FRAUD-THE RISK HAS INCREASED
Larry Finney, GF&H
October, 2009
larry@gfhllp.com
INTRODUCTION

General increase in fraud awareness (risk of
fraud) in past
Sarbanes-Oxley
 Creation of PCAOB
 Various Statements on Auditing Standards

 Risk
of fraud
 More emphasis on internal controls
INTRODUCTION
Now actual fraud is on the rise
 But it is not just fraud-it is questionable
ethics, manipulation, expediency, bending the
rules-it is all on the rise
 Not just the economy-it looks like values and
morals are slowly eroding in our society

CASE STUDIES FROM 2008/2009

Small local government
Treasurer
 Worked at gov’t for 34 years
 Grown up in community
 Three changes in bosses over 18 month period
 Responsible for some deposits and receipting,
bank reconciliations, payroll, accounts payable,
and help with other functions in small finance
office

CASE STUDIES FROM 2008/2009

Small local government

Started paying herself
 Vacation
and sick pay, but not deducting hours
 Extra payroll payment on off payroll day
 Infrequent at first , but then more often
Charged to different accounts to stay under
budget
 Explanation

 Family
members having financial difficulties
 Figured could pay it back
CASE STUDIES FROM 2008/2009

Larger local government
Bookkeeper
 Responsible for some depositing, accounts
payable and some reporting
 Made credit card purchases for government at
request of others, including boss
 Reconciled credit card purchases monthly and
prepared check

 Would
give checks to boss or boss’ designee for
signature
 Would not include statements with checks
CASE STUDIES FROM 2008/2009

Larger local government
Boss signed checks and gave back to bookkeeper
 Bookkeeper started making personal purchases
with credit card

 When
got short on cash, would not pay full balance
 No one aware inside government
 Multiple years
CASE STUDIES FROM 2008/2009

Larger local government

Explanation
 ?????
This one should have been caught-but not proper
review and monitoring-too busy
 Seemed okay with bending the rules-it was just a
few personal things here and there-not a big deal

WHY IS FRAUD RISK HIGHER NOW?
Opportunity
THE FRAUD TRIANGLE
Rationalization
Motive
WHY IS FRAUD RISK HIGHER NOW?

It’s the economy stupid!
Family members have lost jobs or are working
less hours
 With less people at work, internal controls tend to
fail more
 Less monitoring and review (“I don’t have time to
get it all done”)
 Even the most trustworthy of people can fall to
temptation, especially in certain circumstances

RISK OF FRAUD HIGHER NOW

This is why two things are critical in your
organization:
 Continuous
fraud risk management process
 Strong organizational culture regarding ethics and
values
ETHICS
Ability to distinguish right from wrong AND
the commitment to do what is right
 Following the spirit and intent of rules and
regulations as well as the letter
 As opposed to:

Expediency
 Manipulation
 Bending rules where there is no flexibility
 Rationalization

ETHICS
Much of what happens ethically within an
organization depends on the culture and
environment
 The culture and environment is set by the
“tone at the top” of the organization

ETHICS-2007 National Survey

Strength of organization-wide ethics culture
has biggest impact on misconduct
56% of employees observe misconduct
 Top types of misconduct

 Conflicts
of interest
 Abusive or intimidating behavior
 Lying to employees
 Fraudulent activity is further down the list

Increases dramatically as work environment
increases in negativity
ETHICS-2007 National Survey

Strength of formal ethics program has
greatest impact on encouraging employee
reporting

42% of employees don’t report observed
misconduct
 Primarily
due to thoughts of futility fear of retaliation
 36% feared retaliation and didn’t report, but only 12%
who reported experienced retaliation
 One-third took matters into own hands
 40% would have had to report to person involved
ETHICS-2007 National Survey

25% of organizations had well-implemented
and comprehensive ethics and compliance
program in place
Ethical leadership, supervisor reinforcement, peer
commitment, embedded ethical values
 29% of employees with these organizations failed
to report versus 61% of employees without
comprehensive programs
 25% believe they are rewarded for ethical
behavior and feel prepared to handle situations
that could lead to misconduct

ETHICS-2007 National Survey
But only 9% have very strong ethical
cultures!
 Another 43% of fairly strong ethical cultures
 24% observed misconduct on very strong
cultures versus 98% in weak cultures

FRAUD RISK MANAGEMENT
Overall goal:
More Self Governance By Organizations
(Trust but be skeptical)
MORE SELF GOVERNANCE…

Detection of fraud in government
 Internal
controls
 Accident
 Tips
 Internal
audit
 External audit
 Police

Source: ACFE 2008 report to the nation on occupational fraud and abuse
FRAUD RISK MANAGEMENT
ASSESS
PREVENT
EVALUATE RESPOND
DETECT
DESIGN
IMPLEMENT
From KPMG
FRAUD RISK MANAGEMENT

Prevention

Leadership and Governance
 Board/Audit
committee oversight
 Senior management oversight
 Internal audit function
 Fraud and misconduct risk assessment


What could go wrong?
Think criminally-put yourself in their shoes-if I wanted to
commit fraud what could I do?
 Then
decide what to do about those high risks
FRAUD RISK MANAGEMENT

Prevention

Code of conduct





Should be based on organization’s core values
Should be backed up by good environment
Hiring, retention and promotion of employees and
third-parties
Communication and training-continually
Internal controls




Limited access to data/information
Segregation of duties
Monitoring and review
Surprise people-be unpredictable
FRAUD RISK MANAGEMENT

Detection
Open culture and environment
 Processes for reporting misconduct and seeking
counsel
 Auditing and monitoring

 Proactive
data analysis
 Surprise audits
FRAUD RISK MANAGEMENT

Response
Investigations
 Enforcement and accountability
 Corrective action
 Consistency

FRAUD RISK MANAGEMENT
PREVENTION
DETECTION
RESPONSE
Board/Audit Committee oversight
Executive and other management functions
Internal audit, compliance and monitoring functions
Risk assessment
Process for reporting and counsel Investigation process
Code of conduct
Auditing and monitoring
Enforcement and accountability
HR/Procurement due diligence Data Analysis
Corrective action process
Communication and training
Limited access to data
SO WHAT?

The best organizations are those with very
strong ethics cultures and with a strong ethics
and compliance program, including a
continuous fraud risk management program
SO WHAT?

So what do these organizations look like?
Strong support and communication from top
management and supervisors regarding time,
effort and energy into ethics and fraud risk
management
 Top management and supervisors keep promises
and follows through on commitments (only
commit to what you know you can do)
 Policies and procedures show commitment to
ethics and compliance

SO WHAT?

So what do these organizations look like?
Decisions/actions from top management and
supervisors reinforce policies and procedures
 Success through questionable means is not
rewarded
 Long-term commitment is seen through time and
perseverance
 Communicate policies and procedures often
 Each person (especially managers and
supervisors) must pay attention to the people
around them and how they are doing

SO WHAT?

So what do these organizations look like?

Employees:
 Willing
to seek advice about ethical issues
 Are trained to handle ethical situations as they arise
 Are rewarded for ethical behavior

Understand that trust is not enough
 Employees
must believe reported situations will be
handled honestly and properly and that retaliation will
not occur

Everything written and verbally stated is lived out
SO WHAT?

Organizations train their people to consider
three questions when faced with an ethical
dilemma:
1.
2.
3.

Is it legal?
Is it balanced and consistent?
Is it right?
Be careful-rationalization can eliminate logic
very quickly
SO WHAT?

NOTE: you will find out a lot about your
organizational culture and your people when
you get involved in ethics policy and risk
management
“Leadership is a potent combination of
strategy and character. But if you must
be without one, be without strategy.”
General Norman Schwarzkopf
FRAUD STATISTICS FOR GOVERNMENT
(ACFE Biannual report-2008)





Estimated that organizations lose 7% of annual revenues to
fraud
Average loss was $100,000 based on 106 cases
Corruption, billing, non-cash, skimming, cash on hand and
expense reimbursement most common
Average fraud lasts 24 months before detected
If organization had:





external audit of internal controls median loss was 69% less than
those who did not,
independent audit committee 37% less,
management review of internal controls 33% less,
management certification of financial statements 27% less
implemented a hot line 17% less
FRAUD STATISTICS FOR GOVERNMENT
(ACFE Biannual report-2008)

The most effective controls in reducing the loss due to fraud:






Surprise audits-reduced loss by 66%
Mandatory job rotation/vacation-61%
Fraud hotline-60%
Internal audit-53%
External audit of internal controls-48%
Most common modifications after fraud discovered





Management review of and changes to internal controls
Surprise audits
Fraud training for management
Job rotation/mandatory vacation
Anti-fraud policy
FRAUD STATISTICS FOR GOVERNMENT
(ACFE Biannual report-2008)


Over 80% of perpetrators had no criminal history and no
punishment or terminations in work history
Most common behavioral red flags present during fraud
schemes:








Living beyond means
Financial difficulties
Wheeler-dealer attitude
Control issues-unwilling to share duties
Divorce/family problems
Unusually close association with vendor/customer
Irritability, defensiveness
Addiction problems