Fraud Risk and Control

FRAUD RISK AND CONTROLRecognizing the Prevalence of Risk and the Importance of Prevention

Stop Fraud in its Tracks

“Don’t wait until you are working on fraud detection within business

operations.”

• Partner-in-Charge of Weaver’s Risk Advisory Services

• 25+ years of experience in public accounting, including 17+ years of internal control process and risk management experience

• Specializes in – Internal control compliance and monitoring– Risk and business management consulting– Fraud Prevention– Technology consulting– Operational analysis– Internal audit– IT audit

Speaker Profile

Alyssa G. Martin, CPA, MBA

Session Agenda

• Definition of Fraud• Identifying Fraud Schemes• How Fraud Threatens Your

Organization’s Existence/Credibility

• Effective Elements of Fraud Prevention & Detection

• Mitigating Fraud Risk

DEFINITION OF FRAUD

“… any illegal act characterized by deceit, concealment, or violation of trust.

What is Fraud?

These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”

Fraud is defined as:

• Intentional act vs. error or mistake• Ingenious schemes, limited only by

human imagination• Gaining an advantage through false

suggestions and suppression of truth• Using surprises, tricks or cunning, or

any other unfair means

The Nature of Fraud

Fraud is a breach of trust, not

an accident!

• Fraud is an “intentional” act often involving detailed planning and concealment

• Crooks “anticipate” the routine procedures; evidence is often fabricated

• Exploits weaknesses in routine procedures or internal controls

Not an Accident

Fraudulent schemes are “engineered” (meticulously designed) to perpetrate and conceal the theft, including an exit strategy complete with “fall guys” and “alibis”

Fraud Engineering

Fraud Impact in the US

% or $ Fraud Victims/Areas5% Annual revenues lost of global entities

$3.7 Trillion Potential projected global fraud loss$1,000,000 + Lost in over 24% of cases investigated

Median Loss Fraud Victims/Areas

$1,000,000 Financial statements$200,000 Corruption schemes$130,000 Asset misappropriation schemes

*Source: Association of Certified Fraud Examiners (ACFE) 2014 Report to the Nation on Occupational Fraud and Abuse

• Consistently meet/exceed budget expectations

• Close relationships with vendors/service providers

• Related party transactions/conflicts of interest

• Missing, altered, late documents• Relaxed oversight combined with

friendly employee relations• Change in personal habits or

behavior• Regular adjustments for defective

items or shrinkage• Compensation tied to financial

results• Material or frequent adjustments

Red Flags

Some of the

warning signs…

Behavioral Red Flags

Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”

Primary Fraud Risk Factors


IDENTIFYING FRAUD SCHEMES

The Fraud Triangle

Opportunity• The only factor completely

controlled/prevented by an organization

• Must gain access to assets/records OP

PORT

UNI

TY

RATIONALIZATI

ON/

CONCEALMENT

INCENTIVE/PRESSURE INTENT/MOTIVE

Incentive/Pressure• The more incentive, the easier it is to justify• Financial or personal problems, financial

pressure, mental instability

Rationalization• Ability to follow through and

commit the fraud• Perpetrator has to make it

“okay” internally to perform the fraudulent act

An increase in any element in the triangle increases the risks of fraud. Anti-fraud controls

are built to deter or prevent access and incentive for fraud.

The Fraud Diamond

Incentive• Leads the

perpetrator to the door

Rationalization• Coaxes the

perpetrator to the door

Opportunity• Opens the door

for the perpetrator

Capability• Enables the

perpetrator to walk through the door

A person’s “capability”, or personal traits, plays a key role in determining if a fraud will

occur in the presence of pressure, opportunity and rationalization.

OPPORTUNITY

CAPABILI

TY

INCENTIVE

RATIONALIZATI

ON

Where Does Fraud Occur?

More than 75% of the frauds in the study were committed by individuals in 7 departments:


Who Perpetrates Fraud?

Perpetrators’ Gender:66.8% Male 33.2% Female


How is Fraud Perpetrated?Public Sector: >360

Government Cases: >140 | Education Cases: 80 | Nonprofit Cases: 40


Fraud Tree


Fraud Tree


• External agents– Lone hackers– Organized crime

groups– Former

employees• Internal agents

– Regular staff– Executives– Contractors– Students

• Partners– Suppliers– Vendors– Other third

parties

Don’t Forget: The IT Threat

HOW FRAUD THREATENS YOUR ORGANIZATION’S

EXISTENCE/CREDIBILITY

Areas Most Prone to Fraud:• Cash Collections and Use of Funds• Purchasing and P – Cards• Expense Reporting and Travel• Payroll• Human Resources • Inventory (Transportation, Maintenance,

Custodial, General Supplies)• Construction and Facilities• Technology

Current State

Despite aggressive prosecutions, fraud in the workplace is alive and well.

Now more than ever it is

imperative that organization’s consider fraud

implications and implement

preventative measures.

Primary Fraud Categories

AssetMisappropriation Corruption

FinancialStatement Fraud

Theft or misuse of tangible and intangible

assets

Utilizing influence in business transactions to obtain a personal benefit

Employee intentionally causes misstatement of material information in organization’s financial

reports

Most Common

Less Frequent Most Rare

Asset Misappropriation

Scheme Scenario

Payroll Fraud• Payment to fictitious employees• Overpayment to existing employees - collusion• Issuing payroll checks to employees who no longer work for the

organization

Procurement Fraud

• Payments to phantom vendors• Control bidding process

Credit/Procurement Card Fraud

• Use of Organization cards for personal purchases• Use of procurement cards to circumvent competitive bid requirements

Travel/expense reimbursement Fraud

• Reimbursement of undocumented expenses• Reimbursement for luxury accommodations• Reimbursement for travel expenses of employee's family members

Revenue Skimming

• Embezzlement of cash collections or funding

Theft • Theft of materials, supplies, merchandise

Misuse of Assets • Unauthorized use of organization assets• Inappropriate use of bond funds

CorruptionScheme Scenario

Kickbacks and Bribes

• Cash or non-cash gifts from vendors accepted by personnel• Cash or non-cash gifts from vendors accepted by Board members• Awarding contracts based on side agreements

Failure to Hold Competitive Bidding

• Purchasing in smaller increments to avoid the bidding process

Competitive Bid Rigging

• Limiting advertisement of bid to preferred vendors• Related party transactions or dealing for personal benefit• Preferential treatment of vendors during the award selection process• Establishing selection criteria that give vendors an unfair advantage• Profiteering as a result of insider knowledge

Failing to Disclose Conflicts of Interest

• Awarding contracts to parties related to individuals involved in the decision making process

Forgery or Falsification of Documents

• Falsification of contract terms, operating results• Destruction or disappearance of records• Altering or creating documents with the intent to defraud

Financial Statement Fraud

Scheme Scenario

Inflating Balance Sheet/Fund Balance

• Manipulating fund balances• Omission of material contingencies or subsequent events• Inappropriately carrying over unused federal or state funds from one

year to the next

Inflating Income Statement

• Hiding losses/expenses • Falsifying revenue• Improper recording of the period expenses occur• Recording pending transactions as completed transactions

Misrepresentation of Facts and Falsifying Records

• Intentional reporting of inaccurate financial results• Falsification of official documents or reports• Public Information provides unsubstantiated favorable results• Internal memos give misleading information• Altering or creating documents with the intent to defraud• Omission of subsequent events• Destruction or disappearance of records

EFFECTIVE ELEMENTS OF FRAUD PREVENTION & DETECTION

Assessing Fraud

Assessment and monitoring is key to identification, prevention and detection.

• Brainstorm to uncover possible fraud schemes and scenarios

• Assess gaps in the business office that could be used for misappropriation

• Evaluate control design and operations• Work now on prevention—rather than

detection—and improve safeguards

Fraud Risk Assessment

Prioritize significant fraud risks

Analyze root causes: incentives, pressures, opportunities, attitudes and

rationalizations

Identify how to address risk: accept, avoid, control or transfer?

Test your solution

Monitor risk factors

Key Questions to Ask

• Who can be the potential fraud perpetrator?

• How might a fraud perpetrator exploit weaknesses in the system of controls?

• How could a perpetrator override or circumvent controls?

• What are the possibilities that can be used to hide fraud from detection?

• What is the cost versus benefit for accepting, avoiding, controlling or transferring the risk?

• What metrics and indicators exist that could indicate a need to investigate of examine a process for fraudulent activity?

When determining fraud risk, ask the following questions:


Scheme Prevention/Detection

Payroll Fraud

• Require supervisor approval of time sheets and approval of additional duty pay

• Separate access to HR system from access to payroll processes• Designate a different employee to perform payroll reconciliations• Require IT to remove terminated employees from all systems, including

time entry and payroll

Procurement Fraud

• Separate purchasing from the requisitioning department and require competitive bidding

• Separate access to approved vendor list from generation of purchase orders• Require background checks and test vendors for exclusions• Match invoices to purchase orders and packing slips prior to payment

Credit/ Procurement Card Fraud

• Require documentation for procurement card purchases and review samples of purchases

• Implement purchase vendor restrictions and MCCs • Place dollar limits on each card

Travel/Expense Reimbursement Fraud

• Review samples of travel expense reimbursement documentation and require prior supervisor approval for all travel


Scheme Prevention/Detection

Revenue Skimming

• Require that a second employee reconcile activity fund receipts to transaction detail and documentation

• Require two people to participate in collections and deposit preparation • Require all cash be locked in a safe and daily deposit • Require that an accounting employee record reconciled cash collection

transactions• For events, use pre-numbered tickets; have two people with cash at all

times; and reconcile tickets to cash received

Theft • Restrict access to cash/supplies, requiring advance request and authorization from the requisitioning department

• Require requisition forms, and investigate unusually high supply use• Conduct inventory counts and investigate abnormalities

Misuse of Assets

• Initiate a fraud and abuse hotline• Utilize firewalls and inappropriate and unsafe website blockers

CorruptionScheme Scenario

Kickbacks and Bribes

• Review documentation of bidding process for reasonableness• Require employees to sign codes of conduct

Failure to Hold Competitive Bidding

• Review repetitive payments to vendors or unusual purchases

Competitive Bid Rigging

• Advertise all bids in a specific, well-known location• Use established selection criteria and review any changes for

reasonableness

Failing to Disclose Conflicts of Interest

• Research potential conflicts for major contracts

Forgery or Falsification of Documents

• Require employees to sign codes of conduct• Require records/documents be submitted in a system that requires an

explanation for a change; review a sample of changes and excessive and unusual changes

• Perform background checks on employees

Financial Statement Fraud

Scheme Scenario

Inflating Balance Sheet/Fund Balance

• Review financial statements and reconciliations monthly• Ensure accounting management has financial expertise, perform

background checks, and verify credentials• Become familiar with guidelines for federal and state funding• Obtain a financial statement audit from a reputable firm

Inflating Income Statement

• Require review and approval of journal entries• Investigate any large or unusual journal entries or anything appearing

to originate from management• Confirm accounting system access ensures segregation of duties and

does not provide unnecessary access to managers

Misrepresentation of Facts and Falsifying Records

• Do not use a signature stamp and briefly review documents before signing, asking questions

• Receive and review unopened statements and documents from banks and other third parties

• Utilize an electronic documentation system with access controls and a retention schedule

Asset Misappropriation Example – Payroll FraudFraud Scenario• A Payroll Manager was routing checks for terminated employees to

her own bank account. Internal Audit identified approximately $50,000 in fraudulent payroll disbursements to this employee’s account.

• Payroll was segregated from HR, however, the payroll manager had access to modify employee profiles within the software. Additionally, the payroll manager was responsible for approving the payroll calculation and processing the check run, allowing for management override of controls.

• No processes were in place to ensure segregation of duties. There was no independent disbursement count, and the payroll manager was in charge of reconciling the calculation to the approved hours and payroll expense for each department.

Key Risks and Exposures

Asset Misappropriation Example – Payroll Fraud

Lessons Learned• The Payroll Manager was unwilling to change the existing

process and implement internal audit recommendations to segregate her responsibilities for processing payroll.

• Auditor learned through interviewing HR personnel that the Benefits Specialist had identified irregular transactions in the payroll system that were entered by the Payroll Manager.

Necessary Controls• An employee who is able to make changes to the employee master

file (add or delete employees or change compensation) should not also be involved in the payroll process, including having access to the payroll system or generating or distributing checks. A separate employee should have been assigned this duty.

CorruptionExample – Kickback ArrangementFraud Scenario• A member of management received cash and personal services in

exchange for fixing a bid for construction services.• The official submitted the contractor’s inflated bid and

recommended its approval over the fraudulent higher bids he submitted to appear to be from other contractors.

• Resulted in financial loss to the organization, inferior work product, and taxpayer mistrust.

• Bid advertising procedures were not in place, and the official had a significant amount of control and influence over the bid and selection process.


Lessons Learned• Auditor interviewed similar contractors to determine if they had

been consulted about providing services and obtain competitive rates for similar services. Determined that they had not been aware of the bid opportunity, and costs for the awarded contract exceeded quotes from other providers.

Necessary Controls• All major requests for proposal should be advertised in a well-

known, specified location.• Documentation of bid advertisement, bids received, and evaluation

of those bids should be reviewed by the board for all major contracts.

CorruptionExample – Kickback Arrangement

Financial Statement FraudExample – Understated ExpensesFraud Scenario

• The Controller, under pressure from the Executive Director, understated organization expenses on the financial statements.

• He used a dummy account in order to reduce the costs per program to present a more favorable picture of the organization’s financial situation.

• Public criticism for high costs were initially avoided, but the scandal ultimately resulted in public outcry and terminations.

• Significant internal controls design deficiencies and a lack of adequate segregation of duties and system access restrictions.


Lessons Learned• Analytics indicated lower expenses than in previous years. • Review of controls indicated lack of sufficient system access

restrictions.• The Division Manager could not explain the “Prepaid Program

Clearing Account.”• .Necessary Controls• Ability to prepare entries vs. approve them within the system

should be limited to create segregation of duties and prevent management override.

• Monthly and annual reconciliations should be performed timely.• A fraud and abuse hotline should be made available and widely

publicized to employees.

Financial Statement FraudExample – Understated Expenses

MITIGATING FRAUD RISK

Create a Entity-wide culture of integrity from

the boardroom, throughout

administration, and beyond.

Fraud Prevention Measures• Commit organization resources to focus on

fraud• Prosecute offenders• Ensure appropriate segregation of duties• Perform regular internal audits to deter

fraud• Implement IT controls• Implement a fraud hotline & investigate

fraud tips• Establish checks and balances for ongoing

monitoring at the administration level

How to Prevent FraudBest Practices Approach to Fraud Prevention

• Prevention is the most cost effective approach to fraud management.

• Losses are almost impossible to recoup.

• Improve your Organization’s internal controls and retain funds for the intended use.

Cost-Effective Approach

• Segregation of duties – Foundational element of prevention– Establishes natural checks and balances– Reduces errors– Includes IT controls, access and

management• Perceived opportunity is a

common driver– Tone at the top– Use a hotline - Investigate tips– Segregation Of Duties is “built in”– Fraud prevention as part of code of ethics

Key Internal Controls

Effective Fraud DetectionThe Six Elements

INTENT

MOTIVE

OPPORTUNITY

CONCEALMENT

REPETITIVE ACTS

COMPETENCYFRAUDWhen

proving fraud, focus

on the six key

elements:

An increase in any element in the fraud triangle (or diamond) increases the risks of fraud.

Anti-fraud controls are built to deter or prevent the ability, incentive, and opportunity to commit fraud.

Fraud Risks

• The financial costs alone are staggering and a waste of taxpayer money

– Fraud/theft of funds or other assets– Cost of investigation– Increase in accounting fees/audit fees/legal fees– Court costs

• Long-term loss of confidence and trust in the organization, officials, and board of directors

– Conveys the wrong message to employees and the public – Economic impact to programs

• Unanticipated terminations– Loss of employees– Potential termination of officials– Potential removal of members of the Board of Directors

• Loss of public investment and community funding

Impact on Organizations

Lack of proactive fraud management could threaten your organization’s long-term goals:• Being accountable for taxpayer dollars• Maintaining public confidence and trust• Managing growth• Providing a positive learning environment for

students• Providing a high-integrity work environment for

personnel• Safeguarding the assets of the organization• Protecting the reputation of the organization

Prevention is Key!

Prevention is the key to retaining fund balances!

Organizations cannot afford to lose five percent of revenues - that is the hidden cost of fraud (losses are almost impossible to recoup).

51

QUESTIONS?Alyssa G. Martin, CPA, MBA | Partner, Risk Advisory Services

972.448.6975 | [email protected]

Business

Fraud Risk and Control