7 Keys to Fraud Prevention and Detection

7 Keys to Fraud Prevention and
Detection
Ron Steinkamp, CPA, CIA, CFE, CRMA, CGMA
314.983.1382
rsteinkamp@bswllc.com
6 CityPlace Drive, Suite 900 │ St. Louis, Missouri 63141 │ 314.983.1200
1.888.279.2792 │ www.bswllc.com
Session Benefits
What is Occupational Fraud
2012 ACFE Global Fraud Study
Red Flags
7 Keys
Fraud Self Assessment
© 2013 All Rights Reserved Brown Smith
Wallace LLC
What is Occupational Fraud?
© 2013 All Rights Reserved Brown Smith Wallace LLC
Definition
The use of one’s occupation for personal enrichment through the deliberate
misuse or application of the employing organization’s resources or assets.
Three general categories:

Asset misappropriation

Corruption

Financial statement fraud
© 2013 All Rights Reserved Brown Smith Wallace LLC
Asset Misappropriation
Employee steals or misuses an organization’s assets/resources.
- Examples:
•
•
•
•
•
•
Skimming cash receipts.
Falsifying voids and refunds.
Tampering with company checks.
Overstating expenses.
Creating a ghost employee.
Creating a fictitious vendor and false invoice.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Corruption
Employee’s use of his/her influence in business transactions in a way
that violates his/her duty to the employer for the purpose of obtaining
benefit for him/herself or someone else.
- Examples:
•
•
•
Conflicts of interest.
Illegal gratuities.
Bribery.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Financial Statement Fraud
Intentional misstatement or omission of material information in the
organization’s financial reports with the intent to mislead.
- Examples:
•
•
•
•
Inflating revenues on the financials to show greater profit.
Concealing liabilities.
Forcing actual expenditures to match budget by moving
expenses between accounts.
Improperly accounting for revenues and expenditures.
© 2013 All Rights Reserved Brown Smith Wallace LLC
2012 ACFE Global Fraud Study
Report to the Nations on Occupational
Fraud and Abuse
© 2013 All Rights Reserved Brown Smith Wallace LLC
Summary of Findings
1.
Typical organization loses 5% of annual revenue to fraud – applied to 2011 Gross World
Product translates to potential fraud loss of more than $3.5 trillion annually.
2.
Median loss in the study was $140,000.
3.
Fraud lasted a median of 18 months.
4.
Asset misappropriation schemes (fraudulent disbursements, theft of cash receipts, other asset
misappropriations) were the most common form of fraud, representing 87% of the cases and
least costly at a median loss of $120,000.
5.
Financial statement fraud schemes were the least common form of fraud, representing 8% of
the cases and most costly at a median loss at $1 million.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Summary of Findings
6.
Corruption schemes fell in the middle, comprising just over 33% of cases and causing a
median loss of $250,000.
7.
Occupational frauds are most likely to be detected by tips (43%) followed by management
review (15%) and Internal Audit (14%).
8.
Small organizations are disproportionately victimized by occupational fraud.
9.
Government/public administration was one of the most commonly victimized
industries.
10. Anti-fraud controls appear to help reduce the cost and duration of occupational fraud
schemes.
11. High-level perpetrators cause the greatest damage to their organizations.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Summary of Findings
12. 80% of frauds were committed by individuals in one of six departments:
• Accounting
• Operations
• Sales
• Executive/upper management
• Customer service
• Purchasing
13. More than 85% of fraudsters had never been previously charged or convicted for a fraudrelated offense.
14. Fraud perpetrators often display warning signs – most common behavioral red flag reported in
the survey were perpetrators living beyond their means (36%) and experiencing financial
difficulty (27%).
15. Nearly half of victim organizations do not recover any losses that they suffer due to fraud.
© 2013 All Rights Reserved Brown Smith Wallace LLC
How are Frauds Detected?
© 2013 All Rights Reserved Brown Smith Wallace LLC
Source of Tips
© 2013 All Rights Reserved Brown Smith Wallace LLC
Conclusions and Recommendations
• Occupational fraud is a global problem – trends in fraud schemes, perpetrator characteristics and
anti-fraud controls are similar regardless of where the fraud occurred.
• Fraud reporting is a critical component of an effective fraud prevention and detection system.
• Organizations over-rely on audits.
• Employee education is the foundation of preventing and detecting occupational fraud. Most frauds
are detected by tips and anti-fraud training for employees and managers results in lower fraud
losses.
• Surprise audits are an effective, yet underutilized, tool in the fight against fraud. Useful in detecting
fraud, but most important benefit is in preventing fraud by creating a perception of detection.
• Small business are particularly vulnerable to fraud due to far fewer controls in place. Need to focus
on hotlines and setting an ethical tone.
• Internal controls alone are insufficient to fully prevent occupational fraud.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Conclusions and Recommendations
• Fraudsters exhibit behavioral warning signs of their misdeeds. For example:
-
Living beyond their means.
Financial difficulties.
Exhibiting control issues – unwillingness to share duties.
Unusually close relationship with vendor/customer.
Wheeler dealer attitude.
Family problems.
Irritability, suspiciousness or defensiveness.
Addiction problems.
Refusal to take vacation.
Etc.
• Auditors and employees should be trained to recognize the common behavioral signs that a fraud
is occurring.
• Effective fraud prevention measures are critical
© 2013 All Rights Reserved Brown Smith Wallace LLC
Red Flags
© 2013 All Rights Reserved Brown Smith Wallace LLC
The Fraud Triangle
© 2013 All Rights Reserved Brown Smith Wallace LLC
Pressure “Red Flags”
•
High personal debts.
•
Living beyond their means.
•
Excessive investment speculation.
•
Excessive gambling.
•
Substance abuse.
•
Extra-marital affairs.
•
Job frustration.
•
Resentment of superiors.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Opportunity “Red Flags”
•
Inadequate internal controls.
•
Too “cozy” with suppliers.
•
Annual vacation or sick days not taken.
•
Weak management or excessive turnover.
•
Ineffective or no internal audit.
•
No rotation of job duties among employees.
•
Procedures not well understood/always in crisis mode.
•
Large amounts of cash on hand or processed.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Rationalization “Red Flags”
•
Not compensated fairly.
•
No recent raises/cost of living adjustments.
•
Everyone else does it.
•
Intended to pay it back.
•
Needed the money.
•
Felt cheated and wanted revenge.
•
Bribe/kickback to tempting.
© 2013 All Rights Reserved Brown Smith Wallace LLC
7 Keys
© 2013 All Rights Reserved Brown Smith Wallace LLC
Anti-Fraud Culture
Improved Controls
Fraud Policy
Fraud
Awareness/Training
Review/Investigation
Assess Fraud Risks
© 2013 All Rights Reserved Brown Smith Wallace LLC
Hotline
1. Anti-Fraud Culture
•
Set the tone at the top = Lead by Example
–
–
–
–
•
Create a positive workplace environment
–
–
–
•
Responsibility of elected officials and City management
Behave ethically and openly communicate expectations to employees
Treat all employees equally
Zero tolerance
Focus on employee morale
Empower employees
Communicate
Hire and promote appropriate employees
–
–
–
–
Conduct background investigations before hiring or promoting
Check candidate’s education, employment history, references
Continuous and objective evaluation of compliance with entity values
Violations addressed immediately
© 2013 All Rights Reserved Brown Smith Wallace LLC
1. Anti-Fraud Culture
•
Code of Conduct
–
–
–
–
•
Formalized and founded on integrity
Defines acceptable employee behavior
Communicated to all employees
All employees are held accountable for compliance
Discipline
–
–
–
Sends a strong message throughout the entity
Should be appropriate and consistent
Consequences of committing fraud clearly communicated throughout
the entity
© 2013 All Rights Reserved Brown Smith Wallace LLC
1. Anti-Fraud Culture
•
Oversight Process
–
City Council/Elected Officials
•
•
•
Evaluate management’s “tone at the top”, identification of fraud risks and
implementation of anti-fraud controls
Ensure that management implements anti-fraud measures
Consider the potential for management override of controls
– Management
•
•
•
Directs, implements and monitors anti-fraud controls
Sets the ethical tone
Trains employees
– Internal Auditor (if available)
•
•
•
•
•
Identifies fraud indicators
Assesses fraud risks
Evaluates anti-fraud controls
Recommends actions to mitigate risks
Investigates potential frauds
© 2013 All Rights Reserved Brown Smith Wallace LLC
2. Fraud Policy
•
Demonstrate commitment to combating fraud
•
Apply to all Elected officials, City management,
employees, consultants, vendors, contractors, etc.
•
Should include:
–
–
–
–
–
–
–
–
–
–
Statement of organization’s position on fraud
Scope of the policy – who does it apply to
Management’s responsibility for prevention and detection of fraud
Definition of fraud
Actions constituting fraud
Fraud reporting process/procedures
Fraud investigation process/procedures
Unit responsible for administration of the policy and investigating fraud
allegations
Statement on anonymity/confidentiality
Consequences
© 2013 All Rights Reserved Brown Smith Wallace LLC
2. Fraud Policy
•
Reviewed and updated regularly.
•
Signed off and agreed to by the City Council/Mayor.
•
See the ACFE for an example Fraud Policy
http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/Sa
mple_Fraud_Policy.pdf
© 2013 All Rights Reserved Brown Smith Wallace LLC
3. Fraud Awareness/Training
•
All new employees should be trained at time of hiring
on the Code of Conduct and Fraud Policy.
•
Training should include:
–
–
–
–
•
Their duty to communicate certain matters
A list of the types of matters to be communicated along with examples
How to communicate those matters
Affirmation from senior management regarding employee expectations
and communication responsibilities
Refresher training periodically
© 2013 All Rights Reserved Brown Smith Wallace LLC
4. Hotline
•
Enable employees, vendors, customers and others to
communicate concerns about known or suspected
wrongdoing.
•
Telephone, email, internet.
•
Anonymous.
•
Adequately publicized.
•
Internal or External.
•
Complaint monitoring and investigation/resolution.
© 2013 All Rights Reserved Brown Smith Wallace LLC
5. Assess Fraud Risks
•
Conduct an annual fraud risk assessment.
–
Assists management in systematically identifying where and how fraud may
occur and who may be in a position to commit fraud
–
Focus on fraud schemes and scenarios to determine the presence of internal
controls and whether or not the controls can be circumvented.
–
General steps:
• Identify areas and processes to assess
• Identify potential fraud schemes in each area/process
• Assess likelihood and significant of each scheme
• Map existing anti-fraud controls to potential fraud schemes
• Test operating effectiveness of antifraud controls
• Identify any control gaps and/or deficiencies = Residual risks
• Document and report on the fraud risk assessment
© 2013 All Rights Reserved Brown Smith Wallace LLC
5. Assess Fraud Risks
•
Mitigate Fraud Risks
–
–
•
Make changes to activities and/or processes = transfer or eliminate the risks
Improve anti-fraud controls
Monitor Fraud Risks
–
–
Develop data analytics for management to use to monitor fraud risks
Utilize Internal Audit to conduct audits of risk areas.
© 2013 All Rights Reserved Brown Smith Wallace LLC
6. Fraud Review/Investigation
•
All concerns/suspicions of wrongdoing should be reviewed
and determination made whether a fraud investigation is
warranted.
•
Develop a policy for fraud reviews and investigations that
specifies:
–
–
–
–
–
–
Who is responsible for the review/investigation
Roles of Legal Counsel, Human Resources, Internal Audit, others
Process for conducting the review/investigation
Documentation requirements
Reporting requirements
When to involve law enforcement
© 2013 All Rights Reserved Brown Smith Wallace LLC
6. Fraud Review/Investigation
•
Gather sufficient information and perform procedures
necessary to determine:
–
–
–
Whether fraud has occurred
Loss or exposure associated with the fraud
Who was involved and how it happened
•
Must prepare, document and preserve evidence sufficient for
potential legal proceedings.
•
Include experts = Certified Fraud Examiner (CFE)
© 2013 All Rights Reserved Brown Smith Wallace LLC
7. Improved Controls
•
Use lessons learned from any fraud reviews or investigations
to improve anti-fraud controls.
•
All fraud review and investigations should include a report to
management with recommendations for control
improvement.
© 2013 All Rights Reserved Brown Smith Wallace LLC
Fraud Self Assessment
© 2013 All Rights Reserved Brown Smith Wallace LLC
Fraud Self Assessment
If you are interested in taking
our free Fraud Risk Assessment,
please provide your card our
send an email to Ron Steinkamp
at rsteinkamp@bswllc.com
© 2013 All Rights Reserved Brown Smith
Wallace LLC
Training Academy January Survey
• We rely on your feedback to provide training
on topics you want to hear; please take a few
short minutes to fill out this brief evaluation
of this presentation:
https://www.surveymonkey.com/s/2YTWCBH