THE STRATEGIC PLAN 2009 2012 FOR THE FRA
THE STRATEGIC PLAN 2009-2012
FOR THE FRAUD AND FORENSICS
UNIT (FFU) OF THE DIRECTORATE
OF INTERNAL AUDIT SERVICES
The Forensic Tongue
Baker Kosmac-Okwir, CFE, CIA, CPA,CGAP,
Fraud and Forensic Unit
Directorate of Internal Audit Services
Ministry of Finance, Planning and Economic Development
October 22, 2009
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
ACRONYMS AND ABBREVIATION
IIA
Institute of Internal Auditors
ACFE
Association of Certified Fraud Examiners
IPPF
International Professional Practice Framework
MFPED
Ministry of Finance, Planning and Economic Development
FFU
Fraud and Forensic Unit
FT
The Forensic Tongue
MDAs
Ministries Departments and Agencies
GOU
Government of Uganda
IAD
Internal Audit Services
GRC
Governance, Risk Management and Control
CFE
Certified Fraud Examiners
IGG
Inspector General of Government
2
2009-2012
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
TABLE OF CONTENTS
Acronyms and Abbreviation .......................................................................................................................... 2
Table of Contents ........................................................................................................................................... 3
Acknowledgement ......................................................................................................................................... 4
EXECUTIVE SUMMARY ........................................................................................................................... 5
INTRODUCTION ......................................................................................................................................... 7
VISION .......................................................................................................................................................... 7
MISSION ....................................................................................................................................................... 8
CORE VALUES ............................................................................................................................................ 8
GOAL .......................................................................................................................................................... 10
STRATEGIC OBJECTIVES ....................................................................................................................... 10
MANDATE ................................................................................................................................................. 11
SCOPE, FUNCTIONS AND KEY ACTIONS ........................................................................................... 12
SWOT ANALYSIS ..................................................................................................................................... 13
ANTI-FRAUDIMPLEMENTATION STRATEGY ................................................................................... 16
OUR REPORTING STRATEGY................................................................................................................ 23
3
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
ACKNOWLEDGEMENT
This strategy paper is a result of combined efforts and contributions from various professionals
and staff who agreed to share their knowledge and skill in Fraud and Forensic Management.
Thanks to Paul Muyanja and Annet Namuddu for their input.
4
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
EXECUTIVE SUMMARY
This document defines a strategic plan for the Fraud and Forensic Unit (FFU) of the Directorate
of Internal Audit Services (IAD) of the Ministry of Finance planning and Economic Development
(MFPED) in the Government of Uganda (GOU). It covers the strengths, weaknesses, threats and
opportunities; presents a series of fundamental statements relating to the FFU's vision, mission,
values and objectives; and sets out the FFU's proposed strategies, goals and action programs.
This is the first step in developing formalised structures in MFPED to deal with Fraud and
forensics in the MDAs. Fraud is a specialised area that requires specialised and dedicated staff
resources to deal with allegations and development of value adding solutions for preparation
and deterring fraud
The Institute of Internal Auditors (IIA) International Professional Practice Framework (IPPF)
2009 Standard 2120.A2 requires the internal audit activity to evaluate the potential for the
occurrence of FRAUD and how the organisation manages the Fraud risk. Standard 2210.A2
requires internal auditors to consider the probability of significant errors, FRAUD,
noncompliance, and other exposures when development the engagement objectives.
I ter al audit is a i porta t o po e t of the go er e t’s financial management system
and expenditure control framework. A strong internal audit function helps ensure that the
government agencies provide the public goods and services in an efficient and effective manner
and that the risks of fraud, waste and misuse of public funds are minimized. Accordingly, the
government internal audit in Uganda can make a valuable contribution to the economic
development of the country which is engaged in the struggle to eradicate poverty and to
achieve a better quality of life for its citizens.
Fraud is inherently dramatic and dynamic with riveting, exciting challenging information to
dissect. It would appear as an ostrich burying its head under the sand yet facing and aware of
the dangers surrounding it. The Government of Uganda is aware of the eminent dangers facing
it in the fraudulent transactions. It has set various institutions (IGG, ETHICS AND
INTERGRITYMINISTRY), yet no clear solutions have emerged. The setting up of the unit in the
Ministry of Finance, Planning and Economic Development (MFPED) is challenged to address this
problem.
Fraud is a field with plenty of publicity that requires devoted resources in the accountability
process to ensure better use of public resources. The creation of Fraud and Forensic unit within
5
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
the directorate of inspectorate and internal Audit (IIAD) will devote resources to prevention,
investigation, detection and control solutions within the auditable Ministries, Departments and
Agencies (MDA).
It’s therefore, i porta t to ha e a poli for fighting fraud as internal audit Directorate. The
Forensics and Fraud Unit (FFU) in the Directorate of Internal Audit Services is intended to
stre gthe the Go er e t’s a ti-fraud efforts by adopting a robust fraud methodology,
developing train and improving inter institutional relations with other public agencies engaged
i fighti g fraud. It’s therefore, esse tial to ha e a u it e tirel a d e lusi el dedi ated to
fraud.
Preparing the internal audit fraud unit to deal with fraud will have significant benefits for the
Accounting Officers and the public administration in the Governance, Risk and Control
assessments as well as capacity to prevent fraud.
The FFU would recommend actions to be taken to discourage the commission of fraud and limit
fraud exposures when it occurs by assessing fraud risks, examining and evaluating the adequacy
and effectiveness of the ministries internal controls system commensurate with the extent of a
potential exposure. This plan provides the foundation for positive change within our operations
and provides a roadmap for our future. We will implement these changes incrementally.
This strategic plan will be used to guide the work of the FFU and to communicate its results. It
will serve as the means for demonstrating how the FFU fulfils its mandate on behalf of
Directorate of Internal Audit Services. In its work, the FFU will be guided by, and comply with,
Uganda Laws, the professional standards established by professional bodies and anti-fraud
audit-related best practices in other jurisdictions.
To implement this strategy, the unit will require Ugx 3.9 billion for the three year period.
6
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
INTRODUCTION
The IIA defines Fraud as any illegal act characterised by deceit, concealing or violation of
trust. Fraud e compasses an array of illegularaties and illegal acts characterized by intentional
deception.
It can be perpetrated for the benefit of or to the detriment of the organization and by persons
outside as well as inside the organization the acts are not dependent upon the threat of
violence or physical force. Frauds are perpetrated by parties and organisations to obtain
money, property, or services, to avoid payment or loss of services or to secure personal or
business advantage.
The Forensics and Fraud Unit (FFU) in the Directorate of internal audit will strengthen the
directorate by helping— Identify fraud and the causes of fraud in the Ministries, Departments
and Agencies (MDA); assist ministries in fraud risks assessment (as all ministries are exposed to
a degree of fraud risk). The unit will evaluate the extent to which effective internal controls are
present to prevent and or detect fraud, and the honesty and integrity of those involved in the
process). The FFU will help the Directorate accomplish its objectives by bringing a systematic
disciplined approach to evaluate and improve the effectiveness of risk management, control,
and Governance process in the MDAs.
This document initiates a comprehensive and highly consultative strategic planning process to
identify the priorities and strategies for the FFU over the next three years. This strategic plan
represent a common vision for the FFU that is a result of discussions with all staff along with
the input of key stakeholders.
VISION
To be efficient in providing anti-fraud solutions to the Government of Uganda (GOU) by
coaching for success, motivating, team work, innovation, training, mentoring and aggressive
pursuit of excellence .
7
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
MISSION
To support the internal audit department to carry out its vision by providing anti-fraud
solutions that will—Prevent, Detect, Investigate and Remedy through—financial accountability,
Advocacy, Education and Enforcement.
CORE VALUES
The FFU values are a statement of the high standards to hold in conducting ourselves and our
work, and of the results we strive to achieve.
Impact FFU will focus on significant issues to make a positive and measurable difference
for the benefit of the MDAs.
We will demonstrate this by:
making decisions and exercising judgment to add value through our work;
using our skills and experience to their fullest potential;
seeking new processes and technology to do our work more effectively and
efficiently;
continuously seeking innovative and better ways of doing things;
building on experience and applying best practices;
working as a team;
consulting with our stakeholders;
seeking and valuing the contribution of all our staff;
conducting and using research to stay informed about current events and
future trends; and
Producing clear, concise and candid reports.
8
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
Integrity and Ethical
2009-2012
FFU will work together and with others in an open, honest, and
trustworthy manner while respecting the confidentiality of the
information we obtain.
We will demonstrate this by:
Independence
objectivity
•
open communication with the clients and our staff;
•
ensuring transparency;
•
respecting one another;
•
telling the truth;
•
considering different perspectives when making decisions;
•
being objective in attitude and decision-making;
•
respecting confidentiality; and
•
Carrying through on promises.
and FFU will report directly to the appointing authority at a time and
objective in the approach. FFU will adhere to professional codes of
ethics and independence standards, avoiding real and perceived
conflicts in the conduct of our work.
We demonstrate this by:
•
adhering to our professional codes of ethics and independence
standards;
•
exhibiting independence in fact and in appearance;
•
being non-partisan;
•
avoiding perceived and real conflicts of interest;
•
viewing situations with an appropriate degree of skepticism; and
•
building and maintaining appropriate relationships.
•
9
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
GOAL
The priority goal is to be the number one provider of anti-fraud and forensic investigative
solutions in the nation. This goal will be evidenced by:
• Nu
er of Cases Opened for Investigation.
• Nu
er of Arrests.
• Nu
er of Cases Prese ted for Prose utio .
• Nu
er of Referrals.
• A ou t of Court Ordered Restitutio
STRATEGIC OBJECTIVES
The following strategic objectives will support our goal and the realization of our vision:
1. Developing capacity within the Directorate of internal audit to ensure that—the
government assets and resources are safeguarded and actions and decisions of the
ministries are in compliance with the laws and regulations;
2. Coordinate and supervise all fraud related audits by assigning most provable cases
evidenced through screening & case management.
3. Develop a fraud risk profile for all ministries. Annually the FFU shall carry out fraud risk
assessment and advise the IAD on key areas of focus.
4. Implement and expand anti fraud training to all MDAs. Strategies for improving the FFU
shall include Human resource development through training and exposure, and
resource allocation.
5. Make policy recommendations to the MDA.
10
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
MANDATE
The Accountant General (AG) under the Public Finance and Accountability Act is responsible for
establishing the Internal Audit in accordance with international professional standards. Section
7 (3) (h) of the Public Finance and Accountability Act 2003 (PFAA), requires the Accountant
General to take precautions, by the maintenance of efficient checks, including surprise
inspections, against the occurrence of FRAUD, embezzlement or mismanagement.
Section 7 (3) (c) of PFAA ensure that the system of internal control in every Government
Ministry, department, fund, agency, or other reporting unit required to produce accounts under
section 31 is appropriate to the needs of the organisations concerned and conforms to
internationally recognised standards.
The International Standards for the Professional Practice (IPPF) requires that Internal Auditor to
have sufficient knowledge to identify the indicators of fraud but is not expected to have the
expertise of a person whose primary responsibility is detecting and investigating fraud.
The IPPF requires Internal Auditors to carry out a systematic review and appraisal of all
operations for purposes of advising management as to the efficiency, economy and
effectiveness of internal management policies, practices and controls.
In view of addressing the statutory provision and professional demand, the Directorate of
Inspectorate and Internal Audit formed various units among which is the Fraud and Forensic
(FFU.
11
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
SCOPE, FUNCTIONS AND KEY ACTIONS
SCOPE
The scope of work of the FFU is fraud examination, a methodology for resolving fraud allegation
from inception to disposition by obtaining evidence and taking statements, writing reports
testifying to finding and assisting in the detection and prevention of fraud. The scope requires
the resolving of specific allegations to determine whether fraud has occurred or is occurring
and to determine who is responsible by document examination, review of outside public data
e.g. other public records and interviews to establish sufficient proof to support or refute a fraud
allegation.
The scope will include Fraud and financial irregularity audits that are designed to verify the
existence and magnitude of suspected fraud and financial irregularities. Fraud and financial
irregularity audits may be conducted at the request of the Management and/or Audit
Committee.
FUNCTIONS
The following summarizes key functions we will be taking to support the implementation of our
strategies:
1. The unit will be charged with the responsibility of stressing the importance of
implementing fraud controls in the MDAs; it is important to note the G O U has set
various institutions (CID, IGG,DPP, AUDITOR GENERAL)that are involved in dealing with
fraud, and other irregularities most of the work carried out by these institutions is
often reactive FFU will have a proactive approach to fraud prevention and
management.
2. Work in conjunction with entity internal auditors to follow up on fraud risk that are
identified;
3. Responsible for the detection, investigation and prevention of fraud and recovery of
assets;
4. Poses a dedicated Forensics data analysis to support complex investigations;
5. Provide continuous and robust fraud prevention program;
6. Review statistical information to capture trends and metrics and share information with
ministries and agencies;
7. Investigating alleged audit failure and trying to assess what happened;
12
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
8. Identify key performance indicators to improve investigative performance;
9. Carrying out interviews and documenting the memorandum of interview;
10. Advise on policies regarding fraud prevention and detection;
11. Adhering to the standards of reporting on fraud.
KEY ACTIONS
The following summarizes key actions FFU will be taking to support the implementation of our
strategies:
Prepare and implement a work plan;
Establish a consultation process to obtain input from external stakeholders;
Establish communication protocols on all phases of engagements;
Implement a risk-based methodology for selection of fraud audit priorities;
Establish and enhance a methodology based on risk planning of selected engagements;
Determine our needs for specialist expertise and options for meeting them;
Standardize our methodology;
Establish and enhance fraud audit quality assurance processes;
Encourage government to focus on implementation of our recommendations and
improve processes for follow-up on engagement recommendations.
Establish aspects of our management of human resources including improved feedback
on performance and implementation of a comprehensive professional development
plan.
Conduct client satisfaction survey and address any issues identified.
Prepare and implement a long-term information technology strategy and tools for fraud
mapping.
SWOT ANALYSIS
SWOT analysis illuminates the FFU’s internal strengths and weaknesses along with external
opportunities and threats. The SWOT is a good indicator of the FFU’s ore o pete ies a d
processes.
13
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Strategy Selection
The strategy selection for the FFU shall be a hybrid. The strategy shall take components of
differentiation and also from network strategy. By definition differentiation is expressed in a
qualitative performance that results in selection of one group over another. The FFU
differentiation strategy is seeking to differentiate on the basis of service. This service to the
Directorate of Internal Audit is evidenced through the reduction in fraud and the restitution of
funds resulting from cases presented for investigation. The second component of strategy for
FFU will come from the network effect. Success with network effect will depend heavily on
FFU’s a ilit to get out i fro t a d e o e do i a t o the atio al le el. Alig e t et ee
strategy, service to the MFPED and goals of the unit are absolutely essential.
This goal of becoming number one provider of anti-fraud solution in the nation requires the
realignment of resources, performance metrics and optimization of operational efficiencies as
the actions to achieve excellence. The fishbone diagram on the next page illustrates the actions
without the assignment of personnel.
14
ANTI-FRAUD IMPLEMENTATION STRATEGY
FRAUD PREVENTION
Table 1: Fraud Prevention
Prevention
Audit
committee
Line
management
Internal
audit
compliance Forensic
AUDIT
Employe training
Fraud risk assessment
Anti
Fraud
communication
measures
Promote culture of honesty
&high ethics
HR guidelines
Mitigate fraud risk
Table 1 shows the role— line management; risk management and compliance can play in the
Prevention process.
Indeed, management is ultimately accountable for the establishment of comprehensive and
compatible systems, sound operations and results and consequently for the prevention of
fraud. Internal audit helps management through its analysis of each observation and its
recommendation while assessing the internal controls, risks management and corporate
governance of the company.
Trainings will be organized to set up the awareness for new people hired. Case studies may be
discussed in order to develop the right attitudes. The FFU will give the training as it will be in
the best position to explain the prevention tools, the right behaviour to adopt and use practical
examples they have seen. The persons in charge of the assessment may vary depending on the
size of the MDA,and the maturity level in terms of fraud. In some circumstances and structures,
management or the FFU may play a bigger role because the awareness is not present yet
among the Line management. Internal Audit may facilitate a comprehensive fraud and
reputation risk assessment. It would be their biggest contribution to prevention. The process
might be facilitated/conducted by management and/or by FFU.
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
When special circumstances arise—newly discovered frauds, changed operating environment,
restructuring, a new assessment should be performed. The communication of anti-fraud
measures may be implemented through intranet messages, very specific messages (for external
fraud), and newsletters with specific information for management.
INTERNAL AUDITOR’“ ROLE IN THE MDA
Internal auditors are responsible for assisting MDA to prevent fraud by examining and
evaluating the adequacy and effectiveness of their internal controls' system, commensurate
with the extent of a potential exposure within the MDA. When meeting their responsibilities,
internal auditors should consider the following elements:
I.
Control environment. Assess aspects of the control environment, conduct proactive
fraud audits and investigations, communicate results of fraud audits, and provide
support for remediation efforts. In some cases, internal auditors also may own the
whistleblower hotline.
II.
Fraud risk assessment. E aluate a age e t’s fraud risk assess e t, i parti ular,
their processes for identifying, assessing, and testing potential fraud and misconduct
schemes and scenarios, including those that could involve suppliers, contractors, and
other parties.
III.
Control activities. Assess the design and operating effectiveness of fraud-related
controls; ensure that audit plans and programs address residual risk and incorporate
fraud audits; evaluate the design of facilities from a fraud or theft perspective; and
review proposed changes to laws, regulations, or systems, and their impacts on
controls.
IV.
Information and communication. Assess the operating effectiveness of information and
communication systems and practices, as well as provide support to fraud-related
training initiatives.
V.
Monitoring. Assess monitoring activities and related computer software; conduct
investigations; support the audit committees oversight related to control and fraud
17
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
matters; support the development of fraud indicators; and hire and train employees so
they can have the appropriate fraud audit or investigative experience.
FRAUD DETECTION AND INVESTIGATION
Table 2: Detection Aspects
Audit
committee
Detection
Line
management
Internal
audit
compliance Forensic
AUDIT
All process assessment
Anti fraud and detection
fraud process reveiw
Evaluate
&test
effectiveness of controls
Fraud detection tools
Fraud auditing
Recommend actions to
improve detection and anti
fraud
Table 2, show the role-the audit committee, line management, internal audit, compliance and
forensic audit, play in the detection process. A great role is done in the fraud auditing and
recommendation stage by all the key players-line management, internal audit compliance with
a significant part played by fraud audit.
INTERNAL AUDITOR’“ ROLE IN DETECTION AND INVE“TIGATION
Internal Audit has the following role in detection:
Auditing the fraud prevention and detection process (designed by Board,
Forensic Audit, Line Management, Risk Management and Compliance).
Considering fraud risks during the build-up of the audit universe and the
yearly audit planning and during the individual audit itself.
18
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Testing anti-fraud controls.
Fraud auditing (extensive testing) in case of missing anti-fraud controls or in
case problems with anti-fraud controls where identified during testing.
Forensic Audit (and Line Management) is responsible for the day-to-day
detection of fraud and Internal Audit for the identification of specific
indications of fraud during audit assignments if red flags are identified.
Line Management, often together with Risk Management, is in charge of the
assessment of the business processes. Line Management should detect
potential fraud schemes while carrying out their periodical controls. Special
Investigation (Forensic Audit) is in charge of the continuous monitoring
(through IT tool). Internal Audit has the responsibility to include fraud
auditing techniques in their audit activities.
During the evaluation and testing of the effectiveness of the controls, FFU will need to address
the possibility that management might seek to circumvent or override controls intended to
prevent or detect fraud.
The degree that fraud may be present in activities covered in the normal course of audit work,
internal auditors have a responsibility to exercise due professional care as specifically defined in
Standard 1220 of the International Standards for the Professional Practice of Internal Auditing
with respect to fraud detection. However, most internal auditors are not expected to have
knowledge equivalent to that of a person whose primary responsibility is detecting and
investigating fraud. Also, audit procedures alone, even when carried out with due professional
care, do not guarantee that fraud will be detected.
A well-designed internal control system should not be conducive to fraud. Tests conducted by
auditors improve the likelihood that any existing fraud indicators will be detected and
o sidered for further i estigatio . I
o du ti g e gage e ts, the i ter al auditor’s
responsibilities in detecting fraud are to—consider fraud risks in the assessment of control
design and determination of audit steps to perform. While internal auditors are not expected to
detect fraud and irregularities, internal auditors are expected to obtain reasonable assurance
that business objectives for the process under review are being achieved and material control
deficiencies whether through simple error or intentional effort are detected.
19
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Have sufficient knowledge of fraud to identify red flags indicating fraud may have been
committed. This knowledge includes the characteristics of fraud, the techniques used to
commit fraud, and the various fraud schemes and scenarios associated with the activities
reviewed.
Be alert to opportunities that could allow fraud, such as control weaknesses. If significant
control weaknesses are detected, additional tests conducted by internal auditors should be
directed at identifying other fraud indicators. Some examples of indicators are unauthorized
transactions, sudden fluctuations in the volume or value of transactions, control overrides, .
Internal auditors should recognize that the presence of more than one indicator at any one
time increases the probability that fraud has occurred.
Evaluate the indicators of fraud and decide whether any further action is necessary or whether
an investigation should be recommended. Notify the appropriate authorities within the
organization if a determination is made that fraud has occurred to recommend an investigation.
INVESTIGATION STRATEGY
Table 3: Investigation
Audit
committee
Investigation
Line
management
Investigation process
Remedial and preventive
recurrence
Specialised
knowledge
and skills to assist
Responding
blowers
Managing
teams
to
whistle
investigation
Assess level of complicity
in fraud investigation
20
Internal
audit
compliance Forensic
AUDIT
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Forensic Auditors mainly manage this process.
The investigation process requires highly qualified people and specific skills. Only Forensic
Auditors may conduct such an engagement. They are also the best aware of the legal aspects
and contacts with authorities (legal counsel, regulators…); of ot letti g disappear e ide es
and to conduct due investigations (at charge/at discharge).
In ministry departments and agencies this role will be carried out by the FFU. In this process
the root causes of the fraud will identify in order to define what happened and the impact on
the fi a ial state e t, the i age… is esti ated.
INTERNAL AUDITOR’“ ROLE IN INVE“TIGATION
The role of internal audit in investigations should be defined in the internal audit charter as well
as the fraud policies. For example, internal audit may have the primary responsibility for fraud
investigations, may act as a resource for investigations, or must refrain from involving itself in
investigations (because they are responsible for assessing the effectiveness of investigations).
Any of these roles can be acceptable, as long as the impact of these activities on internal audit s
independence is recognized and handled appropriately.
To maintain proficiency, fraud investigation teams have a responsibility to obtain
sufficient knowledge of fraud schemes, investigation techniques, and laws. There are programs
that provide training and certifications for investigators and forensic specialists.
If FFU is responsible for ensuring that investigations are conducted, it may conduct an
investigation using in-house staff, outsourcing, or a combination of both. In some cases, FFU
may also use non-audit staff of the MDA as to assist.
The FFU will often assemble the investigation team without delay. If the Directorate of Internal
Services needs external experts, the Chief Government Auditor should consider pre-qualifying
the service provider[s] so that the external resources are available quickly.
21
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
THE INVESTIGATORS ROLE
An investigation plan shall be developed for each investigation, following the FFU’s
investigation procedures or protocols. The Head of FFU will determine the knowledge, skills,
and other competencies needed to carry out the investigation effectively and assign
competent, appropriate people to the team. This process will include assurance that there is no
potential conflict of interest with those being investigated or with any of the employees of the
organization.
The plan should consider methods to:
o Gather evidence, such as surveillance, interviews, or written statements.
o Document the evidence, considering legal rules of evidence and the business uses of the
evidence.
o Determine the extent of the fraud.
o Determine the scheme (techniques used to perpetrate the fraud).
o Evaluate the cause.
o Identify the perpetrators.
At any point in this process, the investigator may conclude that the complaint or suspicion was
unfounded and follow a process to close the case.
Activities should be coordinated with management, Attorney General, and other specialists,
such as human resources, Police as appropriate throughout the course of the investigation.
Investigators will be trained to be knowledgeable and cognizant of the rights of persons within
the scope of the investigation and the reputation of the MDA itself. The level and extent of
complicity in the fraud throughout the MDA will be assessed.
This assessment will be critical to ensuring that crucial evidence is neither destroyed nor
tainted, and to avoid obtaining misleading information from persons who may be involved.
FRAUD REMEDIATION SOLUTIONS
The remediation involves disciplinary and legal actions. Forensic Audit can play here an
important role in terms of recommendations to improve the internal controls and avoid
recurrence. Therefore, a good communication with Line Management as well as with Internal
Audit must be implemented. Internal Audit will include in its planning an assessment of the
internal controls and risk management of the process or sub-process involved.
22
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Responding to whistleblowers will be the responsibility of management, with the assistance of
Fore si Audit as it o er s specific allegations or suspicions of fraud a d this is the su je t
of a fraud investigation. Management is responsible for resolving fraud incidents, not the
internal auditor or FFU.
Resolution consists of determining what actions will be taken by the MDA once a fraud scheme
and perpetrator[s] have been fully investigated, and evidence has been reviewed.
The FFU or Internal Auditors will assess the facts of investigations and advise management
relating to remediation of control weaknesses that lead to the fraud. Internal Auditors shall
design additional steps in routine audit programs or develop auditing for fraud programs to
help disclose the existence of similar frauds in the future.
Management’s fraud policies and procedures should define who has authority and
responsibility for each process. Internal auditors may only be involved as advisors in the
processes.
REPORTING STRATEGY
Each special investigation conducted must lead to the issuance of a report stating the facts, the
causes and the recommendation for remedial actions. Regularly, FFU will issue statistics around
the fraud cases.
Periodic reporting will be regularly addressed to the Permanent Secretary/Secretary to the
Treasury and appropriate Audit Committee for oversight and make sure that appropriate
measures are taken in time.
FRAUD AND FORENSIC POLICY
This paper proposes that a Fraud and Forensic policy statement is developed that details the
legal framework to conduct the fraud and forensic in government.
FRAUD AND FORENSIC MANUAL
This paper proposes that a manual will developed to provide generic guideline to the FFU in the
way fraud examination and investigation will be conducted.
CAPACITY BUILDING AND SPECIALISED TRAINING
To achieve the adequate performance and meet expectation of stakeholders, staff will
undertake specialised and professional courses in Fraud and Forensics. These training courses
23
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
will focus on Fraud Examination Principles, Law and Fraud, Professional interviewing skills, Antimoney Laundering, Computer Forensics, and Professional Fraud Specialised Examinations. With
a professional staffed unit, creditability is expected from the assignments.
BUDGET IMPLICATION
The strategy will be implemented in three year period at the estimated expenditure budget of
Ugx 3.9 billion, in year 2009 at Ugx 1.3bn, in year 2010 to 1.4billion and dropping in year 2012
to Ugx 1.1 billion. The detailed expenditure budget is annexed in annex I and II.
PROPOSED STRUCTURE OF THE UNIT
The Directorate of Internal Audit in the Ministry of Finance and Economic Development is
headed by the AG Director Internal Audit/ Chief Government Auditor
24
FOR THE FRAUD AND FORENSICS
UNIT (FFU) OF THE DIRECTORATE
OF INTERNAL AUDIT SERVICES
The Forensic Tongue
Baker Kosmac-Okwir, CFE, CIA, CPA,CGAP,
Fraud and Forensic Unit
Directorate of Internal Audit Services
Ministry of Finance, Planning and Economic Development
October 22, 2009
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
ACRONYMS AND ABBREVIATION
IIA
Institute of Internal Auditors
ACFE
Association of Certified Fraud Examiners
IPPF
International Professional Practice Framework
MFPED
Ministry of Finance, Planning and Economic Development
FFU
Fraud and Forensic Unit
FT
The Forensic Tongue
MDAs
Ministries Departments and Agencies
GOU
Government of Uganda
IAD
Internal Audit Services
GRC
Governance, Risk Management and Control
CFE
Certified Fraud Examiners
IGG
Inspector General of Government
2
2009-2012
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
TABLE OF CONTENTS
Acronyms and Abbreviation .......................................................................................................................... 2
Table of Contents ........................................................................................................................................... 3
Acknowledgement ......................................................................................................................................... 4
EXECUTIVE SUMMARY ........................................................................................................................... 5
INTRODUCTION ......................................................................................................................................... 7
VISION .......................................................................................................................................................... 7
MISSION ....................................................................................................................................................... 8
CORE VALUES ............................................................................................................................................ 8
GOAL .......................................................................................................................................................... 10
STRATEGIC OBJECTIVES ....................................................................................................................... 10
MANDATE ................................................................................................................................................. 11
SCOPE, FUNCTIONS AND KEY ACTIONS ........................................................................................... 12
SWOT ANALYSIS ..................................................................................................................................... 13
ANTI-FRAUDIMPLEMENTATION STRATEGY ................................................................................... 16
OUR REPORTING STRATEGY................................................................................................................ 23
3
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
ACKNOWLEDGEMENT
This strategy paper is a result of combined efforts and contributions from various professionals
and staff who agreed to share their knowledge and skill in Fraud and Forensic Management.
Thanks to Paul Muyanja and Annet Namuddu for their input.
4
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
EXECUTIVE SUMMARY
This document defines a strategic plan for the Fraud and Forensic Unit (FFU) of the Directorate
of Internal Audit Services (IAD) of the Ministry of Finance planning and Economic Development
(MFPED) in the Government of Uganda (GOU). It covers the strengths, weaknesses, threats and
opportunities; presents a series of fundamental statements relating to the FFU's vision, mission,
values and objectives; and sets out the FFU's proposed strategies, goals and action programs.
This is the first step in developing formalised structures in MFPED to deal with Fraud and
forensics in the MDAs. Fraud is a specialised area that requires specialised and dedicated staff
resources to deal with allegations and development of value adding solutions for preparation
and deterring fraud
The Institute of Internal Auditors (IIA) International Professional Practice Framework (IPPF)
2009 Standard 2120.A2 requires the internal audit activity to evaluate the potential for the
occurrence of FRAUD and how the organisation manages the Fraud risk. Standard 2210.A2
requires internal auditors to consider the probability of significant errors, FRAUD,
noncompliance, and other exposures when development the engagement objectives.
I ter al audit is a i porta t o po e t of the go er e t’s financial management system
and expenditure control framework. A strong internal audit function helps ensure that the
government agencies provide the public goods and services in an efficient and effective manner
and that the risks of fraud, waste and misuse of public funds are minimized. Accordingly, the
government internal audit in Uganda can make a valuable contribution to the economic
development of the country which is engaged in the struggle to eradicate poverty and to
achieve a better quality of life for its citizens.
Fraud is inherently dramatic and dynamic with riveting, exciting challenging information to
dissect. It would appear as an ostrich burying its head under the sand yet facing and aware of
the dangers surrounding it. The Government of Uganda is aware of the eminent dangers facing
it in the fraudulent transactions. It has set various institutions (IGG, ETHICS AND
INTERGRITYMINISTRY), yet no clear solutions have emerged. The setting up of the unit in the
Ministry of Finance, Planning and Economic Development (MFPED) is challenged to address this
problem.
Fraud is a field with plenty of publicity that requires devoted resources in the accountability
process to ensure better use of public resources. The creation of Fraud and Forensic unit within
5
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
the directorate of inspectorate and internal Audit (IIAD) will devote resources to prevention,
investigation, detection and control solutions within the auditable Ministries, Departments and
Agencies (MDA).
It’s therefore, i porta t to ha e a poli for fighting fraud as internal audit Directorate. The
Forensics and Fraud Unit (FFU) in the Directorate of Internal Audit Services is intended to
stre gthe the Go er e t’s a ti-fraud efforts by adopting a robust fraud methodology,
developing train and improving inter institutional relations with other public agencies engaged
i fighti g fraud. It’s therefore, esse tial to ha e a u it e tirel a d e lusi el dedi ated to
fraud.
Preparing the internal audit fraud unit to deal with fraud will have significant benefits for the
Accounting Officers and the public administration in the Governance, Risk and Control
assessments as well as capacity to prevent fraud.
The FFU would recommend actions to be taken to discourage the commission of fraud and limit
fraud exposures when it occurs by assessing fraud risks, examining and evaluating the adequacy
and effectiveness of the ministries internal controls system commensurate with the extent of a
potential exposure. This plan provides the foundation for positive change within our operations
and provides a roadmap for our future. We will implement these changes incrementally.
This strategic plan will be used to guide the work of the FFU and to communicate its results. It
will serve as the means for demonstrating how the FFU fulfils its mandate on behalf of
Directorate of Internal Audit Services. In its work, the FFU will be guided by, and comply with,
Uganda Laws, the professional standards established by professional bodies and anti-fraud
audit-related best practices in other jurisdictions.
To implement this strategy, the unit will require Ugx 3.9 billion for the three year period.
6
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
INTRODUCTION
The IIA defines Fraud as any illegal act characterised by deceit, concealing or violation of
trust. Fraud e compasses an array of illegularaties and illegal acts characterized by intentional
deception.
It can be perpetrated for the benefit of or to the detriment of the organization and by persons
outside as well as inside the organization the acts are not dependent upon the threat of
violence or physical force. Frauds are perpetrated by parties and organisations to obtain
money, property, or services, to avoid payment or loss of services or to secure personal or
business advantage.
The Forensics and Fraud Unit (FFU) in the Directorate of internal audit will strengthen the
directorate by helping— Identify fraud and the causes of fraud in the Ministries, Departments
and Agencies (MDA); assist ministries in fraud risks assessment (as all ministries are exposed to
a degree of fraud risk). The unit will evaluate the extent to which effective internal controls are
present to prevent and or detect fraud, and the honesty and integrity of those involved in the
process). The FFU will help the Directorate accomplish its objectives by bringing a systematic
disciplined approach to evaluate and improve the effectiveness of risk management, control,
and Governance process in the MDAs.
This document initiates a comprehensive and highly consultative strategic planning process to
identify the priorities and strategies for the FFU over the next three years. This strategic plan
represent a common vision for the FFU that is a result of discussions with all staff along with
the input of key stakeholders.
VISION
To be efficient in providing anti-fraud solutions to the Government of Uganda (GOU) by
coaching for success, motivating, team work, innovation, training, mentoring and aggressive
pursuit of excellence .
7
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
MISSION
To support the internal audit department to carry out its vision by providing anti-fraud
solutions that will—Prevent, Detect, Investigate and Remedy through—financial accountability,
Advocacy, Education and Enforcement.
CORE VALUES
The FFU values are a statement of the high standards to hold in conducting ourselves and our
work, and of the results we strive to achieve.
Impact FFU will focus on significant issues to make a positive and measurable difference
for the benefit of the MDAs.
We will demonstrate this by:
making decisions and exercising judgment to add value through our work;
using our skills and experience to their fullest potential;
seeking new processes and technology to do our work more effectively and
efficiently;
continuously seeking innovative and better ways of doing things;
building on experience and applying best practices;
working as a team;
consulting with our stakeholders;
seeking and valuing the contribution of all our staff;
conducting and using research to stay informed about current events and
future trends; and
Producing clear, concise and candid reports.
8
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
Integrity and Ethical
2009-2012
FFU will work together and with others in an open, honest, and
trustworthy manner while respecting the confidentiality of the
information we obtain.
We will demonstrate this by:
Independence
objectivity
•
open communication with the clients and our staff;
•
ensuring transparency;
•
respecting one another;
•
telling the truth;
•
considering different perspectives when making decisions;
•
being objective in attitude and decision-making;
•
respecting confidentiality; and
•
Carrying through on promises.
and FFU will report directly to the appointing authority at a time and
objective in the approach. FFU will adhere to professional codes of
ethics and independence standards, avoiding real and perceived
conflicts in the conduct of our work.
We demonstrate this by:
•
adhering to our professional codes of ethics and independence
standards;
•
exhibiting independence in fact and in appearance;
•
being non-partisan;
•
avoiding perceived and real conflicts of interest;
•
viewing situations with an appropriate degree of skepticism; and
•
building and maintaining appropriate relationships.
•
9
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
GOAL
The priority goal is to be the number one provider of anti-fraud and forensic investigative
solutions in the nation. This goal will be evidenced by:
• Nu
er of Cases Opened for Investigation.
• Nu
er of Arrests.
• Nu
er of Cases Prese ted for Prose utio .
• Nu
er of Referrals.
• A ou t of Court Ordered Restitutio
STRATEGIC OBJECTIVES
The following strategic objectives will support our goal and the realization of our vision:
1. Developing capacity within the Directorate of internal audit to ensure that—the
government assets and resources are safeguarded and actions and decisions of the
ministries are in compliance with the laws and regulations;
2. Coordinate and supervise all fraud related audits by assigning most provable cases
evidenced through screening & case management.
3. Develop a fraud risk profile for all ministries. Annually the FFU shall carry out fraud risk
assessment and advise the IAD on key areas of focus.
4. Implement and expand anti fraud training to all MDAs. Strategies for improving the FFU
shall include Human resource development through training and exposure, and
resource allocation.
5. Make policy recommendations to the MDA.
10
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
MANDATE
The Accountant General (AG) under the Public Finance and Accountability Act is responsible for
establishing the Internal Audit in accordance with international professional standards. Section
7 (3) (h) of the Public Finance and Accountability Act 2003 (PFAA), requires the Accountant
General to take precautions, by the maintenance of efficient checks, including surprise
inspections, against the occurrence of FRAUD, embezzlement or mismanagement.
Section 7 (3) (c) of PFAA ensure that the system of internal control in every Government
Ministry, department, fund, agency, or other reporting unit required to produce accounts under
section 31 is appropriate to the needs of the organisations concerned and conforms to
internationally recognised standards.
The International Standards for the Professional Practice (IPPF) requires that Internal Auditor to
have sufficient knowledge to identify the indicators of fraud but is not expected to have the
expertise of a person whose primary responsibility is detecting and investigating fraud.
The IPPF requires Internal Auditors to carry out a systematic review and appraisal of all
operations for purposes of advising management as to the efficiency, economy and
effectiveness of internal management policies, practices and controls.
In view of addressing the statutory provision and professional demand, the Directorate of
Inspectorate and Internal Audit formed various units among which is the Fraud and Forensic
(FFU.
11
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
SCOPE, FUNCTIONS AND KEY ACTIONS
SCOPE
The scope of work of the FFU is fraud examination, a methodology for resolving fraud allegation
from inception to disposition by obtaining evidence and taking statements, writing reports
testifying to finding and assisting in the detection and prevention of fraud. The scope requires
the resolving of specific allegations to determine whether fraud has occurred or is occurring
and to determine who is responsible by document examination, review of outside public data
e.g. other public records and interviews to establish sufficient proof to support or refute a fraud
allegation.
The scope will include Fraud and financial irregularity audits that are designed to verify the
existence and magnitude of suspected fraud and financial irregularities. Fraud and financial
irregularity audits may be conducted at the request of the Management and/or Audit
Committee.
FUNCTIONS
The following summarizes key functions we will be taking to support the implementation of our
strategies:
1. The unit will be charged with the responsibility of stressing the importance of
implementing fraud controls in the MDAs; it is important to note the G O U has set
various institutions (CID, IGG,DPP, AUDITOR GENERAL)that are involved in dealing with
fraud, and other irregularities most of the work carried out by these institutions is
often reactive FFU will have a proactive approach to fraud prevention and
management.
2. Work in conjunction with entity internal auditors to follow up on fraud risk that are
identified;
3. Responsible for the detection, investigation and prevention of fraud and recovery of
assets;
4. Poses a dedicated Forensics data analysis to support complex investigations;
5. Provide continuous and robust fraud prevention program;
6. Review statistical information to capture trends and metrics and share information with
ministries and agencies;
7. Investigating alleged audit failure and trying to assess what happened;
12
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
8. Identify key performance indicators to improve investigative performance;
9. Carrying out interviews and documenting the memorandum of interview;
10. Advise on policies regarding fraud prevention and detection;
11. Adhering to the standards of reporting on fraud.
KEY ACTIONS
The following summarizes key actions FFU will be taking to support the implementation of our
strategies:
Prepare and implement a work plan;
Establish a consultation process to obtain input from external stakeholders;
Establish communication protocols on all phases of engagements;
Implement a risk-based methodology for selection of fraud audit priorities;
Establish and enhance a methodology based on risk planning of selected engagements;
Determine our needs for specialist expertise and options for meeting them;
Standardize our methodology;
Establish and enhance fraud audit quality assurance processes;
Encourage government to focus on implementation of our recommendations and
improve processes for follow-up on engagement recommendations.
Establish aspects of our management of human resources including improved feedback
on performance and implementation of a comprehensive professional development
plan.
Conduct client satisfaction survey and address any issues identified.
Prepare and implement a long-term information technology strategy and tools for fraud
mapping.
SWOT ANALYSIS
SWOT analysis illuminates the FFU’s internal strengths and weaknesses along with external
opportunities and threats. The SWOT is a good indicator of the FFU’s ore o pete ies a d
processes.
13
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Strategy Selection
The strategy selection for the FFU shall be a hybrid. The strategy shall take components of
differentiation and also from network strategy. By definition differentiation is expressed in a
qualitative performance that results in selection of one group over another. The FFU
differentiation strategy is seeking to differentiate on the basis of service. This service to the
Directorate of Internal Audit is evidenced through the reduction in fraud and the restitution of
funds resulting from cases presented for investigation. The second component of strategy for
FFU will come from the network effect. Success with network effect will depend heavily on
FFU’s a ilit to get out i fro t a d e o e do i a t o the atio al le el. Alig e t et ee
strategy, service to the MFPED and goals of the unit are absolutely essential.
This goal of becoming number one provider of anti-fraud solution in the nation requires the
realignment of resources, performance metrics and optimization of operational efficiencies as
the actions to achieve excellence. The fishbone diagram on the next page illustrates the actions
without the assignment of personnel.
14
ANTI-FRAUD IMPLEMENTATION STRATEGY
FRAUD PREVENTION
Table 1: Fraud Prevention
Prevention
Audit
committee
Line
management
Internal
audit
compliance Forensic
AUDIT
Employe training
Fraud risk assessment
Anti
Fraud
communication
measures
Promote culture of honesty
&high ethics
HR guidelines
Mitigate fraud risk
Table 1 shows the role— line management; risk management and compliance can play in the
Prevention process.
Indeed, management is ultimately accountable for the establishment of comprehensive and
compatible systems, sound operations and results and consequently for the prevention of
fraud. Internal audit helps management through its analysis of each observation and its
recommendation while assessing the internal controls, risks management and corporate
governance of the company.
Trainings will be organized to set up the awareness for new people hired. Case studies may be
discussed in order to develop the right attitudes. The FFU will give the training as it will be in
the best position to explain the prevention tools, the right behaviour to adopt and use practical
examples they have seen. The persons in charge of the assessment may vary depending on the
size of the MDA,and the maturity level in terms of fraud. In some circumstances and structures,
management or the FFU may play a bigger role because the awareness is not present yet
among the Line management. Internal Audit may facilitate a comprehensive fraud and
reputation risk assessment. It would be their biggest contribution to prevention. The process
might be facilitated/conducted by management and/or by FFU.
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
When special circumstances arise—newly discovered frauds, changed operating environment,
restructuring, a new assessment should be performed. The communication of anti-fraud
measures may be implemented through intranet messages, very specific messages (for external
fraud), and newsletters with specific information for management.
INTERNAL AUDITOR’“ ROLE IN THE MDA
Internal auditors are responsible for assisting MDA to prevent fraud by examining and
evaluating the adequacy and effectiveness of their internal controls' system, commensurate
with the extent of a potential exposure within the MDA. When meeting their responsibilities,
internal auditors should consider the following elements:
I.
Control environment. Assess aspects of the control environment, conduct proactive
fraud audits and investigations, communicate results of fraud audits, and provide
support for remediation efforts. In some cases, internal auditors also may own the
whistleblower hotline.
II.
Fraud risk assessment. E aluate a age e t’s fraud risk assess e t, i parti ular,
their processes for identifying, assessing, and testing potential fraud and misconduct
schemes and scenarios, including those that could involve suppliers, contractors, and
other parties.
III.
Control activities. Assess the design and operating effectiveness of fraud-related
controls; ensure that audit plans and programs address residual risk and incorporate
fraud audits; evaluate the design of facilities from a fraud or theft perspective; and
review proposed changes to laws, regulations, or systems, and their impacts on
controls.
IV.
Information and communication. Assess the operating effectiveness of information and
communication systems and practices, as well as provide support to fraud-related
training initiatives.
V.
Monitoring. Assess monitoring activities and related computer software; conduct
investigations; support the audit committees oversight related to control and fraud
17
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
matters; support the development of fraud indicators; and hire and train employees so
they can have the appropriate fraud audit or investigative experience.
FRAUD DETECTION AND INVESTIGATION
Table 2: Detection Aspects
Audit
committee
Detection
Line
management
Internal
audit
compliance Forensic
AUDIT
All process assessment
Anti fraud and detection
fraud process reveiw
Evaluate
&test
effectiveness of controls
Fraud detection tools
Fraud auditing
Recommend actions to
improve detection and anti
fraud
Table 2, show the role-the audit committee, line management, internal audit, compliance and
forensic audit, play in the detection process. A great role is done in the fraud auditing and
recommendation stage by all the key players-line management, internal audit compliance with
a significant part played by fraud audit.
INTERNAL AUDITOR’“ ROLE IN DETECTION AND INVE“TIGATION
Internal Audit has the following role in detection:
Auditing the fraud prevention and detection process (designed by Board,
Forensic Audit, Line Management, Risk Management and Compliance).
Considering fraud risks during the build-up of the audit universe and the
yearly audit planning and during the individual audit itself.
18
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Testing anti-fraud controls.
Fraud auditing (extensive testing) in case of missing anti-fraud controls or in
case problems with anti-fraud controls where identified during testing.
Forensic Audit (and Line Management) is responsible for the day-to-day
detection of fraud and Internal Audit for the identification of specific
indications of fraud during audit assignments if red flags are identified.
Line Management, often together with Risk Management, is in charge of the
assessment of the business processes. Line Management should detect
potential fraud schemes while carrying out their periodical controls. Special
Investigation (Forensic Audit) is in charge of the continuous monitoring
(through IT tool). Internal Audit has the responsibility to include fraud
auditing techniques in their audit activities.
During the evaluation and testing of the effectiveness of the controls, FFU will need to address
the possibility that management might seek to circumvent or override controls intended to
prevent or detect fraud.
The degree that fraud may be present in activities covered in the normal course of audit work,
internal auditors have a responsibility to exercise due professional care as specifically defined in
Standard 1220 of the International Standards for the Professional Practice of Internal Auditing
with respect to fraud detection. However, most internal auditors are not expected to have
knowledge equivalent to that of a person whose primary responsibility is detecting and
investigating fraud. Also, audit procedures alone, even when carried out with due professional
care, do not guarantee that fraud will be detected.
A well-designed internal control system should not be conducive to fraud. Tests conducted by
auditors improve the likelihood that any existing fraud indicators will be detected and
o sidered for further i estigatio . I
o du ti g e gage e ts, the i ter al auditor’s
responsibilities in detecting fraud are to—consider fraud risks in the assessment of control
design and determination of audit steps to perform. While internal auditors are not expected to
detect fraud and irregularities, internal auditors are expected to obtain reasonable assurance
that business objectives for the process under review are being achieved and material control
deficiencies whether through simple error or intentional effort are detected.
19
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Have sufficient knowledge of fraud to identify red flags indicating fraud may have been
committed. This knowledge includes the characteristics of fraud, the techniques used to
commit fraud, and the various fraud schemes and scenarios associated with the activities
reviewed.
Be alert to opportunities that could allow fraud, such as control weaknesses. If significant
control weaknesses are detected, additional tests conducted by internal auditors should be
directed at identifying other fraud indicators. Some examples of indicators are unauthorized
transactions, sudden fluctuations in the volume or value of transactions, control overrides, .
Internal auditors should recognize that the presence of more than one indicator at any one
time increases the probability that fraud has occurred.
Evaluate the indicators of fraud and decide whether any further action is necessary or whether
an investigation should be recommended. Notify the appropriate authorities within the
organization if a determination is made that fraud has occurred to recommend an investigation.
INVESTIGATION STRATEGY
Table 3: Investigation
Audit
committee
Investigation
Line
management
Investigation process
Remedial and preventive
recurrence
Specialised
knowledge
and skills to assist
Responding
blowers
Managing
teams
to
whistle
investigation
Assess level of complicity
in fraud investigation
20
Internal
audit
compliance Forensic
AUDIT
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Forensic Auditors mainly manage this process.
The investigation process requires highly qualified people and specific skills. Only Forensic
Auditors may conduct such an engagement. They are also the best aware of the legal aspects
and contacts with authorities (legal counsel, regulators…); of ot letti g disappear e ide es
and to conduct due investigations (at charge/at discharge).
In ministry departments and agencies this role will be carried out by the FFU. In this process
the root causes of the fraud will identify in order to define what happened and the impact on
the fi a ial state e t, the i age… is esti ated.
INTERNAL AUDITOR’“ ROLE IN INVE“TIGATION
The role of internal audit in investigations should be defined in the internal audit charter as well
as the fraud policies. For example, internal audit may have the primary responsibility for fraud
investigations, may act as a resource for investigations, or must refrain from involving itself in
investigations (because they are responsible for assessing the effectiveness of investigations).
Any of these roles can be acceptable, as long as the impact of these activities on internal audit s
independence is recognized and handled appropriately.
To maintain proficiency, fraud investigation teams have a responsibility to obtain
sufficient knowledge of fraud schemes, investigation techniques, and laws. There are programs
that provide training and certifications for investigators and forensic specialists.
If FFU is responsible for ensuring that investigations are conducted, it may conduct an
investigation using in-house staff, outsourcing, or a combination of both. In some cases, FFU
may also use non-audit staff of the MDA as to assist.
The FFU will often assemble the investigation team without delay. If the Directorate of Internal
Services needs external experts, the Chief Government Auditor should consider pre-qualifying
the service provider[s] so that the external resources are available quickly.
21
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
THE INVESTIGATORS ROLE
An investigation plan shall be developed for each investigation, following the FFU’s
investigation procedures or protocols. The Head of FFU will determine the knowledge, skills,
and other competencies needed to carry out the investigation effectively and assign
competent, appropriate people to the team. This process will include assurance that there is no
potential conflict of interest with those being investigated or with any of the employees of the
organization.
The plan should consider methods to:
o Gather evidence, such as surveillance, interviews, or written statements.
o Document the evidence, considering legal rules of evidence and the business uses of the
evidence.
o Determine the extent of the fraud.
o Determine the scheme (techniques used to perpetrate the fraud).
o Evaluate the cause.
o Identify the perpetrators.
At any point in this process, the investigator may conclude that the complaint or suspicion was
unfounded and follow a process to close the case.
Activities should be coordinated with management, Attorney General, and other specialists,
such as human resources, Police as appropriate throughout the course of the investigation.
Investigators will be trained to be knowledgeable and cognizant of the rights of persons within
the scope of the investigation and the reputation of the MDA itself. The level and extent of
complicity in the fraud throughout the MDA will be assessed.
This assessment will be critical to ensuring that crucial evidence is neither destroyed nor
tainted, and to avoid obtaining misleading information from persons who may be involved.
FRAUD REMEDIATION SOLUTIONS
The remediation involves disciplinary and legal actions. Forensic Audit can play here an
important role in terms of recommendations to improve the internal controls and avoid
recurrence. Therefore, a good communication with Line Management as well as with Internal
Audit must be implemented. Internal Audit will include in its planning an assessment of the
internal controls and risk management of the process or sub-process involved.
22
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
Responding to whistleblowers will be the responsibility of management, with the assistance of
Fore si Audit as it o er s specific allegations or suspicions of fraud a d this is the su je t
of a fraud investigation. Management is responsible for resolving fraud incidents, not the
internal auditor or FFU.
Resolution consists of determining what actions will be taken by the MDA once a fraud scheme
and perpetrator[s] have been fully investigated, and evidence has been reviewed.
The FFU or Internal Auditors will assess the facts of investigations and advise management
relating to remediation of control weaknesses that lead to the fraud. Internal Auditors shall
design additional steps in routine audit programs or develop auditing for fraud programs to
help disclose the existence of similar frauds in the future.
Management’s fraud policies and procedures should define who has authority and
responsibility for each process. Internal auditors may only be involved as advisors in the
processes.
REPORTING STRATEGY
Each special investigation conducted must lead to the issuance of a report stating the facts, the
causes and the recommendation for remedial actions. Regularly, FFU will issue statistics around
the fraud cases.
Periodic reporting will be regularly addressed to the Permanent Secretary/Secretary to the
Treasury and appropriate Audit Committee for oversight and make sure that appropriate
measures are taken in time.
FRAUD AND FORENSIC POLICY
This paper proposes that a Fraud and Forensic policy statement is developed that details the
legal framework to conduct the fraud and forensic in government.
FRAUD AND FORENSIC MANUAL
This paper proposes that a manual will developed to provide generic guideline to the FFU in the
way fraud examination and investigation will be conducted.
CAPACITY BUILDING AND SPECIALISED TRAINING
To achieve the adequate performance and meet expectation of stakeholders, staff will
undertake specialised and professional courses in Fraud and Forensics. These training courses
23
The Fraud and Forensic Audit Unit. THE STRATEGIC PLAN
2009-2012
will focus on Fraud Examination Principles, Law and Fraud, Professional interviewing skills, Antimoney Laundering, Computer Forensics, and Professional Fraud Specialised Examinations. With
a professional staffed unit, creditability is expected from the assignments.
BUDGET IMPLICATION
The strategy will be implemented in three year period at the estimated expenditure budget of
Ugx 3.9 billion, in year 2009 at Ugx 1.3bn, in year 2010 to 1.4billion and dropping in year 2012
to Ugx 1.1 billion. The detailed expenditure budget is annexed in annex I and II.
PROPOSED STRUCTURE OF THE UNIT
The Directorate of Internal Audit in the Ministry of Finance and Economic Development is
headed by the AG Director Internal Audit/ Chief Government Auditor
24