Presenters:
Kirk B. Leoni, CPA (Principal) kleoni@nathanwechsler.com
Kelli Boyle, CPA (Manager) kboyle@nathanwechsler.com
The median response indicated that the typical US organization loses 7% of its annual revenue to fraudulent activity.
This percentage applied to the estimated 2008 GDP of
$14.2 trillion would project that roughly $994 billion would be lost to fraud in 2008.
Source: 2008 Report to the Nation on Occupational Fraud and
Abuse by the Association of Certified Fraud Examiners
50%
40%
30%
20%
10%
0%
Tip By
Accident
Internal
Audit
Internal
Controls
External
Audit
Notified by Police
2008
2006
Which Organizations Reported the Most Fraud?
40%
35%
30%
25%
20%
15%
10%
5%
0%
Private Co.
Public Co.
Government Not-for-Profit
2008
2006
Control Weaknesses that Contributed to Fraud
(only selected weaknesses shown)
40%
35%
30%
25%
20%
15%
10%
5%
0%
Lack of IC Lack of Mgmt Ov erride of
Rev iew Controls
Poor Tone at the Top
Lack of ov ersight
Lack of
Indep.
Checks/audit
Most important contributing factor
40%
35%
30%
25%
20%
15%
10%
5%
0%
Corr uptio n
Billin g
Skim ming
Non
-Cas h
Che ck Ta
Exp ense mpe ring
Rei mbu rsem ent
Cas h on
Frau
Han d dule nt S tatem ents
Cas h La rcen y
Pay roll
Dis burs
Reg ister eme nts
Accounting
All Cases
OPPORTUNITY
PRESSURE / INCENTIVES RATIONALIZATION
10% of employees will never steal
10% of employees will always steal
80% of employees will steal if given the right opportunity, motivation or justification
Living beyond means
Financial difficulties
Wheeler-dealer attitude
Control issues
(unwilling to share duties)
Divorce / Family problems
Unusually close association with vendor / customer
Addiction problems
Refusal to take vacations
Excessive pressure from within the organization
Red
179
164
146
128
65
# of cases
370
327
195
62
% of cases
38.6%
34.1%
20.3%
18.7%
17.1%
15.2%
13.3%
6.8%
6.5%
Median Loss
$250k
$111k
$405k
$250k
$118k
$410k
$225k
$250k
$388k
The expression of an opinion about whether your financial statements are fairly presented, in all material respects, in conformity with U.S.
GAAP......not to detect fraud.
(According to the ACFE report to the nation, less than 10% of fraud is discovered by an External Audit)
Designed to obtain reasonable assurance, not absolute assurance about whether the financial statements are free from material misstatement (caused by error or fraud)
Not designed to detect immaterial errors or fraud.
Not designed to provide assurance about IC or identify deficiencies
However, SAS 112 requires written communication of those deficiencies the auditor becomes aware of
Compilation – lowest level of service – your account balances assembled into financial statement format
Review – use of analysis as opposed to tracing to source documents
Reviews & Compilations do not contemplate obtaining an understanding of IC or the assessment of risk.
Reviews & Compilations cannot be relied upon to disclose errors, fraud or illegal acts that may exist.
No requirement to communicate IC deficiencies
Agreed upon procedures – another option?
Auditors
Conduct the audit in accordance with GAAS
(Generally Accepted Auditing Standards)
Ensure those charged with governance are aware of IC related matters required to be communicated
Ensure independence
Governing Body (Audit Committee)
Oversee the reliability of financial reporting including effectiveness of internal controls
Review financial statements and determine whether they are complete and consistent
Understand risks and exposures
Understand the scope of the audit
Management
Properly record transactions in the accounting records, establish and maintain internal controls
Make original accounting records and related information available
Allow access to personnel to whom we may direct inquiries
Provide written representations regarding the financial statements and the effectiveness of IC
Ensure compliance with laws & regulations
SAS 104-111 “Risk Assessment Standards”
Designed to improve the effectiveness of audits
More rigorous assessment of risk
Linkage between risks and audit procedures
SAS 114 “The Auditor’s Communication with those
Charged with Governance”
Emphasizes our audit requirements and communicates significant findings to the appropriate level of governance
SAS 112 “Communicating Internal Control related
Matters Identified in an Audit”
New definitions of significant deficiencies and material weaknesses (less room for auditor judgment)
Requires written communication of significant deficiencies and material weaknesses
Control Deficiency
Exists when the design or operation of a control does not allow for prevention or detection of a misstatement on a timely basis
Deficiency in design – a control is missing or not properly designed
Deficiency in operation – when a properly designed control does not operate as designed or when the person performing the control doesn’t have the necessary authority or qualifications
Significant Deficiency
A control deficiency (or combination of control deficiencies) which result in a more than remote likelihood that a misstatement that is more than inconsequential (magnitude) will not be prevented or detected
Material Weakness
A significant deficiency (or combination of significant deficiencies) that results in a more than remote likelihood that a material misstatement (magnitude) will not be prevented or detected
Management letter comment
Petty cash is not reconciled – likelihood of misstatement is more than remote; the magnitude would be inconsequential
Significant Deficiency
Failure to perform monthly reconciliations of significant accounts in a timely manner (AR, AP) – likelihood is more than remote however other related procedures (bank statement review, budget vs. actual analysis etc.) would reduce the magnitude to less than material but more than inconsequential
Material Weakness
Same individual receives the bank statement, prepares reconciliation and has check signing authority. There is no formal review of the bank reconciliations –
likelihood is more than remote; magnitude could be material
Payroll & Compensation
Fictitious employees: San Jose, CA – employee embezzled
$11m from her employer by providing false payroll data to a processing company and forging signatures
People behave the way you pay them to behave
Dominos – Driver ran red light speeding to make 30-minute delivery.
Woman received $750k in actual damages & $78m in punitive damages.
Commissions based on gross sales only (billing schemes)
Lack of oversight
Portland, ME – partner in Verrill Dana, LLP was fired for stealing money from the firm and clients
Managed private trusts and bank accounts
Over billed clients
Stole money from private accounts
Redirected funds to himself that should have gone to the firm
Stole over $400k
White-Collar Crime: “ Honest Person Turned Felon”
(embezzled over $250,000)
CPA at local accounting firm in North Carolina
Handled Trusts and Retirement accounts for corporate and individual clients
Felt the need to “keep up with the Joneses” by spending money they didn’t have
“Poster boy for the Fraud Triangle”
Independent review of bank statements
Conduct a “brainstorming session” with appropriate staff and board members to identify risk areas
Review “Understanding Internal Control” document *
Review “Audit Organizer” for proactive tips your organization can use to be prepared for an audit *
Establish a whistleblower protection policy
Conduct background checks on employees
Utilize internal control checklists to help identify weaknesses
Provide employee training
Monitor internal controls!
* available at nathanwechsler.com
(under Resources > NW Insights)