Tammy Michaud, CPA, Principal Sarah Belliveau, CPA, Senior Manager FRAUD AWARENESS UPDATE berrydunn.com
CATEGORIES OF FRAUD Asset misappropriations (stealing) Theft or misuse of assets Corruption Inappropriate use of one s influence in a business transaction (i.e. board member or major contributor) Kickbacks and conflicts of interest Fraudulent statements (lying) Falsification of financial statements or program reports 2
FACTORS PRESENT IN FRAUD Motive External (substance abuse, peer pressure, health problems, etc.) Internal (feeling unfairly treated, job pressures, etc.) Opportunity Real or perceived weaknesses in controls Rationalization Depersonalization, entitlement, etc. 3
WAYS IN WHICH FRAUD CAN BE COMMITTED Fraud committed against an Organization Fraud committed by an Organization Fraud committed through an Organization 4
WHO COMMITS FRAUD? Who should be considered? Employees Service organizations Contractors and vendors Customers Volunteers Others 5
WHO IS RESPONSIBLE FOR PREVENTING AND DETECTING FRAUD? It is Management s responsibility to design adequate internal controls to PREVENT and DETECT fraud. Protect the Organization s resources Protect the Organization s reputation Involve everyone in an organization-wide program to prevent, detect and deter fraud and abuse 6
WHERE DO YOU START? 7
REALISTICALLY EVALUATE YOUR INTERNAL CONTROLS TO IDENTIFY POSSIBLE WEAKNESSES Are there controls over selection and application of GAAP, including expertise? Is there an antifraud program and are there antifraud controls implemented? Are there controls over non-routine and non-systematic transactions? Are there effective controls over period-end financial reporting process including controls over procedures used to: enter transaction totals into the general ledger initiate, authorize, record, and process journal entries into G/L record recurring and nonrecurring adjustments to the F/S 8
REALISTICALLY EVALUATE YOUR INTERNAL CONTROLS TO IDENTIFY POSSIBLE WEAKNESSES Is there effective oversight of financial reporting (includes financial statement preparation)? Has there been a restatement of previously issued F/S to correct an error? Has there been identification by auditor of material misstatement in F/S for period under audit that was not initially identified by entity s internal control/management? Is there effective regulatory compliance function (where applicable)? Has there been identification of fraud of any magnitude? Has management or those charged with governance assessed the effect of a control deficiencies previously communicated to them? Is there an ineffective control environment? 9
ORGANIZATIONAL RISK FACTORS TO CONSIDER Compensation, benefits (or employment) linked to operating results No raises, cuts in benefits Too much control by one person (ED, CFO, board member or a contributor) Absentee management or uninvolved board members or those with a lack of financial understanding Inventory and other goods that are readily available and not well monitored Violation of debt covenants, DOE ratios etc. or breach of contract terms Line of credit renewals contingent on positive operating results Pressure to meet third-party demands and reduced reimbursement 10
ORGANIZATIONAL RISK FACTORS TO CONSIDER Culture of trust Lack of segregation of duties Untimely reconciliations, lack of documented controls Non reciprocal transactions (contributions) Lack of policies or up-to-date policies Lack of staff with the appropriate skill financial skill set or lack of technology needed Fear of job loss/ job security Use of volunteers 11
AREAS OF INHERENT REPORTING RISK Estimates self funded health insurance, allowance for doubtful accounts, anything using PV techniques and assumption, third party cost settlements Cost allocations ratable allocations between all programs and reasonable consistent methodology Contributions and private grants completeness, restrictions, releases from restriction Fair Value Measurements reporting the value of the non-cash gifts in the financial statements and assessing fair value of certain balance sheet items. Adjustments to revenue bad debt write offs, contractual adjustments, scholarship awards, fee adjustments 12
AREAS OF INHERENT RISK OF MISAPPROPRIATION Payroll Cycle controls over additions, deletions, pay rates, verifying hours worked, allocation of payroll and all related payroll expenses Compliance contract terms being followed, objectives being met, and areas of risk identified Expenses control over check signing, authorization, receipt of goods, etc. Credit cards and expense reports control over cards, authorized users, appropriate expenditures. Cash transactions collection of cash, dual control over cash counts, reconciliations of activity etc. Contributions solicitations, collection of cash, reconciliation between development and the GL Journal entries sufficiently documented, support, dual sign offs 13
WHAT IS THE BOARD S ROLE? 14
PRO-ACTIVE INVOLVEMENT The board should formally incorporate fraud risk management discussions into board or a sub-committee s agenda to ensure adequate and purposeful attention is given to areas of risk within your organization and to determine the level of risk the organization is willing to assume relating to fraud. Having pro-active board members that understand operations well enough that they are involved with assessing the risk of fraud is a strong deterrent to fraud. Increasing the perception that fraudsters will be caught is among the most effective deterrents. 15
PRO-ACTIVE INVOLVEMENT Active board oversight is crucial for preventing higher level management fraud losses. Board members should aware of red flags and organizational risks Be willing to ask questions Do not always accept answers at face value if they don t make sense. 16
FRAUD RISK MANAGEMENT POLICY An anti-fraud policy should be created that minimally includes: A clear ethical tone The board s expectation of management and the employees. Defines the responsibilities of the board and management relating to fraud risk and communicating the culture to employees. Establishing a clear understanding of the process if an employee or someone reports a suspected instance of fraud. Establishing an effective Hotline or whistleblower policy. The policy should be reviewed and updated regularly. 17
ONCE A POLICY IS ESTABLISHED IT IS IMPORTANT TO EVALUATE THE POLICY EFFECTIVENESS Consider the following: Number of known frauds Number and status of fraud allegations received Responsiveness and disposition of fraud allegations Timeliness of implementing corrective action plans and implementing improved controls when fraud is discovered Employee satisfaction surveys 18
EXAMPLES Corporate credit cards Vendor credit cards Payroll Cash collections without appropriate segregation of duties Inventory Collusion Fraudulent checks 19