Fraud & Embezzlement

advertisement

Fraud & Embezzlement

Presenters:

Kirk B. Leoni, CPA (Principal) kleoni@nathanwechsler.com

Kelli Boyle, CPA (Manager) kboyle@nathanwechsler.com

Why are we here?

The median response indicated that the typical US organization loses 7% of its annual revenue to fraudulent activity.

This percentage applied to the estimated 2008 GDP of

$14.2 trillion would project that roughly $994 billion would be lost to fraud in 2008.

Source: 2008 Report to the Nation on Occupational Fraud and

Abuse by the Association of Certified Fraud Examiners

How is Fraud Detected?

50%

40%

30%

20%

10%

0%

Tip By

Accident

Internal

Audit

Internal

Controls

External

Audit

Notified by Police

2008

2006

Which Organizations Reported the Most Fraud?

40%

35%

30%

25%

20%

15%

10%

5%

0%

Private Co.

Public Co.

Government Not-for-Profit

2008

2006

Control Weaknesses that Contributed to Fraud

(only selected weaknesses shown)

40%

35%

30%

25%

20%

15%

10%

5%

0%

Lack of IC Lack of Mgmt Ov erride of

Rev iew Controls

Poor Tone at the Top

Lack of ov ersight

Lack of

Indep.

Checks/audit

Most important contributing factor

Occupational Fraud Schemes by Accounting

Personnel

40%

35%

30%

25%

20%

15%

10%

5%

0%

Corr uptio n

Billin g

Skim ming

Non

-Cas h

Che ck Ta

Exp ense mpe ring

Rei mbu rsem ent

Cas h on

Frau

Han d dule nt S tatem ents

Cas h La rcen y

Pay roll

Dis burs

Reg ister eme nts

Accounting

All Cases

Fraud Triangle

OPPORTUNITY

PRESSURE / INCENTIVES RATIONALIZATION

 10% of employees will never steal

 10% of employees will always steal

 80% of employees will steal if given the right opportunity, motivation or justification

Living beyond means

Financial difficulties

Wheeler-dealer attitude

Control issues

(unwilling to share duties)

Divorce / Family problems

Unusually close association with vendor / customer

Addiction problems

Refusal to take vacations

Excessive pressure from within the organization

Behavioral

Red

Flags

179

164

146

128

65

# of cases

370

327

195

62

% of cases

38.6%

34.1%

20.3%

18.7%

17.1%

15.2%

13.3%

6.8%

6.5%

Median Loss

$250k

$111k

$405k

$250k

$118k

$410k

$225k

$250k

$388k

What is the objective of an Audit?

The expression of an opinion about whether your financial statements are fairly presented, in all material respects, in conformity with U.S.

GAAP......not to detect fraud.

(According to the ACFE report to the nation, less than 10% of fraud is discovered by an External Audit)

Limitations of an Audit

Designed to obtain reasonable assurance, not absolute assurance about whether the financial statements are free from material misstatement (caused by error or fraud)

Not designed to detect immaterial errors or fraud.

Not designed to provide assurance about IC or identify deficiencies

However, SAS 112 requires written communication of those deficiencies the auditor becomes aware of

Audit vs. Review vs. Compilation

Compilation – lowest level of service – your account balances assembled into financial statement format

Review – use of analysis as opposed to tracing to source documents

Reviews & Compilations do not contemplate obtaining an understanding of IC or the assessment of risk.

Reviews & Compilations cannot be relied upon to disclose errors, fraud or illegal acts that may exist.

No requirement to communicate IC deficiencies

Agreed upon procedures – another option?

Audit Responsibilities (1 of 3)

 Auditors

Conduct the audit in accordance with GAAS

(Generally Accepted Auditing Standards)

Ensure those charged with governance are aware of IC related matters required to be communicated

Ensure independence

Audit Responsibilities (2 of 3)

Governing Body (Audit Committee)

Oversee the reliability of financial reporting including effectiveness of internal controls

Review financial statements and determine whether they are complete and consistent

Understand risks and exposures

Understand the scope of the audit

Audit Responsibilities (3 of 3)

Management

Properly record transactions in the accounting records, establish and maintain internal controls

Make original accounting records and related information available

Allow access to personnel to whom we may direct inquiries

Provide written representations regarding the financial statements and the effectiveness of IC

Ensure compliance with laws & regulations

Recent Developments

SAS 104-111 “Risk Assessment Standards”

Designed to improve the effectiveness of audits

More rigorous assessment of risk

Linkage between risks and audit procedures

SAS 114 “The Auditor’s Communication with those

Charged with Governance”

Emphasizes our audit requirements and communicates significant findings to the appropriate level of governance

Recent Developments (continued)

SAS 112 “Communicating Internal Control related

Matters Identified in an Audit”

New definitions of significant deficiencies and material weaknesses (less room for auditor judgment)

Requires written communication of significant deficiencies and material weaknesses

SAS 112 – Definitions

Control Deficiency

Exists when the design or operation of a control does not allow for prevention or detection of a misstatement on a timely basis

Deficiency in design – a control is missing or not properly designed

Deficiency in operation – when a properly designed control does not operate as designed or when the person performing the control doesn’t have the necessary authority or qualifications

SAS 112 – Definitions (continued)

Significant Deficiency

A control deficiency (or combination of control deficiencies) which result in a more than remote likelihood that a misstatement that is more than inconsequential (magnitude) will not be prevented or detected

Material Weakness

A significant deficiency (or combination of significant deficiencies) that results in a more than remote likelihood that a material misstatement (magnitude) will not be prevented or detected

SAS 112 Examples

Management letter comment

Petty cash is not reconciled – likelihood of misstatement is more than remote; the magnitude would be inconsequential

Significant Deficiency

Failure to perform monthly reconciliations of significant accounts in a timely manner (AR, AP) – likelihood is more than remote however other related procedures (bank statement review, budget vs. actual analysis etc.) would reduce the magnitude to less than material but more than inconsequential

Material Weakness

Same individual receives the bank statement, prepares reconciliation and has check signing authority. There is no formal review of the bank reconciliations –

likelihood is more than remote; magnitude could be material

Fraud Examples “in the News”

Payroll & Compensation

Fictitious employees: San Jose, CA – employee embezzled

$11m from her employer by providing false payroll data to a processing company and forging signatures

People behave the way you pay them to behave

Dominos – Driver ran red light speeding to make 30-minute delivery.

Woman received $750k in actual damages & $78m in punitive damages.

Commissions based on gross sales only (billing schemes)

Fraud Examples “in the News”

 Lack of oversight

Portland, ME – partner in Verrill Dana, LLP was fired for stealing money from the firm and clients

Managed private trusts and bank accounts

Over billed clients

Stole money from private accounts

Redirected funds to himself that should have gone to the firm

Stole over $400k

Fraud Examples “in the News”

White-Collar Crime: “ Honest Person Turned Felon”

(embezzled over $250,000)

CPA at local accounting firm in North Carolina

Handled Trusts and Retirement accounts for corporate and individual clients

Felt the need to “keep up with the Joneses” by spending money they didn’t have

“Poster boy for the Fraud Triangle”

Action Steps

Independent review of bank statements

Conduct a “brainstorming session” with appropriate staff and board members to identify risk areas

Review “Understanding Internal Control” document *

Review “Audit Organizer” for proactive tips your organization can use to be prepared for an audit *

Establish a whistleblower protection policy

Conduct background checks on employees

Utilize internal control checklists to help identify weaknesses

Provide employee training

Monitor internal controls!

* available at nathanwechsler.com

(under Resources > NW Insights)

Download