Fraud Prevention, Detection,
and Internal Controls
Budget, Accounting and Reporting Council
May 28, 2015
Sherrie Ard, CPA, CFE
Financial Management Specialist
Local Government Performance Center
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
Local Government Performance Center
Offers training and resources to:
 Help local governments evaluate programs and services

Performance measurement
 Improve the value of services to citizens

Lean academy
 Communicate with citizens

Financial management and
Technical Assistance
 No cost to local governments
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
2
FRAUD
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
3
Objectives
 Fraud overview and statistics
 Why internal controls are important
 Common cash receipting and payment schemes
 Case studies
 Purchase cards – next big thing
 What to do if fraud happens to you
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
4
Fraud Statistics
and overview
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
5
2014 ACFE report to the nations
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
6
How occupational fraud is committed
Association of Certified Fraud Examiners’
research into occupational fraud has
revealed consistent and clear patterns
about the form fraud schemes take
and the relative cost of each scheme
type.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
7
Occupational fraud categories
Asset
Misappropriation
85.4%
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
Corruption
Financial
Statement Fraud
36.8%
9%
8
Occupational fraud and abuse
 Typical organization loses 5% of revenues each year to fraud
Global loss to fraud
$3.7 trillion
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
9
Victim organizations

17.8% - Banking and financial services

10.3% - Government and public administration

8.5% - Manufacturing
 Median loss in study was $145,000 (22% lost at least $1 mil)
 Median duration until detection was 18 months
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
10
2014 State Auditor’s Reports
2014 misappropriation by category
$244,445
Total
$279,938
$797,302
$222,116
$50,803
payroll
Other
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
Payments
Cash receipting
11
Method of detection
Category
Percentage
Tip
42.2%
Management review
16.0%
Internal audit
14.1%
By accident
6.8%
Reconciliation process
6.6%
Examine documents
4.2%
External audit
3.0%
Surveillance
2.6%
Notified by law enforcement
2.2%
IT controls
1.1%
Confession
0.8%
Other
0.5%
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
12
Occupational fraud and abuse
 The higher the perpetrator’s level of authority, the greater the
loss
 The presence of anti-fraud controls is associated with:
Reduced fraud losses
Shorter duration
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
13
Association of Certified Fraud Examiners
Fraud Triangle
RATIONALIZATION
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
14
Internal
Controls
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
15
What is internal control?
Internal controls are the practical techniques employed by
management to accomplish its objectives and meet its
responsibilities.
Internal controls are essentially an inextricable part of how
management conducts its business. Management (not the
internal or external auditors) is primarily responsible for the
effectiveness of internal controls. It is a basic principle of good
management that authority and responsibility should not be
separated. ~GFOA
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
16
COSO Framework
Committee of Sponsoring Organizations of the Treadway
Commission (COSO) Framework
 Control environment
 Risk assessment
 Control activities
 Information and communication
 Monitoring
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
17
Framework of internal controls should:
1. Create & maintain an environment conducive to control
2. Ensure that risks from inside and outside the entity are
assessed and managed on an ongoing basis
3. Result in the design and implementation of appropriate
policies and procedures
4. Provide for the appropriate communication of information
both inside and outside the entity
5. Monitor the effectiveness of control-related policies and
procedures as well as the resolution of potential problems
identified by controls
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
18
Designing internal controls
 Management is in a position to establish and maintain
internal controls and is held primarily accountable for their
proper functioning.
 When designing/establishing internal controls break the
system into locations and segments.
 Evaluate:

Will I be able to identify a loss?

Will I identify the entire loss?

Will I be able to identify who is responsible?
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
19
Why are internal controls important?
Effective internal controls
 Protect employees
 Safeguard public resources
 Assist in fraud prevention
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
20
Common Cash
Receipting
Schemes
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
21
Common
Cash
Receipting
Schemes:
Theft of cash
before it is
recorded
Theft of cash
after recorded
in the records
Skimming
Larceny
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
22
Theft of cash before it is
recorded
 Unrecorded cash receipts
 Theft of incoming checks
 Check for cash substitution
 Lapping
 Funds disappear from safe
Theft of cash after it is
recorded
 Use of co-worker’s access
 False voids or refunds
 Adjustments or “discounts”
 Missing deposit
Study
Cash receipting
January 1, 2005 – January 4, 2011
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
25
Case study
How was it detected?
A County employee was comparing Probation Services
transmittal information to the amount recorded by the
Treasurer’s Office and determined deposits were late.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
26
Case study
What did we find?
Misappropriation totaled at least $62,150
Amount Category (Misappropriation and Questionable)
$51,816
Fees not deposited (M)
$10,334
Checks substituted for cash removed from the deposit (M)
$30,772
Unsupported voids and cash shortages (Q)
$734,894 Adjustments to customer accounts (Q)
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
27
Case study
How was the fraud concealed?
 One employee was responsible for both collecting
and reconciling daily cash receipts as well as making
bank deposits
 Bank deposits were not made within 24 hours as
required by state law (RCW 43.09.240)
 Destruction of records
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
28
Case study
Lessons Learned:
 Trusted employee, with complete access to key
systems, including cash-receipting, bank deposits
and account adjustments.
 No one independently monitored cash/check
composition or adjustments.
 No one reconciled the system transactions,
manual receipts or collection agency payments
with the bank deposits.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
29
Case study
What happened to the employee?
Found guilty by a jury verdict of nine counts of seconddegree theft and one count of misappropriation of
accounts by a public officer.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
30
Case study
Were there any red flags?
 Trusted employee with complete
access and very little monitoring
 Modes did not agree
 Lack of supporting records
 High volume of voids/adjustments
 Deposits not made timely
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
31
Cash handling controls
 Documented policies and procedures should be
communicated directly from management.
 Segregation of duties - one individual should not
have control over the entire accounting transaction
(authorization, recording and custody)
 Mail should be opened by someone independent of
cashier, accounts receivable bookkeeper, or other
accounting employees who may initiate or post
journal entries.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
32
Cash handling controls
 Is the cashier restricted from gaining access to the
accounts receivable records and bank and customer
statements?
 Is the person who makes postings to the general ledger
independent of the cash receipts and accounts
receivable functions?
 Does a person independent of the cashier or accounts
receivable functions handle customer complaints?
 Are areas where physical handling of cash takes place
reasonably safeguarded?
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
33
Cash handling controls
 Review receipt sequence. Are receipts used in
sequential order? Are all the receipt numbers
accounted for?
 Are cash receipts deposited intact daily?
 Safeguard and limit access to receipts awaiting
deposit. How long has it been since the safe
combination was changed?
 Review bank reconciliations. Are they timely? Do
reconciling items make sense?
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
34
Cash handling controls
 Compare bank deposits to receipt records and verify
the modes of payment agree. Does the total deposit
make sense?
 Look for deposits not made daily or intact.
 Create and review error reports. (voids and
adjustments) Are they authorized, supported and
legitimate?
 Perform surprise cash counts
 Are employees who handle receipts bonded?
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
35
Cash Handling controls
 Spot check customer accounts, such as utilities. Are
payments posted timely to the correct account in the
correct amount?
 Customer billings should detail the prior balance,
payments made, adjustments to the account and the
current amount due.
 Review employee account activity.
 Review security deposit refunds.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
36
Cash receipting misappropriations
 A School District employee misappropriated at least $20,463
by not depositing cash payments that were paid for District
services. He also did not pay for services that he received.
 A City office technician, working as a cashier at a Community
Center misappropriated at least $14,491 by canceling valid
transactions and removing the cash.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
37
Common
Payment
Schemes
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
38
Personal
Purchases
Items for personal use
delivered to the entity
or employee’s
residence
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
39
Purchase
and Return
Step 1: Purchase items.
Step 2: Fraudster
returns items and
keeps the cash, check
or gift card
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
40
Fictitious
Vendor
Employee sets up a
business or uses an
existing, legitimate
business as a front
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
41
Direct
Pay
Make a check
payable to
themselves or
transfer funds into
their account
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
42
Employee
Reimbursements
Reimbursement for
personal purchases,
inflated mileage, travel
that didn’t happen or
duplicate payments
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
43
•
•
•
•
•
Accounts payable system
Manual warrants
Electronic transfers
Advanced travel
Revolving or imprest
accounts
• Petty cash
• Open vendor accounts
• Credit or purchase cards
The next big thing?
What is our prediction for largest
scheme type in 2015?
Procurement and credit cards
Preview of lessons learned
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
45
How to avoid credit/purchase card fraud?
Develop a written policy
 Allowable uses
 Prohibited uses
 No personal use
 Responsibilities
 What happens if policy is not followed
 Have everyone with card responsibilities sign off on
policy
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
46
How to avoid credit/purchase card fraud?
Records
 Require original, itemized receipts
 Think about who will be responsible for retaining them
 Where are they stored?
Banking controls
 Consider setting a monthly limit
 Consider limiting allowable vendors
 Ask if supervisors/AP can have read-only access into
credit card account
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
47
How to avoid credit/purchase card fraud?
Review—Who is responsible for what?




Employee
Supervisor knowledgeable of activities
Accounts payable
Documentation of review
Step back analysis
 Who actually needs a card?
 Is the volume of transactions necessary and reasonable?
 Does the credit card holder ask for personal
reimbursements?
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
48
Study
Payments
June 2008 – August 2010
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
49
Case study
How was it detected?
Management noticed unusual transactions on the
Department’s Corporate Travel Account while the
former employee was on vacation. It determined the
charges were personal charges.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
50
Case study
What did we find?
Misappropriation totaled at least $252,059
Amount Category
$204,340 Procurement card purchases
$ 39,350 Travel card purchases
$ 1,612 Personal or already reimbursed charges
$ 6,757 Unearned leave
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
51
Case study
How was the fraud concealed?
 The employee’s job responsibilities were not segregated.
 One person was responsible for approving, processing,
monitoring and reconciling transactions which included
procurement card and corporate travel charges.
 The online procurement card system allowed any
authorized user to perform both the cardholder and
reconciler certification that charges were appropriate. As
a result, the Administrative Manager routinely performed
both certifications.
 The former employee circumvented controls by using
falsified documents to request an increase in his
procurement card limit.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
52
Case study
Lessons Learned:
 Management did not sufficiently oversee and review the
employee’s procurement card activities.
 Actual travel charges were not reviewed for the employee
whose job responsibilities rarely required travel on official
business.
 The employee circumvented controls by falsifying records
and requesting reimbursement for personal travel and
previously reimbursed expenses to another individual.
 Management did not require employee to submit leave
slips when taking time off and ensure that the leave was
recorded on the timesheets, reconciled to leave slips and
deducted from leave balance.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
53
Case study
What happened to the employee?
Charged with seven counts of first-degree theft and 12
counts of second-degree theft.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
54
Case study
Were there any red flags?
 Trusted employee with complete
access and very little monitoring
 Lack of supporting records
 Credit card had high transaction limit
 Employee had access to the travel account but did
not travel as part of job duties
 At the time of hire, the employee was facing felony
theft charges for another incident and had a criminal
conviction for theft in another state
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
55
Payment misappropriations
 An city recreation program coordinator who was in a
supervisory role, created a fictitious company on PayPal and
used purchase cards assigned to other employees to make at
least $117,410 in purchases from the vendor.
 A university financial accountant recorded fake vendor
expenses in order to wire payments to her personal account
as well as accounts of her sister and a friend, which led to a
loss totaling $56,000.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
56
Payments internal controls
 Establish policies and procedures and ensure they
are enforced (practice = policy)
 Scanned documents
 Only pay original invoices
 Ensure payments made outside normal process are
approved, supported and for a public purpose
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
Purchase card internal controls
 Review credit card bills and support documentation
to ensure the purchases are approved, supported
and for a public purpose
 Take a step back and look at your credit card use. Is it
appropriate and necessary?
 Establish written agreements with banks, to include
processing procedures, and security requirements
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
Purchase card internal controls
 Adopt written policies and procedures for internal
staff

Employee responsibility communicated and signed

Ongoing training

Periodic audits of card activity and documentation of
purchases by vendor

Timely reconciliation by cardholders and supervisors

Segregation of duties for payment approvals accounting
and reconciliations
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
General fraud prevention
 Establish strong policies and ensure staff are trained
 Let them know you are looking
 Segregation of duties
 Cross train duties
 Mandatory vacations
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
60
Fraud happens
What to do if it happens to you:
 Immediately notify State Auditor’s Office
 Don’t wait – do it
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
61
“State agencies and
local governments
shall immediately
report to the state
auditor’s office
known or suspected
loss of public funds
or assets or other
illegal activity. “
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
62
Fraud happens
What to do if it happens to you:
 Fill out a report on the Web at www.sao.wa.gov |
Investigations | Fraud Program | Report a Suspected Fraud
(RCW 43.09.185).
 It only takes a few minutes!
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
63
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
64
Do’s and
Don’ts
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
65
Fraud happens
What to do if it happens to you:
Do consider filing a police report (consult the State
Auditor’s Office about timing).
Don’t enter into a restitution agreement with an
employee (State Auditor and Attorney General written
approval is required, RCW 43.09.260).
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
66
Fraud happens
What to do if it happens to you:
Do protect accounting records from loss or
destruction.
Don’t try to be the investigator. But do start a record
and or timeline: how it came to your attention, records
of conversations, etc.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
67
Fraud happens
What to do if it happens to you:
Do remove access to financial system, bank account
and credit cards.
Don’t physically prevent an employee from leaving the
room or leaving the building.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
68
Fraud happens
What to do if it happens to you:
Do ensure personnel action is taken for violating
policies and procedures, NOT for misappropriating
public funds.
Don’t agree to let the employee repay money to
“make it go away.”
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
69
Summary
Remember the fraud triangle
 Effective controls can limit
the opportunity
 When designing internal
controls, break down the
system into segments and
analyze:

If you could identify a loss

If you could identify who is
responsible.
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
RATIONALIZATION
70
Summary
Beware of the “trusted employee” trap
 Who has the most access to funds?
 Sometimes good people do bad things.
Remember your auditor doesn’t review every
transaction. Don’t rely on auditors to find the
fraud. That is your job!
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
71
Contacts
Sarah Walker, CFE
Fraud Manager
(509) 454-3621
Sarah.Walker@sao.wa.gov
Sherrie Ard, CPA, CFE
Local Government Performance Center
(360) 260-6408
Sherrie.Ard@sao.wa.gov
Wa s h i n gto n S tate A u d i to r ’s O ff i c e
72