Protecting Your Agency from Fraud webinar

Transcription

1 Protecting Your Agency from Fraud webinar 10:00 11:30 a.m. Pacific Time, Wednesday, September 7, 2016 CSMFO Coaching Program Advance registration required for this no-charge webinar: Webinar topics: 1. What are the primary fraud risks for local government agencies? 2. How can you boost your agency s fraud deterrence culture? 3. What tools and techniques can help you detect red flags of fraud? 4. What can real-life examples do to help you and your organization be alert and avoid the headlines? Presenters: * Gina St. George, Senior Manager, Moss-Adams, LLP * Ruthe Holden, CPA, CIA, CISA Internal Audit Manager, Pasadena, CA Audience: local government finance professionals and risk managers Get connected with these steps. 1. Register in advance for the webinar: There is no charge for participating in the webinars, but each requires advance registration. *** Advance registration required for this no-charge webinar: Be sure to "white list" or "allow" s from customercare@gotowebinar.com to receive notices for this webinar. 2. Connect with the webinar and audio: Use your logon information from the confirmation you receive via from GoToWebinar. We recommend the telephone option dial-in number provided by GoToWebinar for sound quality. Depending upon your internet connection, VOIP option for audio (computer speakers) can have delays or sound quality issues. 3. Ask questions: You may submit questions anonymously via to CSMFO@DonMaruska.com in advance or via the webinar during the panel discussion. As moderator for the session, Don Maruska will pose the questions.

2 4. Presenters presentation materials: We post these with the agenda at Agendas & Archives tab of The PPT will be available 24 hours before the webinar. After a webinar occurs, a digital recording along with the PowerPoint materials and results of the polling questions will be available after 24 hours at the "Agendas & Archives" tab of CPE Credits: If you are a member of CSMFO and wish to obtain CPE credit, you need to register and attend in your name, respond to at least 75% of the live polling questions, and pay $25 to CSMFO after notice from CSMFO following the webinar. After payment, CSMFO s the CPE certificate as a PDF. Post-Webinar Group Discussions Many agencies are organizing groups to participate in the webinars (live or recorded) and discuss the topics among themselves after the webinars. Some are summarizing their discussions and distributing them to managers throughout their organizations. Use the CSMFO Coaching Program as an effective way to enhance professional development in your agency. Here are some discussion starters for this session: Post-webinar discussion questions: a. What s our agency s experience been with fraud? b. Where are we most at risk today? c. What steps do we want to take to better safeguard our agency from fraud? MORE RESOURCES--See the "Coaching Corner" at for valuable resources to boost your career. These include a Financial Management Skills Inventory, Resource Matrix, Coaches Gallery of 24 volunteer CSMFO Coaches willing to help you on a one-to-one basis, and an archive of digital recordings and materials from past webinars at Enjoy the resources to help you succeed in local government finance. Don Maruska, MBA, JD, Master Certified Coach Director, CSMFO Coaching Program; CSMFO@donmaruska.com Author How Great Decisions Get Made and Take Charge of Your Talent

3 Gina St. George, CPA, CFE, Senior Manager, Moss-Adams, LLP Gina is a Certified Fraud Examiner and Certified Public Accountant who started her public accounting career in In addition to auditing, her services include forensic accounting and fraud investigation, control system improvement, and operational assessment projects. Specialty areas include compliance with federal regulations and assessing accounting operations and providing recommendations for improvement. Fraud investigation experience includes detecting schemes related to disbursements, revenue, fraudulent asset transfers, and contract compliance. Activities include quantifying the financial loss to the client through detail testing of transactions using both manual and automated techniques; interviews with the suspect(s), witnesses, and the victim(s); personal computer data mining, and obtaining evidence from outside parties. Gina also has experience working with law enforcement including conducting evidences searches of suspect s office. Finally, her experience includes working with the client s attorney in analyzing evidence and providing accounting expertise. Gina is a Certified Fraud Examiner and Certified Public Accountant and a member of the Association of Certified Fraud Examiners, American Institute of Certified Public Accountants, and Institute of Internal Auditors. Ruthe Holden, CPA, CIA, CISA, CGAP, CRMA Internal Audit Manager, Pasadena, CA Ruthe Holden, is the Internal Audit Manager for the City of Pasadena since November 2015, prior to that she was the Chief Auditor for Los Angeles County Metropolitan Transportation Authority. She has over 30 years of experience in Federal and Local government with 23 years' experience in Internal Audit. She has conducted operational, financial, information technology, contract, and regulatory compliance audits. As an auditor in the Federal government, Ruthe was assigned to the Defective Pricing Audit team, which served as an introduction to fraud auditing. As an auditor at Los Angeles County Metropolitan Transportation Authority, she found a kickback scheme between a contractor and one of the agency's employees during a routine audit. Ruthe is currently the Chair of the Regional Conference Committee which reports to the North American Board of the Institute of Internal Auditor's (IIA). She has also been Chair of the American Public Transportation Association's Committee of Audit Professionals,

4 Chair of the IIA's 2012 Southern California District Educational Conference and co-chair of the IIA's 2010 Western Regional Conference. She is currently a member of the Association of Local Government Auditors, the Institute of Internal Auditors and the Association of Certified Fraud Examiners.

5 Protecting Your Agency from Fraud Coaching Program September 7, 2016

6 Coaching Program: 18 th year as member benefit Career Development Committee 2

7 Overview of Session Topics: 1. What are the primary fraud risks for local government agencies? 2. How can you boost your agency s fraud deterrence culture? 3. What tools and techniques can help you detect red flags of fraud? 4. What can real-life examples do to help you and your organization be alert and avoid the headlines? Presenters: * Gina St. George, CPA, CFE, Senior Manager, Moss-Adams, LLP * Ruthe Holden, CPA, CIA, CISA Internal Audit Manager, Pasadena, CA Moderator: * Don Maruska, Director, CSMFO Coaching Program 3

8 Polling Question #1 How many persons are participating at your location? 4

9 Protecting Your Agency From Fraud Presented by Gina St. George, CPA CFE September 7,

10 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including, without limitation, legal, accounting, or investment advice. This information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant-client relationship. Although this information may have been prepared by professionals, it should not be used as a substitute for professional services. If legal, accounting, investment, or other professional advice is required, the services of a professional should be sought. 6

11 OBJECTIVES 1) Raise your awareness of fraud risks specific to governmental agencies 2) Improve your agency s fraud deterrence culture 3) Introduce tools and techniques to detect red flags of fraud 4) Discuss your role as a fraud fighter 7

12 WHY UNDERSTAND FRAUD? Why is it important that we consider/understand fraud? o Security experts estimate that as many as 30% of all employees steal, and that another 60% will steal if given sufficient motive and opportunity. According to these estimates, only 10% of employees will not steal under any circumstances. 8 8

13 9

14 THE COST OF OCCUPATIONAL FRAUD The typical organization loses an estimated 5% of its annual revenues to occupational fraud. 10

15 IMPACT OF FRAUD ON AGENCIES 11

16 2016 GLOBAL FRAUD STUDY 58% of victim organizations had not recovered any of their losses due to fraud and only 12% had made a full recovery 12 12

17 FRAUD AS DEFINED FOR THIS PRESENTATION Occupational fraud: An employee abuses the trust placed in him or her by an employer for personal gain

18 FRAUD DETECTION Red Flag = potential for a particular fraud scheme Does not mean fraud has occurred Categories: Internal Control Transactional Data Documentation 14

19 FRAUD DETECTION Transactional Data Red Flags vdoes not mean fraud has occurred Invoice numbers for a vendor are sequential across several months/years Checks cut on a weekend or sequential to same vendor Benford analysis results 15

20 FRAUD DETECTION Documentation Red Flags vdoes not mean fraud has occurred Name on physical check does not match electronic check register Format and style of invoice changes Missing invoice to support vendor payment 16

21 FRAUDSTER PROFILING The act of suspecting a person on the basis of observed characteristics or behavior. Characteristics Behaviors Living Beyond Means Financial Difficulties Control Issues Divorce/Family Problems Defensive or irritable Victim mentality Addiction problems Complains about pay Refuse to take vacation No one is trained to take over duties while away 17 17

22 FRAUD PREVENTION The most cost-effective way to limit fraud losses is to prevent fraud from occurring. o Know what the fraudster wants o Understand the access points o Put controls in place o Make sure controls are working Limit fraud losses by looking for financial, nonfinancial, and behavioral red flags 18 18

23 Polling Question #2 Has your agency experienced a fraud in the past two years? 19

24 Fraud in Government 20

25 ACFE 2016 FRAUD REPORT HIGHLIGHTS Top Schemes in Government [pg. 36 & 90 glossary of terms] Concealment Methods [pg. 19] Trends in Anti-Fraud Controls [pg. 40] Initial Detection [pg. 21] Reason not Referred [pg. 76] Recovery of Losses [pg. 77] Fraud Prevention Checklist [pg. 88]

26 GOVERNMENT AND PUBLIC ADMINISTRATION 2016 Study Top Fraud Schemes 45.0% 40.0% 35.0% 30.0% 25.0% 20.0% 15.0% 10.0% 5.0% 0.0% 38.4% 25.3% 15.7% 14.8% 14.0% 13.5% 10.5% 9.2% 22

27 FRAUD CATEGORIES Corruption Asset Misappropriation Fraudulent Statements An act done with an intent to give some advantage inconsistent with the official duty and the rights of others

28 CORRUPTION Wrongfully use influence in a business transaction for the purpose of obtaining a benefit for himself or another person Conflicts of interest Illegal gratuities Bribery 24 24

29 FRAUD CATEGORIES Corruption Asset Misappropriation Fraudulent Statements Intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial statement users

30 FRAUD CATEGORIES Corruption Asset Misappropriation Fraudulent Statements Theft of an entity s assets. The most common type of fraud some studies say 90 percent of all occupational fraud committed

31 BILLING SCHEMES An employee submits or alters an invoice which causes his/her employer to willingly issue a check. How Perpetrated q q q q Employee submits false invoice via shell company or employee-owned business. Employees with invoice approval authorization and can self-approve false ones Collusion between employees with segregated duties can circumvent good internal controls Personal purchases paid with agency funds 27 27

32 EXPENSE REIMBURSEMENTS An employee manipulates or falsifies expense reports to generate fraudulent disbursements from the company. How Perpetrated q q q q Mischaracterized personal expenses as agency related expenses Overstating the cost of actual agency expense by altering receipt Creating fictitious purchases (can involve using created receipts or completing blank receipts obtained from vendors) Submitting a single, legitimate expense several times to receive multiple reimbursements 28 28

33 EXPENSE REIMBURSEMENTS 29 29

34 NON-CASH Supplies, inventory, computers Assets used to support personal business Assets converted into cash Red Flag Indicators High level of reported thefts High level of reported damage Assets cannot be located 30

35 SKIMMING Removing cash from a victim agency before its entry into the accounting system. This type of fraud is off-the-book. Skimming schemes are usually over incoming revenue. How Perpetrated Can occur at any point where cash enter a business; q Anyone who deals with the process of receiving cash or checks is in a position to skim money (cashiers, receivable clerks, etc.). q Employee accepts a payment, makes no record of the transaction, then pockets the money q Employee understates amount of sale, then pockets the difference q Employee collects full amount of sale, then rings up as discounted item, or applies a discount to purchase price 31 31

36 PAYROLL SCHEMES Ghost employee Falsified wage and hour documents o Number of hours worked o Inflated pay rate o Paid time off manipulated o Overtime abuses 32

37 CHECK TAMPERING An employee either prepares a fraudulent check for his/her own benefit, or intercepts a check intended for a third party and converts the check for his/her own benefit. How Perpetrated q q q q q Forged maker An employee accesses an agency check and forges the signature of an authorized maker. Forged endorsement An employee intercepts an agency check intended for a third party and converts the check by signing third party s name as endorser. Altered payee The payee on an intercepted check is altered Concealed check An employee prepares a check made out to himself/herself and conceals within stack of legitimate checks awaiting signatures. The checks are given to the authorized signer during a particularly busy time of day. Authorized maker An employee signature authority on an agency account writes fraudulent checks for his/her own benefit

38 Polling Question #3 What is the top fraud scheme in government according to the ACFE report? 34

39 THEODORE ROOSEVELT A man who has never gone to school may steal from a freight car; but if he has a university education, he may steal the whole railroad

40 EDUCATION OF PERPETRATOR Position Frequency Medium Loss University Degree 47.3% $200,000 High School Grad or less 22.5% $90,000 Some College 16.5% $120,000 Post Degree 13.2% $300,

41 POSITION OF PERPETRATOR Position Frequency Medium Loss Accounting 16.6% $197,000 Top Scheme Check Tampering & Billing Operations 14.9% $105,000 Corruption Sales 12.4% $100,000 Corruption Upper Mgmt 10.9% $850,000 Corruption 37 37

42 WHAT CAUSES PEOPLE TO COMMIT FRAUD? Capability Technical skills to take advantage of opportunity Intelligence to exploit control weaknesses Ability to deal with the stress Organizational positioning Deception skills to lie to the board, auditors, and others and maintain that lie over time 38 38

43 DETECTION METHOD BY REGION Top Detection Method is a tip from employees or outside parties 39 39

44 Other cases in the news 40

45 U.S. GOVERNMENT FRAUD CASE Gas Theft: Federal employees use government vehicle gas cards to buy fuel for personal cars. Caught because software program can track the fuel transaction to the car, the card that s used, and the size of the fuel tank. o Federal government has a fleet of around 200,000 vehicles o In the last five years, identified more than $2M in fraudulent gas card purchases. 41

46 U.S. GOVERNMENT FRAUD CASE Credit Card Fraud: A DEA employee stole $113,000 using fraudulently issued government credit cards. (Employee was responsible for the approval and issuance of cards). 42

47 U.S. GOVERNMENT FRAUD CASES Identity Theft: An employee of the Social Security Administration assisted a criminal ring in a $5M income tax fraud scheme. The employee was recruited to improperly access a SSA computer database to steal identities. 43

48 ARE INTERNAL CONTROLS THE ONLY ANSWER? Judgment Breakdowns Management Override Collusion 44

49 MANAGEMENT RESPONSIBILITIES Protect employees by establishing policies and procedures to prevent fraud from going undetected. Ensure employees are trained on proper segregation of duties. Monitor financial activity and understand it so you can identify irregularities. Trust your employees and co-workers to a point. Monitor employees for behavioral red flags Communicate concerns to internal and external audit 45 45

50 FRAUD PREVENTION CHECKLIST 1. Is ongoing anti-fraud training provided to all employees of the organization? 2. Is an effective fraud reporting mechanism in place? 3. What message is currently sent to employees to prevent fraud? 2012 Association of Certified Fraud Examiners, Inc

51 FRAUD PREVENTION CHECKLIST 4. Is the management climate/tone at the top one of honesty and integrity? 5. Are fraud risk assessments performed to proactively identify and mitigate the company s vulnerabilities to internal and external fraud? 2012 Association of Certified Fraud Examiners, Inc

52 FRAUD PREVENTION CHECKLIST 6. Are strong anti-fraud controls in place and operating effectively, including the following? Proper separation of duties Use of authorizations Physical safeguards Job rotations Mandatory vacations 2012 Association of Certified Fraud Examiners, Inc

53 FRAUD FIGHTING FRAUD FRAUD FIGHTING FUNDAMENTALS 1. Fraud Deterrence Culture 2. Proactive Monitoring 3. Reactive Fraud Prevention Policies Communication Fraud Risk Assessment Fraud Controls Monitoring Fraud Response Plan Background checks Code of Ethics Proper delegation of authority Training and guidance Tone from the top Employment contracts Code of Ethics confirmations Whistleblower channels Strategic initiatives and plans Management s ongoing assessment of fraud risks Internal audit risk assessment Prioritization of risks and control improvements Controls designed to prevent and detect risk Centralized processes and controls Incident reporting Top level risk monitoring Escalation and investigation Discipline and compliance enforcement Control remediation practices 49 49

54 NEXT STEPS Apply what you have learned in your fight against fraud Strengthen fraud fighting skills with the additional resources Choose to make a change in your fight against fraud 50

55 Polling Question #4 What is the top method of occupational fraud detection according to the ACFE report? 51

56 QUESTIONS? Gina St. George, CPA CFE Moss Adams LLP Session downloadable resources (see Agenda) Fraud report and risk assessment from the ACFE Educational videos on fraudster profiling Article on Fraud and Ethics AICPA/ACFE/IIA joint venture on fraud guidance 52 52

57 City Manager s Office, Internal Audit PROTECTING YOUR AGENCY FROM FRAUD Presented by Ruthe Holden, CPA, CIA, CISA September 7, 2016

58 OBJECTIVES City Manager s Office, Internal Audit 1. Provide an understanding of an effective fraud mitigation program 2. Provide some examples and tools to build a fraud mitigation program 54

59 Trust is Not an Internal Control! City Manager s Office, Internal Audit Trust without verifying can be very expensive to an agency especially if it s invested in the wrong person! 55

60 What Can You Do? City Manager s Office, Internal Audit Build an effective fraud mitigation program > Focus on Prevention AND Detection > Align policies, programs, & processes with COSO Internal Control Cube Effective monitoring mitigates surprises 56

61 Risk Mitigation Program Overview City Manager s Office, Internal Audit Prevention Fraud Deterrence COSO focused agency 3 Lines of Defense Data Analytics Tip (39.1%) Detection Internal Audit (16.5%) Management Review (13.4%) * Source: ACFE 2016 Report to the Nations 57

62 FRAUD DETERRENCE City Manager s Office, Internal Audit Create a fraud unfriendly environment (4Cs) > Consistent, Clear, Constant Communication Fear of Consequences (Tone at the Top) > Walk Your Talk > Protocol for enforcing accountability 58

63 FRAUD DETERRENCE City Manager s Office, Internal Audit Anti-Fraud Techniques > Vehicle to communicate fraud (hotline) > Meaningful written code of conduct & fraud policy > Employee onboarding & periodic training > Monitoring 3rd party agreements > Continuous Assessment of governance, risks and controls processes (IIA IPPF Standards 2110) 59

64 COSO FOCUSED AGENCY City Manager s Office, Internal Audit Committee of Sponsoring Organizations of the Treadway Commission 60

65 BALANCE CONTROLS TO RISK City Manager s Office, Internal Audit RISK APPETITE RISKS CONTROLS Designing risk management without defining risk appetite is like designing a bridge without knowing which river it needs to span. EY 61

66 Effective Lines of Defense City Manager s Office, Internal Audit 1 st Line of Defense (owns & manages risks) Management Monitoring Internal Control Activities Involved in day to day management Apply internal controls and risk responses 2nd Line of Defense (oversees risks) Financial Control Security Risk Management Quality Inspection Compliance HR Monitors adherence to GRC Framework 3rd Line of Defense (independent assurance) Internal Audit Independent Monitoring function Provides oversight, independent testing, verification & review of: GRC Framework Management of Risk Compliance with Internal/External requirements Internal Control Failures, Fraud, Waste, Abuse, Regulatory Noncompliance, Other Bad Stuff External Auditors Regulators 62

67 DATA ANALYTICS City Manager s Office, Internal Audit Doing more with less Most widely used > Access, ACL, Active Data (Excel add in), Excel, IDEA Continuous monitoring of high risk areas Useful tool in assessing risk 63

68 FRAUD DETECTION City Manager s Office, Internal Audit See something, say something > Train employees to be front line defenders > Training, training and more training Ethics & Code of Conduct Training Fraud Red Flags & Fraud Policy Training Whistleblower Protections How to Report Fraud Verify Management Reviews are happening > Audit the Oversight Perform Periodic Fraud Risk Assessments > Understand agency s risks & weaknesses 64

69 References City Manager s Office, Internal Audit COSO Committee of Sponsoring Organizations > IIA IPPF 2110 Standards for Assessing Governance, Risk & Controls > Assessing Organizational Governance in the Public Sector (members only) > %20the%20Public%20Sector.pdf The 3 Lines of Defense in Effective Risk Management > fective%20risk%20management%20and%20control.pdf Leveraging COSO Across the 3 Lines of Defense > Association of Local Government Auditors (ALGA) > 65

70 QUESTIONS City Manager s Office, Internal Audit QUESTIONS? Ruthe Holden, CPA, CIA, CISA City of Pasadena rholden@cityofpasadena.net 66

71 Polling Question #5 Which of these suggested fraud deterrence and fraud detection actions has your agency taken? 67

72 Post-Webinar Discussion Questions a. What s our agency s experience been with fraud? b. Where are we most at risk today? c. What steps do we want to take to better safeguard our agency from fraud? 68

73 Contacts for today s webinar Presenters: * Gina St. George, CPA, CFE, Senior Manager, Moss-Adams, LLP Gina.StGeorge@mossadams.com * Ruthe Holden, CPA, CIA, CISA Internal Audit Manager, Pasadena, CA rholden@cityofpasadena.net Moderator: * Don Maruska, Director, CSMFO Coaching Program CSMFO@donmaruska.com 69

74 Polling Question #6 How was the webinar of value for you and your agency? 70

75 Resources and Feedback A digital audio recording of the session and an Agenda packet with PDF of the PPT with polling results and other materials will become available in ~ 24 hours at the Agendas & Archives tab of Other coaching resources, including volunteer one-to-one coaches are available at Please complete the follow up survey, including suggested topics for 2016 webinars. 71

76 Upcoming Webinar Critical Skills for a Finance Director 2-3:30 p.m., Wednesday, October 19 Register now: or go to 72

77 Supplement to CSFMO Presentation September 7, 2016 ACFE Fraud Prevention Check-up (Free download) ACFE Report to the Nations on Occupational Fraud and Abuse (Free download) Managing the Business Risk of Fraud (Free resource guide) ACFE Fraud's Hidden Cost to You and Your Organization (Free download to members) Training materials for you and your organization o Customizable PowerPoint o Video o Resource book How people rationalize fraud Ted-Ed (You Tube) How to spot a liar Ted-Ed (You Tube) Gina St. George, CPA CFE Moss Adams LLP gina.stgeorge@mossadams.com