Auditing for Fraud. Planning & Approaches

Similar documents
Auditing for Fraud. Planning & Approaches

Eric Kinsherf, CPA MMAAA Conference June 12, 2018

Fraud Risk Management

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

Fraud Prevention Training

FRAUD AWARENESS UPDATE

2/20/15. Trevor Stewart, CPA Director of Business Services Source documentation includes CCIA and FCMAT

Anti-Fraud Programs and Control Policy

STUDY UNIT TEN INTERNAL AUDIT RESPONSIBILITIES FOR FRAUD

Moving the Needle: Fighting Fraud from the Inside Through Audit. Mary Breslin, CFE, CIA President Empower Audit Training and Consulting

Virginia Association of School Business Officers Getting Reacquainted with Internal Controls Presented by John S. Aldridge, CPA

Can You Spot Fraudsters?

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

OVERVIEW. Common Personality Traits of Fraudsters. Common Sources of Pressure. Changes in Behavior

MANAGING FRAUD RISK. Teresa D. Thamer, CPA, CFE Brenau University

Fraud Awareness Jennifer Murtha Clara Ewing

What Are Your Auditors Doing? Presented by Carrie Kennedy, Partner Travis Smith, Partner Moss Adams LLP

Internal Controls for Deans, Directors and Chairs

Laurie Beets. PDG 27 th National College & University Bursars & SFS Conference

Fraud in the Insurance Industry How it Can Impact Your Agency

Fraud Prevention, Detection, and Internal Controls

My experiences with Employee Fraud

Accounting 408 Exam 2, Chapters 3, 4, 5, 6, E, F

Karen L. Mosteller, CPA, CHBC

Fraud and the Small Business Owner

Effective implementation of COSO s new anti-fraud guidance

Fraud incident handling management. Meeting the challenges of fraud

Consideration of Fraud in a Financial Statement Audit (Redrafted) *

Internal Control 2015 Training

September 25-27, 2005 Baltimore Marriott Waterfront Baltimore, MD. WorldCom: What Went Wrong and Governance Lessons Learned

Community College Audit and Compliance Workshop. VAVRINEK, TRINE, DAY & CO., LLP April 15, 2014

Fraud Prevention and Detection Michael Schulstad, CPA/CFF/CGMA/FBI (ret)

Internal Controls. Presented by: Mark Payne, CPA Partner Rae Kerr, CPA Senior Manager. March 5, 2014

Internal Controls. They Are Everyone s Business. Valdosta State University Office of Internal Audits June 2016

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

Global Expectations for Addressing Fraud Risk and the Investigative Process

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Understanding Internal Controls Office of Internal Audit

Presented by Ed Williamson and Erica Bailey

CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM

Protecting your private business from fraud

Internal Controls & Ethics

Creating a Fraud Risk Assessment and Implementing a Continuous Monitoring Program. Christopher DiLorenzo, CFE, CPA, CIA, CRMA

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

Fraud and the Internal Audit role Course Outline

OUTSMART FRAUD. Strategic Internal Controls to Prevent Business Fraud

STANDING ADVISORY GROUP MEETING

Fraud in Today s Economic Environment

OCCUPATIONAL FRAUD IN GOVERNMENT AND STEPS TO PREVENT AND DETECT IT

VERSION #1 WRITE ON YOUR SCANTRON!!!

Fraud Prevention and Detection for IT Professionals

Annual Audit and Other Financial Matters

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

What Happens When Internal Controls Fail

How to Prevent Financial Fraud at Your Church VONNA LAUE

WHISTLEBLOWER POLICY Whistleblower Policy and Procedures (the Policy ) of Canadian Solar Inc. and its Subsidiary Entities.

1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting.

Name: Chapter 12 Revenue- and Inventory-Related Financial Statement Frauds MULTIPLE CHOICE

Fraud Detection and Prevention

Who Owns Fraud Uniting Corporate Executives to Manage Your Anti-Fraud Program

13-A. Fraud Phase II Issues Paper

Road to Self Governance

Sarbanes-Oxley 404(a) Efficient, Effective Consulting Solutions

Internal Controls: Need Them, Have Them, Love Them

Week 3: Fraud, Procure to Pay Process Controls

Consideration of Fraud in a Financial Statement Audit

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Internal Control Program

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Fraud Risk in Difficult Economic Times - questions for directors to ask

Fraud Risk Management

Alyssa G. Martin, CPA Brandon Tanous, CIA, Using the COSO CFE, CGAP, CRMA Framework to Develop a Strong and Preventive Control Environment

Common Frauds Found in Not-for- Profit Organizations

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

Guide to Internal Controls

Internal Control in Higher Education

Bearing the Bad News Reporting to the Board on Internal Corruption. Peter Dent, National Leader Deloitte Forensics September 11, 2013

Information and and training provid v ed by Smith Elliott Elliott Kearns & Compan

Fraud Prevention: How to Identify and Protect Your Higher Ed Institution

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Fraud prevention, detection and investigation

Going on the Offensive: Blocking and Tackling to Minimize Fraud

38 Years of Excellent Client Service New COSO Model and How Internal Controls Help to Reduce Opportunity for Fraud

Waheed Alkahtani, CFE and CCEP-I March, 2017 Copyright 2016, Saudi Aramco. All rights reserved.

Internal Control Awareness: Tips for Improving Business Practices

Agenda 11/26/13. Updated COSO Framework

A Discussion About Internal Controls February 2016

Implementation Tool for Auditors

Module 1: Safeguarding District Resources: Roles & Responsibilities

Fraud Prevention, Detection and Control. Elizabeth Coles, CPA Aldrich CPAs + Advisors LLP

SELF ASSESSMENT OF BUSINESS OBJECTIVES. Kelly Dorin CPA, CA, CIA, CFE, CCSA, CRMA

August 2010 Guidelines for Managing the Risk of Fraud in Government.

Chapter 4. Risk Assessment. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin

Entity level controls Design/implementation 530 Page 1 of 9

Innovation and Internal Controls

Seminar Internal Control Identification and Filtering

Internal Controls: The Case of the Howard Street Jewelers

Transcription:

Auditing for Fraud Planning & Approaches

Today s Agenda Introductions What is Fraud? Internal audit and fraud Managing Fraud as an organization 2

Today s Agenda Introductions 3

Clark Schaefer Consulting? Public accounting industry based consultancy headquartered in Cincinnati, Ohio Clients range from Fortune 100 to large private companies Specializing in project work that is centered around three core competencies: Accounting & Finance Control/Risk (i.e. Internal Audit/IT Audit) Technology (i.e. Systems Changes/IT Security) 4

Introductions Donald Dickhaus, CPA, CISA Director: Accounting/Finance, Internal Audit Service Lines Oversight of accounting/internal audit projects Responsible for regulatory service methodology Adam Treinen Client Development Manager Manages client relationships across all projects Works with operations to identify methodology to address client issues.

Today s Agenda What is Fraud? 6

What do you think of when you think of fraud?

Definition of Fraud fraud noun \ˈfroḋ\ : the crime of using dishonest methods to take something valuable from another person : deliberate deception to secure unfair or unlawful gain : a copy of something that is meant to look like the real thing in order to trick people 2015 Merriam-Webster, Incorporated

Why does fraud occur? Opportunity Fraud Triangle Pressure Rationalization 2015 American Institute of CPAs - All Rights Reserved, Why Employees Commit Fraud

Opportunity Element that companies have the most control over Improper segregation of duties Lack of/weak internal controls Too much trust Poor tone at the top Flexible, uncontrolled management override Copyright 2015, Association of Government Accountants

Pressure Internal Meeting shareholder expectations Too much work Consequences of poor performance External Personal financial problems Lifestyle needs Illicit activities Copyright 2015, Association of Government Accountants

Rationalization Hostility toward employer Unfair wages Following along with everyone else Intending to pay it back Belief that the company won t miss the money Copyright 2015, Association of Government Accountants

Impact of Fraud Global Fraud $3.7 $0.49 $0.38 $0.20 $0.19 $0.18 0 1 2 3 4 Annual Revenue (Trillions) 2012 Certified Fraud Examiners Inc. Report to the Nations 2015 Time Inc. All rights reserved

Types of Fraud Occupational Employee against Employer External Fraud Dishonest vendors and/or customers Unknown 3 rd parties How can internal audit work to minimize risk?

Fraud Tree Corruption: Dishonest or illegal behavior, especially by powerful people Asset Misappropriation: Theft or embezzlement of company assets Financial Statement Fraud: Deliberate misrepresentation, misstatement or omission of financial statement data

Median Loss Per Case $ 0 $3M $6M Asset Mis. $130,000 85.4% Corruption $250,000 32.8% F/S Fraud 4.8% $4,100,000 0 25 50 75 100 Percent of Cases

What does someone committing fraud look like?

Perpetrators of Fraud 87% first time offenders with clean employment histories 84% never punished or terminated for fraud

Position The majority of occupational frauds were committed by staff at the employee or managerial level 19% 36% 42% Employee Manager Owner/Executive

Median Loss by Position The higher the fraudster s level of authority, the greater the losses tend to be. Employee: $75,000 Manager: $130,000 Owner/ Executive: $500,000

Department * 77% of frauds originated in one of these departments Accounting: 17% Operations: 15% Sales: 13% Executives/Upper Management: 12% Customer Service: 8% Purchasing: 7% Finance: 5% All Other Depts.: 23% THERE IS NOT ONE DEPARTMENT WHERE FRAUD ALWAYS HAPPENS!

Today s Agenda Internal Audit and Fraud 22

The Situation An Accounts Receivable Clerk responsible for processing $20 million in receivables has just been indicted for theft of funds from a travel hockey club for which she is the volunteer treasurer. The A/R process was audited 6 months before with no exceptions noted. The A/R Clerk voluntarily resigned from her position within the company. As internal auditors, should we be worried?

What do you do? Do nothing and rely on the prior audit Toss out the prior audit and re-perform the entire A/R Audit Review the prior audit and determine if testing was adequate to detect fraud. Then based on review, perform additional testing What would Clark Schaefer Consulting suggest?

What do you do? Do nothing and rely on the prior audit Toss out prior audit and re-perform the entire A/R Audit Review the prior audit and determine if testing was adequate to detect fraud. Then based on review, perform additional testing What would Clark Schaefer Consulting suggest?

Possible Considerations Customer List Customer Statements Cash Payments Payment Disputes Deposit to Invoice Reconciliation Process Flow (separation of duties) Customer Discounts & Refunds Segregation of Duties

Could Internal Audit have done anything different to detect the fraud prior to her resignation?

Why didn t the auditors catch this? Detecting Fraud is HARD! Lack of skill and experience Improper planning Inappropriate design of audit program sample selection or target assertions Inability to gather sufficient appropriate audit evidence Failure to exercise professional skepticism

Training Day-to-day coaching Intercompany training New hire training process, training individuals as they obtain more responsibility, etc. IIA/ACFE auditing courses Seminars/conferences Certifications CIA, CFE, CISA Continuing education

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Fraud Planning High Level Annual Audit Plan How much of IA s budget is dedicated to canned audits? How much is spent with management mandated activities (i.e. MAR, 10-Q assistance)? How much time set aside for consultative and ad-hoc activities?

Prior Audits Are there any non-remediated items? Are there any solutions that are different from the audit recommendation? Were there any agree to disagree items? Are the previous tests insufficient for the current audit?

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Pre-Work: Identify the Culture Tone at the Top What message does senior level management send to employees in regards to ethical behavior? Fraud is NOT OKAY! Are resources being provided to employees telling them how they can identify fraud and help stop it?

Pre-Work: Identifying Fraud Prevention Is there an affirmation process for upper management s compliance with code of conduct, fraud, etc.? Do policies deter fraud by detailing the consequences of committing fraud? Are there annual anti-fraud trainings? Are there authority limitations on employees and managers? Are there restrictions on management overrides? Are the appropriate internal controls in place (i.e. segregation of duties) to prevent fraud

Pre-Work: Identifying Fraud Detection Techniques Are there anonymous opportunities for whistleblowers? Are there process controls to detect fraud, such as physical inventory counts, reconciliations, etc.? Are there technological measures (i.e. data analysis) to detect anomalies or trends that could indicate fraud? Is there an internal audit function that may assist in detecting fraud?

Fraud Detection Techniques Are resources available to employees to report fraud? Tip Management Review Internal Audit 0 10 20 30 40 50 Percent of Cases (%)

Preventative Controls deter fraud opportunity but at what cost?

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Narrative Interviews Are you getting varying answers pertaining to a process? Do you have a supervisor or manager who insists on being present for all staff interviews? How much has the process changed since the last audit?

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Process Flows and Walkthroughs Obtain process flow charts in order to identify potential control weaknesses, lack of segregation of duties, etc. Performs walkthroughs to examine that the processes are being performed as designed, and controls listed exist and are effective

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Fraud Planning High Level Enterprise Wide Risk Assessment What risks are associated with the company s overarching goals? What are the positive and negative outcomes of meeting/failing to meet those goals? What message does upper management send about meeting goals ( tone at the top )?

Enterprise Wide Risk Assessment Incentives attached to performance goals are used as a motivational tool, but increase the risk that an employee will act fraudulently in order to obtain those incentives (especially if the consequences of not meeting those goals are severe enough).

Risk Assessment Assess the likelihood and significance of inherent and residual fraud risk This should include a period of fraud brainstorming where auditors consider all of the controls identified. This is also a time to consider the personnel involved with the processes being audited.

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Cost ($) Test Planning & Design Design your audit to have the strongest level of testing available, taking into consideration budget and scope. Reperformance Examination Confirmation Analytical Procedures Observation Interview / Inquiry Reliability Level

Supervision Set clear expectations Discuss the nature, timing, and extent of audit procedures Ensure procedures are performed efficiently and effectively Review documentation to make sure it sufficiently details tests performed Don t be afraid to discuss fraud!

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Fieldwork Review What is the overall risk of the process being audited? Are there any other conclusions that can be drawn from the completed testing? Was testing designed to uncover red flags? Do any tests need to be re-performed or redesigned? Has the audit team fully thought through the implications of any unexpected items?

Substantive Testing If no exceptions were found the first time, was the sample accurate for the: Period tested Specific transaction amounts (i.e. round dollar amounts, common amounts) Specific vendors (high # of transactions, high # of disputes)

Additional Tests Re-performing Invoice to Deposit Reconciliations Customer Balance Confirmations Staff Interviews Bank Statement Reviews

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Potential Findings Meetings Tone at the Top While no manager or process owner is going to be happy about a potential finding being brought to them, their response and the way that they address the matter can be an indicator of fraud or other problems.

Standard Audit Steps Audit Plan Test Fieldwork Pre-work Review Narrative Interviews Reporting Process Flows & Walkthroughs Follow - Up Risk Assessment

Follow Up Avoid the temptation to skip this step Look for remediation that has not been completed Thoroughly assess all alternative remediation plans

Key Outcomes Either assurance gained or improvements made to existing audit process Fraud detected Additional process improvement recommendations Improved internal controls Possible recovery of stolen funds

Final Opportunities Fraud Investigation Post Mortem Lessons Learned Need for a Peer Review? Opportunity of Continuous Monitoring or Process Automation?

Today s Agenda Managing Fraud as an organization 60

The Situation During an Enterprise Risk Assessment, the Audit Department learns the company is: Purchasing a new critical system and outsourcing the implementation and migration to an overseas firm Allowing staff to access the company network using personal electronic devices Completing the acquisition of a smaller company and rolling one of their systems out to the entire parent company on a very aggressive time-table

So What? None of this is illegal None of this is out of the ordinary All of these things could potentially benefit the company

Outsourcing Risk The company now has vendors accessing company information from all over the world. Information may now be housed on non-company computers International laws and regulations pertaining to confidentiality, availability and integrity may be applicable

End User Risk Company information is now accessed by and saved to non-company devices Company information is now accessed anywhere at any time Personal Devices contain software not owned or approved by the company

Project Risk Subsidiary System may not be equipped to handle the larger volume of the parent company Aggressive deadline could result in short-cutting the Change Management process Subsidiary System may not be properly secured

Possible Fraud Testing NDA Compliance Change Management Vendor Selection Device Registration Device Monitoring Intrusion Detection Project Management Access Controls Access Monitoring

Creating a culture to prevent fraud Governance Risk Assessment Prevention & Detection Investigate& Resolve Establish the culture Applies to all members Know where highest level of risk of fraud exists Actively work to create systems to minimize risk For identified instances of fraud, review and adjust process as required 67

Governance Governance Develop a fraud risk program as a written policies with clear expectations Roles and responsibilities documented for all areas of the organization, including: Board of Directors Audit Committee Management and Staff Documentation includes procedures on what to do if fraud is identified.

Creating a culture to prevent fraud Risks to the Organizations should be periodically assessed to identify areas to focus mitigation Risk Assessment Fraud risk assessments should include three key elements. Indentify Inherent Risk Assess Likelihood Address significant risks 69

Creating a culture to prevent fraud Preventative controls should be established to prevent key risks identified during the risk assessment. Examples of controls: Prevention & Detection HR procedures (hiring, terminations, etc) Anti-fraud training Authority limits Transaction level procedures KEY IS DOCUMENTATION 70

Creating a culture to prevent fraud In addition, controls to detect fraud when preventative controls fail, should be established Prevention & Detection Examples of controls: Whistleblower hotlines Process controls Proactive procedures (continuous auditing) AGAIN: KEY IS DOCUMENTATION 71

Creating a culture to prevent fraud Finally, a reporting process should be established to allow for input on fraud. Following input a formal investigation process must be established. For each fraud item communicated, procedures need to be established to: Receive the allegation Evaluating the allegation Investigation procedures Investigate& Resolve All items should be investigated and resolved using the standard process in a timely manner. 72

Key Takeaway INTERNAL AUDIT SHOULD BE A PARTNER, NOT THE POLICE 73

Questions? 74

For More Information If you wish to discuss any aspects of this presentation in more detail, please feel free to contact us: Clark Schaefer Consulting, LLC. 120 E 4 th Street, Suite 1100 Cincinnati, Ohio 45202 www.clarkschaefer.com Or send an e-mail directly to Don at: ddickhaus@clarkschaefer.com 75

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback