“Good” Fraud Management: Applying Corporate Governance to Increase Revenue, Cut Costs and Safeguard Assets & Brand Value

Jonny Frank Fraud Risks & Controls

March 2010(Preliminary Draft)

“Good Fraud” vs. “Bad Fraud”

2

Good Fraud = Leakage related activities, that when prevented or detected early, leads to improved financial results.

Bad Fraud = Liability related activities, that if not prevented, leads to government sanctions, and damage to brand value and reputation of individual members of the Board and senior management.

So How Are Organizations Maximizing Opportunities & Mitigating Risk?

1. Assess how organization manages fraud risk

2. Conduct “scheme and scenario” fraud, corruption and abuse assessment

3. Address high impact common and industry specific fraud, corruption and misconduct risks– Schemes

– Presumptive controls

– Indicators

– Audit procedures

3

Fraud Management Framework

People Build three lines of defense – business, finance and internal audit/compliance

Process Identify significant risks, evaluate vulnerability to collusion, monitor/audit for red flags

TechnologyDisaggregate schemes into key risk indicators, develop data analytics, maximize available technology

• Board oversight• Codes of ethics/conduct• Anonymous reporting• Other entity level activities

Control environment

Entity and business process level control activities

Develop new/enhance existing controls

Validateoperatingeffectiveness

Evaluatecontrolsdesign

Monitoring activities

• Monitor fraud risk factors & indicators

• Audit for ‘Red flags’

Continuousreassessment

Develop a risk response

Fraud event identification and risk assessment

Conduct self-assessment at function & local businessunit levels

Assesslikelihood& impact

Identity entitylevel scheme& scenario risks

Incident response & remediation

• Investigate• Perform root cause analysis• Search for other misconduct• Enhance controls

4

Antifraud Programs & Controls Criteria* (SEC, DOJ, PCAOB, USSG, COSO et. al.)

• Control Environment– High integrity culture– Board oversight– High level overall responsibility– Day-to-day responsibility– Front line personnel– Internal audit function– Knowledge management– Code of conduct– Anonymous reporting– Hiring and promotion– Third party relationships

• Fraud Risk Assessment (FRA)– Systematic process– Management participation– Legal, financial reporting and

operations risks

• FRA Cont’d– Management override– Tailored to local units &

functions

• Control Activities– Linkage to assessment– Vulnerability to circumvention

• Detection and Monitoring– Risk factors and indicators– Data analytics and other

technology– Contemporaneous monitoring – After the fact reviews

• Incident Response and Remediation

– Investigative process– Remediation

5

*Bolded Italics denotes common deficiency.

“Scheme and Scenario” Fraud Risk Assessment

6

10 Suggested Action Steps

1. Host a “perfect crime” dinner or play “angels v. demons” with the C-suite and/or finance team.

2. Self-assess your antifraud program.

3. Conduct a “leakage audit” to identify opportunities to maximize revenue, cut costs and safeguard assets - - particularly if your company engages in business in emerging markets.

4. Equip front line personnel with knowledge and skills to function as an effective “first” line of defense.

5. Conduct a scenario analysis to identify high impact legal/reputation risks

6. Link and evaluate adequacy of transaction level controls.

7. Identify and monitor key fraud risk factors and indicators.

8. Maximize internal and 3rd party information systems and technology

9. Develop an incident response and remediation process before a crisis occurs

10. Pray that LeBron James joins the Knicks or Nets to bring winning basketball back to NYC

Facilitator Contact & Biographical Information

Jonny J. Frankjonny.frank@us.pwc.com

1.646.471.8590

Jonny Frank has over 30 years public and private sector experience and over 20 years university teaching experience in preventing, detecting and investigating business irregularities. He is an award winning author of over 30 articles and book chapters, including the IIA's Thurston Award for outstanding scholarship. Jonny earned his LLM from Yale Law School in 1983 and his JD from Boston College Law School in 1980, where he ranked no.1 in a class of 250 and graduated summa cum laude.

Executive Assistant United States Attorney, Eastern District of New York Jonny began his professional career as a Federal prosecutor in the early 1980s in the U.S. Department of Justice, where he served for 12 years. His prosecutorial career included investigating and prosecuting over 1,000 economic crimes cases involving Fortune 500 companies across every business sector. In the mid-1990s, the Justice Department appointed Jonny to serve as Special Counsel to the New York City Mayoral Commission on Police Corruption. He also led trips to train former Soviet bloc prosecutors and judges on the investigation of economic crime.

Co-founder, PwC Investigations PwC recruited Jonny to join the firm as a partner in 1997 to help develop and lead the firm's investigations practice. Leveraging this public sector experience, Jonny developed a global practice, focusing on investigation and remediation of fraud and corruption. Jonny led over 1000 engagements during his five years as practice leader.

Founder, PwC Fraud Risks & Controls (FR&C)Following Enron, PwC appointed Jonny to build and lead a practice devoted to prevention, detection, and remediation. The practice has professionals in Africa, Canada, Central, Eastern & Western Europe, India, South America, and the United Kingdom.

In 2003, Jonny pioneered PwC's "scheme and scenario" fraud risk assessment framework, which the SEC, AICPA, IIA, and COSO have embraced. FR&C have embedded this framework at numerous internal audit departments and finance functions, in addition to using it on over 1500 PwC audits.

Jonny also developed a fraud auditing training methodology, comprised of classroom and on-the-job coaching. PwC applied this methodology to train over 350 experienced audit managers to serve as fraud specialists on their engagements.

Yale School of Management, Fordham University, Brooklyn Law SchoolSimultaneous to his DOJ and PwC career, Jonny has taught for over 20 years at the professional school level. He serves as an Adjunct Professor of Law at Fordham University Law School (1988 – present) (ranked no. 3 nationally in evening law programs) and previously taught at Yale School of Management (Senior Faculty Fellow 2003 – 2006) and Brooklyn Law School (1089 – 2004).

© 2009 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity. *connectedthinking is trademark of PricewaterhouseCoopers LLP (US).

pwc.com

The information contained in this document is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, there may be omissions or inaccuracies in information contained in this document. This document is provided with the understanding that the authors and publishers are not herein engaged in rendering legal, accounting, tax, or other professional advice and services. It should not be used as a substitute for consultation with professional accounting, tax, legal or other competent advisers. Before making any decision or taking any action, you should consult a PricewaterhouseCoopers professional.

While we have made every attempt to ensure that the information contained in this document has been obtained from reliable sources, PricewaterhouseCoopers is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this document is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will PricewaterhouseCoopers, its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this document or for any consequential, special or similar damages, even if advised of the possibility of such damages.

Appendix

10

“Good Fraud” vs. “Bad Fraud”

11

Good Fraud = Leakage related activities, that when prevented or detected early, leads to improved financial results.

Bad Fraud = Liability related activities, that if not prevented, leads to government sanctions, and damage to brand value and reputation of individual members of the Board and senior management.

Identifying High Impact Risks: Expenditure Leakage

12

Illustrations: • Orders from fictitious vendor

• Kickbacks in return for allowing supplier to inflate price

• Advertiser charges for advertising not delivered

• Vendors/contractors charge for work not performed

• “Double dips” on p-card and credit card

• Salesperson obtains reimbursement for fictitious travel expenses

Identifying High Impact Risks: Unauthorized Expenses

13

Illustrations: • Payments to public officials for permits

and licensing

• Payments to facilitate sales

• Payments to avoid sanctions

• Leakage of private information, e.g., patient information, credit cards, etc..

• Environmental violations

Identifying High Impact Risks: Asset Misappropriation

14

Illustrations • Employee steals liquid assets,

• Salesperson steals customer list for use at a competitor

• Event planner receives 15% “commission” on rooms

• HR employees puts shadow employee on payroll

Identifying High Impact Risks: Unauthorized Receipts

15

Illustrations:• Overbilling customers

• Antitrust and restraint of trade

• Improperly obtaining rebates

• False marketing statements

Identifying High Impact Risks: Revenue Leakage

16

Illustrations:• Salesperson discounts price in return

for kickback

• Business leader runs parallel business

• Salesperson violates non-compete clause after leaving company

• Salesperson enters side agreement with customer unable to make payment, ultimately resulting in write off receivable and/or debt

Identifying High Impact Risks: Reporting & Disclosure

Illustrations:• Improper revenue recognition

• Manipulation of significant management estimates

• Inconsistent or improper accounting of intercompany transactions to improve operating performance of business units.

• False statements in MD&A

• Deceptive marketing

17