online casino bonus
 
Online Casino Bonus Welcome to best online casino bonus, And this is a no deposit online casino bonus site !
Top Online Casino
Best Casino Bonuses
No Deposit Casinos
Best Poker Room
Monthly Casino Bonuses
High Roller Casinos
Casinos list A - B
Casinos list C
Casinos list D - H
Casinos list I - O
Casinos list P - S
Casinos list T - Z
Poker Rooms list A - O
Poker Rooms list P
Poker Rooms list Q - Z
Sports Book Bonuses
Bingo Bonuses
Casino Affiliate
Poker Affiliate
Sports Book Affiliate
Bingo Affiliate
Payment Method
Casino School
Free Casino Games
Casino Articles
Links Exchange
Best online casino and poker online articles
casino gambling poker blackjack Roulette
Internal Auditor: The fight against fraud: armed with a host of strategies and tools, organizations

FRAUD HAS LONG EXISTED AS A SORDID SWATH IN the fabric of business environments. Even after the fall of Enron and subsequent reform measures, fraud continues to pose a considerable threat to corporate well-being. In 2003, for example, the typical U.S. organization lost 6 percent of its annual revenues to occupational fraud, according to the Association of Certified Fraud Examiners' 2004 Report to the Nation on Occupational Fraud and Abuse. If multiplied by the U.S. Gross Domestic Product, which in 2003 totaled just under $11 trillion, this would translate to $660 billion in annual fraud losses.

In response to ongoing risks, many organizations devote significant resources to preventing and detecting fraudulent activity. Internal auditing, of course, typically participates in that effort. But in many cases, the audit function is only part of the picture. Firms may have a dedicated fraud team that coordinates with internal auditing, or an overarching fraud organization in which auditing serves as one of several components.

To gain insight on organizational antifraud practices, Internal Auditor spoke with several audit practitioners about their firms' overall fraud-fighting efforts. Auditors discussed their firms' big-picture strategy, the role of internal auditing, and how various areas coordinate on fraud-related initiatives. Approaches vary, but all involve the efforts of multiple groups throughout the enterprise. And in every case, internal auditing plays an integral part in the battle against corporate fraud.

A THREE-PRONGED APPROACH

Of all business types, gaming facilities might seem among the most susceptible to fraud and abuse. The amount of cash handling on casino floors, high-dollar transactions, and general flurry of customer and employee activity would appear to create a challenging environment for professionals charged with keeping fraud in check. But, according to Bob Rudloff, vice president of internal audit at MGM MIRAGE in Las Vegas, the industry is well-equipped to deal with fraud and has minimized the threat it poses. "The casino industry isn't as susceptible to fraud as a lot of people suspect," he says. "Particularly on the gaming side of the business, we've been dealing with the risk for so long that the industry has had plenty of time to develop internal controls and procedures to combat it."

MGM MIRAGE's approach to preventing and detecting fraud is built on a foundation of three main pillars, starting with the company's surveillance organization. "Surveillance operates all the camera systems above MGM MIRAGE's casino floors and other areas of the business, taping most of the cash-handling areas on a 24-hour basis," Rudloff explains. His audit group receives copies of surveillance incident reports that typically highlight cash or chip shortages and other incidents that could be indicators of employee theft or other attempts at fraud. "Usually within about 12 hours, I get a follow-up report indicating that the problem has been resolved.

"The second area of fraud deterrence is within our corporate security function," Rudloff continues. "Every employee who comes into the company goes through a background investigation--it doesn't matter what position the employee occupies in the organization; each is subject to this investigation." The security group also reviews any vendor or professional service provider with which the company wants to do business--anyone with whom MGM MIRAGE plans to spend more than $100,000 during a calendar year at one or more of its properties.

[ILLUSTRATION OMITTED]

Rounding out the three-pronged approach is MGM MIRAGE's internal audit function. Rudloff's team performs a variety of fraud-related services, including a companywide fraud risk assessment. The auditors ask each unit under review a series of questions aimed at assessing awareness and determining the company's level of protection against fraud. "We inquire about their knowledge of the existence of fraud, any past fraud act, and what they do to prevent fraud," he says.

Dennis Applegate, a senior audit manager at aerospace giant Boeing Co., says his company also relies largely on a three-part structure to tackle fraud. Last year, the company established an Office of Internal Governance composed of separate audit, ethics, and compliance organizations reporting to the chief executive officer and audit committee. Each of these functions supports management in preventing, detecting, and correcting instances of fraud. The company also maintains a separate security organization with an investigation component.

Boeing's governance office was chartered to provide renewed and focused attention on company business practices, Applegate explains. The office is responsible for coordinating the organization's overall antifraud program, and each of its individual components plays an integral part in this process.

"The ethics organization oversees an ethics training program and operates an ethics hotline to ensure compliance with the company's code of conduct--several of the code's provisions are designed to combat fraud," Applegate explains. "The ethics training program serves as a preventive control against fraud in many of its forms, as well as a management control over numerous other company procedures related to its code of conduct. It covers a wide range of topics, including foreign corrupt practices, gratuities, kickbacks, product substitution, and conflicts-of-interest."

Boeing's compliance organization ensures company adherence to export/import laws and regulations, Applegate says, adding that the organization is the largest exporter in the United States. In addition, the compliance group oversees company due diligence processes governing compliance with other laws and regulations, including an annual self-assessment based on compliance risk.

The company's audit function examines process controls over export/import activity and confirms the reliability of responses from company officials in connection with the annual compliance self-assessment process, Applegate says. But internal auditing's role in the fraud-fighting process extends far beyond compliance-related activities.

"We train our internal auditors to be alert to red flag indicators of fraud during every audit project," Applegate explains. "We also assess the risk of fraud in selected functions or processes and conduct discrete fraud audit procedures, where appropriate, based on our risk assessment. In addition, we investigate potential violations of laws, regulations, or company policies that may have possible fraud implications. If the presence of fraud is determined, either through audit or special investigation, we may refer the matter to security for follow-up examination and closure."

DEDICATED FRAUD TEAMS

At some organizations, the antifraud effort is coordinated and executed largely by a specialized unit. Robin Bhagwandass, director of Forensic Services for Standard Bank in Johannesburg, South Africa, heads such a team of specialists. Housed within the bank's group internal audit department, his Forensic Services team is an autonomous body that focuses on preventing, detecting, and investigating fraud.

"Forensic Services' primary focus is investigating significant frauds and control inefficiencies, as well as all matters relating to staff defalcations and corruption," Bhagwandass says. "Where applicable, the investigation group will provide input and make recommendations to business or business units as to antifraud controls or the upgrading of such controls."

In addition to audit professionals, Bhagwandass' team comprises bankers, lawyers, fraud investigators, ex-law enforcement officers, and information technology experts. The unit reports to internal auditing, though it derives its mandate from the company's audit committee. Internal auditing becomes involved to some degree in the forensics team's fraud work--mainly when control weaknesses are identified.

Beyond its investigative work, Forensic Services is also responsible for:

* Considering and providing input on fraud risk assessments relative to new products and services, joint ventures, and outsourcing agreements.

* Fraud prevention training and awareness.

* System-driven fraud detection and analysis of both financial and nonfinancial data using data-mining tools and techniques.

* Drafting antifraud and related policies and procedures.

Bhagwandass also points to his team's use of forensic auditing for investigating high-risk areas and says this is another instance where he coordinates with internal auditing. "Forensic auditing is a relatively new field that combines aspects of forensic investigation and standard audit techniques to audit fraud risks that are not mitigated adequately by preventative or detective antifraud controls," he explains. "Our unit integrates the fraud risk assessment process in line with internal audits. Forensic auditing intensifies the internal auditors' efforts in reducing fraud to an acceptable level and provides management with greater assurance from an audit perspective."

Coordination with internal auditing on fraud issues is key, agrees Tracey Bray, administrator of Loss Prevention and Security at Pennsylvania State Employees Credit Union (PSECU). Bray says integrating a specialized fraud unit within internal auditing at her organization has helped increase fraud-fighting effectiveness. She reports to the credit union's vice president of internal audit. However, similar to Standard Bank's forensics team, her department is an embedded, autonomous unit within the audit function. Although the department does not focus exclusively on fraud, Bray says fraud-related activities occupy approximately 85 percent of her staff's time.

"Originally, the loss prevention function was under our member services department," she explains, "but we eventually found that our organization's fraud exposure transcended any one department and that internal auditing had the organizational position and authority needed to help other departments understand what controls to put in place to prevent and detect fraud in a more timely way. So in 2001, we established the Loss Prevention and Security function within the audit function."

Bray says the positioning of her department within internal auditing has helped form synergies between the two functions and has enabled sharing of resources. "If we run into a situation where our resources are low or we're on a really tight timetable, we can often go to internal auditing for assistance," she says. "We can ask them to test some of the controls that we want to test or provide some type of technical support--it's helpful to know that there are employees within the company we can approach in confidence to aid in any investigations."

The credit union's auditors still perform control reviews and other fraud-related work, but the company has migrated most of its antifraud activities to Loss Prevention and Security. "We are part of the internal audit department, but we have more of a full-time focus on fraud," Bray says.

Mike Jacka, an audit manager for Farmers Insurance Group, says his company is also transitioning toward a specialized fraud function. The organization, which maintains offices throughout the United States, is in the process of concentrating its fraud expertise into a single department, under internal auditing, that would investigate potential fraud and coordinate fraud-related activities--such as prosecution and pursuit of restitution--with the company's corporate security group.

"We're evolving into an expert system," Jacka says. "The idea is to eventually turn most investigation activities over to the fraud specialists. Once the transition is complete, we may have, for example, one member of the fraud group in every office or one for every two offices, and they literally will handle all of the fraud work for that area. We believe this will increase the efficiency and effectiveness of our fraud prevention and detection efforts, and it will allow for a more standardized approach to fraud."

MANAGEMENT'S ROLE

Regardless of the structures in place or specialized groups formed to combat fraud, many agree that, in the final analysis, preventing and detecting fraudulent activity falls under the purview of management. "Management is ultimately responsible for preventing fraud," says Boeing's Applegate. "The groups throughout our organization that handle fraud-related tasks are all involved to varying degrees in developing management controls over fraud prevention and detection."

Denny Beran, senior vice president and director of auditing for retail department store chain JC Penny Co., says his team emphasizes management's responsibilities with regard to the control environment, including fraud controls, when they meet with operating management. Although the audit team and departments such as loss prevention and finance help the company combat fraud, Beran stresses that management is ultimately accountable.

"We play an important role in the control environment, as do other key departments," Beran says. "But really, management has to take ownership to make sure they have the right controls in place and that those controls are functioning as designed to prevent fraud."

Beran's team places a lot of emphasis on using technology to enable the company to monitor each of its transactions and employs software to review for unusual activities. But while the audit team itself uses these tools, they are intended primarily for management. "We hand the tools over to management and say, 'This is what you need to do,'" he explains. "In any area where we think fraud can percolate to the surface, we try to stay close to it and provide management with an appropriate tool to monitor it for themselves."

The responsibility for fighting fraud, however, does not stop with operating management, Beran emphasizes. He says the tone set at the oversight level is vital to the success of the organization's antifraud efforts.

"We are very fortunate at JC Penney to have a strong senior management team and board," Beran explains. He says that the organization's upper management is focused on integrity, and that the tone at the top greatly facilitates internal auditing's own fraud-fighting efforts.

"Having the right tone established by senior management makes my job much easier," Beran says. "I can sleep at night knowing that I have a chief executive officer (CEO) and chief financial officer (CFO), as well as an audit committee, who are very supportive of what we're doing. It would be difficult without that support."

A COMPANYWIDE EFFORT

Fraud awareness is important not only at the management level, but for employees throughout the company, many agree. By getting everyone on board and raising awareness, organizations have made fraud prevention and detection an enterprisewide process.

"Every department needs to be involved in fraud-fighting," says PSECU's Bray. "Our member services department has procedures in place to recognize theft when new applications come in, our counter function and branches are trained in counterfeit checks and suspicious activities, and our wire transfers department is involved in detecting suspicious activity related to money laundering and regulatory violations. So, every department in the credit union actually does need to be aware of what's going on and what their controls are designed to do, as well as how to report things that they come across."

To help ensure employees understand their role in fighting fraud, Bray says her team recently developed an internal fraud policy for distribution throughout the organization. Although ethics, conduct, and other policies were already in place, the loss prevention staff believed a fraud-specific policy was also needed.

"Our internal fraud policy just helps bring home the company's position on fraud and clarifies expectations for the employees," Bray says. "It explains to them what to do if they suspect something and what the consequences will be, including termination and prosecution, if they engage in certain types of activities. We think this explicit guidance will bolster awareness and help communicate PSECU's expectations for ethical behavior."

Joe Steakley, senior vice president of Internal Audit Services at HCA Inc., a Tennessee-based hospital chain, also acknowledges the importance of clear communication on fraud issues. In response to the U.S. Sarbanes-Oxley Act of 2002, Steakley's internal audit group began coordinating brainstorming sessions with various areas of the company to heighten awareness about fraud.

"We gather people throughout the company to discuss how HCA could be subject to fraud and where that could happen," he explains. "We also discuss putting procedures and controls throughout the hospital and explain to the participants areas where they need to be careful."

Steakley does not view fraud awareness as just a one-way street, however. In addition to providing advice on fraud-related concerns, his team also looks to individuals throughout the company for their insight on fraud.

"At the local level, employees are sometimes aware of fraudulent transactions and know more often than not where theft or abuse is occurring," he says. "And so we capture all that through a self-reporting process and communicate the results to the board and the audit committee."

This year, Steakley's auditors began sending anonymous questionnaires to employees during their reviews. Employees are asked whether they're aware of any fraud occurring anywhere in their area and, if so, to describe the details. "We've received several anonymous leads using this method," he says.

STAYING INFORMED

Although many firms go to considerable lengths to leverage their internal fraud-fighting resources, efforts may also extend beyond the organization's walls. Some firms look to outside sources for assistance with their fraud prevention and detection programs and to stay abreast of the latest trends and techniques.

Standard Bank's Bhagwandass, for example, says his organization belongs to a banking industry network that includes a public-private partnership with law enforcement and judicial agencies that share intelligence on fraud.

"The banking industry group is represented by the Banking Council of South Africa, whose members include the country's four major local banks as well as international banks that have representative offices," Bhagwandass explains. On the operational front, these banks are represented by a separate not-for-profit legal entity called the South African Banks Risk Intelligence Centre (SABRIC). "Through the auspices of SABRIC, information and intelligence are pooled together and disseminated to member banks, further assisting our crime-fighting efforts," he says.

The members of Bray's department belong to many outside organizations that provide valuable insight on fraud-related issues. "We belong to a county law enforcement organization, which is made up of people from local law enforcement, financial institutions, and private investigators," she says. "They meet about once a month to share what's going on and what trends they've seen. There are also a few other similar organizations that our investigators belong to and attend meetings with regularity."

These organizations also provide her department with outside resources that can offer assistance when problems arise. "The networking provides us with contact information," she says, "so that when we run into something that looks a little odd, we have a name and a phone number to call, and we can ask, 'Have you ever seen this before? What do you think this might be?' The contacts are probably the greatest benefit to attending those meetings."

ESTABLISHING A FOUNDATION

Regardless of an organization's antifraud structures or specific practices, strategies to detect and prevent fraud would likely be less effective without a reinforcing corporate culture. Beran emphasizes the importance of JC Penney's strong ethical foundation and commitment to integrity, as well as his audit team's role in fortifying that effort.

"We speak a lot here about having a great foundation built upon integrity, upon strong values and principles, and having management here that walks the talk," he says. "Auditing plays a critical part in maintaining that foundation and working with the company's ethics committee and audit committee on those types of issues."

HCA's Steakley says there are no perfect solutions to the problem of fraud, but he agrees that culture plays an important role. "There are a lot of people who wake up in the morning trying to figure out how to steal things," he says. "To the extent that you can make it as hard as possible for people to do that and to know that if they commit fraud it's highly likely they're going to get caught--that's what we're trying to do. We know fraud is going to happen; we just try to minimize it and maintain a culture that makes it more difficult for anyone to do it."

Finally, MGM MIRAGE's Rudloff says fraud fighting often comes down to common sense, remaining alert, and staying involved in business activities; and he stresses that internal auditing, especially, plays a large part in that process. "Our regular involvement in all parts of the business over a multi-year cycle and our ability to respond promptly to management concerns keeps us attuned to fraud exposures," he says. "We have found some otherwise undetected problems directly through the auditors' observations. In general, I encourage our auditors to keep their eyes, ears, and minds open for things that just don't seem right."

To comment on this article, e-mail the author at dsalierno@theiia.org.

BY DAVID SALIERNO

SENIOR EDITOR

COPYRIGHT 2005 Institute of Internal Auditors, Inc.
COPYRIGHT 2005 Gale Group
Copyright©2005 All rights reserved.
Topcasinolist.net is top online casino portal that provides you with the best casino bonus and no deposit casino. You can find Casino bonus reviews,monthly bonus casinos, High Roller Casinos payment methods and promotions, and much more. We also offer reviews for bingo halls, online poker rooms and sports books.