ACFE - NAFC Jogja2014 - HP Sent To Panitia
ACFE - NAFC Jogja2014 - HP Sent To Panitia
1
Agenda
1
Fraud Issues
2
Governance & GRC
3
CA Model OJK & Fraud
Prevention
Fraud Triangle
Opportunites
• IC lemah • Supervisi lemah
• Assurance gagal • Kompetensi kurang
Pressures Rationalisation
2
Fraud – Issues
1. Fraud triangle - “teori disepakati” = Opportunities +
Pressure + Rationalisation.
Fraud = Crime = Opportunities + Intention/Niat/ f (Pressure +
Rationalisation)
“Dahulu”, internal control hanya fokus untuk menekan opportunities,
NIAT tidak dapat dicegah atau diminimalkan.
COSO IC Framework , mengubah paradigma dasar:
- Soft control, type Y > type X (1 orang tidak dapat dipercaya)
- Soft control menekan NIAT = f (Pressure + Rationalisation)
3
Fraud – Issues
2. Fraud diawali dengan non compliance events/NCE
(pelanggaran aturan, prosedur)
meminimalkan fraud harus meminimalkan non compliance events,
dengan
kompetensi (improve) dan disiplin (tone at the top, strategi,
enforcement)
strong message, bahwa cepat atau lambat fraud akan terdeteksi, pelaku
dihukum - efek PENCEGAHAN
NCE tidak selalu menghasilkan Fraud, tapi Fraud hampir selalu
dimulai (dipicu) dengan NCE - sering menjadi PEMBENARAN
4
Fraud – Issues
3. Fraud tidak mungkin zero
Harus di “manage” - fraud risk management
Strategy mitigasi fraud berbeda untuk masing-masing kuadran ,
perhatian atas “Black Swan”
Mencegah lebih baik dari mengatasi setelah terjadi
Tidak ada “kesalahan” 3rd line tanpa ada kesalahan 1st dan 2nd line –
penerapan konsep 3 line of defense (CA /GRC > 3LoD)
Fraud vs Corruption. Fraud selalu ada kesengajaan/niat jahat
sedangkan Corruption bisa sengaja dan tidak sengaja (karena
kompetensi, keteledoran, kesalahan administratif)
5
Fraud Risk Management - Strategy
Pricing Strategy Risk Premium
HOUSE MANAGE
KEEPING
Probability
Allowance
MONITOR CONTINGENCY
PLAN
Capital
Impact
61
Strategi Anti Fraud
Third Line : Internal Audit
First Line : Operational Manager
Pre Event
- Strategy : Anti Fraud Strategy Fraud Event Post Event
- Goals and Objevtices : Reduce Fraud & Early - Strategy : Anti Fraud Improvement Strategy
Warning Fraud Detection - Goals and Objevtices : Reward or Punishment, Corrective
- Policies and Procedures : Policies & Procedures Action Report
of Anti Fraud Strategy or Whisle Blowing System, - Policies and Procedures : Reward or Punishment Policies
Surprise Audit Methodology & Procedures.
- Structure and Processes: Fraud Detection - Structure and Processes: Fraud Detection System or
System or Whistle Bolwing System Whistle Bolwing System Up Date
- Risk Monitoring : Risk Profile Up Date - Risk Management : Risk Profile Up Date
- Control : Internal Control Identifiacation, - Control : Internal Control Effectiveness Up Date
Internal Control Implemenatation - Activities : Corrective Action
- Activities : Risk Monitoring, Internal Control - Laws & Regulation : Legal Compliance on Witness
Effectiveness Evaluation, Surprise Audit, Protection, Labour Regulation, Industrial Relation Policies
Surveillance System
Preventive Investigative
Deterrent Detective
- Strategy : Anti Fraud Awareness , Risk Awareness, - Strategy : Fraud Assurance & Audit Program
Know Your Employee - Goals and Objevtices : Fraud Audit Report
- Risk Management : Identify, Analysis and Mitigate - Policies and Procedures : Fraud Audit Policies &
Fraud Risk. Procedures, Legal Compliance on Witness Protection
- Goals and Objevtices : Mitigate & Reduce Fraud - Structure and Processes: Fraud Detection System or
- Policies and Procedures : Business Ethic, Standard Whistle Bolwing System, Fraud Audit
Operating Procedures, Job Desk Analysis, Anti Fraud - Risk Management : Risk Profile Up Date
Statement - Control : Internal Control Effectiveness
- Structure and Processes : Organisation Structure, - Activities : Risk Monitoring, Internal Control Effectiveness
Segregation of Duties. Evaluation, Fraud Audit, Surveillance System
- Laws and Regulation : Anti Fraud Strategy for - Laws & Regulation : Legal Compliance on Witness
Banking. Protection
2nd : Risk Management, Quality Mgt, Compliance, Legal Third Line : Internal Audit
712
Anti Fraud Strategy vs FRM Quality
• Efisien • Costly
• Mudah • Effort Besar “A leader who fails to provide focus
and resources for prevention
activities is practicing a false
economy”
Quality
-
Fraud Risk
Management
Post Event/
Pre Event Fraud
Response
events
8
Fraud – Issues
4. Membangun sistem vs leadership
Peran para leaders sangat penting (komitmen, strong message, role
model, enforcement yang disiplin). Business leaders = Governance
leaders
Sistem yang efektif dibangun oleh leaders yang efektif , bukan leaders
yang populer / “disukai”.
Players vs victims mentallity, setiap orang ambil peran dan tangung
jawab (whistleblower), result orientation & focus on process.
Responsible = ability to response, bukan hanya secara formal
bertanggung jawab namun seberapa mampu kita meresponse “semua”
yang dapat mempengaruhi diri kita ...
9
Agenda
1
Fraud Issues
2
Governance & GRC
3
CA Model OJK & Fraud
Prevention
Good Governance – Definisi
The UK Corporate Governance Code (Cadbury Report) – Sept 2012
Corporate governance is the system by which companies are directed
and controlled....
10
Good Governance - Pengertian
11
GRC – Pengertian
12
GRC - Scope
Governance
• Menetapkan obyektif, mengevaluasi
kinerja.
• Menetapkan business strategy & Compliance
model untuk mencapai objectives Governance
• Memastikan kecukupan peraturan
internal dan keseuaian dengan
peraturan eksternal
• Memastikan kepatuhan terhadap
Culture kebijakan dan seluruh peraturan.
Risk Management • Mendeteksi ketidak-patuhan dan
memitigasi
• Identifikasi, assess, dan
mengelola risiko untuk
mencapai objectives
• Identifikasi dan memitigasi risiko
13
Tanpa GRC
Masing-masing
memberi signal,
namun warna
berbeda-beda,
tidak jelas mana
yang benar,
membingungkan
“stakeholders”
14
GRC – Evolusi
20
16
Combined Assurance – Definisi
King III - 2009
Integrating and aligning assurance process in an organisation to
maximise risk and governance oversight and control efficiencies, and
optimised overall assurance to the audit and risk committee,
considering the company risk appettite.
OJK - 2014
Combined Assurance adalah proses yang dilaksanakan oleh seluruh
fungsi asurans secara sinergis, melalui pendekatan yang sistematis
dan menyeluruh (combined) untuk meningkatkan efektivitas dan
efisiensi pelaksanaan proses governance, manajemen risiko, kontrol
internal, pengendalian kualitas, dan kepatuhan (compliance) dalam
rangka memastikan pencapaian tujuan organisasi.
17
CA Framework
1. Planning
4. Continuous
Monitoring & Standard & Information 2. Continuous
Improvement
Methodology Assurance
Procedure System Assignment
Program
: CA Component
3. Reporting
: CA Process 22
18
CA & Risk Management Process
Reporting Executing 24
20
CA/GRC & Strategi Anti Fraud
Tantangan
1. Peran leaders. Dalam penerapan CA / GRC perlu visi dan
komitmen
2. SILO mentallity. Pertumbuhan disiplin masing-masing bidang
G-R-C yang sedang cepat sehingga sinergi merupakan “ancaman”
bagi pengembangan
3. Cost – benefits. Biaya yang cukup besar untuk memulai
sedangkan manfaatnya perlu waktu dan kesabaran
4. Change management. Eksekusi yang harus disiplin, melibatkan
ownership seluruh fungsi assurance
21
Terima Kasih….