Information and and training provid v ed by Smith Elliott Elliott Kearns & Compan

Transcription

1 Nuts and Bolts of Avoiding Fraud in Your Organization Information and training provided by Smith Elliott Kearns & Company, LLC as part of this Fraud Avoidance presentation is intended for reference only. As the information is designed solely to provide guidance to the participants, it is not intended to be a substitute for someone seeking personalized professional advice based on specific factual situations. Although Smith Elliott Kearns & Company, LLC has made every reasonable effort to ensure that the information provided is accurate, Smith Elliott Kearns & Company, LLC, and its Members, managers and staff, make no warranties, expressed or implied, on the information provided. The participant accepts the information as is and assumes all responsibility for the use of such information.

2 Smith Elliott Kearns and Co., LLC Craig E. Witmer, CPA, CGFM Kevin B. Stouffer

3

4 A breach of confidence or other covert action designed to illicit personal gain or some other advantage. An act that is usually financial in nature. A situation where an attempt is usually made to hide the act from the victim.

5 According to the Association of Fraud Examiners (ACFE), occupational fraud is the use of one s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization s resources or assets. There are 3 types of occupational fraud: Asset misappropriation. Corruption. Fraudulent statements.

6 The ACFE, in its 2008 Report to the Nation, estimates that U.S. organizations lose approximately 7% of their annual sales revenues to fraud, which could total as much as $994 billion in fraud losses.

7 Statistics from the ACFE s 2008 Report to the Nation (study of 959 occupational fraud cases): Median losses of $175,000. More than ¼ of the cases involved at least $1 million in losses. Occupational fraud schemes frequently continue years before they are detected. Highest losses incurred by manufacturing, banking and insurance industries.

8 Statistics from the ACFE s 2008 Report to the Nation (study of 959 occupational fraud cases): Government industry was the second highest victimized industry. Median losses for small businesses (less than 100 employees) of $200,000 (higher h than in the largest organizations).

9 Statistics from the ACFE s 2008 Report to the Nation (study of 959 occupational fraud cases): Most schemes involved accounting departments (29%) or upper management (18%). Less than 7% of perpetrators had convictions prior to committing a fraud and only 12% had been previously terminated by an employer for fraudrelated conduct. Background checks on employees may not be the most useful tool for preventing fraud.

10

11 Opportunity Pressure Rationalization

12 Personal financial obligations New Cars New House Living beyond your means Unexpected bills Personal habit Strong need to be admired Addictions Adverse relationship with employer Overworked Underpaid Unexpected layoffs No expectations

13 Operating characteristics Large amounts of cash Accessible inventory Rapid Turnover of employees Constant operation under crisis conditions Level of Trust Tenure with company Failure to inform about rules and consequences Lack of Segregation of Duties Internal Control Absence of mandatory vacations problems Failure to consistently enforce standards

14 The company owes me I am only borrowing the money Need to justify behavior Nobody will get hurt Booking early is the norm It s only temporary

15

16 All occupational fraud schemes have 4 common elements: The fraudulent acts are hidden and the perpetrator takes deliberate steps to keep them hidden. The fraudulent act violates the perpetrator s fiduciary duties to the organization. The purpose of the fraudulent act is to provide direct or indirect financial benefit to the perpetrator. There is a real cost (in assets, revenues, or reserves) to the organization.

17 Schemes involving financial statement frauds cost nearly 13 times more than assets misappropriation frauds, and almost 5 times more than corruption frauds. Asset misappropriation is the most common type of occupational fraud, occurring in approximately 90% of the cases studies by the ACFE.

18 Asset misappropriation schemes are any scheme that involves the theft or misuse of an organization s assets. Cash is the most commonly targeted asset.

19 Asset misappropriation schemes can include any of the following (alone or combined): Larceny actual physical theft of property or cash. Skimming theftofaportionofatransactionor a transaction or asset before it enters the accounting system. Fraudulent disbursements alteration of documents to assist in theft of property or cash.

20 The most common frauds in governments involve: Writing fraudulent company checks. Skimming revenues. Processing fraudulent invoices.

21 Writing fraudulent company checks. An employee can forge a check, forge an endorsement, or alter the payee on a company check. Checks can be removed from a deposit and hidden until a later date. For example A customer payment of $100 by check is removed from a bank deposit. Two weeks later, a bank deposit includes $100 in cash. The hidden check is placed into the deposit to replace the $100 cash, which ends up in the employee s pocket.

22 Writing fraudulent company checks. This fraud can be detected by: comparing check and cash totals in deposits. requesting that the Bank deliver statements to an owner s home or other offsite address for independent review. reviewing monthly bank reconciliations for any unusual items and scanning the cancelled checks.

23 Skimming revenues. Sales can be unrecorded or under-recorded. For example An employee makes a sale to a customer for $100 and collects the payment. No record is made of the sale or the payment, and the $100 ends up in the employee s pocket.

24 Skimming revenues. This fraud can be detected by monitoring inventory levels and shrinkage.

25 Processing fraudulent invoices. Expenses can be charged to the company based on fraudulent invoices, which can be for overstated costs or fictitious costs. For example An employee generates an invoice for $100 for goods from a non-existent vendor. The payment address on the invoice is the employee s address, or a post office box or other address over which the employee has control. When a check is cut to pay the invoice, it is cashed (perhaps by forging an endorsement) and the $100 ends up in the employee s pocket.

26 Processing fraudulent invoices. This fraud can be detected by regular review of activity in expense and inventory accounts for irregularities, review of payments to vendors, or trends or anomalies.

27 Payroll. In payroll schemes, an employee causes his or her employer to issue a payment by making false claims of compensation. This can be done through falsifying of hours work or incorrect pay rate.

28 Payroll. This fraud can be detected by: Approval of all timesheets. Review of payroll reports including copies of checks or direct deposit slips. Review of the bank reconciliations including review of cancelled checks.

29 Bid rigging and collusion. This fraud is created by contractors misrepresenting that they are competing against each other when, in fact, they have agreed to cooperate on the winning bid to increase job profitability.

30 Bid rigging and collusion. This fraud can be detected by: Rotation of winning bidders by job, type of work or geographical g area. Noting unusual bid patterns: too close, too high, round numbers or winning margins. Losing bids do not comply with bid specifications or only one bid is complete and others are poorly prepared. Losing bidders are hired as subcontractors.

31 Kickbacks or unlawful pay to play. In kickback schemes, a contractor or subcontractor misrepresents the cost of performing work by secretly ypaying a fee for being awarded the contract, therefore inflating the job cost to the government.

32 Kickbacks or unlawful pay to play. This fraud can be detected by: Continuing awards to subcontractors with poor performance records. Poor or no established contractor procedures for awarding of subcontractors through competition. Lack of separation of duties between purchasing, receiving, and storing.

33 Bribery. Bribery occurs when a contractor misrepresents the cost of performing work by compensating a public official for permitting contract overcharges to increase contractor profit.

34 Bribery. This fraud can be detected by: A public official or employee has a lifestyle that exceeds his or her salary. Oversight officials socialize with, or have business relationships with contractors and/or their families. A contract change order lacks sufficient justification.

35 Conflicts of interest. In fraud involving conflict of interest, a public official misrepresents that he or she is impartial in business decisions when he or she has an undisclosed financial interest in a contractor or consultant.

36 Conflicts of interest. This fraud can be detected by: Unexplained or unusual favoritism shown to a particular contractor or consultant. A public official disclosing confidential bid information to a contractor or assisting the contractor in preparing the bid. A close socialization with and acceptance of inappropriate gifts or entertainment from a contractor or the ability to purchase such items at below fair market value.

37 Time Overcharging. In a time overcharging scheme, a consultant or contractor misrepresents the distribution of employee labor on jobs to charge for more work hours, or higher overhead rate to increase profit.

38 Time Overcharging. This fraud can be detected by: Unauthorized alterations to timecards and other source records. Frequent payroll adjustment entries with descriptions such as charged wrong account. Personnel files cannot be found or are found after a delay. Photocopies of timecards are submitted where originals are expected.

39

40 Wheeler/Dealer Dominating Personality Living i Beyond Means Poor Money Management Close Customer/ Vendor Relationships Unusual or Change in Personality (alcohol, drugs, sleep, irritable, defensive, argumentative) Too Good to Be True Performance Excessive Overtime Dissatisfied Worker Unable to Relax No Vacations or Sick Time

41 No Communication of Expectations Too Much Trust in Key Employees Lack of Proper Authorization Procedures Lack of Attention to Detail Changes in Organizational Structure Tendency Toward Crisis Management

42 Missing Documents Unusual Billing Addresses or Arrangements Alteration of Documents Address of Employee Same as Vendor Excessive Number of Voided Documents Duplicate or Home Made Photocopied Invoices Documents Not Numerically Controlled Questionable Handwriting or Authorization

43 Lack of Separation of Duties Missing i Independent d Checks on Performance Lack of Physical Security and/or Key Control Weak Links in Chain of Controls and Accountability Lax Management Style Poor System Design Inadequate Training

44 The importance of Internal Controls

45 A system of rules, which, in their aggregate, minimize the likelihood of fraud occurring while maximizing the possibility of detecting any fraudulent activity that may transpire ACFE Fraud Examination Manual

46 Step 1 Review the organization level components of internal control and identify weak or nonexistent controls Step 2 Identify assets (and related transactions) susceptible to misappropriation Step 3 Review the organization s systems and procedures relating to vulnerable areas and identify weak or missing systems and procedures Step 4 Develop controls to reduce the risk of misappropriation in the vulnerable areas Step 5 Consider the cost/benefit relationship of the controls developed

47 Many don t prosecute Reason for Declining to Prosecute Fear of Bad Publicity Internal Discipline Sufficient Private Settlement Too Costly Lack of Evidence Civil Suit Perp Disappeared 0.8% 5.8% 13.1% 21.5% 33.1% 30.4% 43.8% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% Percent of Cases

48 Low success rate Recovery of Losses in Fraud Cases No Recovery 42.1% 1-25% 23.4% 26-50% 51-75% 76-99% 6.8% 60% 6.0% 5.3% 100% 16.4% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% Percent of Cases

49 According to COSO (Committee of Sponsoring Organizations of the Treadway Commission) internal control is a process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of specified objectives. Effectiveness and efficiency of operations Ensure reliable financial i reporting Comply with laws and regulations

50 Key concepts: Internal control is a process. It is a means to an end, not an end in itself. Internal control is effected by people, not just policy manuals and forms. Internal control can be expected to provide only reasonable assurance, not absolute assurance. a

51 Control Activities Risk Assessment Communication Control Environment Internal Control Monitoring

52 Culture of honesty and integrity Create a positive workplace environment Code of conduct and code of ethics Training Fraud hot line Discipline Hiring techniques

53 A fraud risk assessment is a critical and essential component in the entities evaluation. It must consider ways that fraud and misconduct can occur against the entity by employees, vendors and/or customers. Identify Fraud Risks Estimate the significance of the risk Assess the likelihood of the risk occurring Mitigation = Internal Controls

54 Polices and procedures that ensure management directives are carried out Top-level reviews Operating performance indicators/reviews Reconciliations Security of assets Segregation of duties

55 Segregation of duties limiting the involvement that one person has in a process. For example - separate the duties of approving invoices for payment, entering invoices in the system, issuing checks, signing checks, and reconciling the bank statement. Physical restrictions limiting access to assets, processes, and data. For example - limit access to the network computer to those who need it.

56 Authorization procedures requiring authorization for specific transactions. For example - require supervisory approval of employee time cards or departmental approval of expense invoices.

57 Communication Communicate the importance of internal controls and ethical behavior Code of Conduct Policy Manuals Monitoring procedures regular checks. For example - perform periodic inventory counts, cash checks or documentation reviews.

58 Lack of Internal Controls Lack of Management Review Overide of Existing Controls Poor Tone at the Top Lack of Competent Oversight Lack of independent checks/audits Lack of Clear Lines of Authority lack of Employee Fraud Education Lack of Reporting Mechanism 86% 8.6% 7.2% 5.5% 1.3% 1.3% 02% 0.2% 17.4% 17.4% 35.2% 0.0% 10.0% 20.0% 30.0% 40.0% Percent of Cases

59 Initial Detection of Fraud Tip 50.3% Internal Audit Internal controls By Accident 26.8% 19.7% 16.6% 6% External Audit Notification by Police 51% 5.1% 9.6% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% Percent of Cases

60 Frequency of Anti-Fraud Measures External Audit of F/S Code of Conduct Ind Audit Committee Hotline Mgmt Review of IC Fraud Training Anti-Fraud Policy Surprise Audits Job Rotation/Mandatory Rewards for Whistleblowers 12.3% 5.4% 69.6% 61.5% 49.9% 9% 43.5% 41.4% 38.6% 36.2% 25.5% 0.0% 20.0% 40.0% 60.0% 80.0% Percent of Cases

61

62 Have a code of conduct Have employees sign it Do a fraud risk assessment for all programs Update department specific internal controls for any changes in programs or organization i Document that all staff that have anything to do with finances of the department are properly trained If possible, have segregation of duties and cross-training

63 Review reconciliations, including bank reconciliations, and transactions for unusual items, corrections, and overrides or duplications Make sure that vendors and sub-recipients know the program is in place and monitor them for compliance Perform background checks on new employees and random checks on existing employees consider criminal i as well as credit checks

64 Spot check timesheets to match computer records of activity. Buy goods and services only when needed Have dual signatures on checks Work with banks to limit ACH transactions to particular accounts

65 Ensure that you have done everything possible within your organization to prevent fraud from happening.

66 Recovery Accountability and Transparency Board Committee of Sponsoring Organizations (COSO) of the Treadway Commission Private sector organization sponsored by five major professional associations to improve the quality of financial reporting. org

67 American Institute of Certified Public Accountants Provides resources and training for all CPAs and distributes information about fraud. See the fraud prevention tools in SAS Association of Certified Fraud Examiners Provides fraud information and articles provides access to fraud prevention resources.

68