Corporate Resiliency Managing the Growing Risk of Fraud and Corruption

Foreword.

Preface.

Acknowledgments.

Introduction.

Part One: Fraud and Corruption Today.

Chapter 1: Can We Eliminate Fraud and Corruption?

Not a pretty picture.

Focusing on the larger picture.

Potential for catastrophe.

Why now?

Resiliency as a corporate goal.

Chapter 2: The Growing Risk of Fraud and Corruption.

Why should my company be especially concerned about fraud and corruption now?

Local problems, global pain.

Awareness is crucial.

Common sense and observable reality.

Tailoring efforts to avert damage.

Chapter 3: The Costs of Fraud and Corruption.

Higher stakes.

Casting a shadow on the future.

Cost and availability of capital.

Bad news travels even faster than before.

Don’t expect a slap on the wrist.

Part Two: On Becoming Resilient: Strategies for Avoiding and Minimizing the Impact of Fraud and Corruption.

Chapter 4: Building a Resilient Corporation.

What determines survivability?

Reducing vulnerability.

Traits of a resilient corporation.

Three key characteristics of resiliency.

Why resiliency is achievable.

Learn from the experience of others.

What are the benefits of fraud and corruption risk management?

Five principles of fraud risk management.

The first line of defense.

How can companies use the new guidance?

Building resiliency by enhancing fraud and corruption risk management.

Corporate resiliency self-assessment tool.

Chapter 5: Fraud and Corruption Risk Assessment.

Behind the facade.

What is a fraud and corruption risk assessment?

How important is a good fraud and corruption risk assessment?

Implementing fraud and corruption risk assessments.

Risk assessment reports: The good, the bad, and the invisible.

Four quadrants; four risk management strategies.

Questions to ask about your fraud and corruption risk assessment.

Chapter 6: Company-wide Anti-Fraud Controls: The Role of the Control Environment and High-Level Strategies.

Creating an anti-fraud control environment.

What exactly is a control environment and why is it important?

Tone at the top.

The control environment as a bulwark.

The control environment and governance.

Put it in writing.

Setting the tone.

Internal audit’s role.

Measuring tone at the top.

Written code of ethics/conduct.

Why is a code important?

Excerpts from Deloitte Code of Ethics and Professional Conduct.

How does management create a successful code of ethics/conduct?

Ethics training for all employees—including management.

Hotlines, helplines, and whistle-blower programs.

The role of human resources—employee selection and discipline.

Other general strategies of which fraud risk management is a component.

Enterprise risk management.

Fundamentals of ERM.

Achieving risk intelligence.

Fundamentals of GRC.

Complicated, but worth the effort.

Integrated versus nonintegrated GRC.

Survey results show desire for integrated GRC.

Key attributes of companies with robust GRC strategies.

PACI, anti-corruption, and the control environment.

Chapter 7: Preventive Controls: Particular Fraud and Corruption Avoidance Strategies and Tactics.

Getting down to brass tacks.

Confronting fraud and corruption risks.

Background checks and enhanced due diligence.

Automation can be essential.

Preventive controls and three broad categories of risk.

Monitoring and evaluating preventive controls.

Continuous controls monitoring.

Correcting deficiencies.

The roles of ERM and GRC.

Chapter 8: Detective Controls and Transaction Monitoring.

The importance of monitoring and detection.

Monitoring and detection tactics.

Whistle-blower hotlines.

Risk-based internal audits as a fraud detection tactic.

Manual monitoring.

Technology-based detection tactics.

Examples of fraud detection using data interrogation techniques.

Continuous fraud monitoring.

Is CFM for everyone?

The importance of lookbacks as a control check.

Questions to ask about monitoring and detection.

Chapter 9: Preparing for Fraud and Corruption Investigations and Remediation.

Be prepared.

An ounce of planning . . . .

What to do when regulators come knocking . . . .

Evaluating the allegation.

Assembling the right investigation team.

When to call for help.

Establishing investigation protocols up front.

Collecting and preserving crucial data.

Newer challenges, newer technologies.

Communication—enough but not too much.

The benefits of a case management system.

Remediation—getting more value from investigations.

Chapter 10: The Players’ Roles (Including Yours).

New rules, new responsibilities.

The value of a cross-functional committee.

The role of the compliance officer.

Fraud and corruption risk management is everyone’s business.

Conclusion: What the Future May Hold.

Good fraud and corruption risk assessment is crucial.

Embracing new roles and responsibilities.

Measuring performance.

We won’t predict the future, but . . . .

Take your first steps now.

Afterword.

Appendix: Examples of Fraud Risk Factors.

Recommended Reading.

References.

Disclosure.

About the Authors.

Index.

Toby J. F. Bishop is the Director of the Deloitte Forensic Center for Deloitte Financial Advisory Services LLP in Chicago. A thought leader on fraud prevention and detection, named five times to Accounting Today's Top 100 Most Influential People in the Accounting Profession, he is the former president and CEO of the Association of Certified Fraud Examiners, the global professional body for anti-fraud specialists. He is a graduate of the University of Oxford.

Frank E. Hydoski is the leader of the Analytic and Forensic Technology practice of Deloitte Financial Advisory Services LLP. Internationally recognized for his work in complex investigations, he served as chief of forensics for the Independent Inquiry Committee into the United Nations Oil-for-Food Programme and led a key forensic effort in the investigation of Holocaust-era accounts held by Swiss banks. He is a graduate of San Diego State University and obtained his PhD from the University of Chicago.