Upload
nguyennhi
View
221
Download
6
Embed Size (px)
Citation preview
10/01/2013
© 2013 McHard Accounting Consulting LLC 1
Beth A. Mohr, CFE, CAMS, PI, MPANM-PI #2503; AZ-PI #1639940
Janet M. McHard, CPA, CFE, MAFF, CFFMcHard Accounting Consulting LLC
IIA El Paso ChapterOctober 1, 2013
Fraud Seminar
© 2013 McHard Accounting Consulting LLC
© 2013 McHard Accounting Consulting LLC
Agenda
• Fraud Basics and Red Flags of Fraud for Internal Auditors
• Internal Investigators for Internal Auditors with Case Studies
Fraud Seminar:Fraud Basics and Red Flags
© 2013 McHard Accounting Consulting LLC
10/01/2013
© 2013 McHard Accounting Consulting LLC 2
© 2013 McHard Accounting Consulting LLC
Occupational Fraud
• The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets
© 2013 McHard Accounting Consulting LLC
Occupational Fraud• Has four common elements:
– Is clandestine– Violates the perpetrator’s fiduciary duties to
the victim organization– Is committed for the purpose of direct or
indirect financial benefit to the perpetrator– Costs the employing organization assets,
revenue or reserves
© 2013 McHard Accounting Consulting LLC
How much does fraud cost?
• The Association of Certified Fraud Examiners’ 2012 Report to the Nations on Occupational Fraud and Abuse estimates losses at 5% of annual revenues, that’s $3.5 trillion when applied to the World Gross Product.
10/01/2013
© 2013 McHard Accounting Consulting LLC 3
© 2013 McHard Accounting Consulting LLC
Who loses?• According to the 2012 Report:
– Private organizations represented 39.3% of the frauds reported with a median loss of $200,000.
– Public organizations represented 28.0% of the frauds reported with a median loss of $127,000.
– Nonprofit organizations represented 10.4% of the frauds reported with a median loss of $100,000.
– Government organizations represented 16.8% of the frauds reported with a median loss of $81,000.
© 2013 McHard Accounting Consulting LLC
Who loses?• According to the 2012 Report:
– Companies with less than 100 employees account for 31.8% of all occupational fraud and abuse with a median loss of $147,000.
– Companies with 100 to 999 employees account for 19.5% of all occupational fraud and abuse with a median loss of $150,000.
– Companies with 1000 to 9999 employees account for 21.8% of all occupational fraud and abuse with a median loss of $100,000.
– Companies with more than 10,000 employees account for 20.6% of all occupational fraud and abuse with a median loss of $140,000.
© 2013 McHard Accounting Consulting LLC
Portrait of a Thief
• Those who steal most often:– Employee/manager – 79.1%– Male –65.0%– Aged 36 to 45 – 37.6%– Tenure 1 to 5 years – 41.5%– Never charged or convicted – 87.3%– Never punished or terminated – 83.7%
10/01/2013
© 2013 McHard Accounting Consulting LLC 4
© 2013 McHard Accounting Consulting LLC
Portrait of a Thief
• Those who steal the most money:– Owner/executive - $573,000– Male - $200,000– Aged 51 - 55 - $600,000– Tenure 10+ years - $229,000
Cressey’s Hypothesis:The Fraud Triangle
Non-Sharable Financial Problem
Opportunity
Rationalization
© 2013 McHard Accounting Consulting LLC
© 2013 McHard Accounting Consulting LLC
Non-sharable Financial Problem• Examples:
– Alimony payments– Addictions– High personal debt– Extra-marital affairs– Medical problems– Living beyond one’s means
10/01/2013
© 2013 McHard Accounting Consulting LLC 5
© 2013 McHard Accounting Consulting LLC
Rationalization• Examples:
– Company overlooked me– I’m just borrowing the money– They owe it to me - I’m underpaid– Everyone else does it– They don’t even know who I am– Double the work with the same pay
© 2013 McHard Accounting Consulting LLC
Opportunity
– Temptation– Trust– Lack of Controls– Lack of Punishment
© 2013 McHard Accounting Consulting LLC
Red Flags of Fraud
• A red flag is a set of circumstances that is unusual in nature or varies from normal activity. It is a signal that something is out of the ordinary and probably should be investigated further.
• In short - something doesn’t smell right.
10/01/2013
© 2013 McHard Accounting Consulting LLC 6
© 2013 McHard Accounting Consulting LLC
Two Cautionary Notes
• Do not ignore a red flag.
• Sometimes an error is just an error.
© 2013 McHard Accounting Consulting LLC
Management Red Flags• Generally, management fraud is financial
statement fraud• Reluctance to provide information to
auditors• Excessive number or frequent changes in
bank accounts• Significant downsizing in healthy market• Complete computer system loss, even
back up
© 2013 McHard Accounting Consulting LLC
More Management Red Flags• Continuous rollover of loans
• Any transaction that doesn’t make common or business sense
• Great donation/grant figures but no cash
• Missing documents
• Inconsistent, vague or implausible responses
10/01/2013
© 2013 McHard Accounting Consulting LLC 7
© 2013 McHard Accounting Consulting LLC
Employee Red Flags
• Lifestyle changes
• Behavioral changes
• High turnover in areas more vulnerable to fraud
• Refusal to take leave
© 2013 McHard Accounting Consulting LLC
Cash/AR Red Flags
• Excessive voids/discounts/returns• Not reconciled in timely manner• Unauthorized or dormant bank accounts• Customer complaints (payments not
applied)• Large number of write-offs of accounts• Discrepancies between deposits and
postings
© 2013 McHard Accounting Consulting LLC
Payroll Red Flags
• Overtime inconsistent with cost center, business cycle or position
• Duplicate SSN, names or addresses
• Employees with no voluntary deductions
• Frequent manual checks
10/01/2013
© 2013 McHard Accounting Consulting LLC 8
© 2013 McHard Accounting Consulting LLC
Purchasing Red Flags
• Abnormal inventory shrinkage• Sales without shipping documents• Vendors without physical addresses• Vendor addresses that match
employee addresses• Excess and slow turnover inventory• Sequential invoice numbers
© 2013 McHard Accounting Consulting LLC
Sanctions Don’t Deter Fraud
Simply punishing perpetrators is not an effective way to deter fraud.– Fraudsters do not anticipate getting caught.– They do not see their actions as something
that should be sanctioned.– Sanctions are a secondary consideration to the
fraudster.
© 2013 McHard Accounting Consulting LLC
Increasing the Perception of Detection
Perception of detection may well be the most effective fraud prevention method.– Employee education
• Management oversight• Dishonest acts will be punished
– Reporting activities– Hotlines– Rewards
10/01/2013
© 2013 McHard Accounting Consulting LLC 9
© 2013 McHard Accounting Consulting LLC
Initial Detection• Tip – 43.3%• Management review – 14.6%• Internal audit – 14.4%• By accident – 7.0%• Account reconciliation – 4.8%• Document examination – 4.1%• External audit – 3.3%• Notified by police – 3.0%• Surveillance/monitoring – 1.9%• Confession – 1.5%• IT controls – 1.1%• Other – 1.1%
© 2013 McHard Accounting Consulting LLC
Sources for Tips• Tips from employees – 50.9%• Tip from customer – 22.1%• Anonymous tip – 12.4%• Tips from other sources – 11.6%• Tip from vendor – 12.1%• Tip from shareholder/owner – 2.3% • Tip from competitor – 1.5%
© 2013 McHard Accounting Consulting LLC
Effectiveness of Controls • Management review: with $100,000 median
loss, $185,000 without• Employee support programs: with $100,000
median loss, $180,000 without• Hotlines: with $100,000 median loss, $180,000
without• Fraud training for mgmt/execs: with $100,000
median loss, $158,000 without
10/01/2013
© 2013 McHard Accounting Consulting LLC 10
© 2013 McHard Accounting Consulting LLC
Impact on Duration• Management review: with 14 months
duration, 24 months without• Employee support programs: with 16 months
duration, 21 months without• Hotlines: with 12 months duration, 24 months
without• Fraud training for mgmt/execs: with 12
months duration, 24 months without
© 2013 McHard Accounting Consulting LLC
Tone at the Top• It is ESSENTIAL that upper management,
owners, and C-level executives visibly and actually support all fraud prevention controls and actions.
• Top officials should be present at the roll-out and should support, by example, the hotline and results from the hotline and other anti-fraud measures.
© 2013 McHard Accounting Consulting LLC
From PWC’s Study:
• “When management introduces anti-fraud values and an ethics code into its brand – and these are understood and supported by employees – their employees often become the best guardians of the company brand and its ethics.”– PriceWaterhouseCoopers 2005 survey
10/01/2013
© 2013 McHard Accounting Consulting LLC 11
© 2013 McHard Accounting Consulting LLC
What Kind of Controls?
• According to the PWC survey:– “Companies that classified their prevention attitude
as control-oriented rather than trust oriented reported a higher number of frauds.”
– “People who identify with their organization are less likely to damage it as the psychological barriers to this are higher.”
Fraud Seminar:Investigations for Internal Auditors with Interactive
Case Studies
© 2013 McHard Accounting Consulting LLC
© 2013 McHard Accounting Consulting LLC
Fraud Examination
• A methodology of resolving fraud allegations from inception to disposition
• Includes:– Obtaining evidence and taking statements
– Writing reports
– Testifying to findings
– Assisting in the detection and prevention of fraud
10/01/2013
© 2013 McHard Accounting Consulting LLC 12
© 2013 McHard Accounting Consulting LLC
Initiating the Investigation
• Sources (tip, audit finding, other)
• Determining predicate
• Evaluating tips– Revenge
– Genuine concern
– Money
© 2013 McHard Accounting Consulting LLC
Steps in a Fraud Examination
• Document Examination
• Neutral Third Party Witnesses
• Cooperative Witnesses
• Co-Conspirators
• Subject
© 2013 McHard Accounting Consulting LLC
Selecting the Investigation Team• Certified Fraud Examiners• Internal Auditors• Security• Human resources• Management representative• Outside consultant• Forensic accountants and investigators• Legal counsel
10/01/2013
© 2013 McHard Accounting Consulting LLC 13
© 2013 McHard Accounting Consulting LLC
Legal Definition of Fraud
• Material misrepresentation
• Intent
• Relied upon by the victim
• Damage/Loss
© 2013 McHard Accounting Consulting LLC
Proving Intent
• Required for all criminal fraud cases
• Two methods:– Direct admission
– Indirect/circumstantial evidence
© 2013 McHard Accounting Consulting LLC
Indirect/Circumstantial Proof of Intent• Suspect:
– Could not have had a legitimate motive for actions
– Altered documents, destroyed evidence, or attempted to obstruct the investigation
– Gave false, misleading statements concerning the matters under investigation
– Repeatedly engaged in activity of apparent wrongful nature
– Personally gained from the fraudulent act
10/01/2013
© 2013 McHard Accounting Consulting LLC 14
© 2013 McHard Accounting Consulting LLC
Definition of Evidence
• Anything perceivable by the five senses and any proof legally presented at a trial to prove a contention and induce a belief in the minds of a jury– Direct evidence
– Circumstantial evidence
© 2013 McHard Accounting Consulting LLC
Burden of Proof• Criminal cases
– Beyond a reasonable doubt– Juries must rule unanimously
• Civil cases– Standard of proof is much lower– May be decided on preponderance of the
evidence– Jury decision does not have to be
unanimous
© 2013 McHard Accounting Consulting LLC
Admissibility of Evidence
• In order to be admissible, evidence must be both relevant and material.– Relevance - Tends to make some fact in issue
more or less likely than it would be without the evidence
– Material - Is important in the decision-making process of the victim
10/01/2013
© 2013 McHard Accounting Consulting LLC 15
© 2013 McHard Accounting Consulting LLC
Legal Issues in Internal Investigations
• The right to investigate fraud is implicit in our business, accounting, and legal systems
• No special authority required
• Examiner must act on predication
© 2013 McHard Accounting Consulting LLC
Legal Issues in Internal Investigations
• A fraud examiner who acts irresponsibly can be liable for the following actions:– Defamation
– Invasion of privacy• Publicity of private facts
• Intrusion
– False imprisonment
– Wrongful discharge
© 2013 McHard Accounting Consulting LLC
Rights and Duties of Employees• Employees’ duty to cooperate• Employees’ contractual rights• Whistleblowers
– False Claims Act• Qui tam suits for fraud against the U.S.
government• Information must be original or not publicly
disclosed
– Dodd-Frank Act• Whistleblower incentives• Protection against retaliation
10/01/2013
© 2013 McHard Accounting Consulting LLC 16
© 2013 McHard Accounting Consulting LLC
Rights and Duties of Employees
• Employees’ constitutional rights
• Workplace searches– Reasonable expectation of privacy
– Exclusive control
– Reasonable grounds
– Company policy regarding searches
© 2013 McHard Accounting Consulting LLC
Internal Auditor Responsibilities
The Institute of Internal Auditors (IIA)
International Standards for the Professional Practice of Internal Auditing
Practice Guide: Internal Auditing and Fraud
© 2013 McHard Accounting Consulting LLC
1210 - ProficiencyInternal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. 1210.A2 - Must have sufficient knowledge to
evaluate the risk of fraud and the manner in which it is managed, but are NOT expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.
10/01/2013
© 2013 McHard Accounting Consulting LLC 17
© 2013 McHard Accounting Consulting LLC
1220 - Due Professional Care
Apply the care and skill expected of a reasonably prudent and competent internal auditor.
Due professional care does not imply infallibility.
© 2013 McHard Accounting Consulting LLC
1220.A1Exercise due professional care by considering the: Extent of work needed Relative complexity, materiality, or significance
of matters Adequacy and effectiveness of governance, risk
management, and control processes Probability of significant errors, fraud, or
noncompliance Cost of assurance in relation to potential
benefits
© 2013 McHard Accounting Consulting LLC
1220.A3
Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources.
10/01/2013
© 2013 McHard Accounting Consulting LLC 18
© 2013 McHard Accounting Consulting LLC
2110 - GovernanceInternal audit must assess and make recommendations for improving the governance process in its accomplishment of:
• Promoting appropriate ethics and values
• Ensuring effective organizational performance
• Communicating risk and control information
• Coordinating the activities of and communicating information among the board, auditors, and management
© 2013 McHard Accounting Consulting LLC
2120 - Risk ManagementInternal audit must evaluate the effectiveness and contribute to the improvement of risk management processes.
2120.A1 - Must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the:
• Reliability and integrity information
• Effectiveness and efficiency of operations
• Safeguarding of assets
• Compliance with laws, regulations, and contracts
2120.A2 - Must evaluate the potential for fraud and how the organization manages fraud risk.
© 2013 McHard Accounting Consulting LLC
2130 - ControlInternal audit must evaluate the effectiveness and efficiency of controls.
2130.A1 - Must evaluate the adequacy and effectiveness of controls, in responding to risks, regarding the: • Reliability and integrity of information• Effectiveness and efficiency of operations• Safeguarding of assets• Compliance with laws, regulations, and
contracts
10/01/2013
© 2013 McHard Accounting Consulting LLC 19
© 2013 McHard Accounting Consulting LLC
2210 - Engagement ObjectivesObjectives must be established for each engagement.
• 2210.A1 - Must conduct a preliminary assessment of risks. Objectives must reflect results of this assessment.
• 2210.A2 - Must consider the probability of significant errors, fraud, noncompliance, etc., when developing objectives.
© 2013 McHard Accounting Consulting LLC
IPPF - Practice Guide: Internal Auditing and Fraud
• Helps auditors comply with responsibilities pertaining to fraud
• Not mandatory, but strongly recommended
• Topics covered:
– Fraud awareness
– Potential fraud indicators
– Roles and responsibilities for fraud prevention and detection
© 2013 McHard Accounting Consulting LLC
IPPF - Practice Guide: Internal Auditing and Fraud
• Topics covered (continued):
– Internal auditor’s role during audit engagements
– Fraud risk assessment
– Fraud prevention and detection
– Fraud investigation
– Forming an opinion on internal controls related to fraud
10/01/2013
© 2013 McHard Accounting Consulting LLC 20
© 2013 McHard Accounting Consulting LLC
IPPF—Practice Guide: Internal Auditing and Fraud
Internal audit’s role in fighting fraud:
• Consider fraud risks in internal control design and audit steps
• Have sufficient knowledge of fraud to identify red flags
• Be alert to opportunities that could allow fraud
• Evaluate management’s performance with respect to fraud risk management
• Evaluate the indicators of fraud
• Recommend investigation when appropriate
© 2013 McHard Accounting Consulting LLC
IPPF—Practice Guide: Internal Auditing and Fraud
Internal auditors must exercise professional skepticism in all audit work.
Professional skepticism: an attitude that includes a questioning mind and a critical assessment of audit evidence.
© 2013 McHard Accounting Consulting LLC
IPPF—Practice Guide: Internal Auditing and Fraud
Other roles and responsibilities for fighting fraud:• Board of directors• Audit committee• Management• Legal Counsel• External auditors• Loss prevention manager• Fraud investigators• Other employees
10/01/2013
© 2013 McHard Accounting Consulting LLC 21
© 2013 McHard Accounting Consulting LLC
Case Studies
© 2013 McHard Accounting Consulting LLC
The Conflict of Interest
© 2013 McHard Accounting Consulting LLC
Facts
• Entity is a large rural school district.
• More than $400,000 spent to upgrade technology.
• Technology purchased from one specific vendor as “sole source.”
• PC-based system.
• The technology buyer had acknowledged working for the vendor during “off contract” times.
10/01/2013
© 2013 McHard Accounting Consulting LLC 22
© 2013 McHard Accounting Consulting LLC
Questions• Markers of fraud? • Predicate?• Additional information?• Possible scheme?• Investigation?• How perpetrated?• Collusion?• Controls to prevent?• Other policies or procedures to prevent?
© 2013 McHard Accounting Consulting LLC
The Absentee Owner
© 2013 McHard Accounting Consulting LLC
Facts• Suspects manage a large ranch and have
access to bank accounts and credit cards.
• Owner lives back east.
• Ranch is not profitable.
• Copies of cancelled checks “doctored” to show different payee.
• Suspects make large purchases without authorization.
10/01/2013
© 2013 McHard Accounting Consulting LLC 23
© 2013 McHard Accounting Consulting LLC
Questions• Markers of fraud? • Predicate?• Additional information?• Possible scheme?• Investigation?• How perpetrated?• Collusion?• Controls to prevent?• Other policies or procedures to prevent?
© 2013 McHard Accounting Consulting LLC
Expense Reports: A Way to Extra Compensation
© 2013 McHard Accounting Consulting LLC
Facts• Entity is a rural public university. • A professor was rumored to be padding
expense reports.• The professor had three grants to promote
college attendance among high school students.
• The grants provided for “prizes” to high school students who attend college study sessions.
10/01/2013
© 2013 McHard Accounting Consulting LLC 24
© 2013 McHard Accounting Consulting LLC
Questions• Markers of fraud? • Predicate?• Additional information?• Possible scheme?• Investigation?• How perpetrated?• Collusion?• Controls to prevent?• Other policies or procedures to prevent?
© 2013 McHard Accounting Consulting LLC
The Conflicted CPA
© 2013 McHard Accounting Consulting LLC
Facts• The CPA owns a portion of the client’s
business and has signatory authority over bank accounts.
• The CPA has signed for lines of credit without the client’s knowledge.
• He prepares taxes for all owners of the business as well as the business.
• He has paid himself over $800k in fees.
10/01/2013
© 2013 McHard Accounting Consulting LLC 25
© 2013 McHard Accounting Consulting LLC
Questions• Markers of fraud? • Predicate?• Additional information?• Possible scheme?• Investigation?• How perpetrated?• Collusion?• Controls to prevent?• Other policies or procedures to prevent?
© 2013 McHard Accounting Consulting LLC
The Credit Card Factory
© 2013 McHard Accounting Consulting LLC
Facts• After arrest, hundreds of credit cards with
different names are found in suspect’s car.
• Suspect is carrying multiple drivers’ licenses with multiple names.
• Boxes with credit cards are labeled “30 days”, “90 days” and “no good”.
• Suspect has several women’s purses stuffed full of jewelry.
10/01/2013
© 2013 McHard Accounting Consulting LLC 26
© 2013 McHard Accounting Consulting LLC
Questions• Markers of fraud? • Predicate?• Additional information?• Possible scheme?• Investigation?• How perpetrated?• Collusion?• Controls to prevent?• Other policies or procedures to prevent?
© 2013 McHard Accounting Consulting LLC
References• All stats are from the 2012 Report to the
Nation, Published by the Association of Certified Fraud Examiners – released July 2012– http://www.acfe.com/rttn.aspx
• Global Economic Crime Survey 2005, Published by PriceWaterhouseCoopers –released November 2005– http://www.pwc.com/gx/eng/cfr/gecs/PwC_2005
_global_crimesurvey.pdf
Beth A. Mohr, CFE, CAMS, PI, MPANM-PI #2503; AZ-PI #1639940
Janet M. McHard, CPA, CFE, MAFF, CFFMcHard Accounting Consulting LLC
Albuquerque, New Mexicowww.TheMcHardFirm.com
(505) 554-2968
Fraud Seminar
© 2013 McHard Accounting Consulting LLC