Tampa Bay Chapter of the American Society of Military Comptrollers Improving Internal Controls and Reducing the Risk of Fraud Sam M. McCall, PhD, CPA, CGMA, CGFM, CIA, CGAP, Chief Audit Officer Florida State University 1 April 4, 2014 Session Outline • • • • • • • • • Public Expectations for Public Officials/Employees Internal Control and Risk The Elements of Internal Control Weaknesses in Internal Control that can Result in Fraud, Waste and Abuse The Necessary Elements for every Purchase Case Studies Reviewing Internal Control and Identifying Fraud, Waste, and Abuse Reporting Fraud Summary and Questions 2 Public Expectations for Public Officials/Employees • High ethical and moral behaviors • Public employees will conduct business within policy and procedures • Public resources will not be wasted, lost, or stolen • Management should conduct operations • Economically – at the least cost • Efficiently - with the least use of effort or resources • Effectively – accomplishing desired program goals and objectives • Ethically – perform fairly, faithfully, and with due regard for all rights of program participants • Equitably – no partiality shown in the delivery of services 3 Terms of Importance • • • • • • Misfeasance Malfeasance Nonfeasance Abuse Fraud Internal controls 4 What Is Misfeasance? • A misdeed or trespass • The improper or wrongful performance of some act that a person may lawfully do 5 What Is Malfeasance? • Ill conduct, evil doing • The commission of an act that is unlawful • Comprehensive term including any wrongful conduct that interferes with the performance of official duties • The doing of an act that a person should not do at all 6 What is Nonfeasance? • Nonperformance of an act that a person is obligated or has a responsibility to perform • Not doing what you should do • Total neglect of duty 7 What Is Abuse? • Improper or inappropriate program management • Misuse of authority or position • Everything that is contrary to good order • Can be intentional or unintentional • Does not have to violate a law, regulation, or contract provision • Performing an act that falls short of societal expectations **What are some examples of “Abuse?” 8 What Is Fraud? • A false representation of a matter of fact • Concealing that which should be disclosed – deceiving to cause legal injury • Intentional perversion of the truth • To deceive another such that they rely on a false representation and surrender a valuable thing or a legal right 9 What is the Cost of Fraud? Direct Cost Associated with Fraud: • Loss of cash, supplies, or equipment • Fines and Penalties Indirect Costs Associated with Fraud: • Bad publicity • Loss of public trust • Injury to organization reputation • Increased legislation • Loss of future grants, gifts, and donations • Decreased enrollment and tuition revenue 10 Florida Law • Public employees committing specified offenses or aiding another person in committing specified offenses shall forfeit benefits accrued in their retirement system. • “Specified offense” means: (partial listing – please see the law) • Committing, aiding, or abetting of an embezzlement of public funds; • Committing, aiding, or abetting of any theft by a public officer or employee from his or her employer; • Committing of any felony by a public officer or employee who willfully and with intent defrauds the public or the public agency for which the public officer or employee acts or in which he or she is employed 11 Section 112.3173(3) Florida Statutes • “FORFEITURE.—Any public officer or employee who is convicted of a specified offense committed prior to retirement, or whose office or employment is terminated by reason of his or her admitted commission, aid, or abetment of a specified offense, shall forfeit all rights and benefits under any public retirement system of which he or she is a member, except for the return of his or her accumulated contributions as of the date of 12 termination.” What is Internal Control? • The policies and procedures and plan of organization established by management to promote the accomplishment of organization goals and objectives. 13 General Objectives of Internal Controls • Reliability of financial information • Compliance with laws and regulations • Efficiency and effectiveness of operations • Safeguarding of resources against loss due to waste, abuse, mismanagement, errors, and fraud 14 Components of Internal Control • • • • • Control Environment Risk Assessment Control Activities Information & Communication Monitoring 15 The Five Elements of Internal Control 16 COSO Illustration of Internal Control (The Committee of Sponsoring Organizations) 17 Who is Responsible for Establishing the Internal Control System? Management!! 18 Who is Responsible for Monitoring the Internal Control System? Management!! 19 First Component of Internal Control – Control Environment • The building block for all other components: • • • • • • • Integrity & ethical values Commitment to competence Independent audit committee Management philosophy & operating style Organizational structure Assignment of authority & responsibility Human resource policy & practices • “The Tone at he Top” 20 Second Component of Internal Control – Risk Assessment • Risks are essentially the opposite of control objectives • If the objective is to safeguard assets, the risk is that assets will be lost or stolen • Therefore, without knowing the risk, one cannot decide on the appropriate control activities • As a manager you should continually assess operations to identify risk and potential areas for fraud and abuse 21 Risk – Questions to Consider • Chance of Occurrence - How likely is it to go wrong? (High, Medium, Low) • Impact of Occurrence - What will happen if it goes wrong (assets lost, students not served, noncompliance with law, damage to the reputation of the organization, etc.?) (High, Medium, Low) • Assessment of Risk (High, Medium, Low) – What is your “risk appetite?” How much risk are you willing to accept? 22 * The cost of control should not outweigh the benefit to be received from the control Risk Assessment • Segmenting departments into organizational components • Analyze general control environment • Analyze inherent risk • Develop appropriate control activities 23 Risk Assessment Criteria • • • • Program Fiscal Impact Strength of Management Sensitivity and Public Relations Risk of Loss, Noncompliance, Corruption, or Fraud • Complexity of Activity • Risk to Public Welfare 20 20 15 10 20 15 100 24 Types of Internal Controls to Reduce Risk •Preventive •Detective •Corrective 25 Examples of Preventive Controls 26 • Segregation of duties • Proper authorization to prevent improper use of organizational resources • Standardized forms • Physical control over assets • Computer passwords • Locks / security cameras • Computerized techniques such as transaction limits • System edits Examples of Detective Controls 27 • • • • Bank reconciliations by someone that does not maintain the checkbook Physical counts of cash and comparison to recorded accountability Physical counts of inventories/other physical assets and comparison with recorded accountability Independent confirmation of amounts paid or owed to vendors (A/P) or amounts received or due from vendors(A/R) Examples of Corrective Controls • Revise policies and procedures • Look for similar conditions elsewhere in the organization • Counsel or discipline the employee as appropriate • Provide training and education programs • More closely monitor the issue going forward • Make the organization aware of the issue 28 and consequences Third Component of Internal Control – Control Activities • • • • • • • Link to objectives Accountability for resources Direct activity management Top level reviews Segregation of duties Physical controls Execution & recording of transactions & events 29 Considerations for Segregation of Duties • No one person should control all phases of a transaction • No one person should have physical access to assets and also maintain summary accounting records relating to those assets • Where adequate controls are not possible due to staffing or resources, there should be compensating controls to mitigate risk. For example, the manager (director) should periodically review records 30 Fourth Component of Internal Control – Information and Communication • Information – What types of reports are prepared and how should they be used? • Communication – who receives the reports prepared and do they know how to use the reports? 31 Fifth Component of Internal Control - Monitoring • Ongoing monitoring • Separate evaluations • Reporting deficiencies * Monitoring is a management responsibility 32 Fraud Facts • Estimated $3.5 trillion annually in global losses due to fraud (5% of Gross World Product) • The median loss caused by occupational fraud was $140,000 • Frauds lasted a median of 18 months before being detected • Perpetrators with higher levels of authority tend to cause much larger losses • The longer a perpetrator has worked for an organization, the higher fraud losses tend to be • Most occupational fraudsters are first-time offenders with clean employment histories • The presence of anti-fraud controls is notably correlated with significant decreases in the cost and33 duration of occupational fraud schemes Types of Fraud 3 Primary Fraud Categories: • Asset Misappropriation Schemes – an employee steals or misuses organization resources (e.g., theft of cash, false billing schemes or inflated expense reports) • Corruption Schemes – an employee misuses their influence in a business transaction in a way that violates their duty to the organization in order to gain a direct or indirect benefit (e.g., schemes involving bribery or conflicts of interest) • Financial Statement Schemes – an employee intentionally causes a misstatement or omission of material information in the financial reports (e.g., recording fictitious revenues, understating reported expenses or artificially inflating reported assets) 34 Types of Fraud Asset Misappropriations Schemes Involving Theft of Cash Receipts: • Skimming – Employee steals cash from the organization before it is recorded on the organization's books and records. • Employee accepts payment from a customer but does not record the receipt and instead pockets the money • Cash Larceny – Employee steals cash from the organization after it has been recorded on the organization’s books and records. • Employee steals cash and checks from daily receipts before they can be deposited in the bank 35 Types of Fraud Asset Misappropriations Schemes Involving Fraudulent Disbursement of Cash: • Billing – Employee causes the organization to issue a payment by submitting invoices for fictitious goods or services, inflated invoices, or invoices for personal purchases. • Employee creates a shell company and bills organization for services not actually rendered • Employee purchases personal items and submits an invoice for payment • Expense Reimbursements – Employee makes a claim for reimbursement of fictitious or inflated business expenses. • Employee files fraudulent expense report, claiming personal travel and nonexistent meals 36 Types of Fraud Asset Misappropriations Schemes Involving Fraudulent Disbursement of Cash: • Check Tampering – Employee steals organization funds by intercepting, forging or altering a check drawn on one of the organization’s bank accounts. • Employee steals organization check payable to a vendor and deposits it in their own bank account • Payroll – Employee causes the organization to issue a payment by making false claims for compensation. • Employee claims overtime for hours not worked • Employee adds ghost employees to the payroll 37 Types of Fraud Asset Misappropriations Schemes Involving Fraudulent Disbursement of Cash: • Cash Register Disbursements – Employee makes false entries on a cash register to conceal the fraudulent removal of cash. • Employee fraudulently voids a sale on their cash register and steals the cash 38 Types of Fraud Asset Misappropriations Other Asset Misappropriation Schemes: • Misappropriation of Cash on Hand – Employee misappropriates cash kept on hand at the department’s premises. • Employee steals cash from the department’s safe • Non-Cash Misappropriations – Employee steals or misuses non-cash assets of the organization . • Employee steals inventory from a storeroom • Employee steals or misuses confidential customer financial information • Employee takes home office equipment for personal use 39 Types of Fraud Corruption • Conflict of Interest – Employee with an undisclosed financial or personal interest in a transaction that adversely affect the organization • Principal Investigator subcontracts with a company that is 50% owned by her husband • Employee awards a scholarship to his or her nephew • Bribery – Someone offers, gives, receives, or solicits something of value to influence an official act or business decision. • Employee processes inflated invoices from a vendor an in return receives 10% of the invoice price as a kickback • Employee accepts payment from a vendor in return for providing confidential information about competitor’s bids on a 40 project Types of Fraud Corruption • Illegal Gratuities – Someone offers, gives, receives, or solicits something of value for performing an official act or making a business decision. • Employee negotiates a contract with a vendor, and the vendor gives the employee an expensive gift in appreciation. • Extortion – Coercion of someone else to enter into a transaction or deliver property based on the wrongful use of actual or threatened force, fear, or economic duress. • Employee refuses to purchase goods or services from a vendor unless the vendor hires one of the employee’s relatives 41 Types of Fraud Falsifying Financial Statements • Concealed Liabilities – Improperly recording liabilities and/or expenses. • Fictitious Revenues – Recording sales or services that never occurred or inflating actual sales. • Improper Asset Valuations – Intentionally misstating the value of assets. • Improper Disclosures – Not disclosing important information in financial statements in order to mislead others. • Timing Differences – Intentionally misstating financial statements by recording revenues in a different accounting period than the corresponding expenses. 42 Elements of Fraud Perceived Opportunity Fraud Triangle Pressure/Incentive Rationalization With increasing pressure and decreased internal controls, people will explore more opportunities to create fraud. 43 Fraud Triangle Pressure such as a financial need is the “motive” for committing the fraud. Pressure includes living beyond one’s means or family and relationship situations. Rationalization The person committing the fraud frequently rationalizes the fraud. Rationalizations may include, “I’ll pay the money back”, “They will never miss the funds”, or, “I will just do this just one time” or “They don’t pay me enough.” Opportunity The person committing the fraud sees an internal control weakness and, believing no one will notice if funds are taken, begins the fraud with a small amount of money. If no one notices, the amount will usually grow larger. In any organization, the risk of fraud can be reduced. * Of the above three, the one that management can most control is “_________” 44 Elements of Fraud Pressure / Incentives: • Greed • Financial crisis • Gambling, alcohol, drugs • Living beyond means • Extramarital affair • Mid-life crisis • Family problems • Revenge • Envy 45 Elements of Fraud Rationalization: • It is so easy • They don’t pay me enough • My child is sick • My boss does not follow the rules, so why should I • I’ll pay it back later • It won’t be missed • I work extra hours each week that I do not get paid for 46 Elements of Fraud Opportunities: • Poor, weak or lack of internal controls • Lack of monitoring the controls • High management turnover 47 Who Commits Fraud? • • • • • • • • Married Between 18 and 36 Has 2 children Owns a home Does not have a drug or alcohol problem Does not recognize harm to victims Bright Strong sense of challenge and game playing • Versed in technology and skillful • Has a position of trust 48 Reporting Fraud – Employees Do It Best Source: Journal of Accountancy Tip from employee 26.3% Accidental discovery 18.8% Internal Audit 18.6% Internal controls 15.4% External audit Tip from customer Anonymous tip 11.5% 8.6% 6.2% Tip from Vendor 5.1% Notification from law enforcement 1.7% 49 Prevention and Detection Cash Larceny Scheme Red Flags: • Cash counts and register records do not reconcile • Personal Checks or IOU’s are in the cash register drawer • Refunds or voids without supporting documentation or authorization • Lack of separation of duties in the custody, authorization, and recording of cash 50 Prevention and Detection Skimming Scheme Red Flags: • Inadequate separation of duties • Employees who do not take vacations, work a lot of overtime, don’t like for others to perform their duties or have access to their desk • Missing register tapes or other records • Consistent differences in register receipts to cash on hand (overs and shorts) 51 Prevention and Detection Billing Scheme Red Flags: • Increase in services performed • Falsified or altered documents • Vendors with PO box addresses • Delivery address other than departmental or organization address • Payments to unapproved vendors • Excessive returns to vendors • Unusually high number of P-card transactions to local stores that provide non P-card refunds • Duplicate purchases on P-cards on the same approximate date, time and amount. 52 Prevention and Detection Expense Reimbursement Scheme Red Flags: • Original documents supporting all expenses are not submitted • Receipts are altered • There are many receipts from the same vendor • Submitted receipts are consecutively numbered 53 Prevention and Detection Non-Cash Scheme Red Flags: • Inventory shrinkage • Employees who frequently visit the office after hours • Missing tools, equipment, office supplies, etc. • Employees borrowing office supplies tools or equipment 54 Prevention and Detection Internal Controls: • Written policies and procedures • Authorization / approval • Separation of duties • Control over physical and intellectual assets/records • Monthly reconciliation of transactions • Supervisory review / monitoring • Training 55 Prevention and Detection Authorization / Approval: • Delegate access to computing system only to those who need it • Users prohibited from sharing passwords • Delegate approval authority to limited number • Authorized approvers should review for • • • • Business purpose Appropriate use of funds and accounts Adequacy of documentation Compliance with organization rules related to transaction 56 Prevention and Detection Separation of Duties: The following duties should not be performed by the same person: • Initiating and approving a purchase and receiving the goods directly • Collection money and recording the payment on the books • Maintaining custody of assets and taking physical inventory 57 Prevention and Detection Monitoring Activities: • Timely review of departmental ledgers and ensure unreconciled transactions are investigated • Review P-Card and T-Card transactions • Annual property inventory • Surprise cash counts • Follow-up on complaints, allegations • Verify terminated employees are removed from the payroll system 58 Prevention and Detection Limitations: Absolute assurance that fraud will be prevented is not possible because: • Some controls are too expensive to implement • Management can bypass or override internal controls • Employees may collude with each other 59 Prevention and Detection Balancing Risks and Controls: Excessive Risks • Loss of assets, donors, or grants • Poor business decisions • Noncompliance • Increased regulations • Public scandals Excessive Controls • Increased bureaucracy • Reduced productivity • Increased complexity • Increased cycle time • Increase of non-value activities 60 Who Has the Responsibility for Detecting/Reporting Fraud? • • • • • • Management Employees External Auditors Internal Auditors Government Vendors Public 61 Management Responsibilities • • • • • • • Adopt and implement internal control policies Establish a proper control environment Assess and analyze risks Establish control activities to address risks Develop information and reporting systems Perform monitoring activities Understand and communicate your organization’s ethics policies 62 Employee Responsibilities • Be aware of where fraud can occur • Look for irregularities • Report suspicious activities (don’t assume others know) • Conduct work in an ethical manner and perform work in accordance with policies and procedures • Have professional skepticism 63 External Auditors Responsibilities • Examine the government’s financial statements • Issues • An opinion on the financial statements • A report on internal control over financial reporting not an opinion • A report on compliance with laws and regulations • Designs the audit to detect fraud that is material to the financial statements? • What does the above mean to you? • Conducts fraud brainstorming sessions and is alert to possible fraud material to the financial 64 statements Internal Auditor Responsibilities • Review department, division, unit and/or program internal controls • Review transactions for possible waste, fraud, and abuse • Design the audit such that fraud significant to the audit objectives will be detected • If abuse comes to the auditor’s attention, follows up on that abuse to determine if its presence is significant to65 the audit objectives Vendors Responsibilities • Be aware of how and where fraud can occur in their operations • Look for irregularities • Report suspicious activities (don’t assume others know) 66 Public Responsibilities • Report suspicious transactions or behaviors 67 Approach to Detecting Fraud • Exercise professional judgment • Exercise professional skepticism • Balance between a questioning mind and doubting everyone • Critical assessment of evidence 68 Management /Employee Red Flags • • • • • • • • Personal Behavior Red Flags Financial difficulties • Addiction problems Living beyond means • Past legal problems Divorce/family problems • Refusal to take vacations Control issues, unwilling to • Complaining about share duties inadequate pay Wheeler-dealer attitude • Instability in life Unusually close association • Excessive pressure from with vendor within organization Irritability, suspiciousness, • Excessive family/peer or defensiveness pressure for success Past employment-related • Complaining about lack of problems authority 69 Management Red Flags • Reluctance to provide information when requested • High employee turnover in high risk areas • Lack of segregation of duties in a high-risk area • Excessive number of checking accounts • Increase in purchase of inventory but no increase in productivity • Abnormal inventory shrinkage • Lack of physical security over assets • Payments to vendors not on approved vendor list 70 Employee Red Flags • Employee lifestyle changes (expensive cars, jewelry, homes, etc.) • Behavior changes (drug, alcohol, gambling) • Reluctance to provide information when requested • Refusal to take vacation or sick leave • Excessive purchasing of supplies • Inappropriate overtime hours • A person that likes to be viewed as indispensable 71 How to Improve Your Chance of Detecting Fraud? • Assume anyone can commit fraud • Good documentation does not mean something happened – only that someone said it happened • Pay attention to detail (numbers, dates, amounts, alterations, reasonableness, etc.) • Pay attention to hints or rumors of wrong doing • Look for patterns or unusual transactions 72 Potential Red Flags • Erased or crossed out figures • Inconsistent inks and typefaces • Unusual dates, amounts, notes, phone numbers, and calculations • Consecutively numbered invoices • Excessive voids or refunds • Invoices in large even sums • Multiple invoices to the same vendor just under the bid threshold (for example - $999 or $9,999) 73 Potential Red Flags (Continued) • • • • • Invoices printed on other than prepared forms Vendor address change Unusual number of payments to one payee Inadequate description of item purchased Delay in responding to request for documentation • Stale invoice dates 74 Expenditures of Public Funds • Every expenditure of public funds must serve a public purpose • It is the responsibility of the person incurring the expense to identify the expressed and/or implied authority relied upon to justify the purchase – the authority to act • It is the responsibility of the public agency to document the expenditure in the public records so that the pre-auditor, post auditor, and the public can clearly see the basis relied upon to incur the expense 75 • Every purchase stands on its own Case Study One •City Fleet Department 76 Case Study One City Fleet Department • Parts supervisor could order, receive, and issue parts. Could also open closed work orders and adjust the inventory • Suspicious transactions with three vendors identified • Collusion with one vendor • Losses totaled almost $3 million over five years. • City employees and vendors prosecuted • Theft was not material to each year’s internal service fund financial statements 77 Number of large dollar invoices all for the same amount 78 Notice instructions Improper 79 Same Amounts No Description Consecutive # 80 Invoice Altered with Whiteout 81 82 83 84 85 Summary for Case Study One • Any weaknesses in: • • • • • Control environment? Control Risk? Control Activities? Information and Communication? Monitoring? 86 Where do you Place Responsibility • With the City? • With the Vendors? • With Both? 87 Case Study Two •Leon County Research and Development Authority 88 Case Study Two - Leon County Research and Development Authority Organizational Background Board Composition – Nine Members Staff – An Executive Director and an Office Manager External Auditors – Same for several years Financial Statements – Clean opinions Monthly budget to actual statements prepared by the office manager Treasurer reports – prepared by the office manager Audit Committee – well-intentioned but absent 89 a strong charter Discovery of a $650,000 Fraud • A change in auditors in 2010 led to the discovery of a $650,000 fraud that spanned 5 years • The previous audit focused on the revenue side, believing the expenditure side was not a significant risk and therefore doing minimal testing of expenditures 90 Fiscal Year Number of Fraudulent Checks Written Total Amount of Fraudulent Checks Total Percent Fraud of Total Other Operating Total Operating Expenses Expenses – Expenses Salaries, Depreciation & Other $41,075 $1,014,203 4.04% $402,495 Percent of Fraud of Other Expenses (Not Including Salaries and Depreciation 10.2% $1,159,355 6.98% $468,114 17.3% $1,387,237 12.47% $628,398 (1) Note: Salaries and Depr. Were $758,000 $958,736 Approximately $481,410 27.5% 2005 2006 – 11 2006 2007 – 13 $80,947 2007 2008 – 30 $172,948 2008 2009 – 39 $239,684 25% 2009 -2010 19 $112,797 Total $647451 113 Audit year in progress 91 49.78% Internal Controls - The Office Manager • Received and opened the mail to include receiving tenant rental payments, vendor invoices for services provided, and monthly bank statements to include cancelled checks • Had custody of check stock • Had signature stamps • Prepared invoices for payment to include preparing checks for signature by someone other than herself • Maintained the accounting records and prepared and presented monthly financial and budget reports for meetings • Reconciled the check book to the bank statement for review by the Executive Director. Cancelled checks 92 were not provided to the Executive Director What Was Not Known by the Previous Auditors or the Board • The Office Manager was fired by her former employer and found guilty of a felony for embezzlement of over $100,000 • During the time the Office Manager worked for the Board (during the day), she also performed community service at night at the County jail as part of her previous sentence • No background check was performed by the Board upon employment of the Office Manager – the previous auditors were aware of no background check through inquiry, noted this in 93 the working papers, but took no further action The Office Manager • Drove an expensive vehicle • Lived in an expensive home • Was married with children and was a devoted parent • Was well liked • Was praised by the previous auditors in their audit report for being helpful to them 94 Discovery of the Fraud by the New Auditors • The Office Manager failed to timely respond to records request • The new auditors observed the Manager’s lifestyle • The auditors checked and verified through the county records that a criminal history existed • The auditors noticed a check that appeared unusual • The auditors made a direct request to the bank for copies of cancelled checks • The auditors notified the Audit Committee Chair 95 of their concern as well as the Board Chair The Office Manager Asked to Explain Herself at a Board Meeting 96 • The Office Manager admitted that she did not tell the Board when she was hired that she was previously fired by her former employer for embezzlement – she said she was not asked • The Office Manager denied any wrongdoing while with the Board • The Office Manager accused one of the Board Members of sexual harassment • The Office Manager was subsequently convicted and sentenced to prison • To date the Board has received little monies back from the former employee. It recovered $100,000 from its insurance company and additional monies from the previous auditors 97 98 99 100 101 102 103 104 105 106 107 108 What Was the Board’s (and /or Audit Committee’s)Responsibility 10 9 • To ensure that an adequate system of internal control existed • The control environment • Risk activities • Control activities • Information and communication • Monitoring • Other specific responsibilities • Existence of adequate policies and procedures • Meet with the auditors to discuss the planned audit, and any concerns about risk and the system of internal control • To follow up on audit findings and recommendations and to take corrective actions What was the Auditor’s Responsibility 110 • To conduct the financial • Specific GAGAS statement audit in accordance • Follow up on previous with Generally Accepted significant findings Government Auditing • Exercise professional Standards To plan the audit to skepticism obtain reasonable assurance • Use professional judgment • To use professional judgment • Consider lower materiality • To consider fraud in a financial levels for government statement audit and to provide entities reasonable assurance on • Report on significant whether the f/s are free of deficiencies and material material misstatement, weaknesses in internal whether caused by error or control over financial fraud reporting • To brainstorm about fraud risk Opportunities to Detect Fraud • Confirm vendor payments or year-end payables • Obtain copies of cancelled checks directly from the bank or review checks on-line. Instead, cancelled checks provided by the Office manager were traced to vendor invoices and accounting records • Review the organization process for performing background checks • Requests were made to the accountant to review specific checks. Bank statements were not reviewed • W/P’s indicate no conditions susceptible to fraud in amounts material to the financial statements • Audit procedures did not vary from year to year This was not a complicated fraud – it was a fraud of 111 opportunity and did not involve collusion among employees. Reputational Risk • This fraud made the front page of the local paper on numerous occasions • Previous Board members were embarrassed • The name of the Board (Park) was linked to the fraud as opposed to its mission for many months • Subsequent clean audits • For recent audits, there were no material weaknesses, significant deficiencies, or 112 management comments. Comment from Office Manager to previous auditor’s inquiry about any knowledge of fraud: “I can honestly say that I know of none, nor do I know of any allegations of fraud.” 113 Where Do you Place Responsibility? • With the Board? • With the Audit Committee? • With Management (one person) • With the Auditors? • With all of them? 114 Case Study Two • Was there a weakness in • • • • • Control environment? Control risk? Control activities? Information and communication? Monitoring? 115 Examples of Fraud 116 • Lack of accountability over ticket sales • Lack of segregation of duties for receipt of money and the recording of the money • Writing off accounts receivable and subsequent collection of the money • Theft of supplies, parts, fuel, • Theft of equipment – computers, blowers, chain saws, lawn mowers • Making refunds for fictitious items • Falsifying a travel voucher for travel not performed or for payments not made • Collusion in capital construction projects Other examples? What are Some Suggestions 117 • Be aware that fraud and abuse can exist • Exercise professional judgment and professional skepticism • Perform background checks • Discuss risk and fraud with employees and assess the adequacy of mitigating controls • Brainstorm with staff and supervisors on risk and controls. Document discussions • Look for persuasive factbased evidence of asserted controls • Assess the adequacy of responses to questions 10 Tips on How to Deter Fraud in Your Organization 1. 2. 3. 4. 5. Integrity at the Top Positive Reputation New-hire Screening Process Ethics Programs Written Fraud Program with Expectation of Consequences 118 10 Tips on How to Deter Fraud in Your Organization 6. 7. 8. 9. Communicate Policies to Vendors Proper Handling of Investigations Independent Internal Audit Function Effective Internal Controls and Auditing 10. Open Internal Reporting 119 What to Do When You Suspect or Discover Fraud? • Do not pursue or investigate yourself so as not to interfere with potential future investigations or legal proceedings • Secure documentation • Do not discuss with fellow employees • Notify your supervisor • Notify upper management (department directors) if you do not feel that your concerns have been investigated satisfactorily 120 Reporting Fraud • • • • • Report fraud as soon as you become aware of it Don’t assume someone else will report it Prevents fraud from growing Discourages others from committing fraud Employees who report fraud in good faith are protected from retaliation 121 IMPROVING INTERNAL CONTROLS AND REDUCING THE LIKELIHOOD OF FRAUD It Starts With You! 122 Thank you!!! Sam McCall 850 644-0651 smmccall@fsu.edu 123 Questions? 124