We have much to celebrate in this edition of The Forensic Practitioner.
We are excited to announce that the ICFP is finally recognised as a professional body by the South African Qualifications Authority (SAQA). Full Members who are in good standing with the ICFP can now attach the designation FP(SA) to their names, signifying they are established commercial forensic professionals in South Africa who are trusted by their peers. This is an immense achievement for us, and an important step in advancing our profession. You can read on this story on page nine.
Also in this edition, Nic Harris takes us through how practically to apply COSO’s recently updated Fraud Framework. Harris reminds us that even the best fraud management programmes need regular reassessment, and COSO’s checklist is a good place to start.
Then, Anthony Smith asks some important questions about South Africa’s commitment to global financial fraud regulations, especially in light of Government’s eleventh hour signing of a Financial Action Task Force amendment. Why was the signing delayed? And what are the consequences of non-compliance? Smith also discusses the complications involved in copy-pasting global financial crime legislation into our national law without localising it effectively. The result is a lack of enforcement, further diminishing our standing among the global forensic community.
We hope you find great value in this edition and we thank you for your support in 2017.
Practical Guidance on Implementing the COSO Fraud Framework
“New standards, frameworks, policies and processes.”
Most of us dread hearing these words because they often mean extra work with little perceived payoff.
But once we follow through on implementing them, we often find hidden pearls of value that effect strong organistional changes.
Although there is no surefire recipe for successfully reinventing your organisation’s fraud risk management approach based on someone else’s version of better practice, here are some tips based on the COSO’s new Fraud Framework that may help you along the way.
• Do a benchmarking/gap assessment
The new COSO Framework offers lots of checklists to do a quick and efficient benchmarking of your current fraud risk management programme.
Use this as an opportunity to perform some “zen like” introspection, and don’t be afraid to be critical. We don’t always get things right the first time and it helps to compare your organisation to those who are known for getting it right. If you’re happy with your current programme, it’s still worthwhile to step back – even the best-oiled machines require regular services.
Don’t over-rely on paper-based exercises. Now is the time to really critique whether your organisational reality reflects the theoretical policies and processes you’ve designed:
- Are you really convinced employees have read that 40-page fraud incident response plan you think of as your personal pièce de résistance?
- Are your employees capable of following it to the letter?
• Identify the quick wins but plan for the long game
As with anything, there will always be the low hanging fruit, like fraud awareness training. However, some interventions may require a number of years to implement for example, segregating duties within an enterprise resource planning (ERP) system. So, plan both your tactical and strategic improvement interventions and be realistic with your implementation timelines.
Rome wasn’t built in a day – and with today’s technology, fraudsters probably won’t make-off with the bricks. Thus, you need to identify your burning areas and focus on what can be practically implemented in the short term while ensuring you keep an eye on the horizon.
• Money Talks
Ensure you develop a watertight business case when requesting additional budget as some interventions aren’t cheap. Previous fraud incidents, reputational impact and even legislation and regulatory requirements will prove invaluable when justifying why you need those military-grade drones to monitor employee activities. Not realistic? Okay. Then how about implementing biometrics for employee access control?
• Enjoy the journey
Lastly, enjoy the journey. Sitting back and being able to finally attest to your stakeholders that you can finally say your fraud prevention strategy is aligned to bona-fide international best practice, is an achievement in itself. Not to mention the internal satisfaction that you have probably put a few more bad guys out of a job.
Nicholas is a qualified CA. He joined KPMG in 2005 and after completing his articles he became the Manager - Fraud Risk Management. He gained valuable experienced in the fraud risk management field and joined MTN Group Business Risk Management in July 2010. In July 2011, Nicholas was promoted to the Head of Group Forensics at MTN Management Services. Nicholas is responsible for establishing and maintaining the MTN Fraud Risk Management strategy together with anti-bribery and corruption compliance program across all 22 countries in which MTN operates. Nicholas has also conducted high priority investigations extensively across Africa and the Middle East.
By Anthony Smith
Enforcing South Africa's financial crime legislation
Earlier this year, the South African Government signed a key Financial Intelligence Centre (FIC) amendment to show its commitment to preventing and prosecuting financial crime. The amendment came after an inspection by the Financial Action Task Force (FATF) found gaps in our financial crime legislation.
Many wondered why Government signed the amendment only at the eleventh hour given the risks of non-compliance, which would have put South Africa in the company of countries like North Korea, Iraq and Iran – a risk to our reputation and any future direct foreign investment.
Poor enforcement costs us billions in unrecovered tax revenue
Although South Africa has very comprehensive financial crime legislation, we suffer from ineffective policing of that legislation, making us an attractive destination for criminals. Thanks to our relatively porous borders and lax enforcement, it’s estimated that around R150 billion leaves the country illegally each year. This translates into a loss of R60 billion in unpaid taxes, money that could be directed to solving our many socioeconomic challenges like housing shortages and the lack of basic infrastructure in many parts of the country.
Addressing the skills gap
South Africa’s under-enforcement of financial crime legislation is linked to our training in conducting commercial forensic investigation – a result of Government’s tendency to copy and paste global financial crime legislation into national law without localising it effectively.
Addressing the infrastructure gap
The problem of enforcement is also a problem of infrastructure. Pan-African countries have fragmented national identification systems, often with no built-in validation controls or algorithms. Uganda, for example, does not use postal codes, which limits its ability to identify people. This makes targeting the movement of criminals harder.
A private-public partnership
Regulators need to admit that they need help in their enforcement efforts. The FIC, for example, receives huge amounts of transaction data every day from South African banks. But how much of this data is analysed and acted upon at the FIC’s own initiation when most of its investigations have been top-down national directives?
Anthony J Smith
Anthony is a Partner in the Risk Advisory practice in Deloitte South Africa focusing on regulatory risk and financial crime compliance (including anti-money laundering, know-your-customer and sanctions). Anthony has over 20 years experience in financial services and was formerly the Executive Head of Compliance and Regulatory Relations for Barclays Africa Group Limited (including Absa) and prior to that he was a partner at KPMG responsible for the Compliance practice in Southern Africa as well as an external audit partner to several banks and financial institutions. In his time at Barclays Africa Anthony was, over and above his greater compliance related responsibilities, accountable for financial crime compliance across all of Barclays entities in Africa. He was responsible for a combined staff complement of c.450 individuals in the Compliance and Financial Crime teams. He was also responsible for the pan-Africa financial crime change and remediation programme. Anthony is a Chartered Accountant and a Registered Auditor and a member of the Compliance Institute of South Africa, the Independent Regulatory Board for Auditors and the South Africa Institute of Chartered Accountants. He is active in discussions relating to emerging regulations with key stakeholders in the economy, including regulators, financial institutions and the media.
Anthony has led a multitude of audit, compliance and financial crime engagements covering all aspects of the financial services industry.
ICFP Centre of Excellence
The ICFP Board of Directors is proud to announce the launch of its first Centre of Excellence (COE) workshop hosted on 27 October 2017. At the workshop, forensic practitioners were exposed to testifying in disciplinary hearings to improve their skills.
The aim of this workshop was to expose participants to commercial forensic testimony through a simulated disciplinary hearing. Participants were able to observe and partially partake in simulated disciplinary proceedings, where a commercial forensic practitioner provided testimony and was cross-examined.
The testimony was rendered under the control of a “proceedings case manager”, who stopped the proceedings during certain critical junctures to allow questions.
The testimony of the commercial forensic practitioner was based on a simulated forensic report, which was made available to participants beforehand.
6 October 2017
Participants attended a supplementary preceding lecturing event on 6 October 2017 at EY (102 Rivonia Road, Sandton) where lectures were presented by, among others, Prof Dawie de Villiers from the University of Johannesburg and a former CCMA Commissioner and Labour Lawyer. Mr Eben Potgieter. These lectures introduced participants to the relevant theoretical aspects that may feature in the simulated disciplinary hearing and in the presentation of evidence in disciplinary matters in general.
ICFP is an approved professional body
The South African Qualifcations Authority (SAQA) has awarded the ICFP the status of a professional body and approved the registration of our professional designation, Commercial Forensic Practitioner, abbreviated as (FP)SA.
This is an enormous step forward for the national recognition and formal acceptance of our profession. Many of us began our career as lawyers, accountants and auditors. The FP(SA) now augments those qualifcations based on our specialised experience in commercial forensics.
The designation FP(SA) is awarded to Full Members of the ICFP who are in good standing.
How to use the FP(SA):
Use the FP(SA) qualification in your email signature and/or business card.
Only the FP is bolded, with the full qualifcation presented in Calibri.
Chris de Beer
Tel No: +27 12 663 1961
Cell No: 082 902 4667
Madeleine du Preez
Tel No: +27 12 663 0193