Moving the Needle: Fighting Fraud from the Inside Through Audit. Mary Breslin, CFE, CIA President Empower Audit Training and Consulting

Transcription

1 Moving the Needle: Fighting Fraud from the Inside Through Audit Mary Breslin, CFE, CIA President Empower Audit Training and Consulting

2 Moving the Needle Fighting Fraud from the Inside Through Audit Mary Breslin, MBA, CIA, CFE

3 What is Occupational Fraud? The Association of Certified Fraud Examiners defines occupational fraud as: The use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization s resources or assets. 2017, Empower Audit, LLC. 3

4 What does that mean? The intentional and wrongful obtainment of a benefit through: Theft or embezzlement False statements (documents, grants, applications) Corruption, kickback, conspiracies, collusion, bribes Misappropriation of assets (travel expenses, payroll, equipment, etc.) 2017, Empower Audit, LLC. 4

5 And what does it cost us? 2017, Empower Audit, LLC. 5

6 5% of REVENUE FRAUD $6.3 BILLION in losses for 2,410 reported cases ACFE 2016 Report to the Nation 2017, Empower Audit, LLC. 6

7 That s a potential for $3.7 TRILLION in losses globally. 5% of REVENUE FRAUD ACFE 2016 Report to the Nation 2017, Empower Audit, LLC. 7

8 Internal audit is uniquely positioned to fight fraud in corporations. 2017, Empower Audit, LLC. 8

9 Why internal audit? 2017, Empower Audit, LLC. 9

10 Because. Frequently, fraud examiners are called in after a fraud is identified or suspected. Auditors are already there 2017, Empower Audit, LLC. 10

11 Because. We know the systems We know the processes We know many of the gaps (= opportunity) We know the players We know the incentive programs (= pressure) We know the culture, environment and tone. And we are already there and LOOKING!!! 2017, Empower Audit, LLC. 11

12 Most audits don t catch existing fraud. Why? 2017, Empower Audit, LLC. 12

13 Because audits are not designed to detect fraud. 2017, Empower Audit, LLC. 13

14 Audits focus on testing controls. Controls designed to prevent or detect errors. <4% of frauds detected with traditional audits. Auditors actively looking for fraud = 16.5% 40% are still discovered through tips. In many fraud cases, controls were found to be working during the most recent audit. What challenges audit in identifying fraud? 2017, Empower Audit, LLC. 14

15 Audit Challenges Management Override Work Arounds Manual Processes Collusion Defining Fraud 2017, Empower Audit, LLC. 15

16 How does your organization define fraud? 2017, Empower Audit, LLC. 16

17 2017, Empower Audit, LLC. 17

18 Collusion Almost 50% of fraud cases involve collusion. What happens when collusion occurs? 2017, Empower Audit, LLC. 18

19 Controls Testing What happens when a control fails? An Action Plan? Then what? How frequently are we discussing the same issues over and over again? 2017, Empower Audit, LLC. 19

20 Cost of Fraud & Abuse Estimated $3.7 trillion globally 5% of revenues annually Organizations without anti-fraud controls lose twice as much Avg. of $150k per instance Collusion losses grow exponentially with each fraudster Losses disproportionately higher in smaller business ACFE 2016 Report to the Nation 2017, Empower Audit, LLC. 20

21 If we could move the needle just ½ of one % (0.5%) We could save $18.5 BILLION globally 2017, Empower Audit, LLC. 21

22 So how do we detect and prevent fraud while conducting an audit? 2017, Empower Audit, LLC. 22

23 The top 10 things internal audit should ensure happen in their organizations to prevent and detect fraud. 2017, Empower Audit, LLC. 23

24 2017, Empower Audit, LLC. 24

25 Learn the Fraud Basics Fraud Triangle Pressure 2017, Empower Audit, LLC. 25

26 Fraud Tree 2017, Empower Audit, LLC. 26

27 How do I learn? Continuing education fraud courses ACFE website, newsletter, magazine information IIA information Books READ! Blogs LinkedIn groups ACFE, IIA, ISACA, SCCE, etc. chapter meetings 2017, Empower Audit, LLC. 27

28 Conduct Fraud Risk Assessments Identify the potential fraud risks most likely to impact your organization. Identify the red flags and transactional attributes likely to be associated with potential fraud. 2017, Empower Audit, LLC. 28

29 Fraud Risk Assessments Culture Industry Systems People Processes Fraud risks are specific to each organization 2017, Empower Audit, LLC. 29

30 Fraud Risk Assessments I need to hit my monthly targets! Incentive / Pressure Fraud Risk Opportunity Nobody reconciles that Attitude / Rationalization Everyone is doing it 2017, Empower Audit, LLC. 30

31 Know Red Flags Payroll example Ghost Employee No Vacation No sick days No payroll corrections No garnishments No 401K contributions No overtime No bonuses No dependents No benefits - health No raises Badge swipes Active Directory 2017, Empower Audit, LLC. 31

32 Red Flags Different frauds have different red flags and different approaches for detection. Learn what you should you be looking for Attributes of the actual fraud? The concealment? The conversion? Or, like a ghost employee.what s missing? 2017, Empower Audit, LLC. 32

33 Reconcile the Cash Simple, right? Bank Accounts Petty Cash Accounts Payable Accounts Receivable Cash vs Check deposits 2017, Empower Audit, LLC. 33

34 Reconcile the Cash Internal Frauds involving cash Cash misappropriation globally Average duration of fraud Because of existing opportunity 60% $2 Trillion 18 Months Opportunity ACFE 2016 Report to the Nation 2017, Empower Audit, LLC. 34

35 Use Data Analytics 2017, Empower Audit, LLC. 35

36 Use Data Analytics Controls have weaknesses that can be exploited Finding fraud manually is about as easy as winning the lottery Automation and continuous fraud auditing Detection = Prevention Expanded coverage 100% verification Quantify impact 2017, Empower Audit, LLC. 36

37 Common Fraud Analytics Match payroll with master HR file Validate payroll Validate temp/consultants Vacation / Overtime Ghost Employees Human Resources / Payroll Accounts Receivables Vendors Customers who are employees Duplicate accounts Lapping Cash vs. Checks Duplicate invoices / payments Purchase fluctuations Sequential Invoices Vendors with same address Purchases under review limit Sales Excessive Returns Low/negative margins Promotions Coupons Credit memos Discounts Shipping Addresses 2017, Empower Audit, LLC. 37

38 Control Vendor Lists Vendor frauds are some of the most common. Fake vendors Changing real vendor information to process fake invoices Control vendor master files. Review and delete old and inactive vendors. Monitor changes to vendor information Addresses Banking info Contact Info 2017, Empower Audit, LLC. 38

39 Understand Fraudsters Characteristics Personality changes Financial pressures Bully - Isolated Hates audits Changes in lifestyle Living beyond means Protective over their work Unusually close with Vendor/Customer Work extraordinary number of hours Ridicules the organization, rule breakers, complainers 2017, Empower Audit, LLC. 39

40 Profile of a Fraudster Always at work - does not take days off, impeccable attendance, no vacation or sick days, most loyal employee Well trusted or in position of power or trust 2017, Empower Audit, LLC. 40

41 Vacation Policies Employees need to take vacations. For mental health reasons AND fraud reasons. Fraudsters commonly do not take vacations. (neither do ghost employees ) 2017, Empower Audit, LLC. 41

42 Do your Homework Be certain of the information, and its implications, before sharing information. Understand the difference between fraud and errors. Get over the fear of teaching someone how to commit fraud. 2017, Empower Audit, LLC. 42

43 Fraud Response Plan Predetermined responsibilities. Who does what? Who is notified? Who is involved? When are others notified? 2017, Empower Audit, LLC. 43

44 Know Your Role. Never overstep your ability or authority. 2017, Empower Audit, LLC. 44

45 Join Me in moving the needle. 2017, Empower Audit, LLC.

46 Questions? 2017, Empower Audit, LLC. 46

47 Contact Info Mary Breslin LinkedIn: Empower Audit Training & Consulting , Empower Audit, LLC. 47

48 Moving the Needle: Fighting Fraud from the Inside Through Audit Mary Breslin, CFE, CIA President Empower Audit Training and Consulting