Internal Controls and Fraud Detection & Prevention Harold Monk and Jennifer Christensen 1
Common Fraud Statements Everyone in government has an honest and charitable heart. It may happen other places, but not here. Our employees have been here forever! There is no way they would steal. We trust them, and anyway, we would have found it by now. We are just a small department with only a few employees. We can t really have controls set up to prevent and detect fraud. 2
Data From the ACFE The following slides are from the Association of Certified Fraud Examiners Report to the Nation 2014 (Used With Permission) 3
Initial Detection of Occupational Frauds 4
Source of Tips 5
Impact of Hotlines 6
Type of Victim Organization 7
Type of Victim Organization 8
Industry of Victim Organization 9
Industry of Victim Organization 10
Anti Fraud Controls by Region 11
Control Weaknesses That Contributed to Fraud 12
Perpetrator s Age 13
Perpetrator s Age 14
Behavioral Red Flags Displayed by Perpetrators 15
Types of Government Fraud Skimming Funds are diverted before they are ever recorded in the books. Purchase Card Abuse Use of organization issued cards for personal use or misuse of credit card and identity information. Fictitious Vendors Perpetrators set up a company and submit fake/altered invoices for payments. Conflicts of Interest School Board or upper level management have financial interest from or with vendors. Payroll Fictitious employees, continued payment of terminated employees, fraudulent timekeeping. 16
Examples of Fraud Internal Accounts Cash vs. checks received consider check log or breaking out cash and checks on deposit records Signature stamps used on checks send unopened bank statements to principal to review check payees and amounts Fundraisers held and not deposited hard to discover Tickets sales inventory ticket series, control acquisition of ticket rolls, require two people to sell tickets 17
Examples of Fraud Budget Accounts Cafeteria food inventory or sales likely small amounts, perform analytics such as cost per sales Capital asset misappropriation or personal use perform physical observation, keep secure, include policy on personal use, track certain high risk assets below capitalization threshold (Note new OMB requirement for computing devices being classified as supplies) 18
Examples of Fraud Budget Accounts Construction costs monitoring costs and performance against contract Grants new OMB Super Circular to streamline process and reduce waste and fraud, recipient may be held more accountable. 19
What Happens to Fraudsters? 51% are Prosecuted 98% Prosecuted are Convicted 31% of Those Convicted Are Sent to Jail 72% Sent to Jail Go For More Than 1 Year SO HOW MANY IDENTIFIED PERPETRATORS SPEND MORE THAN 1 YEAR IN JAIL? 20
More Than 1 Year in Jail 11% 21
Fraud Prevention Intellectuals solve problems. Geniuses prevent them. Albert Einstein 22
ACFE Statistics Approximately 40% of fraud cases are due to a simple lack of internal controls. Following a fraud, approximately 80% of organizations modify internal controls. People 36 50 account for more than 60% of fraud perpetrators. Approximately 90% of perpetrators have been on the job at least one year. 50% have been for six or more years. More than 85% have never been charged/convicted of fraud. More than 82% have never been punished or terminated during their employment. 23
Results of Fraud Financial loss Additional costs of investigation and possibly prosecution Time spent on insurance claims and investigations, and possibly prosecution Negative publicity 24
Fraud Triangle 25
Key Fraudster Characteristics Tenured Trusted Trusted Educated Least Suspected Fraudsters do not look like crooks! 26
Components of Internal Control COSO Report 2013 Control Environment Risk Assessment Control Activities Communication Monitoring 27
Components of Internal Control COSO Report 2013 Control Environment tone at the top Integrity and ethical values standard code of conduct School Board need to demonstrate independence and oversight Accountability what happens when rules are broken? 28
Components of Internal Control COSO Report 2013 Risk Assessment Specifying suitable objectives Identifying risks Risk analysis to determine how to manage risks 29
Components of Internal Control COSO Report 2013 Control Activities actions established through policies and procedures to help ensure that management directives to mitigate risks to the achievement of objectives are carried out Policies to establish what should be done Procedures that implement the policy 30
Components of Internal Control COSO Report 2013 Communication Internal communications communications with School Board, employees, offering a whistleblower hotline External communications communications with public, vendors, regulators, offering a whistleblower hotline 31
Components of Internal Control COSO Report 2013 Monitoring Evaluate internal controls Evaluate internal control deficiencies 32
IT Controls Understand the significance of applications to financial reporting or to safeguarding assets Factors to consider when analyzing complexity/risks: Number of users Number of interfaces with other applications Length of time in service On mainframe, server, or in cloud/web based Necessary to include in disaster plan 33
Limitations of Internal Control COSO Report 2013 Judgment Breakdowns Management override Collusion Cost vs. Benefits 34
Fraud Prevention Prevention Techniques Deterrence Techniques Detection Techniques 35
Top 10 Fraud Prevention Actions Partner with employees to create an anti fraud culture. Know employees beyond technical skills. Train team to be aware of signs of fraud and recognize fraudulent activities. Create an easy and comfortable method for employees to report suspicious activities or observations. 36
Top 10 Fraud Prevention Actions Implement an anti fraud program and increase the perception of being caught. Begin with a formal fraud policy. Find one or more controls to increase perception of detection. Closely monitor the policy and diligently seek compliance. Respond appropriately to any discovered fraud. Use reliable access controls, such as strong passwords, which increase traceability of actions. 37
Top 10 Fraud Prevention Actions Become involved in the financials with a focus on anomalies. Compare financial statements against the budget and investigate unexpected variances. Review bank statements, ledgers, and journals on a regular basis and look for unusual items. Open and read financial mail. Understand line items on your financial statement. 38
Top 10 Fraud Prevention Actions Be careful with checks, which are essentially cash. Sign your own checks and avoid signature stamps. Check for altered payees and amounts. Periodically compare cancelled checks to invoices. Review the front and back of cancelled checks with each bank statement. 39
Top 10 Fraud Prevention Actions Establish policies for credit purchases. Implement credit purchase contracts for employees outlining utilization responsibilities and rules. Restrict accounts with spending limits and merchant accounting codes. 40
Top 10 Fraud Prevention Actions Pay attention to signs of a fraud. Recognize it can occur within your business. Observe sudden and unusual lifestyle changes of key employees. Pay attention to abrupt changes in financial losses, ratios, and performance. Use an internal audit function as part of the anti fraud program. 41
Top 10 Fraud Prevention Actions Assess anti fraud controls and improve them. Learn the most effective anti fraud controls. Apply these professional recommendations and encourage employees to identify additional opportunities. Accountability for key personnel, coupled with employee involvement, decrease the opportunity for fraudulent activity. 42
Top 10 Fraud Prevention Actions Assess anti fraud controls and improve them. Prevention examples: Segregation or rotation of duties Credit card policies and procedures Dual signatures required Access controls for computers Background checks for key hires 43
Top 10 Fraud Prevention Actions Assess anti fraud controls and improve them. Detection examples: Effective Tips and complaints system and/or whistleblower system Management review (journals, bank records, etc.) Internal/Fraud audits External audits 44
Top 10 Fraud Prevention Actions Understand the profile of a fraudster. Fraudster is often tenured. Holds a key position along the cash trail. Usually educated, trustworthy, and often with a great personality. 45
Top 10 Fraud Prevention Actions Implement an effectual anonymous tips and complaints system. Establish an independent, easy system for reporting tips and complaints regarding possible fraud. Allow employees, vendors, and customers to report suspicions. Regularly promote the system. 46
Top 10 Fraud Prevention Actions Request a professional fraud assessment. Your auditors are trained to identify weaknesses in internal controls related to fraud prevention and detection. Basic checks and balances may often be implemented with a minimal cost. Consider a regular fraud audit or fraud review about every 3 years or less if an internal audit function is not present. 47
48
Harold Monk HMonk@CRIcpa.com Jennifer Christensen JChristensen@CRIcpa.com 49