Learn Fraud risk

8/7/2019 Learn Fraud risk

1/39

Auditing for Fraud inAccounts Payable: Secrets of Protecting Against

Worsening Theft Risks

December 2, 2009

Moderated by Scott Langlinais

Copyright 2009 White-Collar Crime 101 LLC/FraudAware


2/39

About Peter Goldmann

President and Founder of White Collar Crime 101--Publisher of White-Collar Crime Fighter

Developer of FraudAware anti-fraud training courses Monthly columnist, The Fraud Examiner, ACFENewsletter

Member of Editorial Advisory Board, ACFE Speaker at numerous fraud prevention associationevents.

Author of new book, Anti-Fraud Risk and Control Workbook (available at www. wiley.com)

University of Michigan, BA; London School of Economics, MSc (Econ).

Introductions


3/39

About Jim Kaplan, CIA, CFE

President and Founder of AuditNet, the global resource for auditors

Over 26 years of audit experience

Internet for auditors pioneer and recipient of the IIAs 2007Bradford Cadmus Memorial Award.

Recipient of the 2005 Lifetime Membership Award for theAssociation of Local Government Auditors

Author of the Auditors Guide to Internet Resources

EDPACs Editorial Advisory Committee

State University College of New York Geneseo BA Economics,The American University MSc Accounting

Introductions


4/39

Todays Agenda

Introduction Fraud Statistics AP Fraud Types

Internal AP Fraud Red Flags of AP Fraud Auditing Steps to Detect AP Fraud Your Questions Conclusions


5/39

Fraud: The Big Picture

According to major accounting firms, professional fraud examinersand law enforcement:

U.S. companies lose an average of 7% of gross revenue to fraudevery year. (Association of Certified Fraud Examiners) Total: $994billion. (About 30% more than TARP bailout!)

75% of companies surveyed experienced at least one incident of fraud in the last 12 months (KPMG)

The average cost to for each incident of fraud is $200,000 (ACFE)

Approximately 60% of all corporate fraud is committed by insiders(PwC)

Approximately half of employees who commit fraud have been withtheir employers for over 5 years (ACFE)

Statistics


6/39

Fraud: The Big Picture

AUDITING FOR AP FRAUD: THE BIG PICTUREShould be part of a comprehensive anti-fraud program including:1. Fraud Risk Assessmentidentify specific AP

fraud risks.2. Development of AP fraud audit plan to detectRed Flags of risks.3. Use results of fraud audit to 1) guide

management to investigate specific findings; 2)implement/enhance better anti-fraud controls.

Introduction


7/39

Two Main Types of FraudAuditing for AP Fraud


8/39

Two Main Types of Fraud (continued) Auditing for AP Fraud


9/39

Internal AP Fraud

MAIN TYPES OF EMPLOYEE-LEVEL AP FRAUD: Billing schemes (Shell companies/duplicate invoicing etc) Vendor Master File fraud Kickback schemes

Check fraud T & E fraud P-Card fraud Collusion with suppliers Electronic payments Payroll fraud


10/39

Case Study: Duplicate Invoicing


11/39


12/39

Vendor Master File Fraud

How it works: Absence of controls over access to VMF allows

dishonest employees to add sham suppliers.

Failure to clean VMF at last once a year. Allowsphony suppliers to be added, or inactive ones usedto commit billing fraud.

Fraudulent alteration of existing supplier data in

VMFsuch as payment instructions (changing fromcheck to ACH using employees bank accountdeposit data).


13/39

Invoicing Fraud/Kickbacks

How it works:Accounting, A/P or purchasing employee colludeswith dishonest supplier: Allows supplier to...

Submit inflated invoices (overbilling). Bill full price for low-quality goods. Secure orders without competitivebidding/ bid-rigging with manipula-tion of bidding process by insider tosteer business to favored vendor.


14/39

Check Fraud & Tampering

How it works: Check-Forging Schemes: Stolen blank checks. Check Theft/ Interception & Forged Endorsement.

Check altering: Payee, amount, address. Concealed check schemes. Counterfeiting.


15/39

T&E Fraud

How it works: Falsifying T&E reimbursement schemes w/ bogus

receipts. Submitting T&E claims multiple times. Abuse of corporate card. Claiming for expenses just under limit

requiring approval. Booking business trips and not taking

them.


16/39

Mini Case Study: T & E Fraud

Joe, a Senior VP, travelsregularly to London onbusiness. He tells his staff he

be in London for the followingweek.

Bill, one of his subordinatesspots Joe walking his

daughter to school onemorning, wonders why Joeisnt in London.


17/39

P-Card Fraud

How it works: Unauthorized personal purchases. Split purchases. Mixed purchases (business and personal -- to

disguise latter). Excess goods purchased; keeping and/or selling

unneeded amount.

Falsifying receipts/ Gifts for clients.


18/39

Audits - Traditional vs. Fraud

SAS 99 - Auditors responsibility to detect fraud

Gather information.

Assess risk. Respond to results. Professional skepticism.

Suggested but not required.


19/39

Auditing for Fraud

Proactive. Test for Authenticity of

Transactions (not test of controls).

Biased sampling methodologynon-random based on fraudscenarios.

Fraud risk identification. Concealment strategies.

Data mining techniques.


20/39

Auditor Awareness

Soft Indicators of Fraud The presence of behavioral red flags does not

mean fraud is occurring but the astute auditor should be aware of them.

Examples: Work practices (erratic, incomplete, error-prone) Employee behaviors evidence of alcohol, drug use or gambling

Refusal to take vacation Display of lavish possessions beyond financial means


21/39

Invoice Billing Scheme Red Flags

Employees home address matching a vendors address. Employees initials matching a vendors name. Checks written to cash. A vendors address using a P.O. box. Missing vendor data Vendor data formatted illogically. Frequent partial deliveries of orders. Unusual pricing.


22/39

Auditing for Invoicing/BillingSchemes/Shell Companies

Audit Procedures to Detect Invoice Billing Schemes Match employee and vendor address. Match employee initials to vendor names. Identify cash vendors and post office box addresses.

Review vendor files for missing data. Review vendor files for illogically formatted data. Validate all new vendorsespecially ones replacing long-

standing suppliers.The above tests can be run using audit software such ACL,IDEA or Microsoft Access


23/39

Duplicate Payment Red Flags

Multiple payments in the sametime period:

In the same or similar amountto the same or related vendors

on the same invoice or purchase order For the same or similar goodsor service

Total amount paid to vendor exceeds invoiced amounts.


24/39

Auditing for Duplicate Payments

Obtain a soft copy of invoice data notingdata elements. Perform an automated search for duplicatepayments. Summarize the data in order to determinethe range of values and the variabilityexpected. Review General Ledger for altered entries. Examine voided checks for signs of forgery.


25/39

Red Flags of Vendor Master FileFraud

Inactive vendor is suddenly reactivated. New vendors appear on VMF with names

similar to existing vendors.

Key vendor info (EIN/TIN, etc) is missing fromVMF. Unexplained vendor address changes in VMF. Sudden changes in payment specifications

(New bank account, ACH).


26/39

Auditing for Vendor Master FileFraud

Review process for approving vendors. Review the Vendor Master File for red flags. Test employee addresses against vendor

addresses. Look for an unusual number of vendor invoices. Look for invoice numbers in a specific range. Search for missing key information (Fed Tax ID,

phone numbers, street address). Conduct 3-way matching (PO-Invoice-Receiving).


27/39

Bribery and Kickback Schemes

Red Flags: Unchanging list of preferredsuppliers.

Personal relationships (May

indicate conflict of interest. Contract specification changes. Single-source suppliers. Sudden changes in long-time

vendors. Sudden pricing jumps.


28/39

Auditing for Kickback Schemes

Review contractor records to identifyquestionable payments. Review contract awards to identify

contractors with continuous contracts slightlylower than the next bidder.

Review payments for potential circumventionof established contractor procedures.

Review policies related to anti-bribery andgifts and test for compliance.

Examine vendor replacements.


29/39

Check Fraud Red Flags

"If you make it easy for people to steal from you, they will." (Frank Abagnale, Special Investigator to the FBI)

Secondary (dual) endorsements.

Alterations (white-out/erasures). Check number missing. Missing addresses. Missing blank checks. Checks made out to employees.


30/39

Auditing for Check Fraud

Examine voided check documentation. Ensure that returned checks are not returned

to the original processing unit. Examine/monitor check stock. Test bank reconciliation procedures. Endorsement and alteration review. Examine returned checks for signs of

alteration.


31/39

T & E Fraud Red Flags

European invoices with American-style dating. Unusual patterns in an employees travel schedule. Reimbursement claim alterations. Vague descriptions on reimbursement claim forms.

Non-matching country currency. Receipts from unapproved or non-existent vendors. Frequently obtaining refunds of purchased air tickets.


32/39

Auditing for T&E Fraud

Consider a compliance-enabled T&E management solutionExpense Entry Audit Review for claim entries that were modified (created or

deleted) by one user on behalf of another user. Examine claim entries that were modified after having been

approved. Compare approved travel dates to time and attendance leave

records. Review claim entries whose payable or billable amount was

modified. Review for unapproved claim entries in a specified date

interval.


33/39

P - Card Fraud Red Flags

Missing receipts. Receipts are not itemized. Receipt date/total not match the transaction

date or charge amount. Expense report & backup documentation not

uploaded to Financial System by end of cycle. Transactions identified by AP as having an

unusual vendor.


34/39

Auditing for P-Card Fraud

Use data analytics (ACL, IDEA, Excel, etc). Summarize transactions by vendor. Examine purchases exceeding spending authority. Examine purchases of fixed assets such as

computers and peripherals and other big-ticketitems.

Review for incomplete or altered receipts. Review for split purchases to circumvent spending

limits.


35/39

Red Flags of Collusion withSuppliers

Unusual price hikes. Sudden replacement of existing vendor(s). Single vendor receives unusual number of contracts. Contracts awarded w/out competitive bidding. Inferior quality product is delivered. Products or services ordered that

organization does not use.


36/39

Auditing for Collusion withSuppliers

Determine if company has been invoiced correctly. Evaluate contractor and company personnel and

compliance with ethics policies. Evaluate company control procedures and

compliance with company policies. Examine consecutive awards to single vendor. Investigate sudden price increases. Validate new vendors that replace long-standing

ones.


37/39

Conclusions

Create a fraud audit toolbox of procedures andtechniques.

Establish a confidential fraud hotline. Use results of your fraud audit as a guide to

implement missing controls and/or improve existingones to reduce fraud risk. Promote fraud awareness within your organization

-- Awareness training-- Top management Tone at the Top-- Regular communications from management aboutZero Tolerance toward fraud.


38/39

Questions?

Any Questions?Dont be Shy!


39/39

Documents

Learn Fraud risk