Managing Fraud Risk: A Practical Guide for Directors and Managers


Fraud can severely damage an organisation’s profitability and reputation.  The risks have never been higher than they are in today’s turbulent economic times, yet many organisations continue to take a reactive approach, thinking about fraud only once it has occurred.  As a result they are forced to deal with the consequences, often having to act quickly and under conditions of extreme stress, leading to poor outcomes. 

In Managing Fraud Risk: A Practical Guide for Directors and Managers Steve Giles lays out the modern, strategic approach to the problem. He explains corporate fraud theory (what it is, who commits it and why) and examines the results primarily from the business perspective of identifying the most cost-effective methods available to manage the risks.  The book provides a menu of anti-fraud techniques and day to day processes designed to prevent, detect and investigate fraud, thus enabling the reader to create a cost-effective anti-fraud framework tailored to the specific needs and circumstances of their own organisation. 

Key features of the book include: 

  • A clear, logical and accessible structure: each chapter covers an important aspect of fraud and concludes with five key learning points for directors and managers.
  • Numerous illustrative examples from both headline cases and the author’s own extensive experience of fraud investigations.
  • Interviews with directors and managers from both the public and private sectors to give a practical business perspective on the issues discussed.
  • A risk management framework that places fraud in its proper context of corporate governance, risk and business ethics.
  • Identification and analysis of the key anti-fraud preventative and detective controls that have been shown to work best in practice.
  • Strategic guidance and advice on tailoring an effective programme of anti-fraud measures to meet business requirements.
  • The Fraud Awareness Quiz - why not take the Quiz and find out how much you really know about fraud and the risks associated with it?

Managing Fraud Risk: A Practical Guide for Directors and Managers provides the reader with all the tools necessary to create and maintain an effective anti-fraud framework within their own particular organisation.

Steve Giles is a chartered accountant with over 20 years experience of fighting fraud.  This began with his involvement in the Polly Peck investigation in the early 1990s and continued with a variety of forensic accounting assignments whilst still at Deloitte.  Now a consultant, Steve has worked on many fraud investigation cases in the UK, Continental Europe and the US, whilst also advising his clients on the most effective measures that they can take to prevent, deter and detect fraud in their organisations.  Today he lectures extensively around the world on fraud and financial crime matters generally and also on the broader subjects of corporate governance, risk management, auditing and business ethics. He is an Associate Member of the Institute of Chartered Accountants in England and Wales.

Acknowledgements xv

Introduction 1

Making me an offer that I can’t refuse 1

Opening remarks 2

About this book 3

1. Personal experiences 4

2. Courses, delegates and the Fraud Awareness Quiz 7

3. Interviews and interviewees 8

Concepts and focus 8

Fraud: the gorilla in the room? 9

1. The Bernie Madoff effect 10

2. Corporate fraud highlighted by the international media 11

3. General fraud highlighted by the national media in the UK 12

Closing remarks 14

1 Responsibility 17

What a mess - how could all this have been allowed to happen? 17

Introduction 19

Answers to the Quiz 20

Responsibility Framework 22

Introduction 22

International best practice 23

Practical application 24

The linkage between risk management and internal controls 25

Overview 25

Control design linked to risk 26

The importance of evidence 26

Introduction 26

Examples 27

Evidence of management of fraud risks 28

The role of audit in fraud prevention and detection 29

Overview 29

Little training for auditors on fraud awareness 29

Problems and remedies 30

The strategic approach to managing fraud risk 30

Best practice guidance 30

The Fraud Risk Management Framework 31

Introduction 31

Summary - Five Key Learning Points for Directors and Managers 33

2 Meaning 35

The hairs on the back of my neck 35

Introduction 36

Answers to the Quiz 36

Fraud definitions 38

Key word - deception 39

Key word - intentional 40

ACFE occupational fraud typology 41

1. Fraudulent financial statements schemes 42

2. Asset misappropriation 44

3. Corruption 47

The ACFE’s “Report to the Nation” 49

Fraud and the law 50

Introduction 50

The Fraud Act 2006 50

Commentary 51

Some examples of what the term “fraud” actually includes 51

1. Fraud as abuse of systems and control procedures 51

2. Fraud as abuse of working practices 51

3. Fraud as financial engineering 53
4. Fraud as corruption 55

5. Fraud as collusion 55

Fraud costs - scale and direction of travel 56

1. Costs of fraud 56

2. Direction of travel 59

Answers to the Quiz 62

Summary - Five Key Learning Points for Directors and Managers 63

3 People 65

Appearances can be deceptive 65

Introduction 66

Answers to the Quiz 66

Answers with very low percentage scores for total honesty 67

Answers with very high percentage scores for total honesty 69

The results of the research into honesty 70

The Fraud Triangle - the key behaviourial model 71

Motivation 72

Opportunity 72

Rationalisation 73

Motives of fraudsters - bringing the Fraud Triangle up to date 74

Albrecht, Howe and Romney 74

Hollinger and Clark 75

Ditton and others 76

Wolfe and Hermanson 77

Classification of fraudsters 78

First-time offenders 78

Recidivists 79

Those who commit fraud to benefit the organisation 79

Outsiders 79

Profile of a fraudster 80

Introduction 80

The greatest risk lies at the top 80

Tenure 80

The squeezed middle 81

The fraudster’s department 82

Motives of fraudsters - the business perspective 82

Summary - Five Key Learning Points for Directors and Managers 85

4 Risk 87

We are all risk managers now 87

Introduction 88

Answers to the Quiz 89

Risk management primer 92

Introduction 92

Culture 92

Risk soundings exercise 93

Avoid the tick-box attitude 99

Strategic risk management and the “4Ts” approach 100

Risk management cycle 100

The “4Ts” approach 100

The “4Ts” approach - exercise 101

The use of insurance 101

The key risk - reputation 102

Reputation risk - the Arthur Andersen/Enron case 104

Verdict overturned 105

Reputation and ethics 105

Taking a risk-based approach to financial crime 105

Introduction 105

Approach to bribery and corruption 106

Approach to money laundering and terrorist financing 106

Taking a holistic approach to financial crime 107

Taking a risk-based approach to fraud 108

Overview 108

1. Fraud risk profile 109

2. Strategic approach to fraud risk 110

Summary - Five Key Learning Points for Directors and Managers 112

The “4Ts” approach - answer to the exercise 113

(a) Bottom left-hand quadrant ¼ TOLERATE 113

(b) Top right-hand quadrant ¼ TERMINATE 114

(c) Bottom right-hand quadrant ¼ TREAT 114

(d) Top left-hand quadrant ¼ TRANSFER 114

5 Governance 117

People disappear in Texas 117

Introduction 118

Answers to the Quiz 119

Background 119

Governance as compliance 120

The performance element 120

Board conformance and board performance 121

Enron - a failure of corporate governance 122

Introduction 122

Company history 122

Consequences of scandal 123

Governance failure 123

Enron by the numbers - part 1 124

Governance overview - relationships and agency risk 126

Background 126

The key governance players 127

Agency risk and the role of independent non-executive directors 127

The development of corporate governance codes and legislation 128

Rules-based and principles-based governance regimes 128

The US and the UK governance regimes 129

1. The Sarbanes-Oxley Act 2002 130

2. The UK Corporate Governance Code 135

Competency and behaviour - the key drivers of board performance 138

1. The competency of directors 138

2. The behaviour of directors 141

The corruption component of fraud 144

Introduction 144

Corrupt business practices 145

The US position - the Foreign Corrupt Practices Act 146

The United Nations position - the UN Convention against Corruption Act 2005 146

The UK position - the Bribery Act 2010 147

The Satyam fraud 149

Introduction 149

Background 150

Satyam’s accounting fraud 150

Consequences and commentary 151

Summary - Five Key Learning Points for Directors and Managers 152

6 Controls 155

Getting run over by a bus 155

Introduction 156

Answers to the Quiz 157

Internal controls overview 160

Background 160

Control characteristics 161

Preventative and detective controls 161

Manual and automated controls 161

Hard controls and soft controls 162

Internal control structure 162

Overview 162

Broad perspective 163

Avoid negative attitudes 163

Making the commitment 164

Custom and practice 165

Modern internal controls frameworks 167

Overview 167

1. The COSO Framework - 1992 168

2. The COCO Framework - 1995 171

3. The Turnbull Guidance - 1999 172

4. The SOX - 2002 174

5. ERM Framework - 2004 175

The role of audit in fraud prevention and detection 175

Introduction 175

Perception and realities 176

The external audit 176

Introduction 176

Definitions 177

External audit essentials 177

Should external auditors discover fraud? 178

Reasonable assurance 180

Internal auditing 180

Introduction 180

Definitions 180

Internal audit essentials 181

Should internal auditors discover fraud? 182

Limitations of traditional audit techniques 182

Poor understanding of fraud risk 183

Audit testing based on small sample sizes 183

SAS 99: Considerations of Fraud in a Financial Statement Audit 184

Introduction 184

What SAS 99 and ISA 240 say about fraud auditing 185

Commentary 185

The role of the audit committee 186

Introduction 186

Role of the audit committee in the fight against fraud 186

Examples of poor performance by audit committees 187

Example 2 - Enron 188

Summary - Five Key Learning Points for Directors and Managers 189

7 Prevention 191

A question of black or white 191

Introduction 192

Answers to the Quiz 193

Fraud prevention controls 195

Introduction 195

The concept of the control environment 196

Key aspects of prevention - generic controls 197

Overview 197

(a) Segregation of duties 197

(b) Delegations of authority and authorisation limits 199

(c) Physical and computer security over assets, records and information 200

Control inhibitors and concealment strategies 201
Introduction 201

Management override of controls 201

Collusion 202

Processing a transaction below the “control radar” 202

False documentation 203

Blocking the flow of information 203

Specific anti-fraud prevention controls 204

Introduction 204

The six key fraud prevention controls 205

Introduction 205

Fraud prevention - the three hard controls 205

Fraud prevention - the three soft controls 215

5-Point fraud prevention plan 220

Summary - Five Key Learning Points for Directors and Managers 221

8 Detection 223

“But he seemed like such a nice guy, he still lives with his mother” 223

Introduction 224

Answers to the Quiz 225

The deterrence factor 226

Overview - what is meant by deterrence 226

The perception of detection 226

Ways to increase the deterrence factor 228

Fraud detection 236

Introduction 236

The three key fraud detective measures 236

Summary - Five Key Learning Points for Directors and Managers 252

9 Investigation 255

Don’t crash the car 255

Introduction 256

Answers to the Quiz 256

Fraud investigation case study 257

Fraud investigation - best practices 273

Introduction 273

Handling the initial allegations 274

Setting the overall objectives 275

Reporting lines and the investigation team 277

The use of covert techniques 279

Evidence 281

Guidelines for interviews 283

The litigation process and involving the police 286
Overview 286

Civil litigation 286

The police and criminal proceedings 287

Insurance - the quantum of loss statement and making claims 288

Communication issues 288

Introduction 288

Media contingency planning 289

Managing internal communications 289

Summary 290

Fraud investigations - practical examples 290

Summary - Five Key Learning Points for Directors and Managers 293

10 Ethics 295

The RICE model 295

Introduction 296

Answers to the Quiz 297

The business ethics framework 299

Introduction 299

The golden rule of reciprocity 300

The key concepts of integrity and trust 301

Business ethics and the law 302

The “3Rs” ethical roadmap 303

Individual responsibility 304

Corporate culture 305

Pressure, incentives and short-term targets 306

The business ethics toolbox 309

Introduction 309

Value statements 309

Codes of ethics and conduct 311

Confidential reporting lines 313

Ethical training and development programmes 313

Business ethics in action 315

Integrated approach 318

Summary - Five Key Learning Points for Directors and Managers 319

Epilogue 321

Distinguished merit 321

References 323

Index 329