Fraud And The InternalAudit Role by Informa Middle East

Fully revised and updated for 2014

Fraud And The Internal Audit Role

red

its

27 April – 1 May 2014 Dusit Thani Hotel, Dubai, UAE 16 – 20 November 2014 Dusit Thani Hotel, Dubai, UAE

After Completing This Course You Will Be Able To: • Evaluate and challenge management’s fraud risks • Think like a fraudster – the only way to spot frauds • Apply successful techniques to help prevent fraud • Promote an effective fraud prevention process • Adopt data mining as a fraud prevention and detection tool • Apply an effective fraud investigation process • Apply audit skills to fraud investigation • Spot when someone is not telling you the truth • Monitor the legal compliance with anti-fraud legislation

Organised by

www.iirme.com/fraudandaudit

Course Level •

This is an intermediary level course and delegates should have 12 months’ experience in Internal Audit (or other assurance roles). Delegates should have a good educational standard (Bachelors degree or above) and/or a professional qualification or be in the process of studying for such qualifications

•

No advance preparation is required

•

Delivery method – Group-live (with exercises and case studies to provide practical application of the tools and techniques)

•

A pre-course questionnaire will be sent out 2 to 3 weeks prior to the course date to obtain some information about the delegate’s role and to provide an opportunity to indicate specific learning requirements

New For 2014 •

Comprehensive CIMA fraud risk management guide with case studies

•

Results of the E & Y fraud survey 2013

•

Fraud risk register example

•

Guidance on gifts and hospitality and the legal requirements

•

47 tips for fraud risk interviews

•

A fraud investigation report template will be provided

•

Guidance on supplier and outsourcing fraud risk

CPE Credits Delegates can earn up to 30 CPE credits (12 in the regulatory ethics of study and 18 in the auditing field of study). Business Risk Management Ltd is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org

Who Should Attend? •

• • •

This course is particularly targeted at internal auditors in organisations without a dedicated fraud team, as they now have to take a much more significant role in the prevention, detection and investigation of fraud Auditors who need to learn about the most modern approaches to fraud prevention and investigation Newly appointed fraud specialists Managers needing a broader understanding of how to prevent and detect fraud

Would you like to run this course in-house?

The in-house training division of IIR Middle East Tel: +971 4 407 2624 • Email: CTS@iirme.com www.iirme.com/cts

+971 4 335 2437

+971 4 335 2438

Meet Your Expert Course Director Phil Griffiths is Founder and Managing Director of Business Risk Management Ltd. A Chartered Accountant with over 30 years’ experience in risk management, Internal Audit and fraud prevention as practitioner, professional adviser, facilitator and trainer. His specialisms are: • Assisting senior management to identify, manage and then exploit the risks within their business via facilitated business risk management programmes • Helping Internal Audit functions to implement world class standards • Developing fraud prevention, detection and investigation programmes • Training both private and public sector organisations in all of the above disciplines He has extensive experience in the MENA region having trained professionals from over 600 organisations in this region during the past 15 years. He has developed over 60 training courses on all aspects of Internal Audit, risk management and fraud and delivered them across the globe. He is an accomplished author. His first book ‘Risk Based Auditing’ is an international best seller and his brand new book ‘Enterprise Risk Management – the key to business success’ is receiving much acclaim. He is recognised as an accomplished and charismatic facilitator, trainer and lecturer and is in continual demand to speak at the most prestigious events on risk management, Internal Audit and fraud.

Why You Should Attend Recent surveys have revealed that many organisations do not have a formalised approach to fraud prevention, detection or investigation. Furthermore most survey respondents stated that their organisations were not taking the risk of fraud seriously enough. Staff invariably did not receive any fraud awareness training.

•

Many organisations rely on internal controls to prevent and detect fraud. This is unwise. The fraudster invariably knows your controls well and how to bypass them

•

Furthermore, in today’s competitive environment internal controls have often been compromised by frequent changes of management , the removal of management layers and employee empowerment

•

Complacency, poorly applied procedures and the fast pace of change are the fraudster’s main allies

•

Add to this the ever-increasing reliance on technology, and it is no great surprise that fraud is escalating both in frequency and magnitude – in all industry sectors and all economies

•

During the current economic difficulties across the world, fraud poses an even greater threat

•

One recent survey revealed that 84% of the worst frauds were committed by employees, nearly half of whom were managers with more than five years’ service

www.iirme.com/fraudandaudit

Fraud And The Internal Audit Role 27 April – 1 May 2014 • Dusit Thani Hotel, Dubai, UAE 16 – 20 November 2014 • Dusit Thani Hotel, Dubai, UAE Course Timings: Registration will be at 08.00 on Day One. Course sessions will start promptly at 08.30 and end at 14:30. There will be breaks for refreshments at approximately 10:30 and 12:30 and lunch will be served at the end of each day’s session Identity Fraud • Identity fraud – the fastest growing fraud risk • Identity fraud – fraud advisory panel paper • Identity fraud examples • How to protect your business

Day One – Fraud Risks Background • Fraud explained: definitions • Fraud statistics • Why is fraud such a serious issue? • The cost of fraud • Who commits fraud? • Trends and statistics regarding detected fraud • Why fraud is probably being perpetrated now in your organisation

Exercise 4: Discussion about identity fraud The Risk Of Corruption • Corruption causes • Corruption indicators • Fraud red flags • Procurement fraud risks • The issues to look for • Bid rigging – the issues to look for

Case Histories • 15 fraud case histories and the lessons to learn - Bank paying in slips - BCCI fraud - Land valuation fraud - Enron • Action taken against fraudsters

Exercise 5: Identifying corruption indicators

Day Two – Developing A Fraud Prevention Process

Exercise 1: What are the lessons from the frauds?

Fraud Mitigation • How to evaluate fraud risk mitigation • Why controls may not protect you • Putting yourself in the mind of the fraudster

Evaluating The Fraud Risks • Tone at the top video • E & Y fraud risk survey 2013 • Fraud risk management process • Managing the business risk of fraud (IIA, CPA, CFE paper ) • 6 principles (from the paper) - Fraud risk management programme should be in place - Fraud risk exposure should be assessed - Prevention techniques to avoid potential fraud risk events - Detection techniques should be established - A reporting process should be in place - A coordinated approach to investigation and corrective action • Building a picture of the major fraud risks • Supplier and outsourcing fraud • Fraud risk matrix • Fraud scenarios • Fraud risk register example • Fraud risk questionnaire - Generic risk factors - Specific risk - Design of controls to prevent fraud - Physical and logical access - Job descriptions - Accounting reconciliations - Supervision - Financial reporting

Exercise 6: What are the key messages from the video? • Examination of typical controls in place to mitigate the risks • Risk exposures • Identifying the vulnerable areas

Exercise 7: Fraud mitigation – teams will be selected and given four fraud risks as identified earlier – they will discuss what is in place to prevent the frauds occurring and present the findings • Discussion of the issues raised Fraud Indicators • The top 30 fraud indicators • How to spot the danger signals • Fraud indicators – fraud advisory panel paper • Developing a toolkit for identifying possible frauds • An auditor’s fraud toolkit will be provided

Exercise 8: The fraud indicators

Exercise 2: Identifying the fraud risks in your organisation The IT Fraud Risks • Computer fraud paper • Computer fraud prevention • E-commerce – the key fraud risks and steps to take to mitigate them • Internet and intranet – the fraud risks • Preventing internet fraud paper • IT security – how to evaluate effectiveness and influence change • Adoption and enforcement of information security standards • Segregation of duties – the dangers and the practical solutions • How to detect IT fraud

Exercise 9: Developing a fraud awareness training programme

Exercise 3: IT fraud risks

+971 4 335 2437

Implementing A Best Practice Fraud Prevention Process • CIMA fraud risk management guidance • Introducing effective anti-fraud policies • Creating a fraud consciousness loop • Development of a fraud awareness training programme • Communicating standards of expected behaviour/ethics • The need for strong and consistent action when fraud is suspected • Electronic data and asset protection • Fraud response plans paper • Anti Money Laundering (AML) – issues and requirements • Money laundering paper (in the pack) • The relationship between fraud, risk and control • The roles, responsibilities and liabilities of auditors, management, specialists and others

+971 4 335 2438

www.iirme.com/fraudandaudit

Day Three – The Link Between Fraud Prevention And Detection Aiming For A Cost-Effective Balance Between Prevention And Detection • Use of management check-lists • The need to be able to think like a fraudster – to be able to prevent it • Company policy on consequences of committing fraud • Facilitation of whistle blowing • Whistle blowing policy • Pros and cons of external hot-lines • Use of specialists to aid detection and investigation • Preparing and implementing fraud contingency plans • How to ensure fraud investigation is always given top priority • Use of successful fraud investigation as a moral deterrent • Managing the external coverage of proven fraud

Exercise 10: Fraudulent documents

Exercise 12: Fraud scenarios • Three situations will be used to focus on fraud areas – delegates have to establish the circumstances and actions to be taken - Investment fraud video and quiz - Fraudulent passports - Dubai bank frauds Use Of Computer Assisted Audit Techniques (CAATs) • ACL as a fraud investigation tool • ACL fraud e-book • Examples of how to use CAATs in fraud investigation will be shared • Benfords Law • Benfords law video • Benfords and CAATs paper

Exercise 13: Fraud investigation using CAATs

Day Four – Fraud Detection And Legal Issues Data Mining As A Fraud Detection Tool • Fraud detection basics paper • Fraud profiling – how to target the right systems • GTAG 13 fraud prevention and detection in the automated world • Data mining paper • Risk scoring • Fraud risk prioritisation • How to get the information you need • The use of internal databases • Demonstration of external databases • Data validation • Automated fraud detection • Example of a working model • How to put the techniques into use in your organisation • Audit software – the tools available • Practical uses of data mining and the results achievable

What To Do When You Suspect Fraud • How to react when fraud is suspected • How to decide who needs to be told

Exercise 16: Typical fraud scenario – The anonymous letter How to respond to anonymous letters Identifying misleading and malicious allegations How to deal with tips obtained from hotlines etc How to decide if you need outside help

Managing The Investigation • The need for thorough planning • Determining the objectives of the investigation • Who should be involved – what skills do you need? • Determining roles of security and Internal Audit • How to keep the investigation low-profile • Conducting fraud investigations guidance • Research – what information can lawfully be obtained • What information is available and can be used • Forensic evidence and how to obtain it • Collating information and maintaining the chain of evidence • Covert monitoring of employees – new legislation • Knowing when to suspend or dismiss employees • Fraud investigation report template will be provided

Exercise 17: Sources of information Interviewing Suspects And Witnesses • Setting the scene – choice of venue etc • Do you know your legal authority for conducting interviews? • Can you use deception in interviews? • How do you avoid breaching the employees’ rights under law? • 47 tips for fraud interviews • Planning the interview – dos and don’ts • Fraud interview – the 10 steps • How to keep in control • How to tell if someone is lying

Exercise 18: Spotting the liar • • • • • •

The use of open questions Interpreting body language How to recognise when someone is lying Recording and evaluating the conversation How to avoid accusatory or threatening questions The need to think like a fraudster

Exercise 19: The fraud interview (role play) – you will all have the opportunity to play the interviewer, the observer and the suspect

Exercise 14: Determining tests and comparisons you can undertake to target the areas of risk in your organisation

+971 4 335 2438

Exercise 15: Discussion – The legal issues

Day Five – Fraud Investigation

Exercise 11: Discussion – The IA role regarding fraud

+971 4 335 2437

How to ensure that evidence is admissible Search and seizure orders Civil vs. criminal action Bribery Act and its implications for GCC businesses Gifts and hospitality guidance How to recover stolen assets – making sure the criminal does not profit • How to handle disciplinary proceedings • Employers’ and employees’ rights

• • • •

The Internal Audit Role Regarding Fraud • ECIIA paper • Prevention and investigation • Should detection be an IA role? • The IIA states currently detection is not an IA role • What should IA do to aid detection?

The Legal Aspects • The need to stay within the law • The legal implications • When to bring the lawyers in • How to protect your work from disclosure – legal privilege

• • • • • •

Communicating The Results • When and how to inform top management • When to inform regulators/the police etc • Managing external coverage • Dealing with the media/stakeholders • The use of successful fraud investigation as a moral deterrent • Rebuilding damaged relationships

Exercise 20: The results

www.iirme.com/fraudandaudit

Fraud And The Internal Audit Role 27 April – 1 May 2014 • Dusit Thani Hotel, Dubai, UAE 16 – 20 November 2014 • Dusit Thani Hotel, Dubai, UAE

FIVE WAYS TO REGISTER IIR Holdings Ltd. P.O Box 9428 Dubai, UAE

+971 4 335 2437 +971 4 335 2438 register@iirme.com

www.iirme.com/fraudandaudit

DISCOUNTS AVAILABLE FOR 2 OR MORE PEOPLE CALL – +971 4 335 2483 E-MAIL – a.watts@iirme.com Event

Course Fee Before 9 February 2014

Course Fee Before 2 March 2014

Final Fee

US$ 4,395

US$ 4,895

US$ 5,195

Course Fee Before 31 August 2014

Course Fee Before 21 September 2014

Final Fee

US$ 4,395

US$ 4,895

US$ 5,195

Fraud And The Internal Audit Role 27 April – 1 May 2014 (BC5369) Event

WEB BC5369/BC5370

WOULD YOU LIKE TO RUN THIS COURSE INͳHOUSE?

Fraud And The Internal Audit Role 16 – 20 November 2014 (BC5370)

Course fees include documentation, luncheon and refreshments. Delegates who attend all sessions will receive an IIRME Certificate of Attendance. Any complaints, grievances or suggestion regarding CPE credit may be addressed to email: grievance@businessrisk.co.uk

All registrations are subject to our terms and conditions which are available at www.iirme.com/terms. Please read them as they include important information. By submitting your registration you agree to be bound by the terms and conditions in full.

Payments

DELEGATE DETAILS Name: .............................................................................................................................................................................................................. Job Title: ......................................................................................................... Email: ..................................................................................... Tel: ..................................................... Fax: .................................................... Mobile: ..................................................................................

Name: .............................................................................................................................................................................................................. Job Title: ......................................................................................................... Email: ..................................................................................... Tel: ..................................................... Fax: .................................................... Mobile: ..................................................................................

A confirmation letter and invoice will be sent upon receipt of your registration. Please note that full payment must be received prior to the event. Only those delegates whose fees have been paid in full will be admitted to the event. You can pay by company cheques or bankers draft in Dirhams or US$. Please note that all US$ cheques and drafts should be drawn on a New York bank and an extra amount of US$ 6 per payment should be added to cover bank clearing charges. In any event payment must be received not later than 48 hours before the Event. Entry to the Event may be refused if payment in full is not received. Credit card payment If you would like to pay by credit card, please tick here and a member of our team will contact you to take the details

Cancellation

Job Title: ......................................................................................................... Email: .....................................................................................

COMPANY DETAILS Company: ............................................................................................................................................................................................................ Address: ................................................................................................................................................................................................................ Postcode: ................................................................................. Country: ...........................................................................................................

If you are unable to attend, a substitute delegate will be welcome in your place. Registrations cancelled more than 7 days before the Event are subject to a $200 administration charge. Registration fees for registrations cancelled 7 days or less before the Event must be paid in full. Substitutions are welcome at any time.

Avoid Visa Delays - Book Now

Tel: .............................................................................................. Fax: .................................................................................................................

Delegates requiring visas should contact the hotel they wish to stay at directly, as soon as possible. Visas for non-GCC nationals may take several weeks to process.

No. of employees on your site: . 1000+ 500-999 250-499

All registrations are subject to acceptance by IIR which will be confirmed to you in writing.

50-249

0-49

Nature of your company's business: ..........................................

YES, I would like to receive information about future events & services via e-mail .................................................................

To assist us with future correspondence, please supply the following details: Name of the Department Head: ..................................................................................................................................................................... Department: ........................................................... Mobile: .......................................... Email: ....................................................................... Training Manager: ............................................................................................................................................................................................. Department: ........................................................... Mobile: .......................................... Email: ...................................................................... Booking Contact: ..............................................................................................................................................................................................

Due to unforeseen circumstances, the programme may change and IIR reserves the right to alter the venue and/or speakers.

Event Venue: Dusit Thani Hotel, Dubai, UAE Tel: +971 4 343 3333 Accommodation Details We highly recommend you secure your room reservation at the earliest to avoid last minute inconvenience. You can contact the IIR Hospitality Desk for assistance on: Tel: +971 4 407 2693 Fax: +971 4 407 2517 Email: hospitality@iirme.com

Department: ........................................................... Mobile: .......................................... Email: ...................................................................... © Copyright I.I.R. HOLDINGS B.V.

SN/ST FN08 Finance & Audit

Tel: ..................................................... Fax: .................................................... Mobile: ..................................................................................