Professional Documents
Culture Documents
Workshop FRAUD-AUDITING Prevention, Detection, & Investigation
Workshop FRAUD-AUDITING Prevention, Detection, & Investigation
10/08/21 1
Fraud:Penggelapan, Penipuan, kecurangan,pemalsuan dan
perilaku negatif lainnya, biasanya mencari keuntungan sendiri
(dan merugikan pihak lain, serta masyarakat secara keseluruhan)
Fraud :
Cacat Moral (Moral Hazard)
Perbuatan tercela Melanggar Etika Tidak beradab
Kriminal Kejahatan Kerah Putih
Fraud : The intentional use of deception to cause another person to suffer loss.
Example: Abel purchases property from Baker. Abel later discovers that Baker did not hold Title to
the property and had no right to sell. Baker was guilty of fraud and is liable for damages suffered
by Abel in the purchase of the property.
Definition
In criminal law, fraud is the crime or offense of deliberately deceiving another in order to
damage them – usually, to obtain property or services unjustly. Fraud can be accomplished
through the aid of forged objects. In the criminal law of common law jurisdictions it may be
called "theft by deception," "larceny by trick," "larceny by fraud and deception" or something
similar.
Fraud for profit involves industry professionals. There are generally multiple loan transactions
with several financial institutions involved. These frauds include numerous gross misrepresenta
tions including: income is overstated, assets are overstated, collateral is overstated, the length of
employment is overstated or fictitious employment is reported, and employment is backstopped
by conspirators.
10/08/21 4
Fraud can be committed through many methods, including mail, wire, phone, and the
internet (computer crime and internet fraud). The difficulty of checking identity and legitimacy
online, the ease with which hackers can divert browsers to dishonest site and steal
credit card details, the international dimensions of the web and ease with which users can
hide their location, all contribute to making internet fraud the fastest growing area of fraud.
10/08/21 5
Accounting fraud
In order to hide serious financial problems, some businesses have been known to use fraudulent
bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a
profit when the company is operating at a loss. These tampered records are then used to seek
investment in the company's bond or security issues or to make fraudulent loan applications in a
final attempt to obtain more money to delay the inevitable collapse of an unprofitable or
mismanaged firm.
Accounting fraud has also been used to conceal other theft taking
place within a company.
Accountant fraud
In 2002, a wave of separate but often related accounting scandals became known to the public in the
U.S. All of the leading public accounting firms—Arthur Andersen, Deloitte & Touche, Ernst & Young,
KPMG, PricewaterhouseCoopers— and others have admitted to or have been charged with negligence
to identify and prevent the publication of falsified financial reports by their corporate clients which had
the effect of giving a misleading impression of their client companies' financial status. In several cases,
the monetary amounts of the fraud involved are in the billions of USD.
10/08/21 6
Fraud, in addition to being a criminal act, is also a type of civil law violation
known as a tort. A tort is a civil wrong for which the law provides a remedy. A civil
fraud typically involves the act of intentionally making a false representation of a
material fact, with the intent to deceive, which is reasonably relied upon by another
person to that person's detriment.
A "false representation" can take many forms, such as:
A false statement of fact, known to be false at the time it was made; A statement of fact
with no reasonable basis to make that statement; A promise of future performance
made with an intent, at the time the promise was made, not to perform as promised;A
statement of opinion based on a false statement of fact; A statement of opinion that the
maker knows to be false; or An expression of opinion that is false, made by one
claiming or implying to have special knowledge of the subject matter of the opinion.
"Special knowledge" in this case means knowledge or information superior to that
possessed by the other party, and to which the other party did not have equal access.
In the UK a report concluded that the total costs of fraud and dealing
with fraud in the year 2005-2006 was at least 13.9 Billion GBP.
10/08/21 7
Pihak yang terlibat Fraud
Seperti tersirat dimuka, hampir semua orang (pihak) berpotensi untuk melakukan
Fraud. Namun demikian, bila sistem pengawasan sudah mulai ada, biasanya kejahatan
ini dilakukan melalui kerjasama, tidak (kecil) kemungkinannya dikerjakan sendiri.
Secara lebih rinci pihak yang terlibat melakukan Fraud ini dapat dikelompokkan
sebagai berikut:
Iklim masyarakat
Karakter Yang membuka
dan Integritas Peluang
Pelaku Terjadinya
Untuk Fraud
FRAUD dimasyarakat
Watak yang cenderung Didorong oleh: Menyangkut:
berbuat fraud
a. Sistem Nilai
yang terbentuk dari
(Values System) di
lingkungan yang sudah Niat ( motivasi) masyarakat
lama sulit di ubah
Pelaku b. Aturan yang
berlaku serta
Karena desakan
penegakkannya
Keadaan/Situasi Keadaan.
Mendorong orang untuk
“kreatif”
10/08/21 9
Factors which pushed Fraud
There are generally three requirements for fraud to occur - motivation, opportunity and
Personal characteristics.
1.Motivation is usually situational pressures in the form of a need for money, personal
satisfaction, or to alleviate a fear of failure.
3. Personal characteristics:
include a willingness to commit fraud. Personal integrity and moral standards need to be
flexible enough to justify the fraud, perhaps out of a need to feed their children or pay for a
family illness.
10/08/21 10
Usaha Mengurangi Fraud
Sistem Pengawasan
Sistem dan Prosedur Internal perusahaan
Operasional (SOP) Untuk (Internal Control)
kegiatan mengurangi organisasi
terjadinya Fraud,
organisasi perlu membuat
Perhatian tidak hanya Monitoring yang berkelanjutan
terfokus pada hasil, dan menegakkan :
terhadap pencapaian Visi dan
tetapi juga Proses Pelaksanaan Misi Organisasi
10/08/21 11
Usaha Mengurangi Fraud
Untuk mengurangi terjadinya Fraud, organisasi perlu membuat dan menegakkan
10/08/21 12
Control Activities
Control activities are actions, supported by policies and procedures that, when carried out properly
and in a timely manner, manage or reduce risks
1. People at every level of an organization affect internal control. Internal control is,
to some degree, everyone's responsibility. within the organization.
2. Effective internal control helps an organization achieve its operations, financial reporting, and
compliance objectives.
Effective internal control is a built-in part of the management process (i.e., plan, organize, direct, and control)
Internal control keeps an organization on course toward its objectives and the achievement of its mission,
and minimizes surprises along the way. Internal control promotes effectiveness and efficiency of operations,
reduces the risk of asset loss, and helps to ensure compliance with laws and regulations. Internal control
also ensures the reliability of financial reporting (i.e., all transactions are recorded and that all recorded
transactions are real, properly valued, recorded on a timely basis, properly classified, and correctly summa-
rize and posted).
3. Internal control can provide only reasonable assurance - not absolute assurance - regarding the
achievement of an organization's objectives.
Effective internal control helps an organization achieve its objectives; it does not ensure success. There are
several reasons why internal control cannot provide absolute assurance that objectives will be achieved:
cost/benefit
10/08/21 realities, collusion among employees, and external events beyond an organization's control.
14
Affects all of an organization
•People
• processes
*infrastructure
Incorporates with
The degree the qualities
Of Goal Achievement management
Internal Control
Aspect
Dependent upon
Working the integrity of people
10/08/21 15
Promote orderly, economical,
operations, and produce quality
products and services
consistent with the
organization's mission.
PURPOSES
Promote adherence to
laws, regulations, (Function) Develop and maintain
reliable financial and
contracts and OF INTERNAL Data management
management accurately present
directives.
CONTROL in timely reports.
Unsur
Control Organisasi Control
Procedure Internal Control Evironment
10/08/21 17
Control -Governance and Competence
(or Operating) -Ethical Values and Integrity
Environment -Management Style and Philosophy
-Supportive Attitude
Monitoring Risk
System Assessment
Internal Control
Risk identification
Process
Managing Risk
Preventing or Reducing Risk
Managing Risk During Change
-Documentation
Information
Control -Approval and Authorization
&
Activities -Verification, Supervision
Communication
-Separation of Duties
-General Controls -Safeguarding Assets
A governing board and management enhance an organization's control environment when they establish
and effectively communicate written policies and procedures, a code of ethics, and standards of conduct.
Moreover, a governing board and management enhance the control environment when they behave in an
ethical manner-creating a positive "tone at the top"—and when they require that same standard of conduct
from everyone in the organization.
Management is responsible for setting the tone for their organization. Management should foster a
control environment that encourages: the highest levels of integrity and personal and professional
standards, a leadership philosophy and operating style which promote internal control throughout the
organization · assignment of authority and responsibility.
10/08/21 19
Control Environment Tips
The control environment is greatly influenced by the extent to which individuals recognize that they will be held
accountable.
Listed below are some tips to enhance a department's control environment. This list is not all
inclusive,nor will every item apply to every department; it can, however, serve as a starting
point. Make sure that the following policies and procedures are available in each department
(hard copy or Internet access):
Administrative Procedures
Business and Finance Bulletins
Employee Handbook
Purchasing Manual
Personnel Memorandum
10/08/21 20
2. Risk Assessment
Goals and objectives are classified in the following categories: Operations objectives. · Financial reporting
objectives. · Compliance objectives.
c Risk Analysis
After risks have been identified, a risk analysis should be performed to prioritize those risks:
· Assess the likelihood (or frequency) of the risk occurring · Estimate the potential impact if the risk were to
occur; consider both quantitative and qualitative costs · Determine how the risk should be managed; decide
what actions are necessary.
10/08/21 21
Risk Assessment Tips
The risk assessment is greatly influenced by Listed below are tips to guide a department Internal control
through its risk assessment:
a. Make sure the department has a mission statement and written goals and objectives.
b. Assess risks at the department level.
c. Assess risks at the activity (or process) level.
d. Complete a Business Controls Worksheet for each significant activity (or process) in
the department; prioritize those activities (or processes) which are most critical to the
success of the department and those activities (or processes) which could be
improved the most.
e. Make sure that all risks identified at the department level are addressed in the
Business Controls Worksheet
10/08/21 22
3. Control Activities.
Information Systems
For General Controls : ¨
Access Security, Data & Program Security, Physical Security, ¨ Software Development & Program
Change Controls, ¨ Data Center Operations, ¨ Disaster Recovery
For Specsific or Application Controls
Programmed Procedures Within Application Software
Input Controls (Data Entry) (Authorization, Validation, Error Notification and Correction)
Processing Controls
Output Controls
10/08/21 23
4. Information and Communication
Information and communication are essential to effecting control; information about :
An organization's plans,
Control environment,
Risks,
Control activities,
Performance must be communicated up, down, and across an organization.
Reliable and relevant information from both internal and external sources must be identified, captured,
processed, and communicated to the people who need it--in a form and timeframe that is useful.
Information systems produce reports, containing operational, financial, and compliance-related
information that makes it possible to run and control an organization.
5. Monitoring
Monitoring is the assessment of internal control performance over time; it is accomplished by ongoing
monitoring activities and by separate evaluations of internal control such as self-assessments, peer reviews,
and internal audits.
The purpose of monitoring is to determine whether internal control is adequately designed, properly
executed, and effective. Internal control is adequately designed and properly executed if all five internal
control components (Control Environment, Risk Assessment, Control Activities, Information and
Communication, and Monitoring) are present and functioning as designed
10/08/21 24
Strategic
Planning
Activities
Internal
System
Evaluation Audit
-Auditor Independency
-Risk-Based Audit Planning
-Continuing Professional Education
-Communication
-Monitoring Audit Findings
10/08/21 25
Establishing Making management
a system of policies and guidelines
internal control available to all employees
review Internal Control
Responsiblity
Implementing Education
Training, and Evaluation
for internal control
10/08/21 26
Upaya pencegahan kekeliruan dan
penyimpangan sebelum terjadi, misalnya:
pemisahan tugas, rotasi tugas, autorisasi,
Kejelasan Job Desc
Preventive
Corrective
Detective Type of Control
In order to achieve a balance between risk and controls, internal controls should be proactive,
value-added, cost-effective and address exposure to risk.
10/08/21 28
Pemisahan tanggung
jawab secara fungsional
dalam organisasi
Internal Control
Memiliki Effeciveteness
sistem dan prosedur
Kompetensi dan
otoritas dan
Integritas Personnel
pencatatan yang
tegas
10/08/21 29
Gejala (Symtomps) adanya Fraud
Penurunan Kinerja
Gejala atau
Symtomps
Adanya Fraud
Banyaknya Memburuknya
Gugatan dan Komplain Iklim kerja
dari Stakeholder organisasi
10/08/21 30
Peringatan (Warning Sings)
untuk segera mengatasi Fraud
Penurunan Kinerja
dengan drastis
Warning
Sings Memburuknya
Makin banyaknya Iklim kerja
Gugatan dan Komplain Organisasi
dari Stakeholder Dengan Drastis
10/08/21 31