occurred, but not so much detail that the
reader begins to lose interest or becomes
bogged down in the details.
136

Summary
This section should be one or two
paragraphs and should succinctly
summarize the results of the fraud
examination. It should be similar to the
outcome stated at the end of the Executive
Summary section.
137

Impact
You should describe how the fraud
impacted the victim organization in this
section. You can provide an estimate of the
dollar losses or any other tangible or
intangible damage already suffered or that
might occur in the future.
138

Recommendations
This section is optional. There might be
instances where you wish to discuss
remedial measures or specific
recommendations in a separate document.
If you do wish to include this section, you
should state what follow-up action is
necessary or recommended, including
remedial measures such as a review of
internal controls, introduction of a hotline,
increased
Unauthorized security,
reproduction and/or etc.
use of IIAP virtual
seminar videos and materials is against copyright, intellectual property and data privacy 139
139
6
WRAP UP
140
Participant’s Learnings and

Final Thoughts
141
Key Take-Away from Sun Tzu’s

ART OF WAR
“There is no instance of a country having
benefited from prolonged warfare.”
“Sweat more during peace: bleed less

during war.”
“Convince your enemy that he will gain very

little by attacking you; this will diminish his
enthusiasm.”
142
Questions?
OLIDAN CEASAR C. GALVEZ, CPA
Managing Partner
gn.occgalvez@gmail.com
143
Thank you!
References:
Anti Fraud Risk and Control Workbook by Peter D. Goldmann
Managing the Business Risk of Fraud: A Practical Guide
International Professional Practices Framework
Internal Auditing and Fraud – IPPF Practice Guide
144
www.facebook.com/galveznicdaoconsulting
145

BFIA March2023

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BFIA March2023

Uploaded by

Copyright:

Available Formats

Institute of Internal Auditors Philippines

Centre for Professional Development Basics of Fraud for Internal Auditors

Your Company and Designation

PROCESS: Working Agreement

Myths and Realities

Myths and Realities

Myths and Realities

Myths and Realities

Myths and Realities

• 1200: Proficiency and Due

• 2060: Reporting to Senior

IIA Standard 1200: Proficiency

IIA Standard 1220: Due

IIA Standard 1220: Due

IIA Standard 2060: Reporting

IIA Standard 2120: Risk

IIA Standard 2210: Engagement

• Fraud against individuals

Fraudulent Financial Statements

1 Timing difference 1 Timing difference

Invoice Sales Economic Illegal

Bid Rigging Purchasing

Theft and misuse

Expense reimbursement fraud

Other Examples of Fraud

Unauthorized or illegal use or theft of

Related party activity

Theft and Misuse

Theft of cash on hand

• Ghost employee • Mischaracterized

Who are the

What does a typical fraudster

What does a typical

Why does one

Developed by Dr. Donald Cressey, a

Often involves non-sharable financial

Motivation to commit fraudulent act

Ability to override fraud controls

Moral and ethical argument used to

Generally viewed as the expanded

Supporting elements include position,

Behavioral Red Flags

Behavioral Red Flags

Behavioral Red Flags

Behavioral Red Flags

HR-Related Red Flags

Fear of or actual job loss

Cut in pay or benefits

Involuntary cut in hours

Warning Signs of Fraud

Spikes in invoice volume

Frequent adjusting entries

To better help organizations in preventing

Through the accounting

Three Lines of Defense

Typical Roles and Responsibilities for

• Evaluates management’s identification of fraud risks and

• Oversees the activities of employees and typically does so

Typical Roles and Responsibilities for

•Evaluate risks faced by their organizations based on audit plans with

Typical Roles and Responsibilities for

• Responsible for the detection and investigation

• Can report suspicions of fraud to an employee