ACC 421 7-2 Final Project- Final Project

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

421

Subject

Accounting

Date

Nov 24, 2024

Type

docx

Pages

Uploaded by Barbara8289

1 Fraud prevention and detection policy Harriet Creyer Fraud prevention and detection policy Southern New Hampshire University ACC 421 - Auditing and Forensic Accounting

2 Fraud prevention and detection policy Introduction The banking industry has a multi-million-dollar fraud problem; the banking industry is seen to be one hardest hit industry globally with fraudsters believing the payout are bigger due to the business type. During 2021 while the economy was recovering from the global pandemic, the banking industry saw an increase; “ For every dollar of fraud lost in 2021, U.S. financial services firms saw $4.00 in costs, up from $3.64 in 2020 before the pandemic.” ( Study: Banks see rise in fraud attempts, associated costs in 2021 2022). An effective fraud awareness and prevention policy is essential for all business especially within the banking industry, it is becoming increasingly common for the banking industry to be hit with both internal and external fraud. Because the banking industry are dealing with finances on a daily basis, fraudsters are always looking for ways to infiltrate their policies and procedures in order to make money. Creating an anti-fraud program that not only detects fraud but can protect the industry is essential, this as well as a zero tolerance for the employees who could be tempted to commit fraud. “An ounce of prevention is worth a pound of cure is an understatement with regard to fraud” (Singleton, 2010). For an effective fraud awareness and prevention policy to be implemented then it is essential for it to start at the top of leadership and work its way through to every employee within the banking industry.

3 Fraud prevention and detection policy Fraud awareness and prevention policies Scope of Fraud policies i. All Employees, Contractors, Business Partners, or Joint Venture Companies are Subject to the requirements of this policy. No exceptions. ii. As a banking institution, we are responsible to our investors, customers, employees, and shareholders to be Transparent, Ethical, and Professional. The following policy will outline and direct all employees’ responsibilities and duties for ethical behaviour, raising awareness to the risk and the prevention of fraud as well as reporting and detection policies. iii. This policy applies to any irregularity, or suspected irregularity, involving employees as well as consultants, vendors, contractors, and/or any other parties with a business relationship with this organisation. Any investigative activity required will be conducted without regard to any person’s relationship to this organisation, position, or length of service. i. The term is used to describe acts such as deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, concealment of material facts and collusion. For practical purposes, and for this manual, fraud may be defined as the use of deception with the intention of obtaining an advantage, avoiding an obligation, or causing loss to another party. ( Model fraud policy statements - fraud advisory panel )

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

4 Fraud prevention and detection policy 1. Risk Factor management Because Fraud is at such a high risk in the Banking industry below are some highlighted risk factors for employees to keep in mind this does not include all possible risks. i. Wire Fraud – Wire fraud is a crime that can utilize several modes of modern world communication—including telephone, fax, email, or even social media. To combat this identification and account information must be present in order to make any transfer in person, for online banking there are the specific steps involved in order to determine identification. If in doubt, consult management or ask for more information . ii. Credential Stealing – In these scenarios, the criminal uses nefarious tactics to acquire data that uniquely identifies a user. Using the common ploy of “phishing,” the criminal poses as a legitimate business to trick the victim into releasing a powerful, highly confidential piece of information. This could be a social security number, an ID number, or even password reset verification answers. We need to remind our customers that scams come from outside sources pretending to be their financial institution, we need to ensure that they do not follow the instructions. iii. Account Takeover – Referred to commonly as identity theft, an account takeover is an extremely successful extension of credential stealing.

5 Fraud prevention and detection policy Unless there is prior written and consented authorisation from the account holder and attached to the account; then no one should be access the accounts. This authorisation could be in the form of a power of attorney ensuring it allows for access to the finances. This fraud is extremely high amongst the older generations. iv. Money Laundering – Any money stolen through fraudulent or criminal activities needs to be legitimized, or “cleaned,” through money laundering. Scams are becoming cleaver by sending ‘funds’ to the wrong person, money laundering can come in the form of a check. We need to implement an anti-money laundering (AML) checklist, if a customer has large deposits or unusual transactions then we need to refer to the AML. For example, if a customer deposits a large and out of character check, simply ask where the funds of come from 9/10 they will ask if it is legitimate. v. Accounting Fraud – Accounting fraud happens in the world of business lending. Using a phantom business, the criminal will apply for a loan through falsified bank statements—with no intention of paying back the loan. (What is a risk management strategy? 2022). We will be implementing additional checks to new and frequently used businesses. This will ensure that we are following the correct policies and allow our customers to know we are trying to protect them. 3. Training:

6 Fraud prevention and detection policy i. New hires are to complete the full fraud prevention training within a week of employment commencing. Existing employees will complete a biannual refresher training or when policies and procedures update, whichever is first. There will also be a physical signature requirement, only available to be printed after the training has been completed; this is to ensure that no one skips the training. This signed report will have the date, time, the time taken to complete training and a manager’s acknowledgment that it was completed. This will be updated onto the training logs and a hard copy kept within management files. This will help to keep the most current information at the forefront of all bank employees. ii. The training classes or seminars are required to be provided by the company or approved in advance of attendance (by the Company) before any employee can receive credit for attendance. (Detect fraud with behavioral biometrics) iii. Periodic “Stress Tests” of training and procedures will be conducted on an unannounced basis within all divisions or sections of the company to test knowledge and or the need for additional or more advanced training. This may be in the way of a ‘mystery customer’ designed to be ‘committing fraud’. Failure to stop or involve management will result I further training and/or investigation if required. iv. A continuous “Improvement Model” will be designed in an effort to provide needed tools for all company employees. v. Depending on the role held or promoted to, a credit check or background check maybe required to reveal any potential problems with internal

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

7 Fraud prevention and detection policy employees. All members of upper management are required to do an annual credit and background checks. 4. Fraud detection and response policies: “Antifraud programs are prevention, detection, and response—similar to the P-D-C (preventive-detective-corrective)” (Singleton, 2010). Any information given about potential internal fraud will be handled anonymously and will not impact the future career path of the employee unless involved. Any External fraud ‘caught; and all information obtained at time of incident, will be escalated to the fraud response team. i. Fraud detection is the responsibility of all employees. With the biannual training everyone will be able to know what to look for, also if there any ‘fraud alerts’ these will be sent to the staff. ii. All suspected fraud is required to be reported to management or equal level if at top level leadership and investigated regardless of the level at which it occurred. (Detect fraud with behavioral biometrics). iii. Any suspected fraud or activities in violation of company policy must be reported to the HR office immediately.

8 Fraud prevention and detection policy iv. A Fraud, Ethics and a whistleblower hotline will be available for all employees to be able to report suspect behaviors; again, this will be anonymous and will not impact the future career unless involved. v. Investigations found to have possible violated or possibly violated laws will be referred to the appropriate governing authority or agency for further investigation. vi. All external fraud incident will be investigated with the Fraud Response Team and passed to law enforcement as required. If there is any internal fraud reported this will be investigated by a 3 rd party company due to the nature of the fraud. There will be a fraud response team to be responsible for the different procedures stipulated within the fraud policies. i. Legal/Litigation: prosecution, knowledge of potential effectual prosecutors, civil litigation (Singleton, 2010). ii. Legal/HR: legal termination of fraudster, legal issues in investigating an employee (Singleton, 2010). iii. Forensic accounting/CFE: fraud investigation, fraud/legal evidence, proper interviews (Singleton, 2010). iv. Digital forensics: data mining for evidence (Singleton, 2010). v. Cyber forensics: evidence embedded in IT, hidden in IT, potential cyber sources of evidence (Singleton, 2010). vi. Internal audit: support the investigation, evidence gathering, controls remediation (Singleton, 2010).

9 Fraud prevention and detection policy vii. Public relations: avoid publicity, manage publicity, craft public responses to fraud (Singleton, 2010). viii. Executive management: manage all key decisions of the process and follow-up (Singleton, 2010). 5. Controls over physical and logical access: i. Access to all physical records, monies, or secure locations (vaults) will require the use of two factor authentication and or corporate ID card scan and pin code. ii. Physical monies are not to be left under the supervision of a single person; dual signatures are to be required on all physical fund’s movements. Any internal funds transfers will also require a 2-person authentication verification to ensure the transfers are correct and required. iii. Computer access is controlled by corporate information technology and all employees are required to follow the associated computer use and access policies or access may be removed without warnings. iv. Disclosure of confidential company information is considered fraud or unethical activities and will be investigated as such. v. No employee may share personal log-in information with anyone in or outside the company. vi. No Employee may log in to any company system using a log in ID not assigned to them. 6. Supervision and employee policies:

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

10 Fraud prevention and detection policy i. Each level of supervision is responsible for actions and or activities of those subordinates working below them. ii. No one employee will have all access without supervision and or authentication from upper management. iii. All supervisors and above can access data on company owned computers at any time. This will be read only access and cannot edit any information without the employee’s approval. iv. At the end of the month reconciliation each supervisor must review all needed information and concur on all data entry. Any data entry without this concurrence will be incomplete until approved. a. The organisation should be responsible for: i. Developing and maintaining effective controls to prevent fraud. ii. Carrying out vigorous and prompt investigations if fraud occurs. iii. Taking appropriate legal and/or disciplinary action against perpetrators of fraud. iv. Taking disciplinary action against supervisors where supervisory failures have contributed to the commission of the fraud. (Model fraud policy statements - fraud advisory panel) b. Managers should be responsible for: i. Identifying the risks to which systems and procedures are exposed. ii. Developing and maintaining effective controls to prevent and detect fraud. iii. Ensuring that controls are being complied with. (Model fraud policy statements - fraud advisory panel)

11 Fraud prevention and detection policy 7. Accounting, Reconciliation and Analysis: i. Each year there will be 4 accounting, reconciliation and analyses completed. 1. Two of these will be scheduled and announced 2. Two of these will be unannounced and will not be known by any company representative. By contract this cannot be interfered with by any employee or representative of the company. Any interference will be referred to authorities for investigation. ii. Chief Accounting Officer will be responsible to ensure these practices take place and will be observed by a third party to ensure the policies and procedures are being adhered to. iii. Any failure to comply with this analysis will result in an investigation. iv. All branches or departments dealing with finances will need to do reconciliation on a weekly basis to ensure there are no errors. 8. Audits: i. Twice a year an outside third-party contract firm will conduct audits of all records and transactions. ii. These audits will be used to compare with in-house balance sheets and relevant data to ensure proper record keeping takes place. The Audits will be used to identify any red flags or volitions of this or any other company policy or ethical business practices, and laws. iii. Audits will be reported and disclosed to all management when completed for review or needed explanation pending possible needed investigation.

12 Fraud prevention and detection policy iv. All Audit irregulates will be reported to the relevant law enforcement agencies for investigation. v. All business handling monies will be required to have random monthly spot checks on any funds held within a branch and in the tellers’ tills. vi. The IT department will run a monthly server check to ensure that there is nothing wrong with the servers or anything that would allow a data breach. vii. Our online banking software will be audited on a monthly basis to ensure that is no potential for a data breach, we will also review our security features at this time to ensure we are doing the best to keep everything safe. 12. Senior management support and enforcement of policy: We are committed to preventing, detecting, and reporting fraud, and in co-operating with other agencies and organizations to reduce opportunities for fraud. The banking industry remains to be the hardest hit industry due to the nature of our work, therefore we need to ensure that we have cooperation from everyone within the company We will manage the fraud risk by: i. Defining, setting, and maintaining cost effective control procedures to identify and deter fraud. ii. Ensuring staff know where and how to report any fraud violations they believe are fraud with the knowledge there will be anonymity.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

13 Fraud prevention and detection policy iii. Investigating all incidences of actual, attempted, or suspected fraud, and all instances of major control breakdown. iv. Encouraging staff to be vigilant and raising fraud-awareness at all levels. v. Ensuring key controls are complied with. vi. Providing staff with effective confidential reporting mechanisms and encouraging their use. vii. Acting against individuals and organizations perpetrating fraud against the group viii. Seeking restitution of any asset fraudulently obtained and the recovery of costs. ix. Co-operating with the fraud response team and law enforcement authorities in the investigation and prosecution of those suspected of fraud. (Model fraud policy statements - fraud advisory panel) References Adkins, T. (2022, July 13). Financial statement manipulation an ever-present problem for investors . Investopedia. Retrieved October 15, 2022, from https://www.investopedia.com/articles/fundamental-analysis/financial-statement- manipulation.asp Daly, L. (2022, September 21). Identity theft and credit card fraud statistics for 2022: The ascent . The Motley Fool. Retrieved October 15, 2022, from https://www.fool.com/the-ascent/research/identity-theft-credit-card-fraud-statistics/ David Vergara Jan 16, & Vergara, D. (2020, May 27). The banking industry's multi- billion dollar fraud problem-and how to solve it . BAI. Retrieved October 15, 2022, from https://www.bai.org/banking-strategies/article-detail/the-banking-industrys- multi-billion-dollar-problem/

14 Fraud prevention and detection policy Fraud costs and volumes remain significantly higher than pre-pandemic for financial services and lending firms, according to New LexisNexis Risk Solutions Report . LexisNexis Risk Solutions. (n.d.). Retrieved October 15, 2022, from https://risk.lexisnexis.com/about-us/press-room/press-release/20220106-annual- true-cost-of-fraud-study Model fraud policy statements - fraud advisory panel. (n.d.). Retrieved October 12, 2022, from https://www.fraudadvisorypanel.org/wp-content/uploads/2015/05/Model- Fraud-Policy-Statements-Feb05.pdf Singleton, T.W.S.A. J. (2010). Fraud Auditing and Forensic Accounting (4th ed.). Wiley Professional Development (P&T). https://mbsdirect.vitalsource.com/books/9780470877913 Study: Banks see rise in fraud attempts, associated costs in 2021 . ABA Banking Journal. (2022, January 6). Retrieved October 15, 2022, from https://bankingjournal.aba.com/2022/01/study-banks-see-rise-in-fraud-attempts- associated-costs-in-2021/ Tardi, C. (2022, July 1). Forensic audit definition . Investopedia. Retrieved October 15, 2022, from https://www.investopedia.com/terms/f/forensic-audit.asp What is a risk management strategy? SailPoint. (2022, January 27). Retrieved October 12, 2022, from https://www.sailpoint.com/identity-library/what-is-risk-management- strategy/