Investigative Audit

Yogyakarta, 29 September 2017

Deni R. Tama
Partner, Fraud Investigation & Dispute Services
Ernst & Young Indonesia
deni.r.tama@id.ey.com
Agenda

► Setting the context

► Understanding Fraud
► Fraud in numbers
► Anti-Fraud Strategy
► Risk Management aspects
► Prevention
► Detection
► Investigation
► Monitoring
Understanding the value of reputation

"Wells Fargo employees

secretly opened
unauthorized accounts to hit
sales targets and receive
bonuses"
Richard Cordray
Director of the CFPB

The bank agreed to pay

$185 million in fines, along
with $5 million to refund
customers.

CNN
Understanding
Fraud
What is fraud?

Any intentional or deliberate act to deprive another of property or

money by deception or other unfair means

ACFE, USA
Irregularities or omissions
deliberately performed to deceive,
cheat, or manipulate the bank,
customers or other related parties
("the Bank"), which occurs in the
environment or by means of the
Bank, resulting in losses for the Bank
and benefit for the perpetrators.

SEBI Anti-Fraud 2011

 “Illegal? Yes, but not criminal. Criminal action
means hurting someone, and we did not do that”

CEO of Westinghouse Electric Co.

on allegation of price fixing
The fraud tree

FRAUD

Asset Financial Statement

Corruption Misappropriation Fraud

Conflicts of
Interest Asset / Revenue
Understatements

Bribery
Inventory and
Cash Asset / Revenue
All Other Assets
Overstatements
Illegal
Gratuities

Economic Not specifically elaborated

Extortion
in SEBI Anti-Fraud
Source: 2016 Report to the Nations on Occupational Fraud and Abuse
Fraud by the perpetrator’s characteristics

Situation Power Calculating

Dependent Brokers Criminals
Criminals

Ordinary people Those entrusted Predators, who have

who commit with leadership above-average
crime without role and abuse intelligence, and tend
intent to harm their position to to repeat their
others deceive others offense
Fraud by the perpetrator’s background

EMPLOYEE FRAUD MANAGEMENT FRAUD

► Document falsification ► Fraudulent financial

statements
► Accounting fraud
► Intellectual property theft ► Tax evasion

► Fictitious expenses ► Money laundering

► Procurement price mark-up ► Capital market fraud
► Other types of embezzlement
► Fraudulent invoice/billing
► Conflict of interest
► “Active bribery”
► “Passive bribery”
Prevalent scheme in Indonesia

► Corruption
► Bribery (both in public and private sector)
► Economic extortion
► Conflict of interest

► Asset misappropriation
► Theft of physical assets/inventory
► Intellectual property infringement

► Financial statement fraud

► “Window dressing” for tax or loan purposes
The Fraud Triangle

Motivation
- Fear of lay-offs
- Economic
Opportunity downturn
Financial - Tighter
institutions are competition
currently
downsizing, which
has an immediate
effect on internal
controls. Justification
People will create
a rationalisation to
justify their
fraudulent act
Profile of fraudsters

Older (30+ years) Position of trust

An appearance of a
stable family situation Good
psychological
health
Above average
education
Knowledge of
accounting system
Less likely to have
criminal records
Prior accounting
experience
A big spender
 Fraud
in Numbers
Impact on organisations

► Median estimate of fraud costs organisations 5.6% of its revenues

each year

► ACFE: By applying the percentage to the 2016 estimated Gross

World Product of US$75 trillion results in a projected potential
global fraud loss of up to US$3.8 trillion worldwide!

► OECD: APAC governments pay 20 - 100% more for goods and

services because of corruption

Page 14
What a business environment!

... if they help a business

survive an economic

42%
downturn

Such behaviors include:

► Misstating company’s
financial performance
► Offering cash,
… of executives feel entertainment and/or
that unethical behaviors personal gifts to
can be justified... win/retain business

Ernst & Young, Global Fraud Survey (2016)

Fraud in Asia Pacific

“In every region,

corruption was one
Asset
Corruption of the two most
Misappropriation
common scheme
types (of fraud)”

Fraudulent
F/S

ACFE, Report to the Nations (2016)

Anti-Fraud
Strategy
Anti-Fraud Framework

Pillars of Anti
Fraud System

Active Management Supervision

Risk
Management Organisational Structure & Accountability
Aspects
Control & Monitoring
Prevention
Anti-fraud awareness

► Codes of conduct
► Do the right thing ► Act within authority
► Speaking up ► Comply with law
► Combat financial crime ► Conflict of interest
► Protect information ► Insider trading

► Anti-fraud statement
► Annual attestation

► Employee awareness programme

► e-Learning
► Classroom training
Gift & entertainment

Entertainment Gift

Receiving

Giving

Purpose Party Threshold Frequency

Database G&E
Fraud risk assessment
Know your employees

► Perform reference check

► Current employer verification
► Education verification
► Employment verification
► Criminal background check
► Credit status
Pitfalls in Prevention

► Wrong tone at the top

► Complacent with formal
prevention programme
► Failure to provide clear
guidance relating to
ethical issues
Detection
Methods relied on to detect fraud

External Audit of Financial Statement 88,2%

Code of Conduct 85,2%
Internal Audit Department 83,6%
Management Certification of Financial… 80,2%
External Audit of Internal Controls 74,5%
Management Review 72,3%
Independent Audit Committee 68,1%
Hotline 65,7%
Fraud Training for Employees 53,3%
Fraud Training for Managers 50,8%
Employee Support Programme 48,3%
Anti-Fraud Policy 46,8% Underutilised
Methods
Dedicated Fraud Functions 44,4%
Surprise Audit 41,8%
Proactive Data Monitoring/Analysis 34,4%
Formal Fraud Risk Assessment 32,6%
Job Rotation 24,6%
Reward for Whistleblowers 7,8% ACFE: Report to the Nations on Occupational Fraud & Abuse (2016)
... and how fraud is actually detected

45% 16% 13%

... through tip-off ... through ... through
internal audit management review

While
<1% are detected through surveillance
Common red flags

Living beyond means 45,8%

Financial difficulties 30,0%
Unusually closed association with vendors/customer 20,1%
Control issues, unwillingness to share duties 15,3%
Wheeler-dealer attitude 15,3%
Divorce/family problems 13,4%
Irritability, suspiciousness or defensiveness 12,3%
Addiction problem 10,0%
Complained about inadequate pay 9,0%
No behavioral red-flags 8,8%
Refusal to take vacations 7,8%
Excessive pressure from within organisation 7,0%
Past employment-related problems 6,8%
Social isolation 5,9%
Past legal problems 5,6%
Other 5,5%
Excessive family/peer pressure for success 5,1%
Complained about lack of authority 4,4%
Instability in life circumstances 4,3%
Source: 2016 Report to the Nations on Occupational Fraud and Abuse
Whistleblowing system

Policy Dissemination
► Global best practice ► Training
► Confidentiality ► Governance
► Protection of ► Campaigns
whistleblowers ► FAQs
► Case management
► Clear scope

Whistle blowing system

► Reporting avenues
► “Tone at the top” ► Accesibility
► Competency ► Reliability
► Independency ► Case reporting

People System
Staff account monitoring
Data leakage protection

Personally Transaction
identifiable data Data

CAUSE EFFECT
► Loss of IT devices
► Unauthorised ► Brand damage
transfer to USB
devices
Your ► Reputation issue
► Customer loss
► Data theft through Data ► Fines/penalties
emails
► Litigation
► Unauthorised data
printing

Corporate Customers
Data Data
Pitfalls in Detection

► Rely too much on

“conventional” methods
► Unreliable
whistleblowing system
► Failure to conduct fraud
risk assessment
 Investigation,
Reporting
and Sanctions
Each fraud examination begins
with the proposition that all
cases will end in litigation
What should trigger an investigation?

► Investigation should be based on a predication

► Predication is the circumstances that would lead a

reasonable, professionally trained and prudent individual to
believe a fraud has occurred, is occurring or will occur.

► Circumstances triggering investigation may include:

► Allegation, with strong preliminary evidence
► Misleading information provided to the auditor
► Indication of document falsifications
► Indication of fictitious vendor, employee, or other third parties
► Investigation by law enforcement agency
► Unexplained discrepancies books and actual
Axioms in Fraud Investigations

► Fraud is hidden, no opinion should be

given to any person that fraud does not
exist within a specific environment.

► Reverse proof, where to prove that a

fraud has occurred, the proof must include
attempts to prove it has not occurred, and
vice versa.

► The existence of fraud is solely the

purview of the courts and juries. The
fraud examiner must not express opinions
on the guilt or innocence of any person or
party.
Investigation is about taking snapshots
After fraud is detected, what to do?

► Preserve the environment,

including electronic and hardcopy
documentation

► Define scope of the investigation

► Assemble an appropriate
investigative team

► Develop investigative work plan

► Establish communication protocol

Questions you need to answer immediately

► Who could have been involved in the fraud scheme?

► Is there any other areas in the bank that could have been
impacted?
► Has there been any financial loss? Is it
significant?

► Is it a breach of the criminal codes?

Would it attract regulators or law
enforcement?

► Is the controls functioning properly?

► How will it be communicated to the

stakeholders?
Evidence gathering

► Essentially, investigation is an
evidence gathering process

► Type of evidence:
► Document/records
► Statements
► Electronic evidence (computer
image)
► Open source data (web)
► Physical exhibits

► Evidence requirement: admissible,

robust chain of custody and legally
obtained
Evidence gathering tips

► Exercise professional ► Lie

skepticism
► Assume
► “Think outside the box”
► Tamper the evidence
► Keep “admissibility” and
“chain of custody” ► Violate one’s privacy
principles in mind
► Log your actions ► Rely on hear-say

► Look for “circumstancial ► Use “entrapment”

evidence”
investigative
interview
Objective of an interview

► To fill in the informational gaps

that remain after completion of
the link, electronic file and
document/ transaction analysis

► To understand unwritten parts of

the issue, e.g. to answer the
“why” questions, to read between
the lines etc
Planning your interview

► Review the background information

► Prepare a written plan establishing the objectives, strategy & key

points to cover

► Select an appropriate location for the interview

► Ensure the necessary resources are available

► Separate subjects if there are several

Running your interview

► Develop rapport, show respect

► Follow the planned structure of your interview, yet be flexible

► If possible, record your interview

► Take notes (and draw pictures if necessary), and keep it for your
documentation

► Encourage the subject to provide all details

► Avoid taking notes sporadically, be consistent

► Avoid interruptions
Asking questions

► Eliminate bias from your questioning style

► Adapt you questions to the subjects narrative

► Use open-ended questions, minimise the use of closed questions

► Avoid using “leading questions”

► Use systematic questions (OK, you’ve done this, this, this … then how,
where etc)

► Comparison questions (I see that you operate in such manner, but the code
of conduct says this, this …)

► Never be afraid to ask dumb questions (it’s ridiculous to ask but …)

Interviewee types (1)

POSSIBLE APPROACH
• High • Planning
profile/senior • Know your case
Big Cheese • Intelligent • Assume control
• Arrogant
• Don’t be intimidated
• Authoritative
• Don’t waste time

POSSIBLE APPROACH
• Intelligent,
quick thinking • Attention to details
Pathological Liar • Good story-
• Chronological
tellers
• Charming • Wait for inconsistencies and
point them out
• Unable to
discern truth • Try to prove lies ex post facto
from lie
Interviewee types (2)

POSSIBLE APPROACH

• “I can’t • Evidence, evidence…

remember”
Short-term • Tie them down to dates, signature
memory loss • “It was a long-
time ago!” • Use evidence of other witnesses
• Take note of timing of memory loss

POSSIBLE APPROACH
• Erratic • Total control
• Incoherent • Slow down
Over-eager • Talk very quickly • Divide into segments
• Talk without • Segment at a time
thinking
• Complete each before moving on
Interviewing tips

► Plan the interview ► Be emotional

► Get a company ► Threaten or show
disrespect
► Interview only after the
evidence is completed ► Make promises
► Choose an environment ► Lie
with minimum distraction
► Reveal information
► Conduct the interview fairly
► Interrupt
confidentially, and within
legal boundaries ► Jump into conclusions
open source
intelligence
What is open source intelligence?

► Open source intelligence is a form of intelligence gathering that

involves finding, selecting and acquiring information from publicly
available sources, and analysing such information to produce
credible intelligence

► It is different from research whose objective is to support

strategic and operational decisions

► One of the highest growing methods: investigation using social

media
Why use social media?

Digital Penetration Data in Indonesia as of Nov 2015…

TOTAL ACTIVE ACTIVE SOCIAL ACTIVE MOBILE

POPULATION INTERNET USERS MEDIA USERS SOCIAL USERS

255.5 88.1 79.0 67.0

MILLION MILLION MILLION MILLION

Source: We Are Social

How social media help your investigations

► Locating people or undisclosed assets

► Proving actions and statements that

conflict with claims (particularly in
insurance fraud)

► Determining dates and times actions were

completed

► Proving linkages, memberships and

employment with groups, companies and
associations

► Proving (or finding) relationships with

other people
Structuring your social media investigations

► Understand the Use your findings,

predication along with other
evidence to obtain
► Know the subject confirmation or
► Assess the fraud admission from your
method subject

Initial Response Evidence Interview Conclusion

Gathering with Subject And Reporting

Based on your ► Establish your

preliminary facts
information, perform ► Prepare your
your social media evidence for
research examination
Initial response

Initial Response Evidence Interview Conclusion

Gathering with Subject And Reporting

► Identify all the preliminary information about the

case (the allegation, possible accomplice etc)

► Get the subject name/aliases, close associates,

afilliations and other relevant information (picture,
hometown, education, etc)

► Obtain a clearance to perform social media

investigation from your line manager
Evidence gathering

Initial Evidence Interview Conclusion

Response Gathering with Subject And Reporting

► Remain anonymous ► Screenshots are

visual reference,
► Focus on big 4-5 social media, plus not evidence
Google
► You need to
► Do not pretext authenticate your
evidence
► Do not trespass subject’s privacy
► Consider chain of custody
Using the result for interviews

Initial Evidence Interview Conclusion

Response Gathering with Subject And Reporting

► Do you have a Facebook page?

► Is it currently active?
► Who has access to this page?
► Does anyone have authorization to update or edit this page other than
you?
► How is the page protected?
► Hand copy of social media page to witness – Do you recognize this?
► What is it?
► Does it appear to be a fair and accurate representation of your page?
► Does it appear to be altered in any manner?
Conclusion and reporting

Initial Evidence Interview Conclusion

Response Gathering with Subject And Reporting

► Prepare your report as if it will be used in

the courtroom
► “Let the facts speak for themselves”
► Avoid opinion, overstatement and
subjective comments
► Use simple, straight-forward language
Investigative
Reporting
Structure of an investigation report

► Scope of the investigation

► Timeline
► Procedures performed
► Data collected
► Chronology of key events
► Issue-specific topics
► Finding & observation
► Remediation
Reporting tips

► Be concise ► Express opinion (unless

you’re engaged to do so)
► Let the facts speak for
themselves ► Overstate
► Use simple, straight ► Use subjective comments
forward language (e.g. excessive,
inappropriate etc)
► Use graphics and tables if
necessary
► Manage the distribution of
your reports
Sanctions and disciplinary actions

► During the investigation

► Suspension

► After the investigation completed

► Formal verbal warning
► Disciplinary letter (1-3)
► Termination
► Prosecution and litigation
Pitfalls in Response

► Improper early response

on fraud incident

► Failure to secure evidence

early on

► Lack of forensic approach

in the investigation

► Failure to perform the

investigation in accordance
with best practices
 Monitoring,
Evaluation
and Follow-up
Pitfalls in anti-fraud programme

► Wrong tone at the top

► Complacent with formal prevention programme

► Failure to provide guidance on ethical issues

► Rely too much on “conventional” detection

► Unreliable whistleblowing system

► Failure to conduct fraud risk assessment

► Improper early response on fraud incident

► Lack of forensic approach in the investigation

Page 65
Enhancing your anti-fraud programme

► Establish a robust governance process (e.g.

Committee, reporting protocols)
► Conduct a thorough fraud risk assessment
► Implement effective anti-bribery controls
► Establish a whistleblower system that is:
► Anonymous
► Easy to access
► Efficient
► Use “forensic data analytics” and use it continuously
► Assume that each investigation will end in litigation
► Ensure admissibility when collecting evidence. Use
forensic approach.

Page 66
Thank You!
deni.r.tama@id.ey.com
+6281385999758