Fraud Prevention & Detection

Fraud costs the Australian economy at least $3 billion per year and this amount is increasing each year.

The larger an organisation the more likely it will be fall victim to fraud. That fraud will typically be from within, an internal fraud.  Yet many organisations are not adequately prepared to detect or prevent fraud.

Fraud can cause not only direct financial loss to an organisation, but can also damage reputation and morale, reduce performance and lead to loss of employment.

Examples of fraud include property theft, theft not just of physical property but also intellectual property; false invoice schemes, such as creating fictitious invoices for non-existent goods or falsely increasing the value of goods; theft of funds and cash; misappropriating account receivable remittances; misstating financial statements and misleading financial information.

“Fraud. Dishonest activity causing actual or potentail financial loss to any person or entity including theft of moneys or other property by employees or persons external to the entity.”

Fraud Risk Assessment

Associate of the Certified Fraud ExaminersLotus Amity can provide you with a detailed Fraud Risk Assessment as issued by the Association of Certified Fraud Examiners. Through this risk assessment, we identify the potential fraud risk, assess the likelihood of fraud, identify key risk areas, evaluate current controls and control gaps and how to respond to fraud. We work with you to develop mitigation strategies whilst taking into account the costs and benefits of developing those strategies.

The Fraud Risk Assessment includes covering the following:

  • Employee and management assessment
  • Physical controls to deter employee theft and fraud
  • Cash collection – skimming and larceny schemes
  • Cheque tampering schemes
  • Theft of physical and intellectual property
  • Payroll and expense schemes
  • Purchasing and invoicing schemes
  • Financial statement fraud
  • Corruption and conflicts of interest

Fraud Control Plan

The Fraud Control Plan should be a comprehensive and integral part of the risk management plan of an organsiation.  The plan needs to be monitored and communicated to stakeholders.

Prevention

Risk Management principlesPrevention includes building an ethical culture, which may involve issuing a code of conduct.  Senior management needs to understand and be committed to controlling the risks of fraud. Line managers need to be held accountable for the prevention and detection of fraud.  Well documented and up-to-date internal controls should be in place.

Regular assessments of the risks of fraud need to be carried out, following risk management principles: communicate, consult and establish the context; identify, analyse and evaluate risks; treat the risks and monitor and review.Fraud detection

Detection

 

Under the Standard, the detection system should include post-transactional review, data mining and real-time computer analysis and analysis of management accounting reports.

A post-transaction review may uncover missing or altered documents, falsified or altered authorisation.

Data analysis may uncover the same address being used for multiple suppliers or employees.

Benchmarking, historical analysis, and budget comparison may highlight unusual trends in bad debts.

There should multiple ways for reporting suspected fraud and a formal way to document the allegations. There should also be in place a policy to protect whistleblowers.

 ResponseFraud response

The Fraud Control plan needs to include policies on how to deal with suspected fraud.  According to the Standard, investigations need to be conducted by appropriately skilled, experienced and independent personnel. An investigation may involve computer forensic analysis, reviewing documents, data searches, tracing assets, enquiries with financial institutions, interview and preparing a report.

Fraud Response stepsA program should be developed that captures, reports, analyses and escalates all detected fraud and sets out how and whether that information is reported to the police. The plan should also include the policy for recovering losses, reviewing internal controls and appropriate insurance.