Workshop FRAUD-AUDITING

Prevention, Detection, & Investigation

Topik : OVERVIEW FRAUD-AUDITING

10/08/21 1
 Fraud:Penggelapan, Penipuan, kecurangan,pemalsuan dan
perilaku negatif lainnya, biasanya mencari keuntungan sendiri
(dan merugikan pihak lain, serta masyarakat secara keseluruhan)

Fraud :
Cacat Moral (Moral Hazard)
Perbuatan tercela  Melanggar Etika  Tidak beradab
Kriminal  Kejahatan Kerah Putih

Tujuan orang melakukan Fraud:

a. Mendapatkan keuntungan (manfaat), atas biaya pihak lain
b. Menyembunyikan kesalahan/cacat/cela
c. Mencari kesempatan atau peluang (untuk tujuan tertentu)
10/08/21 2
Terminology :
Fraud : noun
An act of cheating: cheat, swindle, victimization. Informal flimflam. Slang gyp.,dishonest.
One who fakes: charlatan, fake, faker, humbug, impostor, mountebank, phony, pretender, quack. .

Fraud : The intentional use of deception to cause another person to suffer loss.
Example: Abel purchases property from Baker. Abel later discovers that Baker did not hold Title to
the property and had no right to sell. Baker was guilty of fraud and is liable for damages suffered
by Abel in the purchase of the property.

The term 'fraud' is generally defined in the law as an intentional misrepresentation of

material existing fact made by one person to another with knowledge of its falsity and for
the purpose of inducing the other person to act, and upon which the other person relies
with resulting injury or damage.
 Fraud may also include an omission or intentional failure to state material facts,
knowledge of which would be necessary to make other statements not misleading.

Thus, to constitute fraud, a misrepresentation must be false [or an omission must

make other statements misleading], and it must be 'material' in the sense that it
relates to a matter of some importance or significance rather than a minor or trivial
detail.
10/08/21 3
Fraud
In the broadest sense, a fraud is a deception made for personal gain or to damage another
individual. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and is
also a civil law violation. Many hoaxes are fraudulent, although those not made for personal
gain are not technically frauds. Defrauding people of money is presumably the most common
type of fraud, but there have also been many fraudulent "discoveries" in art, archaeology, and
science.

Definition
In criminal law, fraud is the crime or offense of deliberately deceiving another in order to
damage them – usually, to obtain property or services unjustly. Fraud can be accomplished
through the aid of forged objects. In the criminal law of common law jurisdictions it may be
called "theft by deception," "larceny by trick," "larceny by fraud and deception" or something
similar.

Fraud for profit involves industry professionals. There are generally multiple loan transactions
with several financial institutions involved. These frauds include numerous gross misrepresenta
tions including: income is overstated, assets are overstated, collateral is overstated, the length of
employment is overstated or fictitious employment is reported, and employment is backstopped
by conspirators.
10/08/21 4
Fraud can be committed through many methods, including mail, wire, phone, and the
internet (computer crime and internet fraud). The difficulty of checking identity and legitimacy
online, the ease with which hackers can divert browsers to dishonest site and steal
credit card details, the international dimensions of the web and ease with which users can
hide their location, all contribute to making internet fraud the fastest growing area of fraud.

Acts which may constitute criminal fraud include:

Marriage Fraud to obtain immigration benefits
confidence tricks such as the 419 fraud, Spanish Prisoner, and the shell game
false advertising , identity theft, false billing psychic and occult charlatanism forgery of documents
or signatures taking money which is under your control, but not yours (embezzlement)
health fraud, selling of products of spurious use, such as quack medicines creation of false
companies or "long firms"
false insurance claims bankruptcy fraud, is a US federal crime that can lead to criminal prosecution
under the charge of theft of the goods or services
investment frauds, such as Ponzi schemes
securities frauds such as pump and dump taking payment for goods sold online, by mail or phone,
such as tickets, with no intention of delivering them.

10/08/21 5
Accounting fraud
In order to hide serious financial problems, some businesses have been known to use fraudulent
bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a
profit when the company is operating at a loss. These tampered records are then used to seek
investment in the company's bond or security issues or to make fraudulent loan applications in a
final attempt to obtain more money to delay the inevitable collapse of an unprofitable or
mismanaged firm.

Accounting fraud has also been used to conceal other theft taking
place within a company.

Accountant fraud
In 2002, a wave of separate but often related accounting scandals became known to the public in the
U.S. All of the leading public accounting firms—Arthur Andersen, Deloitte & Touche, Ernst & Young,
KPMG, PricewaterhouseCoopers— and others have admitted to or have been charged with negligence
to identify and prevent the publication of falsified financial reports by their corporate clients which had
the effect of giving a misleading impression of their client companies' financial status. In several cases,
the monetary amounts of the fraud involved are in the billions of USD.

10/08/21 6
Fraud, in addition to being a criminal act, is also a type of civil law violation
known as a tort.  A tort is a civil wrong for which the law provides a remedy. A civil
fraud typically involves the act of intentionally making a false representation of a
material fact, with the intent to deceive, which is reasonably relied upon by another
person to that person's detriment.
A "false representation" can take many forms, such as:
A false statement of fact, known to be false at the time it was made; A statement of fact
with no reasonable basis to make that statement; A promise of future performance
made with an intent, at the time the promise was made, not to perform as promised;A
statement of opinion based on a false statement of fact; A statement of opinion that the
maker knows to be false; or An expression of opinion that is false, made by one
claiming or implying to have special knowledge of the subject matter of the opinion.
"Special knowledge" in this case means knowledge or information superior to that
possessed by the other party, and to which the other party did not have equal access.

In the UK a report concluded that the total costs of fraud and dealing
with fraud in the year 2005-2006 was at least 13.9 Billion GBP.
10/08/21 7
 Pihak yang terlibat Fraud
Seperti tersirat dimuka, hampir semua orang (pihak) berpotensi untuk melakukan
Fraud. Namun demikian, bila sistem pengawasan sudah mulai ada, biasanya kejahatan
ini dilakukan melalui kerjasama, tidak (kecil) kemungkinannya dikerjakan sendiri.
Secara lebih rinci pihak yang terlibat melakukan Fraud ini dapat dikelompokkan
sebagai berikut:

1. Orang perorang/pribadi  Non Organized Crime

 Fraud yang dilakukan oleh orang perorang/pribadi ini, biasanya dilakukan
Bila belum ada sama sekali sistem pengawasan, dan atau pribadi tersebut sangat
ahli dibidangnya, sehingga mengetahui lobang (loop hole) dari sistem pengawasan
 Bisa orang dalam organisasi (pekerja), maupun pihak luar organisasi terhadap organisasi

2. Kelompok Orang (Organisasi)  Organized Crime

 Fraud yang dilakukan oleh sekelompok orang (organisasi) secara bersama sama
terhadap pihak diluar kelompoknya. Hal ini biasanya dilakukan pada kondisi
sistem pengawasan yang sudah ada, namun tidak jalan (law enforcementnya
rendah)
 Biasanya dilakukan oleh suatu kelompok terhadap kelompok lain
10/08/21 8
 Faktor-Faktor yang Mendorong Terjadinya Fraud

Iklim masyarakat
Karakter Yang membuka
dan Integritas Peluang
Pelaku Terjadinya
Untuk Fraud
FRAUD dimasyarakat
Watak yang cenderung Didorong oleh: Menyangkut:
berbuat fraud
a. Sistem Nilai
yang terbentuk dari
(Values System) di
lingkungan yang sudah Niat ( motivasi) masyarakat
lama sulit di ubah
Pelaku b. Aturan yang
berlaku serta
Karena desakan
penegakkannya
Keadaan/Situasi Keadaan.
Mendorong orang untuk
“kreatif”
10/08/21 9
 Factors which pushed Fraud
There are generally three requirements for fraud to occur - motivation, opportunity and
Personal characteristics.

1.Motivation is usually situational pressures in the form of a need for money, personal
satisfaction, or to alleviate a fear of failure.

2. Opportunity is access to a situation where fraud can be perpetrated, such as weaknesses in

internal controls, necessities of an operating environment, management styles and corporate
culture.

3. Personal characteristics:
include a willingness to commit fraud. Personal integrity and moral standards need to be
flexible enough to justify the fraud, perhaps out of a need to feed their children or pay for a
family illness.

It is difficult to have an effect on an individual’s motivation for fraud. Personal characteristics

can sometimes be changed through training and awareness programs. Opportunity is the easiest
and most effective requirement to address to reduce the probability of fraud. By developing
effective systems of internal control, you can remove opportunities to commit fraud.

10/08/21 10
 Usaha Mengurangi Fraud

Sistem Pengawasan
Sistem dan Prosedur Internal perusahaan
Operasional (SOP) Untuk (Internal Control)
kegiatan mengurangi organisasi
terjadinya Fraud,
organisasi perlu membuat
Perhatian tidak hanya Monitoring yang berkelanjutan
terfokus pada hasil, dan menegakkan :
terhadap pencapaian Visi dan
tetapi juga Proses Pelaksanaan Misi Organisasi

Kode Etik Organisasi

Atau perusahaan

Sistem Nilai (Values System)

yang berlaku di organisasi

10/08/21 11
 Usaha Mengurangi Fraud
Untuk mengurangi terjadinya Fraud, organisasi perlu membuat dan menegakkan

a. Sistem dan Prosedur Operasional (SOP) kegiatan.

Menyangkut cara melakukan pekerjaan, mana yang boleh , mana yang tidak, mana yang
prioritas dan mana yang bukan  Lihat Tujuan (goal) dan Sistem Nilai Organisasi
 Proses mempunyai nilai yang penting disamping hasil

b. Sistem Pengawasan Internal perusahaan (Internal Control)

 Monitoring kegiatan, mana yang sesuai SOP, dan Etika organisasi, mana yang
menyimpang, dan sebagainya.  Lihat Visi, Misi, dan Sistem Nilai Organisasi

c. Kode Etik perusahaan

 Menyangkut nilai nilai yang dianut organisasi , mana yang baik, mana yang tidak, mana
yang terpuji dan harus diperjuangkan, mana yang tercela dan harus dihindari, dan
sebagainya  Lihat Visi, dan Misi, Organisasi
Proses mempunyai nilai yang penting disamping hasil

10/08/21 12
Control Activities
Control activities are actions, supported by policies and procedures that, when carried out properly
and in a timely manner, manage or reduce risks

Control activities include approvals, authorizations, verifications, reconciliations, reviews of

performance, security of assets, segregation of duties, and controls over information system

1. Approvals (Preventive) 2. Reconciliations (Detective)

a. Written policies and procedures, is a comparison of different sets of data to one another, identifying
and investigating differences, AND taking corrective action, when
b. Limits to authority, · necessary. For example, verifying charges in the general ledger to file
c. Supporting documentation, copies of approved invoices.
d. Question unusual items,
e. No “rubber stamps”, · 3. Reviews (Detective)
f. No blank signed forms a. Budget to actual comparison, Current to prior period comparison
b. Performance indicators, Follow-up on unexpected results

Asset Security (Preventive and Detective)

1.Security of physical and intellectual assets, · Physical safeguards, · Perpetual records are maintained,
2 Periodic counts/physical inventories, ·Compare counts to perpetual records, ·Investigate/correct differences

Segregation of Duties (Preventive and Detective)

No one person should..., Initiate the transaction, Approve the transaction, Record the transaction
Reconcile balances, Handle assets, Review reports
10/08/21 13
· At least four (4) sets of eyes
 The Important points of Internal Control

1. People at every level of an organization affect internal control. Internal control is,
to some degree, everyone's responsibility. within the organization.

2. Effective internal control helps an organization achieve its operations, financial reporting, and
compliance objectives.
Effective internal control is a built-in part of the management process (i.e., plan, organize, direct, and control)
Internal control keeps an organization on course toward its objectives and the achievement of its mission,
and minimizes surprises along the way. Internal control promotes effectiveness and efficiency of operations,
reduces the risk of asset loss, and helps to ensure compliance with laws and regulations. Internal control
also ensures the reliability of financial reporting (i.e., all transactions are recorded and that all recorded
transactions are real, properly valued, recorded on a timely basis, properly classified, and correctly summa-
rize and posted).

3. Internal control can provide only reasonable assurance - not absolute assurance - regarding the
achievement of an organization's objectives.
Effective internal control helps an organization achieve its objectives; it does not ensure success. There are
several reasons why internal control cannot provide absolute assurance that objectives will be achieved:
cost/benefit
10/08/21 realities, collusion among employees, and external events beyond an organization's control.
14
 Affects all of an organization
•People
• processes
*infrastructure
Incorporates with
The degree the qualities
Of Goal Achievement management

Internal Control
Aspect

Dependent upon
Working the integrity of people

Climate In the organization

10/08/21 15
 Promote orderly, economical,
operations, and produce quality
products and services
consistent with the
organization's mission.

PURPOSES
Promote adherence to
laws, regulations, (Function) Develop and maintain
reliable financial and
contracts and OF INTERNAL Data management
management accurately present
directives.
CONTROL in timely reports.

Safeguard resources against loss

due to waste, abuse, mismanagement,
errors and fraud.
10/08/21 16
 •Keabsahan
•Otoritas
•Kelengkapan
Accounting •Penilaian
•Klasifikasi
System •Tepat waktu
•posting

Unsur
Control Organisasi Control
Procedure Internal Control Evironment

•Landasan managemen dan gaya operasi

•Pemisahan tugas •Struktur organisasi
•Otoritas yang pantas atas transaksi dan aktivitas •Komite audit
•Dokumentasi dan catatan yang memadai •Metode pelimpahan wewenang
•Pengendalian fisik atas aktiva dan catatan •Metode pengendalian menajemen
•Pengecekan independen atas pelaksanaan •Kebijakan dan prosedur kepegawaian
•Pengaruh eksternal

10/08/21 17
 Control -Governance and Competence
(or Operating) -Ethical Values and Integrity
Environment -Management Style and Philosophy
-Supportive Attitude

Monitoring Risk
System Assessment
Internal Control
Risk identification
Process
Managing Risk
Preventing or Reducing Risk
Managing Risk During Change

-Documentation
Information
Control -Approval and Authorization
&
Activities -Verification, Supervision
Communication
-Separation of Duties
-General Controls -Safeguarding Assets

-Specific Control -Reporting

10/08/21 18
1.Control Environment
The control environment is the control consciousness of an organization; it is the atmosphere in
which people conduct their activities and carry out their control responsibilities.
An effective control environment is an environment where competent people understand their
responsibilities, the limits to their authority, and are knowledgeable, mindful, and committed to doing what
is right and doing it the right way. They are committed to following an organization's policies and procedures
and its ethical and behavioral standards.

The control environment encompasses technical competence and ethical commitment; it is

an intangible factor that is essential to effective internal control.

A governing board and management enhance an organization's control environment when they establish
and effectively communicate written policies and procedures, a code of ethics, and standards of conduct.
Moreover, a governing board and management enhance the control environment when they behave in an
ethical manner-creating a positive "tone at the top"—and when they require that same standard of conduct
from everyone in the organization.

Management is responsible for setting the tone for their organization. Management should foster a
control environment that encourages: the highest levels of integrity and personal and professional
standards, a leadership philosophy and operating style which promote internal control throughout the
organization · assignment of authority and responsibility.

10/08/21 19
Control Environment Tips
The control environment is greatly influenced by the extent to which individuals recognize that they will be held
accountable.

Listed below are some tips to enhance a department's control environment. This list is not all
inclusive,nor will every item apply to every department; it can, however, serve as a starting
point. Make sure that the following policies and procedures are available in each department
(hard copy or Internet access):

Administrative Procedures
Business and Finance Bulletins
Employee Handbook
Purchasing Manual
Personnel Memorandum

10/08/21 20
2. Risk Assessment

a. Determine Goals and Objectives

The central theme of internal control is (1) to identify risks to the achievement of an organization's
objectives and (2) to do what is necessary to manage those risks. Thus, setting goals and objectives is a
precondition to internal controls.

Goals and objectives are classified in the following categories: Operations objectives. · Financial reporting
objectives. · Compliance objectives.

b. Identify Risks after Determining Goals

Risk assessment is the identification and analysis of risks associated with the achievement of operations,
financial reporting, and compliance goals and objectives. This, in turn, forms a basis for determining how
those risks should be managed. Who is responsible
- Risk Identification -Higher Risk May transaction Types

c Risk Analysis
After risks have been identified, a risk analysis should be performed to prioritize those risks:
· Assess the likelihood (or frequency) of the risk occurring · Estimate the potential impact if the risk were to
occur; consider both quantitative and qualitative costs · Determine how the risk should be managed; decide
what actions are necessary.

10/08/21 21
Risk Assessment Tips
The risk assessment is greatly influenced by Listed below are tips to guide a department Internal control
through its risk assessment:

a. Make sure the department has a mission statement and written goals and objectives.
b. Assess risks at the department level.
c. Assess risks at the activity (or process) level.
d. Complete a Business Controls Worksheet for each significant activity (or process) in
the department; prioritize those activities (or processes) which are most critical to the
success of the department and those activities (or processes) which could be
improved the most.
e. Make sure that all risks identified at the department level are addressed in the
Business Controls Worksheet

10/08/21 22
3. Control Activities.

The control activities is the control process and result of an organization

An effective control of an activities, is greatly influenced by the availability of Information system (Manual or
computerize) and the competent and an integrity of the people

Information Systems
For General Controls : ¨
Access Security, Data & Program Security, Physical Security, ¨ Software Development & Program
Change Controls, ¨ Data Center Operations, ¨ Disaster Recovery
For Specsific or Application Controls
Programmed Procedures Within Application Software
Input Controls (Data Entry) (Authorization, Validation, Error Notification and Correction)
Processing Controls
Output Controls

10/08/21 23
4. Information and Communication
Information and communication are essential to effecting control; information about :
An organization's plans,
Control environment,
Risks,
Control activities,
Performance must be communicated up, down, and across an organization.
 Reliable and relevant information from both internal and external sources must be identified, captured,
processed, and communicated to the people who need it--in a form and timeframe that is useful.
 Information systems produce reports, containing operational, financial, and compliance-related
information that makes it possible to run and control an organization.

5. Monitoring
Monitoring is the assessment of internal control performance over time; it is accomplished by ongoing
monitoring activities and by separate evaluations of internal control such as self-assessments, peer reviews,
and internal audits.
The purpose of monitoring is to determine whether internal control is adequately designed, properly
executed, and effective. Internal control is adequately designed and properly executed if all five internal
control components (Control Environment, Risk Assessment, Control Activities, Information and
Communication, and Monitoring) are present and functioning as designed
10/08/21 24
 Strategic
Planning

Activities
Internal
System
Evaluation Audit

-Auditor Independency
-Risk-Based Audit Planning
-Continuing Professional Education
-Communication
-Monitoring Audit Findings

10/08/21 25
 Establishing Making management
a system of policies and guidelines
internal control available to all employees
review Internal Control
Responsiblity

Implementing Education
Training, and Evaluation
for internal control

10/08/21 26
 Upaya pencegahan kekeliruan dan
penyimpangan sebelum terjadi, misalnya:
pemisahan tugas, rotasi tugas, autorisasi,
Kejelasan Job Desc
Preventive

Corrective
Detective Type of Control

Upaya untuk memperbaiki dampak

Upaya untuk menemukan dari terjadinya kekeliruan ataupun

kesalahan, dan penyimpangan yang penipuan, misal: perbaikan

mungkin atau sudah terjadi kesalahan otomatis, backup and

misalnya: pengendalian register, recovery, discrepancy reports, dsb.

batch serial numbers, batch totals,

format, matching, dsb.
10/08/21 27
Balancing Risk and Control
Risk is the probablity that an event or action will adversely affect the organization. The
primary categories of risk are errors, omissions, delay and fraud. In order to achieve goals
and objectives,management needs to effectively balance risks and controls.
Therefore, control procedures need to be developed so that they decrease risk to a level
where management can accept the exposure to that risk. By performing this balancing act
"reasonable assurance” can be attained. As it relates to financial and compliance goals,
being out of balance can cause the following problems:

Excessive Risks Excessive Controls

Loss of Assets, Donor or Grants Increased Bureaucracy
Poor Business Decisions Reduced Productivity
Noncompliance Increased Complexity
Increased Regulations Increased Cycle Time
Public Scandals
Increase of No-Value Activities

In order to achieve a balance between risk and controls, internal controls should be proactive,
value-added, cost-effective and address exposure to risk.
10/08/21 28
 Pemisahan tanggung
jawab secara fungsional
dalam organisasi

Internal Control
Memiliki Effeciveteness
sistem dan prosedur
Kompetensi dan
otoritas dan
Integritas Personnel
pencatatan yang
tegas

10/08/21 29
 Gejala (Symtomps) adanya Fraud

Penurunan Kinerja

Gejala atau
Symtomps
Adanya Fraud
Banyaknya Memburuknya
Gugatan dan Komplain Iklim kerja
dari Stakeholder organisasi

10/08/21 30
 Peringatan (Warning Sings)
untuk segera mengatasi Fraud

Penurunan Kinerja
dengan drastis

Warning
Sings Memburuknya
Makin banyaknya Iklim kerja
Gugatan dan Komplain Organisasi
dari Stakeholder Dengan Drastis

10/08/21 31