Fraud Prevention and Detection Michael Schulstad, CPA/CFF/CGMA/FBI (ret)

Size: px

Start display at page:

Download "Fraud Prevention and Detection Michael Schulstad, CPA/CFF/CGMA/FBI (ret)"

Camron Jenkins
5 years ago
Views:

WEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTING Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered

1 WEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTING Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor Fraud Prevention and Detection Michael Schulstad, CPA/CFF/CGMA/FBI (ret) 2018 Tax, Finance and Accounting Conference for Cooperatives August 5-8, 2018

2 Contents Presentation Objectives 3 Fraud Defined 4 Fraud Types 8 How Frauds are Detected 14 Weaknesses That Contribute to Fraud 18 Profile of a Fraudster 21 Internal Controls 32 Data Analytics Usage 39 Fraud Program Best Practices 43 Summary - Key Take Aways 46 Resources 48 2

3 Presentation Objectives Fraud Defined - Begin to think forensically What is the cost of fraud? Learn how frauds are detected Learn the most common internal control breakdowns that contribute to fraud Build awareness of the types of fraud, the profile of a fraudster, and common red flags Learn how to respond to an incident of fraud Best practices for an internal Fraud Program Summary - Key Take Aways 3

4 Fraud Defined 4

5 Fraud Defined "Fraud is any intentional act or omission designed to deceive others and resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Source: "Managing the Business Risk of Fraud: A Practical Guide Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. Source: IIA s International Professional Practices Framework (IPPF) 5

6 The Fraud Triangle Pressure/ Incentive Opportunity Rationalization/ Concealment

7 Maintaining Professional Skepticism Acknowledge that fraud risk exists Encourage open and candid discussion Know your employees If I were to try to commit fraud, how would I do it? Continuously assess the risk of management and control override (think about collusion) Openly display your skepticism to set the tone at the top and spread awareness Take swift action when fraud event occur and make the response action (not the details) known internally 7

8 Fraud Types 8

9 The Fraud Tree 9

10 The Fraud Tree 10

11 Cost of Fraud The typical organization loses 5% of annual revenue to fraud In the ACFE s study of over 2,400 occupational fraud cases, the total cost of fraud was over $6.3 billion And that is only what is reported!!!!!! 11

12 Frequency Duration and Cost 12

13 Concealment 13

14 How are Frauds Detected 14

15 15

16 Sources of Tips 16

17 Median Loss and Duration 17

18 Weaknesses That Contribute to Fraud 18

19 19

20 20

21 Profile of a Fraudster 21

22 What does a fraudster look like? 22

23 F R A U D D E F I N E D M I S A P P R O P R I A T I O N 23

24 FAMOUS EXAMPLES Jeffrey Skilling Ken Bernard Madoff John Rigas Lay 24

25 Local Fruit Growers Phantom Employees Payroll Theft 9 Phantom employees family members and friends of two bookkeepers Stole over $1 million over multiple years ( ) Found when both bookkeepers were off work during payroll processing 10 Extra checks provided to a manager and upon review by office staff noted one of the checks was for a daughter of bookkeeper who no longer worked at local fruit grower company. 25

26 Local Fruit Grower - Phantom Business used for fraud Employee Relationship Manager of local fruit grower Created a phantom business partnership Phantom company billed a subcontractor of local fruit grower Subcontractor billed the local fruit grower Services billed to local fruit grower were already being performed by employee Lawsuit filed by local fruit grower against former employee and subcontractor 26

27 Local Fruit Growers - Ghost Employee Accounts Local fruit grower Payroll office employee Created ghost employee accounts and paid out over $37,000 Three phony employees and 28 checks Collected the paychecks and her mother assisted her with cashing the checks. Both convicted and sentenced to home confinement and restitution. 27

28 28

29 The Impact of Collusion 29

30 Behavioral Red Flags Observed 30

31 Non-Fraud-Related Misconduct 31

32 Internal Controls 32

33 Preventive Controls Designed to prevent misstatements / fraud before it has occurred Provide employees fraud awareness training Implement policies and procedures Segregate Duties Establish passwords and physical safeguards to restrict unauthorized access Ensure alignment of responsibilities, authority and incentives 33

34 Detective Controls Designed to detect misstatements / fraud after it has occurred Establish a fraud reporting system (i.e. whistleblower hotline) Use reconciliations, independent reviews, physical inspections/counts and analysis Review exception reports and ensure that they are cleared by persons with appropriate authority Utilize technology to perform data analysis and comparison and continuous auditing techniques Perform surprise audits 34

35 Controls Segregation of Duties Smaller organizations with limited resources can still have effective segregation of duties controls. Focus on preventive controls rather than detective controls. Alternate sequential tasks, so that no one person has complete responsibility for the entire transaction. Functions to separate: Authorization, Payment, Custody, and Recording. Consider outsourcing if there simply are not enough people to separate the necessary functions. 35

36 Segregation of Duties Illustration 36

37 The Impact of Hotlines 37

38 Hotlines How many of you believe there is a hotline in place at your organization? For those of you that say, yes, how many of you know how to use or access it? As a group of team leaders, how do you think your team members would respond to these two questions? What about your external relationships? (Contractors, lenders, venders, etc.) 38

39 Data Analytics Usage 39

40 M I S S T A T E M E N T / F R A U D D E T E C T I O N P R O C E S S U S I N G T E C H N O L O G Y Some of the strongest detective controls include data analysis These can be used to identify hidden relationships and questionable transactions. These include the following: Drill-down analysis, Exception analysis, File matching, Joining different diverse sources, Logs analysis. 40

41 M I S S T A T E M E N T / F R A U D D E T E C T I O N P R O C E S S U S I N G T E C H N O L O G Y ( C O N T I N U E D ) Examples of data analysis: Compare payments to employee addresses and other human resources data (matching employee SSN, employee bank account, addresses against database). Search for P.O. box payments. Search for missing tax ID numbers. Search for ghost employees or inaccurate records in payroll files. Tests that a vendor review examines tax ID numbers to ensure all vendors have appropriate system records, while matching vendor addresses and invoice data with employee addresses, names and identifying details. Tests also compare addresses, payments and other key data with recurring claim indicators to ensure, for example, that payments are made to the actual policyholder and not to another individual or group. Search for duplicate and over payment. Review of transaction posted during the weekend. Review of log, search for unauthorized access. 41

M I S S T A T E M E N T / F R A U D D E T E C T I O N P R O C E S S U S I N G T E C H N O L O G Y ( C O N T I N U E D ) Data analysis can be implemented as part of a continuous auditing initiative

42 M I S S T A T E M E N T / F R A U D D E T E C T I O N P R O C E S S U S I N G T E C H N O L O G Y ( C O N T I N U E D ) Data analysis can be implemented as part of a continuous auditing initiative where a data analysis tool (such as ACL, IDEA) is plugged into the information system and provides automated periodic reports. One of the benefits is improvement in productivity and efficiency of the IA fraud controls. 42

43 Fraud Program - Best Practices 43

44 F R A U D P R O G R A M B E S T P R A C T I C E S Management ethical commitment. Fraud Hotlines, reporting procedure and protection. Fraud awareness training. Key Policies and Procedures Zero tolerance policy and Code of Conduct (recommend a specific senior management code of conduct). Completion of a fraud risk assessment. Conflict disclosure process. Key Human Resources policies and procedures (e.g. background checks). Investigation Process. 44

F R A U D D E T E C T I O N P R O C E S S R E D F L A G S Red Flags for Corruption An organization paying more than the best price available. Very specific requirements that tend to favor one bidder.

45 F R A U D D E T E C T I O N P R O C E S S R E D F L A G S Red Flags for Corruption An organization paying more than the best price available. Very specific requirements that tend to favor one bidder. Projects that are broken into two contracts to circumvent review limits or approval authority. A too-successful bidder who is consistently winning bids. Social contact between the bid solicitors and bidders. A procurement officer living beyond their means. Employee Red Flags Employee lifestyle changes: expensive cars, jewelry, homes, clothes, etc. Significant personal debt and credit problems. Behavioral changes indicating possible drug, alcohol, gambling addiction, or fear of losing job. High employee turnover, especially in areas vulnerable to fraud. Refusal to take vacation or leave. Lack of segregation of duties. Work Environment Executive management does not appear to care about or reward good behavior. Negative feedback and lack of recognition for job performance. Perceived inequities in the organization. Low organizational loyalty or feelings of ownership. Poor training and promotional opportunities. Lack of clear organizational responsibilities. Poor communication practices or methods within the organization. 45

46 Summary Key Take Aways 46

47 S U M M A R Y - K E Y T A K E A W A Y S Fraud continues to grow in today s environment and there is an increased focus on addressing fraud. A successful fraud program has many aspects, especially a commitment by the Board and Management to the process. Completion and updating of a formal Fraud Risk Assessment analysis is an important part of having a successful fraud program. Internal Audit can play an important role in an overall fraud program. Technology is a powerful tool that can be used both to detect and to investigate frauds. How you respond to a fraud is an important component of fraud program 47

48 Resources 48

49 Resources ACFE.com Free resources, including the Report to the Nations cited herein Managing the Business Risk of Fraud, jointly sponsored by the IIA, AICPA, and ACFE Fraud Detection in a GAAS Audit, AICPA Audit and Accounting Practice Aid Series Management Override of Internal Controls: The Achilles Heel of Fraud Prevention, AICPA Management Antifraud Programs and Controls: Guidance to Help Prevent, Deter, and Detect Fraud, jointly sponsored by the AICPA, ACFE, FEI, ISACA, IIA, IMA, and SHRM 49

50 Open Discussion and Q&A Michael D. Schulstad, CPA/CFF/FBI(ret) Mobile