Fraud Preventin Techniques fr Higher Educatin Speakers: Brenda Buetw, Crwe Hrwath LLP Jennifer Richards, Crwe Hrwath LLP David English, Augustana Cllege Date: Octber 6, 2014
Sessin Gals Identify the different frms f fraud. Recgnize areas where institutins f higher educatin are particularly vulnerable t fraud. Understand the rle f management and thse charged with gvernance in preventin and detectin f fraud. Learn hw t develp and maintain a fraud risk assessment prgram.
Intrductin t Fraud Webster s Dictinary: Deceit, trickery; cheating, intentinal deceptin t cause a persn t give up prperty r sme lawful right. AICPA EDP Fraud Review Task Frce: Any intentinal act, r series f acts, that is designed t deceive r mislead thers and that has an impact r ptential impact n an rganizatin s financial statements. The Accuntant s Handbk f Fraud & Cmmercial Crime: Fraud is criminal deceptin intended t financially benefit the deceiver.
Fraud Triangle DETECTION PREVENTION INVESTIGATION
Occupatinal Fraud & Abuse Classificatin System 2010 Assciatin f Certified Fraud Examiners Inc.
Embezzlement High Risk Areas fr Higher Educatin Check mailed t the rganizatin Printing expense Pstage expense Persnnel related expenses
Examples A. University Cntributins Crdinatr 1. University credit card 2. Schedule vs. expenses 3. Billing statement cntrl 4. Discvered after persn left the rganizatin B. Cntrller in cntrl 1. Cpy, Fax, Lcked Office, N Secretary 2. Finance Cmmittee 3. Shell Cmpany acrnyms, vendr management, verificatin 4. Building Imprvements 2 buildings 5. Did nt cnsider year ver year ttal csts 6. Discvered by new Auditr
Actual Cases A. Bkstre cashier 1. Fraudulent refunds t persnal credit card 2. Shrt time frame; 2 3 mnths lng 3. Discvered by merchant prcessr 4. Imprtance f tracking register cntrl B. External IT Penetratin 1. External hacker accessed ACH system, created false payrll file 2. File date was nt n nrmal pay date 3. Cntrller identified it as abnrmal, did nt initiate payment 4. Imprtance f IT security and separate apprval f n us transfers
Actual Cases (cnt.) A. External ACH 1. Third party used check t create fraudulent ACH 2. This payment avids Psitive Pay verificatin 3. Discvered during rutine bank recnciliatin 4. Instituted debit blcker, where nly pre apprved merchants may receive and ACH frm cllege bank accunt B. Internal cnstructin fraud 1. Emplyee created false vendrs, created cntracts and POs t them fr wrk dne by ther vendrs 2. Fraud was cmplex, with multiple signatries, fictitius cntracts and releases 3. Discvered during request fr warranty repair 4. Over $2.0 millin ver 3 years
Rle f Management and Thse Charged with Gvernance Rle f Management Tne at the tp Prmte awareness f fraud risk management prgram Identificatin f risks Assess perating and reprting risks peridically Identify and cnsider the likelihd and significance f such risks Preventin and detectin f fraud Prmte that effective detective cntrls are in place Take apprpriate actin fr risks identified Establish plicies and prcedures t mitigate risks Mnitr internal cntrls Develp a prcess t investigate fraud and take crrective actin
Rle f Management and Thse Charged with Gvernance (cntinued) Rle f Thse Charged with Gvernance Define the rle f the Bard r Audit Cmmittee as it relates t fraud Set the apprpriate tne at the tp Maintain versight f the fraud risk assessment Understand fraud risks at the rganizatin Mnitr management s activities related t internal cntrls and financial reprting Obtain regular reprts frm management Interact with external auditrs, and utside experts as necessary
Fraud Risk Management: where t begin Fraud risk assessment Wh is respnsible? What is invlved? Written plicies and prcedures Summary f prcedures and activities already in place t aid in assessment Can cme in many different frmats Single cmprehensive dcument addressing all aspects f fraud risk management Brief utline emphasizing the main characteristics f the fraud risk prgram Outline within a cntrl framewrk, referencing separate plices/prcedures
Fraud Risk Management: where t begin (cntinued) Update n a rutinely scheduled basis Needs t evlve with the rganizatin Invlve apprpriate persnnel Cnsider relevant fraud schemes and situatins Link the fraud risks t apprpriate cntrls t prevent/detect
Fraud Risk Assessment: three step prcess 1. Identify inherent fraud risks Incentives, pressures, and pprtunities Include accunt level, financial reprting, and IT specific risks 2. Assess likelihd and significance f each fraud risk Histrical infrmatin Knwn fraud schemes frm ther rganizatins Interviews with staff 3. Respnd t likely and significant fraud risk Cst benefit analysis Nte: Results f this brainstrming shuld be dcumented in sme rutine frmat t help assess the infrmatin
Fraud Risk Assessment: dcumentatin Example brainstrming dcumentatin matrix included in handuts: Fraud Risk Assessment Matrix
Fraud Risk Assessment: cnsidering ptential fraud Cnsider the fraud that culd ccur Wh, internal and external, culd be invlved If the ptential fraud is cllusive, cnsider the detective cntrl that wuld identify the fraud Hw may the perpetratr explit a weakness in internal cntrls? Hw culd a perpetratr circumvent r verride cntrls? Hw culd a perpetratr cnceal a fraud? Matrix handut includes several examples t help aid in brainstrming
Fraud Risk Management Prgram Dcumentatin f fraud risk gvernance Wh is respnsible Organizatin s cmmitment and apprach Identify rganizatin wide anti fraud cntrls Identify prcess level anti fraud cntrls r refer t separate plicies Apprval by Bard f Directrs Cmmunicatin t emplyees, dnrs, custmers, etc. Cntinuus updates/mnitring Reprting Prcedures and Whistleblwer Prtectin Dcumentatin shuld nte the prcess t fllw if fraud is detected Cnsider prmting fraud reprting prcedures n intranet r ther means
Fraud Risk Preventin: aviding future frauds Set the tne at the tp Create a culture where fraud is discuraged and reprting encuraged When fraud is discvered, deal decisively with emplyees invlved Spend time t think f risk pints and hw a fraud culd be perpetrated With limited resurces, what is material? Plan hw culd a fraud ccur, and then devise strategies t militate Similar t emergency planning Ex: Rather than an entire false payrll file (easy t spt) what if hacker inserts a fake emplyee int EVERY payrll file?
Fr mre infrmatin, cntact: Brenda Buetw, CFE, CAMS, MBA Senir Manager, Crwe Hrwath LLP brenda.buetw@crwehrwath.cm David English Vice President fr Finance and Administratin, Augustana Cllege davidenglish@augustana.edu Jennifer A. Richards, CPA Senir Manager, Crwe Hrwath LLP jennifer.richards@crwehrwath.cm