FRAUD-THE RISK HAS INCREASED Larry Finney, GF&H October, 2009 larry@gfhllp.com INTRODUCTION General increase in fraud awareness (risk of fraud) in past Sarbanes-Oxley Creation of PCAOB Various Statements on Auditing Standards Risk of fraud More emphasis on internal controls INTRODUCTION Now actual fraud is on the rise But it is not just fraud-it is questionable ethics, manipulation, expediency, bending the rules-it is all on the rise Not just the economy-it looks like values and morals are slowly eroding in our society CASE STUDIES FROM 2008/2009 Small local government Treasurer Worked at gov’t for 34 years Grown up in community Three changes in bosses over 18 month period Responsible for some deposits and receipting, bank reconciliations, payroll, accounts payable, and help with other functions in small finance office CASE STUDIES FROM 2008/2009 Small local government Started paying herself Vacation and sick pay, but not deducting hours Extra payroll payment on off payroll day Infrequent at first , but then more often Charged to different accounts to stay under budget Explanation Family members having financial difficulties Figured could pay it back CASE STUDIES FROM 2008/2009 Larger local government Bookkeeper Responsible for some depositing, accounts payable and some reporting Made credit card purchases for government at request of others, including boss Reconciled credit card purchases monthly and prepared check Would give checks to boss or boss’ designee for signature Would not include statements with checks CASE STUDIES FROM 2008/2009 Larger local government Boss signed checks and gave back to bookkeeper Bookkeeper started making personal purchases with credit card When got short on cash, would not pay full balance No one aware inside government Multiple years CASE STUDIES FROM 2008/2009 Larger local government Explanation ????? This one should have been caught-but not proper review and monitoring-too busy Seemed okay with bending the rules-it was just a few personal things here and there-not a big deal WHY IS FRAUD RISK HIGHER NOW? Opportunity THE FRAUD TRIANGLE Rationalization Motive WHY IS FRAUD RISK HIGHER NOW? It’s the economy stupid! Family members have lost jobs or are working less hours With less people at work, internal controls tend to fail more Less monitoring and review (“I don’t have time to get it all done”) Even the most trustworthy of people can fall to temptation, especially in certain circumstances RISK OF FRAUD HIGHER NOW This is why two things are critical in your organization: Continuous fraud risk management process Strong organizational culture regarding ethics and values ETHICS Ability to distinguish right from wrong AND the commitment to do what is right Following the spirit and intent of rules and regulations as well as the letter As opposed to: Expediency Manipulation Bending rules where there is no flexibility Rationalization ETHICS Much of what happens ethically within an organization depends on the culture and environment The culture and environment is set by the “tone at the top” of the organization ETHICS-2007 National Survey Strength of organization-wide ethics culture has biggest impact on misconduct 56% of employees observe misconduct Top types of misconduct Conflicts of interest Abusive or intimidating behavior Lying to employees Fraudulent activity is further down the list Increases dramatically as work environment increases in negativity ETHICS-2007 National Survey Strength of formal ethics program has greatest impact on encouraging employee reporting 42% of employees don’t report observed misconduct Primarily due to thoughts of futility fear of retaliation 36% feared retaliation and didn’t report, but only 12% who reported experienced retaliation One-third took matters into own hands 40% would have had to report to person involved ETHICS-2007 National Survey 25% of organizations had well-implemented and comprehensive ethics and compliance program in place Ethical leadership, supervisor reinforcement, peer commitment, embedded ethical values 29% of employees with these organizations failed to report versus 61% of employees without comprehensive programs 25% believe they are rewarded for ethical behavior and feel prepared to handle situations that could lead to misconduct ETHICS-2007 National Survey But only 9% have very strong ethical cultures! Another 43% of fairly strong ethical cultures 24% observed misconduct on very strong cultures versus 98% in weak cultures FRAUD RISK MANAGEMENT Overall goal: More Self Governance By Organizations (Trust but be skeptical) MORE SELF GOVERNANCE… Detection of fraud in government Internal controls Accident Tips Internal audit External audit Police Source: ACFE 2008 report to the nation on occupational fraud and abuse FRAUD RISK MANAGEMENT ASSESS PREVENT EVALUATE RESPOND DETECT DESIGN IMPLEMENT From KPMG FRAUD RISK MANAGEMENT Prevention Leadership and Governance Board/Audit committee oversight Senior management oversight Internal audit function Fraud and misconduct risk assessment What could go wrong? Think criminally-put yourself in their shoes-if I wanted to commit fraud what could I do? Then decide what to do about those high risks FRAUD RISK MANAGEMENT Prevention Code of conduct Should be based on organization’s core values Should be backed up by good environment Hiring, retention and promotion of employees and third-parties Communication and training-continually Internal controls Limited access to data/information Segregation of duties Monitoring and review Surprise people-be unpredictable FRAUD RISK MANAGEMENT Detection Open culture and environment Processes for reporting misconduct and seeking counsel Auditing and monitoring Proactive data analysis Surprise audits FRAUD RISK MANAGEMENT Response Investigations Enforcement and accountability Corrective action Consistency FRAUD RISK MANAGEMENT PREVENTION DETECTION RESPONSE Board/Audit Committee oversight Executive and other management functions Internal audit, compliance and monitoring functions Risk assessment Process for reporting and counsel Investigation process Code of conduct Auditing and monitoring Enforcement and accountability HR/Procurement due diligence Data Analysis Corrective action process Communication and training Limited access to data SO WHAT? The best organizations are those with very strong ethics cultures and with a strong ethics and compliance program, including a continuous fraud risk management program SO WHAT? So what do these organizations look like? Strong support and communication from top management and supervisors regarding time, effort and energy into ethics and fraud risk management Top management and supervisors keep promises and follows through on commitments (only commit to what you know you can do) Policies and procedures show commitment to ethics and compliance SO WHAT? So what do these organizations look like? Decisions/actions from top management and supervisors reinforce policies and procedures Success through questionable means is not rewarded Long-term commitment is seen through time and perseverance Communicate policies and procedures often Each person (especially managers and supervisors) must pay attention to the people around them and how they are doing SO WHAT? So what do these organizations look like? Employees: Willing to seek advice about ethical issues Are trained to handle ethical situations as they arise Are rewarded for ethical behavior Understand that trust is not enough Employees must believe reported situations will be handled honestly and properly and that retaliation will not occur Everything written and verbally stated is lived out SO WHAT? Organizations train their people to consider three questions when faced with an ethical dilemma: 1. 2. 3. Is it legal? Is it balanced and consistent? Is it right? Be careful-rationalization can eliminate logic very quickly SO WHAT? NOTE: you will find out a lot about your organizational culture and your people when you get involved in ethics policy and risk management “Leadership is a potent combination of strategy and character. But if you must be without one, be without strategy.” General Norman Schwarzkopf FRAUD STATISTICS FOR GOVERNMENT (ACFE Biannual report-2008) Estimated that organizations lose 7% of annual revenues to fraud Average loss was $100,000 based on 106 cases Corruption, billing, non-cash, skimming, cash on hand and expense reimbursement most common Average fraud lasts 24 months before detected If organization had: external audit of internal controls median loss was 69% less than those who did not, independent audit committee 37% less, management review of internal controls 33% less, management certification of financial statements 27% less implemented a hot line 17% less FRAUD STATISTICS FOR GOVERNMENT (ACFE Biannual report-2008) The most effective controls in reducing the loss due to fraud: Surprise audits-reduced loss by 66% Mandatory job rotation/vacation-61% Fraud hotline-60% Internal audit-53% External audit of internal controls-48% Most common modifications after fraud discovered Management review of and changes to internal controls Surprise audits Fraud training for management Job rotation/mandatory vacation Anti-fraud policy FRAUD STATISTICS FOR GOVERNMENT (ACFE Biannual report-2008) Over 80% of perpetrators had no criminal history and no punishment or terminations in work history Most common behavioral red flags present during fraud schemes: Living beyond means Financial difficulties Wheeler-dealer attitude Control issues-unwilling to share duties Divorce/family problems Unusually close association with vendor/customer Irritability, defensiveness Addiction problems