RISK & ADVISORY SERVICES

FRAUD RISK GOVERNANCE

 01

FRAUD RISK GOVERNANCE MAJOR ROOT CAUSES FOR FRAUD AND

“BDO’s FRAUD RISK ASSESSMENT PROGRAMME ENABLES TYPES OF FRAUD RISK
ORGANISATIONS TO EFFECTIVELY BENCHMARK THEIR CONTROL
PROCESSES IN MEETING THE FRAUD CHALLENGES” BACKGROUND
• Economic crime remains one of the most problematic issues for businesses – both in India and worldwide. Further,
Organisation have formalised various components of fraud risk management programmes, but have fraud continues to be a prominent issue and has become increasingly important in the eyes of regulators – both in
neglected to conduct a thorough effectiveness assessment of these programme to identify the weak links. India and around the world.
Initiating a Fraud Risk Governance Programme enables businesses to promote Anti-Fraud Culture and • A study initiated by the Association of Certified Fraud Examiners (ACFE) estimates that typically organisations
provide a composite framework on Anti- Fraud measures. This paper provides a comprehensive approach lose some 7% of revenue to fraud.
and solution for implementing anti-fraud environment and measures.
• This translates to big numbers on the bottom line with billions of dollars lost each year. Monetary loss is only one
BDO’s fraud risk governance programme builds an anti-fraud environment with the goal of helping consideration. Fraud can also mean significant damage to reputation, disruption to business, regulatory sanctions
organisations align with recognised Best Practices and Regulatory Requirements which preserve and and sharp decline in market valuations.
enhance value.
• Lack of internal controls, such as segregation of duties, was cited as the biggest deficiency in 38% of the cases. In
It provides an overview of BDO’s fraud risk governance solutions which identifies new regulatory more than 19% of the cases, internal controls were in place but were overridden by the perpetrator or
mandates from around the world and spotlights key practices that organisations have generally found to perpetrators in order to commit and conceal the fraud.
be effective in the dynamic and complex fraud environment.
We hope this perspective provides Fresh Insights as you consider the risks of fraud at home and abroad,
and the Effectiveness of Controls you rely on to mitigate those risks. MAJOR ROOT CAUSES FOR FRAUD

Lack of internal controls 37.80%

Lack of reporting mechanism 0.60%

Lack of clear line of authority 1.80%

Lack of employee fraud education 1.90%

Lack of independent checks/audits 5.60%

Lack of competent personnel in oversight roles 6.90%

Poor tone at the top 8.40%

Lack of management review 17.90%

Override of existing internal controls 19.20%

0.00% 10.00% 20.00% 30.00% 40.00%

Source: 2010 report to the nations on occupational fraud and abuse

02 03

PRIMARY INDUSTRIES OF SAMPLE FRAUD COMPANIES FRAUD RISK GOVERNANCE PROGRAMME

FRAUD CLUSTER ELEMENTS OF THE FRAUD CLUSTER
Third Party: Misappropriation of Assets:
□ Fraud related to third party of □ False expense claims
12% Computer Hardware/Software Third the organisation i.e. suppliers, □ Cash/materials theft
1% 20% Other Manufacturing Party customers, and agents
□ Theft of trade secrets/I.P.
□ Fraudulent round-trip
1% Healthcare and Health Products transaction □ Procurement fraud
6% Retailers/Wholesalers Financial
□ Cartel Activities □ Theft of customer data
Disclosure Statement □ Commission Payback Corruption and Abuse of Position:
Other Service Providers Fraud Manipulation
□ Piracy □ Management override of controls
6% Telecommunications FRAUD □ Conflicts of interest
Financial Statement Reporting:
CLUSTER □ Inappropriate use of company
Energy and Natural Resources □ Improper revenue recognition
assets
7% 20% Financial Service Providers
□ Manipulated asset valuations
□ Contrivance against fair
□ Inappropriate judgments competition
Insurance Corruption
Misappropriation
regarding the capitalisation of
& Abuse of development costs Disclosure Fraud:
7% Real estate Position
of Assets
□ Concealment of liabilities □ Omission or misstatement
financial/non-financial
9% Miscellaneous □ Related party transactions
11% □ Misstatement of acquisition
information
□ Misrepresentation regarding
accounting
undertakings to regulators/and
Source: Fraudulent Financial Reporting: 1998 – 2007 – Research commissioned by COSO third parties such as banks

• The COSO Study on Fraudulent Financial Reporting issued in May 2010 revealed that Computer PROMOTING REGULATORY COMPLIANCE & BEST PRACTICES
Hardware/Software and manufacturing industry are facing the highest cases of fraud amongst other industries.
• Laws and assurance standards aimed at preventing fraud have produced a more complex landscape for
• The average cumulative misstatement amount was $ 397.68 Million, while the median cumulative misstatement
organisations to navigate. Forward-thinking organisations seek to maximise stakeholder value through regulatory
was $ 12.05 Million.
compliance and the implementation of best practices.
• More than of the frauds in the study were committed by individuals in six departments: Accounting, Operations,
• The legal requirements and authoritative guidance for anti-fraud programmes and prevention of money
Sales, Executives/Upper Management, Customer Service and Purchasing.
laundering are provided under:
• The higher frequency of related party transactions for fraud firms suggests that the presence of related party
transactions may reflect heightened fraud risk.
International Laws, Regulations & Sections Indian Laws, Regulations & Sections
The Sarbanes-Oxley Act (Section 103 & 404) RBI Guidelines for Banking, NBFC and Other Financial Services
Statement of Auditing Standards (SAS 99) - "Consideration of Prevention of Money Laundering Act 2002
Fraud in Financial Audit"
SEC Regulation and Enforcement Policy SEBI Guidelines including Clause 49
PCAOB Standard # 2 Prevention of Corruption Act, 1988
COSO's Internal Control and Enterprise Risk Management The Companies Act, 1956 and proposed bill 2009
Integrated Framework
Foreign Corrupt Practice Act Foreign Exchange Management Act, 1999
UK Bribery Act and Companies Act of 2004 Banking Regulation Act, 1949
The Corporate Law Economic Reform Programme (Audit Reform Securities Contract (Regulation) Act, 1956
and Corporate Disclosure) Act 2004 of Australia
The Canadian Criminal Code Income Tax Act, 1961
Financial Services Action Plan (FSAP) of European Union IRDA Guidelines
FATF Guidelines
04

FRAUD RISK GOVERNANCE PROGRAMME ELEMENTS FRAUD RISK GOVERNANCE PROGRAMME

– BDO’s APPROACH
Structure - Control
Mechanism
Anti-Fraud

Anti-Fraud Policies

Fraud Fraud Prevention/ Fraud Reporting

BDO’S APPROACH
Identification Detection

Anti-Fraud Policies and Framework Our approach focusses on the kinds of fraud risks to which an organisation is vulnerable, their significance and
General Control

likelihood, and how effectively those risks are currently managed. Based on our extensive experience in fraud
Environment

People Code of Ethics Whistle Blower Policy Online Hotlines

investigation and developing remediation action plans our international capability to develop fraud
Financial Reporting Human Resource
Process Controls
Functional Controls Controls risks/scenarios, we assist in identifying fraud risks and to implement appropriate anti-fraud detection and control
Technology IT General Controls Digital Forensic IT Application Controls measures.
Organisation
Fraud Type

Integrating these controls into the infrastructure and operations of an organisation fosters an environment
Third Party Fraud Financial Statement Misappropriation Corruption and Abuse
Manipulation Disclosure Fraud resulting in significant deterrence of fraud and early detection of attempted fraud. Early detection enables an
Risk of Assets of Position
organisation to address potential fraud risks internally before they have affected employee morale or external
perceptions.
Implementation of Fraud Risk Governance Programme and the resultant anti-fraud environment shows a
proactive focus on achieving organisational objectives by Directors, Senior Management, financial reporting
THE BENEFITS OF FRAUD RISK GOVERNANCE PROGRAMME personnel and employees at all levels. As a result, organisations demonstrate their commitment to align with
In addition to compliance, an organisation with an effective anti-fraud programme can reap tangible, long-term regulatory requirements and best practices thereby maximising stakeholder value.
benefits, including the following:
□ Preserve and enhance reputation
Fraud Risk and Scenario Fraud Reporting
□ Increased transparency and accuracy of financial reporting Fraud Prevention / Detection
Identification
□ Reduced misappropriation of assets
• Identify Fraud Risk • Identify and test fraud • Define reporting process to
□ Fewer adverse findings by auditors and regulators • Assessment of the likelihood preventive/detective controls solicit input on potential fraud
□ Reduced exposure to stock price volatility and significance of identified through walkthrough approach • Define coordinated approach for
inherent fraud risk • Document fraud prevention/ corrective actions to help ensure
□ Reduced litigation burden • Respond to reasonably likely detection techniques potential fraud is addressed
□ Easier access to capital and significant inherent and • Assess organisation’s fraud appropriately and timely
residual risks organisation’s prevention/
□ Enhanced investor confidence detection controls
• Left unchecked, fraud can spell disaster for an organisation. Fraud can have a negative effect on a public • Continuous monitoring of fraud
company’s market value by a significant multiple amount of the fraud. Conversely, implementation of a fraud prevention/detection controls
risk governance programme can help an organisation reap operational and strategic benefits and maximise ANTI-FRAUD POLICIES AND FRAMEWORK
stakeholder value.
CONTACT US
If you would like further information about this publication or
our wide range of services please contact:
CORPORATE OFFICE
BDO CONSULTING PVT. LTD.
701, Leela Business Park, Andheri-Kurla Road,
Andheri East, Mumbai – 400 059, India.
Tel: +91 (22) 6672 9999

HUZEIFA UNWALA KARTIK B. RADIA AMIT SHAH VIMLESH CHAURASIA

National Head Associate Director Manager Manager
Risk & Advisory Services Risk Advisory Services Risk & Advisory Services Risk & Advisory Services
[email protected] [email protected] [email protected] [email protected]
Tel: +91 (022) 6672 9786 Mobile +91 9833589919 Tel: +91 99202 88031 Tel: +91 9833706486

Visit us: www.bdoindia.co.in or www.bdointernational.com

BDO INTERNATIONAL – OUR OTHER FRAUD PUBLICATIONS

BRANCH OFFICES
Ahmedabad Coimbatore Kolkata (Calcutta)
703, Venus Atlantis, 100 Ft Road, Corporate Road Shree Shanmugappriya, 2nd Floor, 454, Geetanjali Apartments, Suite 7G,
Prahlad Nagar, Ahmedabad - 380 015. Ponnaiyan Street, Crosscut Road, Gandhipuram, 7th Floor, 8B, Middleton Street,
Tel: +91 (79) 4032 0441/4032 0442 Coimbatore – 641 012. Kolkata - 700 071.
Tel: +91 (422) 2237793 / 2238793 Tel: +91 (33) 3201 6298/22298936
Bengaluru (Bangalore) Fax: +91 (422) 2233793 Fax: +91 (33) 2226 4140
No. 45, 1st Floor, 2nd Main, Sankey Road, (Above
Hyderabad Mumbai (Bombay)
Indian Bank) Lower Palace Orchards, Bengaluru -
Raja Pushpa House 3rd floor Plot No-34, 701 Leela, Business Park, Andheri-Kurla Road,
560 003.
Silicon Valley, Madhapur, Hyderabad – 500 081. Andheri (E), Mumbai - 400 059.
Tel: +91 (80) 6454 2545/6454 2546 Tel: +91 (40) 42007771/0 Tel: +91 (22) 6672 9999
Fax: +91 (40) 42007772 Fax: +91 (22) 6672 9777
Chennai (Madras)
5B, A Block, 5th Floor, Mena Kampala Arcade, Jaipur New Delhi
New No 18 & 20, Old No 113/114, Theyagaraya Manish Mansion, Plot No. 247, 1st Floor 3rd Floor, 52-B, Okhla Industrial Estate
Road, T. Nagar, Chennai – 600 017. Frontier Colony, Near Punjab National Bank, New Delhi - 110 020.
Tel: +91 (44) 4213 2024 / 4554 4143 Adarsh Nagar, Raja Park, Jaipur - 302 004. Tel: +91 (11) 4711 9999
Fax: +91 (44 )4354 6876 Tel: +91 (141) 2604 743 Fax: +91 (11) 4711 9998

Pune
C-10,Godrej Eternie, Old Mumbai Pune
Highway, Wakdewadi Pune - 411 005.
Tel: +91 (20)3240 5094

Disclaimer: This publication has been carefully prepared, but it has been written in general terms and should be seen as broad guidance only. The publication cannot be relied upon
to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact
BDO Consulting Pvt. Ltd. to discuss these matters in the context of your particular circumstances. BDO Consulting Pvt. Ltd., its partners, employees and agents do not accept or
assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this publication or for any decision based on it.
BDO Consulting Private Limited, a private limited company incorporated in India, is a member of BDO International Limited, a UK company limited by guarantee, and forms part
of the international BDO network of independent member firms.
BDO is the brand name for the BDO network and for each of the BDO Member Firms.