Fraud Seminar. Fraud Seminar: Fraud Basics and Red Flags. Agenda 10/01/ McHard Accounting Consulting LLC

Transcription

1 Fraud Seminar Beth A. Mohr, CFE, CAMS, PI, MPA NM-PI #2503; AZ-PI # Janet M. McHard, CPA, CFE, MAFF, CFF McHard Accounting Consulting LLC IIA El Paso Chapter October 1, 2013 Agenda Fraud Basics and Red Flags of Fraud for Internal Auditors Internal Investigators for Internal Auditors with Case Studies Fraud Seminar: Fraud Basics and Red Flags 1

2 Occupational Fraud The use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization s resources or assets Occupational Fraud Has four common elements: Is clandestine Violates the perpetrator s fiduciary duties to the victim organization Is committed for the purpose of direct or indirect financial benefit to the perpetrator Costs the employing organization assets, revenue or reserves How much does fraud cost? The Association of Certified Fraud Examiners 2012 Report to the Nations on Occupational Fraud and Abuse estimates losses at 5% of annual revenues, that s $3.5 trillion when applied to the World Gross Product. 2

3 Who loses? According to the 2012 Report: Private organizations represented 39.3% of the frauds reported with a median loss of $200,000. Public organizations represented 28.0% of the frauds reported with a median loss of $127,000. Nonprofit organizations represented 10.4% of the frauds reported with a median loss of $100,000. Government organizations represented 16.8% of the frauds reported with a median loss of $81,000. Who loses? According to the 2012 Report: Companies with less than 100 employees account for 31.8% of all occupational fraud and abuse with a median loss of $147,000. Companies with 100 to 999 employees account for 19.5% of all occupational fraud and abuse with a median loss of $150,000. Companies with 1000 to 9999 employees account for 21.8% of all occupational fraud and abuse with a median loss of $100,000. Companies with more than 10,000 employees account for 20.6% of all occupational fraud and abuse with a median loss of $140,000. Portrait of a Thief Those who steal most often: Employee/manager 79.1% Male 65.0% Aged 36 to % Tenure 1 to 5 years 41.5% Never charged or convicted 87.3% Never punished or terminated 83.7% 3

4 Portrait of a Thief Those who steal the most money: Owner/executive - $573,000 Male - $200,000 Aged $600,000 Tenure 10+ years - $229,000 Cressey s Hypothesis: The Fraud Triangle Non-Sharable Financial Problem Opportunity Rationalization Non-sharable Financial Problem Examples: Alimony payments Addictions High personal debt Extra-marital affairs Medical problems Living beyond one s means 4

5 Rationalization Examples: Company overlooked me I m just borrowing the money They owe it to me - I m underpaid Everyone else does it They don t even know who I am Double the work with the same pay Temptation Trust Lack of Controls Lack of Punishment Opportunity Red Flags of Fraud A red flag is a set of circumstances that is unusual in nature or varies from normal activity. It is a signal that something is out of the ordinary and probably should be investigated further. In short - something doesn t smell right. 5

6 Two Cautionary Notes Do not ignore a red flag. Sometimes an error is just an error. Management Red Flags Generally, management fraud is financial statement fraud Reluctance to provide information to auditors Excessive number or frequent changes in bank accounts Significant downsizing in healthy market Complete computer system loss, even back up More Management Red Flags Continuous rollover of loans Any transaction that doesn t make common or business sense Great donation/grant figures but no cash Missing documents Inconsistent, vague or implausible responses 6

7 Employee Red Flags Lifestyle changes Behavioral changes High turnover in areas more vulnerable to fraud Refusal to take leave Cash/AR Red Flags Excessive voids/discounts/returns Not reconciled in timely manner Unauthorized or dormant bank accounts Customer complaints (payments not applied) Large number of write-offs of accounts Discrepancies between deposits and postings Payroll Red Flags Overtime inconsistent with cost center, business cycle or position Duplicate SSN, names or addresses Employees with no voluntary deductions Frequent manual checks 7

8 Purchasing Red Flags Abnormal inventory shrinkage Sales without shipping documents Vendors without physical addresses Vendor addresses that match employee addresses Excess and slow turnover inventory Sequential invoice numbers Sanctions Don t Deter Fraud Simply punishing perpetrators is not an effective way to deter fraud. Fraudsters do not anticipate getting caught. They do not see their actions as something that should be sanctioned. Sanctions are a secondary consideration to the fraudster. Increasing the Perception of Detection Perception of detection may well be the most effective fraud prevention method. Employee education Management oversight Dishonest acts will be punished Reporting activities Hotlines Rewards 8

9 Initial Detection Tip 43.3% Management review 14.6% Internal audit 14.4% By accident 7.0% Account reconciliation 4.8% Document examination 4.1% External audit 3.3% Notified by police 3.0% Surveillance/monitoring 1.9% Confession 1.5% IT controls 1.1% Other 1.1% Sources for Tips Tips from employees 50.9% Tip from customer 22.1% Anonymous tip 12.4% Tips from other sources 11.6% Tip from vendor 12.1% Tip from shareholder/owner 2.3% Tip from competitor 1.5% Effectiveness of Controls Management review: with $100,000 median loss, $185,000 without Employee support programs: with $100,000 median loss, $180,000 without Hotlines: with $100,000 median loss, $180,000 without Fraud training for mgmt/execs: with $100,000 median loss, $158,000 without 9

10 Impact on Duration Management review: with 14 months duration, 24 months without Employee support programs: with 16 months duration, 21 months without Hotlines: with 12 months duration, 24 months without Fraud training for mgmt/execs: with 12 months duration, 24 months without Tone at the Top It is ESSENTIAL that upper management, owners, and C-level executives visibly and actually support all fraud prevention controls and actions. Top officials should be present at the roll-out and should support, by example, the hotline and results from the hotline and other antifraud measures. From PWC s Study: When management introduces anti-fraud values and an ethics code into its brand and these are understood and supported by employees their employees often become the best guardians of the company brand and its ethics. PriceWaterhouseCoopers 2005 survey 10

11 What Kind of Controls? According to the PWC survey: Companies that classified their prevention attitude as control-oriented rather than trust oriented reported a higher number of frauds. People who identify with their organization are less likely to damage it as the psychological barriers to this are higher. Fraud Seminar: Investigations for Internal Auditors with Interactive Case Studies Fraud Examination A methodology of resolving fraud allegations from inception to disposition Includes: Obtaining evidence and taking statements Writing reports Testifying to findings Assisting in the detection and prevention of fraud 11

12 Initiating the Investigation Sources (tip, audit finding, other) Determining predicate Evaluating tips Revenge Genuine concern Money Steps in a Fraud Examination Document Examination Neutral Third Party Witnesses Cooperative Witnesses Co-Conspirators Subject Selecting the Investigation Team Certified Fraud Examiners Internal Auditors Security Human resources Management representative Outside consultant Forensic accountants and investigators Legal counsel 12

13 Legal Definition of Fraud Material misrepresentation Intent Relied upon by the victim Damage/Loss Proving Intent Required for all criminal fraud cases Two methods: Direct admission Indirect/circumstantial evidence Indirect/Circumstantial Proof of Intent Suspect: Could not have had a legitimate motive for actions Altered documents, destroyed evidence, or attempted to obstruct the investigation Gave false, misleading statements concerning the matters under investigation Repeatedly engaged in activity of apparent wrongful nature Personally gained from the fraudulent act 13

14 Definition of Evidence Anything perceivable by the five senses and any proof legally presented at a trial to prove a contention and induce a belief in the minds of a jury Direct evidence Circumstantial evidence Burden of Proof Criminal cases Beyond a reasonable doubt Juries must rule unanimously Civil cases Standard of proof is much lower May be decided on preponderance of the evidence Jury decision does not have to be unanimous Admissibility of Evidence In order to be admissible, evidence must be both relevant and material. Relevance - Tends to make some fact in issue more or less likely than it would be without the evidence Material - Is important in the decision-making process of the victim 14

15 Legal Issues in Internal Investigations The right to investigate fraud is implicit in our business, accounting, and legal systems No special authority required Examiner must act on predication Legal Issues in Internal Investigations A fraud examiner who acts irresponsibly can be liable for the following actions: Defamation Invasion of privacy Publicity of private facts Intrusion False imprisonment Wrongful discharge Rights and Duties of Employees Employees duty to cooperate Employees contractual rights Whistleblowers False Claims Act Qui tam suits for fraud against the U.S. government Information must be original or not publicly disclosed Dodd-Frank Act Whistleblower incentives Protection against retaliation 15

16 Rights and Duties of Employees Employees constitutional rights Workplace searches Reasonable expectation of privacy Exclusive control Reasonable grounds Company policy regarding searches Internal Auditor Responsibilities The Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing Practice Guide: Internal Auditing and Fraud Proficiency Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities A2 - Must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed, but are NOT expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. 16

17 Due Professional Care Apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility A1 Exercise due professional care by considering the: Extent of work needed Relative complexity, materiality, or significance of matters Adequacy and effectiveness of governance, risk management, and control processes Probability of significant errors, fraud, or noncompliance Cost of assurance in relation to potential benefits 1220.A3 Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources. 17

18 Governance Internal audit must assess and make recommendations for improving the governance process in its accomplishment of: Promoting appropriate ethics and values Ensuring effective organizational performance Communicating risk and control information Coordinating the activities of and communicating information among the board, auditors, and management Risk Management Internal audit must evaluate the effectiveness and contribute to the improvement of risk management processes A1 - Must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the: Reliability and integrity information Effectiveness and efficiency of operations Safeguarding of assets Compliance with laws, regulations, and contracts 2120.A2 - Must evaluate the potential for fraud and how the organization manages fraud risk Control Internal audit must evaluate the effectiveness and efficiency of controls A1 - Must evaluate the adequacy and effectiveness of controls, in responding to risks, regarding the: Reliability and integrity of information Effectiveness and efficiency of operations Safeguarding of assets Compliance with laws, regulations, and contracts 18

19 Engagement Objectives Objectives must be established for each engagement A1 - Must conduct a preliminary assessment of risks. Objectives must reflect results of this assessment A2 - Must consider the probability of significant errors, fraud, noncompliance, etc., when developing objectives. IPPF - Practice Guide: Internal Auditing and Fraud Helps auditors comply with responsibilities pertaining to fraud Not mandatory, but strongly recommended Topics covered: Fraud awareness Potential fraud indicators Roles and responsibilities for fraud prevention and detection IPPF - Practice Guide: Internal Auditing and Fraud Topics covered (continued): Internal auditor s role during audit engagements Fraud risk assessment Fraud prevention and detection Fraud investigation Forming an opinion on internal controls related to fraud 19

20 IPPF Practice Guide: Internal Auditing and Fraud Internal audit s role in fighting fraud: Consider fraud risks in internal control design and audit steps Have sufficient knowledge of fraud to identify red flags Be alert to opportunities that could allow fraud Evaluate management s performance with respect to fraud risk management Evaluate the indicators of fraud Recommend investigation when appropriate IPPF Practice Guide: Internal Auditing and Fraud Internal auditors must exercise professional skepticism in all audit work. Professional skepticism: an attitude that includes a questioning mind and a critical assessment of audit evidence. IPPF Practice Guide: Internal Auditing and Fraud Other roles and responsibilities for fighting fraud: Board of directors Audit committee Management Legal Counsel External auditors Loss prevention manager Fraud investigators Other employees 20

21 Case Studies The Conflict of Interest Facts Entity is a large rural school district. More than $400,000 spent to upgrade technology. Technology purchased from one specific vendor as sole source. PC-based system. The technology buyer had acknowledged working for the vendor during off contract times. 21

22 Questions Markers of fraud? Predicate? Additional information? Possible scheme? Investigation? How perpetrated? Collusion? Controls to prevent? Other policies or procedures to prevent? The Absentee Owner Facts Suspects manage a large ranch and have access to bank accounts and credit cards. Owner lives back east. Ranch is not profitable. Copies of cancelled checks doctored to show different payee. Suspects make large purchases without authorization. 22

23 Questions Markers of fraud? Predicate? Additional information? Possible scheme? Investigation? How perpetrated? Collusion? Controls to prevent? Other policies or procedures to prevent? Expense Reports: A Way to Extra Compensation Facts Entity is a rural public university. A professor was rumored to be padding expense reports. The professor had three grants to promote college attendance among high school students. The grants provided for prizes to high school students who attend college study sessions. 23

24 Questions Markers of fraud? Predicate? Additional information? Possible scheme? Investigation? How perpetrated? Collusion? Controls to prevent? Other policies or procedures to prevent? The Conflicted CPA Facts The CPA owns a portion of the client s business and has signatory authority over bank accounts. The CPA has signed for lines of credit without the client s knowledge. He prepares taxes for all owners of the business as well as the business. He has paid himself over $800k in fees. 24

25 Questions Markers of fraud? Predicate? Additional information? Possible scheme? Investigation? How perpetrated? Collusion? Controls to prevent? Other policies or procedures to prevent? The Credit Card Factory Facts After arrest, hundreds of credit cards with different names are found in suspect s car. Suspect is carrying multiple drivers licenses with multiple names. Boxes with credit cards are labeled 30 days, 90 days and no good. Suspect has several women s purses stuffed full of jewelry. 25

26 Questions Markers of fraud? Predicate? Additional information? Possible scheme? Investigation? How perpetrated? Collusion? Controls to prevent? Other policies or procedures to prevent? References All stats are from the 2012 Report to the Nation, Published by the Association of Certified Fraud Examiners released July Global Economic Crime Survey 2005, Published by PriceWaterhouseCoopers released November _global_crimesurvey.pdf Fraud Seminar Beth A. Mohr, CFE, CAMS, PI, MPA NM-PI #2503; AZ-PI # Janet M. McHard, CPA, CFE, MAFF, CFF McHard Accounting Consulting LLC Albuquerque, New Mexico (505)