Roundtable Recap: Fraud Detection and Prevention

ISO quality assurance standards control warranty business technology concept. Checking document, information or procedure is in control and get ... See More

Bridgepoint Consulting and Freescale Semiconductor co-hosted a CAE (Chief Audit Executive) fraud detection and prevention Roundtable  on April 12, 2012 at Freescale’s offices. Attendees included Central Texas-based CAEs, Internal Audit Directors/Managers, and Bridgepoint professionals in the Governance, Risk & Compliance (GRC) practice. David Roe, Director of Bridgepoint’s GRC practice, moderated the session.

The discussion covered recent topics and trends in fraud prevention and detection. Dave Holody, Freescale Director of  Internal Audit and his security and fraud team provided insight and examples of their challenges and approach which contributed to a interactive discussion among the group.

Highlights of these discussions:

  • Fraud is an issue that organizations always have to deal with. Estimates by the Association of Certified Fraud Examiners (ACFE) are that organizations experience fraud of 5-7% of top line revenue on average. If you think your organization doesn’t have fraud issues, you’re kidding yourself.
  • Potential types of fraud include, but are not limited to,:
    • Cybercrime – IT system access
    • Intellectual property
    • Cash misappropriation
    • Kickbacks and bribes
    • Financial reporting misstatement

Best Practices:

  • A formal Fraud Risk Assessment process with frequent updates is critical to understanding the fraud risks and audit coverage needed; the ACFE fraud risk assessment framework was used by several audit professionals
  • Develop a formal continuous monitoring program
    • IT systems – continuous monitoring of security and access  control effectiveness
    • Data Analytics – develop continuous monitoring scripts for identifying unusual and suspicious types of transactions
  • Increase automation of key processes and controls to mitigate manual adjustments/intervention
  • Watch for and immediately investigate large/unusual downloads of data
  • Difficult employee terminations – be aware of any malicious or vindictive behavior
  • Deterrents internal audit functions have deployed –
    • New hire and annual acknowledgement by existing employees of having read Code of Conduct and responsibilities for reporting unethical/potential fraudulent behavior
    • Issue routine communications to increase  employee awareness of your Fraud programs, including summaries of fraud findings – situation and outcome (e.g., newsletter)
    • Provide whistleblower/ethics hotline ready access to employees, vendors and customers for reporting of known or potential fraudulent behavior
    • Routinely “walking the halls” and asking questions about the business creates awareness even if it’s not specific fraud inquiry
  • Implement training program for the Audit Team on Fraud prevention/detection skills
  • Establish and execute a formal documented process for timely coordination with internal and/or external  investigators and legal professionals, leading to prosecution for actual fraud occurrences