©2012 CliftonLarsonAllen LLP Internal Controls – The Fraud Triangle Dennis Osuch, CPA - Partner Dennis Maschke, CPA - Manager 11 ©2012 CliftonLarsonAllen LLP Objectives Discuss the elements of the fraud triangle and key fraud statistics 2 Identify frequent fraud schemes and conditions that allow fraud to happen ©2012 CliftonLarsonAllen LLP Identify the different types of fraud prevention programs What – Occupational Fraud It is estimated that the typical organization loses 5% of its revenues to fraud each year. Occupational Fraud – The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets. 81% of cases, the fraudster displayed at least one behavioral red flag. Frauds reported last a median of 18 months. Interesting Facts Most occupational fraudsters are 1st time offenders with clean employment histories. Nearly 50% of victim organizations do not recover any losses. • 87% have never been charged before their 1st crime. Occupational Fraud is most likely to be detected by a tip than by any other method. 3 ©2012 CliftonLarsonAllen LLP Types of Occupational Fraud 4 ©2012 CliftonLarsonAllen LLP Occupational Fraud by Category 5 ©2012 CliftonLarsonAllen LLP When – The Fraud Triangle 6 ©2012 CliftonLarsonAllen LLP Who commits fraud? 7 ©2012 CliftonLarsonAllen LLP Who commits fraud? (continued) 8 ©2012 CliftonLarsonAllen LLP Who commits fraud? (continued) 9 ©2012 CliftonLarsonAllen LLP Who commits fraud? (continued) 10 ©2012 CliftonLarsonAllen LLP Where is fraud committed? 11 ©2012 CliftonLarsonAllen LLP Why does fraud happen? 12 ©2012 CliftonLarsonAllen LLP Hotlines 13 Audits Internal Controls ©2012 CliftonLarsonAllen LLP Code of Conduct Asset Misappropriation • Skimming • Cash Larceny Cash Receipting 14 • • • • • Billing Expense Reimbursement Check Tampering Payroll Cash Register Disbursement Cash Disbursements ©2012 CliftonLarsonAllen LLP • Misappropriation of Cash on Hand • Non-Cash Misappropriations Other Misappropriation Asset Misappropriation CASH RECEIPTING 15 ©2012 CliftonLarsonAllen LLP Asset Misappropriation – Cash Receipts Skimming • One of the most common fraud schemes • Anyone who receives cash has the opportunity to skim • Removal of cash from an organization prior to its entry in an accounting system • Non-business hour skimming Register Manipulation • Ringing up a “no sale” Understated Sales & False Discounts • Transaction posted on books, but support manipulated Forcing Account Balances | Destroying Transaction Records • Employee in charge of collecting and posting payments • Recording the transaction and forcing cash to balance Lapping • “Robbing Peter to pay Paul” Fictitious Write-Offs • Posting write-offs of accounts receivable to miscellaneous expenses 16 ©2012 CliftonLarsonAllen LLP Fraud in State and Local Government “The auditor reported that the daily collections from the transfer station were not remitted to the county trustee for long periods, as long as 35 days, allowing the buildup of large sums. The auditor also found the receipts were not always issued in sequential order and there were numerous alterations made to the accounting records” 17 ©2012 CliftonLarsonAllen LLP Asset Misappropriation - Cash Receipts The Key to Prevention – Internal Control Procedures • Mail should be opened by someone independent of cashier, AR clerk or other accounting employees who may initiate or post journal entries • Access to mail room should be restricted • Mailroom procedures: • Checks should be restrictively endorsed immediately • List all money, checks, and other receipts • Forward all remittances to the person responsible for deposits • Employees handling cash should be bonded • A/R bookkeeper should be restricted from: • Preparing the bank deposit • Obtaining access to cash receipt book • Having access to collections from customers 18 ©2012 CliftonLarsonAllen LLP Asset Misappropriation: Cash Theft Assignment Rotation and Mandatory Vacations Surprise Cash Counts and Procedure Supervision • Review timeliness of deposits from the location to central treasurer function • Observe cash receipting operations of locations • Review the check and cash composition of daily bank deposits • Verify the numerical series of printed pre-numbered receipts and verify the receipts are used sequentially • Use comparative analytical review to determine which functions have unfavorable trends 19 ©2012 CliftonLarsonAllen LLP Asset Misappropriation: Cash Theft The following duties should be segregated: • • • • • • • 20 Cash Receipts Cash Counts Bank Deposits Deposit Receipt Reconciliation Bank Reconciliations Posting of Deposits Cash Disbursements ©2012 CliftonLarsonAllen LLP Solutions to Internal Segregation Difficulties Person A: Collect the cash, issue pre-numbered receipt to customer. Perform the month-end bank reconciliation Bank Cash Collection Deposit Reconciliation (Person A) (Person B) (Person A) Person B: Review and approve the cash collection form. Physically make the deposit. 21 ©2012 CliftonLarsonAllen LLP Asset Misappropriation PAYROLL SCHEMES 22 ©2012 CliftonLarsonAllen LLP Types of Payroll Fraud Schemes Ghost Employees Falsified Hours and Salary Commission Schemes 23 • Add fictitious employees • Fail to remove terminated employees • Overpayment of wages • Modification of pay rate • Falsification of sales • Increase in rate of commission ©2012 CliftonLarsonAllen LLP Payroll Fraud - Detection Independent payroll distribution Analysis of payee address or accounts Duplicate identification numbers Overtime authorization Analysis of deductions from payroll checks 24 ©2012 CliftonLarsonAllen LLP Payroll Fraud - Prevention The following duties should be segregated: • Payroll preparation • Payroll disbursement • Payroll distribution • Payroll reconciliations • Human resource departmental functions 25 ©2012 CliftonLarsonAllen LLP Payroll – Internal Control Recommendations Personnel records should be maintained independently of payroll and timekeeping functions Payroll checks should be prenumbered and issued in numerical sequence Internal Controls Restrict access to payroll checks and signature plates Timesheets approved by supervisors 26 Payroll accounting should be independent of the general ledger function Wage rates approved by designated official ©2012 CliftonLarsonAllen LLP Payroll changes based on approved notification from personnel department Payroll – Internal Control Recommendations (Continued) – Payroll reconciliations: ◊ Comparison of paid checks to payroll registers ◊ Payroll registers reviewed and approved before disbursement: • • • • • Names of employees Hours worked Wage Rates Deductions Unusual items ◊ Payroll bank account should be reconciled by employee • Not involved in the preparation of payroll • Does not sign the checks • Does not handle the check distributions 27 ©2012 CliftonLarsonAllen LLP Payroll – Internal Control Recommendations (Continued) – Distribution of payroll checks should be rotated periodically to different employees without prior notice – Distribution by employee other than department head or the person who prepares the payroll 28 ©2012 CliftonLarsonAllen LLP Payroll Fraud • • • • 29 Annual Salary $68,307.82 2007 $122,888.62 2008 $195,440.58 The accused took the money after he injured his back and became addicted to pain medication. ©2012 CliftonLarsonAllen LLP Asset Misappropriation BILLING 30 ©2012 CliftonLarsonAllen LLP Types of Billing Fraud Schemes: False invoicing via shell companies • Shell Company – fictitious entity to commit fraud 31 False invoicing via non-accomplice vendors Personal purchases made with company funds • Overbilling scheme • Pay and Return • Invoices for personal purchases are run through AP system • False purchase requisitions ©2012 CliftonLarsonAllen LLP Billing Scheme - Detection • Analytical Review – Inventory purchases in relationship to supply requests – Comparison with prior years and budget • Computer Assisted Analytical Review – Vendors & employees with same address – More the one vendor with the same address – Vendors with only PO box addresses • Vendor Complaints 32 ©2012 CliftonLarsonAllen LLP Billing Scheme - Prevention Purchasing department should be independent of accounting, receiving and shipping departments Purchases made only after department supervisor approves purchase requisitions Purchase orders sent to vendors over predetermined dollar limit Purchase orders specify description of item, quantity, price, terms and dates Pre-numbered purchase orders Copies of receiving reports should be provided to accounting and purchasing 33 ©2012 CliftonLarsonAllen LLP Billing Scheme - Prevention Cancel invoices to prevent duplicate payment Review of appropriate account distribution Accounts payable ledger or voucher register should be reconciled monthly to the general ledger control accounts Adjustments to AP should require approval Expenditures should be compared to budgeted amounts 34 ©2012 CliftonLarsonAllen LLP The Impact of HOTLINES 35 ©2012 CliftonLarsonAllen LLP Impact of Hotlines 36 ©2012 CliftonLarsonAllen LLP Fraud Hotlines Awareness • Market the hotline to: • Employees • Suppliers • 3rd Party Providers • Customers Define Reportable Events • Communicate the hotlines purpose • Establish guidelines • Risk awareness training • Implement in corporate culture Operations • Analyze the cost/benefit • Consider the following: • Budgeting • Staffing • Volume of Calls 37 ©2012 CliftonLarsonAllen LLP Fraud Hotlines (Continued) Independence • Operations should be independent of management. Privacy • Confidentiality is paramount. Tracking • Assign secure tracking system of complaints. • Establish follow-up procedures, investigations, and final closure. • Regular status updates on each complaint should be reviewed by internal audit. Investigation • Decisions to investigate should be made on a case-by-case basis. • Investigations and conclusions should be included in reports to the audit committee. • Follow-up on internal controls to mitigate and deter in the future. 38 ©2012 CliftonLarsonAllen LLP Pitfalls & Solutions Over-relying on a single collection vehicle Retaliation claims 24/7 availability Pitfalls Using inflexible or overly simplistic forms 39 Protect confidentially Solutions Unskilled personnel Keep everyone informed Possible use of 3rd party entity. • Posters • Memos • Brochures • Maintain 24/7 service • Professional staffing • Training • Effective listening ©2012 CliftonLarsonAllen LLP Concluding Remarks The nature and threat of fraud is universal Providing individuals a means to report suspicious activity is a critical part of an anti-fraud program Properly designed internal controls are key to fraud prevention. Targeted fraud awareness training for employees and manager is a critical component of a well-rounded program for preventing and detecting fraud 40 ©2012 CliftonLarsonAllen LLP Contact Us • Dennis J Osuch, CPA – Partner – • Follow our blog for current discussions on health care. www.larsonallen.com/blog Dennis.Osuch@CliftonLarsonAllen.com www.twitter.com/larsonallen www.twitter.com/larsonallenhc Dennis V Maschke, MBA, CPA – Assurance Manager – Dennis.Maschke@CliftonLarsonAllen.com www.facebook.com/larsonallen www.linkedin.com/companies/ larsonallen 41 ©2012 CliftonLarsonAllen LLP