FRAUD. Detection and Deterrence Skills for Auditors. The Institute of Internal Auditors New York City Chapter March 16, 2018

Transcription

1 FRAUD Detection and Deterrence Skills for Auditors The Institute of Internal Auditors New York City Chapter March 16, 2018 JOHN J.HALL

2 Hall Consulting, Incorporated PO Box 6263 Denver, CO Office: (970) Mobile: (312) ABOUT YOUR SPEAKER John J. Hall, CPA ø John J. Hall, CPA is the founder and President of Hall Consulting, Inc., and the author of the award-winning book Do What You Can! Simple Steps Extraordinary Results. He has been a business consultant, results coach and speaker for most of his career. Through live skills training programs, conference keynote presentations, business and personal results coaching, and business consulting engagements, John helps program participants and client team members: Identify and improve areas of exposure to business risk, wrongdoing, and fraud Improve organizational and personal performance Enhance the effectiveness of business processes and individual behavior Improve interpersonal and communications skills Speaking, training, coaching and consulting areas include: Fraud Risk Management: prevention, deterrence, early detection and effective incident response Business keynote and conference presentations Communication and interpersonal behavior skills programs, including: ü ü ü ü ü ü Establishing business rapport and trust Effective interviewing and listening Speaking and presenting Selling ideas and influencing others to take action Leadership, collaboration and influence Consulting skills for professionals Intensive One-to-One and small group performance and results coaching Board and senior management anti-fraud consulting Audits of costs incurred in large construction projects and other contractor services Mr. Hall has over 40 years of experience as a professional speaker, consultant, corporate executive, and business owner. In addition to operating his speaking, training and business consulting firm since 1990, he has worked in senior leadership positions in large corporations and international public accounting and consulting firms. John is a Certified Public Accountant (Pennsylvania) and Certified Board Advisor. He is an active member of the National Speakers Association, the American Institute of CPAs, and the Institute of Internal Auditors. Meet John at

3 FRAUD RISK MANAGEMENT FRAMEWORK 1. FRAUD DETERRENCE AND PREVENTION 1) Visible and vocal executive leadership 2) Active fraud risk brainstorming 3) Policy on Fraud Responsibilities 4) Anti-fraud controls 5) Anti-fraud behaviors 6) Anti-fraud How To skills training 2. EARLY FRAUD DETECTION 1) Detection-based audit steps 2) Detection-based internal controls and behaviors 3) Clear statement of detection responsibilities and accountability 4) Effective hotlines 5) Other tip sources 6) Monitoring for red flags and other fraud indicators 7) Special focus on third party relationships 3. EFFECTIVE FRAUD HANDLING 1) Fraud response is in place and ready to go 2) Employees know what happens when the alarm sounds 3) Investigation 4) Loss recovery 5) Control weaknesses are fixed 6) Coordination with law enforcement and prosecutors 7) Publicity issues 8) Human resources issues 9) Employee morale issues Organizations and their auditors must be prepared to address fraud risks at all three levels. Page 1

4 STEP 1. VISIBLE AND VOCAL EXECUTIVE LEADERSHIP 1. Nothing meaningful happens and is sustained without visible, vocal CEO involvement a) The Chief Executive must personally lead the charge b) Leaders at all levels must talk about it explicitly c) Leaders must make everyone feel safe to report suspicions d) The CEO may appoint a trusted leader to administer the anti-fraud campaign, but they must insist on accountability for results e) The CEO should invest personally in employee awareness and training 2. For years the phrase tone at the top has been used to focus on the statements, business practices and personal behavior of executives and other senior management members. But a leader includes anyone we look to for an indication of proper behavior. That includes everyone from first level supervisors in the field right up to the Board. The tone at the top must match the tone in the middle and the tone at the bottom. 3. Organizations that are serious about managing their fraud risks require outstanding personal example. And counsel all who don t act properly. 4. Employees, vendors, contractors and others all need to know what is allowed in daily behavior. And just as important, what is considered misconduct. 5. Employees and managers must know the rules for reporting financial and other results. 6. Vendors, contractors and other third parties must know your restrictions on gifts and entertainment and penalties for violations. Make your Code of Conduct part of any agreements with third parties. John@JohnHallSpeaker.com Page 2

5 ANTI-FRAUD EXPECTATIONS The list below should give you suggestions of topics or themes to include in leading a discussion about fraud expectations with your staff or team. Don't just read off the list instead, pick five or six items that most relate to your own beliefs and tailor comments to your unique environment and culture. Be sure to: 1. Frame the discussion to the questions those listening to you will likely have 2. Stress the importance of a balanced message tie your request for help to the listeners normal pride in their work 3. Be explicit. Don't beat around the bush. Tell them what you expect and what you need them to do as a result. 4. Use a positive tone. Make it a call to arms that starts with, I need your help to fight this problem. 5. Include examples of what could go wrong in your area, including what it would look like in reports, variances, complaints and other indicators of a problem It is expected that every manager and employee will: 1. Know the fraud related exposures in their areas of responsibility, for example 2. Know what it would look like if it happened. For example 3. Use best-faith efforts to minimize the chance of fraud on their watch. Examples include 4. Make sure the transactions they personally approve are not fraudulent. Here s an example of what I mean 5. Personally monitor for those frauds that only they are in a position to detect. For example 6. Question and challenge the unusual. Here s an example of what I mean 7. Set an example of honest and ethical behavior by personal example and by not tolerating dishonest or unethical behavior in others. Here are a few examples of how to do that 8. Strive to prevent fraud by minimizing the exposures and reducing the opportunities and temptation. For example 9. Immediately refer suspected wrongdoing to Internal Audit or Security for investigation. Here s an example of what I mean John@JohnHallSpeaker.com Page 3

6 STEP 2. ACTIVE FRAUD RISK BRAINSTORMING Fraud risk brainstorming myths: 1) Once and done covers it 2) One group can do this alone 3) Cost isn t justified 4) We already know our risks 5) We ll scare people Three Steps: 1) Staff-level brainstorming 2) Best-guess of probability and significance 3) Address identified exposures in a meaningful way Three Question Script: 1) How could someone exploit weaknesses in our controls and daily behaviors? 2) How could someone override or circumvent our controls? 3) How could someone conceal their wrongful actions? The Secret Sauce: Begin (plan) with the PRESUMPTION that a fraud event has already occurred Position by position, department by department, ask the question What could go wrong? Create a robust inventory of fraud risks. Use this list to provide training for new employees and supervisors. Develop offsetting prevention and early detection procedures for each risk identified. Publicize the effort and the results. Create awareness in honest employees, and fear in those tempted to commit wrongdoing. Few organizations have taken the time to develop a complete list of their existing fraud loss areas. Begin by listing areas where losses have occurred in the past. Then research these areas and assign ranges of probable current loss levels. Normally this list will total no less than one percent of revenue. John@JohnHallSpeaker.com Page 4

7 STEP 3. POLICY ON FRAUD RESPONSIBILITIES Every manager is responsible for: 1. knowing the exposures to wrongdoing and fraud in their areas 2. doing their best to prevent or deter incidents, 3. promptly detecting suspicious transactions and events 4. immediately reporting suspicions to those responsible for follow-up Policies on Fraud Responsibilities, Ethics Statements, Codes of Conduct and other behavior policies should require reporting. Periodic sign-off is a good way to track awareness and minimize I didn t know situations. Add a sign-off where managers and employees acknowledge that they are not aware of violations by others. Essential Content: 1. Positive we need your help / call to arms message 2. State manager and staff responsibilities with precision and clarity 3. Responsibility for exposure awareness 4. Procedures and behaviors to prevent 5. Procedures and behaviors to detect promptly 6. What to do / what not to do 7. Emphasis on SUSTECTED acts 8. Periodic certification 9. Balance is critical Make it Easy to Report: 1. Make it as positive as possible 2. Fraud Hotline in place, understood and trusted 3. Tell everyone exactly how it works, who answers calls, and what they will say John@JohnHallSpeaker.com Page 5

8 STEP 4. ANTI-FRAUD CONTROLS Fraud exposures are identified and specific control procedures are developed, implemented and maintained to both prevent these events from happening and to detect them should they occur. Control Procedures Include: 1. Leadership words and deeds 2. Culture of quality 3. Finance and accounting knowledge wherever needed throughout the organization for effective control 4. Meaningful exposure assessment 5. Limited access 6. Living policies, procedures and systems 7. Responsibility and accountability for transaction initiation, review and approval 8. Effective screening and where appropriate re-screening Never forget: Control procedures alone do not prevent fraud HI III I BEHAVIORS IV II LOW PROCEDURES HI John@JohnHallSpeaker.com Page 6

9 10 REASONS CONTROLS BREAK DOWN: (How many have you seen in your work in the last six months?) 1. Blind trust 2. Willful blindness Ignoring control implications of policies, procedures and reports Ignoring behavioral indicators of problems 3. Not having information needed to assure transactions are proper 4. Culture of not questioning the strange, odd and curious 5. Situational incompetence 6. The process mentality 7. Not enough time to do the control procedures 8. Not enforcing documentation requirements 9. Intentional override 10. Acceptance of the situation (fear, immunity, no longer engaged) Page 7

10 STEP 5. ANTI-FRAUD BEHAVIORS Auditors and employees look for fraud symptoms in information they see each day. Managers and employees are aware of and monitor for fraud indicators in documents they handle and approve, in operations and exception reports, and in behavior. Auditors brainstorm fraud risks on every project, link fraud risks to specific audit procedures, and carry out fraud detection steps during their testing and interviews. Anti-Fraud Behavior Foundation: 1. Competence 2. Integrity 3. Interest 4. Time 5. Real oversight and analysis 6. Coaching Four Daily Anti-Fraud Controls Behaviors: 1. Look 2. Ask 3. Doubt 4. Resolve When YOU See Something YOU Say Something Page 8

11 STEP 6. ANTI-FRAUD HOW-TO SKILLS TRAINING Sponsor or conduct fraud awareness and skills training programs addressing what employees and auditors need to know to prevent, detect and handle fraud. Most employees have never been taught the skills needed to be effective in this area. This skills gap allows fraud to occur and go undetected. Who do we train? 1) All new hires 2) All new supervisors 3) Executives and Board members 4) Relevant third parties What skills are needed? 1) General knowledge of fraud risks 2) What can happen in their areas 3) What it looks like in documents, reports and behaviors they see 4) Suggestions on prevention 5) Suggestions on prompt detection when prevention fails How do we deliver training? 1) Group-live 2) Technology-based Teleseminars Webinars Video 3) 1 on 1 coaching by supervisors 4) 1 on 1 coaching by auditors 5) Written John@JohnHallSpeaker.com Page 9

12 BEFORE APPROVING INVOICES FROM VENDORS AND CONTRACTORS Good Questions to Ask! Each day, managers review and approve thousands of invoices, contractor statements, time sheets, expense reimbursements, purchasing card details, and other documents that cause cash to be disbursed. All too often, that approval becomes a rubber stamp with little active thought about what the approval step really means. Signatures without thought increase the likelihood of mistakes and make it easy for those who are trying to fool us. Managers are encouraged to answer these basic questions before approving invoices and other payment documents. All address the general question of: How do I know? 1. How well do I know this vendor or contractor? Do I have first hand knowledge that they even exist! 2. Do I know that they actually provided the goods or services identified in the invoice or other billing statement? 3. Do I know that they are using the correct amounts for price (including unit prices used), sales tax, freight, and other variables that make up the amount invoiced? 4. On what basis do I know that the prices are reasonable in the first place? What standard have I used in determining that the price charged is fair? 5. How do I know that the quantities make sense? On what basis have we agreed to purchase the stated quantities? 6. How do I know that the invoice and other documents are mathematically correct? 7. Do I know that this invoice has not already been paid? John@JohnHallSpeaker.com Page 10

13 AUDIT / INVESTIGATION FLOW DIAGRAM Audit Tip Exception Pattern Review Of Records Interviews Case File Interrogation Law Enforcement Insurance Company Bonding Claim Control Weakness Audit Report John@JohnHallSpeaker.com Page 11

14 THREE-STEP FRAUD DETECTION for EVERY PROJECT I. THINK LIKE A THIEF BRAINSTORMING Look at identified weaknesses and other opportunities from the perspective of how they could be exploited. Documentation should include specific fraud risks identified and a clear bridge to specific audit steps, controls and behaviors targeted at detection of related fraud incidents. II. USE DISCOVERY TECHNIQUES AGGRESSIVELY a) Discovery or attribute testing. These tests have as their purpose surfacing the visible signs of wrongdoing. Such testing is directed at either electronic or manual records. Electronic data analysis tools make the efficient search of large populations possible. b) Detection-Focused Interviews. Targeted interviewing techniques can be an efficient method for surfacing hidden information. They are used to get the human information not available in records. In situations where the signs of fraud might not be in the records, the interview may be the only method available to surface needed information. c) Monitoring for fraud indicators. Examples include: Internal information used by management to find problems in operations Reconciliations, closing entries, adjustments, override transactions and other available information showing a deviation from normal results Recurring software-based inquiries III. DETERMINE THE CAUSE OF ALL FRAUD INDICATORS SURFACED All indicators surfaced should be investigated as to their cause. Follow up on fraud indicators, symptoms and red flags may lead to the discovery of wrongdoing. It also may surface other important non-fraud issues. Either result justifies following all observed indicators through to the determination of their Root Cause. John@JohnHallSpeaker.com Page 12

15 1. Standard reconciliations 2. Top performance 3. Poor performance 4. Timing differences MONITORING FOR FRAUD SYMPTOMS 5. Suspense accounts and clearing accounts 6. Complaints 7. Overtime by employee 8. Top travelers 9. Top earners 10. Consulting and other third party services billings 11. Adjustments and overrides: sales prices receivable accounts cash accounts inventory 12. Closing entries 13. Failures 14. Common names or addresses for refunds or credits 15. Goods purchased in excess of needs / slow turnover 16. Duplicate payments 17. Regular meetings with key executives 18. Other ideas from your experience: John@JohnHallSpeaker.com Page 13

16 OTHER METHODS OF DISCOVERY 1. If you had unlimited access to records and people, how would you look for fraud? List two ideas. Be specific. 2. If you could create one new data analysis test to look for wrongdoing, what would it be? List the files needed and the specific red flags you would seek to uncover. 3. Some fraud cases surface as a result of tips from informants. What can we do to encourage concerned employees to come forward? What about vendors, customers and other third parties? 4. Auditors and examiners use confirmations for many purposes. Examples of confirmations aimed at fraud detection include: Change of address, mailed to prior address Payments, using a copy of both the front and back of the check Receivables already written off Late payments Refunds and credits List one other confirmation idea aimed at surfacing fraud indicators. 5. What else could you do to find misconduct, wrongdoing, theft or outright fraud on your projects? John@JohnHallSpeaker.com Page 14

17 MISAPPROPRIATION OF ASSETS CASH 1. Theft of cash from point of sale terminals, cash registers and similar devices 2. Petty cash Theft of cash on hand For reasons that should be obvious, organizations with large amounts of cash are very susceptible to theft. The actual theft of the cash -- the commission of the fraud -- is relatively simple. Similarly, there is no conversion step necessary. These schemes become complicated to the thief during the concealment stage. Common schemes involving the theft of cash on hand and the attempt to cover the theft in the records include the following: 1. Skimming Cash is skimmed before it enters the accounting system. 2. Substituting personal checks for cash The employee takes money from the cash register and substitutes a personal check. In that way, the cash drawer is always in balance. 3. Fictitious refunds or discounts Employees record a refund and remove cash as if a refund occurred. But no merchandise was returned or discount given. PURCHASING CARDS 1. Maintenance department administrative assistant $35,000 tool purchase and immediate resale Home Depot 2. Dallas Independent School District Dallas Morning News July 2, 2006 Secretary charges $383,788, has no receipts Former DISD Employee Pleads Guilty to Federal Charge John@JohnHallSpeaker.com Page 15

18 ACCOUNTS RECEIVABLE DIVERSION Most misappropriation related to accounts receivable involves diversion of payments received from customers and others. Schemes to commit fraud and convert the proceeds are fairly simple to perform: 1. Cash payments are simply removed 2. Non-cash payments on account are diverted o An employee opens a bank account in a name similar to the entity being defrauded. Customer payments are then deposited into this account and removed when they clear. o Customers are advised of an incorrect account for wire transfer payments What varies is how the fraud is concealed. Common techniques include: Lapping The payment from Customer A is diverted to the employee. To keep Customer A from complaining, payment from Customer B is applied to Customer A. Customer C s payment is applied to Customer B s account, and so on. Posting bogus credits to the account To conceal the fraud, the employee posts credit memos or other noncash reductions (for example, a bogus sales return or write-off) to the customer account from which the funds were diverted Altering internal copies of invoices The company s copy of the sales invoice is altered to report an amount lower than was actually billed to or collected from the customer. The excess payment is diverted. Other schemes involving receivables include: Diversion of payments on written off accounts many organizations do not monitor activity on accounts that have been written off. This creates the opportunity to divert the funds that were not expected. Freshening and kickback the fraudster makes arrangements with past due customers to help manage their accounts. Adjustments are made to make the account appear to be current (for example, by canceling older invoices and rebilling the transactions with current dates). This effectively gives the customer unlimited time to pay the bills and avoid late fees and interest charges. The employee receives a kickback or other incentive from the customers. John@JohnHallSpeaker.com Page 16

19 INVENTORY, EQUIPMENT and OTHER HARD ASSET THEFT Theft for personal use. More likely to occur when items are small in size but have a relatively high value to the employee or other consumer. For example, in general a notebook computer has more value to the thief than does the computer chip that drives that computer. Theft for resale. As theft is for resale, value to the thief is not based on their own ability to use the item taken, but is based on the ability to the thief to convert the stolen items to cash or other assets through resale. As such, high quantities of items stolen provide high conversion value and thus higher appeal to the thief. Common schemes include: 1. Receiving personnel removing goods right from the receiving docks before physical custody is perfected 2. Collusion with delivery personnel to arrange for goods to be dropped at an unauthorized location 3. Records direct that items purchased are to be delivered to a location where the thief can easily take control Theft of scrap and used assets. In many organizations, controls may be weak over scrap disposition as well as the retirement and disposition of other used assets. Creative thieves find ways to sell these items, and divert all or part of the proceeds. Examples include: 1. Setting up but not disclosing ownership of customer organizations or brokers who purchase or dispose of these items at a below market spot price 2. Purchasing used vehicles or equipment at less than fair value, and then immediately reselling these items to third parties at market value Note that losses can be significant, especially where the embezzler has the authority or other ability to inappropriately designate good inventory and other usable assets as scrap. John@JohnHallSpeaker.com Page 17

20 PURCHASING, ACCOUNTS PAYABLE AND VENDOR FRAUD 1. Payment of invoices to a fictitious or otherwise manipulated entity The embezzler establishes a fake entity or has control over a real entity, and enters transactions into the payments stream through the vendor master file or as a one-time payment vendor. An invoice is produced and processed. Funds are diverted by check or electronic payment. 2. Kickback or other similar incentives are used to: a) Vendor allowed to submit fraudulent billing and approving the payment (goods not received or services not performed, billing more than once for the same item, providing low quality items but billing for the higher quality) b) Allow excess purchase of property or services c) Facilitate bid rigging d) Maintain the relationship 3. Common Red Flags, Symptoms and Indicators Fictitious vendors and related payments schemes: a) Photocopied invoices, invoices with signs of tampering, or invoices on plain paper when preprinted forms might be expected b) No phone number on the invoice; no tax ID number on file c) Address, tax ID number or phone number is the same as an employee, another vendor or a related party d) Vendor names are a knockoff of a well-known business ( IBN Consulting ) e) The amount of invoices falls just below approval threshold levels f) Invoices numbers from vendors occur in an unbroken consecutive sequence Kickbacks: a) High level manager handles all matters related to a vendor even though this level of attention might be outside or below normal duties b) Vendors receive a large amount of business for no apparent business reason c) Prices from a particular vendor are unreasonably high when compared to others, and/or quality of goods or services received from a vendor is low d) Tips or complaints from other employees or honest vendors e) Key contracts awarded with no formal bid process f) Purchase of excess goods John@JohnHallSpeaker.com Page 18

21 FICTITIOUS / MANIPULATED VENDORS 1. Charity Adams + Two = $540, Elevator / Escalator Maintenance 3. Eagle County CO Charity 4. Dixon Illinois What Happened CASE STUDY: THE CONTROLLER $3.5 million taken over seven years 3 primary parts: a) Payments to janitorial company owned by the controller and his wife b) Work on two homes and a vacation condo c) Gift cards from a national warehouse club retailer Who Did It 63 year old controller Male, married with grandchildren Poor health Approaching retirement Marginal performer 25 year employee at time scheme started Had ability to initiate, approve and code transactions Month-end authority allowed moving costs by journal entry Symptoms, Red Flags and Indicators Significant spend amounts Poor plant financial performance Large budget variances Excessive volume of journal entries Missed closing deadlines Known related party Unqualified accounting assistant Dramatic change in lifestyle / personal spend patterns John@JohnHallSpeaker.com Page 19

22 FRAUD EXPOSURES IN PROCUREMENT AND CONTRACTING 1. Bid rigging, price fixing, collusion and other Shadow Deals: a) The Crawford Case 2. Material or skills substitution: a) Consulting, legal, and public accounting field promotions 3. Alternate methods employed: a) Shotcrete v. formed and poured b) PVC v. copper 4. Excess hours, materials or other measures on T&M contracts: a) Data cable installation b) Bovis Lend Lease 5. Buyouts on subcontracted work and suppliers: a) Disclosed v. undisclosed savings 6. Defective pricing: a) Equipment rental b) Change order pricing 7. Cost Accounting exposures: a) Labor and related burden (The Wisconsin Contractor) Labor rates Payroll taxes Insurance and other charges Methodology and/or application errors b) Non-reimbursable costs (hockey teams and fishing trips) c) General conditions d) Falsification of records Page 20

23 THE CRAWFORD CASE COST PAYEE CODE DOCUMENT DESCRIPTION LABOR MATERIAL SUBCON EQUIP OTHER TOTAL Cost Code 1024: Painting / Base Building 1024 Inv# SC ABC Construction 22, , Inv# APP Meteor Painting LLC 11, , Inv# SC ABC Construction 18, , Inv# SC Meteor Painting LLC 7, , Inv# SC ABC Construction -2, , , , , Cost Code 1028: Structural / Seizmic Work 1028 Inv# SC ABC Construction 70, , Inv# Kidder Metal Fabric 62, , Inv# SC ABC Construction 170, , Inv# 3277 Structural Imaging Inv# SC-I073 ABC Construction -7, , , , , GROUP DISCUSSION NOTES John@JohnHallSpeaker.com Page 21

24 20 DETECTION SUGGESTIONS PROCUREMENT AND CONTRACTING 1. Analyze bids, looking for patterns by vendor or purchasing agent 2. Confirm losing bids and failure to respond to bids and Requests for Quotations 3. Audit vendors transaction records, T&E, 1099 s 4. Surprise count and inspect at receiving points 5. Match PO, proof of receipt, and invoice 6. Observe inventory held by others 7. Observe highly tempting items 8. For sole source vendors, confirm existence, prove ownership, test prices, find other sources, and analyze usage volumes. Verify sole source justification 9. Reconcile inventory, purchases and usage of items subject to pilferage 10. Audit rental of equipment, including equipment rental used by contractors 11. Verify accuracy of items that must be stored in containers (gases, liquids, other) 12. Audit areas where vendors come in, take stock of existing levels, and replenish stocks on their own 13. Audit purchases that do not go through normal purchasing procedures 14. Audit maintenance agreements 15. Audit property management agreements 16. Audit costs on cost-plus agreements to original documentation. Look for creative interpretations of the term cost by vendors or contractors 17. Pull D&B reports and enter vendor names into press databases 18. Use computer to look for multiple PO and split bills 19. Confirm delivery locations 20. Verify address and other master file changes by vendor John@JohnHallSpeaker.com Page 22

25 1. REVENUE RECOGNITION COOKING THE FINANCIAL BOOKS Recording fictitious sales to nonexistent customers and recording phony sales to legitimate customers These schemes normally occur near the end of an accounting period and may involve the issuing of some form de facto reversal of the sale soon after the end of the accounting period Recording revenue on transactions that do not meet the revenue recognition criteria may include transactions where right of return exists, bill-and-hold transactions, accelerated percentage-of-completion recognition, and transactions where the earnings process is not complete. Recognizing revenue in the wrong period most common is recognition of revenue on anticipated future sales. Often involves altering dates on shipping documents or keeping the records open until the shipment has occurred. 2. OVERVALUED ASSETS Overvaluing assets is a relatively simple way to directly manipulate reported financial results, since overstated assets usually result in understated expenses. Common schemes for reporting overvalued assets include: a) Inflating the value or quantity of inventory on the balance sheet (PharMor) b) Capitalization of costs that should have been expensed (WorldCom) c) Including non-business assets on the balance sheet (boats and exotic cars) d) Failure to recognize impairment losses on long-lived assets 3. UNDERREPORTED LIABILITIES a) Recognition of assets without related liability effect (Enron) b) Understating accounts payable by recording purchases in subsequent accounting periods, overstating purchase returns, or falsifying documents that make it appear that liabilities have been paid off c) Failure to record all debt or other liabilities, or recognize contingent liabilities d) Underreporting future obligations such as warranty costs 4. HOW AUDITORS WERE FOOLED: LESSONS FROM FAMOUS CASES a) ZZZZ Best b) Peregrine Financial Group John@JohnHallSpeaker.com Page 23

26 COOKING OTHER RESULTS 1. VW and Mitsubishi 2. School district cheating 3. Shadow Curriculum for elite athletes 4. Side effects from drugs 5. Family Connections Page 24

27 DISCUSSION QUESTIONS MANAGEMENT OVERRIDE RISK 1. High-profile cases usually involve high-level taking advantage of their authority to override controls. What should we do during the planning and performance phases of our projects to take into account the possibility of management override to commit and conceal fraud? Be specific. 2. One difficult fraud exposure involves override by top executives and fraud for the benefit of the organization. Have you encountered any instances of senior manager or executive override to commit fraud? Provide details of what happened and how it was discovered. 3. Another macro fraud risk involves fraud committed for the benefit of the organization. Examples include a pattern of manipulating high-level financial or operating results, misleading government agencies, misrepresenting the capabilities of products or services sold, and similar events. Have you encountered any instances of fraud for the benefit of the organization? To the extent you can, provide details of what happened and how it was discovered. 4. Most auditors would agree that we should detect material management fraud in the organizations we audit. After all, if the fraud is big enough to be material, it should be big enough to detect. But what about management fraud that does not hit the standard of materiality? The one that happens all too frequently and is material to the manager s compensation. Should auditors be responsible for detection of such immaterial financial or other results reporting fraud? John@JohnHallSpeaker.com Page 25

28 FRAUD INDICATORS, BEHAVIORS, AND RESPONSE The most reliable indicators are those that appear in transaction records. Also important are behaviors that are often observed in individuals engaged in wrongful acts. Examples include: Refusing to share transaction information and support that should be available to others with a legitimate need to know Refusing to train subordinates, particularly in duties related to financial closing procedures, reconciliations, and dealings with customers and suppliers High volume of business is directed to suppliers for no apparent reason Excessive entertainment or gifts from suppliers Tips or complaints about an individual s behavior Unusual travel or work time patterns Living well beyond one s means with no reasonable explanation Wheeler-dealer attitude Rationalization of contradictory behavior Excessive gambling or other speculation Substance abuse Not taking vacations of more than two or three days Special caution should be demonstrated in following up on behavior symptoms. Be sensitive to privacy. Ask yourself, If this behavior I observe makes me uncomfortable for some reason, what wrongful actions might the individual be taking in their job that might be evidenced by behavior I see? React to the fraud exposure, not to the behavior. Look in the records to see if a wrongful act is occurring. Better still call for help! AVOID OVERREACTING TO FRAUD INDICATORS. Follow up on the indicator to determine the true cause. DISCUSSION QUESTIONS 1. From a past fraud case you have knowledge about, identify a symptom or indicator of the fraud that was present in the records. 2. Do you know of a case where the fraudster s lifestyle or personal habits might have been a tip off to their wrongdoing? John@JohnHallSpeaker.com Page 26

29 FRAUD RESPONSE IS IN PLACE AND READY TO GO Identify the skills and relationships that will be needed when fraud is detected, and assemble the team in advance. Craft the message you want to deliver to employees, customers, the press and others. Know who will be authorized to investigate, handle requests for information, and interface with any outside parties. Response challenges: 1) Uncertainty and fear 2) Response readiness 3) Loss recovery 4) Reporting to the authorities 5) Insurance 6) Morale and HR 7) Publicity 8) Learning from fraud events Incident response resources: 1) Experienced investigators 2) Forensic accountants 3) Information technology experts 4) Computer forensics experts 5) Other technical specialists 6) Security / Loss prevention 7) Internal auditors 8) Human resources 9) Legal and compliance John@JohnHallSpeaker.com Page 27

30 INVESTIGATION MANAGEMENT OVERVIEW 1. Investigation is not for everyone. There are inherent risks, and things can go wrong. The auditor or examiner may be lied to, attacked as to qualifications and professionalism, and subject to scrutiny they have not experienced in the past. 2. Don t investigate without a policy. Make sure of your authority and the limits of that authority. Ask: What will the organization do if I m sued? And get a solid answer preferably in writing. The auditor or examiner is not a deep pocket. But a tactical suit may be aimed at discrediting the individual who performed the work and thereby weakening the conclusions in the eyes of others. 3. Do not do anything that is unauthorized or illegal. 4. There should be clear policy on when to report to law enforcement or other governmental authorities. 5. Each fraud incident is unique. Although there are many similarities in fraud cases, there is nothing completely identical from one investigation to another. The actual scope, methodology and strategy in each investigation will vary. However, there are efficiency opportunities from building lists of helpful investigative practices. a) Develop a Fraud Investigation Checklist. It should include typical steps to be performed and sources of information. b) Consider developing an Investigative Resource Guide. Keep track of the types of information needed during an investigation and the sources used to find it. Use the Guide as a tool on investigations and keep it current. 6. Case Reports for Executive Management: a) Speak to intent: Was it an error or on purpose b) Who did it? Who else was involved? c) Extent of the loss d) Recovery potential or status e) How it was done and the internal control implications 7. Reports for law enforcement and insurance companies: a) Sequence of events b) Relevant company policies and procedures c) Copies of documents d) Reference review by counsel e) Exclude internal control implications? John@JohnHallSpeaker.com Page 28