Presented By:
Adam Hennen
• In 2010, the Association of Certified Fraud Examiners compiled a study of 1,843 fraud cases. It was estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2010 Gross World Product, this figure translates to a potential total fraud loss of more than $3.15 trillion ($733 billion dollars in the U.S. alone).
• The frauds lasted a median of 18 months before being detected.
• Based on average operating revenues of telephone companies in
2010, the effect of fraud could result in the following losses:
Average Operating Revenues
Percent of Revenues Lost to Fraud
Revenue Dollars Lost to Fraud
Average Schedule
Cooperatives Corporations
$ 2,512,000
5.0%
$ 125,600
$ 2,528,000
5.0%
$ 126,400
Cost
Cooperatives Corporations
$ 9,789,000
5.0%
$ 489,450
$ 6,064,000
5.0%
$ 303,200
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Occupational Frauds by Category (U.S. only)
— Frequency 4
4 The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Occupational Frauds by Category (U.S. only)
— Median Loss
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.
Schemes Committed by Perpetrators in the Accounting Department
— 367 Cases 23
23 The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.
Schemes Committed by Perpetrators in the Purchasing Department
— 103 Cases 28
28 The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.
Schemes Committed by Perpetrators in the Primary Operations of the Victim Organization
— 299 Cases 1
1 The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.
CHECK TAMPERING: Any fraud scheme in which a person steals his employer’s funds by intercepting, forging or altering a check drawn on one of the organization’s bank accounts.
EXAMPLE: Thomas Bell, a fiscal officer of “Let it Ring Phone
Company”, had access to company checks but was not authorized to sign them. Tom’s company used an automated check signer (a.k.a. – a signature stamp), which was guarded by a custodian. Tom took some blank checks and made them payable to himself, then snuck into the custodian’s office and signed them with the check signer.
• How many companies keep their signature stamp in a locked drawer.
• Does the accountant who prints checks have access to that drawer?
• Is the accountant who prints checks the custodian of the signature stamp?
Banks responsibility for check fraud:
• Under UCC Regulations, changes were made to articles 3 and
4, which shifted liability for check fraud back to the companies that wrote the checks in question.
• The bank’s obligation to provide “ordinary care” may not include signature verification.
BILLING SCHEMES: Any scheme in which a person causes his employer to issue a payment by submitting invoices for fictitious goods or services, inflated invoices or invoices for personal purchases.
EXAMPLE: Jon Bell (Tom’s Brother) is in charge of purchasing on behalf of “Let it Ring Phone Company”. Instead of buying merchandise directly from a vendor, Jon sets up a shell company and purchases the merchandise through that fictitious entity. He then resells the merchandise to his employer from the shell company at an inflated price, thereby making an unauthorized profit on the transaction.
• Purchase requisitions should be reviewed and approved by someone other than the employee initiating the request.
• Purchase orders should only be generated by employees in the purchasing department. These employees should not have access to generate or authorize purchase requests or receive goods.
• Vendor invoice approval should be restricted to the employee who initiated and authorized the purchase request or a person independent of the purchasing function.
• A report of all Pos issued to vendors should be reviewed by a supervisory-level employee not involved in initiating purchase orders with vendors.
• James, the chief of a small fire district in the state of
Washington, obtained an unauthorized credit card in the district’s name. He circumvented the district’s internal controls by intercepting the mail, removing the monthly credit card statement and making personal payments on the account to conceal the unauthorized purchases. The chief made personal charges in excess of $7,700, and was finally detected after retiring for personal reasons and the signatories were changed on all the bank accounts. The chief reimbursed the district for the personal charges and was not charged criminally.
• To better prevent fraud by credit card, organizations should:
– Establish written policies and procedures for credit card use and train employees to ensure they use the cards only for official business.
– Always obtain purchase receipts from employees and never pay bills using only the monthly credit card statements.
– Properly train employees on the authorization and approval procedures for all disbursements.
– Appropriately segregate employee duties and periodically monitor the work of key employees to ensure its expectations are being met.
• Perform an internal investigation.
• Make inquiries.
• Observe “Red Flag” activity.
• Hire a professional investigation (CFE, CPA, Lawyer, etc..)
• Living the fraud life. According to the 2010 Report to the
Nations, there are several behaviors that serve as red flags displayed by perpetrators. The two most common traits are a tendency to live beyond one’s means, and a struggle with financial difficulties. More than a third of those identified displayed at least one of the aforementioned behaviors, and about 20 percent had either a “wheeler-dealer attitude,” control issues (unwillingness to share duties), or personal problems, such as a divorce. Other red flags might include irritability or defensiveness, addiction problems, past legal problems, refusal to take vacation and complaining about inadequate pay.
19
Behavioral Red Flags of Perpetrators 29
29 The sum of percentages in this chart exceeds 100% because in many cases perpetrators displayed more than one behavioral red flag.
Data from the 2010 ACFR Report to the Nations on Occupational Fraud and Abuse.
• Suspects and witnesses often reveal more than they intend through their choices of words.
• Start by asking the question.
• Look for deviations that might suggest a person may be withholding, altering, or fabricating information.
1.
Lack of Self-Reference
2.
Verb Tense
3.
Answering Questions with
Questions
4.
Equivocation
5.
Oaths
6.
Euphemisms
7.
Alluding to Actions
8.
Lack of Detail
9.
Narrative Balance
10. Mean Length of Utterance
• Truthful people make frequent use of the pronoun “I” to describe their actions:
• EXAMPLE: “I arrived home at 6:30. The phone was ringing as I unlocked the front door, so I walked straight to the kitchen to answer it. I talked to my mother for 10 minutes before noticing that my TV and computer were missing from the living room.”
• Deceptive people often use language that minimizes references to themselves, usually by describing events in the passive voice.
• EXAMPLES: “The safe was left unlocked” rather than “I left the safe unlocked.” or “The shipment was authorized” rather than
“I authorized the shipment”.
• Even liars prefer not to lie. Outright lies carry the risk of detection. Before answering a question with a lie, a deceptive person will usually try to avoid answering the question at all. A common method of dodging questions is to respond with a question of one’s own.
EXAMPLES:
• “Why would I steal from the company?”
• “Do I seem like the kind of person who would do something like that?”
• “Don’t you think somebody would have to be pretty stupid to remove cash from their own register drawer?”
• Although deceptive people attempt to give as little useful information as possible, they try very hard to convince others that what they say is true. They do this by using oaths to try to make their statements sound more convincing.
• Deceptive people are more likely than truthful people to use statements such as: “I swear”, “on my honor,” “as God is my witness,” “cross my heart.”
• Truthful people are more confident that the facts will prove their statements and feel less need to back their statements with oaths.
• Truthful statements usually contain specific details, some of which may not even be relevant to the question asked. This happens because truthful subjects are retrieving events from long-term memory, and our memories store dozens of facts about each experience (the new shoes we were wearing, the song that was playing in the background, the woman at the next table, etc.). At least some of these details will show up in a truthful subject’s statement.
• Those who fabricate a story, however, tend to keep their statements simple and brief.
• Deceptive people will want to minimize the risk that an investigation will discover evidence that could contradict their story. (i.e., the fewer facts proven false, the better.)
• The endorsement on this check was made by a blind woman.
The signature was forged…how do we know?
• Do you know the extent of the losses?
• Can you get it back?
• Have you already been made whole?
• Do you intend to prosecute?
– Discuss the situation with legal counsel or a CPA/CFE.
• Small organizations are disproportionately victimized by occupational fraud. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud.
• As part of the 2010 study of fraud cases, the examiners compared the presence of anti-fraud controls at companies with fewer than 100 employees to the controls at companies with more than 100 employees.
• Study results reveal that smaller companies have fewer fraud preventative controls in place than the larger companies.
Frequency of Anti-Fraud Controls by Size of Victim Organization
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
• While tips have consistently been the most common way to detect fraud, the impact of tips is, if anything, understated by the fact that so many organizations fail to implement fraud reporting systems (a.k.a Hotlines).
• Such systems enable employees to anonymously report fraud or misconduct by phone or through a web-based portal.
• Formal codes of conduct and anti-fraud policies cost very little to implement, but serve as an effective way to make a clear and explicit statement against fraudulent and unethical conduct within an organization.
• Hotlines are consistently the most effective fraud detection method and would go a long way in helping small-business owners protect their assets from dishonest employees.
• The median loss for frauds at companies with hotlines was
59% smaller than the median loss for frauds at organizations without such a mechanism.
17 KEY:
External Audit of F/S = Independent external audits of the organization’s financial statements
Internal Audit / FE Department = Internal audit department or fraud examination department
External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
Management Certification of F/S = Management certification of the organization’s financial statements
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.
• How Important is Segregation of Duties?
• In nearly two – thirds of the fraud schemes covered by the
ACFE’s 2010 report to the nations, the person committing the fraud acted alone.
• However, when collusion of two or more employees existed in a fraud case, the damages were much more costly.
Primary Internal Control Weakness Observed by CFEs
Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse
• The best way to prevent fraud is by creating a perception of detection. Generally speaking, occupational fraud perpetrators only commit fraud if they believe they will not be caught.
• The threat of surprise audits increases employees’ perception that fraud will be detected and thus has a strong deterrent effect on potential fraudsters.
• Surprise audits, fraud policies, hotlines, etc…are only effective if people KNOW THEY EXIST!
Adam J. Hennen, CPA, CFE
Olsen Thielen, CPAs ahennen@otcpas.com
651-483-4521 (main office)
651-621-8523 (direct)