What Does Fraud Look Like?
Focus on Finance – 01/16/2014
Department of Internal Audit
University of Memphis
Vicki Deaton, Senior Internal Auditor
vddeaton@memphis.edu
678 -4785
What is Fraud?
• TBR and UOM Policy Definition:
An intentional act to deceive or cheat,
ordinarily for the purpose or result of
causing a detriment to another and/or
bringing about some benefit to oneself or
others.
Reference:
TBR Policy 4:01:05:50 and UOM Policy UM1640
Fraud May Include the Following:
(but is not limited to)
•
Theft or misappropriation of funds, supplies, property, or other resources.
•
Forgery or alteration of documents (whether financial, operational or
academic).
•
Unauthorized alteration or manipulation of computer files.
•
Falsification of reports to management or external agencies.
•
Pursuit of a benefit or advantage in violation of University Policy UM1692
Conflict of Interest.
•
Authorization or receipt of compensation for hours not worked.
Some Fraud Facts
2012 Report to the Nations - Key Findings and Highlights
Source: Association of Certified Fraud Examiners
• A typical organization loses 5% of revenue each year to fraud. On a
global basis that is $3.5 trillion.
• The median loss for fraud is $140,000 per case.
• Industries most commonly victimized by fraud are financial services,
government, and manufacturing.
• Most frauds last 18 months before being detected.
• The most common and effective method for discovering fraud is tips to
hotlines and other reporting mechanisms within the organization.
Why Would Someone Commit
Fraud?
Fraud Triangle
• Developed by Dr. Donald R. Cressey
Perceived
Opportunity
Pressure
Rationalization
Opportunity - The person committing the fraud sees an internal control
weakness and, believing no one will notice if funds are taken, begins the
fraud with a small amount of money. If no one notices, the amount will
usually grow larger.
Pressure - Such as a financial need, is the “motive” for committing the
fraud. Common pressures can be gambling problems or credit card debt.
Rationalization - The person committing the fraud frequently rationalizes
the fraud. Rationalizations may include, “I’ll pay the money back”, “They
will never miss the funds”, or “They don’t pay me enough.”
Behavioral Red Flags
•Living Beyond Means
•Financial Difficulties
•Close Association with Vendor or
Customer
•Control Issues-Unwillingness to
Share Duties
•Divorce/Family Problems
•Wheeler-Dealer Attitude
•Irritability, Suspiciousness or
Defensiveness
•Addiction Problems
•Past Employment Problems
•Complains About Inadequate Pay
•Refusal to Take Vacations
•Excessive Pressure from Within
Organization
•Past Legal Problems
•Complains About Lack of
Authority
•Excessive Family/Peer Pressure
for Success
•Instability in Life Circumstances
2012 ACFE Report to the Nations on Occupational Fraud and Abuse
Examples of Fraud
Fraud Examples – Higher Education
 An Administrative Assistant plead guilty last November to embezzling
$5.1 million from the Association of American Medical Colleges. The
Administrative Assistant created hundreds of false invoices for fictitious
companies with business names similar to existing vendors. Payments
were deposited into bank accounts the Administrative Assistant opened
for the fictitious companies.
(from Big News Network, November 25, 2013)
AAMC (Association of American Medical Colleges) President and CEO Darrell G. Kirch,
M.D. stated: Words cannot adequately express the betrayal we have felt since we learned of
Ms. Green’s long-concealed scheme. As an organization guided by honesty and integrity, we
are truly stunned that Ms. Green, a long-time, trusted employee, embezzled more than $5
million over a 12-year period.
 The Vice President of Harrisburg Area Community College plead guilty
last November to fraud. The VP used a credit card issued by the college
to make online purchases of Target gift cards that she then used to
purchase non-work related items for herself, her family, and her friends.
She created fictitious invoices to conceal the unauthorized purchases.
(from FBI Press Release, November 15, 2013)
Fraud Examples – Higher Education
 State University of New York Upstate Medical University’s President
resigned in November 2013 after an investigation was launched to
determine if he improperly padded his pay. The President arranged for
unapproved outside pay from two companies linked to Upstate. The
two companies have received millions of dollars under contracts with
Upstate. New procedures aimed at eliminating conflicts of interest are
being implemented.
(from Syracuse.com, November 15, 2013)
Large Fraud Undetected for 20 Years
The City Comptroller of
Dixon, Illinois committed a
20 year fraud and stole $53
M from the community of
16,000 people. She
transferred funds into an
unauthorized bank account.
She created fictitious
invoices from the state to
substantiate the
transfers/payments.
She used the money to fund a lavish
lifestyle and a horse-breeding operation.
Some purchases:
 2 residences in Dixon, Il
 1 residence in Florida
 A horse farm in Dixon, Il
 A $2M motor coach
 Various land, trucks, and boats
Sentence: 20 years in prison
(from Thoughts on Auditing, David R. Hancox blog, June 13,
2013 and Chicago Tribune News, September 25, 2013)
How Can We Limit the
Opportunity for Fraud?
Why is Internal Control
Important?
• Internal control can provide you with a level of
assurance that small mistakes or fraud will be
detected before becoming a significant issue that
will harm your operations and the University.
• Internal control provides a level of protection to
the university by reducing opportunities for
innocent mistakes or intentional fraud to cause
harm.
The Control Environment
• The control environment is the core of any
system of internal control.
• It sets the tone for the entire organization.
• Each department head, manager and
business officer has responsibility for
ensuring proper internal controls are in
place and operating as planned in their area
of responsibility.
The Control Environment
• The control environment is made up of
– The ethics and integrity of the administration
and employees of the university.
– The commitment to competence at all levels.
– The administration's operating style and attitude
toward controls.
– Human resource policies (and practices).
– Organizational structure
Risk Assessment
• Risk assessment is the evaluation to
determine those areas and functions within
the university and each department that
have risk of errors, noncompliance, and
fraud.
• Controls may then be put in place to help
mitigate the risks identified during risk
assessment
Control Activities Include:
Approval is VERY
Important!!!!
•
•
•
•
•
•
•
Approvals
Spending Limits
Reconciliations
Verification
Reviews
Verification is VERY
Important!!!!
Reporting
Segregation of Duties
VERY IMPORTANT!!!
Check and verify documents
before you sign indicating
approval.
Segregation of Duties
• Responsibility for the custody of assets (as well as
authorization of transactions related to assets)
should be kept separate from the accounting for
those assets.
• Responsibility for operations should be separate
from the related record-keeping.
• Do you have checks and balances that allow you
to know if things are happening as required?
(NOTE: suspicion is a good thing)
Independent Performance
Review
• An independent performance review is designed to
ensure that controls are properly designed and
working properly. Internal Audit can assist if you
need help in this area.
• Changes in operations may make some controls
unnecessary and may cause the need for new
controls (Example: Controls over computer
access).
Information and Communication
• Adequate information and communication
systems help the university personnel obtain
and process information that is needed to
carry on and control the operations of the
university
Monitoring
• Monitoring is the review of controls by university
management to verify that controls are achieving the
desired results in your area of responsibility.
• Once again, as the operations of the university change, the
related controls must be changed to ensure that the goals of
the university are met.
• Each department head, manager and business officer has
responsibility for monitoring activities and controls within
their area of responsibility.
Limitations on Internal Control
• The effectiveness of any system of internal
control depends on the competence of the
people who use it.
• Internal control can be weakened by the
management override of control activities.
• Controls can be defeated by the collusion of
two or more people.
How Is Fraud Detected?
Detection of Fraud Schemes
Association of Fraud Examiners
How is Fraud Detected
You are the most important factor in detecting fraud!!!
58% - Tips to Hotlines and Management Review
It is a common misconception
that most frauds are discovered in audits.
14% - Internal Audits
3% - External Audits (CPA Firms & State Audit)
How is Fraud Detected
“Fraud is not an accounting problem;
it is a social phenomenon.”
“Internal controls are important---but no controls exist that
provide absolute assurance against fraud.”
(Journal of Accountancy - Feb 2004)
Two important points:
1. Pay attention and ask questions.
2. Trust but verify.
To Report Suspected Fraud
Options for reporting fraud at the University include:
1.
Telling your supervisor.
2.
Notifying a University Official
3.
Contacting Internal Audit at 678-2124 or UoM_audit@memphis.edu
or use the online form on the Internal Audit website.
www.memphis.edu/reportfraud
To Report Suspected Fraud (cont)
University of Memphis Internal Audit Website URL
www.memphis.edu/reportfraud
When Reporting Suspected Fraud:
- Reporting must have reasonable grounds to suspect
fraud is occurring. (no false accusations).
- Protection from Retaliation - State law (T.C.A. § 8-50-116)
- Confidentiality Protected – State Law (T.C.A. § 49-14-103)
The Report May be Made Anonymously
Questions
Please visit the Internal Audit web page for additional information or
contact Internal Audit if you have questions. There is additional
information on this website regarding internal controls and fraud.
https://umdrive.memphis.edu/g-uomaudit/www/
• Contact Information:
Phone: 678-2124
Email: uom_audit@memphis.edu