Upload
weavercpas
View
1.543
Download
2
Embed Size (px)
Citation preview
FRAUD RISK AND CONTROLRecognizing the Prevalence of Risk and the Importance of Prevention
Stop Fraud in its Tracks
“Don’t wait until you are working on fraud detection within business
operations.”
• Partner-in-Charge of Weaver’s Risk Advisory Services
• 25+ years of experience in public accounting, including 17+ years of internal control process and risk management experience
• Specializes in – Internal control compliance and monitoring– Risk and business management consulting– Fraud Prevention– Technology consulting– Operational analysis– Internal audit– IT audit
Speaker Profile
Alyssa G. Martin, CPA, MBA
Session Agenda
• Definition of Fraud• Identifying Fraud Schemes• How Fraud Threatens Your
Organization’s Existence/Credibility
• Effective Elements of Fraud Prevention & Detection
• Mitigating Fraud Risk
DEFINITION OF FRAUD
“… any illegal act characterized by deceit, concealment, or violation of trust.
What is Fraud?
These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”
Fraud is defined as:
• Intentional act vs. error or mistake• Ingenious schemes, limited only by
human imagination• Gaining an advantage through false
suggestions and suppression of truth• Using surprises, tricks or cunning, or
any other unfair means
The Nature of Fraud
Fraud is a breach of trust, not
an accident!
• Fraud is an “intentional” act often involving detailed planning and concealment
• Crooks “anticipate” the routine procedures; evidence is often fabricated
• Exploits weaknesses in routine procedures or internal controls
Not an Accident
Fraudulent schemes are “engineered” (meticulously designed) to perpetrate and conceal the theft, including an exit strategy complete with “fall guys” and “alibis”
Fraud Engineering
Fraud Impact in the US
% or $ Fraud Victims/Areas5% Annual revenues lost of global entities
$3.7 Trillion Potential projected global fraud loss$1,000,000 + Lost in over 24% of cases investigated
Median Loss Fraud Victims/Areas
$1,000,000 Financial statements$200,000 Corruption schemes$130,000 Asset misappropriation schemes
*Source: Association of Certified Fraud Examiners (ACFE) 2014 Report to the Nation on Occupational Fraud and Abuse
• Consistently meet/exceed budget expectations
• Close relationships with vendors/service providers
• Related party transactions/conflicts of interest
• Missing, altered, late documents• Relaxed oversight combined with
friendly employee relations• Change in personal habits or
behavior• Regular adjustments for defective
items or shrinkage• Compensation tied to financial
results• Material or frequent adjustments
Red Flags
Some of the
warning signs…
Behavioral Red Flags
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
Primary Fraud Risk Factors
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
IDENTIFYING FRAUD SCHEMES
The Fraud Triangle
Opportunity• The only factor completely
controlled/prevented by an organization
• Must gain access to assets/records OP
PORT
UNI
TY
RATIONALIZATI
ON/
CONCEALMENT
INCENTIVE/PRESSURE INTENT/MOTIVE
Incentive/Pressure• The more incentive, the easier it is to justify• Financial or personal problems, financial
pressure, mental instability
Rationalization• Ability to follow through and
commit the fraud• Perpetrator has to make it
“okay” internally to perform the fraudulent act
An increase in any element in the triangle increases the risks of fraud. Anti-fraud controls
are built to deter or prevent access and incentive for fraud.
The Fraud Diamond
Incentive• Leads the
perpetrator to the door
Rationalization• Coaxes the
perpetrator to the door
Opportunity• Opens the door
for the perpetrator
Capability• Enables the
perpetrator to walk through the door
A person’s “capability”, or personal traits, plays a key role in determining if a fraud will
occur in the presence of pressure, opportunity and rationalization.
OPPORTUNITY
CAPABILI
TY
INCENTIVE
RATIONALIZATI
ON
Where Does Fraud Occur?
More than 75% of the frauds in the study were committed by individuals in 7 departments:
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
Who Perpetrates Fraud?
Perpetrators’ Gender:66.8% Male 33.2% Female
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
How is Fraud Perpetrated?Public Sector: >360
Government Cases: >140 | Education Cases: 80 | Nonprofit Cases: 40
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
Fraud Tree
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
Fraud Tree
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”
• External agents– Lone hackers– Organized crime
groups– Former
employees• Internal agents
– Regular staff– Executives– Contractors– Students
• Partners– Suppliers– Vendors– Other third
parties
Don’t Forget: The IT Threat
HOW FRAUD THREATENS YOUR ORGANIZATION’S
EXISTENCE/CREDIBILITY
Areas Most Prone to Fraud:• Cash Collections and Use of Funds• Purchasing and P – Cards• Expense Reporting and Travel• Payroll• Human Resources • Inventory (Transportation, Maintenance,
Custodial, General Supplies)• Construction and Facilities• Technology
Current State
Despite aggressive prosecutions, fraud in the workplace is alive and well.
Now more than ever it is
imperative that organization’s consider fraud
implications and implement
preventative measures.
Primary Fraud Categories
AssetMisappropriation Corruption
FinancialStatement Fraud
Theft or misuse of tangible and intangible
assets
Utilizing influence in business transactions to obtain a personal benefit
Employee intentionally causes misstatement of material information in organization’s financial
reports
Most Common
Less Frequent Most Rare
Asset Misappropriation
Scheme Scenario
Payroll Fraud• Payment to fictitious employees• Overpayment to existing employees - collusion• Issuing payroll checks to employees who no longer work for the
organization
Procurement Fraud
• Payments to phantom vendors• Control bidding process
Credit/Procurement Card Fraud
• Use of Organization cards for personal purchases• Use of procurement cards to circumvent competitive bid requirements
Travel/expense reimbursement Fraud
• Reimbursement of undocumented expenses• Reimbursement for luxury accommodations• Reimbursement for travel expenses of employee's family members
Revenue Skimming
• Embezzlement of cash collections or funding
Theft • Theft of materials, supplies, merchandise
Misuse of Assets • Unauthorized use of organization assets• Inappropriate use of bond funds
CorruptionScheme Scenario
Kickbacks and Bribes
• Cash or non-cash gifts from vendors accepted by personnel• Cash or non-cash gifts from vendors accepted by Board members• Awarding contracts based on side agreements
Failure to Hold Competitive Bidding
• Purchasing in smaller increments to avoid the bidding process
Competitive Bid Rigging
• Limiting advertisement of bid to preferred vendors• Related party transactions or dealing for personal benefit• Preferential treatment of vendors during the award selection process• Establishing selection criteria that give vendors an unfair advantage• Profiteering as a result of insider knowledge
Failing to Disclose Conflicts of Interest
• Awarding contracts to parties related to individuals involved in the decision making process
Forgery or Falsification of Documents
• Falsification of contract terms, operating results• Destruction or disappearance of records• Altering or creating documents with the intent to defraud
Financial Statement Fraud
Scheme Scenario
Inflating Balance Sheet/Fund Balance
• Manipulating fund balances• Omission of material contingencies or subsequent events• Inappropriately carrying over unused federal or state funds from one
year to the next
Inflating Income Statement
• Hiding losses/expenses • Falsifying revenue• Improper recording of the period expenses occur• Recording pending transactions as completed transactions
Misrepresentation of Facts and Falsifying Records
• Intentional reporting of inaccurate financial results• Falsification of official documents or reports• Public Information provides unsubstantiated favorable results• Internal memos give misleading information• Altering or creating documents with the intent to defraud• Omission of subsequent events• Destruction or disappearance of records
EFFECTIVE ELEMENTS OF FRAUD PREVENTION & DETECTION
Assessing Fraud
Assessment and monitoring is key to identification, prevention and detection.
• Brainstorm to uncover possible fraud schemes and scenarios
• Assess gaps in the business office that could be used for misappropriation
• Evaluate control design and operations• Work now on prevention—rather than
detection—and improve safeguards
Fraud Risk Assessment
Prioritize significant fraud risks
Analyze root causes: incentives, pressures, opportunities, attitudes and
rationalizations
Identify how to address risk: accept, avoid, control or transfer?
Test your solution
Monitor risk factors
Key Questions to Ask
• Who can be the potential fraud perpetrator?
• How might a fraud perpetrator exploit weaknesses in the system of controls?
• How could a perpetrator override or circumvent controls?
• What are the possibilities that can be used to hide fraud from detection?
• What is the cost versus benefit for accepting, avoiding, controlling or transferring the risk?
• What metrics and indicators exist that could indicate a need to investigate of examine a process for fraudulent activity?
When determining fraud risk, ask the following questions:
Asset Misappropriation
Scheme Prevention/Detection
Payroll Fraud
• Require supervisor approval of time sheets and approval of additional duty pay
• Separate access to HR system from access to payroll processes• Designate a different employee to perform payroll reconciliations• Require IT to remove terminated employees from all systems, including
time entry and payroll
Procurement Fraud
• Separate purchasing from the requisitioning department and require competitive bidding
• Separate access to approved vendor list from generation of purchase orders• Require background checks and test vendors for exclusions• Match invoices to purchase orders and packing slips prior to payment
Credit/ Procurement Card Fraud
• Require documentation for procurement card purchases and review samples of purchases
• Implement purchase vendor restrictions and MCCs • Place dollar limits on each card
Travel/Expense Reimbursement Fraud
• Review samples of travel expense reimbursement documentation and require prior supervisor approval for all travel
Asset Misappropriation
Scheme Prevention/Detection
Revenue Skimming
• Require that a second employee reconcile activity fund receipts to transaction detail and documentation
• Require two people to participate in collections and deposit preparation • Require all cash be locked in a safe and daily deposit • Require that an accounting employee record reconciled cash collection
transactions• For events, use pre-numbered tickets; have two people with cash at all
times; and reconcile tickets to cash received
Theft • Restrict access to cash/supplies, requiring advance request and authorization from the requisitioning department
• Require requisition forms, and investigate unusually high supply use• Conduct inventory counts and investigate abnormalities
Misuse of Assets
• Initiate a fraud and abuse hotline• Utilize firewalls and inappropriate and unsafe website blockers
CorruptionScheme Scenario
Kickbacks and Bribes
• Review documentation of bidding process for reasonableness• Require employees to sign codes of conduct
Failure to Hold Competitive Bidding
• Review repetitive payments to vendors or unusual purchases
Competitive Bid Rigging
• Advertise all bids in a specific, well-known location• Use established selection criteria and review any changes for
reasonableness
Failing to Disclose Conflicts of Interest
• Research potential conflicts for major contracts
Forgery or Falsification of Documents
• Require employees to sign codes of conduct• Require records/documents be submitted in a system that requires an
explanation for a change; review a sample of changes and excessive and unusual changes
• Perform background checks on employees
Financial Statement Fraud
Scheme Scenario
Inflating Balance Sheet/Fund Balance
• Review financial statements and reconciliations monthly• Ensure accounting management has financial expertise, perform
background checks, and verify credentials• Become familiar with guidelines for federal and state funding• Obtain a financial statement audit from a reputable firm
Inflating Income Statement
• Require review and approval of journal entries• Investigate any large or unusual journal entries or anything appearing
to originate from management• Confirm accounting system access ensures segregation of duties and
does not provide unnecessary access to managers
Misrepresentation of Facts and Falsifying Records
• Do not use a signature stamp and briefly review documents before signing, asking questions
• Receive and review unopened statements and documents from banks and other third parties
• Utilize an electronic documentation system with access controls and a retention schedule
Asset Misappropriation Example – Payroll FraudFraud Scenario• A Payroll Manager was routing checks for terminated employees to
her own bank account. Internal Audit identified approximately $50,000 in fraudulent payroll disbursements to this employee’s account.
• Payroll was segregated from HR, however, the payroll manager had access to modify employee profiles within the software. Additionally, the payroll manager was responsible for approving the payroll calculation and processing the check run, allowing for management override of controls.
• No processes were in place to ensure segregation of duties. There was no independent disbursement count, and the payroll manager was in charge of reconciling the calculation to the approved hours and payroll expense for each department.
Key Risks and Exposures
Asset Misappropriation Example – Payroll Fraud
Lessons Learned• The Payroll Manager was unwilling to change the existing
process and implement internal audit recommendations to segregate her responsibilities for processing payroll.
• Auditor learned through interviewing HR personnel that the Benefits Specialist had identified irregular transactions in the payroll system that were entered by the Payroll Manager.
Necessary Controls• An employee who is able to make changes to the employee master
file (add or delete employees or change compensation) should not also be involved in the payroll process, including having access to the payroll system or generating or distributing checks. A separate employee should have been assigned this duty.
CorruptionExample – Kickback ArrangementFraud Scenario• A member of management received cash and personal services in
exchange for fixing a bid for construction services.• The official submitted the contractor’s inflated bid and
recommended its approval over the fraudulent higher bids he submitted to appear to be from other contractors.
• Resulted in financial loss to the organization, inferior work product, and taxpayer mistrust.
• Bid advertising procedures were not in place, and the official had a significant amount of control and influence over the bid and selection process.
Key Risks and Exposures
Lessons Learned• Auditor interviewed similar contractors to determine if they had
been consulted about providing services and obtain competitive rates for similar services. Determined that they had not been aware of the bid opportunity, and costs for the awarded contract exceeded quotes from other providers.
Necessary Controls• All major requests for proposal should be advertised in a well-
known, specified location.• Documentation of bid advertisement, bids received, and evaluation
of those bids should be reviewed by the board for all major contracts.
CorruptionExample – Kickback Arrangement
Financial Statement FraudExample – Understated ExpensesFraud Scenario
• The Controller, under pressure from the Executive Director, understated organization expenses on the financial statements.
• He used a dummy account in order to reduce the costs per program to present a more favorable picture of the organization’s financial situation.
• Public criticism for high costs were initially avoided, but the scandal ultimately resulted in public outcry and terminations.
• Significant internal controls design deficiencies and a lack of adequate segregation of duties and system access restrictions.
Key Risks and Exposures
Lessons Learned• Analytics indicated lower expenses than in previous years. • Review of controls indicated lack of sufficient system access
restrictions.• The Division Manager could not explain the “Prepaid Program
Clearing Account.”• .Necessary Controls• Ability to prepare entries vs. approve them within the system
should be limited to create segregation of duties and prevent management override.
• Monthly and annual reconciliations should be performed timely.• A fraud and abuse hotline should be made available and widely
publicized to employees.
Financial Statement FraudExample – Understated Expenses
MITIGATING FRAUD RISK
Create a Entity-wide culture of integrity from
the boardroom, throughout
administration, and beyond.
Fraud Prevention Measures• Commit organization resources to focus on
fraud• Prosecute offenders• Ensure appropriate segregation of duties• Perform regular internal audits to deter
fraud• Implement IT controls• Implement a fraud hotline & investigate
fraud tips• Establish checks and balances for ongoing
monitoring at the administration level
How to Prevent FraudBest Practices Approach to Fraud Prevention
• Prevention is the most cost effective approach to fraud management.
• Losses are almost impossible to recoup.
• Improve your Organization’s internal controls and retain funds for the intended use.
Cost-Effective Approach
• Segregation of duties – Foundational element of prevention– Establishes natural checks and balances– Reduces errors– Includes IT controls, access and
management• Perceived opportunity is a
common driver– Tone at the top– Use a hotline - Investigate tips– Segregation Of Duties is “built in”– Fraud prevention as part of code of ethics
Key Internal Controls
Effective Fraud DetectionThe Six Elements
INTENT
MOTIVE
OPPORTUNITY
CONCEALMENT
REPETITIVE ACTS
COMPETENCYFRAUDWhen
proving fraud, focus
on the six key
elements:
An increase in any element in the fraud triangle (or diamond) increases the risks of fraud.
Anti-fraud controls are built to deter or prevent the ability, incentive, and opportunity to commit fraud.
Fraud Risks
• The financial costs alone are staggering and a waste of taxpayer money
– Fraud/theft of funds or other assets– Cost of investigation– Increase in accounting fees/audit fees/legal fees– Court costs
• Long-term loss of confidence and trust in the organization, officials, and board of directors
– Conveys the wrong message to employees and the public – Economic impact to programs
• Unanticipated terminations– Loss of employees– Potential termination of officials– Potential removal of members of the Board of Directors
• Loss of public investment and community funding
Impact on Organizations
Lack of proactive fraud management could threaten your organization’s long-term goals:• Being accountable for taxpayer dollars• Maintaining public confidence and trust• Managing growth• Providing a positive learning environment for
students• Providing a high-integrity work environment for
personnel• Safeguarding the assets of the organization• Protecting the reputation of the organization
Prevention is Key!
Prevention is the key to retaining fund balances!
Organizations cannot afford to lose five percent of revenues - that is the hidden cost of fraud (losses are almost impossible to recoup).
51
QUESTIONS?Alyssa G. Martin, CPA, MBA | Partner, Risk Advisory Services
972.448.6975 | [email protected]