EBPAQC Fraud Risks in Employee Benefit Plans Live Forum

advertisement
Employee Benefit Plan Audit Quality Center
EBPAQC Live Forum
Fraud Risks in Employee Benefit Plans
February 17, 2010
1
CPE Credit For Participating
• Must have registered for CPE credit prior to this live forum
– CPE Credit Approval Form emailed to you
• Listen for announcement of 4 CPE codes (7 digits: ALL_ _
_ _ ) and 4 polling questions during the live forum
• Record CPE Codes on CPE Credit Approval Form (no need
to record polling questions)
• Return completed form (by fax or mail) to AICPA Service
Center for record of attendance
• Keep a copy of completed CPE Credit Approval Form for
your records
2
Today’s Presenters and Objectives
Marilee Lau, CPA
Chair
Executive Committee
AICPA Employee Benefit Plan
Audit Quality Center
3
Presenters
Marilee Lau, Chair, EBPAQC Executive Committee
Tim Desmond, O’Connor Davies Munns & Dobbins, LLP
Ian Dingwall, Chief Accountant, DOL Employee Benefit
Security Administration
Jim Merklin, Partner, Bober Markey Fedorovich
Debbie Smith, Partner, Grant Thornton LLP
4
Today’s Objectives
• Understand increased fraud risks in the current EBP
environment
• Discuss EBP fraud risk factors
• Conducting fraud brainstorming sessions and fraud
interviews
• Auditor’s response to fraud
• DOL criminal enforcement activities
• Actual EBP fraud cases- panel discussion
• Q & A session
5
Fraud Risk Factors and Conditions
Debbie Smith
Partner
Grant Thornton LLP
6
Increased Fraud Risks
in the Current EBP Environment
• Current economic conditions
– Unexpected losses
– Employee furloughs and layoffs (plan sponsors and
administrators)
– Financing and liquidity difficulties
– Curtailed or suspended benefits
• Opportunities and incentives to commit fraud
7
Types of Fraud
• Types of fraud:
– Fraudulent financial reporting
– Misappropriation of assets
Source: AICPA Fraud Risk Factors Specific to Employee Benefit Plans
8
EBP Fraud Conditions
Three conditions generally present when fraud exists:
1. Incentive/pressure to perpetrate fraud
2. Opportunity to carry out the fraud
3. Attitude/rationalization to justify the fraudulent action
Source: AICPA Fraud Risk Factors Specific to Employee Benefit Plans
9
Fraud Brainstorm Sessions and
Interviewing Skills
James E. Merklin,
CPA, CFF, CFE
Partner
Bober Markey Fedorovich
10
Conducting Fraud Brainstorming Sessions
• Discuss how and where the plan’s financial statements might be
susceptible to material misstatement due to fraud
– Who should participate?
– When should the brainstorm be conducted?
– Who to ask in “plan management”?
11
6
Brainstorming Do’s and Don'ts
Don’t
•Only have a mass brainstorming session
•Conduct session without partner involvement
•Get input from only the audit partner and manager
•Come into the meeting without current year planning information
•Let past experience with client sway you to overlooking risks
Do
•Conduct a session customized to each specific engagement
•Use all audit team members and invite new ideas from all
•Have examples of what could go wrong and discuss what we know or don’t know
•As about the impact of current economy on this specific client
•Be professionally skeptical
12
EBP Fraud Interviewing Skills
13
Basic Audit Procedure - Interviews
•
SAS 99 requires interviews be conducted
– Make inquiries of management and others within the plan to obtain their views
about the risks of fraud and how they are addressed
•
Interviews help in assessing risks of fraud, but can also serve as specific audit
procedures to detect fraud if a risk is identified to the team
•
An interview of this nature should be conducted by an experienced auditor, not a newer
staff accountant
•
If interviewing someone where you really suspect they might have done something, the
interview should be conducted by someone experienced in fraud or forensic
investigations or in confession-seeking interviews
Source: AICPA Employee Benefit Audit Quality Center, http://ebpaqc.aicpa.org/
14
EBP Fraud Interviewing Skills
•
•
•
•
•
•
Preparing for the Interview
Thinking on your feet
Observing body language
Setting the tone
Interview flow
Listening skills
Source: Journal of Accountancy, November 2002
15
EBP Fraud Interviewing Skills
•
•
•
•
•
•
Be honest and forthright
Don’t rush the interview
Double-check / Re-confirm
Use of leading questions to get a confession
What is a confession
Written confessions v. Oral confessions
Source: Journal of Accountancy, November 2002
16
EBP Fraud Interviewing Skills
• Guess what? Criminals lie!
• Watch out for false confessions
– Confession where the statement of responsibility
received is not correct
– Try to obtain corroboration during the interview that is
supportive
– If part of a confession is later proven to be false, it can
put at risk the entire confession. Use caution.
17
DOL Criminal Cases
Ian Dingwall
Chief Accountant
Department of Labor
Employee Benefits Security
Administration
18
DOL Criminal Cases
• DOL perspectives on EBP frauds
• Prohibited transactions
• “Knowing participants” in a fiduciary
breach
• Voluntary Fiduciary Corrections
Program (VFCP)
19
DOL Criminal Cases
• EBPAQC summary analysis of DOL EBSA criminal
enforcement actions
• Categorizes the cases into the following plan types.
– Pension/401(k) Plans
– Multi-employer Plans
– Medical, Health and Death Benefit Plans
– Other
Helpful Tip!- Tool is useful in conducting
SAS 99 fraud brainstorming sessions
20
DOL Criminal Cases- Pension/401(k) Plan Fraud
• Theft and embezzlement of plan assets using wire transfers, forged
checks and other means
• Failure to deposit employee contributions into the plan
• Funneling contributions into a secret account
• Transfer of funds from the plan to an outside account in the plan's
name
• Unauthorized withdrawals
• Unauthorized use of plan assets to invest in other business interests
• Issuing fraudulent statements and dividend checks to clients
21
DOL Criminal Cases- Pension/401(k) Plan Fraud
•
(Continued)
• Making materially false statements in the plan's annual report and
fraudulent annual reports
• Defrauding the company by issuing duplicate paychecks
• Failure to pay pension benefits due to employees
• Kickbacks
• Failure to deposit checks to be rolled over from a predecessor's plan
into a new plan
• Defrauding a lending company
• Fraudulently obtaining funds from outside sources
22
DOL Criminal Cases- Multiemployer Plans
•
•
•
•
•
•
•
•
•
•
False claim for benefits
Unauthorized application for benefits
Check forgery
Forged reimbursement claims
Improper issuance of checks to plan administration employee
Filing false financial reports
Embezzling of remittance checks received from employers having
collective bargaining agreements with the local union
Kickbacks
Bribery in exchange for permitting the contractors to avoid employing and
paying union members
Rehiring locked-out workers under false identities during a labor dispute
23
DOL Criminal CasesMedical, Health and Death Benefit Plans
•
•
•
•
•
•
•
Embezzling health care premiums from payroll withholdings
Misappropriating client-provided funds from the company's claims account
Failing to pay health claims
Failing to forward insurance commissions due to the plan under an
arrangement with an insurance company
Falsely purporting to provide health care coverage by misrepresenting that
its plans were insured by legitimate insurance providers
Defrauding insurance companies by submitting fraudulent insurance claims
and doctor's notes to insurance companies
Defrauding individuals and insurance companies by offering illegitimate
services
24
DOL Criminal CasesMedical, Health and Death Benefit Plans
(Continued)
• Paying claims to fictitious individuals for services that were never rendered
• Obtaining discounted group insurance premium rates for a fictitious
company
• Engaging in fraudulent activity involve the sale of insurance policies
• Fraudulently obtaining bank loans by submitting false statements
• Unlawfully interfering with the exercise of rights of participants
• Using incorrect social security numbers
• Submitting fraudulent information for a loan application
• Defrauding participants by misrepresenting insurance coverage
25
Auditor’s Response to Fraud
Tim Desmond, Partner
O’Connor Davies
Munns & Dobbins
26
Auditor’s Response to Fraud
• Auditor's response to the risks of material
misstatement due to fraud involves the
application of professional skepticism when
gathering and evaluating audit evidence.
– Two types auditors of EBPs should consider
• Fraudulent financial reporting
• Misappropriation of assets
27
Auditor’s Response to Fraud
• SAS 99 requires the auditor to respond to the results of
the fraud risk assessment in three ways:
1. Has an overall effect on how the audit is conducted-- a response
involving more general considerations apart from the specific
procedures otherwise planned.
2. Identify risks that involves the nature, timing, and extent of the auditing
procedures to be performed.
3. Perform certain procedures to further address the risk of material
misstatement due to fraud involving management override of controls.
28
Auditor’s Response to Fraud
How the audit is conducted-- general considerations
1. Assignment of personnel and supervision. Knowledge, skill, and ability of personnel
assigned significant engagement responsibilities should be commensurate with the auditor's
assessment of the risks
2. Accounting principles - Consider management's selection and application of significant
accounting principles, particularly those related to subjective measurements and complex
transactions.
3. Predictability of auditing procedures - Incorporate an element of unpredictability
–
–
–
–
Perform substantive tests of selected account balances and assertions not otherwise tested due to
their materiality or risk,
Adjust the timing of testing from that otherwise expected,
Use differing sampling methods, and
Perform procedures at different locations or at locations on an unannounced basis.
29
Auditor’s Response to Fraud
• Identify risks that involves the nature, timing, and extent of the
auditing procedures to be performed.
• These procedures involve both substantive tests and tests of the
operating effectiveness of the entity's programs and controls.
Examples:
• Interviewing personnel involved in activities in areas where a risk of material
misstatement due to fraud has been identified to obtain their insights about the risk
and how controls address the risk
• Reviewing SAS 70 reports with plan management
• Gain understanding of financial stability of plan sponsor
• Testing related party transactions and expenses
• Ascertain whether the plan administrator lacks understanding of major regulations
that govern the plan
30
Auditor’s Response to Fraud
• Perform certain procedures to further address the risk of
material misstatement due to fraud involving
management override of controls.
– Examining journal entries and other adjustments for evidence of possible
material misstatement due to fraud.
– Reviewing accounting estimates for biases that could result in material
misstatement due to fraud.
– Evaluating the business rationale for significant unusual transactions.
31
Fraud Cases
Panel discussion of actual
EBP fraud cases
32
EBP Fraud Case #1 (Debbie)
Fraud: Without the knowledge of the employer or plan administrator, a secretary
who worked in Plan sponsor’s payroll department was able to convince the
outside payroll service that she was allowed to suspend her 401(k) loan
repayments.
Fraud triangle conditions:
•
Incentives/pressures: Employee needs cash to pay bill collectors
•
Opportunities: Lack of appropriate system of authorization and approval of transactions
•
Attitudes/rationalization: The employee needs the cash and nobody else was being hurt
Sample audit procedures that might detect fraud:
•
Compare loan balances to amortization schedules
•
Inquire as to why certain active participants have delinquent participant loans
33
EBP Fraud Case #2 (Jim)
Fraud: 401(k) Plan Sponsor did not allocated plan expenses to all participants.
Highly compensated participants were left off the allocation schedule on
purpose.
Fraud triangle conditions:
•
Incentives/pressures: Incentive to maximize personal account balance
•
Opportunities: Ability to exclude from allocation (since internally generated and not from a
system subjected to a SAS 70 review),
•
Attitudes/rationalization: Would not be caught
Sample audit procedures that might detect fraud:
•
Recognize the risk of fraud in the planning process (gaining an understanding of internal
controls) and design steps to address the risk;
•
Reconcile base for allocation of expenses to payroll contribution records for consistency;
•
Test representative sample of participants (key and non-key) to validate fair allocation if
expenses.
34
EBP Fraud Case #3 (Tim)
Fraud: A pensioner’s benefit checks were fraudulently endorsed and cashed by
a relative for several months after pensioner had died.
Fraud triangle conditions:
•
Incentives/pressures: The relative was already being supported by pensioner
•
Opportunities: Relative had been endorsing checks while pensioner was alive
and “assisting” with all financial affairs
•
Attitudes/rationalization: Needed to hold onto Grandma’s rent controlled
apartment.
Sample audit procedures that might detect fraud:
•
Reviewing endorsement against original employee records
•
Testing plans internal controls over distributions (death audits)
35
EBP Fraud Case #4 (Debbie)
Fraud: Trustee of small plan created a fictitious employee in the census data and
made employer contributions then took out loans against the balance.
Fraud triangle conditions:
•
Incentives/pressures: Recent bonus was insufficient to cover personal cash flow needs
•
Opportunities: Complete lack of segregation of duties
•
Attitudes/rationalization: Didn’t feel he was treated fairly in incentive pay allocations, so
this compensates for that
Sample audit procedures that might detect fraud:
•
Test eligibility of new participants (birth date, date of hire and other demographic data that
determine eligibility and vesting)
•
When designing audit approach, recognize that plan management is dominated by a single
person without compensating controls
36
EBP Fraud Case #5 (Jim)
Fraud: A DB plan TPA paid himself by setting fake “doing business as” (DBAs)
and approving the invoices. The Plan sponsor was in bankruptcy. There
was no sponsor oversight of expense payments from Plan assets.
Fraud triangle conditions:
•
Incentives/pressures: His employer didn’t give him a raise this year
•
Opportunities: Lack of TPA segregation of duties. Knew no one was watching and he had
approval authority without anyone else’s oversight. Presuming Plan sponsor personnel
have better things to do than worry about the Plan.
•
Attitudes/rationalization: They’re going under, may as well get what he can while he can.
Sample audit procedures that might detect fraud:
•
Analytical review of expenses paid compared to prior year, in total and by vendor
•
Inquiry of Plan sponsor about individual vendors paid by Plan and nature of costs
•
Review of SAS 70 should have identified a lack of segregation of duties
37
EBP Fraud Case #6 (Tim)
Fraud: The plan was charged and paid for the FAS 87/132/158 calculations in
addition to the FAS 35 calculations on several occasions for a number of
different plans.
Fraud triangle conditions:
•
Incentives/pressures: Plan sponsor was experiencing cash flow problems
•
Opportunities: HR Manager was able to convince TPA that it was OK
•
Attitudes/rationalization: Plan sponsor stated they were funding in the longterm
anyway
Sample audit procedures that might detect fraud:
•
Audit of expenses (even if immaterial)
•
Inquiry of key personnel regarding their knowledge of plan provisions and ERISA
38
EBP Fraud Case #7 (Debbie)
Fraud: Plan administrator overrode the system to redirect all investment earnings
for Company Fund X into their account balance.
Fraud triangle conditions:
•
Incentives/pressures: Plan administrator is retiring next year and has sufficiently saved for
retirement
•
Opportunities: No formal oversight committee
•
Attitudes/rationalization: Has worked for the Company for over 25 years yet just had his
post retirement health benefits cut back
Sample audit procedures that might detect fraud:
•
Compare ROR for plan management to those of other participants
•
Review participant listing for anomalies
•
Review the account activity for participants who have access to plan assets or assist in
administering the plan
39
EBP Fraud Case #8 (Jim)
Fraud: HR manager requested distributions for persons who left Company 2+
years ago. She had been successful 3 times for over $10,000. Discovered
when bank refused to direct the deposit since deposit name differed from
account holder’s name.
Fraud triangle conditions:
•
Incentives/pressures: Her husband got laid off and money is really tight
•
Opportunities: Knew that Company and TPA had lost track of individuals and figured that
they probably didn’t know they had balances due to them anyway. Knew it wasn’t material
so the auditors wouldn’t see it.
•
Attitudes/rationalization: If she doesn’t take the money, someone else will
Sample audit procedures that might detect fraud:
•
Direct confirmation directly with participants of sample of distributions paid
•
Compare signature on withdrawal request to employment application or W-4 form
40
EBP Fraud Case #9 (Tim)
Fraud: A plan paid for recordkeeper services and the custodian also paid for the
recordkeeper services as an indirect payment. No disclosure was made by
the custodian who saw both payments being made. The trustees sued both
the recordkeeper and the custodian.
Fraud triangle conditions:
•
Incentives/pressures: Incentives for recordkeeper profits, pressure for
custodian to blow whistle, ongoing business relationship
•
Opportunities: Plan sponsor relied on recordkeeper 100%
•
Attitudes/rationalization: Recordkeeper believed indirect payment would not
come to light
Sample audit procedures that might detect fraud:
•
Audit of recordkeeper fees and contracts between parties
•
Review of related party disclosure requirements
41
EBP Fraud Case #10 (Debbie)
Fraud: Plan investments managed in house. Company controller is also plan
administrator. Controller borrowed funds from the plan to cover cash flow
needs of the Company.
Fraud triangle conditions:
•
Incentives/pressures: Financial stability of plan sponsor is threatened by economic
conditions
•
Opportunities: Lack of review of plan investment transactions (e.g., by the trustee, sponsor
or the plan’s investment committee)
•
Attitudes/rationalization: If he doesn’t borrow from the plan, they can’t pay invenetory
vendors who have them on credit hold
Sample audit procedures that might detect fraud:
•
Analyze changes in investments and investment income during the period
•
Obtain evidence regarding the existence and ownership of investments and information
about any liens, pledges, etc.
•
Test investment transactions
42
EBP Fraud Case #11 (Jim)
Fraud: An HR employee, who also assisted with payroll, diverted both payroll
taxes and plan contributions into his personal account for six months, then
left the country. This employee also had responsibility for reconciling
payroll bank accounts.
Fraud triangle conditions:
•
Incentives/pressures: Find a way to pay for villa in the South of France
•
Opportunities: Lack of appropriate segregation of duties
•
Attitudes/rationalization: She was tired of working all the overtime that was required, felt
the company had abused her long enough
Sample audit procedures that might detect fraud:
•
Comparing amounts of withheld contributions to deposits to plan for a sample of periods
throughout the year
•
Confirmations directly with sample of participant asking them about their contribution levels
43
EBP Fraud Case #12 (Tim)
Fraud: A person was offered a job but never actually started the job. The plan sponsor
entered the person as an employee into the HR system and enrolled the person in the
plan and then started issuing paychecks with deductions for contributions to the
plan. This went on for three years until the employee running the scam requested a
distribution at which time the fraud was discovered.
Fraud triangle conditions:
•
•
•
Incentives/pressures: Personal gain
Opportunities: No segregation of duties at plan sponsor
Attitudes/rationalization: Controlled whole process, would be able to cover her tracks
Sample audit procedure(s) that might detect fraud:
•
•
•
New hire payroll test
Coordination of EBP and regular plan sponsor audit (detail payroll test)
Reporting to those in charge of governance, management letter, opportunities for
strengthening internal control
44
EBP Fraud Case #13 (Jim)
Fraud: Controller wrote bogus loan checks on behalf of employees, completed
bogus promissory notes, and cashed checks personally. Controller
handled all plan administration personally and didn’t report loans on
participant statements.
Fraud triangle conditions:
•
Incentives/pressures: Employer doesn’t provide good health insurance and his wife’s
medical bills from her bout with cancer is overwhelming him
•
Opportunities: Complete lack of segregation of duties, with no oversight at all
•
Attitudes/rationalization: He deserves good health coverage
Sample audit procedures that might detect fraud:
•
Confirm loan balances directly with participants
•
Validate signed loan documents and endorsed loan check back to other participant
signatures in personnel file
•
In fraud inquiries, recognize pressure on controller and lack of controls
45
EBP Fraud Case #14 (Tim)
Fraud: A company failed to remit all employee deferrals ($350,000) for a period of
time. The company was having financial difficulties and ultimately went
bankrupt.
Fraud triangle conditions:
•
Incentives/pressures: Company was barely making payroll
•
Opportunities: Employees only received quarterly statements of their 401(k)
•
Attitudes/rationalization: The CEO believed it was better then firing employees
Sample audit procedures that might detect fraud:
•
Contribution timeliness test
•
Audit of reconciliation of salary deferrals from payroll to trustee records
46
EBP Fraud Case #15 (Marilee)
Example: Trustee of an ESOP plan who was also the major stockholder of the
company was planning on retiring. He deliberately changed the appraisal
firm that had valued the company stock to a relative and instructed them to
use a different methodology in order to inflate the stock price so that he
would receive a much higher distribution upon his retirement.
Fraud Triangle Conditions:
•
•
•
Incentive: Maximize the value of his distribution upon retirement
Opportunity: His authority was never questioned and weak internal controls.
Attitude/rationalization: It was “his” company and the company owed him more for
building the organization.
Sample audit procedures that might detect:
•
•
•
Recognize the risk of fraud in the planning process (gaining an understanding of internal
controls and overbearing management style) and design steps to address the risk;
Verify the credentials of the appraisal firm including independence
Determine the reason for the change in valuation methodologies and if they were
appropriate
47
Question & Answer Session
Submit questions to the
EBPAQC mailbox at ebpaqc@aicpa.org
48
Wrap Up
Thanks for joining us today for this live forum
We welcome any additional feedback on today’s
live forum. Send comments to the Center
mailbox at ebpaqc@aicpa.org.
Consider using the Center online forum to
further discuss issues addressed on today’s
call –
http://ebpaqc.aicpa.org/Community/Member+Discussion+Forum.htm
49
Upcoming EBPAQC Live Forums
• March 3 - Electronic Processing for 2009 Form 5500, 1:00 – 3:00 p.m.
Eastern Time
• March 23 - 11-K Audit, 1:00 – 3:00 p.m. Eastern Time
• April 20 - ESOP Plans, 1:00 – 3:00 p.m. Eastern Time
50
AICPA EBP Conferences
• AICPA National Conference on Employee Benefit
Plans
– May 11 - 13, 2010 at the Bellagio in Las Vegas, NV
• AICPA EBP Accounting, Auditing and Regulatory
Update Conference
– December 13 – 14, 2010, Washington, DC
51
Evaluation
We welcome your feedback on today’s call
Please complete the online evaluation at
http://www.zoomerang.com/Survey/?p=WEB22A5HQJ6T7G
Thank you!!!
52
Employee Benefit Plan Audit Quality Center
Thanks for Participating!
53
Download