Expectations for Fraud Prevention & Detection

advertisement
Handling Internal Fraud Investigations
Do’s and Don’ts From a Credit Union Perspective
Mike Mossel – RSM McGladrey, Inc
June 15, 2011 – ACUIA Conference
Who Is This Guy??
Mike is the National Managing Director for McGladrey’s Credit
Union Risk Advisory Services.
Mike is responsible for managing all of McGladrey’s risk
advisory-related services provided to credit unions. Mike’s
practice consists of 21professionals who provide services to over
300 clients annually.
Mike has over 30 years of internal audit experience – 20 years
exclusively within the credit union industry.
Mike’s credentials include certifications as a Certified Fraud
Examiner (CFE), Certified Bank Auditor (CBA), Certified Risk
Professional (CRP) and Certified Financial Services Auditor
(CFSA).
Presentation Outline
 Internal Fraud…..the Unspoken Risk – what
is this animal?
 Awareness: First Line of Defense – Case
Studies
 General Legal Aspects of Fraud
 Fraud Examination Methodology
 Expectations for Fraud Prevention &
Detection
Internal Fraud
The basic questions-------???
1. Who does it?
2. Why do they do it?
3. How do they do it?
Internal Fraud
 Most frauds are committed by long-term
employees with responsibilities.
 Many times fraudulent funds are right in the
employee’s account
 Three elements of fraud:
-
Integrity
Motive
Opportunity
Internal Fraud
The most recently common types of internal
frauds based on our experience:






Loans
Identity Theft
GL Accounts
Stolen Cash
Unauthorized use of corporate credit cards
Kickbacks on sales of repossessed vehicles or indirect
loan dealers
 Procurement/Purchasing Functions
Case Study #1
Theft of $996,000 through the funding of RE
loans
-
Lack of adequate segregation of conflicting
duties
Lack of secondary review
Lack of adequate control over GL reconcilement
Case Study #2
Theft of $1.3 million through the ATM GL
Clearing accounts
-
Lack of adequate segregation of conflicting
duties
Lack of secondary review
Lack of assigned responsibility
Lack of adequate control over GL reconcilement
Lack of proper follow up
Lack of identifying fraud indicators
Case Study #3
Theft of $140,000 through improper system
access
-
Lack of adequate assignment of system access
Lack of periodic review
Lack of adequate secondary controls over GLs
Case Study #4
Theft of $139,000 through branch over/short
accounts
-
Lack of secondary review
Lack of assigned responsibility
Lack of adequate control over GL reconcilement
Lack of proper follow up
Lack of identifying fraud indicators
General Legal Aspects of Internal Fraud
Elements of Fraud:




Misrepresentation
Knowingly and with intent
Reliance
Injury
General Legal Aspects of Internal Fraud
Ways to Prove Intent:









Alteration of documents
Concealment
Destruction
Lying
Personal Gain
Obstruction
Pattern
Testimony
Confession
Fraud Examination Methodology




Circle the Wagons
Document Examination
Interview Process
Display of Physical Evidence
Circle the Wagons
 Confidentiality
 On a Need to Know Basis
Document Examination





Personnel files
Performance records
Prior audit/investigative files
Financial accounts and disclosures
Documents pertinent to the investigation –
wherever that takes you
Interview Process




Neutral Third Party Witnesses
Corroborative Witnesses
Co-Conspirators
Accused
Interview Process
Characteristics of a Good Interview:





Thoroughness
Pertinence
Objectivity
Timeliness
Observation
Interview Process
Characteristics of a Good Interviewer:






Good listener
Demonstrates fairness
Works informally
Lacks bias
Projects professionalism
Presents no threat
Interview Process
Overview of Question Methodology:





Introductory
Informational
Assessment
Closing
Admission seeking
Display of Physical Evidence
 Overestimation of the amount of physical
evidence
 Display one piece at a time
 Display in reverse order of importance
 When to cease displaying evidence
 Organized and thorough file documentation
Expectations for Fraud Prevention &
Detection
Procedural & Behavior Policies:
 The written documents that guide your
employees….an instructional manual of
sorts!
 Management should determine that the
credit union has designed written policies in
the operations, codes of conduct, conflict of
interest policies, and fraud policy.
 Make sure they are effectively
communicated to all employees.
Expectations for Fraud Prevention &
Detection
Credit Union Policies:
 Should clearly define the expectations for all
aspects of operations.
 Should be approved by the Board of
Directors.
Expectations for Fraud Prevention &
Detection
Code of Conduct Policies – written standards
that promote:
 Honest and ethical conduct.
 Compliance with credit union policies and
other rules and regulations.
 Internal reporting of anyone that violates the
code.
 Accountability for adherence to the code.
 Establishes a “tone at the top.”
Expectations for Fraud Prevention &
Detection
Fraud Policy:
 Establishes a “tone at the top” that fraudulent
acts will not be tolerated.
 Documents specifically what constitutes
fraudulent acts.
 Establishes responsibility for deterrence,
detection, investigation and reporting.
Expectations for Fraud Prevention &
Detection
Whistleblower Policy:
 Fraud reporting mechanisms are a critical component
of an effective fraud prevention and detection system
 Tips are overwhelmingly the #1 method of initial
detection
 Implement hotlines to receive tips and specific
avenues for employees to report
 Allow anonymity and confidentiality
 Employees should be encouraged to report
suspicious activity without fear of reprisal
Expectations for Fraud Prevention &
Detection
Employee Training:





Employee training is vital
What constitutes fraud
How it hurts everyone in the credit union
How to report any questionable activity
Identifying red flags




Living beyond means
Financial difficulties
Control issues
Close relationship with vendor/member
Take Aways
 Frauds are nasty but investigating them is an
absolute necessity
 Internal controls are a must
 Proper fraud examination methodology
 Policies and training
Questions & Answers
www.rsmmcgladrey.com
@
mike.mossel@mcgladrey.com
Download