TEKNIK MENGUNGKAPKAN FRAUD DALAM MENINGKATKAN EFEKTIFITAS PENGENDALIAN INTERN PERUSAHAAN

KHAIRIANSYAH SALMAN

AGENDA PRESENTASI
Tujuan Presentasi Konsep Dasar
Fraud Internal

Control Audit Investigatif

Strategi Pencegahan dan Pengendalian

Fraud Teknik Audit Investigatif

FRAUD
BASIC CONCEPTS

FRAUD!!!

FRAUD FAST FACTS

Annual estimated fraud losses: $660 billion Most fraudsters are first-time offenders Amount of loss is directly related to fraudsters position in the organization Most frauds are detected by tips Deterrence is key

Source: ACFEs 2004 Report to the Nation on Occupational Fraud and Abuse

THE FRAUD TRIANGLE.

re rc e iv ed P re ss u

n tio Ra n tio za ali

Pe

Perceived Opportunity

THE FRAUD TRIANGLE.

Perceived Pressure

Situasi dimana seseorang meyakini bahwa mereka itu karena kebutuhan merasa perlu untuk melakukan Fraud Situasi dimana seseorang meyakini bahwa adanya kesempatan atau kondisi yang menjanjikan keuntungan jika melakukan fraud dan tidak terdeteksi Suatu bentuk pemikiran yang menjadikan seseorang yang melakukan fraud merasa bahwa sikap curang tersebut dapat diterima.

Perceived Opportunity

Rationalization

ELEMENTS OF FRAUD TRIANGLE.

Conversion Elements Of Fraud Concealment Theft

CATEGORIES OF FRAUD:

RED FLAGS FOR FRAUD

No vacation Voluntary overtime Unexplained variances Complaints No reconciliation One employee does it all Documentation is not original Rush requests

DETECTION OF FRAUD

40% 24% 21% 18% 11% 1%

Tips Internal Audit By accident Internal controls External audit Other

Source: ACFEs 2004 Report to the Nation on Occupational Fraud and Abuse

IF YOU SUSPECT FRAUD.

Do Not confront the person Do Not talk about it with co-workers Do Not try to verify fraud has taken place or catch them on your own. DO call Internal Audit, Experts in

objective verification of the facts

INTERNAL CONTROL
BASIC CONCEPTS

WHAT IS INTERNAL CONTROL?

Internal control is a process, effected by an entitys board of directors (regents), management and other personnel, designed to provide reasonable assurance regarding the achievement of the following objectives: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations

INTERNAL CONTROL KEY CONCEPTS

Internal control is a process. Its a means to an end, not an end in itself. Internal control is affected by people. Its not merely policy manuals and forms, but people at every level of the organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entitys management and board. Internal control is geared to the achievement of the entitys objectives .

INTERNAL CONTROL KEY CONCEPTS (CONT.)

Management, not auditors, must establish and maintain the entitys controls No system can be regarded as completely effective Should be applied to both manual and computerized systems Are implemented to protect the employee

TYPES OF INTERNAL CONTROLS

Directive Controls encourage good

behavior, its the right thing to do
Incentive plans Recognition awards Training Policies and Procedures Promotions

TYPES OF INTERNAL CONTROLS

Preventative Controls prevent undesirable

events from occurring
Knowledge that someone is reviewing your work Segregation of duties Limited access Levels of authorization Security badges Business rule set-up in automated systems

TYPES OF INTERNAL CONTROLS

Detective Controls detect and correct

undesirable events after they occur.
Reconciliations Auditing Confirmations Exception reports Reviews done on a regular basis

TYPES OF INTERNAL CONTROLS Mitigating Controls Mitigate for the

lack of an expected control.

Cash handling lack of adequate staff for proper segregation of duties sharing with another area Software security/access regular monitoring of access for certain employees when software security is not adequate because of functional constraints.

INTERNAL CONTROLS CAN FAIL BECAUSE:

Employees can make mistakes or exercise poor judgment There can be collusion where two or more individuals work together to steal Management may inappropriately override established policies or procedures.

Key Control Activities

Monitoring Control Environment

Control Over Assets & Information Systems

Segregation of Duties

Authorization, Approvals, Verifications

WHAT ARE RISKS?

A risk is anything that could jeopardize the achievement of your organizations objective to: Achieve your goals Operate effectively and efficiently Protect the Organizations assets from loss Provide reliable financial data Comply with applicable laws, policies, and procedures

IDENTIFYING YOUR RISKS

Questions to ask yourself: What can go wrong? How could someone steal from us? What laws or regulations would be violated? What policies most affect us? What types transactions/activities in our area expose us to the greatest risk? How can someone bypass the internal controls? What potential risks could cause adverse publicity?

FRAUD RISK MODEL

High Risk Medium Risk

Attitude/ rationalization

Incentive/ pressure

Opportunity

INVESTIGATIVE AUDIT
BASIC CONCEPTS

PERSPECTIVE OF INVESTIGATIVE AUDIT

Financial Statement Audit
Management Assertion on F/S

Performance Audit

Efficiency Effectiveness Economy

Investigative Audit

Losses Criminal Offences

AXIOMS OF INVESTIGATIVE AUDIT

REVERSE PROOF FRAUD IS HIDDEN

AXIOMS

EXISTENCE OF FRAUD

FRAUD IS HIDDEN

Unlike other offenses, part of the method of fraud is to conceal its existence No opinion should be given to any person that fraud does or does not exist within a specific environment. The methods for concealing fraud are so numerous and sometimes ingenious that almost anyoneeven the examinermight be defrauded. Offering opinions might leave the examiner personally vulnerable to legal problems

REVERSE PROOF

The examination of fraud matters is approached from two perspectives. To prove that a fraud has occurred, the proof must include attempts to prove it has not occurred. The reverse is also true. In attempting to prove fraud has not occurred, that proof must also attempt to prove that it has. The reason is that both sides of fraud must be examined Under the law, proof of fraud must preclude any explanation other than guilt.

EXISTENCE OF FRAUD

The examiner must not express opinions on the guilt or innocence of any person or party. In resolving fraud issues, the examiner must postulate a theory guilt or innocencein order to attempt to prove that theory. Any discussion of guilt or innocence is only a part of that theory; the examiner must not make statements that could be construed to be conclusive in regard to the theory.

INVESTIGATIVE AUDIT METHODOLOGY

Investigative Audit methodology requires that all fraud allegations be handled in a uniform, legal fashion and be resolved on a timely basis. The Investigative Audit methodology gathers evidence from the general to the specific. At each step of the Investigative Audit process, the evidence obtained and the fraud theory approach continually is assessed The investigation of fraud, because it deals with the individual rights of others, must be conducted only with adequate cause or PREDICATION.

PREDICATION

The totality of circumstances that would lead a reasonable, professionally trained, and prudent individual to believe a fraud has occurred, is occurring, and/or will occur. Predication is the basis upon which an examination is commenced. Investigative Audit should not be conducted without proper predication.

INVESTIGATIVE AUDIT PROCESS

Analyzing Available Data Creating a Hypothesis Testing the Hypothesis Refining and Amending the Hypothesis Observation Document Examination Interview

Neutral third Parties Corroborative Witnesses Co Conspirators Subject

FRAUD PREVENTION AND CONTROL STRATEGY

Discourage Perpetration of fraud

PREVENTIVE

Give no chance for fraud to occur

Effective and efficient of Control
Ethical Climate and Asset Protection Effective system Handling of fraud Initial Information Risk Management System and Control Regular Audit By external and Internal Auditor Methodology in Handling predication In first place Clear Management Role in fraud Investigation Effective Follow up Of the allegation

DETECTIVE

COMBATING FRAUD STRATEGY.

If fraud Occur, it should be knowing ASAP Minimizing Losses, get the Fraudster and Revise control weakness

REPRESSIVE

Antifraud Program Implementation Plan

Step 1: Create a Baseline: Assess Existing Antifraud Programs & Controls Develop & Remediate Plan
Key Elements of Antifraud Whitepaper IA Whitepaper Appendix A

Step 2: Organize a Fraud and Reputation-Risk Assessment

Step 3: Evaluate & Test Design & Operating Effectiveness

IA Whitepaper pp. 30-32

IA Whitepaper pp. 17-25

Step 2.3: Identify Potential Fraud Misconduct Schemes & Scenarios

Step 2.1: Organize Assessment by Business Cycle or Separate Fraud Cycle

Step 2.4: Assess Likelihood of Fraud and Significance of Risk

Step 2.5: Link Antifraud Control Activities

Step 2.2: Determine Units & Locations to Assess

Step 4: Address Residual Risks

IA Whitepaper pp. 29

Step 5: Standardize Process for Incident Investigation and Remediation

Disciplinary & legal action Recovery/restoration of losses & other damages Consideration of how and why fraud occurred Determination of whether controls were nonexistent, circumvented, and/or overridden Explanation to senior management and audit committee regarding likelihood of recurrence

INVESTIGATIVE AUDIT TECHNIQUES

INVESTIGATIVE AUDIT TECHNIQUES

EFFECTIVE INVESTIGATIVE AUDIT WILL IMPROVE CONTROL

Organizational PROCESS In place

IMPROVEMENT

ALLEGATIONS

CHANGE TO PROCESS & AUDIT PROGRAM

INVESTIGATION
FINDINGS AND RECOMMENDATIONS

PREDICTIONS

INTELLIGENCE About Risk

WHY CORPORATE NEED TO INVESTIGATE FRAUD EFFECTIVELY

Enforcing the Law by Catching the Fraudster Minimising losses by confiscating fraudster assets Lesson Learning to improve internal control.
Revise system and procedures Analyze Human Resources Management Develop management tone in sense of combating fraud.

To deter potential fraudster

INVESTIGATIVE AUDIT TECHNIQUES

Investigation consists of performing the extended procedures necessary to determine the occurrence of fraud (as suggested by the indicators). Investigation includes gathering sufficient evidence about specific details of a discovered fraud.

Basic investigative audit techniques:

Document examination; Observation Interview

DOCUMENT EXAMINATIONS

ANALYZING DOCUMENT

Every Financial Fraud usually deal with documentary evidence. The goal of document analyzing is to make certain that all relevant documents are included, and all irrelevant documents eliminated. It is critical to understand the relevance of this evidence, and how it should be preserved and presented. documents can either help or hurt a case, depending on which ones are presented and how they are presented

HOW WE GET EVIDENCES ?

Evidence comes in 2 forms: witness and record (document or electronic file):

The statements of witnesses will have to be corroborated by records and Tendering records as evidence will require a witness to authenticate the record.

RULES ON COLLECTING AND HANDLING EVIDENCE

Obtain original documents where feasible. Make working copies for review, and keep the originals segregated. Do not touch originals any more than necessary; they might later have to undergo forensic analysis. Maintain a good filing system for the documents

RULES ON COLLECTING AND HANDLING EVIDENCE

From the moment evidence is received, its chain of custody must be maintained for it to be accepted by the court. This means that a record must be made when the item is received or when it leaves the care, custody, or control. This is best handled by a memorandum of interview with the custodian of the records when the evidence is received, which state:

What items were received When they were received. From whom they were received. Where they are maintained

dokumen, yakni setiap rekaman data atau informasi yang dapat dilihat, dibaca, dan atau didengar yang dapat dikeluarkan dengan atau tanpa bantuan suatu sarana, baik yang tertuang di atas kertas, benda fisik apapun selain kertas, maupun yang terekam secara elektronik, yang berupa tulisan, suara, gambar, peta, rancangan, foto, huruf, tanda, angka, atau perforasi yang memiliki makna. (UU No. 20 Tahun 2001)

RECORDS:

The primary concern is the potential of destruction or alteration; Records in hard copy format (document) are less at risk to alteration but more difficult to search on for key information; Records in electronic format (databases) are more at risk to alteration/deterioration and should be backed up. The ability to search on key terms is enhanced using investigative software.

INFORMATION MANAGEMENT
Managing the vast amounts of documents and electronic data is essential for 2 reasons:

Ensuring valuable evidence is located and acted upon; and Ensuring the integrity of the Forensic Report by sourcing the conclusions and tables to specific records.

ELECTRONIC MANAGEMENT:

Scanning creates a picture file; OCR creates a text file; Words are arranged into a comprehensive database which facilitates searching; Massive volumes of data can be condensed onto CDs; Court presentation is enhanced.

Document investigation:

Consider the following: The source of the document (who created it); The context of the document (what is the purpose of the document); The reliability of the document (can the information be corroborated elsewhere).

EXAMINING FRAUDULENT DOCUMENTS

Detection of forged signatures Identification of the writers of signatures. handwriting, and hand printing. Detecting altered documents Detecting and restoring erasures and eradications . Determining when a document was or was not prepared. Detecting counterfeited documents and examining printed documents. Detecting and restoring faint indented writings. Comparisons of paper and inks.

DETECTION OF FORGED SIGNATURES

ORIGINAL SIGNATURE

TRACED FORGERY

SIMULATED FORGERY

FREEHAND FORGERY

EXAMINING FRAUDULENT DOCUMENTS

Determining whether two sheets of paper came from the same tablet or pad of paper. Examinations of paper folds and sequence of folds. Comparisons of torn or cut paper edges. Restoration of charred and partially burned documents. Identifying the machine that made a photocopy and whether two copies were made on the same machine. Examinations of facsimile (fax) copies. Identifying the source of, or alterations to, notary seals, wax seals and cachets

EXAMINING FRAUDULENT DOCUMENTS

Detecting the opening and resealing of sealed documents and examining adhesives. Detecting inserted text in typewritten, printed, or handwritten documents. Determining the sequence of handwritten text, signatures, and typewriting. Identifying rubber stamp impressions. Identifying mechanical check-writer and numbering device impressions

INVESTIGATIVE CONSIDERATIONS

Evidence is not unidirectional: you may start the trail at the end rather than the beginning; Stay focused on the purpose of the investigation-ignore side trails; Periodically review the evidence with others as it may allow you to see new avenues (brainstorm!)

OBSERVATION

DEFINITION

Observation is the use of the senses to assess certain activities. (Arens Loebecke : Auditing, an Integrated Approach) Investigating Fraud use observation in covert examination which designed to obtain evidence by use of agents whose true role is undisclosed to the target. Bare in mind, FRAUD IS HIDDEN, DISCLOSE ANY TECHNIQUES CAN RUIN THE INVESTIGATION!!!

COVERT OPERATION
There are two major forms of covert operations: undercover operations and surveillance operations

Undercover operations seek to develop evidence directly from people involved in the offense through the use of disguise and deceit. Rather than waiting for the information to come by other routes, there is a conscious decision to seek it out.

Surveillance operations use the skills of observation to determine activity of individuals. The surveillance operation is designed to gather information.

COVERT OPERATION

Covert operations require the highest degree of skill and planning.

Used incorrectly or handled badly, covert operations can lead to death, injury, serious financial liability, and embarrassment.

Used in a timely manner with great care, a covert operation can produce results that cannot be achieved in any other way.

COVERT OPERATION
Covert operations cannot be conducted as fishing expeditions. Justification for conducting the operation must be legally sound and defensible and must not violate a persons reasonable expectation of privacy.

COVERT OPERATION OBJECTIVES To obtain evidence of a Past, Current, Future crime. To identify those engaged in possible illegal activity. To recover illegal gains To identify co-conspirators To identify the modus operandi

BACK THE OPERATION UP !!!

Prior to an undercover operation, it is essential that the basis for the operation be committed to writing, in memo form which should clearly state :

The information upon which the covert operation will be based. The information that is expected to be gained from the operation. The identities of suspects, if any. Operatives under your care, custody, or control

COVERT OPERATION
There are two major forms of covert operations:

undercover operations

surveillance operations

UNDERCOVER OPERATION

Undercover operations seek to develop evidence directly from people involved in the offense through the use of disguise and deceit. Rather than waiting for the information to come by other routes, there is a conscious decision to seek it out.

SURVEILLANCE
Surveillance is the planned observation of people, places, or objects. It is normally concerned with people. Places and objects observed usually are incidental to the primary interest of gathering information about certain people.

There are two general types of surveillance: mobile and fixed.

MOBILE AND FIXED SURVEILLANCE

Mobile surveillance can be done on foot or by vehicle and is carried out when people being observed move from location to location.

A fixed surveillance is used when a person or activity remains in place, although the observers might move from one vantage point to another in the immediate area.

ENTRAPMENT
Entrapment poses the biggest legal problem in covert operations, particularly in undercover operations. It is imperative that the operation be properly predicated. Again, covert operations must not be used for fishing expeditions

INTERVIEW

WHAT IS INTERVIEW

An interview is a question-and-answer session designed to elicit information. It differs from an ordinary conversation (Inquiry), in that the interview is structured, not free-form, and is designed for a purpose. An interview might consist of only one question or a series of questions.

MASTERING INTERVIEW
Be prepare before embarking the interview.
review the case file
learn what information is known to the witness

hypothesis should be reviewed to make sure it reflects the obtained evidences

MASTERING INTERVIEW

Never interview someone without sufficient information and relevance evidences. The most vulnerable witness should be interviewed after the more reluctant witnesses

CHARACTERISTICS OF A GOOD INTERVIEW

sufficient length and depth to uncover relevant facts. includes all pertinent information and excludes irrelevant information. conducted as closely as possible to the event in question. objective in scope, gathering information in a fair and impartial manner

CHARACTERISTICS OF A GOOD INTERVIEWER

people persons, and are talented at human interaction. does not interrupt the respondent with unnecessary questions phrasing questions in a nonaccusatory manner. approaching the interview in an informal and low-key fashion. involves a state of mind and a commitment to excellence . be on time, be professionally attired, and be fair in all dealings

TERIMA KASIH
FINANCIAL AUDITOR LOOK AT THE FIGURES INVESTIGATIVE AUDITOR LOOK BEHIND THE FIGURES