Jakarta, 24 Juni 2014
Preview
Fraud Prevention
Fraud Detection
Fraud Risk Assessment
4 pagar pengamanan 1
2
3
Values Kualitas Pengendalian Intern Peran Internal Auditor
Peran External Auditor
4
Fraud is
any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/ or the perperator achieving a gain. The IIA , AICPA , ACFE Managing the Business Risk of Fraud: A Practical Guide (2007)
Fraud Tree Asset Misappropriation
Corruption
Conflict Of Interest
Bribery
Purchases Schames
Invoice Kicbacks
Sales Schemes
Bid Rigging
Other
Other
Illegal Gratuities
Economic Extortion
Fraudulent Statements
Financial
Asset/Revenue Overstatements
Non-Financial
Asset/Revenue Understatements
Timing Differences
Employment Credentials
Internal Documents
Fictitious Revenues
External Documents
Concealed Liabilities & Expenses Improper Disclosures Improper Asset Valuations
Inventory and all Other Assets
Cash Larceny
Skimming Misuse
Of Cash on Hand
From the Deposit Other
Sales
Receivables
Unrecorded
Write off Schemes
Understated
Lapping Schemes
Refund & Other
Larceny
Asset Reg & Transfers False Sales & Shipping Purchasing & Receiving
Unconcealed Fraudulent Disbursement
Unconcealed Larceny Billing Schemes
Payroll Schemes
Expense Reimbursement Schemes
Check Tampering
Register Disbursement
Shell Company
Ghost Employee
Mischaracterized Expense
Forged Maker
False Voids
Non-Accomplice Vendor
Commission Schemes
Overstated Expense
Forged Endorsement
False Refunds
Workers Compensation
Fictitious Expense
Altered Payee
Falsified Wages
Multiple Reimbursement
Concealed Checks
Personal Purchases
Authorized Maker
Pressure (Motive)
FRAUD Opportunity
Rationalization
Initial Detection of Occupational Frauds
©2012 Association of Certified Fraud Examiners, Inc.
8
Source of Tips
©2012 Association of Certified Fraud Examiners, Inc.
9
Fraud Elements
• Act • Intent • Deception • Dishonesty • Concealment • Loss or benefit • Diversion
It is always advisable to consult with legal counsel for law definition of fraud
Pressure (Motive)
Concoct Scheme (Opportunity)
Yes
Abandon fraud
Will I be caught?
May be
No
Commit fraud
1
Prevention
• Create a culture of
honesty • Elimnate opportunities
2
3
Detection
• Kenali Gejala
/symptom /Anomalies • Perhatikan Gaya hidup yg wah • Surat Pengaduan!
Investigation • • • •
Theft Concealment Conversion Mencari pembuktian
4
Legal Aspect
• Hukum Acara
Pidana
• Hukum Acara
Perdata
• UU Tipikor • Saksi / Ahli
Prevention dan Detection ?
Prevention merupakan segala upaya organisasi yang berupa kebijakan, prosedur, training, dan komunikasi, untuk mencegah terjadinya fraud Detection meliputi aktivitas dan program/teknik yang didesain untuk mengidentifikasi fraud yang sedang terjadi atau sudah terjadi.
the potential of being caught •The existence of a thorough control system •
Most organizations have written policies and procedures to manage fraud risks, such as : • codes of conduct, • expense account procedures, and • incident investigation standards Some management activities: • assess risks, • ensure compliance, • identify and investigate violations, • measure and report the organization’s performance to appropriate stakeholders, and • communicate expectations. www.acfe.com/documents/managing-business-risk.pdf In aggregate, these are referred as the fraud risk management program (“program”), even if the organization has not formally designated it as such.
Options for fraud risk management program documentation formats include: • A single comprehensive and complete document that addresses all aspects
of fraud risk management (i.e., a fraud control policy). • A brief strategy outline emphasizing the attributes of fraud control, but
leaving the design of specific policies and procedures to those responsible for business functions within the organization. • An outline, within a control framework, referencing relevant policies,
procedures, plans, programs, reports, and responsible positions, developed
by the organization’s head office, divisions, or subsidiaries.
2. Fraud Risk Assessment
5. Fraud Investigation & Corrective Action
1. Fraud Risk Governance
4. Fraud Detection
3. Fraud Prevention
Principle 1: As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk. Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Principle 3:
Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.
Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.
Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely.
Management Antifraud Programs and Controls (by The Fraud Task Force of the AICPA)
Creating a Culture of Honesty and High Ethics
Evaluating Antifraud Processes and Controls
Developing an Appropriate Oversight Process
•Setting the Tone at the Top •Creating a Positive Workplace Environment Creating a Culture of Honesty and High Ethics
Evaluating Antifraud Processes and Controls
•Hiring and Promoting Appropriate Employees
•Training •Confirmation •Discipline
• Identifying and Measuring Fraud Risks • Mitigating Fraud Risks • Implementing and Monitoring Appropriate Internal Controls •Audit Committee
Developing an Appropriate Oversight Process
•Management •Internal Auditors •Independent Auditors •CFE
Identify the areas where fraud is possible The probability of a fraud (likelihood) The cost of the fraud (impact) The proper countermeasure and its cost (risk management)
Sales and Collection Purchasing and Payment Inventory and Warehousing Payroll and Expenses Financial Statement Reporting
Corporate Environment Factors Internal Factors ◦ Inadequate Rewards ◦ Inadequate Management Controls ◦ Lack of reinforcement and performance feedback mechanisms ◦ Inadequate Support ◦ Inadequate Operational Reviews ◦ etc
High Fraud Potential
Low Fraud Potential
Management Style
Autocratic Profit focused
Participative Customer focused
Management Orientation
Low Trust Power driven
High trust Achievement driven
Management Structure and Controls
Bureaucratic Inflexible
Collegial Open to change
CEO Characteristic
Swinger Insensitive to people Gambler Highly emotional Partial
Professional Friendly Risk Taker Composed, calm Fair
Authority
Centralized Rigid rules strongly enforced
Decentralized Reasonable rules fairly enforced
High Fraud Potential
Low Fraud Potential
Performance
Measured Measured both quantitatively and on a qualitatively and short-term basis quantitatively and on long term basis
Reward System
Punitive Mainly monetary
Reinforcing Recognition, promotion, added responsibility, choice assignments plus money
Business Ethics
Ambivalent
Clearly defined and regularly followed
Values and Beliefs
Economic, political self-centered
Social, spiritual group-centered
Financial Concerns
Cash flow shortage
Opportunities for new investments
Company Loyalty
Low
High
Identified Fraud Risks and Schemes
Likelihood
Significance
People and/or Depart ment
Existing Antifraud Controls
Controls Effective ness Assessm ent
Residual Risks
Fraud Risk Response
29
motif
Tekanan, Kesempatan Rasionalisasi
symptom
Unsur-unsur fraud
• Pencurian • Menyembunyikan: (mengubah data, menghancurkan bukti dll) • Mengubah wujud (menjual barang yg dicuri, lalu menghabiskan uangnya) 30
Unusual behavior
Excess purchases
Complaints
Duplicate payments
Sale items in reconciliation
Ghost employees
Increasing reconciling items
Employees overtime
General ledgers out-of-balance
Employee expense accounts
Excessive voids
Inventory shortages
Excessive credit memos
Increased scrap items
Missing documents
Large payments to individuals
Common names and/or addresses for suppliers
Large/no write-off of accounts receivable
Adjustments to receivables and payables
Post office boxes as shipping address
Management override controls Failure to accept responsibility Overbearing management style Non-standard benefits Close working relationships Unusual access/authority
Lifestyle does not fit income Has access to money or assets Problems at home Drug/gambling problems Heavy debt Takes little or no vacation
Works at odd hours Real or imagined grievances Has problems dealing with pressure Low morale
Financial Statements Fraud – Red Flags Discrepancies in the accounting records • • • • •
Record of transactions not complete or timely manner Unsupported or unauthorized balances or transactions. Last-minute adjustments Unnecessary employees' access to systems and records Tips or complaints to the auditor about alleged fraud.
Financial Statements Fraud – Red Flags Conflicting or missing evidence • Missing documents. • Documents that appear to have been altered. • Unavailability of other than photocopied or electronically transmitted documents. • Significant unexplained items on reconciliations. • Unusual balance sheet changes, in trends, ratios or relationships • Inconsistent, vague, or implausible responses from management or employees • Unusual discrepancies between the entity's records and confirmation replies.
Financial Statements Fraud – Red Flags • • • • • • •
Large numbers of credit entries and other adjustments. Unexplained or inadequately explained differences Missing or non-existent cancelled checks Missing inventory or physical assets of significant magnitude. Unavailable or missing electronic evidence Fewer responses to confirmations. Inability to produce evidence of key systems development and program change testing and implementation activities
Financial Statements Fraud – Red Flags Problematic or unusual relationships between the auditor and management • Denial of access to records, facilities, certain employees, customers, vendors, or others • Undue time pressures imposed by management • Complaints by management about the conduct of the audit or management intimidation of engagement team members • Unusual delays providing information • Unwillingness to facilitate auditor access to key electronic files • Denial of access to key IT operations staff and facilities • An unwillingness to add or revise disclosures in the financial statements • An unwillingness to address identified weaknesses in internal control
Financial Statements Fraud – Red Flags Others • Unwillingness by management to permit the auditor to meet privately with those charged with governance. • Accounting policies that appear to be at variance with industry norms. • Frequent changes in accounting estimates that do not appear to result from changes circumstances. • Tolerance of violations of the entity's code of conduct.
Male (usually) Intelligent Inquisitive A risk taker A rule breaker A hard worker Greedy A big spender
Fraud Risk Management Framework*
Entity-wide Components Activity Components
Tone at the Top: – Antifraud Policy – Code of Ethics/Conduct – Whistleblower Policy – Training and Awareness – Competency – Reporting System – Organization Structure – Roles & Responsibility – Employee Hiring and Promotion
Fraud Risk Management Activity (FRMA)
Interrelated continuous activities
Detection
Fraud Incident Handling Activity (FIHA)
Deterrence
Response
Prevention
Penyimpangan Akuntansi
Internal Control Lemah Pegawai Tidak Cuti
Hasil Analisis yang kurang wajar
1=1
42
Gaya Hidup Mewah
Petunjuk dan Komplain
Perilaku tidak lazim 43
Nama perusahaan : Matriks tanda-tanda fraud Unit resiko : Tanda-tanda fraud dari faktur pemasok Jenis tanda-
Kondisi
Pengendali
Penerapa
Proses
tanda
dokumen
an Internal
n
dan
dan
yang
transaksi
Pencatata
informasin
diterapkan
Lainnya
n
ya Ketidaknorma
Dokumen
Kebijakan
Konsisten
Dokumen
Keterlibata
lan
fotocopi
pengembali
dalam
tidak
n
an
pembeban
dicatat
dalam
ditangani
an (missal:
dalam akun
jumlah nilai
oleh
tiap
hutang
yang kecil.
manajer
atau
Pembeban
Nama pemasok
atau
bulan
pejabat
minggu) Ketidakakurat
Kesenjang
Banyak
an
an
faktur
an
ketidakjela
pemesanan
akun
san
yang
penampun
dibiarkan
gan
atau
dalam
uraian
dan
jumlah Pembatasan
Tidak
-
dalam
terbuka ada
Pemasok
-
Pembayara
Semua
alamat dan
hanya
n dilakukan
pertanyaan
no.
digunakan
bersamaan
harus
Telepon
oleh
dengan
disampaika
dari
manajer
saat
n
satu
ke
wakil
Internal audit berfungsi dengan baik (proaktif) Memaksimalkan audit keuangan eksternal Analisa horizontal & Vertikal atas laporan keuangan Analisa Ratio Surprised audit
Whistleblower
Hasil pengembangan temuan Hasil reviu & analisa pengendalian kunci dll
Melalui pemeriksaan atas catatan pembukuan gejala manipulasi dpt diidentifikasikan)
ANALISIS TREND PENGUJIAN KHUSUS ATAS KEGIATAN YG BERESIKO TINGGI ANALISIS VARIANCE (EXCEPTIONAL ANALYSIS)
(Jika seseorang bekerja pada suatu jabatan ttt, tindakan negatif apa yg dpt dilakukan ?) RISK ASSESSMENT ANALYSIS PELAKU POTENSIAL
Teknik dimana melalui pemeriksaan atas catatan pembukuan, gejala suatu manipulasi dapat diidentifikasikan. Hasilnya berupa gejala atau kemungkinan terjadinya kecurang an yg pada gilirannya mengarah kepada penyelidikan yang lebih rinci. Semakin akurat dan komprehensif suatu catatan, semakin efektif teknik ini dlm mengetahui gejala kecurangan. Pendeteksian yg lazim dilakukan dgn teknik ini adalah: * Analisis Trend * Pengujian Khusus terhadap kegiatan-kegiatan yg memiliki resiko tinggi seperti: pembelian, penjualan dan pemasaran, persediaan
Didasarkan pada suatu asumsi bhw bila seseorang/sekelompok karyawan bekerja pada posisi tertentu, peluang/tindakan negatif (kecurangan) apa saja yang dapat dilakukan
Teknik ini merupakan analisis dengan resiko kecurangan dari sudut “PELAKU POTENSIAL”
Though there are many fraud detection methods, whatever method is employed will usually require the examination of source documents. Many times, these source documents provide the evidence necessary to prove fraud in a court of law. Additionally, in many cases, the source documents will help establish the intent of the fraud offenders.
(Walaupun banyak cara dalam mendeteksi Fraud, namun metode apapun yang digunakan selalu mensyaratkan penelitian terhadap dokumen asal. Seringkali dokumen tersebut menjadi penting sebagai bukti adanya fraud dan membuktikan adanya niat melakukan fraud di pengadilan)
Fraud Opprtuni ty Fraud Audit Procedure
Fraud Scenario
eee Inherent Fraud Scheme
Fraud Conversi on
Fraud Data Profile
Fraud Conceal ment
Fraud Red Flags
