©2012 CliftonLarsonAllen LLP
Internal Controls –
The Fraud Triangle
Dennis Osuch, CPA - Partner
Dennis Maschke, CPA - Manager
11
©2012 CliftonLarsonAllen LLP
Objectives
Discuss the
elements of the
fraud triangle and
key fraud statistics
2
Identify frequent
fraud schemes and
conditions that
allow fraud to
happen
©2012 CliftonLarsonAllen LLP
Identify the
different types of
fraud prevention
programs
What – Occupational Fraud
It is estimated that
the typical
organization loses 5%
of its revenues to
fraud each year.
Occupational Fraud
– The use of one’s occupation
for personal enrichment
through the deliberate
misuse or misapplication of
the employing organization's
resources or assets.
81% of cases, the
fraudster displayed at
least one behavioral
red flag.
Frauds reported last a
median of 18 months.
Interesting
Facts
Most occupational
fraudsters are 1st time
offenders with clean
employment
histories.
Nearly 50% of victim
organizations do not
recover any losses.
• 87% have never been
charged before their 1st
crime.
Occupational Fraud is
most likely to be
detected by a tip than
by any other method.
3
©2012 CliftonLarsonAllen LLP
Types of Occupational Fraud
4
©2012 CliftonLarsonAllen LLP
Occupational Fraud by Category
5
©2012 CliftonLarsonAllen LLP
When – The Fraud Triangle
6
©2012 CliftonLarsonAllen LLP
Who commits fraud?
7
©2012 CliftonLarsonAllen LLP
Who commits fraud? (continued)
8
©2012 CliftonLarsonAllen LLP
Who commits fraud? (continued)
9
©2012 CliftonLarsonAllen LLP
Who commits fraud? (continued)
10
©2012 CliftonLarsonAllen LLP
Where is fraud committed?
11
©2012 CliftonLarsonAllen LLP
Why does fraud happen?
12
©2012 CliftonLarsonAllen LLP
Hotlines
13
Audits
Internal
Controls
©2012 CliftonLarsonAllen LLP
Code of
Conduct
Asset Misappropriation
• Skimming
• Cash Larceny
Cash Receipting
14
•
•
•
•
•
Billing
Expense Reimbursement
Check Tampering
Payroll
Cash Register
Disbursement
Cash
Disbursements
©2012 CliftonLarsonAllen LLP
• Misappropriation of Cash
on Hand
• Non-Cash
Misappropriations
Other
Misappropriation
Asset Misappropriation
CASH RECEIPTING
15
©2012 CliftonLarsonAllen LLP
Asset Misappropriation – Cash Receipts
Skimming
• One of the most common fraud schemes
• Anyone who receives cash has the opportunity to skim
• Removal of cash from an organization prior to its entry in an accounting system
• Non-business hour skimming
Register Manipulation
• Ringing up a “no sale”
Understated Sales & False Discounts
• Transaction posted on books, but support manipulated
Forcing Account Balances | Destroying Transaction Records
• Employee in charge of collecting and posting payments
• Recording the transaction and forcing cash to balance
Lapping
• “Robbing Peter to pay Paul”
Fictitious Write-Offs
• Posting write-offs of accounts receivable to miscellaneous expenses
16
©2012 CliftonLarsonAllen LLP
Fraud in State and Local Government
“The auditor reported that the daily collections from the transfer
station were not remitted to the county trustee for long
periods, as long as 35 days, allowing the buildup of large
sums. The auditor also found the receipts were not always
issued in sequential order and there were numerous
alterations made to the accounting records”
17
©2012 CliftonLarsonAllen LLP
Asset Misappropriation - Cash Receipts
The Key to Prevention – Internal Control Procedures
• Mail should be opened by someone independent of cashier, AR clerk or other accounting employees who may
initiate or post journal entries
• Access to mail room should be restricted
• Mailroom procedures:
• Checks should be restrictively endorsed immediately
• List all money, checks, and other receipts
• Forward all remittances to the person responsible for deposits
• Employees handling cash should be bonded
• A/R bookkeeper should be restricted from:
• Preparing the bank deposit
• Obtaining access to cash receipt book
• Having access to collections from customers
18
©2012 CliftonLarsonAllen LLP
Asset Misappropriation: Cash Theft
Assignment Rotation and Mandatory Vacations
Surprise Cash Counts and Procedure Supervision
• Review timeliness of deposits from the location to central
treasurer function
• Observe cash receipting operations of locations
• Review the check and cash composition of daily bank deposits
• Verify the numerical series of printed pre-numbered receipts
and verify the receipts are used sequentially
• Use comparative analytical review to determine which
functions have unfavorable trends
19
©2012 CliftonLarsonAllen LLP
Asset Misappropriation: Cash Theft
The following duties should be
segregated:
•
•
•
•
•
•
•
20
Cash Receipts
Cash Counts
Bank Deposits
Deposit Receipt Reconciliation
Bank Reconciliations
Posting of Deposits
Cash Disbursements
©2012 CliftonLarsonAllen LLP
Solutions to Internal Segregation Difficulties
Person A: Collect the cash, issue pre-numbered
receipt to customer. Perform the month-end
bank reconciliation
Bank
Cash
Collection
Deposit
Reconciliation
(Person A)
(Person B)
(Person A)
Person B: Review and approve
the cash collection form.
Physically make the deposit.
21
©2012 CliftonLarsonAllen LLP
Asset Misappropriation
PAYROLL SCHEMES
22
©2012 CliftonLarsonAllen LLP
Types of Payroll Fraud Schemes
Ghost
Employees
Falsified Hours
and Salary
Commission
Schemes
23
• Add fictitious employees
• Fail to remove terminated employees
• Overpayment of wages
• Modification of pay rate
• Falsification of sales
• Increase in rate of commission
©2012 CliftonLarsonAllen LLP
Payroll Fraud - Detection
Independent payroll distribution
Analysis of payee address or accounts
Duplicate identification numbers
Overtime authorization
Analysis of deductions from payroll checks
24
©2012 CliftonLarsonAllen LLP
Payroll Fraud - Prevention
The following duties should be
segregated:
• Payroll preparation
• Payroll disbursement
• Payroll distribution
• Payroll reconciliations
• Human resource departmental functions
25
©2012 CliftonLarsonAllen LLP
Payroll – Internal Control Recommendations
Personnel records
should be
maintained
independently of
payroll and
timekeeping
functions
Payroll checks
should be prenumbered and
issued in
numerical
sequence
Internal
Controls
Restrict access to
payroll checks and
signature plates
Timesheets
approved by
supervisors
26
Payroll accounting
should be
independent of the
general ledger
function
Wage rates
approved by
designated official
©2012 CliftonLarsonAllen LLP
Payroll changes
based on
approved
notification from
personnel
department
Payroll – Internal Control Recommendations (Continued)
– Payroll reconciliations:
◊ Comparison of paid checks to payroll registers
◊ Payroll registers reviewed and approved before disbursement:
•
•
•
•
•
Names of employees
Hours worked
Wage Rates
Deductions
Unusual items
◊ Payroll bank account should be reconciled by employee
• Not involved in the preparation of payroll
• Does not sign the checks
• Does not handle the check distributions
27
©2012 CliftonLarsonAllen LLP
Payroll – Internal Control Recommendations (Continued)
– Distribution of payroll checks should be rotated
periodically to different employees without prior notice
– Distribution by employee other than department head or
the person who prepares the payroll
28
©2012 CliftonLarsonAllen LLP
Payroll Fraud
•
•
•
•
29
Annual Salary $68,307.82
2007 $122,888.62
2008 $195,440.58
The accused took the money after he injured his
back and became addicted to pain medication.
©2012 CliftonLarsonAllen LLP
Asset Misappropriation
BILLING
30
©2012 CliftonLarsonAllen LLP
Types of Billing Fraud Schemes:
False invoicing via
shell companies
• Shell Company –
fictitious entity to
commit fraud
31
False invoicing via
non-accomplice
vendors
Personal purchases
made with company
funds
• Overbilling scheme
• Pay and Return
• Invoices for
personal purchases
are run through AP
system
• False purchase
requisitions
©2012 CliftonLarsonAllen LLP
Billing Scheme - Detection
• Analytical Review
– Inventory purchases in relationship to supply requests
– Comparison with prior years and budget
• Computer Assisted Analytical Review
– Vendors & employees with same address
– More the one vendor with the same address
– Vendors with only PO box addresses
• Vendor Complaints
32
©2012 CliftonLarsonAllen LLP
Billing Scheme - Prevention
Purchasing department should be independent of accounting, receiving
and shipping departments
Purchases made only after department supervisor approves purchase
requisitions
Purchase orders sent to vendors over predetermined dollar limit
Purchase orders specify description of item, quantity, price, terms and
dates
Pre-numbered purchase orders
Copies of receiving reports should be provided to accounting and
purchasing
33
©2012 CliftonLarsonAllen LLP
Billing Scheme - Prevention
Cancel invoices to prevent duplicate payment
Review of appropriate account distribution
Accounts payable ledger or voucher register should be reconciled
monthly to the general ledger control accounts
Adjustments to AP should require approval
Expenditures should be compared to budgeted amounts
34
©2012 CliftonLarsonAllen LLP
The Impact of
HOTLINES
35
©2012 CliftonLarsonAllen LLP
Impact of Hotlines
36
©2012 CliftonLarsonAllen LLP
Fraud Hotlines
Awareness
• Market the hotline to:
• Employees
• Suppliers
• 3rd Party Providers
• Customers
Define Reportable Events
• Communicate the hotlines purpose
• Establish guidelines
• Risk awareness training
• Implement in corporate culture
Operations
• Analyze the cost/benefit
• Consider the following:
• Budgeting
• Staffing
• Volume of Calls
37
©2012 CliftonLarsonAllen LLP
Fraud Hotlines (Continued)
Independence
• Operations should be independent of management.
Privacy
• Confidentiality is paramount.
Tracking
• Assign secure tracking system of complaints.
• Establish follow-up procedures, investigations, and final closure.
• Regular status updates on each complaint should be reviewed by internal audit.
Investigation
• Decisions to investigate should be made on a case-by-case basis.
• Investigations and conclusions should be included in reports to the audit committee.
• Follow-up on internal controls to mitigate and deter in the future.
38
©2012 CliftonLarsonAllen LLP
Pitfalls & Solutions
Over-relying on
a single
collection
vehicle
Retaliation
claims
24/7 availability
Pitfalls
Using inflexible
or overly
simplistic forms
39
Protect
confidentially
Solutions
Unskilled
personnel
Keep everyone
informed
Possible use of 3rd
party entity.
• Posters
• Memos
• Brochures
• Maintain 24/7 service
• Professional staffing
• Training
• Effective listening
©2012 CliftonLarsonAllen LLP
Concluding Remarks
The nature and threat of fraud is universal
Providing individuals a means to report suspicious
activity is a critical part of an anti-fraud program
Properly designed internal controls are key to fraud
prevention.
Targeted fraud awareness training for employees and
manager is a critical component of a well-rounded
program for preventing and detecting fraud
40
©2012 CliftonLarsonAllen LLP
Contact Us
•
Dennis J Osuch, CPA
– Partner
–
•
Follow our blog for current
discussions on health care.
www.larsonallen.com/blog
Dennis.Osuch@CliftonLarsonAllen.com
www.twitter.com/larsonallen
www.twitter.com/larsonallenhc
Dennis V Maschke, MBA, CPA
– Assurance Manager
–
Dennis.Maschke@CliftonLarsonAllen.com
www.facebook.com/larsonallen
www.linkedin.com/companies/
larsonallen
41
©2012 CliftonLarsonAllen LLP