Fraud Risk and Control
advertisement
8/7/2014 Stop Fraud in its Tracks “Don’t wait until you are working on fraud detection within business operations.” FRAUD RISK AND CONTROL Recognizing the Prevalence of Risk and the Importance of Prevention Speaker Profile Session Agenda Alyssa G. Martin, CPA, MBA • • • Partner-in-Charge of Weaver’s Risk Advisory Services 25+ years of experience in public accounting, including 17+ years of internal control process and risk management experience Specializes in – – – – – – – Internal control compliance and monitoring Risk and business management consulting Fraud Prevention Technology consulting Operational analysis Internal audit IT audit • Definition of Fraud • Identifying Fraud Schemes • How Fraud Threatens Your Organization’s Existence/Credibility • Effective Elements of Fraud Prevention & Detection • Mitigating Fraud Risk 1 8/7/2014 What is Fraud? Fraud is defined as: DEFINITION OF FRAUD “… any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.” The Nature of Fraud Not an Accident • Intentional act vs. error or mistake • Ingenious schemes, limited only by human imagination • Gaining an advantage through false suggestions and suppression of truth • Using surprises, tricks or cunning, or any other unfair means Fraud is a breach of trust, not an accident! • Fraud is an “intentional” act often involving detailed planning and concealment • Crooks “anticipate” the routine procedures; evidence is often fabricated • Exploits weaknesses in routine procedures or internal controls 2 8/7/2014 Fraud Engineering Fraudulent schemes are “engineered” (meticulously designed) to perpetrate and conceal the theft, including an exit strategy complete with “fall guys” and “alibis” Fraud Impact in the US % or $ Fraud Victims/Areas 5% Annual revenues lost of global entities $3.7 Trillion Potential projected global fraud loss $1,000,000 + Lost in over 24% of cases investigated Median Loss Fraud Victims/Areas $1,000,000 Financial statements $200,000 Corruption schemes $130,000 Asset misappropriation schemes *Source: Red Flags Some of the warning signs… Association of Certified Fraud Examiners (ACFE) 2014 Report to the Nation on Occupational Fraud and Abuse Behavioral Red Flags • • • • • • • • • Consistently meet/exceed budget expectations Close relationships with vendors/service providers Related party transactions/conflicts of interest Missing, altered, late documents Relaxed oversight combined with friendly employee relations Change in personal habits or behavior Regular adjustments for defective items or shrinkage Compensation tied to financial results Material or frequent adjustments Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” 3 8/7/2014 Primary Fraud Risk Factors IDENTIFYING FRAUD SCHEMES Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” The Fraud Triangle The Fraud Diamond An increase in any element in the triangle increases the risks of fraud. Anti-fraud controls are built to deter or prevent access and incentive for fraud. Rationalization Opportunity • Ability to follow through and commit the fraud • Perpetrator has to make it “okay” internally to perform the fraudulent act • The only factor completely controlled/prevented by an organization • Must gain access to assets/records A person’s “capability”, or personal traits, plays a key role in determining if a fraud will occur in the presence of pressure, opportunity and rationalization. Opportunity Incentive • • Opens the door for the perpetrator INCENTIVE/PRESSURE INTENT/MOTIVE Incentive/Pressure • The more incentive, the easier it is to justify • Financial or personal problems, financial pressure, mental instability Leads the perpetrator to the door Capability Rationalization • Coaxes the perpetrator to the door • Enables the perpetrator to walk through the door 4 8/7/2014 Where Does Fraud Occur? More than 75% of the frauds in the study were committed by individuals in 7 departments: Who Perpetrates Fraud? Perpetrators’ Gender: 66.8% Male 33.2% Female Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” How is Fraud Perpetrated? Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” Fraud Tree Public Sector: >360 Government Cases: >140 | Education Cases: 80 | Nonprofit Cases: 40 Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” 5 8/7/2014 Fraud Tree Don’t Forget: The IT Threat • External agents – Lone hackers – Organized crime groups – Former employees • Internal agents – – – – • Regular staff Executives Contractors Students Partners – Suppliers – Vendors – Other third parties Source: 2014 Association of Certified Fraud Examiners “Report to the Nation” Current State HOW FRAUD THREATENS YOUR ORGANIZATION’S EXISTENCE/CREDIBILITY Despite aggressive prosecutions, fraud in the workplace is alive and well. Now more than ever it is imperative that organization’s consider fraud implications and implement preventative measures. Areas Most Prone to Fraud: • Cash Collections and Use of Funds • Purchasing and P – Cards • Expense Reporting and Travel • Payroll • Human Resources • Inventory (Transportation, Maintenance, Custodial, General Supplies) • Construction and Facilities • Technology 6 8/7/2014 Primary Fraud Categories Asset Misappropriation Theft or misuse of tangible and intangible assets Corruption Asset Misappropriation Financial Statement Fraud Utilizing influence in business transactions to obtain a personal benefit Employee intentionally causes misstatement of material information in organization’s financial reports Less Frequent Most Rare Most Common Scheme Scenario Payroll Fraud • Payment to fictitious employees • Overpayment to existing employees - collusion • Issuing payroll checks to employees who no longer work for the organization Procurement Fraud • Payments to phantom vendors • Control bidding process Credit/Procurement Card Fraud • Use of Organization cards for personal purchases • Use of procurement cards to circumvent competitive bid requirements Travel/expense reimbursement Fraud • Reimbursement of undocumented expenses • Reimbursement for luxury accommodations • Reimbursement for travel expenses of employee's family members Revenue Skimming • Embezzlement of cash collections or funding Theft • Theft of materials, supplies, merchandise Misuse of Assets • Unauthorized use of organization assets • Inappropriate use of bond funds Corruption Scheme Scenario Kickbacks and Bribes • Cash or non-cash gifts from vendors accepted by personnel • Cash or non-cash gifts from vendors accepted by Board members • Awarding contracts based on side agreements Failure to Hold Competitive Bidding • Purchasing in smaller increments to avoid the bidding process Competitive Bid Rigging • • • • • Limiting advertisement of bid to preferred vendors Related party transactions or dealing for personal benefit Preferential treatment of vendors during the award selection process Establishing selection criteria that give vendors an unfair advantage Profiteering as a result of insider knowledge Failing to Disclose Conflicts of Interest • Awarding contracts to parties related to individuals involved in the decision making process Forgery or Falsification of Documents • Falsification of contract terms, operating results • Destruction or disappearance of records • Altering or creating documents with the intent to defraud Financial Statement Fraud Scheme Scenario Inflating Balance Sheet/Fund Balance • • • Manipulating fund balances Omission of material contingencies or subsequent events Inappropriately carrying over unused federal or state funds from one year to the next Inflating Income Statement • • • • Hiding losses/expenses Falsifying revenue Improper recording of the period expenses occur Recording pending transactions as completed transactions Misrepresentation of Facts and Falsifying Records • • • • • • • Intentional reporting of inaccurate financial results Falsification of official documents or reports Public Information provides unsubstantiated favorable results Internal memos give misleading information Altering or creating documents with the intent to defraud Omission of subsequent events Destruction or disappearance of records 7 8/7/2014 Assessing Fraud EFFECTIVE ELEMENTS OF FRAUD PREVENTION & DETECTION Fraud Risk Assessment Prioritize significant fraud risks Assessment and monitoring is key to identification, prevention and detection. • Brainstorm to uncover possible fraud schemes and scenarios • Assess gaps in the business office that could be used for misappropriation • Evaluate control design and operations • Work now on prevention—rather than detection—and improve safeguards Key Questions to Ask When determining fraud risk, ask the following questions: • Analyze root causes: incentives, pressures, opportunities, attitudes and rationalizations Identify how to address risk: accept, avoid, control or transfer? • • • • Test your solution • Monitor risk factors Who can be the potential fraud perpetrator? How might a fraud perpetrator exploit weaknesses in the system of controls? How could a perpetrator override or circumvent controls? What are the possibilities that can be used to hide fraud from detection? What is the cost versus benefit for accepting, avoiding, controlling or transferring the risk? What metrics and indicators exist that could indicate a need to investigate of examine a process for fraudulent activity? 8 8/7/2014 Asset Misappropriation Scheme Prevention/Detection Payroll Fraud • • • • Procurement Fraud • Separate purchasing from the requisitioning department and require competitive bidding • Separate access to approved vendor list from generation of purchase orders • Require background checks and test vendors for exclusions • Match invoices to purchase orders and packing slips prior to payment Credit/ Procurement Card Fraud • Require documentation for procurement card purchases and review samples of purchases • Implement purchase vendor restrictions and MCCs • Place dollar limits on each card Travel/Expense Reimbursement Fraud Require supervisor approval of time sheets and approval of additional duty pay Separate access to HR system from access to payroll processes Designate a different employee to perform payroll reconciliations Require IT to remove terminated employees from all systems, including time entry and payroll Asset Misappropriation Scheme Prevention/Detection Revenue Skimming • Require that a second employee reconcile activity fund receipts to transaction detail and documentation • Require two people to participate in collections and deposit preparation • Require all cash be locked in a safe and daily deposit • Require that an accounting employee record reconciled cash collection transactions • For events, use pre-numbered tickets; have two people with cash at all times; and reconcile tickets to cash received Theft • Restrict access to cash/supplies, requiring advance request and authorization from the requisitioning department • Require requisition forms, and investigate unusually high supply use • Conduct inventory counts and investigate abnormalities • Review samples of travel expense reimbursement documentation and require prior supervisor approval for all travel Corruption Scheme Scenario Kickbacks and Bribes • Review documentation of bidding process for reasonableness • Require employees to sign codes of conduct Failure to Hold Competitive Bidding • Review repetitive payments to vendors or unusual purchases Competitive Bid Rigging • Advertise all bids in a specific, well-known location • Use established selection criteria and review any changes for reasonableness Failing to Disclose Conflicts of Interest Forgery or Falsification of Documents • Initiate a fraud and abuse hotline • Utilize firewalls and inappropriate and unsafe website blockers Misuse of Assets Financial Statement Fraud Scheme Inflating Balance Sheet/Fund Balance Inflating Income Statement • Research potential conflicts for major contracts • Require employees to sign codes of conduct • Require records/documents be submitted in a system that requires an explanation for a change; review a sample of changes and excessive and unusual changes • Perform background checks on employees Scenario • • • • • • • • Misrepresentation of Facts and Falsifying Records • • Review financial statements and reconciliations monthly Ensure accounting management has financial expertise, perform background checks, and verify credentials Become familiar with guidelines for federal and state funding Obtain a financial statement audit from a reputable firm Require review and approval of journal entries Investigate any large or unusual journal entries or anything appearing to originate from management Confirm accounting system access ensures segregation of duties and does not provide unnecessary access to managers Do not use a signature stamp and briefly review documents before signing, asking questions Receive and review unopened statements and documents from banks and other third parties Utilize an electronic documentation system with access controls and a retention schedule 9 8/7/2014 Asset Misappropriation Example – Payroll Fraud Fraud Scenario • A Payroll Manager was routing checks for terminated employees to her own bank account. Internal Audit identified approximately $50,000 in fraudulent payroll disbursements to this employee’s account. Asset Misappropriation Example – Payroll Fraud Lessons Learned • The Payroll Manager was unwilling to change the existing process and implement internal audit recommendations to segregate her responsibilities for processing payroll. • Payroll was segregated from HR, however, the payroll manager had access to modify employee profiles within the software. Additionally, the payroll manager was responsible for approving the payroll calculation and processing the check run, allowing for management override of controls. • Auditor learned through interviewing HR personnel that the Benefits Specialist had identified irregular transactions in the payroll system that were entered by the Payroll Manager. Key Risks and Exposures • An employee who is able to make changes to the employee master file (add or delete employees or change compensation) should not also be involved in the payroll process, including having access to the payroll system or generating or distributing checks. A separate employee should have been assigned this duty. • No processes were in place to ensure segregation of duties. There was no independent disbursement count, and the payroll manager was in charge of reconciling the calculation to the approved hours and payroll expense for each department. Corruption Example – Kickback Arrangement Fraud Scenario • A member of management received cash and personal services in exchange for fixing a bid for construction services. • The official submitted the contractor’s inflated bid and recommended its approval over the fraudulent higher bids he submitted to appear to be from other contractors. • Resulted in financial loss to the organization, inferior work product, and taxpayer mistrust. Key Risks and Exposures • Bid advertising procedures were not in place, and the official had a significant amount of control and influence over the bid and selection process. Necessary Controls Corruption Example – Kickback Arrangement Lessons Learned • Auditor interviewed similar contractors to determine if they had been consulted about providing services and obtain competitive rates for similar services. Determined that they had not been aware of the bid opportunity, and costs for the awarded contract exceeded quotes from other providers. Necessary Controls • All major requests for proposal should be advertised in a well-known, specified location. • Documentation of bid advertisement, bids received, and evaluation of those bids should be reviewed by the board for all major contracts. 10 8/7/2014 Financial Statement Fraud Example – Understated Expenses Fraud Scenario • The Controller, under pressure from the Executive Director, understated organization expenses on the financial statements. • He used a dummy account in order to reduce the costs per program to present a more favorable picture of the organization’s financial situation. • Public criticism for high costs were initially avoided, but the scandal ultimately resulted in public outcry and terminations. Key Risks and Exposures • Significant internal controls design deficiencies and a lack of adequate segregation of duties and system access restrictions. Financial Statement Fraud Example – Understated Expenses Lessons Learned • Analytics indicated lower expenses than in previous years. • Review of controls indicated lack of sufficient system access restrictions. • The Division Manager could not explain the “Prepaid Program Clearing Account.” •. Necessary Controls • Ability to prepare entries vs. approve them within the system should be limited to create segregation of duties and prevent management override. • Monthly and annual reconciliations should be performed timely. • A fraud and abuse hotline should be made available and widely publicized to employees. How to Prevent Fraud Best Practices Approach to Fraud Prevention MITIGATING FRAUD RISK Create a Entitywide culture of integrity from the boardroom, throughout administration, and beyond. Fraud Prevention Measures • Commit organization resources to focus on fraud • Prosecute offenders • Ensure appropriate segregation of duties • Perform regular internal audits to deter fraud • Implement IT controls • Implement a fraud hotline & investigate fraud tips • Establish checks and balances for ongoing monitoring at the administration level 11 8/7/2014 Cost-Effective Approach Key Internal Controls • Segregation of duties • Prevention is the most cost effective approach to fraud management. • Losses are almost impossible to recoup. • Improve your Organization’s internal controls and retain funds for the intended use. – – – – • Perceived opportunity is a common driver – – – – Effective Fraud Detection MOTIVE FRAUD OPPORTUNITY INTENT COMPETENCY Tone at the top Use a hotline - Investigate tips Segregation Of Duties is “built in” Fraud prevention as part of code of ethics Fraud Risks The Six Elements When proving fraud, focus on the six key elements: Foundational element of prevention Establishes natural checks and balances Reduces errors Includes IT controls, access and management An increase in any element in the fraud triangle (or diamond) increases the risks of fraud. CONCEALMENT REPETITIVE ACTS Anti-fraud controls are built to deter or prevent the ability, incentive, and opportunity to commit fraud. 12 8/7/2014 Impact on Organizations • The financial costs alone are staggering and a waste of taxpayer money – – – – • Prevention is Key! Prevention is the key to retaining fund balances! Fraud/theft of funds or other assets Cost of investigation Increase in accounting fees/audit fees/legal fees Court costs Lack of proactive fraud management could threaten your organization’s long-term goals: • Being accountable for taxpayer dollars • Maintaining public confidence and trust • Managing growth • Providing a positive learning environment for students • Providing a high-integrity work environment for personnel • Safeguarding the assets of the organization • Protecting the reputation of the organization Long-term loss of confidence and trust in the organization, officials, and board of directors – Conveys the wrong message to employees and the public – Economic impact to programs • Unanticipated terminations – Loss of employees – Potential termination of officials – Potential removal of members of the Board of Directors • Loss of public investment and community funding Organizations cannot afford to lose five percent of revenues - that is the hidden cost of fraud (losses are almost impossible to recoup). QUESTIONS? Alyssa G. Martin, CPA, MBA | Partner, Risk Advisory Services 972.448.6975 | alyssa.martin@weaver.com 51 13
