View
230
Download
0
Category
Preview:
Citation preview
8/7/2019 Learn Fraud risk
1/39
Auditing for Fraud inAccounts Payable: Secrets of Protecting Against
Worsening Theft Risks
December 2, 2009
Moderated by Scott Langlinais
Copyright 2009 White-Collar Crime 101 LLC/FraudAware
8/7/2019 Learn Fraud risk
2/39
About Peter Goldmann
President and Founder of White Collar Crime 101--Publisher of White-Collar Crime Fighter
Developer of FraudAware anti-fraud training courses Monthly columnist, The Fraud Examiner, ACFENewsletter
Member of Editorial Advisory Board, ACFE Speaker at numerous fraud prevention associationevents.
Author of new book, Anti-Fraud Risk and Control Workbook (available at www. wiley.com)
University of Michigan, BA; London School of Economics, MSc (Econ).
Introductions
8/7/2019 Learn Fraud risk
3/39
About Jim Kaplan, CIA, CFE
President and Founder of AuditNet, the global resource for auditors
Over 26 years of audit experience
Internet for auditors pioneer and recipient of the IIAs 2007Bradford Cadmus Memorial Award.
Recipient of the 2005 Lifetime Membership Award for theAssociation of Local Government Auditors
Author of the Auditors Guide to Internet Resources
EDPACs Editorial Advisory Committee
State University College of New York Geneseo BA Economics,The American University MSc Accounting
Introductions
8/7/2019 Learn Fraud risk
4/39
Todays Agenda
Introduction Fraud Statistics AP Fraud Types
Internal AP Fraud Red Flags of AP Fraud Auditing Steps to Detect AP Fraud Your Questions Conclusions
8/7/2019 Learn Fraud risk
5/39
Fraud: The Big Picture
According to major accounting firms, professional fraud examinersand law enforcement:
U.S. companies lose an average of 7% of gross revenue to fraudevery year. (Association of Certified Fraud Examiners) Total: $994billion. (About 30% more than TARP bailout!)
75% of companies surveyed experienced at least one incident of fraud in the last 12 months (KPMG)
The average cost to for each incident of fraud is $200,000 (ACFE)
Approximately 60% of all corporate fraud is committed by insiders(PwC)
Approximately half of employees who commit fraud have been withtheir employers for over 5 years (ACFE)
Statistics
8/7/2019 Learn Fraud risk
6/39
Fraud: The Big Picture
AUDITING FOR AP FRAUD: THE BIG PICTUREShould be part of a comprehensive anti-fraud program including:1. Fraud Risk Assessmentidentify specific AP
fraud risks.2. Development of AP fraud audit plan to detectRed Flags of risks.3. Use results of fraud audit to 1) guide
management to investigate specific findings; 2)implement/enhance better anti-fraud controls.
Introduction
8/7/2019 Learn Fraud risk
7/39
Two Main Types of FraudAuditing for AP Fraud
8/7/2019 Learn Fraud risk
8/39
Two Main Types of Fraud (continued) Auditing for AP Fraud
8/7/2019 Learn Fraud risk
9/39
Internal AP Fraud
MAIN TYPES OF EMPLOYEE-LEVEL AP FRAUD: Billing schemes (Shell companies/duplicate invoicing etc) Vendor Master File fraud Kickback schemes
Check fraud T & E fraud P-Card fraud Collusion with suppliers Electronic payments Payroll fraud
8/7/2019 Learn Fraud risk
10/39
Case Study: Duplicate Invoicing
8/7/2019 Learn Fraud risk
11/39
8/7/2019 Learn Fraud risk
12/39
Vendor Master File Fraud
How it works: Absence of controls over access to VMF allows
dishonest employees to add sham suppliers.
Failure to clean VMF at last once a year. Allowsphony suppliers to be added, or inactive ones usedto commit billing fraud.
Fraudulent alteration of existing supplier data in
VMFsuch as payment instructions (changing fromcheck to ACH using employees bank accountdeposit data).
8/7/2019 Learn Fraud risk
13/39
Invoicing Fraud/Kickbacks
How it works:Accounting, A/P or purchasing employee colludeswith dishonest supplier: Allows supplier to...
Submit inflated invoices (overbilling). Bill full price for low-quality goods. Secure orders without competitivebidding/ bid-rigging with manipula-tion of bidding process by insider tosteer business to favored vendor.
8/7/2019 Learn Fraud risk
14/39
Check Fraud & Tampering
How it works: Check-Forging Schemes: Stolen blank checks. Check Theft/ Interception & Forged Endorsement.
Check altering: Payee, amount, address. Concealed check schemes. Counterfeiting.
8/7/2019 Learn Fraud risk
15/39
T&E Fraud
How it works: Falsifying T&E reimbursement schemes w/ bogus
receipts. Submitting T&E claims multiple times. Abuse of corporate card. Claiming for expenses just under limit
requiring approval. Booking business trips and not taking
them.
8/7/2019 Learn Fraud risk
16/39
Mini Case Study: T & E Fraud
Joe, a Senior VP, travelsregularly to London onbusiness. He tells his staff he
be in London for the followingweek.
Bill, one of his subordinatesspots Joe walking his
daughter to school onemorning, wonders why Joeisnt in London.
8/7/2019 Learn Fraud risk
17/39
P-Card Fraud
How it works: Unauthorized personal purchases. Split purchases. Mixed purchases (business and personal -- to
disguise latter). Excess goods purchased; keeping and/or selling
unneeded amount.
Falsifying receipts/ Gifts for clients.
8/7/2019 Learn Fraud risk
18/39
Audits - Traditional vs. Fraud
SAS 99 - Auditors responsibility to detect fraud
Gather information.
Assess risk. Respond to results. Professional skepticism.
Suggested but not required.
8/7/2019 Learn Fraud risk
19/39
Auditing for Fraud
Proactive. Test for Authenticity of
Transactions (not test of controls).
Biased sampling methodologynon-random based on fraudscenarios.
Fraud risk identification. Concealment strategies.
Data mining techniques.
8/7/2019 Learn Fraud risk
20/39
Auditor Awareness
Soft Indicators of Fraud The presence of behavioral red flags does not
mean fraud is occurring but the astute auditor should be aware of them.
Examples: Work practices (erratic, incomplete, error-prone) Employee behaviors evidence of alcohol, drug use or gambling
Refusal to take vacation Display of lavish possessions beyond financial means
8/7/2019 Learn Fraud risk
21/39
Invoice Billing Scheme Red Flags
Employees home address matching a vendors address. Employees initials matching a vendors name. Checks written to cash. A vendors address using a P.O. box. Missing vendor data Vendor data formatted illogically. Frequent partial deliveries of orders. Unusual pricing.
8/7/2019 Learn Fraud risk
22/39
Auditing for Invoicing/BillingSchemes/Shell Companies
Audit Procedures to Detect Invoice Billing Schemes Match employee and vendor address. Match employee initials to vendor names. Identify cash vendors and post office box addresses.
Review vendor files for missing data. Review vendor files for illogically formatted data. Validate all new vendorsespecially ones replacing long-
standing suppliers.The above tests can be run using audit software such ACL,IDEA or Microsoft Access
8/7/2019 Learn Fraud risk
23/39
Duplicate Payment Red Flags
Multiple payments in the sametime period:
In the same or similar amountto the same or related vendors
on the same invoice or purchase order For the same or similar goodsor service
Total amount paid to vendor exceeds invoiced amounts.
8/7/2019 Learn Fraud risk
24/39
Auditing for Duplicate Payments
Obtain a soft copy of invoice data notingdata elements. Perform an automated search for duplicatepayments. Summarize the data in order to determinethe range of values and the variabilityexpected. Review General Ledger for altered entries. Examine voided checks for signs of forgery.
8/7/2019 Learn Fraud risk
25/39
Red Flags of Vendor Master FileFraud
Inactive vendor is suddenly reactivated. New vendors appear on VMF with names
similar to existing vendors.
Key vendor info (EIN/TIN, etc) is missing fromVMF. Unexplained vendor address changes in VMF. Sudden changes in payment specifications
(New bank account, ACH).
8/7/2019 Learn Fraud risk
26/39
Auditing for Vendor Master FileFraud
Review process for approving vendors. Review the Vendor Master File for red flags. Test employee addresses against vendor
addresses. Look for an unusual number of vendor invoices. Look for invoice numbers in a specific range. Search for missing key information (Fed Tax ID,
phone numbers, street address). Conduct 3-way matching (PO-Invoice-Receiving).
8/7/2019 Learn Fraud risk
27/39
Bribery and Kickback Schemes
Red Flags: Unchanging list of preferredsuppliers.
Personal relationships (May
indicate conflict of interest. Contract specification changes. Single-source suppliers. Sudden changes in long-time
vendors. Sudden pricing jumps.
8/7/2019 Learn Fraud risk
28/39
Auditing for Kickback Schemes
Review contractor records to identifyquestionable payments. Review contract awards to identify
contractors with continuous contracts slightlylower than the next bidder.
Review payments for potential circumventionof established contractor procedures.
Review policies related to anti-bribery andgifts and test for compliance.
Examine vendor replacements.
8/7/2019 Learn Fraud risk
29/39
Check Fraud Red Flags
"If you make it easy for people to steal from you, they will." (Frank Abagnale, Special Investigator to the FBI)
Secondary (dual) endorsements.
Alterations (white-out/erasures). Check number missing. Missing addresses. Missing blank checks. Checks made out to employees.
8/7/2019 Learn Fraud risk
30/39
Auditing for Check Fraud
Examine voided check documentation. Ensure that returned checks are not returned
to the original processing unit. Examine/monitor check stock. Test bank reconciliation procedures. Endorsement and alteration review. Examine returned checks for signs of
alteration.
8/7/2019 Learn Fraud risk
31/39
T & E Fraud Red Flags
European invoices with American-style dating. Unusual patterns in an employees travel schedule. Reimbursement claim alterations. Vague descriptions on reimbursement claim forms.
Non-matching country currency. Receipts from unapproved or non-existent vendors. Frequently obtaining refunds of purchased air tickets.
8/7/2019 Learn Fraud risk
32/39
Auditing for T&E Fraud
Consider a compliance-enabled T&E management solutionExpense Entry Audit Review for claim entries that were modified (created or
deleted) by one user on behalf of another user. Examine claim entries that were modified after having been
approved. Compare approved travel dates to time and attendance leave
records. Review claim entries whose payable or billable amount was
modified. Review for unapproved claim entries in a specified date
interval.
8/7/2019 Learn Fraud risk
33/39
P - Card Fraud Red Flags
Missing receipts. Receipts are not itemized. Receipt date/total not match the transaction
date or charge amount. Expense report & backup documentation not
uploaded to Financial System by end of cycle. Transactions identified by AP as having an
unusual vendor.
8/7/2019 Learn Fraud risk
34/39
Auditing for P-Card Fraud
Use data analytics (ACL, IDEA, Excel, etc). Summarize transactions by vendor. Examine purchases exceeding spending authority. Examine purchases of fixed assets such as
computers and peripherals and other big-ticketitems.
Review for incomplete or altered receipts. Review for split purchases to circumvent spending
limits.
8/7/2019 Learn Fraud risk
35/39
Red Flags of Collusion withSuppliers
Unusual price hikes. Sudden replacement of existing vendor(s). Single vendor receives unusual number of contracts. Contracts awarded w/out competitive bidding. Inferior quality product is delivered. Products or services ordered that
organization does not use.
8/7/2019 Learn Fraud risk
36/39
Auditing for Collusion withSuppliers
Determine if company has been invoiced correctly. Evaluate contractor and company personnel and
compliance with ethics policies. Evaluate company control procedures and
compliance with company policies. Examine consecutive awards to single vendor. Investigate sudden price increases. Validate new vendors that replace long-standing
ones.
8/7/2019 Learn Fraud risk
37/39
Conclusions
Create a fraud audit toolbox of procedures andtechniques.
Establish a confidential fraud hotline. Use results of your fraud audit as a guide to
implement missing controls and/or improve existingones to reduce fraud risk. Promote fraud awareness within your organization
-- Awareness training-- Top management Tone at the Top-- Regular communications from management aboutZero Tolerance toward fraud.
8/7/2019 Learn Fraud risk
38/39
Questions?
Any Questions?Dont be Shy!
8/7/2019 Learn Fraud risk
39/39
Recommended