Professional Documents
Culture Documents
دليل مكافحة الاحتيال المالي أغسطس2020م
دليل مكافحة الاحتيال المالي أغسطس2020م
^2-2* .f-i
M
s
Saudi Arabian Monetary Authority <JI*
flillYl
£
■
Fraud Prevention and Deterrence Understanding Criminal Behavior
iv. Crime is likely to occur when the three elements come together.
v. If someone thinks it is likely that they will be caught or there is not a suitable
target, then they are less likely to commit a crime.
c. Theory of differential association
i. Asserts that people learn the values, attitudes, techniques, and motives for
criminal behavior by communicating with and participating in intimate
personal groups
ii. Main points made by criminologist Edwin Sutherland:
1. Criminal behavior is learned.
2. It is learned from other people in a process of communication.
3. Criminal behavior is acquired through participation with intimate
personal groups.
4. Learning criminal behavior involves all the mechanisms of other
learning.
5. Learning differs from pure imitation.
6. While criminal behavior is an expression of general needs and
values, it is not explained by these needs and values.
d. Social control theory
i. Suggests that if a person fails to become attached to the variety of control
agencies of the society, that person's chances of violating the law increase
ii. People confronted with the possibility of violating a law are likely to ask
themselves questions such as, "What will my family or friends think if they
find out?"
iii. To the extent that individuals believe that other people whose opinions are
important to them will be disappointed or ashamed, and to the extent that
they care deeply that these people will feel this way, they will be deterred
from committing a criminal act.
e. Differential reinforcement theory
i. States that whether deviant or criminal behavior begins or persists depends
on the degree to which it has been rewarded or punished, as well as the
rewards or punishments attached to its alternatives
ii. Behavior is reinforced when positive rewards are gained (positive
reinforcement) or punishment is avoided (negative reinforcement).
iii. It is weakened by negative stimuli (punishment) and loss of reward (negative
punishment).
Question 1
According to B. F. Skinner, the MOST EFFECTIVE way to modify a person's behavior is through:
A. Punishment
B. Positive reinforcement
C. Negative reinforcement
Question 2
Social control theory suggests that the farther an individual strays from the norms of society, the
A. True
B. False
Question 3
The theory of differential association is used frequently to explain white-collar criminality. Which
White-Collar Crime
I. What Is White-Collar Crime?
a. According to Albert J. Reiss, Jr., and Albert Biderman, "Those violations of law to
which penalties are attached that involve the use of a violator's position of economic
power, influence, or trust in the legitimate economic or political institutional order for
the purpose of illegal gain, or to commit an illegal act for personal or organizational
gain"
II. Organizational Opportunity
a. The determinant aspect of white-collar crime
b. Organization and complexity make a larger difference than the offender's social
status.
III. Contributing Factors to the Rise of White-Collar Crime
a. The economy increasingly runs on credit, which often means rising personal debt.
b. New information technologies mean that the opportunity for wrongdoing is growing.
c. There is an overarching culture based on affluence and ever-higher levels of
success. Media sources, and advertising in general, promise that no one has to settle
for second best.
IV. Referring White-Collar Criminals to Law Enforcement
a. According to the ACFE's 2020 Report to the Nations, 59% of occupational fraud
cases were referred to law enforcement for prosecution.
b. The Report to the Nations also found that 80% of fraud cases in the study resulted in
some form of internal punishment for the perpetrator in response to the fraud, with
66% reporting termination, 10% reporting that they were permitted or required to
resign, and 9% reporting that they were placed on probation or suspended.
c. For organizations that chose to handle fraud cases internally instead of referring them
to law enforcement for prosecution, 46% of companies declined to refer cases
because they believed their organization's internal discipline mechanisms were
sufficient, 32% did so for fear of negative publicity, 17% thought prosecution would be
too costly, 10% said there was a lack of evidence, and 6% chose to pursue civil suits
instead.
V. Organizational Crime
a. Organizational vs. occupational crime
i. Organizational crime is that which is committed by businesses, particularly
corporations, and the government.
ii. Occupational crime involves legal offenses committed by individuals in the
course of their occupation.
b. Effect of organizational structure on criminal behavior
i. Complex companies are more prone to misbehavior due to isolation of
departments and locations.
ii. Information about what one part of a company is doing might be unknown in
another part, which makes it less likely that criminal behavior will be detected
and punished.
iii. The larger a company grows, the more specialized its subunits tend to
become, and this specialization thereby breeds a higher risk of fraud.
iv. Specialization helps hide illegal activity because people do not know
particulars about how things work.
c. Criminogenic nature of organizations
i. Assertions of sociologist Edward Gross
1. All organizations are inherently criminogenic (i.e., prone to committing
crime), though not necessarily criminal.
Question 1
Which of the following most exemplifies the rationalization leg of the Fraud Triangle?
B. "I'm in so much debt; I don't have any other way to pay my bills."
D. "I need the money to repay my drug dealer so that no one will find out about my habit."
Question 2
Which of the following are the two main theories to control corporate criminal behavior?
Question 3
The managements from several IT consulting firms conspire to take turns submitting the lowest bids
A. True
B. False
Question 4
The findings in the ACFE's Report to the Notions include which of the following?
A. The most commonly reported red flag displayed by fraud perpetrators prior to the detection
of their crime is being employed by the victim entity less than six months.
B. The median losses caused by executives are lower than those caused by staff-level
employees.
Corporate Governance
I. What Is Corporate Governance?
a. Refers to a corporation's government
b. Broadly used to describe the oversight responsibilities of different parties for an
organization's direction, operations, and performance
c. More specifically, the Organisation for Economic Co-operation and Development's
(OECD) "Glossary of Statistical Terms" defines corporate governance as:
i. [The] procedures and processes according to which an organisation
is directed and controlled. The corporate governance structure specifies the
distribution of rights and responsibilities among the different participants in
the organisation—such as the board, managers, shareholders and other
stakeholders—and lays down the rules and procedures for decisionmaking.
d. Sir Adrian Cadbury, chairman of the committee that developed the foundational
corporate governance guidance, The Cadbury Report, stated that the purpose of
corporate governance is "to encourage the efficient use of resources and equally to
require accountability for the stewardship of those resources. The aim is to align as
nearly as possible the interests of individuals, corporations, and society."
e. Solid corporate governance practices are most necessary in an organization in which
the owners are not also responsible for setting the company's strategy and executing
its business activities (e g., in publicly traded companies).
II. Parties Involved in Corporate Governance
a. The board of directors
i. Made up of individuals who are generally elected by the entity's voting
members (e.g., shareholders in the case of a corporation or members in
the case of an association)
ii. Elected directors might be:
1. Major shareholders or executives of the organization (i.e., inside
directors)
2. Completely independent of the organization aside from their role on
the board (i.e., independent directors or outside directors)
iii. Represents the intermediary between the corporation's owners (i.e.,
shareholders) and those executing its activities (i.e., management)
iv. Acts as the guardian of the organization's resources and assets
v. Oversees business operations by assessing the strategy and underlying
purpose of management's decisions and actions
vi. Might delegate members to focused subcommittees to aid in oversight of
specific issues; examples include:
1. Audit committee
2. Compensation committee
3. Nominating committee
4. Governance committee
5. Risk committee
b. Management
i. Responsible for making the day-to-day decisions that affect company
performance and, ultimately, shareholder wealth
ii. Roles pertaining to corporate governance include:
1. Establishing strategic goals and operating objectives under the
board's oversight
2. Directing employees to execute business activities and managing
their performance of those tasks
b. Transparency
i. Refers to the clarity, accuracy, completeness, and timeliness of the financial
statements and other information provided by management to shareholders
ii. The organization's governance processes must include policies and procedures
designed to ensure transparent disclosure of all material matters that the
shareholders need to make timely and informed decisions regarding their
investment in the company.
c. Fairness
i. Sound corporate governance practices ensure that all stakeholders are treated
equitably and given just and appropriate consideration.
d. Responsibility
i. Applies both to the duty of internal parties (e.g., employees, managers, directors,
and owners) to act in the best interest of the organization and to the duty of the
organization as a whole to act in society's best interest
VI. Establishing a Corporate Governance Framework
a. G20/OECD Principles of Corporate Governance states that "there is no single model of
good corporate governance."
b. Corporate governance structure and practices vary widely and should be determined
based on each organization's specific needs.
c. In developing a corporate governance framework for an organization, directors and
management must consider the legal, regulatory, institutional, cultural, and ethical
environments in which the company operates.
d. Good corporate governance is fluid—that is, it maintains the ability to find a different
course when its current direction runs into barriers, such as changes in the corporate
landscape, new regulations or legal requirements, or shifts in organizational strategy.
VII. Sources of Corporate Governance Guidance
a. Although there is not a universal law or set of rules for corporate governance,
legislators, regulators, and other bodies around the world have issued guidance that
provides best practices and requirements that organizations should enact as
appropriate, such as the G20/OECD Principles of Corporate Governance.
b. In many jurisdictions, organizations—particularly those that are publicly traded—are
subject to specific corporate governance requirements that might take the form of
legislation or conditions set for companies listed on stock exchanges.
c. As a result, companies should be familiar with the existing guidance specific to all the
regions in which they operate, and those charged with governance should ensure
compliance with the laws and regulations governing their organization.
VIII. G20/OECD Principles of Corporate Governance
a. Regarded as one of the hallmark sources of guidance for corporate governance
practices for organizations throughout the world
b. "Intended to help policymakers evaluate and improve the legal, regulatory, and
institutional framework for corporate governance with a view to support economic
efficiency, sustainable growth, and financial stability," per the OECD
c. Nonbinding, as their implementation must be adapted to different legal, economic, and
cultural circumstances
i. This is a key strength of the Principles that makes them a useful tool worldwide,
both in developed economies and in emerging markets.
ii. The legislation needed to enforce these standards is the responsibility of
individual governments.
d. Includes six broad principles:
i. Request that governments have in place an effective legal, regulatory, and
institutional framework to support good corporate governance practices.
1. This framework typically comprises elements of legislation,
Question 1
B. Remains adaptable
Question 2
Which of the following is NOT one of the core principles of sound corporate governance?
A. Responsibility
B. Transparency
C. Independence
D. Fairness
Question 1
Which of the following parties is ultimately responsible for the prevention and detection of fraud
within an organization?
A. Board of directors
B. Internal auditors
C. Management
D. External auditors
Question 2
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the
Question 3
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO),
internal control is a process "designed to provide reasonable assurance regarding the
achievement of objectives relating to operations, reporting, and compliance."
A. True
B. False
Question 1
The primary purpose of International Standard on Auditing (ISA) 240, The Auditor's Responsibilities
A. Establish standards and provide guidance on the auditor's responsibility to consider fraud in
an audit of financial statements
B. Establish auditors as being primarily responsible for the prevention and detection of fraud
within an organization
Question 2
According to The Institute of Internal Auditors' (IIA) International Standards for the Professional
Practice of Internal Auditing, internal auditors must apply the care and skill of an expert whose
primary responsibility is investigating fraud.
A. True
B. False
i. The fraud risk assessment is useful for identifying areas that should be proactively
investigated for evidence of fraud.
f. To assess anti-fraud controls
i. Although an effective internal control system, including targeted antifraud
controls, is critical in fraud prevention and detection, it is a dynamic system that
requires constant reevaluation of its weaknesses.
ii. Performing a fraud risk assessment provides management with the opportunity
to review the effectiveness of the company's anti-fraud controls, taking into
account the following considerations:
1. Controls that might have been eliminated due to restructuring efforts
(e.g., elimination of separation of duties due to downsizing)
2. Controls that might have eroded over time due to reengineering of
business processes
3. New opportunities for collusion
4. Lack of anti-fraud controls in a vulnerable area
5. Nonperformance of control procedures (e.g., control procedures
compromised for the sake of expediency)
6. Inherent limitations of anti-fraud controls, including opportunities for
those responsible for a control to commit and conceal fraud (e.g.,
through management and system overrides)
g. To comply with regulations and professional standards
i. Fraud risk assessments can assist management and auditors (internal and
external) in satisfying regulatory requirements and complying with professional
standards pertaining to their responsibility for fraud risk management.
VI. Elements of a Good Fraud Risk Assessment
a. Collaborative effort of management and auditors
i. The fraud risk assessment is most effective when management and auditors
share ownership of the process and accountability for its success.
b. The right sponsor
i. The sponsor must be senior enough in the organization to command the
employees' respect and elicit full cooperation in the process.
ii. Ideally, the sponsor would be an independent board director or audit committee
member; however, a chief executive officer or other internal senior leader can be
equally as effective.
c. Independence and objectivity of the people leading and conducting the work
i. The people leading and conducting the fraud risk assessment must remain
independent and objective throughout the assessment process and must be
perceived as independent and objective by others.
ii. A good fraud risk assessment can be effectively conducted by people inside or
outside of the organization.
iii. The people leading and conducting the work should be mindful of any personal
biases they might have regarding the organization and the people within it, and
they should take steps to reduce or eliminate all biases that might affect the
fraud risk assessment process.
d. Functional knowledge of the business
i. The fraud risk assessor must know, beyond a superficial level, what the business
does and how it operates.
e. Access to people at all levels of the organization
i. It is crucial to include members of all levels of the organization in the risk
assessment process to ensure that all relevant risks are addressed and
reviewed from many different perspectives.
f. Thinking like a fraudster
b. Detective controls
i. Intended to detect fraud if it does occur
ii. Include:
1. Establishing and marketing the presence of a confidential reporting
system, such as a whistleblower hotline
2. Implementing proactive controls for the fraud detection process,
such as independent reconciliations, reviews, physical inspections
and counts, analysis, and audits
3. Implementing proactive fraud detection procedures, such as data analysis
and continuous auditing techniques
Question 1
The risk that an organization might be victimized by an individual who is able to combine the
A. Audit risk
B. Fraud risk
C. Insider risk
D. Environmental risk
Question 2
In response to a risk identified during a fraud risk assessment, management chooses to accept the
risk, rather than to implement any responsive measures. This approach is known as:
Question 3
Which of the following influences the level of fraud risk faced by an organization?
vii. Seeking advice of legal counsel whenever it deals with allegations of fraud
VIII. Senior Management's Role
a. Hold the primary responsibility for designing, implementing, monitoring, and improving
the fraud risk management program, which involves:
i. Being extremely familiar with the organization's fraud risks
ii. Ensuring that the organization has specific and effective internal controls in
place to prevent and detect fraud
iii. Setting a tone at the top and monitoring the company culture to ensure that it
appropriately supports the organization's fraud prevention and detection
strategies
iv. Clearly communicating—both in words and actions—that fraud is
not tolerated
v. Taking seriously all reports of fraud and undertaking investigations
for any such reports deemed reliable
vi. Punishing perpetrators of discovered fraud appropriately
vii. Taking any steps necessary to remediate weaknesses that allowed
frauds to occur
viii. Reporting to the board of directors on a regular basis regarding the
effectiveness of the organization's fraud risk management program
IX. The Objectives of a Fraud Risk Management Program
a. Fraud risk management programs must address fraud before, during, and after it
occurs.
b. Such programs must incorporate policies and procedures designed to prevent,
detect, and respond to fraud.
i. Fraud prevention
1. Activities focus on proactively identifying and assessing fraud risks
and taking steps to address those risks.
ii. Fraud detection
1. Activities seek to identify fraud occurrences as soon as possible after
they begin to limit the damage done.
iii. Fraud response
1. Investigating the allegation to determine the party or parties
responsible, the means of the infraction, and the extent of the
resulting damage
2. Punishing the perpetrator, whether through employment sanctions or
legal action
3. Remediating the control weaknesses that allowed the fraud to be
undertaken
4. Rebuilding stakeholders' confidence in the organization
X. Fraud Risk Management Principles
a. To help meet the objectives of a fraud risk management program, Fraud Risk
Management Guide describes five broad principles of fraud risk management:
i. Fraud risk governance
1. The organization establishes and communicates a fraud risk
management program that demonstrates the expectations of the
board of directors and senior management and their commitment to
high integrity and ethical values regarding managing fraud risk.
ii. Fraud risk assessment
1. The organization performs comprehensive fraud risk assessments to
identify specific fraud schemes and risks, assess their likelihood and
significance, evaluate existing fraud control activities, and implement
actions to mitigate residual fraud risks.
Question 1
Of the following parties, who is responsible for developing a strategy to assess and manage fraud
risks that aligns with the organization's risk appetite and strategic plans?
D. The shareholders
Question 2
Which of the following is among the audit committee's responsibilities for fraud risk management?
B. Understanding how internal and external audit strategies address fraud risk
C. Engaging in open conversations with external auditors about any known or suspected fraud
risk of fraud significantly because employees often feel more loyal to their
superiors.
iv. Such a culture might also prevent unethical behavior because issues of
anger or stress can be addressed before they escalate to the point of
a fraud.
v. When management believes and acts as though it is "above the law" with
respect to company policies, staff members are much less likely to follow
rules.
vi. When management acts ethically and follows organizational policies, the
staff tends to respect and appreciate the behavior and copy it.
H. Organizational structure
I. A well-designed organizational structure—with key areas of authority and
clear and proper lines of reporting—can be an effective fraud prevention
measure.
ii. Establishing and communicating the proper flow of information to everyone in
the organization (e.g., through the use of flowcharts displaying organizational
and departmental hierarchies) is an essential component of a well-designed
organizational structure.
i. Background checks
i. Before hiring anyone, management should conduct a background check
(where and to the extent permitted by law) to find out as much as possible
about the employee's previous experience with employers and law
enforcement.
ii. At a minimum, employers should check the background of any employee who
will have constant access to cash, checks, credit card numbers, or any other
items that are easily stolen.
iii. Background checks should also be run on existing employees who are being
promoted or moved to positions that include access to sensitive or valuable
company resources.
iv. When possible and legally permissible, employers should conduct a
background check in which they verify position, dates of employment, and
eligibility for rehire with past employers.
J. Performance management and measurement
i. It is important to place employees in situations where they are able to thrive
without resorting to unethical conduct.
ii. Organizations should provide employees with well-defined job descriptions
and performance goals.
iii. Performance goals should be routinely reviewed to ensure that they do not
set unrealistic standards.
iv. Training (including ethics training) should be provided on a consistent basis to
ensure that employees maintain the skills needed to perform their tasks
effectively.
v. Care should be taken to set performance goals that motivate employees to
challenge themselves but are not so ambitious that the only way they can
meet them is to perpetrate fraud.
vi. Including ethics-based metrics as a component of performance goals and
evaluation can be an especially effective way to foster ethical behavior and
reinforce the importance of ethics as the guiding factor in making business
decisions.
K. Handling known fraud incidents
i. It must be emphasized to all employees that the company maintains a policy
of zero tolerance for fraud.
Question 1
Unless specific unacceptable conduct is detailed in an anti-fraud policy, there can be legal problems
A. True
B. False
Question 2
Question 3
C. Visibly adhere to the same set of ethics policies that is required of all employees
Question 1
Robert, a Certified Fraud Examiner (CFE), is hired by a client to conduct a fraud examination. At the
conclusion of the engagement, he issued a written report to the client and closed his file. A year
later, Robert receives a legal order from the local prosecutor's office to provide the report. Under the
A. True
B. False
Question 2
A. Fraud examiners should always begin their assignments with the belief that something is
amiss
B. Fraud examiners should relax their attitude of skepticism only when the evidence shows no
signs of fraud
C. A fraud examiner may not provide opinions or attestations about a fraud-free environment
The ACFE provides educational tools and practical solutions for anti-fraud professionals through
initiatives including:
• Global conferences and seminars led by anti-fraud experts
• Instructor-led, interactive professional training
• Comprehensive resources for fighting fraud, including books, self-study courses, and articles
• Leading anti-fraud publications, including Fraud Magazine, The Fraud Examiner, and
Fraudlnfo
• Local networking and support through more than 170 ACFE chapters worldwide
• Anti-fraud curriculum and educational tools for colleges and universities
The positive effects of anti-fraud training are far reaching. The best way to combat fraud is to
educate anyone engaged in fighting fraud on how to effectively prevent, detect, and investigate it.
By educating, uniting, and supporting the global anti-fraud community with the tools to fight
fraud more effectively, the ACFE is inspiring public confidence in the integrity and objectivity of
the profession.
Membership
Immediate access to world-class anti-fraud knowledge and tools is a necessity in the fight against
fraud. Members of the ACFE include accountants, internal auditors, fraud investigators, law
enforcement officers, lawyers, business leaders, risk and compliance professionals, and educators,
all of whom have access to expert training, educational tools, and resources. Members from all
over the world have come to depend on the ACFE for solutions to the challenges they face in their
professions.
Whether their careers are focused exclusively on preventing and detecting fraudulent activities or
they simply want to learn more about fraud, anti-fraud professionals turn to the ACFE for the
essential tools and resources to accomplish their objectives. To learn more, visit ACFE.com or
call (800) 245-3321 / + 1 (512) 478-9000.
©2022 ACFE
Association of Certified Fraud Examiners
ABOUT THE ASSOCIATION OF CERTIFIED FRAUD
EXAMINERS
Certified Fraud Examiners
The ACFE offers its members the opportunity for professional certification. The Certified Fraud
Examiner (CFE) credential is preferred by businesses and government entities around the world
and indicates expertise in fraud prevention and detection.
Certified Fraud Examiners (CFEs) are anti-fraud experts who have demonstrated knowledge in
four critical areas: financial transactions and fraud schemes, law, investigation, and fraud
prevention and deterrence. In support of CFEs and the CFE credential, the ACFE:
• Provides bona fide qualifications for CFEs through administration of the CFE Exam
• Requires CFEs to adhere to a strict code of professional conduct and ethics
• Serves as the global representative for CFEs to business, government, and academic
institutions
• Provides leadership to inspire public confidence in the integrity, objectivity, and
professionalism of CFEs
©2022 ACFE
Association of Cortifiud Fraud Examiners