47 – 1:09:

GUEST SPEAKER: GERALD KEVIN TABOR CPA, CIA, CRFA, CLSSYB

TOPIC: TACKLING FRAUD IN TODAY’S DIGITAL WORLD

- AS TECHNOLOGY EVOLVED, THE FRAUSDSTERS ALSO BECAME CREATIVE

- HE ENCOURAGED EVERYONE TO SECURE OTHER PRC CERTIFICATIONS TO FURTHER ENHANCE
COMPETENCY.
- NOT ONLY SHOULD AN INTERNAL AUDITOR MAKE FINDINGS; BUT ONE MUST ALSO PROVIDE A
FEASIBLE AND PRACTICAL RECOMMENDATION.
- CERTIFIED LEAN SIX SIGMA YELLOW BELT (CLSSYB) CERTIFICATION – PROJECT MANAGEMENT
- CERTIFIED FORENSIC ACCOUNTANTS (CRFA) CERTIFICATION – FOCUSES ON FRAUD ACCOUNTING
- CERTIFIED INTERNAL AUDITOR (CIA) CERTIFICATION – FOCUSES ON INTERNAL AUDITING
INCLUDING A GENERAL APPROACH TO I.T.

POINTS TO DISCUSS:
A. MOST COMMON SOCIAL ENGINEERING ATTACKS
B. FRAUD CONCEPTS: DEFINITION, ELEMENTS, AN FRAUD TRIANGLE/DIAMOND/PENTAGON
MODEL.
C. FRAUD PREVENTION, DETECTION, AND RESPONSE

- FIRST VIDEO PRESENTED: A PERSON INVITED A FEW OF THE WORLD’S BEST HACKERS TO TRY
AND HACK HIM TO SHOW WHERE HIS VULNERABILITIES ARE. THE HACKERS ARE ALLOWED TO
HACK USING A PHONE AND THE INTERNET – WITHOUT ANY CODE.
- THE FIRST SAMPLE THEY DID WAS CALLED A VISHING CALL. ACCORDING TO JESSICA CLARK, THE
SOCIAL ENGINEER HACKER, VISHING IS VOICE SOLICITATION TO EXTRACT INFORMATION OR
DATA POINTS THAT CAN BE USED IN A LATER ATTACK. TO ILLUSTRATE, JESSICA CALLED THE
HOST’S CELLPHONE PROVIDER TO SEE IF THE LATTER CAN GIVE HER HIS EMAIL ADDRESS.
- IT IS SURPRISING HOW THE PROVIDERS NOT ONLY GAVE JESSICA THE HOST’S EMAIL ADDRESS
BUT ALSO PERSONAL ACCESS TO HIS ACCOUNT – ALL WITH THE HELP OF A FAKE BABY CRYING
SOUND, A TAD BIT OF ACTING, AND PHONECALL.

- AFTER THE VIDEO PRESENTATION, SIR GERALD POINTED OUT THAT VISHING IS ONE OF THE
MOST COMMON ATTACKS THAT EXIST TODAY. ACCORDING TO HIM, VISHING IS A TYPE OF SCAM
IN WHICH A FRAUDSTER CONTACTS A POTENTIAL VICTIM OVER THE PHONE PRETENDING TO BE
SOMEONE, AND TRIES TO CONVINCE THEM TO SHARE PERSONAL INFORMATION.

- PHISHING, ON THE OTHER HAND, IS WHEN THE FRAUDSTER SENDS MESSAGES PRETENDING TO
BE A TRUSTED PERSON OR ENTITY.
 - . SIR GERALD ADVISED THE VIEWERS TO ALWAYS BE MINDFUL AND VIGILANT, AS THESE
FRAUDSTERS ALSO TARGET THE INDIVIDUALS BUT ALSO EMPLOYEES IN THE ORGANIZATION, AS
THEIR WAY OF INTRUDING ITS NETWORK.

FRAUD PREVENTION

 “An ounce of prevention is better than a ton of treatment”

o Have arrangements in place that reduce the risk of a fraud occurring
o Management’s responsibility
o Management has the means to implement measures to reduce the risk of fraud
 Create and maintain a culture of honesty and high ethics
o Very critical in corporate governance
o Culture is something the management can drive the organization into by setting the tone
o Culture – positive workplace environment
o Culture of high honesty and ethics – through hiring and promoting appropriate
employees through training
 Evaluate the risks and implement policies, procedures, and control to mitigate the risk and
reduce the opportunity
o Opportunity only arises when there are no controls present
o Controls – policies, procedures, manuals, memos, employee job description, code of
ethics
 Develop appropriate oversight processes
o Oversight functions:
 Audit committee or board of directors
 Management
 Independent auditors
 Protecting oneself from identity theft
o Keep valuable documents, information, and details secure
o Destroy all financial all important personal and financial documents when not needed
anymore
o Don’t post valuable information on social media sites
o Licenses, personal IDs - always ensure they are in your possession whether at work or at
home

HOW TO DETECT FRAUD

 Management investigations
 Stringent end-of-day reviews
 Supporting departments (2nd line of defense)
 Internal audit

RED FLAGS
  Behavioral Red Flags
 (does not necessarily say that they are fraudsters, but indicates that something is wrong)
o Living beyond means
o Financial difficulties
o Unwillingness to share duties
 Mandatory leave – employee’s function can be transferred to another person
(habang nasa leave sya) as a control
o Irritability, suspiciousness, defensiveness
 Opportunity Red Flags
o Rapid turnover of key employees
o Low control/fraud consciousness
 Engagement Red Flags
o Missing/incomplete records
o Delayed recording/submission of records
o Conflicting Records
o Altered Records

8 KEY WARNING SIGNS

 85% of fraudsters displayed at least once behavioral red flag

1. Living beyond means – 39%
2. Financial difficulties – 25%
3. Unusually close association with vendor/customer – 20%
4. Control issues, unwillingness to share duties – 13%
5. Irritability, suspiciousness, defensiveness – 12%
6. Bullying or intimidation – 12%
7. Divorce/family problems – 11%
8. “Wheeler-Dealer” attitude – 10%

FRAUD RESPONSES

 Investigating fraud incidents and taking appropriate action

o Determine ano yung pressure
 Securing evidence for disciplinary and/or criminal action
o Fraud investigations/testings
o CCTV footage, interview sa mga nakakasama ng fraudster
 Preventing further loss
o Controls should be in place to prevent further loss
 Recovering losses
 Establishing lines of communication with the authorities
 Reviewing internal controls following a fraud
o Internal auditors
o Review internal controls if they are still effective or not
o Provide improvements and recommendations
  Fraud reporting arrangement

SAMPLE FRAUD CASES

 Original Ponzi Scheme (1920)

o Purchased postal coupons at a discount, shipped them abroad, and sold them for full
price
o Exaggerated benefits – rather than 5% profit, claimed the coupons produced a 50%
profit
 Enron Bankruptcy (2001)
 Madoff Pyramid (2008)
o Investment scandal
o Pyramiding scam
o Involved $18 billion