View
26
Download
2
Category
Tags:
Preview:
Citation preview
Steps To Prevent & Detect
Occupational Fraud in GovernmentMay 20, 2015
Ron Steinkamp, CPA, CIA, CFE, CRMA, CGMA314.983.1238 | rsteinkamp@bswllc.com
6 CityPlace Drive, Suite 900 │ St. Louis, Missouri 63141 │ 314.983.1200 1520 S. Fifth St., Suite 309│ St. Charles, Missouri 63303 │ 636.255.3000
2220 S. State Route 157, Ste. 300 │ Glen Carbon, Illinois 62034 │ 618.654.3100 1.888.279.2792 │ www.bswllc.com
WHAT IS THE LARGEST MUNICIPAL FRAUD IN US HISTORY?
Question?
© 2015 All Rights Reserved Brown Smith Wallace LLC 2
City Comptroller (Rita Crundwell) embezzled over $53 million from 1990-2012.
Facts• City of 15,000 south of Chicago.• Home of Ronald Reagan.• Annual City budget $8-9 million.
Perspective• Per FBI, 5 months ending February 2012:
- Police - $1.1 million- Rita’s pocket - $3.2 million
Dixon, Illinois
© 2015 All Rights Reserved Brown Smith Wallace LLC 3
How did she do it?• Minimal oversight and small town trust.• Lack of segregation of duties.• Opened a secret bank account and transferred in City
funds from other accounts.• Used funds to pay for her personal and private business
expenses.- Horse farming/ranching operations and shows.- Personal credit cards.- Trips.- Real estate.- Vehicles.
• Fooled the auditors by creating fictitious invoices from State of Illinois.
Dixon, Illinois
© 2015 All Rights Reserved Brown Smith Wallace LLC 4
How was it detected?• Comptroller took 12 weeks of approved vacation.• Interim replacement received bank account and
determined transactions had nothing to do with City business.
Warning signs• Her lifestyle changed from modest to lavish.• Inadequate segregation of duties.
Results• Rita got 20 years in prison.• Sold off Rita’s assets.• City of Dixon awarded $40M from lawsuit against the
auditors and bank.
Dixon, Illinois
© 2015 All Rights Reserved Brown Smith Wallace LLC 5
Lessons Learned• Segregate duties.• New bank accounts approved by the Mayor and Council.• Two responsible members of management approve all
invoices.• Payments exceeding a certain amount require two
signatures.• City Council reviews and approves all fund transfers.• Mayor and Council review and discuss financial reports
and audits.• Anti-fraud orientation provided to all new employees.• Mandatory annual fraud reorientation for all employees.• Anonymous fraud hotline.• Mandatory job rotation.• Mandatory annual vacations.• Surprise audits.
Dixon, Illinois
© 2015 All Rights Reserved Brown Smith Wallace LLC 6
Agenda
© 2015 All Rights Reserved Brown Smith Wallace LLC
• What is Occupational Fraud?
• 2014 ACFE Global Fraud Study
• Red Flags
• Common Areas of Abuse in Government
• 7 Keys to Fraud Prevention & Detection
• Key Process Controls
• Fraud Self Assessment
7
WHAT IS OCCUPATIONAL FRAUD?
© 2015 All Rights Reserved Brown Smith Wallace LLC 8
The use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets.
Three general categories:
Asset misappropriation
Corruption
Financial statement fraud
Definition
© 2015 All Rights Reserved Brown Smith Wallace LLC 9
Perpetrator steals or misuses an organization’s resources.
- Examples:• Clerk stealing cash receipts.• Payroll Clerk creating a ghost employee.• Purchasing Clerk creating a fictitious vendor and
false invoice.• Street Department personnel “borrowing”
equipment.• City Manager purchasing personal items on the City
credit card.
Asset Misappropriation
© 2015 All Rights Reserved Brown Smith Wallace LLC 10
Employee’s use of his/her influence in business transactions in a way that violates his/her duty to the employer for the purpose of obtaining benefit for him/herself or someone else.
- Examples:• City Council member trading votes for personal
favors.• Purchasing Department Manager awarding a City
contract to a vendor for a kickback.• Human Resources Director hiring unqualified
“friends” to fill positions.
Corruption
© 2015 All Rights Reserved Brown Smith Wallace LLC 11
Intentional misstatement or omission of material information in the organization’s financial reports.
- Examples:• Inflating City revenues on the Consolidated Annual
Financial Report.• Forcing actual expenditures to match budget by
moving expenses between accounts.• Improperly accounting for grant receipts and
expenditures.
Financial Statement Fraud
© 2015 All Rights Reserved Brown Smith Wallace LLC 12
2014 ACFE Global Fraud Study2014 Report to the Nations on Occupational Fraud and Abuse
© 2015 All Rights Reserved Brown Smith Wallace LLC 13
1. Typical organization loses 5% of annual revenue to fraud – applied to
2013 Gross World Product translates to potential fraud loss of more than
$3.7 trillion annually.
2. Median loss in the study was $145,000 with more than 22% of the cases
involving losses over $1 million.
3. Fraud lasted a median of 18 months.
4. Asset misappropriation schemes (fraudulent disbursements, theft of
cash receipts, other asset misappropriations) were the most common
form of fraud, representing 85% of the cases and least costly at a
median loss of $130,000.
5. Financial statement fraud schemes were the least common form of fraud,
representing 9% of the cases and most costly at a median loss at $1
million.
Summary of Findings
© 2015 All Rights Reserved Brown Smith Wallace LLC 14
6. Corruption schemes fell in the middle, comprising just over 37% of cases
and causing a median loss of $200,000.
7. Occupational frauds are most likely to be detected by tips (40%)
followed by management review (15%) and Internal Audit (14%).
8. Small organizations are disproportionately victimized by occupational
fraud.
9. Government/public administration was one of the most commonly
victimized industries.
10. Anti-fraud controls appear to help reduce the cost and duration of
occupational fraud schemes.
11. High-level perpetrators cause the greatest damage to their
organizations.
Summary of Findings (cont.)
© 2015 All Rights Reserved Brown Smith Wallace LLC 15
12. 77% of frauds were committed by individuals in one of seven departments:
Accounting Operations Sales Executive/upper management Customer service Purchasing Finance
13. More than 85% of fraudsters had never been previously charged or
convicted for a fraud-related offense.
14. Fraud perpetrators often display warning signs – most common
behavioral red flags reported in the survey were perpetrators living
beyond their means (36%) and experiencing financial difficulty (27%).
15. Nearly half of victim organizations do not recover any losses that they
suffer due to fraud.
Summary of Findings (cont.)
© 2015 All Rights Reserved Brown Smith Wallace LLC 16
RED FLAGS
© 2015 All Rights Reserved Brown Smith Wallace LLC 17
The Fraud Triangle
© 2015 All Rights Reserved Brown Smith Wallace LLC 18
Pressure or incentive – need the fraudster is trying to satisfy.
Opportunity – ability to commit the fraud. Organizations can influence this characteristic the most = strong internal controls that avoid putting employees in positions to commit fraud and that detect fraudulent activities if they occur.
Rationalization – ability to justify the fraud.
AKA = Fraud Triangle
Common Characteristics of Fraud
© 2015 All Rights Reserved Brown Smith Wallace LLC 19
• High personal debts.
• Living beyond their means.
• Excessive investment speculation.
• Excessive gambling.
• Substance abuse.
• Extra-marital affairs.
• Job frustration.
• Resentment of superiors.
Pressure “Red Flags”
© 2015 All Rights Reserved Brown Smith Wallace LLC 20
• Inadequate internal controls.
• Too “cozy” with suppliers.
• Annual vacation or sick days not taken.
• Weak management or excessive turnover.
• Ineffective or no internal audit.
• No rotation of job duties among employees.
• Procedures not well understood/always in crisis mode.
• Large amounts of cash on hand or processed.
Opportunity “Red Flags”
© 2015 All Rights Reserved Brown Smith Wallace LLC 21
• Not compensated fairly.
• No recent raises/cost of living adjustments.
• Everyone else does it.
• Intended to pay it back.
• Needed the money.
• Felt cheated and wanted revenge.
• Bribe/kickback too tempting.
Rationalization “Red Flags”
© 2015 All Rights Reserved Brown Smith Wallace LLC 22
Middle aged male, employed by the organization for a number of years and in a
position of trust.
Educated.
Works in the financial department.
Member of management.
Driven by money and opportunity.
IS THIS TRUE FOR GOVERNMENT?
Typical Fraudster
© 2015 All Rights Reserved Brown Smith Wallace LLC 23
COMMON AREAS OF ABUSEIN GOVERNMENT
© 2015 All Rights Reserved Brown Smith Wallace LLC 24
• Skimming• Check Tampering • Billing Schemes• Fraudulent Expense Reimbursement• Payroll Fraud• Bribery and Conflicts of Interest
Common Areas of Abuse in Government
© 2015 All Rights Reserved Brown Smith Wallace LLC 25
Employee steals cash from the employer before it is recorded on the employer’s books and records. Skimming typically occurs when an employee:
• Has access to customer payments• Directs intercepted receipts to personal
accounts
Skimming
© 2015 All Rights Reserved Brown Smith Wallace LLC 26
How can skimming be prevented/detected? • Segregate cash receipts and accounting
responsibility.• Issue receipts.• Track receipts in system and reconcile daily.• Surprise cash counts.• Cameras.
Skimming
© 2015 All Rights Reserved Brown Smith Wallace LLC 27
Any scheme in which an employee steals employer’s funds by:
• Forging or altering a check on the employer’s bank account.
OR• Stealing a check the organization has
legitimately issued to another payee.
Check Tampering
© 2015 All Rights Reserved Brown Smith Wallace LLC 28
How can check tampering be prevented/detected?• Check stock should be locked in a secure
location to ensure blank checks are not accessible to potential fraudsters.
• Checks should be mailed immediately after signing to reduce the risk of legitimate checks being stolen.
• Positive pay.• Bank reconciliations.
Check Tampering
© 2015 All Rights Reserved Brown Smith Wallace LLC 29
Billing schemes occur when an employee submits a false invoice or alters an existing one, thus causing the employer to willingly (but unknowingly) issue a check for false expenses.
Billing Schemes
© 2015 All Rights Reserved Brown Smith Wallace LLC 30
How can billing schemes be prevented/detected?• Prior to authorizing payment, invoices should be checked
for validity of the vendor, validity of the goods or services invoiced, accuracy, and authenticity.
• Prior to processing payment, invoices should be checked for proper authorization, accuracy and authenticity. This will prevent overpayment, as well as payments being made to fictitious vendors.
• Strictly control access to vendor master data.• Regular vendor master file analysis.
Billing Schemes
© 2015 All Rights Reserved Brown Smith Wallace LLC 31
Expense reimbursement schemes occur when an employee submits false expenses in the hope of being reimbursed.
Fraudulent Expense Reimbursements
© 2015 All Rights Reserved Brown Smith Wallace LLC 32
How can fraudulent expense reimbursements be prevented/detected?• Expense reimbursement policy.• Require original itemized receipts.• Receipts should be scrutinized to detect alterations or
forgeries.• Other means of proving incurred expenses, such as
airline itineraries, credit card statements, etc. should not be accepted unless approved by a supervisor.
• All expense reimbursements should be reviewed and immediately processed upon approval.
• Use a specific credit card for all business expenses. Receive this information electronically from credit card company and require electronic filing of expense reports by employees. This will minimize the possibility of fraud and, if fraud is occurring, will provide an easier means to identify it.
Fraudulent Expense Reimbursements
© 2015 All Rights Reserved Brown Smith Wallace LLC 33
Payroll fraud occurs when an employee submits false documentation (i.e., timecards) in an effort to inflate his/her wages/salary. Such documentation prompts the organization to unknowingly disburse funds to the perpetrator.
Possible ways in which Payroll Fraud can occur:• Falsified hours and salary• Ghost employees
Payroll Fraud
© 2015 All Rights Reserved Brown Smith Wallace LLC 34
How can payroll fraud be prevented/detected? • All timecards should be reviewed for validity and
accuracy.• Once submitted for approval, employees should never
see their timecard again. • Overtime hours must be authorized by a supervisor.• If employees use a time clock to “punch in” and “punch
out”, they must do so when they arrive for work, take breaks, go to lunch, leave for the day, etc.
• Monitor employees to ensure one employee is not punching out for another.
• Strictly control access to payroll master data.
Payroll Fraud
© 2015 All Rights Reserved Brown Smith Wallace LLC 35
Schemes involving the employee’s use of his/her influence in transactions in a way that violates duty to the employer for the purpose of obtaining a benefit for themselves or someone else.
Usually involves collusion.
Bribery and Conflicts of Interest
© 2015 All Rights Reserved Brown Smith Wallace LLC 36
How can bribery and conflicts of interest be prevented/detected? • Well publicized fraud hotline.• Strong ethics and conflict of interest policy.• Required reporting of potential conflicts of interest.• Limiting gifts from vendors and contractors.• Well defined procurement process.• Rotate buyers.• Contract audits.
Bribery and Conflicts of Interest
© 2015 All Rights Reserved Brown Smith Wallace LLC 37
7 Keys To FraudPrevention And Detection
© 2015 All Rights Reserved Brown Smith Wallace LLC 38
Anti-Fraud Culture
Fraud Policy
Fraud Awareness/Trainin
g
HotlineAssess Fraud Risks
Review/Investigation
Improved Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 38
Set the tone at the top = Lead by Example Responsibility of Directors and Officers Behave ethically and openly communicate expectations to
employees Treat all employees equally Zero tolerance
Create a positive workplace environment Focus on employee morale Empower employees Communicate
Hire and promote appropriate employees Conduct background investigations before hiring or
promoting Check candidate’s education, employment history,
references Continuous and objective evaluation of compliance with
entity values Violations addressed immediately
1. Anti-Fraud Culture
© 2015 All Rights Reserved Brown Smith Wallace LLC 39
Code of Conduct Formalized and founded on integrity Defines acceptable employee behavior Communicated to all employees All employees are held accountable for compliance
Discipline Sends a strong message throughout the entity Should be appropriate and consistent Consequences of committing fraud clearly communicated
throughout the entity
1. Anti-Fraud Culture
© 2015 All Rights Reserved Brown Smith Wallace LLC 40
Oversight Process Audit Committee or Board of Directors
Evaluate management’s “tone at the top”, identification of fraud risks and implementation of anti-fraud controls
Ensure that management implements anti-fraud measures Consider the potential for management override of controls
Management Directs, implements and monitors anti-fraud controls Sets the ethical tone Trains employees
Internal Auditor Identifies fraud indicators Assesses fraud risks Evaluates anti-fraud controls Recommends actions to mitigate risks Investigates potential frauds
1. Anti-Fraud Culture
© 2015 All Rights Reserved Brown Smith Wallace LLC 41
Demonstrate commitment to combating fraud
Apply to all Directors, Management, employees, consultants, vendors, contractors, etc.
Should include: Statement of organization’s position on fraud Scope of the policy – who does it apply to Management’s responsibility for prevention and detection of
fraud Definition of fraud Actions constituting fraud Fraud reporting process/procedures Fraud investigation process/procedures Unit responsible for administration of the policy and
investigating fraud allegations Statement on anonymity/confidentiality Consequences
2. Fraud Policy
© 2015 All Rights Reserved Brown Smith Wallace LLC 42
Reviewed and updated regularly.
Signed off and agreed to by the CEO and Board Chair.
See the ACFE for an example Fraud Policy. http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Sample_Fraud_Policy.pdf
2. Fraud Policy
© 2015 All Rights Reserved Brown Smith Wallace LLC 43
All new employees should be trained at time of hiring on the Code of Conduct and Fraud Policy.
Training should include: Their duty to communicate certain matters A list of the types of matters to be communicated along with
examples How to communicate those matters Affirmation from senior management regarding employee
expectations and communication responsibilities
Refresher training periodically
3. Fraud Awareness/Training
© 2015 All Rights Reserved Brown Smith Wallace LLC 44
Enable employees, vendors, customers and others to communicate concerns about known or suspected wrongdoing.
Telephone, email, internet.
Anonymous.
Adequately publicized.
Internal or external.
Complaint monitoring and investigation/resolution.
4. Hotline
© 2015 All Rights Reserved Brown Smith Wallace LLC 45
Conduct an annual fraud risk assessment. Assists management in systematically identifying where and how
fraud may occur and who may be in a position to commit fraud.
Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.
General steps: Identify areas and processes to assess Identify potential fraud schemes in each area/process Assess likelihood and significance of each scheme Map existing anti-fraud controls to potential fraud schemes Test operating effectiveness of anti-fraud controls Identify any control gaps and/or deficiencies = Residual risks Document and report on the fraud risk assessment
5. Assess Fraud Risks
© 2015 All Rights Reserved Brown Smith Wallace LLC 46
Mitigate Fraud Risks Make changes to activities and/or processes = transfer or eliminate
the risks Improve anti-fraud controls
Monitor Fraud Risks Develop data analytics for management to use to monitor fraud
risks Utilize Internal Audit to conduct audits of risk areas
5. Assess Fraud Risks
© 2015 All Rights Reserved Brown Smith Wallace LLC 47
All concerns/suspicions of wrongdoing should be reviewed and determination made whether a fraud investigation is warranted.
Develop a policy for fraud reviews and investigations that specifies: Who is responsible for the review/investigation Roles of Legal Counsel, Human Resources, Internal Audit, others Process for conducting the review/investigation Documentation requirements Reporting requirements When to involve law enforcement
6. Fraud Review/Investigation
© 2015 All Rights Reserved Brown Smith Wallace LLC 48
Gather sufficient information and perform procedures necessary to determine: Whether fraud has occurred Loss or exposure associated with the fraud Who was involved and how it happened
Must prepare, document and preserve evidence sufficient for potential legal proceedings.
Include experts = Certified Fraud Examiner (CFE)
6. Fraud Review/Investigation
© 2015 All Rights Reserved Brown Smith Wallace LLC 49
Periodic internal control reviews.
Use lessons learned from any reviews or investigations to improve anti-fraud controls.
All reviews and investigations should include a report to management with recommendations for control improvement.
7. Improved Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 50
KEY PROCESS CONTROLS
© 2015 All Rights Reserved Brown Smith Wallace LLC 51
• Code of conduct• Policies and procedures manual• Segregation of duties• Records retention• Documentation of transactions• Budgetary• Fraud Policy and reporting• Access to systems
General Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 52
• Policies and procedures.• All bank accounts opened and maintained in
organization’s name with proper approval.• Segregate access to cash from accounting for
cash.• Monthly reconciliation of recorded balances to
bank account detail by employees not involved in cash activities.
• Control credit cards and reconcile to receipts on a timely basis.
Cash Management Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 53
• Policies and procedures.• All orders received are processed and recorded.• All orders processed are invoiced.• All invoices are posted to customer accounts.• Billings are accurate.
Revenue Cycle Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 54
• Policies and procedures.• All purchase orders are authorized.• All vendors are authorized.• Individuals have authorization limits.• Check stock is controlled.• EDI/ACH transactions require authorization.• Credit card purchases are controlled and
statements are reconciled to detailed receipts.
Procurement Cycle Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 55
• Procedures for adding, changing, removing employees and related pay and benefits.
• Payroll personnel can not add/change/delete employees and related pay and benefits.
• All changes are authorized by management.• Payroll preparation segregated from payroll
authorization, check signing and distribution.• Access to payroll is restricted.• Safeguard checks.• Reconciliations.
Payroll Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 56
• Procedures for adding and removing fixed assets.
• Detailed records of all fixed assets.• Tracking of fixed assets.• Inventory fixed assets and reconcile to records
periodically.
Fixed Assets Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 57
• Accurate, Timely, and Consistent Reporting.• Recorded balances should be periodically
substantiated and evaluated.
Management Reporting Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 58
• Exception reporting• Shipping/Receiving• Physical inventory monitoring• Perpetual records• Controlling slow-moving and obsolete
inventories• Scrap• Adjustments are controlled• Cycle counting• Disposal
Inventory Monitoring Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 59
• Back-ups• Disaster Recovery• Security (physical & logical)• Virus Protection• Administrative
-Change control- Trouble reporting-Helpdesk- Systems Development Life Cycle
IT Common Controls
© 2015 All Rights Reserved Brown Smith Wallace LLC 60
Fraud Self AssessmentFraud Prevention Self Assessment.docx
© 2015 All Rights Reserved Brown Smith Wallace LLC
© 2015 All Rights Reserved Brown Smith Wallace LLC 61
Ron Steinkamp, CPA, CIA, CFE, CRMA, CGMA
Member, Advisory Services
Brown Smith Wallace, LLC
314.983.1238 (Direct)
rsteinkamp@bswllc.com
Contact Information
© 2015 All Rights Reserved Brown Smith Wallace LLC 62
Recommended