Thursday 24 November 2011

All fraud is detectable

I am in the business of fraud risk management solutions, enterprise-wide... with probabilities and certainties, based on assumptions or balanced scorecards. Of course, there are variables (predictive analytics), but that does not detract from the fact that you can model and measure risk. 

There are some atypical risks that are largely dependent on mathematical probability and are unpredictable.

That does not mean that risk, being a measurable quantity, is consequently negated. It means that your models built initially on the known are subject, to varying degrees, to variables... in the final analysis.

There is a pure and speculative risk. It is the pure risk we want to manage and the speculative risk that we want to aggregate and predict. The problem is that there can be events that occur that were not expected (considered in the evaluation of the risk) – such as a natural disaster, or other unplanned events.

It is, of course, easier to manage when such speculative risk is known.

Then, of course, there can be dirty data and consequent “black swans” such as the unfolding disaster at Olympus, the Japanese maker of cameras and endoscopes, which has been found hiding losses by treating them as assets since the 1990s.

Once we have that assumption, we can now construct our model to include the absolutes and also the variables. In come the data mining tools and the mathematicians (quants).

We use data mining for practical exceptions (compliance and control) and data analytics. We can apply logarithms, algorithms and equations... mathematical formulae to measure ambiguity – one element factual and the other hypothetical.

For me the challenge isn’t whether risk can be measured, but rather what risk can or can’t, should or shouldn’t be measured based on fact and probability when measured against return on investment.

This in and of itself creates an additional risk – potential oversight based on expediency.

As such, any risk model must start on the systematic identification of known risk (pure) enterprise-wide and drill down into the unknown or the weighting of probabilities based on statistical data. 

The only question remaining is to what degree the precise and imprecise impact the efficiencies of the overall model. Therein lies the variable and the common pursuit of the purists. 

Risk models can only be developed under enterprise-wide risk frameworks/guidelines.

The principle of enterprise-wide fraud risk management (EWFRM) is younger than the forensic audit profession and even younger than corporate governance.

In order to manage fraud risk enterprise-wide, one needs to study and capture fraud risk enterprise-wide and then map the risks horizontally and vertically.

It is my opinion that most, practically all, risk managers today simply haven’t spent enough time studying and understanding every facet of the enterprise to be even close to calling themselves experts.

From my experience, at least 95% don’t even know what EWFRM is. This presents a challenge - a significant challenge.

It is high time that the full spectrum of audit due diligence, internal assurance and annual attestation is digitised along internationally accepted standards, removing the subjectivity of the individual auditors representing the big firms.

Forget Ansbacher, Enron, WorldCom, Parmalat, Société Générale, Dynegy, Qwest, Freddie Mac, Refco, BCCI, Dexia, Owen Wiggins Group, Regal, Barings and the litany of corporate corpses.

There have been so many massive corporate failures after getting the all-clear from a big four accounting firm that auditor opinions are becoming a joke.

Regulators for decades have tried figuring out ways to get around this fundamental flaw by passing all sorts of rules requiring that auditors be “independent” and that they exercise the requisite standards of care, yet waves of accounting scandals keep coming.

Performing an audit and exercising due care isn’t rocket science.

All fraud is detectable, because all fraud must be expensed. Accounting is a double entry process - for every transaction there must be a flip side to the transaction.

Take Olympus for instance, if Olympus was concealing losses as assets, you can’t create an asset unless you create an expense and you can’t create an expense without creating a payment.

Basically for every asset there must be a “cost of goods” or “cost of asset”.

To make a camera or endoscope, you must buy in raw material or components. To create hundreds of millions of dollars worth of stock, you must create hundreds of millions of materials purchase orders and payments

To conceal these losses by hiding the losses in fictitious assets is a monumental task. In fact, usually these frauds manifest in the form of large and unusual adjustments at year-end because of this complexity. So picking this up shouldn’t be too difficult, and it isn’t.

The answer is the digitisation of the process of audit and assurance – the business intelligence exists, so does the technology.
The race should be on to develop the models and the world bourses should be clamouring for these solutions.

http://www.iweek.co.za/byte-a-bit/all-fraud-is-detectable

Tuesday 11 October 2011

Basket case or case for Dr. Livingstone?


Three years ago or so, I was invited to Zimbabwe to speak on the subject of Fraud Management by the Institute of Chartered Accountants at their winter school in Vic Falls.

I decided to make the trip by road electing to turn the invitation into an adventure.

As that wise saying goes, many a road to hell is paved with good intentions.

Zimbabwe three or four years ago was a wasteland if you ventured into the country by road.

I took the trip in a Nissan 4x4 Double Cab stockpiled with jerry cans of extra fuel that simply wasn’t enough to get me from Pretoria, through Musina, Bulawayo, on to Hwange and finally Vic Falls.

I made the mistake of offering to pay a local familiar with conditions on the ground I found in South Africa to drive my wife and I as far as Bulawayo, where I would leave them with their family and pick them up on the way back.

Our “local” had two things against him, if you discount his personality, I was to discover.

The first was the fact that he only had one eye, and the other, he couldn’t add.

On a road trip where the fact that a country is in the grips of a total economic meltdown can prove reckless and just mildly inconvenient when the consequence of economic meltdown is a complete lack of fuel or food on the shelves.

Hurtling through the night on ill defined and crumbling roads driven by a one eyed Kamikazi pilot is also not as fun or exiting as one might expect.

The fact that he was from Bulawayo and miscalculated the distance from Bulawayo to Vic Falls by 600 kilometres round trip didn’t help?

Zimbabwe at the time was a ghost country.

We travelled for hours without seeing another car in any direction.

We solved the fuel issue by finding black marketeers that sold us fuel for an extortionate R12 a litre?

Vic Falls, which is what this is about, at the time, was a town in the grips of starvation.

It was heartbreaking to witness the coal face of Zimbabwe’s failed policies.

Last week I once again made the trip to Vic Falls to lecture but without the David Livingstone spirit, I flew.

What struck me was the fact that my flight was packed.

So was the sleepy town of Vic Falls.

The place was abuzz with visitors from the four corners of the globe, a veritable league of nations following the footsteps of that intrepid explorer of yonks ago and marvelling at the sights and sound of the great Zambezi River.

I was booked to stay at a place called a-Zambezi River Lodge, a mere kilometre or two from town on the banks of the Zambezi.
Unconvinced by the throngs of tourists any reservation I had about returning to Vic Falls was dispelled.

a-Zambezi River Lodge turned out to be a hidden gem, revamped at a cost of R40 million it is a destination of note and judging from the number of guests at dinner, a not very well kept secret.

Maybe the Government of National Unity isn’t working but someone forgot to tell Vic Falls that?

Well apart from the more obvious, the thing that’s got me thinking is the state of ICT in the country but more specifically internet connectivity and cell phone coverage, signal quality and reliability.

There’s something to be said for enjoying free Wi-Fi access in the middle of the African bush.

Okay, let’s rethink complaining about bandwidth.

Connectivity in Zimbabwe is poor, very poor, although I’m sure Econet isn’t.

The question is where to now for Zimbabwe?

Judging by the patently obvious economic activity funded by cold hard tourist US $’s, the desperate need for spending in ICT for any economy that wants to be relevant, Zimbabwe is stirring.

Naturally the nationalisation debate still has investors spooked.

What can’t be ignored is the fact that our northern neighbour is starting to look viable again and that bodes well for the region.

The question isn’t whether Zimbabwe is or isn’t relevant given the existing climes.

The question is whether the Mugabe Regime is?

The fact is I’ve experienced enough seasons to know that they change and whether the Mugabe Regime is relevant or not, or will remain so if it still is doesn’t really matter.

The reality is that the digital age is here and its here to stay.

Zimbabwe has only one way to go and that’s up no matter what.

Having spent enough time in that country throughout its economic meltdown, the one sector begging for ICT, dripping with opportunity and pointing a more seductive beckoning finger at entrepreneurs than a hooker at a beer fest, its jolly old basket case Zim.

So if you have a bit of the David Livingstone in you, some spare cash and operate in the ICT space, open a little office in Harare and start looking around.

Saturday 8 October 2011

Killers in our midst


This past week the media were at pains to point out that a “gay” man had been found bound and gagged in his home and had it appeared been strangled to death.

My immediate reaction to the headline was why it was deemed necessary to label a victim “gay” or “heterosexual”, as if this mattered a jot? 

Someone murdered is simply someone murdered. That in of itself is a tragedy. 

In any event it didn’t take too long before I was extremely grateful for that headline. 

The reason being that as the news story unfolded my mind kept going back about five years to when I had one of those dreaded phone calls notifying me that a friend of 20 years had been murdered in his flat in Linden. 

There were many similarities between the profiles of the two victims. 

Sinisterly it also crept into my mind that there also too many similarities in the crime scene.

I couldn’t help myself from thinking long and hard that there was a distinct possibility that this latest murder was the work of a serial killer. 

I simply could not let this uneasy feeling rest and found myself communicating with friends and family of the recently deceased via an online memorial site put up on Facebook. 

It turned out that the journalist, who broke the story, broke the story because he knew the victim. 

After chatting with the journalist for a short while and comparing notes we both felt there was merit to my suspicions and we began to ask questions about the possibility that there may be more victims of this type of crime. 

What I discovered rather quickly was that while the crimes were reported to the police as murders often happen to be, the murders themselves were not covered at all in the media. 

As I scoured the newspapers for any story at all on the demise of my late friend in such a heinous, lonely manner I discovered I couldn’t find a single sentence. 

It quickly became apparent that these types of murders weren’t the type loved ones wanted covered in the media. 

Who wants to add insult to injury to a grieving family by seeing a story of a “gay” man, bound and naked, dead in what appears to be a sex game gone wrong? 

Not many I can assure you. 

Then of course there are the SAPS themselves. 

South Africa is a homophobic society whether you like it or not and I suspect the murder of “gay” men doesn’t feature high up on the investigation priority chain. 

As a result it seems to me that this type of crime can continue unnoticed and that if a serial killer were on the loose, we wouldn’t notice for a long time if at all. 

It seems though, that the journalist is hot on the trail of the likelihood of a serial killer operating in the Johannesburg environs and that there are at least 4 similar murders in the past few months.

Well the SAPS don’t have to break their backs investigating these crimes. 

The South African Police Services (SAPS) has allocated more than R3 billion to information systems.

Its digital capacity to detect fingerprints at crime scenes through technology to photograph and enhance fingerprints lifted from crime scenes project is 100% complete in terms of hardware deployment, but the service is 0% complete in terms of training and rollout. 

The integrated case docket management system (ICDMS) entailing the management and administration of criminal cases, inquests and enquiries throughout the lifecycle of a case from its inception to its disposal is 10% complete in terms of software deployment. 

The automated fingerprint identification system (AFIS) is 70% complete, however, is 0% complete in terms of publishing tenders for the procurement of the new AFIS. 

The SAPS set a target of replacing 5 052 PCs, 395 notebooks and tablets, 2 740 colour printers, 9 593 mono printers and 1 011 fax machines. 

To date, it has replaced 287 PCs (6% progress), 168 notebooks (43%), 219 mono printers (2%), 211 colour printers (8%) and 68 fax machines (7%). 

In some cases hardware was rolled out, but no progress was made on implementation, because officials still have to be trained to use the equipment. 

It will take decades to fully implement the e-docket systems at police stations across the country. 

At the Pretoria police station scanner, printer and computer are all on different floors. In addition, there is no quality control with regards to the e-docket. 

It seems to me we’re not getting much for our R3 billion? 

It also seems to me the SAPS don’t have to work awfully hard to uncover crime patterns with the correct technology in place.

Heck, all they have to do is capture the data? 

Don’t be mistaken folks but there are people culpable for the murderers of our citizens getting away with murder.

They are the ones responsible for depriving the men and women in uniform of the tools to do the job.

Monday 19 September 2011

Thank you!


To all of you that heeded the call to vote to stop the Info Bill, my deepest gratitude. To those who haven't speak up! While you still can. FIGHT for your right!!!!!

Saturday 17 September 2011

Read my Lips! NO!

No to the Protection of Information Bill. NO!

You will never silence me!

Friday 16 September 2011

Five Days to Stop the Secrecy Bill

VOTE HERE

In five days, MPs could pass an outrageous secrecy bill that undermines the constitution and South Africa's democracy -- helping the government keep wrongdoing from the people and enabling cover-ups of corruption and human rights abuses. But there are four people that could make or break this bill: the Chief Whips.


Despite top lawyers warning that the bill is unconstitutional, the majority of MPs are expected to vote it through. But it will be up to the Chief Whips to rally the MPs to vote for or against the bill. If we flood their inboxes with messages from across South Africa calling on them to respect the law and oppose the secrecy bill, they could think twice about pushing it through.

Let's appeal to the Whips' sense of democratic responsibility and call on them to protect hard-won constitutional rights and freedoms, and transparent government. Use the form on the right to send a message straight to their inboxes and urge them to say No to the Secrecy Bill, then share this with everyone -- we will release the number of messages sent to the media on the eve of the vote.

Stop the Secrecy Bill -- upcoming events

On Saturday 17 September from 10am to 1pm, thousands of South Africans will join in a march to Parliament to reject the final draft of the "Secrecy Bill". Join the march!

When: 17 September 2011, 10am-1pm
Cape Town: Starts on corner of Tennant St and Keizersgracht St (outside CPUT)
*** Come dressed in red, black and white! ***

On Monday 19 September there will be candlelight vigils in Cape Town, Durban and Johannesburg from 6pm - 8pm.

When: 19 September 2011, 6pm-8pm
Cape Town: outside Parliament, corner of Roeland and Plein Street
Durban: outside King's House
JHB: Kotze entrance to ConCourt on Hospital Rd

Monday 12 September 2011

Wiki Wacky Who?



So WikiLeaks' recent publication of confidential communications between 274 embassies across the globe and the US State Department could push government into a stronger position to get The Protection of State Information Bill, which criminalises the release of classified state information enacted in its current format?

What exactly is contained in these WikiLeaks that affect South Africa so profoundly as to push our State to enact a diabolically sinister Act that serves one purpose and that is to silence?

Not that our State needs encouraging, having fared well enough, without prompting from an unexpected gifted excuse.

So a US legal adviser to the National Prosecuting Authority felt there was enough evidence to find Zuma guilty of corruption after Schabir Shaik was found guilty of trying to solicit bribes for Zuma from Thomson CSF to secure arms contracts?

So what? It’s not like we never knew that from local press and a highly publicised criminal trial?

With the Protection of State Information Bill, there would have been no trial and there would have been no debate.

That’s not to say there wouldn’t have been grumbling, mumbling, hints, allegations and things left unsaid.

Or, take the other cable “that made headlines” detailing ANC Youth League officials telling the US about leadership battles within the ruling party, indicating there were tensions between current president Zuma and then head of state Kgalema Motlanthe.

If this nugget of puerile gossip that was public knowledge and downright unbecoming in any event serves as grounds for bolstering the argument to gag an entire nation, then we have fallen to a level of immaturity and pettiness that defies belief.

Of course WikiLeaks also detailing how AT&T, Cisco, IBM, Intel, Microsoft, and Qualcomm argued leadership shortfalls within the Department of Communications hurt the sector is on the other hand not known and downright subversive and a definite threat to national security?

No-one knew leadership shortfalls within the Department of Communications hurt the sector and this information is profoundly damaging to our country.

If you believe this, and there are enough of you who do, then there is a strong argument for a new reality TV program.

The Wiki Wacky Who Show!

If cables, that disclose a playground spat, between two supposed dignified leaders, or disclose the fact that our Department of Communications, doesn’t errrrr..., seem to actually be able to, or, be capable of, communication, or, that an evidentiary Balance of Culpability Probability opinion, derived from public record findings, based on common law principle, serve as motivation to get The Protection of State Information Bill, enacted, then God help us all.

The Bang Bang Club were four photographers active within the townships of South Africa during the Apartheid era.

Two members won Pulitzer Prizes for their photography. Greg Marinovich won the Pulitzer for Spot News Photography in 1991 for his coverage of the killing of Lindsaye Tshabalala in 1990. Kevin Carter won the Pulitzer for Featured Photography in 1994 for his 1993 photograph of a vulture that appeared to be stalking a starving child in southern Sudan.

On April 18, 1994, during a fire fight between the National Peacekeeping Force and African National Congress supporters in Tokoza Township, cross-fire killed Oosterbroek and seriously injured Marinovich.

On October 23, 2010, João Silva stepped on a landmine while on patrol with US soldiers in Kandahar, Afghanistan and lost both legs below the knee. This was the second time he'd been injured in a war zone, with his first injury being hit by shrapnel in the face.

In July 1994, Carter committed suicide. A documentary entitled The Death of Kevin Carter: Casualty of the Bang Bang Club was nominated for an Academy Award in 2006.

The Protection of State Information Bill pours piss on the blood of these martyrs and the millions of others that gave us the postulated freedoms and limitations enshrined in our Constitution.

It is these men and women, who brought the true horror of our past into the living rooms of the world and into our collective consciousness and realities, that served more eloquently than any speech to help expose the Apartheid Regime and to bring about its downfall.

It is the men and women, who follow in their footsteps, men and women inspired by and in debt to those that have set the bar of what being a journalist entails, that bring us the truth today, that our current leaders wish to criminalise and imprison.

There is no doubt in my heart and mind that I am served by a Government that is fast becoming the very thing it set out to defeat and that I had come to despise.

There is a dearth inherent in our current leadership, of wisdom, of common sense, of vision, that cannot seem or somehow be capable of grasping the concept of historical consequence.

We will, irrespective of, or in spite of, but most certainly as a result of laws or acts such as The Protection of State Information Bill, reap the whirlwind one day.

If recent world events have taught us anything, it’s that the people will not be silenced and Governments will be held accountable, no matter how omnipotent they think they are, eventually...