Fraud Prevention Checklist
advertisement
Fraud Prevention and Deterrence: A We Are W Doing D i Enough? E h? Chris Didio, CPA, CFE Data Presented • The following 2012 data is based on 1,388 cases of occupational fraud that were reported by the CFEs who investigated them. • These offenses occurred in nearly 100 countries on six continents. i • The data gathered shows how consistent the patterns of f d are aroundd th fraud the globe l b andd over titime. Occupational Fraud and Abuse Classification System • Corruption • Asset Misappropriation • Financial Statement Fraud What Constitutes Corruption? • Conflicts of Interest • Purchasingg Schemes • Sales Schemes • Briberyy • Invoice Kickbacks • Bid Rigging • Illegal Gratuities • Economic Extortion Financial Statement Fraud • • Asset/Revenue Overstatement • Timing Differences • Fictitious Revenues • Concealed Liabilities and Expenses • Improper Asset Valuations • Improper Disclosures Asset/Revenue Understatement • Timing Differences • Understated Revenues • Overstated Liabilities and Expenses • Improper Asset Valuations Asset Misappropriation • • Cash – Theft of Cash on Hand – Theft of Cash Receipts • Skimming, Cash Larceny – Fraudulent Disbursements • Billing Schemes, Payroll Schemes, Expense Reimbursement Schemes, Check Tampering, Register Disbursements Inventory and Other Assets – Misuse – Larceny • Asset ss Transfers, s s, False s S Saless and S Shipping, pp g, Purchasing s g and Receiving, Unconcealed Larceny Typical Losses • Survey participants estimated that the typical g loses 5 percent p of its revenues organization to fraud each year. • Applied to the 2011 Gross World Product, Product this figure translates to a potential projected annual fraud loss of more than $3.5 trillion. Median Loss • The median loss caused by the occupational fraud cases in our study was $140,000. • More than one-fifth one fifth of these cases caused losses of at least $1 million. Duration • The frauds reported lasted a median of 18 g detected. months before being Common Types of Fraud • A Asset misappropriation i i i schemes h were by b far f the h most common type of occupational fraud, comprising 87 percent p Theyy were also the least costlyy form of the cases reported. of fraud, with a median loss of $120,000. • Financial statement fraud schemes made up just 8 percent of the cases in the st study, d bbutt ca caused sed the greatest median loss at $1 million. • Corruption p schemes fell in the middle,, occurring g in jjust over one-third of reported cases and causing a median loss of $250,000. Detection • Occupational fraud is more likely to be p than byy anyy other method. detected byy a tip • The majority of tips reporting fraud come from employees of the victim organization. Corruption and Billing Schemes • Corruption and billing schemes pose the greatest risks to organizations throughout the world. • For all geographic regions regions, these two scheme types comprised more than 50 percent of the frauds reported to us. Occupational Fraud • Occupational fraud is a significant threat to small businesses. • The smallest organizations in our study suffered the largest median losses. These organizations typically employ l fewer f anti-fraud ti f d controls t l th than th theiri llarger counterparts, which increases their vulnerability to fraud. Common Victims • The industries most commonly victimized in g and our current studyy were the banking financial services, government and public g sectors. administration,, and manufacturing Controls • The presence of anti-fraud controls is notably g decreases in the correlated with significant cost and duration of occupational fraud schemes. • Victim organizations that had implemented any of sixteen common anti-fraud controls experienced considerably l lower llosses andd titime-to-detection t d t ti th than organizations i ti lacking these controls. Figures of Authority • Perpetrators with higher levels of authority g losses. tend to cause much larger • The median loss among frauds committed by owner/ executives was $573,000, the median loss caused by managers was $180,000 $180 000 andd th the median di lloss causedd bby employees was $60,000. Duration of Employment • The longer a perpetrator has worked for an g , the higher g fraud losses tend to organization, be. • Perpetrators p with more than ten yyears of experience p at the victim organization caused a median loss of $229,000. By comparison, the median loss caused by perpetrators who committed fraud in their first year on the job was only $25,000. Departmental Fraud • The vast majority (77 percent) of all frauds in this studyy were committed byy individuals working in one of six departments: g, operations, p , sales,, accounting, executive/upper management, customer p g service and purchasing. • This distribution was very similar to what was found in the 2010 study. Criminal History • Most occupational fraudsters are first-time p y histories. offenders with clean employment • Approximately 87 percent of occupational fraudsters had never been charged or convicted of a fraud related offense, ff andd 84 percentt hhadd never bbeen punished i h d or terminated by an employer for fraud-related conduct. Red Flags • In 81 percent of cases, the fraudster p y one or more behavioral red flags g displayed that are often associated with fraudulent conduct. • Living beyond means (36 percent of cases), financial difficulties (27 percent), unusually close association with vendors d or customers t (19 percent) t) andd excessive i control t l issues (18 percent) were the most commonly observed g behavioral warningg signs. Recovery • Nearly half of victim organizations do not recover anyy losses that theyy suffer due to fraud. • As of the time of our survey, y 49 ppercent of victims had not recovered any of the perpetrator’s takings; this finding is consistent with our previous research, which indicates that 40 40–50 50 percent of victim organizations do not recover any of their fraud-related losses. Fraud is Universal • The nature and threat of occupational fraud is g research notes some trulyy universal. Though regional differences in the methods used to g commit fraud — as well as organizational approaches to preventing and detecting it — manyy trends and characteristics are similar regardless of where the fraud occurred. Encouraging Reporting • Providing individuals a means to report suspicious activity is a critical part of an anti-fraud program. • Fraud reporting mechanisms, such as hotlines, should be set up to receive tips from both internal and external sources andd should h ld allow ll anonymity i andd confidentiality. fid i li • Management should actively encourage employees to reportt suspicious i i activity, ti it as wellll as enactt andd emphasize an anti-retaliation policy. External Audits • E External ternal audits a dits sho should ld not be relied upon pon as an organization’s primary fraud detection method. • Such audits were the most commonly implemented control in this study; however, they detected only 3 percent of the frauds reported, and they ranked poorly in limiting fraud losses. p ppurpose p and • While external audits serve an important can have a strong preventive effect on potential fraud, their usefulness as a means of uncovering fraud is limited. Employee Training • Fraud awareness training for employees and managers is critical. • Not N t only l are employee l titips the th mostt common way occupational ti l fraud is detected, but research shows organizations that have anti-fraud trainingg pprograms g for employees, p y managers g and executives experience lower losses and shorter frauds than organizations without such programs in place. • At a minimum, minimum staff members should be educated regarding what actions constitute fraud, how fraud harms everyone in the organization and how to report questionable activity. Small Businesses • Research continues to show that small businesses are particularly vulnerable to fraud. • These Th organizations i ti typically t i ll have h ffewer resources than th th theiri larger counterparts, which often translates to fewer and lesseffective anti-fraud controls. • Losses experienced by small businesses also have a greater impact on operations. • Assessing A i th the specific ifi ffraudd schemes h th thatt pose th the greatest t t threat to the business can help identify those areas that merit g anti-fraud controls. additional investment in targeted Behavioral Signs • Most fraudsters exhibit behavioral traits that can serve as warning signs of their actions. • These red flags — such as living beyond one’s means or exhibiting excessive control issues — generally will not be identified by traditional internal controls. controls • Managers, employees and auditors should be educated on these common behavioral patterns and encouraged to consider them. Conclusion • The cost of occupational fraud — both financially and to an organization’s reputation — can be acutely damaging. • With nearly half of victim organizations unable to recover their h i llosses, proactive i measures to prevent fraud are critical. 60 00% 60.00% 55.50% 51.90% 50.00% Distribution of Dollar Losses 51.40% Percent off Cases 40.00% 30.00% 23.70% 20.60% 20.00% 2012 2010 12.80% 10.00% 25.30% 12.70% 10.60% 2008 6.90% 5.70% 7.30% 2.90% 2.00% 3.50% 2.10% 3.30% 1.90% 1 90% 0.00% Dollar Loss 86.70% 86 30% 86.30% 88.70% Type of Fraaud A t Mi Asset Misappropriation i ti 33.40% 32.80% 26.90% Corruption Financial Statement Fraud 0.00% 2012 2010 2008 7.60% 4.80% 10.30% 20.00% 40.00% 60.00% Percent of Cases 80.00% 100.00% O Occupational Frauds by Category‐ ti lF d b C t M di L Median Loss $1,000,000 Financial Statement Fraud Financial Statement $4 100 000 $4,100,000 Tyype of Fraud $2,000,000 $250,000 Corruption $250,000 2012 $375,000 2010 2008 $120 000 $120,000 Asset Misappropriation $135,000 $150,000 $0 $1,000,000 $2,000,000 $3,000,000 Median Loss $4,000,000 $5,000,000 Duration of Fraud Based on Scheme Type Duration of Fraud Based on Scheme Type 12 12 Payroll 22 12 Check Tampering Check Tampering 15 21 18 18 Expense Reimbursements 18 18 Scheeme Type Financial Statement Fraud 24 26 19 18 17 Billing Skimming 18 2012 24 24 2010 Cash on Hand 24 24 24 2008 Cash Larceny 24 24 24 24 Corruption Non‐Cash 27 30 30 24 Register Disbursements 30 36 24 25 0 5 10 15 20 25 Median Months to Detection 30 35 40 Initial Detection of Occupational Frauds 43.30% 40.20% Tip 14.60% 15.40% Management Review Management Review 14.40% 13.90% Internal Audit 7.00% 8.30% Detection Method By Accident 4.80% 6.10% Account Reconciliation 4.10% 5.20% Document Examination 2012 2010 3.30% 4.60% External Audit Notified by Police 3.00% 1.80% Suveillance/Monitoring 1.90% 2 60% 2.60% Confession 1.50% 1.00% IT Controls 1.10% 0.80% Other 1.10% 0% 0% 10% 20% 30% Percent of Cases 40% 50% Source of Tips Employee 50.90% Source of Tips Customer 22.10% Anonymous 12.40% Other 11.60% Vendor Shareholder/Owner Competitor 0.00% 9.00% 2.30% 1.50% 10.00% 20.00% 30.00% Percent of Tips 40.00% 50.00% 60.00% Impact of Hotlines Detecttion Method Tip 34.60% Internal Audit Internal Audit 16.30% 12.80% Management Review 13.80% 16.50% Account Reconciliation 4.50% 4.80% Document Examination 3.00% 5.80% By Accident 2.80% Surveillance/Monitoring 2.40% 1.50% Organizations With Hotlines 11.30% Organizations Organizations Without Hotlines 1.70% 3.70% Notified by Police Confession 50.90% 1.30% 1.80% IT Controls 1.30% 0.50% External Audit 1.00% Other 1.00% 1.00% 0.00% 5.70% 10.00% 20.00% 30.00% Percent of Cases 40.00% 50.00% 60.00% Organization Type of Victim‐ Frequency 39.30% 42.10% 39.10% Typ pe of Victim m Organiza ation Private Company Private Company 28.00% 32.10% 28.40% Public Company p y 2012 16.80% 16.30% 18.10% Government 2008 10.40% 9.60% 14.30% Not‐for‐Profit Other 2010 5.50% 0% 0% 0% 10% 20% 30% Percent of Cases 40% 50% O Organization Type of Victim‐ i ti T f Vi ti Median Loss M di L $200,000 $231,000 Private Company Type of Vicctim Organizzation $278,000 $127,000 Public Company $200,000 $142,000 $100,000 $90,000 $$109,000 , Not‐for‐Profit 2012 2010 2008 $81,000 $100,000 $100 000 $100,000 Government $75,000 Other $0 $0 $0 $0 $50,000 $100,000 $150,000 $200,000 $250,000 $300,000 Median Loss Scheme Type by Size of Victim Organization Billing 27 90% 27.90% C Corruption i Check Tempering Sche me Type Expense Reimbursements 13.70% Cash on Hand 10.70% Payroll <100 Employees p y 15.10% 18.00% 100+ Employees 6.30% 14.40% 14.20% 7.60% Financial Statement Fraud 17.30% 16.60% 8.60% Non‐Cash 0.00% 20.70% 12 10% 12.10% Cash Larceny 34.90% 22.40% 7.60% Skimming Register Disbursements 32.20% 22.20% 10.60% 33.40% 40% 3.90% 5.00% 10.00% 15.00% 20.00% 25.00% Percent of Cases 30.00% 35.00% 40.00% Primary Internal Control Weakness Observed by CFE i l l k b db 35.50% 37.80% Lack of Internal Controls 19.40% 19.20% Mo ost Importan nt Contributiing Factor Override of Existing Override of Existing Internal Controls Internal Controls 18.70% 17.90% Lack of Management Review 9.10% 88.40% 40% Poor Tone at the Top Poor Tone at the Top 7.30% 6.90% Lack of Competent Personnel in Oversight Roles 2012 3.30% 5 60% 5.60% Lack ooff Independent Checks/Audits Lack Independent Checks/Audits 2010 2.50% 1.90% Lack of Employee Fraud Education Other 0% 2.20% 1.80% 1.80% Lack of Clear Lines of Authority Lack of Reporting Mechanism 0.30% 0.60% 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% Percent of Cases 30.00% 35.00% 40.00% Position of Perpetrator Frequency Position of Perpetrator‐ Freq enc 41.60% Employee 42.10% Position o of Perpetrattor 39.70% 37.50% Manager 41.00% 37.10% 2012 2010 17.60% Owner/Executive 2008 16.90% 23.30% 3.20% Other 0% 0% 0% 5% 10% 15% 20% 25% Percent of Cases 30% 35% 40% 45% $300,000 Gender of Perpetrator‐ Median Loss $250,000 $250 000 $232,000 $250,000 Med dian Loss $200,000 $200,000 2012 $$150,000 , $100,000 2010 0 0 $91,000 2008 $110,000 $100,000 $50,000 $0 Female Gender of Perpetrator Male Age of Perpetrator‐ Frequency 25.00% 19.30% 19.60% 19.30% 18.00% Percen nt of Cases 20.00% 16.10% 16.10% 15.00% 13.50% 13.70% 2010 9.80% 9.60% 10.00% 5 80% 5.80% 2012 9.00% 9.40% 5 20% 5.20% 5.20% 5.20% 5.00% 3.10% 2.20% 0.00% <26 26‐30 31‐35 36‐40 41‐45 46‐50 Age of Perpetrator 51‐55 56‐60 >60 Education of Perpetrator‐ Median Loss $300,000 $300 000 $300,000 Edu ucation Lev vel of Perp petrator Postgraduate Degree Postgraduate Degree $550,000 $200,000 $234,000 $210,000 College Degree g g $125,000 $136,000 $196 000 $196,000 Some College $75,000 $100,000 $100 000 $100,000 High School Graduate or Less Other 2012 2010 2008 $38,000 $0 $0 $0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000 Median Loss Behavioral Red Flags of Perpetrators Behavioral Red Flags of Perpetrators 35.60% 37.20% 38.60% Living Beyond Means 27.10% Financial Difficulties Unusually Close Association with Vendor/Customer Unusually Close Association with Vendor/Customer 18.20% 19.60% 18.70% Behavio oral Red Flags Divorce/Family Problems 14.80% 15.20% 17.10% Wheeler‐Dealer Attitude 14.80% 16.60% 20 30% 20.30% 12.60% 12.20% 13.60% Irritability, Suspiciousness or Defensiveness 8.40% Addiction Problems Past Employment‐Related p y Problems 8.10% 8.00% 77.90% 90% Complained About Inadequate Pay 7.90% 6.80% 7.30% 10.30% 2012 13.30% 2010 2008 6.50% 8.80% 6.80% Refusal to Take Vacations 6.50% 6.50% 6 50% 6.50% Excessive Pressure from Within Organization g 5.30% 5.40% Complained About Lack of Authority 4.80% 4.00% 3.60% Excessive Family/Peer Pressure for Success 4.70% 4.40% 44.20% 20% Instability in Life Circumstances 4.10% 4.80% 4.90% 0.00% 34.10% 19.20% 19.20% % 15 20% 15.20% Control Issues, Unwillingness to Share Duties Past Legal Problems 31.50% 5.00% 8.70% 10.00% 15.00% 20.00% 25.00% Percent of Cases 30.00% 35.00% 40.00% 45.00% Cases Referred to Law Enfrocement Case Repo orted to Policce 65.20% Yes 64.10% 69.00% 2012 2010 2008 34.80% No 35 90% 35.90% 31.00% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% Percent of Cases 60.00% 70.00% 80.00% Reason(s) Case Not Referred to Law Enforcement 38.30% Rea ason Given ffor Not Pros secuting Fear of Bad Publicity 42.90% 40.70% 33.30% 33.70% 30.50% Internal Discipline Sufficient 20.50% Private Settlement 14.50% Too Costly Other 8.10% 3.30% 4.90% 2010 13.10% 11.90% 8.40% 0.70% 0.60% 1 80% 1.80% 0.00% 2012 2008 Lack of Evidence Perpetrator Disappeared p pp 23.50% 11.70% 0.00% 0% Civil Suit 20.20% 28.60% 31 00% 31.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% 45.00% 50.00% Percent of Cases Fraud Prevention Checklist • Is ongoing anti-fraud training provided to all employees of the organization? • Do employees understand what constitutes fraud? • Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss and decreased morale and productivity — been made clear to employees? • Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely? • Has a policy of zero-tolerance for fraud been communicated to employees through words and actions? Fraud Prevention Checklist • Is an effective fraud reporting mechanism in place? • Have employees been taught how to communicate concerns about known or potential wrongdoing? • Is there an anonymous reporting channel available to employees, such as a third-party hotline? • Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal? • Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated? • Do reporting policies and mechanisms extend to vendors, customers and other outside parties? Fraud Prevention Checklist • To increase employees’ perception of detection, are the following proactive measures taken and publicized to employees? • Is possible fraudulent conduct aggressively sought out, rather than dealt with passively? • Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment questioning by auditors? • Are surprise fraud audits performed in addition to regularly scheduled audits? • Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization? g Fraud Prevention Checklist • Is the management climate/tone at the top one of honesty and integrity? • Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity? • Are performance goals realistic? • Have fraud prevention goals been incorporated into the performance measures against which managers are evaluated and which are used to determine performance-related compensation? • Has the organization established, implemented and tested a process for oversight of fraud risks by the board of directors or others charged with governance (e.g., the audit committee)? Fraud Prevention Checklist • Are fraud risk assessments performed to proactivelyy identifyy and mitigate p g the company’s vulnerabilities to internal and external fraud? Fraud Prevention Checklist • Are strong anti-fraud controls in place and operating effectively, including the following? • Proper separation of duties • Use of authorizations • Physical safeguards • Job rotations • Mandatory vacations Fraud Prevention Checklist • Does the internal audit department, if one q resources and exists,, have adequate authority to operate effectively and without g undue influence from senior management? Fraud Prevention Checklist • Does the hiring policy include the following (where permitted by law)? • Past employment verification • Criminal and civil background checks • Credit checks • Drug screening • Education verification • References check Fraud Prevention Checklist • Are employee support programs in place to p y struggling gg g with addictions,, assist employees mental/emotional health, family or financial p problems? Fraud Prevention Checklist • Is an open-door policy in place that allows p y to speak p freelyy about pressures, p , employees providing management the opportunity to pressures before theyy become alleviate such p acute? Fraud Prevention Checklist • Are anonymous surveys conducted to p y morale? assess employee Local Example of Fraud • • • • • • During 2009, 2009 a local company’s company s Purchasing Manager embezzled a sum of approximately $790,000 over the course of approximately six (6) years:. The Purchasing manager was an extremely personable, friendly, grandfatherly type. One of the means used to successfully embezzle monies: the Purchasing Manager instructed the warehouse and dock receiving personnel to manuallyy “receive” p purchases into the Company’s p y system y when,, in fact,, no actual receipt had occurred. The Company did not require receiving reports for all product receipts. g did not demand a three-wayy match between invoice,, p purchase Check signers order and receiving report before approving checks for payment. Payables Clerk did not question missing receiving reports because Purchasing Manager personally vouched for receipts and was a long-time trusted employee. Local Example of Fraud • • • • • Amounts were expensed to packaging expense, not charged to inventory. Fraud began years before, during bankruptcy, when management’s attention was distracted. Fraud expenses were budgeted-in to annual expectation of packaging expenses as the fraud had continued so long. Thus, the fraudulent expense was not detected analytically. Fraudulent purchase orders were generated by the Purchasing Manager, and fraudulent invoices were also generated by him on the company’s own computers and mailed to the company from the outside. Same Purchasing Manager supervised purchasing and inventory control functions, as well as warehouse and dock receiving personnel. There was no segregation of duties. Local Example of Fraud • • • • • • This company has no business phone number, no internet site and was not li t d in listed i the th Y Yellow ll Pages P i th in the locality. l lit We verified that 153 checks were, in fact, payments made to a fictitious company. All checks h k to t the th fifictitious titi company were hand h dd delivered li db by th the P Purchasing h i Manager to his partner in the scheme, for his endorsement. We engaged an independent, third-party IT consultant to review the Purchasing Manager’ss computer hard drive contents. Manager contents The consultant retrieved a deleted excel spreadsheet file from the hard drive, which contained the template used by the Purchasing Manager to create the fictitious company company’ss invoices. invoices The word “INVOICE” was misspelled on the invoice template which was retrieved by the consultant in the exact same way the word “INVOICE” was misspelled p on all of the invoice documents that had been p paid to the fictitious company.
