Investigations and Fraud Control
Fraud Control Framework
Without an effective fraud management strategy, a company is exposed to fraud for which the Board and management may be legally and financially liable for failure to establish a pro-active fraud risk framework.
More…
PwC's Forensic Services practice specialises in establishing fraud risk frameworks which identify fraud risks and the associated controls.
We assist clients to understand and meet their obligations in fraud control in accordance with both private and public sector Standards such as AS 8001-2008 Fraud and Corruption Control, Commonwealth Fraud Control Guidelines and others. We divide our fraud risk frameworks into three headings: Prevent, Detect and Investigate.
Prevention involves review and development of the following:
- fraud risk policies and procedures
- fraud control plans
- annual declarations
- pre and post employment screening of employees
- Board, management and staff fraud awareness training
- ‘whistle blower' hotline procedures.
Detection involves:
- fraud risk assessments
- facilitated workshops to identify fraud risk
- proactive internal and external audit procedures
- data analytics ("Suspicious Transactions Analysis").
Investigation is the third essential part of a fraud risk framework. A pre-established fraud incident management plan needs to be created to quickly manage and investigate allegations of fraud and potential loss. This involves securing relevant evidence, including witness statements, documentary and electronic evidence, having employee policies in place, in addition to an internal and external communication plan. It is essential to manage fraud risk proactively as losses are typically difficult to recoup.
Tracing perpetrator assets for recovery and fidelity insurance are means of recovering funds lost, as are criminal and court actions against a fraudster, but these can become lengthy and costly processes.
Example Benchmarking result against AS8001-2008: Fraud and Corruption control
Fraud Risk Management Training
Fraud risk training is an essential ingredient of any fraud control plan. During induction training, amongst other things, employees should be introduced to the company's fraud policies and procedures and be made aware of reporting mechanisms and whistleblower hotlines. Training should be conducted on a regular basis and include updates on fraud risk exposures and mitigating controls.
More…
For senior management, PwC has developed a "Fraud Risk Scenario - Crisis Management Training" programme to build senior management awareness and understanding of fraud risk. The training begins with a hypothetical scenario of alleged fraud at an organisation and company management is required to respond to anonymous allegations and information as it is received through the investigation.
Participants in this scenario training will receive real case examples together with a holistic approach to addressing a fraud related crisis. They will also develop a tailored investigation strategy and crisis management protocols.
Additional benefits of this exercise include:
- the identification of strengths and weaknesses in an organisation's crisis management and investigation processes
- the development of hands-on experience in dealing with the aftermath of fraud incidents
- contributing to compliance training requirements for Responsible Officers and management (Financial Service organisations).
- Credit history and bankruptcy details
Fraud Risk Assessment / Risk Storm Workshops
Fraud and corruption, often linked to poor governance, represent serious risks for an organisation. High profile cases in recent years have shown that dishonest behaviour not only undermines profits, operating efficiencies and reliability, but can also severely damage an organisation's reputation.
More…
Using client data and other information, together with our own subject matter expertise, we assist organisations to adopt a proactive, systematic and considered approach to the management of fraud and corruption. Our approach involves gathering data through client meetings and review of relevant documentation, to understand the "as is" status of the company's fraud and corruption management, prior to conducting Risk Storm workshops and meetings.
Our Risk Storm workshops involve representatives from across business areas sharing and "storming" their knowledge of current and future risk exposures, controls to address those risks and future enhancements to existing controls to mitigate those risks. Whilst all business operations and subject matters can be covered, our team will tailor the workshops to the client's needs.
Deliverables from our assessments include:
- development of a "heat map" of inherent fraud risks
- benchmarking of the current fraud control framework against AS 8001 - 2008: Fraud and Corruption Control (refer "Fraud Control Framework")
- observations and recommendations based on our findings and extensive experience in the area of fraud and corruption controls.
Heat map example
Fraud Investigations
The detection and minimisation of fraud is now an integral part of business life. When a fraud is identified, an effective investigation strategy is the key to a successful investigation, and greatly increases the chances of a successful action both to prove the offence and recover losses.
More…
Our experienced team assists clients by:
- assessing the electronic environment - refer to Technology Investigations
- investigating the incident and identifying how the fraud occurred, and steps to prevent further incidents
- interviewing suspects and other staff members to gain an enhanced understanding of the situation
- managing internal and external communication of the incident during and after completion of the investigation
- ensuring that any evidence obtained is in a form that can be presented in legal proceedings
- preparing a full independent expert report for submission in court, quantifying the loss, setting out the relevant issues and presenting and explaining any accounting concepts in the context of the fraud - refer to Forensic Accounting
- providing a formal ‘brief of evidence' for a civil action, or to the relevant law enforcement agency
- finding assets that may provide loss recovery and pursuing recovery action - refer to
Investigative Intelligence
- preparing and negotiating an insurance claim.
Investigative Intelligence and Analysis
Investigative Intelligence and Analysis is important in risk management, and in the
prevention and detection of fraud. Significantly, it addresses two
issues not normally covered by legal and financial due diligence - the
reputation and integrity of the entities of interest and of the
individuals within those entities.
More…
Our experts collate data from international public information sources and
provide analysis, giving this information a tactical and strategic
value. We build up accurate and informative profiles on the prior
business dealings and reputations of entities and individuals, their
personal and business affiliations, and their assets and liabilities,
including:
- regulatory information concerning companies and individuals
- financial details such as bankruptcy, litigation and where appropriate, credit histories
- asset ownership particulars such as property land title search, boat and aircraft ownership
- electoral roll, tenancy and telephone directory records
- references in the global media.
With the application of analytical methodologies, we can identify inherent risks or other pertinent information and provide a report detailing our findings and giving recommendations.
Visual link analysis charts can also be prepared to clearly illustrate information crucial to unravelling complex relationships between companies and individuals.
Background Verification Services
Curricula vitae (résumés) often contain discrepancies, gaps and inconsistencies that expose organisations to the risk of employing unqualified or deceitful employees. Prior to employment, employee details including identity, education, professional qualifications, employment history, right to work and references should be checked.
More…
Our experience in performing employee and due diligence background verification has enabled us to develop a market-leading service, supported by a sophisticated and secure background verification database.
We are able to search Australian and international databases to verify and obtain a broad range of data including the following:
- birth certificates
- criminal records
- ASIC records of disqualified individuals
- driving licences
- land titles
- credit history and bankruptcy details
- court records
- media reports
- educational records
- specifically designated nationals OFAC, DFAC
- right to work and relevant visas.
Procurement Fraud Management
Procurement fraud is a serious corruption issue and where it involves the payment of kickbacks, can remain undetected for long periods. We work with companies to develop a strong procurement policy, which is a first line of defence against procurement fraud. Our priority is to ensure that the policy is manageable, realistic and proportional to the relative risks of the organisation.
More…
Specific policies and procedures that can be put in place to mitigate the risk of procurement fraud, including:
- procurement policy reflects scale and risk of procurement eg decision to go to tender, quotes required or sole provider
- tender and selection policy in existence and communicated to all relevant staff
- controls to ensure value of proposed contract is not split/reduced to meet any thresholds regarding going to tender
- evaluation criteria established prior to the tender process
- evaluation criteria which allow a like-for-like comparison
- independent panel is involved in the selection process
- vendor due diligence is conducted for major suppliers, including reputation, associated entities and credit position
- delegations of authority are established and monitored for compliance
- training is conducted regularly to ensure staff are aware of procurement fraud risks and the red flags to look out for
- a gifts and entertainment register to monitor potential supplier influence
- annual Conflict of Interest declarations, linked to the company's Code of Conduct.
Intellectual Property Risk Management
Among a company's most valuable assets is its Intellectual Property (IP). Whether it be patents, copyrights, trademarks or trade secrets, protecting IP has long been a key concern for businesses, considering losses for IP infringements can occur from a range of sources. The true consequences of IP infringement may be measured in terms of loss of sales revenue through counterfeiting or other infringement, an amount which will dwarf the cost of each incident of infringement.
More…
Our IP Risk Management team can help by working closely with you to prepare an IP protection strategy, as well as test existing protection regimes to identify and manage risk and mitigate loss.
The key steps involved can include the following:
- reviewing and evaluating current policies and procedures
- conducting interviews with senior management and staff
- developing an inventory of IP and associated information
- assessing inherent risks to IP protection
- providing a report identifying the IP risks within the organisation, together with an assessment of the likelihood of occurrence, impact and advice as to how to reduce that risk
- drafting or updating any policies, procedures or control plans
- assisting in the implementation of new IP protection measures
- obtaining evidence and preparing a detailed report of instances of IP infringement
- assessing any damages caused by IP infringement.
We also deliver awareness training to staff to provide them with the skills and knowledge they need to help them identify potential risks and prevent future IP infringement.
Anti-Piracy Investigations
PwC has an effective lead-sourcing and intelligence structure which operates both in Australia and globally. This allows for the rapid and effective investigation of piracy leads, in any legal jurisdiction.
More…
Our services enable clients to make informed decisions and take further action such as legal action, or referral to law enforcement authorities. We possess the necessary knowledge and contacts to ensure effective case referrals.
Currently, we co-ordinate the Australian anti-piracy campaigns for two of the world's largest software companies - targeting importers, markets and local producers of counterfeit software and gaming products. In combating the risks and possible damages associated with piracy, we are involved with:
- putting in place programs to identify and monitor the manufacturers, distributors and importers of pirated product
- seeking assistance to obtain criminal and civil restitution from the manufacturers, distributors and importers of pirated product.
Whistleblower Management
An effective fraud control policy should make it clear that all staff are responsible for reporting any malpractice to management. In practice, there can often be reluctance to report, as some staff interpret it as "dobbing".
More…
The development of a protect disclosures (Whistleblower) program mitigates this reluctance and is an important element of any effective fraud prevention or mitigation strategy. The use of such programs has been shown to reduce the average quantum of fraud loss.
PwC has extensive experience in developing such programs, which are designed to:
- encourage the reporting of incidents of fraud, corruption, legal or non-regulatory compliance and questionable accounting or auditing matters
- allow for the efficient and effective investigation of disclosures
- protect those making the disclosure from reprisal
- appropriately manage those subject to an allegation.
Our methodology complies with regulatory requirements, including:
- Corporations Act 2001 (Cth) (as amended)
- Whistleblower Protection Act 2001 (VIC)
- Protected Disclosures Act 1994 (NSW)
- Australian Standard 8004 – 2003 Whistleblower Protection Programs for Entities
- ASX Corporate Governance Council – Principles of Good Corporate Governance and Good Practice Recommendations
- Sarbanes Oxley Act 2002.
