Contents

CHAPTER 1.............................................................................................................................................4
The need for fraud prevention..............................................................................................................4
Reasons for fraud Prevention............................................................................................................5
Theoretical framework for fraud prevention.........................................................................................8
CHAPTER 2...........................................................................................................................................11
Methodology and multidisciplinary approach to fraud prevention.....................................................11
Management...................................................................................................................................11
Staff.................................................................................................................................................11
Computer Experts............................................................................................................................11
Legal Advisors..................................................................................................................................12
Fraud Experts...................................................................................................................................12
2.2 Responsibility for fraud prevention...............................................................................................12
Management...................................................................................................................................12
Directors..........................................................................................................................................13
Staff members.................................................................................................................................13
Oversight bodies..............................................................................................................................13
Internal auditors..............................................................................................................................14
Computer experts............................................................................................................................14
Internal and external fraud experts.................................................................................................15
Legal advisors..................................................................................................................................15
2.3 Essential requirements for adequate fraud prevention.................................................................16
Corporate governance.....................................................................................................................16
Fraud risk assessment......................................................................................................................18
Managing human resources............................................................................................................18
Installing a fraud hotline..................................................................................................................18
Training............................................................................................................................................18
Supplier and trading partner awareness.........................................................................................18
Creating and approved supplier data base......................................................................................19
Marketing and fraud prevention strategy.......................................................................................19
Surprise audits.................................................................................................................................19
Internal controls..............................................................................................................................19
Internal Auditors..............................................................................................................................19
Public accountants and auditors......................................................................................................19
 Computer experts............................................................................................................................20
Internal and external fraud experts.................................................................................................20
CHAPTER 3...........................................................................................................................................22
Fraud prevention strategies................................................................................................................22
Fraud policy statement....................................................................................................................22
Fraud prevention policy...................................................................................................................22
Fraud prevention plan.....................................................................................................................22
Fraud Response plan.......................................................................................................................22
Activity.............................................................................................................................................41
CHAPTER 1

The need for fraud prevention

Fraud prevention has proved to be important aspect of every organisation because it is well

known that prevention is better than cure and also there are costs associated with detecting

and tracking fraud, these costs may be avoided when there is a well implemented fraud

prevention strategy. Benefits can be derived from fraud prevention than detection. According

to American Institute of Certified Public Accountants (AICPA,2005) the primary

responsibility for prevention and detection of fraud rests with those charged with governance

and management. However, Wilson (2004) argues that the best scenario is one where the

management, employees, internal auditors and external auditors all work together to combat

fraud. Therefore, fraud prevention is very critical to the organization.

Fraud prevention and detection is not a static process. There is no starting and ending point, it

is an on-going cycle involving monitoring, detection, decisions, case management and

learning to feed improvements in detection back into the system. Fraud prevention is the

implementation of a strategy to detect fraudulent transactions or banking actions and prevent

these actions from causing financial and reputational damage to the customer and financial

institution (Rossouw, G.J., 2000)

It is vital to an organization, large or small, to have fraud prevention plan in place. A

company can suffer a loss if an employee commits fraud for a long period of time without

being detected. It is preferable to deal with fraud before it happens and not after. Fraud

prevention occurs before the fraud attempts. Its goal is to reduce the risk of future fraud

(Wells, J.T., 2017). There are ways you can minimize fraud occurrences by implementing

different procedures and controls. In order to minimize the risk of fraud it is important that

businesses recognize the possibility of fraud occurring and the possible damage caused.
 Reasons for fraud Prevention
(a) Fraud occurs everywhere, and no organization is immune to its potential for damage or

even devastation. In fact, research shows that fraud perpetrators are usually insiders and

normally well respected, highly placed, experienced, tenured, and good performers.

(b) Recent history reveals that fraud is not discriminating. It can reap unimaginable havoc

regardless of size or industry. Originating anywhere from the mailroom to the board room

and ultimately bringing a company to its knees (e.g., home loan fraud, trading frauds,

financial reporting frauds).

(c) Today’s changing business environment includes globalization technological

advances, broad availability of information, and economic uncertainty.

(d). Communities, regulators, and investment markets expect organizations to catch major

fraud and deal with it in a timely manner. Understanding vulnerabilities can help

organizations deal with risks effectively and economically.

(e) It is better to prevent fraud than to detect,

(f) Reduction in losses Cost savings and increased revenue and profits.

Fraud causes losses on individuals and corporates that fall victims. From the researches

done by the Association of Certified Fraud Examiners (ACFE) 2014 it is evident that an

average organization losses 5 % of its annual turnover as a result of fraud. They also found

out that the second highest number of frauds occurred in Sub-Saharan Africa where 173 cases

(12, 8%) of fraud were reported. Therefore fraud prevention can reduces losses caused by

fraud namely the direct losses from fraud, additional cost for investigations and litigation

costs. To cover for the said losses the organizations need to work hard to increase their

revenue and profits so as to maintain the required rate of return by shareholders. The most

important reason is to prevent a financial loss in organization (KPMG,2005).Thus, investing

in security and fraud prevention although costly, can save an organization’s money in the
long run as it will also prevent a lot of potential future paperwork and the time wasted to

resolve fraudulent activity (ACFE,2014).

(g)Reduces reputation risk

If an organization is able to prevent or avoid fraud, it is guaranteed that its business will be

deemed credible by investors such as suppliers, financial institutions and customers (AICPA,

2005). According to KPMG (2009) it was found that 8-18% of company’s share price is

attributed to corporate reputation. Occurrence of fraud signifies existence of weak internal

control system and poor corporate governance. Investors and financiers would not want to

risk their funds in such an organization. Hence, fraud can easily ruin the reputation with the

company’s investors. Therefore, it is important for the company to prevent fraud to occur.

(h) Increases organizational confidence

According to KPMG (2006) investors, partners and auditors will all have more confidence in

a company’s ability to control its fate if they have a strong fraud prevention program. Thus in

general an organization probably thinks a lot about the risky other organization pose to them:

the flip side is that they also contemplate of that organization as a risk (KPMG, 2006).

Therefore, demonstrated efforts to reduce risky of fraud, both internally and externally,

makes an organization to be a better investment, business partner, insurance risk and supplier.

(i) To create and maintain a culture of honest and high ethics

For a company with a proper fraud prevention strategy, maintaining a culture of honesty can

help employees want to be more honest, and any staff will be able to know right from the

start that any dishonest behaviuor will not be tolerated (ACFE, 2014). This is supported by

Kassem and Higson (2012) that training of both old and new employees on the values of the

organization also assist in fraud prevention awareness thereby creating culture of honest and

high ethics within the organization.

• A professional attitude of positivity and know legibility of control system.

• Workers share, participate and contribute to the process.

• It enhances future confidence in system.

• The process assists to know how to identify causes and environments which trigger

fraud.

Below are some of the reasons why it better to prevent fraud

• Fraud prevention will automatically change the behaviour of workers, it cuts bad acts

and attitude in organization

• It knocks sense on the significance of accountability

• Resources are responsibly used for the benefit of the organization that is promotes

equitable use for the resources

• Promotes good polices, honesty reporting and genuine documentation

• It eliminate unethical behaviuor and practice of theft

• It promotes good corporate governance and corporate administration

• An organization is able to survive, growth and sustain itself from resources

• Records are recorded well and asset are well appropriated

• It promotes companies to grow in a healthy financial status

• It instil discipline, credibility and confidence in the long run

Theoretical framework for fraud prevention
There are three theoretical frameworks that an organization can use in the prevention of

fraud. These are firstly creating and maintaining a culture of honest and high integrity,

secondly evaluation process of the fraud and implementing the process, putting controls and

procedures to mitigate on risk and lastly developing oversight.

(a) Creating and maintaining a culture of honest and high integrity

This theoretical framework involves a number of activities.
 setting a good tone

Leaders leading by example Management are responsible for “setting the tone” for their

organization. The tone in this case means the control environment which is the tone of the

organization at all levels. It includes the integrity, ethical values and competence of

management. It also consists of management‘s philosophy and operating style, its methods of

assigning authority and responsibility, the organization and development of staff. It also

includes the manner the board of directors put attention and directs the organization’s

operational and financial activities.

 Creating a positive working environment

Creating a positive working environment involves a number of activities .Namely creating

good remuneration, good training, competent staff, favourable promotions, good

communication Employees who are motivated, well paid, developed and empowered will feel

part of the organization. They will feel they own the organization and will not commit fraud.

Human resources must therefore initiate programs to empower workers.

 Hiring and promoting appropriate employees.

Organizations should minimize the chances of hiring or promoting individuals with low

levels of honest and particularly to positions of trust. Proper hiring and firing procedures
must be put in place to ensure the organization hires the properly qualified and skilled staff

and ensure it does not keep dishonest stuff at work.

 Training.

Ongoing training programs must be maintained to ensure new and old employees are

continually trained to maintain organizational values and code of conduct. Workshops and

refresher trainings ensure that the workers maintain their competent and relevant to their jobs.

 Confirmation.

Employees must sign the code of allegiance to the organization. They must commit

themselves in writing that they are responsible and committed to their responsibilities and

position of trust

 Discipline-

The consequence of committing fraud must be clearly be communicated to all employees.

Discipline must be applied to everyone and fairly.

(b) Evaluating the risks of fraud and implementing the processes, procedures and

CONTROLS NEEDED TO MITIGATE THE RISKS AND REDUCE THE

OPPORTUNITIES FOR FRAUD.

Risk Assessments
COSO+
SPAMSOAP
S segregation of Duties
P physical controls
A authorisation and approval
M management controls
S supervisory controls
O organisational controls
A arithmetical and accounting controls
P personnel controls
(c) Developing an appropriate oversight process.
An appropriate oversight board process comes from a good corporate governance.

Activity

 Motivate the need for fraud prevention and how it can be achieved by an

organization

 State and explain the importance of theoretical framework to fraud in an

organisation.
CHAPTER 2

Methodology and multidisciplinary approach to fraud prevention.

Fraud prevention is a multidisciplinary approach that include management, staff, members,

oversight bodies, computer experts, internal and external fraud experts, and legal advisors.

All of the bodies in the organization are responsible for the prevention and detection of fraud.

Multidisciplinary approach involves team work where each party must play their role.

The parties include, management, staff, computer experts, legal advisors, fraud experts

(Vander Beken, T., 2002).Each party plays an important party

Management
These are responsible for setting up systems and procedures in order to safeguard the

company’s assets. Management is also responsible for coming up with policies and measures

which prevents fraud. They come up with controls which should be followed by all

employees ( Elliott, R.K. and Willingham, J.J., 1980).

Staff
They should be trained to identify fraud and misconduct in the work place. A reporting line

should be available for all staff members, which assures anonymity. Any ignorance or failure

to report fraud or other offences should also result in a disciplinary hearing. Employees

should be aware of the organization’s ethics policy, and be obligated by their contracts to

adhere to the rules and procedures as set by management. Employees should know their

duties at the work place such that if they make a mistake they will be accountable for that
mistake and misconduct and disciplinary actions should be taken against employees who

violate the code of conduct or ethics code.

Computer Experts
They are responsible for coming up with effective controls that will prevent fraud and that

will protect the organisation against computer crimes such as hacking.

Legal Advisors
They are responsible for assisting the company in any legal proceeding .Legal advisors can

be internal or external to the company.

Fraud Experts
They have knowledge of identifying fraud indicators and they can assist in fraud

investigation. These may include internal and external auditors and also fraud investigators

who assist in prevention, detection and investigation of fraud.

2.2 Responsibility for fraud prevention.

Management
Management is responsible for the sustainability of the whole organization. They are
accountable for the organization’s actions, conduct and performance to the owners, other
stakeholders, regulators and general public. The primary objective of the overall management
process are to achieve the following:

 Relevant , reliable and credible financial and operating information

 Effective and efficient use of the organisation’s resources
 The safeguarding of the organisations assets
 Compliance with laws, regulations, ethical and business norms, and contracts
 The identification of risk exposure and the use of effective strategies to control risks
 Establish objectives and goals for operations or programmes.

Responsibility for fraud prevention and fraud detection can extend only as far as the
authority to probe potential areas of fraud. It is the responsibility of management to do the
following:

 Set the moral climate in which the enterprise functions.

  Provide for the organisation to accomplish its plan and follow its policies.
 Establish and maintain internal controls
 Determine the appropriate cost versus control rations, keeping in mind the
equation Exposure-safeguard=Risks
 Establish and maintain the lines of communication and systems of reporting
within the organisation, and to know what is going on (Sawyer et al 2003:1177).

Directors
Responsibilities of directors towards fraud and fraud prevention. Directors must satisfy four
common law and statutory requirements. They must act: In good faith, in what they believe to
be the best interest of the organization as a whole

 This means, inter alia, that directors must not place themselves in a positon in
which there is a conflict between their duties to the organisation and their personal
interest.
 Directors may not make a secret profit at the organisation’s expense.

Staff members
Competency of every employee in an organization is important to achieve the business
objectives as it affects the human resources policies and practices of the company. For
authority to be assigned effectively, all employees need to understand how their work in
interrelated to that of others, and what role they play in achieving company objectives.

 Should be able to follow every procedure for a transaction as per company

requirements
 Should be able to report an irregularities or fraud and failure to report should result in
disciplinary action.

Oversight bodies
Audit committee has to oversee the activities for senior management and consider the risk of
fraudulent financial reporting involving the overriding of internal controls or collusion.

 Should encourage management to provide a mechanism for employees to report

concerns about unethical behaviour, actual or suspected fraud, or violation of the
organisations’ code of conduct or ethics policy.
  Should receive periodic reports describing the nature, status and eventual disposition
of any fraud or unethical conduct.
 Investigate any matter within the scope of its responsibilities and to retain legal,
accounting and other professional advisers as needed to advise the committee and
assist in its investigation.

Internal auditors
Internal auditors contribute to the prevention of fraud by evaluating the adequacy and
effectiveness of the internal control system in relation to degree of exposure and risk that
exist within the different segments of an organization.

 Should review and comment on annual reports from managers at all levels in the
organisation responsible for authorising the payment of funds.
 Audit all consulting arrangements and evaluate both their documentation and
justification.
 Analyse the organisations’ procedures and practices for opening and maintain bank
accounts, recommend any needed controls.
 Review transactions that are approved at the executive level.
 Have access to actions of the board of directors.
 Review transaction with subsidiaries and associated organisations.
 Test the documentation supporting financial reports
 Monitor compliance with the organisation’s record-retention policies.
 Ask mangers whether there have been any illegal political contributions or
questionable practices.
 Review the substance of legal expense accounts.
 Monito the organisations’ conflict of interest policy, which questions an employs
possible relationship with suppliers, contractors and customers, including family
alliances and outside business dealings.

Computer experts
The evaluation of the information technology by computer experts or computer auditors play
an important role in highlighting IT control weakness. Most instances of fraud will involve
these of the computer to some degree, so effective IT control can be the cornerstone of an
organizations’ fight against computer fraud.
  Computer audits include general control audits and application control audits.
 Computer-assisted audits techniques are applied, these audits proactively identify and
evaluate IT related control weakness and risks by focusing on availability ,
confidentiality and integrity of information systems

Internal and external fraud experts.

An Organisation should engage with fraud experts such as certified fraud examiners or
forensic auditors on whom they call when fraud question arise.

Certified fraud examiners:

 Can contribute extensive knowledge and experience of fraud that may be available
within an organisation.
 Provide more objective input into management’s evaluation of fraud risk and the
development of appropriate antifraud controls that are less vulnerable to management
override.
 They can assist audit committee and board of directors in evaluating the fraud risk
assessment and fraud prevention measures implemented by management.
 Conduct examinations to resolve allegation or suspicious of fraud, reporting either to
an appropriate level of management or to the audit committee or board of directors
depending on the nature of the issue and the level of personnel involved.

Forensic auditors

Forensic auditors are investigative accountants or fraud auditors who utilise a combination of
accounting, auditing and investigative skills to search for evidence of criminal conduct and its
monetary consequences.

 Their goal is to obtain legal confession.

 They analyse, interpret, summarise and present complex financial and business issues
in manner that will be suitable for and understood by users of the forensic auditors
‘report.
 Investigate finance and other evidence
 Assist in legal proceeding, including testifying in court as an expert witness.
Legal advisors
They advise and assist in issues that have legal implications, such as drafting an interpreting
employment contracts, drafting and interpreting corporate codes of conduct, disciplinary
actions against employees and actions taken against people who possibly may have
committed fraud.

2.3 Essential requirements for adequate fraud prevention

Corporate governance
Corporate governance can be viewed as a series of laws or guidance aimed at making

directors manage companies in the best interest of shareholders and other stakeholders.

Cascorino and van Esch (2007; 7-8) view corporate governance as the relationship among the

various participants (shareholders, management and the board of directors) in directing and

controlling the companies. According to King III, corporate governance involves the

establishment of structures and processes, with proper checks and balances that enable

directors to discharge duties in compliance to legislation.

Objective of corporate governance

(i) To define the relationships that exist between shareholders, management, and board

of directors.

(ii To establish proper structure and processes and controls that ensures proper checks

and balances to enable directors to discharge their legal responsibilities.

(ii) To ensure that the board and management of the corporation direct and control the

companies in the best interest of all stakeholders.

Responsible Leadership

According to King III report, Principle 1.1 a responsible leader is one who is ethical,

responsible, accountable, fair and transparent. The mayor of the local municipality is not at

all (a) responsible leader not exhibit any of the noted characteristics
(b) The mayor is not worried about the viability of the council but worry about his personal

welfare and egoes. He drives the most expensive car yet the company is bankrupt, local air

flights and a lot of company operations have ceased.

(c) The mayor is not a good leader that society can admire to be model. He is corrupt and a

person of bad morals. Characteristics of good governance namely independence, discipline,

fairness, social responsibility, transparency, accountability and responsibility. They need to

have;

Responsible Management

Behaviuor that allows punishment for mismanagement and corrective actions.

Accountability

Managers who account for their actions and decisions.

Fairness

A balanced consideration for all stakeholders

Transparency

They should be openness and stakeholders must be informed of what is happening.

The duties of the board of directors in ensuring that a company is ethical managed are;

(i) it should act as the focal point and custodian of corporate governance through ensuring

that a charter exist, they meet at least four times a year, monitor the relationship between

managers and stakeholders of the company and ensuring the company survives.

(ii) The board must recognize that strategy, risk performance and sustainability are

inseparable. They should set out their strategy which drives the business to achieve its goals.

They must ensure Risk identification and mitigation processes are put in place.

(iii) The board must provide effective ethical leaders.

(iv) They should ensure that the company is and is seen to be an a responsible citizen

(v) It should ensure the company complies with all laws and regulations.
Know the role of Board of directors, internal auditors, external auditors, audit committees.

Audit committee or the board of directors’ .It is a committee that is part of the board of

directors with a specialist function of overseeing issues of financial reporting and accounting,

control and risks management processes and governance issues. The committee is made up of

directors from outside and is chaired by someone external to the entity and hence has an

independent viewpoint in its functions .The committee should be skilled in finance and audit

so as to provide an appropriate oversight function to management. The committee works

hand in hand with the external and internal auditors to ensure issues of audits are not

compromised. The committee encourages management to provide means and ways for

employees to report unethical behaviuor, suspected behaviuor, and violation of ethics policy

by any person in the organisation. The committee has the power to make follow up and

review the reports and action made upon these acts and behaviuors even if it concerns

management.

Fraud risk assessment

Each department should be assessed on a regular basis to highlight any fraud friendliness in

the environment.

Managing human resources

Including staff vetting to ensure that the exposure of hiring potential fraudsters is limited,

having a comprehensive organizational Code of Conduct and ethics to ensure certainty

among staff regarding the rules of the company and each department, and maintaining

registers of interests and gifts and fraudsters’ blacklist.

Installing a fraud hotline

A channel trough which employees , suppliers , contractors and other third parties can report

irregular activities , free from victimization or repercussions.

Training
To ensure staff members are aware of the risks and that they learn to recognize the symptoms

of fraud and corruption and to empower staff members to become actively involved in fraud

prevention and detection.

Supplier and trading partner awareness

Obtaining all relevant details of trading partners and advising partners of the fraud prevention

strategy, requesting their assistance in fraud prevention.

Creating and approved supplier data base

Vendors and suppliers should be required to register to an approved supplier list .In order to

do so, they have to provide certain documentation and information in order to be able to

tender or quote for work.

Marketing and fraud prevention strategy

Developing and maintaining a formal marketing strategy to demonstrate management‘s

commitment to the project and sell the strategy to the staff both initially with implementation

and ongoing.

Surprise audits
To provide a proactive forum to uncover fraud, to provide a deterrent to potential fraudsters,

and also a reactive measure which can be used at the commencement of a new investigation

to gather and safeguard evidence

Internal controls
Internal Auditors.
Auditing is an independent, objective assurance and consulting function that assists

management to accomplish goals, ensure efficiency and effectiveness in risk management,

controls and governance processes. Internal auditors assist in fraud prevention by evaluating

the adequacy and effectiveness of internal controls. Internal auditors act as ethical advocates

and have the competence to appeal to enterprise leaders, managers and other employees to

comply with ethical and society responsibilities. The presence and roles of internal auditors in

organization is a fraud deterrence factor as the keep a continuous check on control systems
and risk mitigation processes. Auditors who are trained in forensics are also involved in

active fraud detection and investigation of frauds

Public accountants and auditors.

Public auditors’ primary duty is to make a report to shareholders on the truth and fair view of

financial statements .They has no duty to detect fraud. However they are required by their

standards to check for material misstatements that might cause the financial statements to be

misstated. It therefore entails that if they are any material misstatements such as fraud that

come to their attention during the audit they must probe it to the bottom. The Auditing

Standards also require the auditors to understand how the managements have played their

functions of preventing and detecting frauds, errors and defalcations. In doing so they are

playing a role in preventing errors and frauds.

Computer experts.
Most financial systems are computerized and hence fraud is computed on the computers.

Organizations who employ computer experts’ benefits as these will assist in evaluating the

effectiveness of general and application computer controls. These experts also assist in the

prevention and detection of fraud.

Internal and external fraud experts.

Organizations can benefit from the services of certified fraud examiners who may assist the

audit committee with oversight process directly or indirectly to internal auditors and external

auditors. Certified fraud examiners have advantages of vast knowledge and expertise gained

from their experience with various organizations. These people are trained in the field of

fraud detection and would be in a position to assist the audit committee and the board of

directors with measures to evaluate, assess and implement fraud prevention measures.

Internal auditors have a better chance of uncovering fraud than the external auditors of an

organization due to a number of reasons;

(a) Internal auditors are employees of the organization and hence understand the

organization systems more than the external auditor who only comes to audit for few

months.

(b) Internal auditors’ knowledge of the organization enables them to identify indicators that

suggest that fraud has been committed.

(c) Internal auditors at times carry hundred percent evaluations of systems and transactions while

external auditors do sampling.

Activity

 Describe what is meant by a multidisciplinary approach to fraud prevention?

 Describe the roles of each of the role players in a multi-disciplinary approach to

fraud prevention.
CHAPTER 3

Fraud prevention strategies

Fraud policy statement.
It is a short summery, setting out top management s policy on dealing with fraud. The

purpose of the statement is to set the tone through which top management commit themselves

and their entity towards rejecting fraud as a business norm. Management bind themselves to

combat all forms of fraud and corruption.

Fraud prevention policy

It is a policy meant to inform all staff and other stake on the entity s policy towards fraud and

corruption. It also informs them on what actions are prohibited and urges them to assist in the

combined effort to limit fraud and corruption in the workplace.

Fraud prevention plan

It is a confidential document containing all the information of how the strategy is to be

implemented, setting out how the organisation will endeavour to reduce any fraud and

corruption within its ranks prevention strategy.

This document should not be circularized or published as it may give the fraudster an

insider's view on the entity's investigative approach. This document will cover aspects such

as the relevant role-players, special initiatives to seek out fraud (proactive fraud auditing),

highlighting red flags, setting out details of fraud response plans, actions to be taken, etc. In
addition, the plan should address fraud assessment questioning, mandatory vacations, surprise

audits, investigative techniques, training requirements, etc.

Fraud Response plan.

It is meant to guide the fraud response team in reacting appropriately to all uncovered fraud:

minimizing losses, maintaining control at a time of crisis and providing for maximum

recoveries. This document contains the detailed procedures that need to be followed in order

to implement the strategy.

Managing human resources

i. Staff vetting, the first line of defense

The purpose of the staff vetting process is to ensure that the department limits its exposure to

hiring potential fraudsters by ensuring they are armed with all relevant details about the

incumbents applying for positions. It is far easier not to employ a high-risk category

individual than to get rid of a dishonest employee later. A major focus of the fraud prevention

strategy should therefore be geared to being very proactive and selective of whom is

employed in the department. Detailed screening of all applicants should therefore be

undertaken before offering employment. Employee vetting is a vital element in selecting the

right person for the right job. There are no shortcuts to this process and the risks associated

with mistakes made here are significant. Although essentially human resources'

responsibility, the anti-fraud working committee should have an input with regard to all

positions and specifically for certain critical risk positions. Their input should also be

obtained if the vetting or referencing process indicates prior improprieties with regard to the

incumbent.

The employee vetting process will typically include obtaining information with regard to the

following aspects:
 Reference checking;

 Criminal records;

 Civil records;

 Disciplinary records;

 Insolvency;

 Other businesses,

 directorships, memberships;

 Qualifications;

 Other facts contained in the CV (physical address, ID number etc.)

 Reference checking

When screening potential employees, thorough reference checking is vital. This is a

process, which is often neglected, especially by placement agencies. It should never

be assumed that a personnel agency has been thorough in their reference checking as

they have a financial interest in the placement. Care must also be taken not to fall into

the trap set by placement agencies, whereby they offer guarantees should the

prospective employee not be suitable as, even under these circumstances, the

employee may prove very difficult to dismiss. When checking references of

prospective employees, care should be taken that the prospective employee's entire

career history is disclosed. Gaps in employment are often disguised under the excuse

of working from home or tried my own business' etc., whereas in reality, that person

may have been dismissed for dishonesty or serving a jail sentence. Very few people

who are dismissed for dishonesty will disclose this fact. They are more likely to state

that they had ``a disagreement with management'' or the like. These statements must

be treated with the greatest circumspect. Always consider the likelihood that a

fraudster will continue to defraud until they are brought to book. They also are likely,
if they have defrauded their previous employer, to defraud their new employer. A

person who was dismissed will also be very selective with regard to the references

supplied. The value of reference checking is therefore limited. More positive results

may be obtained by contacting the human resources department of a previous

employer of the incumbent. The permission of the incumbent to obtain any

information from previous employers should be obtained in writing before the vetting

process is initiated.

The employee vetting process can only be considered as complete when the

organisation has the absolute assurance that there were no undisclosed acts of

dishonesty relating to previous employment.

 Criminal records

It is important for the employer to know whether a prospective employee has a

criminal record as this would significantly affect the risk profile. Differentiation

should be drawn between crimes involving dishonesty and crimes that are not likely

to affect the employee's work. It should therefore be a requirement that all applicants

submit full disclosure of any criminal records. In addition, nondisclosure of a criminal

record must be made a dismissible offence to which the applicant agrees from the

onset, i.e. on the same form. Pending criminal cases must also be disclosed.

With the consent of the incumbent it is relatively easy to obtain records of previous

criminal convictions.

 Civil records

Civil records give a good indication of possible bad habits of incumbents. If a person

is recruited for a management position, it is important to determine whether that

person has any civil judgments or adverse reports. A prospective manager may prove

to be unsuitable for the post if his or her credit history reveals major financial
indiscretions in their past. As civil judgments affect the risk profile of an individual, it

is important to consider this factor before employment is confirmed. Civil judgments

are easily obtained through any of the credit bureaus. As with criminal records, all

prospective candidates must be required to disclose any civil judgments against them.

This should include pending civil matters. Failure to disclose this information should

be regarded as a disciplinary offence.

 Disciplinary records

It is important for the entity to know whether the candidate has a history of

disciplinary actions against him from previous employers. As with criminal cases

certain disciplinary actions may be irrelevant from a fraud risk assessment

perspective. All disciplinary actions by previous employers should be considered

carefully. The permission of the incumbent to obtain disciplinary records should be

obtained in writing. If a person has been dismissed for dishonesty, it stands to reason

that this authorisation referred to above will not be granted. In cases where

authorisation is not granted the entity should increase its diligence in its reference

checking process. Failure to permit the department to check previous disciplinary

records would also affect the risk profile of the incumbent. It is easier to obtain

detailed or sensitive information from an applicant than from an employee. The

applicant seeks employment and is therefore at a disadvantage. The employee is

already entrenched and can refuse to disclose information without fear of

repercussions. The disclosure of disciplinary action should include those that were

settled.

 Insolvency
The Companies Act prohibits certain individuals from holding office as director or

officer of the entity. One of the grounds for disqualification is if a person is an

unrehabilitated insolvent. The application form to be completed by all applicants

should include this question. A credit bureau check would reveal such a fact and

should therefore be undertaken as a matter of course. Another indication that a person

has been sequestrated can be found in a person's banking details. The banks rarely

offer unrehabilitated insolvents current accounts. That person would therefore request

that his salary be paid into a savings account or an account that is held in another

name. A common red flag is the use of a family trust as trusts are beyond the reach of

liquidators. All these indications should be carefully considered.

 Other business, directorships or memberships

It is important to ascertain from all applicants whether they have other businesses in

which they are involved as an officer or hold a share. This information 139 is

important as it could impact on the applicant's objectivity if he or she would be in a

position to favour that entity. In addition other businesses could affect the person's

income and time available and may explain why an employee is maintaining a

lifestyle above his or her known means. At the application stage it should be a

requirement for all applicants to disclose that information. The disclosure should then

be compared to the results of the screening process, which could give an early

indication of dishonesty. Anyone caught out not disclosing other business interests

should not be employed. In addition, it should be considered a disciplinary offence if

dishonesty in this regard is discovered later. A credit bureau check will give an

indication of any directorships of companies or memberships of closed corporations.

It will of course not give any indication of any businesses conducted as sole
proprietorships. In addition, the employment contract should provide for immediate

disclosure of any new interests/directorships once the person is in employment.

 Qualifications

Most applicants will submit curriculum vitae in support of their application. This CV

will typically list all academic qualifications. The entity is exposed if they appoint a

person who has alleged qualifications that they did not obtain. Apart from the obvious

operational risks, this is also an indication of a tendency of dishonesty. Most

fraudsters who submit false qualifications will focus on qualifications that are difficult

to confirm, especially from foreign universities or universities that have subsequently

closed etc. When vetting, such university qualifications should be considered as high

risk. Details regarding academic histories are readily available and not too expensive.

Qualifications checks should be undertaken not only for applicants but also for current

employees as part of the fraud prevention initiatives and employee risk assessments.

i. Code of Conduct and Ethics

A comprehensive organisational Code of Conduct and Ethics is essential to

ensure certainty among staff regarding the rules of the department. Fraud

thrives in an environment devoid of moral and ethics. Therefore, at the heart

of the cure lies the establishment of an environment that is rich in moral and

ethical values and behaviour. The adoption of a well thought out Code of

Conduct and Ethics, encompassing the highest level of moral and ethical

values would be critical in ensuring the success of any fraud prevention

strategy. The Code of Conduct and Ethics must be a separate document

tailored and adapted to suit the entity in respect of all its activities and not only

fraud prevention.

ii. Registers of interests and gifts and a fraudster blacklist

 The purpose of the registers and the blacklist is to ensure that the department

is aware of interests of staff members in the affairs of the department, the

extent of entertainment and other benefits received by employees from

suppliers and other business partners and to provide the department with a

record of previous problems with regard to suppliers.

iii. Register of interests

It is often found that employees take advantage of their position in an

organization to procure extra benefit for themselves by having an interest in

suppliers or other business partners to the department. In order to ensure the

total objectivity of employees with regard to suppliers, it is necessary to keep a

register of all interests that employees may have in other entities. It should be

the duty of every employee to report his or her involvement of any nature, in

another entity, to the department. Directorships, shareholding, memberships

and any other relationship with other entities should be disclosed. This should

also include all close family members. Keeping this register updated should

also provide some insight into staff members that perform other work for

remuneration that may have an influence on their performance for the

department.

iv. Register of gifts and other benefits

Gifts and other benefits received from suppliers or other business partners of

the department should also be made reportable. Corporate entertainment and

corporate gifts can lead to employees benefiting certain suppliers to the

detriment of the employer. It can also lead to serious corruption and fraud.

Making gifts and other benefits reportable creates the opportunity to establish

trends and to identify a situation before it becomes a problem. The

 Departmental Code of Conduct and Ethics should make it a dismissible

offence not to report gifts and benefits. This will enable the department to

discipline transgressors without having to prove a corruption case.

v. A fraudster blacklist

It happens often that entities that defraud government departments, and are

caught out, merely change name and shape and return to government to

continue their activities. A fraudster blacklist should be created that contain all

the department's suppliers' ID numbers, addresses and other available

information pertaining to all individuals that were involved in an entity that

defrauded the department. This information should be readily available to

employees of the department and should be consulted before procurements are

made from suppliers. All employees' particulars that were involved in such

activities should also be recorded in the database for future reference. In this

manner, a database of persona non grata is built up to assist the procurement

managers in selecting suppliers. The database should be easily accessible to all

managers at all the sites of the department for ease of reference.

 Hotline

Every organisation needs a channel through which employees, suppliers, contractors

and other third parties can report irregular activities, free from victimisation or

repercussions. The primary means of detecting fraud will and 141 should always

remain a sound system of internal controls and regular internal audits. These measures

should be supplemented with a fraud-reporting channel where information regarding

fraud is collected, and decisive corrective and preventative steps could be taken to

limit the entity's exposure to further or future loss. Vital to this function is the

assurance of anonymity, commitment to investigate all irregularities, protection of the

whistleblower and consistent application of the fraud policy, regardless of the

seniority of the alleged offender. The hotline concept has become an accepted

business reality, which is recognised as a vital tool in fraud prevention. The purpose

of the hotline is to provide a facility through which all stakeholders can report

suspected fraud or corruption. The hotline is also a useful tool through which the

momentum and interest in the fraud prevention initiatives can be maintained. Various

surveys have been undertaken on this subject over the years. All of these surveys have

indicated that an increasing number of frauds were uncovered because of whistle

blowing. These were either in the form of anonymous calls or notification by either

staff or outsiders. It is estimated that at least 25% of frauds are uncovered in this

manner. An effective system needs to be in place whereby informants are encouraged

to pass on any information they may have about early warning signs, specific

information or just reasonable suspicions. In addition, this system must provide a

conduit to channel any information to the appropriate persons. Employees are often

scared to speak directly to management. To overcome this, it has, in the past, proven

effective to provide an independent forum to communicate information or suspicions

about fraud and corruption. There are a variety of forums available to achieve this

result. A multi-faceted approach making provision for both verbal and written tip-offs

has proved to produce better results. The fraud hotline will be discussed in more detail

in Module 2: Fraud Detection

 Training

It is important in every organisation's efforts to minimise fraud and corruption that its

people are aware of the risks and more importantly that they learn to recognise the

symptoms of fraud and corruption. To achieve this, training initiatives are crucial.

Two levels of training should be provided for, viz. sensitisation to fraud and its risks
for general staff and management, and specific and specialised fraud investigative

courses for the fraud audit team.

The purpose of the comprehensive training program is to highlight the risk of fraud

and corruption in the entity, empower employees to recognise it in its infancy and to

guide the fraud prevention team in the most optimum processes in combating fraud.

Training is vital for every fraud prevention program, as this is the process through

which the staff members are empowered to become actively involved in fraud

prevention and detection. A number of modules should be presented at varying levels,

depending on staff category and their future role in the process.

The training can take the form of lectures, presentations, seminars, self-study and

workshops. To be effective, however, training must be followed up on a regular basis.

There are a number of additional specialised courses available commercially, in which

the entity can invest for the enrichment of the investigation team and internal audit.

The purpose of training material is to give a better understanding of the whole concept

of fraud and fraud investigation. It serves as self-study material to the investigation

team and guides on further initiatives that will aid early fraud detection and

investigation.

 Supplier and trading partner awareness

As any entity's exposure is wider than internal fraud, it is important to involve

external parties in fraud prevention. For this, two aspects are addressed, viz. obtaining

all relevant details about the trading partners in a fraud limitation exercise, and

secondly to advise trading partners of the fraud prevention strategy, requesting their

assistance in fraud prevention. Due to the magnitude of some operations, their

exposure to vender fraud may be significant. To minimise the risk, several initiatives

may bear fruit:

o Get to know your supplier.

o Set the ground rules.

o Set a clear guideline on ``unacceptable gifts'' .

Make attempted extortion a reportable offence This approach has three legs, namely:

(i) Commit trading partners to a Trading Partner Code of Conduct.

(ii) Ensure that the entity knows exactly with whom they are dealing. This can be

achieved by asking for all relevant information directly from the supplier.

(iii) Encourage trading partners to become actively involved in fraud prevention

and early reporting.

(i) Trading Partner Code of Conduct Just as the entity binds its employees to

abide to the Entity's Code of Conduct and Ethics, the trading partners should

also be subjected to an agreed set of norms and good business practices. This

document, referred to as Trading Partner Code of Conduct hereafter, should

endeavour to provide for an undertaking by the trading partner to adhere to

the organisation's policy, including all other principles vital to a healthy

trading partner's relationship. Such a document requires a formal and written

acceptance by the trading partner and serves to achieve a contractual

obligation between the parties. Aspects to include in this document are:

- maintain open and honest communication;

- adherence to the principles of the fraud prevention policy;

- undertaking to report all attempted or actual fraudulent or corrupt activity;

- undertake to cooperate/participate with any investigation/enquiry;

 - consent to the disciplinary jurisdiction of the organisation notwithstanding

the organisation's right to any other legal recourses.

(ii) Knowledge of the supplier

As part of the organisation's fraud prevention strategy, all vendors should be required to

actively assist in eradicating fraud and corruption from the organisation. Approved supplier

data base Vendors and suppliers should be required to register to an approved supplier list.

For this registration process, the attached form must be completed and returned within one

month. After expiry of this period, no further cheques or payments will be released until the

process has been completed. Certain information and documents must be required for all

enterprises supplying goods and services to the organisation, as well as those tendering or

quoting for work. Information required:

- Name of business . Trading name (if applicable)

- Full details of business entity.

- Registration number

-Year in which business commenced (Physical address, Postal address. Telephone

number, Fax number, Cell phone number of principal.

-Directors/members (id numbers required).

-Manager of office/branch

-Goods or services supplied to ACME (just nature).

-Principal shareholders.

-VAT and income tax number of enterprise.

-Bank account details (for direct deposits)

The trading partner should formally document these details and a duly authorised person

must sign the document. The document should also contain a statement certifying that the

detail supplied is correct.

Documentation required

All relevant details about the entity for Sole Proprietors, including banking details.

Registration documents (Companies and Close Corporations.). Tax clearance certificate (for

all companies supplying goods or rendering services valued in excess of a large amount, for

example, R1 m per annum.)

Report corruption

Any incidents where any employee of the organisation attempts to solicit favours, gifts,

kickbacks or donations from suppliers or vendors must be reported forthwith. Under no

circumstances may the supplier or vendor concede to any such requests or demands from any

employee, unless so instructed by a member of the forensic auditing section. Trading partners

and suppliers should be requested to report any evidence of fraudulent behaviour to the

organisation's fraud hotline and the number of the hotline should be provided.

Marketing the fraud prevention strategy (road-show')

It is important that the concept of preventing fraud is embraced by all the stakeholders of the

organisation and that the aims and objectives are sold' to the staff.

Effective marketing is therefore critical to the strategy's success. As an additional marketing

opportunity, a road show has huge potential benefits, especially at the initial implementation

stage. This would further demonstrate management's commitment to the project, to all their

people. The purpose of the road show is to bring the message to the people to ensure that all

relevant role-players are aware of the entity's efforts as well as their own responsibilities to

combat and report fraud. It also creates an opportunity to provide relevant training to outlying

areas thereby reaching a larger audience. A formal marketing strategy, for communicating the

fraud prevention strategy should be developed. Following is a generic market strategy to

facilitate a wide application within all types of entities. It can, however, be made more

specific as required by the specific entity. A strategy such as this can never be finalised. It
must always be maintained to provide for rapidly changing circumstances and developments

within the entity.

ACME Limited Road show strategy Road show strategy

In order to effectively introduce the Fraud Prevention Strategy to accountable managers and

supervisors within the entity, it is essential to conduct road-shows, 146 where the elements

and practical working of the strategy can be explained. All Head Office Department and

components, regional offices and other ACME locations will be visited in order to achieve

this aim. The strategy will also eventually be introduced to the companies in Africa, where

ACME is a stakeholder and will be implemented at their request.

Surprise Audits

The purpose of surprise audits is to provide a proactive forum to uncover fraud, to provide a

deterrent to potential fraudsters, and also a reactive measure which can be used at the

commencement of a new investigation to gather and safeguard evidence. The concepts of

surprise audits and pro-active fraud auditing can be major deterrents to fraudsters as auditors

could visit them at any stage. External audits are planned well in advance and are usually

anticipated by all staff. The same holds true, but to a lesser extent of internal audits. As all or

most affected staff members know, or can anticipate the timing of these visits, there is almost

no element of surprise. Fraudsters too are aware of these visits and have ample time to cover

their tracks. They can hide (or misfile) or even destroy incriminating documentation in good

time, thereby minimising the risk of discovery by auditors.

To be effective, however, the surprise audit team must maintain the following criteria:

-Maintain absolute secrecy.

-Be unpredictable.

-Be ruthless in application.

-Be multidisciplinary.
-Comprise experienced team members.

-Obtain support from management.

-Have an open mandate; and.

-Be flexible in their approach to assignments.

In essence, a surprise audit would be planned in great detail for locations that have been

identified as high risk, or maintaining a fraud friendly environment. The audit my be

undertaken either during office hours or after hours, on working days or weekends, and also

with or without the employees being present. Advantages of having the staff members present

include the possibility of assessing their reactions to the audit and/or the detailed scrutiny of

documents under their control. Other advantages include the possibility of interviewing staff

on suspicious matters or other issues, which require an explanation. Having staff present also

minimises the risk of allegations of personal possessions disappearing. Advantages of staff

being absent during the audit include the unhindered scrutiny of all relevant files and

documents by the audit team, as well as unhindered access to work areas.

Disadvantages of a surprise fraud audit in the absence of the staff members are

147 the restrictions imposed on the audit team, as they now have to focus almost exclusively

on documentary evidence. If the staff members are present, the team could also assess any

behavioural peculiarities displayed by certain staff members under the pressure of the

occasion. A major disadvantage to keep in mind when planning a surprise audit ``in

absentia'', is the disruptive effect on normal operations. The decision on how to undertake the

surprise audit should be based on an assessment of all the above factors. A combination of

approaches may prove most beneficial. A combination may, for example, entail commencing

a surprise audit of an office or division, on a Friday afternoon (with staff present), and

continuing into the night and over the weekend. This approach would achieve most

objectives, whilst negating certain disadvantages, noted in respect of employee presence and
absence. Every high-risk environment should be audited at varying degrees. In the principle

office, surprise audit should be carried out at least twice a year, even if it is in quick

succession. (Speed traps positioned close to one another, are likely to catch more speedsters

as the speedsters are under the impression that they have escaped the trap and then drop their

guard.)

This approach could further act as a major deterrent or prove highly successful at uncovering

fraud. The constitutional rights of employees must, however, be respected. If auditors or

investigators, in their zeal disregard an employee's right to privacy, any evidence they obtain

could be rendered useless or inadmissible.

A fine balance must thus be maintained between the employers, right to safeguard its assets

and the employee's right to privacy. Auditing for fraud, although it may also be used as a

preventative measure,

Feedback/newsletters

The purpose of providing feedback about successes in fraud prevention, is to keep all

employees informed about continuing efforts in this regard so that they maintain interest, and

to provide for a regular forum through which related matters can be addressed and brought to

the attention of all staff members. Once the concept of fraud prevention has taken hold in the

entity, and all employees have embraced its concepts, a page in the entity's newsletter is a

very effective medium to propagate these principles. This newsletter should focus specifically

on fraud related matters and can be used to communicate policies and successes. It can be

used as a training tool to alert all staff members to current risks and new exposures. This

newsletter should also be used to publicise details of punitive measures taken against

transgressors, emphasising the principles of the fraud policy. To maintain interest in the fraud
hotline, a monthly or a regular summary can be published setting out some details of the calls

received by the hotline and action taken. Any successes arising from the fraud hotline can be

highlighted on this page.

EVALUATING THE EFFECTIVENESS OF A PARTICULAR FRAUD PREVENTION

STRATEGY

A fraud prevention strategy will benefit any organisation that is serious about fraud

management. There are limited types of fraud that can occur, and few frauds are really

unique. By following up on old frauds, making sure that it becomes impossible for them to

happen again, the entity is investing in long-term fraud prevention. One can either learn from

other peoples' mistakes, learn from your own mistakes or get burnt twice for the same

mistake.

Learn from other peoples' mistakes

The cheapest method to protect yourself from fraud is to study the industry, keeping abreast

of the latest fraud trends and applying the principles learnt to your own organisation. When a

fraud is reported in the news, assess whether your entity is exposed to that type of fraud.

Consider the home situation ``Which internal controls would or should have identified a

similar fraud?'' Test these controls to ensure that they are actually working. If no such

controls exist, develop specific controls. Internal controls should be constantly reassessed to

ensure that they remain effective. The benefit of adopting such an attitude is that the fraud

investigator will constantly focus on prevention as opposed to getting caught up in the

reactive aspect of fraud investigations. This value adding service must be conveyed to

management for implementation.

Learn from your own mistakes

It is vital to perform a i.e. post-mortem', after every fraud to consider how it could either have

been avoided or discovered earlier. This should be an inclusive session involving all the
parties involved in the discovery and investigation of the fraud. Special emphasis should be

placed on briefing the internal auditors to enable them to close any loopholes identified. It

should become a full-time function of at least one internal auditor to follow the fraud

investigation team with the specific task of fine-tuning the internal controls that would

prevent a recurrence of a similar fraud. It is usually amazing to note, after the event, how

many early warning signs were apparent to those who looked or those working in close

proximity of the offender. Comments like ``I thought this was strange'' or ``I did not know

who I could tell'' are an insult to the fraud prevention concept. If all the staff members

become the eyes and ears of the prevention plan, fraudsters have no chance. This can only

happen if everyone is empowered with knowledge and understanding of frauds and how to

deal with them. Training in fraud-related issues, are thus vital.

Get burnt twice

This option is only attractive to those companies who have a large fraud investigation budget

Implementing Fraud Prevention Strategies

This study-unit proposes the roll out and maintenance program for the fraud prevention

strategy. It is imperative that this strategy is maintained after the initial roll out. No

comprehensive fraud prevention program can succeed unless its momentum is constantly

maintained. Vital therefore to the successful implementation of a fraud prevention strategy, is

its continued maintenance. This document should be reviewed on an ongoing basis and

updated to accommodate the rapidly changing environment.

Timetable

A timetable should be developed to fix a timeframe within which the fraud prevention

strategy must be implemented. Such a timetable does not only contribute to the momentum of

the project, but also serves as a monitoring tool for the progress of the implementation phase.
 SAAA LTD

SAAA LIMITED FRAUD RESPONSE PLAN

A high level overview of the process to be followed when information is received of an

actual or alleged fraud is as follows: .

 Notification and planning (Entity Manager: Forensic Auditing)

-Establish facts
- Assess exposure financial and other
- Consider administrative matters
- Assign priority rating Ð Prepare plan
- Assign responsibilities to team members.
 Safeguard evidence
- Secure documentation.
- Maintain integrity of documents
- Maintain integrity of computer records.
 Exercise damage control (Entity Manager: Forensic Auditing) .

 Consult fraud investigator.

 Consider suspension of suspect(s) (Human Resources; Entity Manager: Forensic Auditing)

 Commence investigation

- Maintain investigation diary.

 Consider punitive measures

- Criminal action

- Civil action Ð Disciplinary action

 - Recovery of losses.

 Notify insurer.

 Implement preventative measures.

 Prepare written report.

 Give evidence

Activity

 Critically evaluate how the following could prevent or reduce fraud in an

organization

(a) Fraud Risk assessments

(b) Internal controls

(c) Corporate governance

 Discuss the different elements of a fraud prevention strategy and evaluate their

effectiveness.

References

Albrecht, W.S., Albrecht, C.C. & Albrecht, C.O. 2006. Fraud examination 2nd Edition. Ohio,
USA: Thomson South-Western.

Bologna, G.J. & Linquest, R.J. 1995. Fraud auditing and forensic accounting. Second edition.
NY, USA: John Wiley & Sons, Inc.

Cascarino, R. & Von Esch, S. 2007. Internal Auditing, an integrated approach. Cape Town,
2nd Edition. Landsdawne, RSA: Juta & Co Ltd.
Institute of Directors in Southern Africa. 2002. King report on corporate governance for
South Africa. 2002. Parkland, RSA: Institute of Directors of Southern Africa.

Institute of Directors in Southern Africa. 2010 (IODSA). The King Code on Governance for
South Africa, 2010. Parkland, RSA: Institute of Directors of Southern Africa.

Institute of Internal Auditors. 2009. The International professional practices framework

(IPPC), January 2009. Altamante Springs, FL: IIA Research Foundation.

PriceWaterhouseCoopers (PWC) 2010. Kings Counsel. Understanding and unlocking the

benefits of sound corporate governance in government and the public sector, 2010.
PriceWaterhyouseCoopers, Southern Africa.

Puttick, G. & Von Esch, S. 2003. The principles and practice of auditing. 8th edition.
Landsdawne, RSA: Juta & Co Ltd.

Sawyer, L.B., Dittenhofer, M.A. & Scheiner, J.H. 2003. Sawyer's internal auditing, 5th
edition. Altamante Springs, FL: Institute of internal auditors