FRAUD DETECTION AND PREVENTION

BRINKS CHAPTER 25

KELOMPOK 4
 IHSAN
 AULIA
 SONYA MARTHAYORI
 SITI
 DIANTY R. ROOSMANTY
 LIDYA CHRISTY FRANSISCA SIREGAR
UNDERSTANDING AND
RECOGNIZING FRAUD
MUHAMMAD IHSAN

 WHAT IS FRAUD?
 FRAUD CLASSIFICATION
 FRAUD TREE
 FRAUD TRIANGLE
 FRAUD CAUSES
 RECOGNIZING FRAUD: FRAUD PREVENTION
WHAT IS FRAUD?

Fraud is an intentionally or deliberately act to deprive

another of property or money by guile, deception, or
other unfair means. (ACFE)
FRAUD CLASSIFICATION

Misappropriation
of Assets

Fraudulent
Financial Corruption
Statements
FRAUD TREE
Fraud Tree

Misappropriation of Fraudulent Financial

Corruption
Assets Statements

Net assets/Net
Cash All other assets Income Conflict of Interest
Understatement

Net assets/Net
Theft of cash on Theft of cash Fraudulent Income
Misuse Bribery
hand receipts disbursements
Overstatement

Skimming Cash larceny Billing Larceny / Theft Illegal gratuities

Sales/Services Payroll Economic extortion

Expense
Receivables
reimbursement

Refunds Cheques/EFT

Source: Association of Certified Fraud Examiners

FRAUD TRIANGLE

Personal financial problems Gambling problems

Desire for status symbol Family pressures

Need to meet with

Need to meet with budgets
Incentives/ fundraising targets

Pressures

High turnover of staff

“I am only borrowing the
money”
Lack of segregation of duties
Fraud “I am entitled to the money”
Significant cash transactions Triangle
“I am underpaid”
Lack of controls
Opportunities Attitudes/ “I have to steal to provide for
my family”
Informal governance Rationalisation
FRAUD CAUSES
Lack of internal controls 26%

Override of existing internal controls 24%

Poor tone at the top 17%

Lack of management review 16%

Lack of competent personnel in oversight roles 6%

Lack of employee fraud education 4%

Other 4%

Lack of independent checks/audits 2%

Lack of clear lines of authority 2%

Source: Report to the Nations: Asia-Pacific Edition, Association of Certified Fraud Examiners
RECOGNIZING FRAUD: FRAUD
PREVENTION

 Be clear about the ethical values, e.g. honesty and accountability – set
the “tone at the top” on fraudulent behaviour
 Be open about the possibility (risk) of fraud, even if it is only a small risk
– if you don’t acknowledge that fraud happens, you are not
going to find it
 Identify the types of fraud you may be at risk from – conduct a risk
assessment
 Understand the red flags that act as a warning of possible issues – e.g.
behavioural or lifestyle symptoms, accounting & analytical anomalies
FRAUD DEFINITION (US)

Whoever, in any manner within the jurisdiction of any

department or agency of the United States, knowingly and
willfully falsifies, conceals, or covers up by any trick, scheme, or
device a material fact, or makes any false, fictitious, or
fraudulent writing or document knowingly the same to contain
any false, fictitious, or fraudulent statement or entry, shall be
fined not more than . . . Or imprisoned not more than . . . or
both.
RED FLAGS INDICATING POTENTIAL FINANCIAL
FRAUD (1)
1. Lack of written corporate policies and standard operating procedures.
2. Based on interviews at multiple levels, lack of compliance with
organization internal control policies.
3. Weak internal control policies, especially in the division of duties.
4. Disorganized operations in such areas as purchasing, receiving,
warehousing, or regional offices.
5. Unrecorded transactions or missing records.
6. Counterfeit or evidence of alterations to documents.
7. Photocopied or questionable handwriting on documents.
8. Sales records with excessive voids or credits.
9. Bank accounts not reconciled on a timely basis or stale items on bank
reconciliations.
10. Continuous out-of-balance conditions on subsidiary ledgers.
RED FLAGS INDICATING POTENTIAL FINANCIAL
FRAUD (2)
11. Unusual financial statement relationships.
12. Continuous unexplained differences between physical inventory counts
and perpetual inventory records.
13. Bank checks written to cash in large amounts.
14. Handwritten checks in a computer environment.
15. Continuous or unusual fund transfers among company bank accounts.
16. Fund transfers to offshore banks.
17. Transactions not consistent with the entity’s business.
18. Poor screening procedures for new employees, including no background
or reference checks.
19. Reluctance by management to report criminal wrongdoing.
20. Unusual transfers of personal assets.
RED FLAGS INDICATING POTENTIAL FINANCIAL
FRAUD (3)

21. Officers or employees with lifestyles apparently beyond

their means.
22. Unused vacation time.
23. Frequent or unusual related-party transactions.
24. Employees in close association with suppliers.
25. Employees in close relationship with one another in areas
where separation of duties could be circumvented.
26. Expense account abuse such as managers not following
established rules.
27. Business assets dissipating without explanation.
INTERNAL AUDITORS OFTEN FAIL TO DETECT
FRAUDS FOR ONE OF THESE REASONS:

 Unwillingness to look for fraud.

 Too much trust is placed on auditees.
 Not enough emphasis is placed on potential fraud
issues in audit findings
 Fraud concerns receive inadequate support from
management.
 Auditors sometimes just fail to focus on high-risk
fraud areas.
Public Accounting’s Role in
Fraud Detection

 AICPA Statement on Auditing Standards (SAS No.

1)
 The auditor has no responsibility to plan and perform the
audit to obtain reasonable assurance that
misstatements, whether caused by errors or fraud, that
are not material to the financial statements are
detected.
 Auditor eksternal hanya bertanggung jawab untuk
menentukan apakah laporan keuangan dinyatakan
secara tepat/wajar.
Public Accounting’s Role in
Fraud Detection

• Commision on Auditors Responsibilities

Amerika Serikat, akhir mengindetifikasi adanya expetation gap &
tahun 1970an. litigation crisis

• Pada tahun1987 mengeluarkan

1980an dibentuk rekomendasi kepada akuntan publik
National Commission on agar merubah standar pengauditan
Fraudulent Financial dan mengakui secara lebih baik
tanggung jawab auditor untuk
Reporting atau Komisi mendeteksi fraud atas laporan
Treadway keuangan.

1988, AICPA
mengeluarkan standar • The Expectation Gap Auditing Standards
atau Standard Expectation Gap
pengauditan
Public Accounting’s Role in
Fraud Detection

 SAS No. 53 tentang “The Auditor’s

Responsibility to Detect and Report Errors
and Irregularities,”
 1997, tanggung jawab atas fraud
dinyatakan kembali (SAS No.82),
“Consideration of Fraud in Financial
Statement Audit”
 The auditor has a responsibility to plan and
perform the audit to obtain reasonable
assurance about whether the financial
statements are free of material misstatement,
whether caused by error or fraud.”
Public Accounting’s Role in
Fraud Detection

 SAS No.99 “Consideration of Fraud in Financial Statement

Audit”
 Professional skepticism regarding possible fraud
 Auditor eksternal megidentifikasi resiko fraud dan
memahami karakteristik terjadinya fraud: incentives,
opportunities, dan ability to rationalize
 Auditor eksternal harus selalu terlibat dalam proses audit
untuk mengantisipasi bahwa ada kemungkinan beberapa
tingkat aktivitas fraud
 Merancang tes yang tidak terprediksi dan tidak terduga
oleh klien
 Management is often in a position to override controls in
order to commit financial statement fraud
 Prosedur auditor eksternal yang diharapkan untuk
dilakukan dalam setiap keterlibatan audit.
 IIA STANDARDS FOR INTERNAL A
IIA STANDARDS FOR INTERNAL AUDITORS
The IIA standards emphasize that internal
audit has a role to play regarding fraud examining and evaluating
detection and prevention, but the primary the adequacy and
effectiveness of the
fraud detection responsibility falls on system of internal control
management Internal
•commensurate with the
auditors
are responsible extent of the potential
1210.A2 – Internal auditors must for assisting in exposure/risk in the
the deterrence various segments of the
have sufficient knowledge to of fraud by enterprise’s operations
evaluate the risk of fraud and the
manner in which it is managed by
the organization, but are not 1220.A1 – Internal auditors must exercise
expected to have the expertise of a due professional care by considering the:
person whose primary responsibility ….
- Probability of significant errors, fraud, or
is detecting and investigating fraud noncompliance.
….
 The organization’s environment fosters control consciousness, and realistic enterprise goals
and objectives are set

Written policies (e.g., codes of conduct) exist that describe prohibited activities
and the action required whenever violations are discovered

Appropriate authorization policies for transactions are established and maintained

for example
determine
whether: Policies, practices, procedures, reports, and other mechanisms are developed to
monitor activities and safeguard assets, particularly in high-risk areas.

Communication channels provide management with adequate and reliable

information

Recommendations need to be made for the establishment or enhancement of cost-effective

controls to help deter fraud.
When an internal auditor suspects a potential
fraudulent activity

appropriate recommend follow up to see that

enterprise whatever the internal
authorities investigation is auditing activity’s
department, should considered responsibilities have
be informed necessary been met
 Fraud Investigations for
Internal Auditors
In addition to helping to build and review controls to prevent and
detect fraud, internal auditors sometimes become very involved in
fraud investigations. While appropriate legal authorities should be
used here for many fraud investigations, internal audit often can
play a key role in other, less major matters.
When faced with such potential fraud information, internal audit’s first
step should always be to consult with the enterprise’s corporate
counsel.
 Fraud Investigations for
Internal Auditors
■ Prove the loss
Fraud-related reviews usually start out with the finding that
someone stole something. The internal audit–led investigative
review should assemble as much relevant material as necessary to
determine overall size and scope of the loss
 Establish responsibility and intent
This is a “Who did it?” step. As much as possible, internal auditors
should attempt to identify all parties responsible for the loss and if
there are any special or different circumstances associated with
the fraud action.
 Fraud Investigations for
Internal Auditors
■ Prove the audit investigative methods used
– The investigative team needs to be able to prove that its
fraud-related conclusions were based on a detailed, step-by-
step investigative process, not just an uncoordinated witch
hunt. The review should be documented using the best
internal audit review processes. Of particular importance
here, all documents used need to be secured.
Peran Internal Audit

■ Pencegahan kecurangan (Fraud Prevention)

berupaya untuk menghilangkan atau mengeleminir sebab- sebab
timbulnya kecurangan tersebut.
1) Membangun struktur pengendalian intern yang baik
2) Mengefektifkan aktivitas pengendalian
3) Meningkatkan kultur organisasi
4) Mengefektifkan fungsi internal audit
■ Pedeteksian kecurangan (Fraud Detection)
■ Investigasi Kecurangan (Fraudi Investigation)
Peran Internal Audit

■ Pedeteksian kecurangan (Fraud Detection)

Sebagian besar bukti-bukti kecurangan merupakan bukti-bukti
tidak sifatnya langsung. Petunjuk adanya kecurangan
biasanya ditunjukkan oleh munculnya gejala-gejala
(symptoms) seperti adanya perubahan gaya hidup atau
perilaku seseorang, dokumentasi yang mencurigakan,
keluhan dari pelanggan ataupun kecurigaan dari rekan
sekerja. Pada awalnya, kecurangan ini akan tercermin melalui
timbulnya karakteristik tertentu, baik yang merupakan
kondisi / keadaan lingkungan, maupun perilaku seseorang.
Karakterikstik yang bersifat kondisi / situasi tertentu, perilaku
/ kondisi seseorang personal tersebut dinamakan Red flag
(Fraud indicators).
 INFORMATION TECHNOLOGY FRAUD
PREVENTION PROCESSES
1. Isu akses internet: Perusahaan sering menetapkan panduan dan kontrol untuk
membatasi penggunaan internet. Namun karena kebutuhan/kebiasaan karyawan akan
penggunaan web, sulit untuk memisahkan kebutuhan pribadi dari penggunaan kepentingan
bisnis. Perusahaan dapat mengontrol penggunaan internet melalui software monitoring.

2. Penggunaan sumber IT yang tidak tepat: Perusahaan seharusnya menetapkan aturan

yang menyatakan bahwa tidak boleh terdapat file atau program pribadi pada sistem yang
dipasok oleh pekerjaan. Karyawan sering mengabaikan aturan tersebut, dan mengerjakan
pekerjaan pribadi baik di kantor maupun di rumah. Perusahaan harus menekankan bahwa
tidak boleh ada bisnis pribadi saat berada di tempat kerja. Ini dapat menimbulkan risiko
fraud dan kemungkinan membawa virus dan software berbahaya ke sistem perusahaan.
3. Penggunaan software illegal : Karyawan terkadang mencoba
mencuri/mengunduh salinan software perusahaan atau menginstal
software mereka sendiri pada komputer perusahaan. Dengan
melakukan hal demikian, karyawan melanggar aturan dan melanggar
perjanjian lisensi software
4. Keamanan komputer dan masalah penipuan: karyawan dapat
melanggar perlindungan password dan mendapat keuntungan atas akses
tidak benar melalui sistem komputer dan file yang ada. Walau hanya
sekedar melihat pekerjaan, namun mereka melakukan penipuan dengan
melanggar aturan keamanan komputer
5. Pencurian informasi melalui USB : perangkat penyimpanan yang
dimasukkan ke dalam sistem komputer dan digunakan untuk
mengunduh beberapa gigabyte informasi. Perusahaan dapat menghadapi
beberapa risiko atas pencurian atau kehilangan data misalnya seperti
data customer.
6. Pencurian informasi atau penyalahgunaan data dan
komputer lainnya : adalah kejahatan yang mencoba mengakses
sistem komputer dengan melanggar kontrol password dan lainnya
untuk melihat, memodifikasi, copy data atau file. Ini dapat menjadi
penyebab kejahatan komputer yang signifikan.

7. Penggelapan atau transfer dana elektronik tanpa izin:

mencuri uang atau sumber daya lain melalui transaksi yang sah
atau tidak sah adalah penyebab signifikan dari sistem TI dan
masalah penipuan jaringan. Seperti memprovokasi transaksi untuk
mengirim cek utang ke alamat rumah, atau memfasilitasi transfer
bank, ini bisa menjadi area utama untuk kejahatan komputer.
 FORENSIK KOMPUTER

 Area pendeteksian sistem komputer yang merupakan pemeriksaan terperinci

menggunakan penyelidikan komputer dengan teknik analisis untuk menemukan
atau menentukan potensi bukti hukum dalam situasi penipuan.

 Pada dasarnya apa yang tertulis di file komputer dapat dipulihkan, bahkan jika itu
telah dihapus melalui perintah sistem operasi. Pelaku mungkin merasa bahwa
mereka telah menutupi jejak mereka dengan menghapus file, tetapi alat forensik
komputer sering memungkinkan pemulihan hampir sepenuhnya.

 Pemeriksaan forensik melibatkan pemeriksaan media komputer, seperti CD-

ROM, hard disk drive, kaset cadangan, dan media lain yang digunakan untuk
menyimpan data. Spesialis forensik menggunakan perangkat lunak khusus untuk
menemukan data komputer atau dapat memulihkan informasi file yang dihapus,
dienkripsi, atau rusak dan memulihkan kata sandi, sehingga dokumen dapat
dibaca.
 TINDAKAN PENCEGAHAN PENIPUAN TI

1. Membatasi akses internet selama jam kerja

2. Menggunakan NIP atau ID karyawan untuk membuka
komputer
3. Menetapkan kebijakan perusahaan terkait dengan penggunaan
sistem informasi
4. Membatasi akses atas informasi tertentu
5. Perangkat komputer dilengkapi dengan anti virus
6. Memberikan password jika ingin membuka dokumen tertentu
7. Membangun kontrol yang kuat secara internal (kontrol TI
melalui divisi sistem informasi dan melalui kode etik)
TERIMAKASIH