McCall - the ASMC Tampa Bay Chapter

Report
Tampa Bay Chapter of the
American Society of Military
Comptrollers
Improving Internal Controls and
Reducing the Risk of Fraud
Sam M. McCall, PhD, CPA, CGMA, CGFM, CIA, CGAP,
Chief Audit Officer
Florida State University
1
April 4, 2014
Session Outline
•
•
•
•
•
•
•
•
•
Public Expectations for Public Officials/Employees
Internal Control and Risk
The Elements of Internal Control
Weaknesses in Internal Control that can Result in
Fraud, Waste and Abuse
The Necessary Elements for every Purchase
Case Studies
Reviewing Internal Control and Identifying Fraud,
Waste, and Abuse
Reporting Fraud
Summary and Questions
2
Public Expectations for Public
Officials/Employees
• High ethical and moral behaviors
• Public employees will conduct business within policy
and procedures
• Public resources will not be wasted, lost, or stolen
• Management should conduct operations
• Economically – at the least cost
• Efficiently - with the least use of effort or resources
• Effectively – accomplishing desired program goals and
objectives
• Ethically – perform fairly, faithfully, and with due regard for all
rights of program participants
• Equitably – no partiality shown in the delivery of services
3
Terms of Importance
•
•
•
•
•
•
Misfeasance
Malfeasance
Nonfeasance
Abuse
Fraud
Internal controls
4
What Is Misfeasance?
• A misdeed or trespass
• The improper or wrongful
performance of some act that a
person may lawfully do
5
What Is Malfeasance?
• Ill conduct, evil doing
• The commission of an act that is unlawful
• Comprehensive term including any
wrongful conduct that interferes with the
performance of official duties
• The doing of an act that a person
should not do at all
6
What is Nonfeasance?
• Nonperformance of an act that a person
is obligated or has a responsibility to
perform
• Not doing what you should do
• Total neglect of duty
7
What Is Abuse?
• Improper or inappropriate program
management
• Misuse of authority or position
• Everything that is contrary to good order
• Can be intentional or unintentional
• Does not have to violate a law, regulation, or
contract provision
• Performing an act that falls short of societal
expectations
**What are some examples of “Abuse?”
8
What Is Fraud?
• A false representation of a matter of fact
• Concealing that which should be disclosed –
deceiving to cause legal injury
• Intentional perversion of the truth
• To deceive another such that they rely on
a false representation and surrender a
valuable thing or a legal right
9
What is the Cost of Fraud?
Direct Cost Associated with Fraud:
• Loss of cash, supplies, or equipment
• Fines and Penalties
Indirect Costs Associated with Fraud:
• Bad publicity
• Loss of public trust
• Injury to organization reputation
• Increased legislation
• Loss of future grants, gifts, and donations
• Decreased enrollment and tuition revenue
10
Florida Law
• Public employees committing specified
offenses or aiding another person in
committing specified offenses shall forfeit
benefits accrued in their retirement system.
• “Specified offense” means: (partial listing – please see the law)
• Committing, aiding, or abetting of an embezzlement of public
funds;
• Committing, aiding, or abetting of any theft by a public officer or
employee from his or her employer;
• Committing of any felony by a public officer or employee who
willfully and with intent defrauds the public or the public agency
for which the public officer or employee acts or in which he or she
is employed
11
Section 112.3173(3) Florida
Statutes
• “FORFEITURE.—Any public officer or
employee who is convicted of a specified
offense committed prior to retirement, or
whose office or employment is terminated by
reason of his or her admitted commission, aid,
or abetment of a specified offense, shall forfeit
all rights and benefits under any public
retirement system of which he or she is a
member, except for the return of his or her
accumulated contributions as of the date of
12
termination.”
What is Internal Control?
• The policies and procedures
and plan of organization
established by management to
promote the accomplishment of
organization goals and
objectives.
13
General Objectives of Internal
Controls
• Reliability of financial information
• Compliance with laws and
regulations
• Efficiency and effectiveness of
operations
• Safeguarding of resources against
loss due to waste, abuse,
mismanagement, errors, and fraud
14
Components of Internal
Control
•
•
•
•
•
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
15
The Five Elements of
Internal Control
16
COSO Illustration of Internal
Control
(The Committee of Sponsoring Organizations)
17
Who is Responsible for
Establishing the Internal Control
System?
Management!!
18
Who is Responsible for
Monitoring the Internal Control
System?
Management!!
19
First Component of Internal
Control – Control Environment
• The building block for all other components:
•
•
•
•
•
•
•
Integrity & ethical values
Commitment to competence
Independent audit committee
Management philosophy & operating style
Organizational structure
Assignment of authority & responsibility
Human resource policy & practices
• “The Tone at he Top”
20
Second Component of Internal
Control – Risk Assessment
• Risks are essentially the opposite of control
objectives
• If the objective is to safeguard assets, the risk
is that assets will be lost or stolen
• Therefore, without knowing the risk, one
cannot decide on the appropriate control
activities
• As a manager you should
continually assess operations
to identify risk and potential
areas for fraud and abuse
21
Risk – Questions to
Consider
• Chance of Occurrence - How likely is it
to go wrong? (High, Medium, Low)
• Impact of Occurrence - What will
happen if it goes wrong (assets lost,
students not served, noncompliance with
law, damage to the reputation of the
organization, etc.?) (High, Medium, Low)
• Assessment of Risk (High, Medium,
Low) – What is your “risk appetite?” How
much risk are you willing to accept?
22
* The cost of control should not outweigh the benefit to be received from the control
Risk Assessment
• Segmenting departments into
organizational components
• Analyze general control
environment
• Analyze inherent risk
• Develop appropriate control
activities
23
Risk Assessment Criteria
•
•
•
•
Program Fiscal Impact
Strength of Management
Sensitivity and Public Relations
Risk of Loss, Noncompliance,
Corruption, or Fraud
• Complexity of Activity
• Risk to Public Welfare
20
20
15
10
20
15
100
24
Types of Internal Controls to
Reduce Risk
•Preventive
•Detective
•Corrective
25
Examples of Preventive Controls
26
• Segregation of duties
• Proper authorization to
prevent improper use of
organizational resources
• Standardized forms
• Physical control over assets
• Computer passwords
• Locks / security cameras
• Computerized techniques
such as transaction limits
• System edits
Examples of Detective Controls
27
•
•
•
•
Bank reconciliations by
someone that does not
maintain the checkbook
Physical counts of cash and
comparison to recorded
accountability
Physical counts of
inventories/other physical
assets and comparison with
recorded accountability
Independent confirmation of
amounts paid or owed to
vendors (A/P) or amounts
received or due from
vendors(A/R)
Examples of Corrective Controls
• Revise policies and procedures
• Look for similar conditions elsewhere in
the organization
• Counsel or discipline the employee as
appropriate
• Provide training and education programs
• More closely monitor the issue going
forward
• Make the organization aware of the issue
28
and consequences
Third Component of Internal
Control – Control Activities
•
•
•
•
•
•
•
Link to objectives
Accountability for resources
Direct activity management
Top level reviews
Segregation of duties
Physical controls
Execution & recording of transactions &
events
29
Considerations for
Segregation of Duties
• No one person should control all phases of a
transaction
• No one person should have physical access
to assets and also maintain summary
accounting records relating to those assets
• Where adequate controls are not possible due
to staffing or resources, there should be
compensating controls to mitigate risk. For
example, the manager (director) should
periodically review records
30
Fourth Component of Internal Control
– Information and Communication
• Information – What types of reports are
prepared and how should they be used?
• Communication – who receives the
reports prepared and do they know how
to use the reports?
31
Fifth Component of Internal
Control - Monitoring
• Ongoing monitoring
• Separate evaluations
• Reporting deficiencies
*
Monitoring is a management
responsibility
32
Fraud Facts
• Estimated $3.5 trillion annually in global losses due
to fraud (5% of Gross World Product)
• The median loss caused by occupational fraud was
$140,000
• Frauds lasted a median of 18 months before being
detected
• Perpetrators with higher levels of authority tend to
cause much larger losses
• The longer a perpetrator has worked for an
organization, the higher fraud losses tend to be
• Most occupational fraudsters are first-time offenders
with clean employment histories
• The presence of anti-fraud controls is notably
correlated with significant decreases in the cost and33
duration of occupational fraud schemes
Types of Fraud
3 Primary Fraud Categories:
• Asset Misappropriation Schemes – an employee steals or
misuses organization resources (e.g., theft of cash, false billing
schemes or inflated expense reports)
•
Corruption Schemes – an employee misuses their influence in a
business transaction in a way that violates their duty to the
organization in order to gain a direct or indirect benefit (e.g.,
schemes involving bribery or conflicts of interest)
•
Financial Statement Schemes – an employee intentionally
causes a misstatement or omission of material information in the
financial reports (e.g., recording fictitious revenues, understating
reported expenses or artificially inflating reported assets)
34
Types of Fraud
Asset Misappropriations
Schemes Involving Theft of Cash Receipts:
• Skimming – Employee steals cash from the organization
before it is recorded on the organization's books and
records.
• Employee accepts payment from a customer but does not
record the receipt and instead pockets the money
• Cash Larceny – Employee steals cash from the
organization after it has been recorded on the
organization’s books and records.
• Employee steals cash and checks from daily receipts before
they can be deposited in the bank
35
Types of Fraud
Asset Misappropriations
Schemes Involving Fraudulent Disbursement of Cash:
• Billing – Employee causes the organization to issue a
payment by submitting invoices for fictitious goods or
services, inflated invoices, or invoices for personal
purchases.
• Employee creates a shell company and bills organization for
services not actually rendered
• Employee purchases personal items and submits an invoice for
payment
• Expense Reimbursements – Employee makes a claim for
reimbursement of fictitious or inflated business expenses.
• Employee files fraudulent expense report, claiming personal
travel and nonexistent meals
36
Types of Fraud
Asset Misappropriations
Schemes Involving Fraudulent Disbursement of Cash:
• Check Tampering – Employee steals organization funds
by intercepting, forging or altering a check drawn on one
of the organization’s bank accounts.
• Employee steals organization check payable to a vendor and
deposits it in their own bank account
• Payroll – Employee causes the organization to issue a
payment by making false claims for compensation.
• Employee claims overtime for hours not worked
• Employee adds ghost employees to the payroll
37
Types of Fraud
Asset Misappropriations
Schemes Involving Fraudulent Disbursement of Cash:
• Cash Register Disbursements – Employee makes false
entries on a cash register to conceal the fraudulent
removal of cash.
• Employee fraudulently voids a sale on their cash register and
steals the cash
38
Types of Fraud
Asset Misappropriations
Other Asset Misappropriation Schemes:
• Misappropriation of Cash on Hand – Employee
misappropriates cash kept on hand at the department’s
premises.
• Employee steals cash from the department’s safe
• Non-Cash Misappropriations – Employee steals or
misuses non-cash assets of the organization .
• Employee steals inventory from a storeroom
• Employee steals or misuses confidential customer financial
information
• Employee takes home office equipment for personal use
39
Types of Fraud
Corruption
• Conflict of Interest – Employee with an undisclosed
financial or personal interest in a transaction that
adversely affect the organization
• Principal Investigator subcontracts with a company that is 50%
owned by her husband
• Employee awards a scholarship to his or her nephew
• Bribery – Someone offers, gives, receives, or solicits
something of value to influence an official act or business
decision.
• Employee processes inflated invoices from a vendor an in
return receives 10% of the invoice price as a kickback
• Employee accepts payment from a vendor in return for
providing confidential information about competitor’s bids on a
40
project
Types of Fraud
Corruption
• Illegal Gratuities – Someone offers, gives, receives, or
solicits something of value for performing an official act or
making a business decision.
• Employee negotiates a contract with a vendor, and the vendor
gives the employee an expensive gift in appreciation.
• Extortion – Coercion of someone else to enter into a
transaction or deliver property based on the wrongful use
of actual or threatened force, fear, or economic duress.
• Employee refuses to purchase goods or services from a vendor
unless the vendor hires one of the employee’s relatives
41
Types of Fraud
Falsifying Financial Statements
• Concealed Liabilities – Improperly recording liabilities
and/or expenses.
• Fictitious Revenues – Recording sales or services that
never occurred or inflating actual sales.
• Improper Asset Valuations – Intentionally misstating the
value of assets.
• Improper Disclosures – Not disclosing important
information in financial statements in order to mislead
others.
• Timing Differences – Intentionally misstating financial
statements by recording revenues in a different
accounting period than the corresponding expenses.
42
Elements of Fraud
Perceived
Opportunity
Fraud
Triangle
Pressure/Incentive
Rationalization
With increasing pressure and decreased internal controls,
people will explore more opportunities to create fraud.
43
Fraud Triangle
Pressure such as a financial need is the “motive” for committing the
fraud. Pressure includes living beyond one’s means or family and
relationship situations.
Rationalization The person committing the fraud frequently
rationalizes the fraud. Rationalizations may include, “I’ll pay the
money back”, “They will never miss the funds”, or, “I will just do this
just one time” or “They don’t pay me enough.”
Opportunity The person committing the fraud sees an internal
control weakness and, believing no one will notice if funds are taken,
begins the fraud with a small amount of money. If no one notices,
the amount will usually grow larger.
In any organization, the risk of fraud can be reduced.
* Of the above three, the one that management can most control is
“_________”
44
Elements of Fraud
Pressure / Incentives:
• Greed
• Financial crisis
• Gambling, alcohol, drugs
• Living beyond means
• Extramarital affair
• Mid-life crisis
• Family problems
• Revenge
• Envy
45
Elements of Fraud
Rationalization:
• It is so easy
• They don’t pay me enough
• My child is sick
• My boss does not follow the rules, so why
should I
• I’ll pay it back later
• It won’t be missed
• I work extra hours each week that I do not get
paid for
46
Elements of Fraud
Opportunities:
• Poor, weak or lack of internal controls
• Lack of monitoring the controls
• High management turnover
47
Who Commits Fraud?
•
•
•
•
•
•
•
•
Married
Between 18 and 36
Has 2 children
Owns a home
Does not have a drug or alcohol problem
Does not recognize harm to victims
Bright
Strong sense of challenge and game
playing
• Versed in technology and skillful
• Has a position of trust
48
Reporting Fraud –
Employees Do It Best
Source: Journal of Accountancy
Tip from employee
26.3%
Accidental discovery
18.8%
Internal Audit
18.6%
Internal controls
15.4%
External audit
Tip from customer
Anonymous tip
11.5%
8.6%
6.2%
Tip from Vendor
5.1%
Notification from law enforcement
1.7%
49
Prevention and Detection
Cash Larceny Scheme Red Flags:
• Cash counts and register records do not
reconcile
• Personal Checks or IOU’s are in the cash
register drawer
• Refunds or voids without supporting
documentation or authorization
• Lack of separation of duties in the custody,
authorization, and recording of cash
50
Prevention and Detection
Skimming Scheme Red Flags:
• Inadequate separation of duties
• Employees who do not take vacations, work a
lot of overtime, don’t like for others to perform
their duties or have access to their desk
• Missing register tapes or other records
• Consistent differences in register receipts to
cash on hand (overs and shorts)
51
Prevention and Detection
Billing Scheme Red Flags:
• Increase in services performed
• Falsified or altered documents
• Vendors with PO box addresses
• Delivery address other than departmental or organization
address
• Payments to unapproved vendors
• Excessive returns to vendors
• Unusually high number of P-card transactions to local
stores that provide non P-card refunds
• Duplicate purchases on P-cards on the same approximate
date, time and amount.
52
Prevention and Detection
Expense Reimbursement Scheme Red Flags:
• Original documents supporting all expenses are
not submitted
• Receipts are altered
• There are many receipts from the same vendor
• Submitted receipts are consecutively numbered
53
Prevention and Detection
Non-Cash Scheme Red Flags:
• Inventory shrinkage
• Employees who frequently visit the office after
hours
• Missing tools, equipment, office supplies, etc.
• Employees borrowing office supplies tools or
equipment
54
Prevention and Detection
Internal Controls:
• Written policies and procedures
• Authorization / approval
• Separation of duties
• Control over physical and intellectual assets/records
• Monthly reconciliation of transactions
• Supervisory review / monitoring
• Training
55
Prevention and Detection
Authorization / Approval:
• Delegate access to computing system only to
those who need it
• Users prohibited from sharing passwords
• Delegate approval authority to limited number
• Authorized approvers should review for
•
•
•
•
Business purpose
Appropriate use of funds and accounts
Adequacy of documentation
Compliance with organization rules related to
transaction
56
Prevention and Detection
Separation of Duties:
The following duties should not be performed by
the same person:
• Initiating and approving a purchase and receiving the
goods directly
• Collection money and recording the payment on the
books
• Maintaining custody of assets and taking physical
inventory
57
Prevention and Detection
Monitoring Activities:
• Timely review of departmental ledgers and ensure
unreconciled transactions are investigated
• Review P-Card and T-Card transactions
• Annual property inventory
• Surprise cash counts
• Follow-up on complaints, allegations
• Verify terminated employees are removed from the
payroll system
58
Prevention and Detection
Limitations:
Absolute assurance that fraud will be prevented is not
possible because:
• Some controls are too expensive to implement
• Management can bypass or override internal controls
• Employees may collude with each other
59
Prevention and Detection
Balancing Risks and Controls:
Excessive Risks
• Loss of assets, donors, or grants
• Poor business decisions
• Noncompliance
• Increased regulations
• Public scandals
Excessive Controls
• Increased bureaucracy
• Reduced productivity
• Increased complexity
• Increased cycle time
• Increase of non-value activities
60
Who Has the Responsibility for
Detecting/Reporting Fraud?
•
•
•
•
•
•
Management
Employees
External Auditors
Internal Auditors
Government Vendors
Public
61
Management
Responsibilities
•
•
•
•
•
•
•
Adopt and implement internal control policies
Establish a proper control environment
Assess and analyze risks
Establish control activities to address risks
Develop information and reporting systems
Perform monitoring activities
Understand and communicate your
organization’s ethics policies
62
Employee
Responsibilities
• Be aware of where fraud can occur
• Look for irregularities
• Report suspicious activities (don’t
assume others know)
• Conduct work in an ethical manner and
perform work in accordance with policies
and procedures
• Have professional skepticism
63
External Auditors Responsibilities
• Examine the government’s financial statements
• Issues
• An opinion on the financial statements
• A report on internal control over financial reporting not an opinion
• A report on compliance with laws and regulations
• Designs the audit to detect fraud that is
material to the financial statements?
• What does the above mean to you?
• Conducts fraud brainstorming sessions and is
alert to possible fraud material to the financial
64
statements
Internal Auditor Responsibilities
• Review department, division, unit and/or
program internal controls
• Review transactions for possible waste,
fraud, and abuse
• Design the audit such that fraud
significant to the audit objectives will be
detected
• If abuse comes to the auditor’s
attention, follows up on that abuse to
determine if its presence is significant to65
the audit objectives
Vendors Responsibilities
• Be aware of how and where fraud can
occur in their operations
• Look for irregularities
• Report suspicious activities (don’t
assume others know)
66
Public Responsibilities
• Report suspicious transactions or
behaviors
67
Approach to Detecting Fraud
• Exercise professional judgment
• Exercise professional skepticism
• Balance between a questioning mind and
doubting everyone
• Critical assessment of evidence
68
Management /Employee Red Flags
•
•
•
•
•
•
•
•
Personal Behavior Red Flags
Financial difficulties
• Addiction problems
Living beyond means
• Past legal problems
Divorce/family problems
• Refusal to take vacations
Control issues, unwilling to • Complaining about
share duties
inadequate pay
Wheeler-dealer attitude
• Instability in life
Unusually close association • Excessive pressure from
with vendor
within organization
Irritability, suspiciousness,
• Excessive family/peer
or defensiveness
pressure for success
Past employment-related
• Complaining about lack of
problems
authority
69
Management Red Flags
• Reluctance to provide information when
requested
• High employee turnover in high risk areas
• Lack of segregation of duties in a high-risk area
• Excessive number of checking accounts
• Increase in purchase of inventory but no
increase in productivity
• Abnormal inventory shrinkage
• Lack of physical security over assets
• Payments to vendors not on approved vendor
list
70
Employee Red Flags
• Employee lifestyle changes (expensive cars,
jewelry, homes, etc.)
• Behavior changes (drug, alcohol, gambling)
• Reluctance to provide information when
requested
• Refusal to take vacation or sick leave
• Excessive purchasing of supplies
• Inappropriate overtime hours
• A person that likes to be viewed as
indispensable
71
How to Improve Your Chance
of Detecting Fraud?
• Assume anyone can commit fraud
• Good documentation does not mean
something happened – only that someone
said it happened
• Pay attention to detail (numbers, dates,
amounts, alterations, reasonableness, etc.)
• Pay attention to hints or rumors of wrong
doing
• Look for patterns or unusual transactions
72
Potential Red Flags
• Erased or crossed out figures
• Inconsistent inks and typefaces
• Unusual dates, amounts, notes, phone
numbers, and calculations
• Consecutively numbered invoices
• Excessive voids or refunds
• Invoices in large even sums
• Multiple invoices to the same vendor just
under the bid threshold (for example - $999
or $9,999)
73
Potential Red Flags
(Continued)
•
•
•
•
•
Invoices printed on other than prepared forms
Vendor address change
Unusual number of payments to one payee
Inadequate description of item purchased
Delay in responding to request for
documentation
• Stale invoice dates
74
Expenditures of Public Funds
• Every expenditure of public funds must serve a
public purpose
• It is the responsibility of the person incurring the
expense to identify the expressed and/or
implied authority relied upon to justify the
purchase – the authority to act
• It is the responsibility of the public agency to
document the expenditure in the public records
so that the pre-auditor, post auditor, and the
public can clearly see the basis relied upon to
incur the expense
75
• Every purchase stands on its own
Case Study One
•City Fleet Department
76
Case Study One
City Fleet Department
• Parts supervisor could order, receive, and
issue parts. Could also open closed work
orders and adjust the inventory
• Suspicious transactions with three vendors
identified
• Collusion with one vendor
• Losses totaled almost $3 million over five
years.
• City employees and vendors prosecuted
• Theft was not material to each year’s internal
service fund financial statements
77
Number
of large
dollar
invoices
all for the
same
amount
78
Notice
instructions
Improper
79
Same Amounts
No Description
Consecutive #
80
Invoice
Altered
with
Whiteout
81
82
83
84
85
Summary for Case Study One
• Any weaknesses in:
•
•
•
•
•
Control environment?
Control Risk?
Control Activities?
Information and Communication?
Monitoring?
86
Where do you Place
Responsibility
• With the City?
• With the Vendors?
• With Both?
87
Case Study Two
•Leon County
Research and
Development
Authority
88
Case Study Two - Leon County
Research
and Development Authority
 Organizational Background
 Board Composition – Nine Members
 Staff – An Executive Director and an Office
Manager
 External Auditors – Same for several years
 Financial Statements – Clean opinions
 Monthly budget to actual statements prepared by the office manager
 Treasurer reports – prepared by the office
manager
 Audit Committee – well-intentioned but absent
89
a strong charter
Discovery of a $650,000 Fraud
• A change in auditors in 2010 led to
the discovery of a $650,000 fraud
that spanned 5 years
• The previous audit focused on the
revenue side, believing the
expenditure side was not a
significant risk and therefore doing
minimal testing of expenditures
90
Fiscal Year
Number of
Fraudulent
Checks
Written
Total
Amount of
Fraudulent
Checks
Total
Percent Fraud of Total Other
Operating
Total
Operating Expenses
Expenses – Expenses
Salaries,
Depreciation
& Other
$41,075
$1,014,203
4.04%
$402,495
Percent
of
Fraud
of
Other
Expenses
(Not
Including
Salaries and
Depreciation
10.2%
$1,159,355
6.98%
$468,114
17.3%
$1,387,237
12.47%
$628,398
(1)
Note:
Salaries and
Depr. Were
$758,000
$958,736
Approximately $481,410
27.5%
2005
2006
– 11
2006
2007
– 13
$80,947
2007
2008
– 30
$172,948
2008
2009
– 39
$239,684
25%
2009 -2010 19
$112,797
Total
$647451
113
Audit year in
progress
91
49.78%
Internal Controls - The Office
Manager
• Received and opened the mail to include receiving
tenant rental payments, vendor invoices for services
provided, and monthly bank statements to include
cancelled checks
• Had custody of check stock
• Had signature stamps
• Prepared invoices for payment to include preparing
checks for signature by someone other than herself
• Maintained the accounting records and prepared and
presented monthly financial and budget reports for
meetings
• Reconciled the check book to the bank statement for
review by the Executive Director. Cancelled checks
92
were not provided to the Executive Director
What Was Not Known by the
Previous Auditors or the Board
• The Office Manager was fired by her former
employer and found guilty of a felony for
embezzlement of over $100,000
• During the time the Office Manager worked for
the Board (during the day), she also performed
community service at night at the County jail as
part of her previous sentence
• No background check was performed by the
Board upon employment of the Office Manager
– the previous auditors were aware of no
background check through inquiry, noted this in
93
the working papers, but took no further action
The Office Manager
• Drove an expensive vehicle
• Lived in an expensive home
• Was married with children and was a
devoted parent
• Was well liked
• Was praised by the previous auditors in
their audit report for being helpful to
them
94
Discovery of the Fraud by the
New Auditors
• The Office Manager failed to timely respond to
records request
• The new auditors observed the Manager’s
lifestyle
• The auditors checked and verified through the
county records that a criminal history existed
• The auditors noticed a check that appeared
unusual
• The auditors made a direct request to the
bank for copies of cancelled checks
• The auditors notified the Audit Committee Chair
95
of their concern as well as the Board Chair
The Office Manager Asked to Explain
Herself at a Board Meeting
96
• The Office Manager
admitted that she did
not tell the Board when
she was hired that she
was previously fired by
her former employer
for embezzlement –
she said she was not
asked
• The Office Manager
denied any
wrongdoing while with
the Board
• The Office Manager
accused one of the Board
Members of sexual
harassment
• The Office Manager was
subsequently convicted and
sentenced to prison
• To date the Board has
received little monies back
from the former employee.
It recovered $100,000 from
its insurance company and
additional monies from the
previous auditors
97
98
99
100
101
102
103
104
105
106
107
108
What Was the Board’s (and /or
Audit Committee’s)Responsibility
10
9
• To ensure that an
adequate system
of internal control
existed
• The control
environment
• Risk activities
• Control activities
• Information and
communication
• Monitoring
• Other specific
responsibilities
• Existence of adequate
policies and procedures
• Meet with the auditors to
discuss the planned audit,
and any concerns about
risk and the system of
internal control
• To follow up on audit
findings and
recommendations and to
take corrective actions
What was the Auditor’s
Responsibility
110
• To conduct the financial
• Specific GAGAS
statement audit in accordance
• Follow up on previous
with Generally Accepted
significant findings
Government Auditing
• Exercise professional
Standards To plan the audit to
skepticism
obtain reasonable assurance
• Use professional judgment
• To use professional judgment
• Consider lower materiality
• To consider fraud in a financial
levels for government
statement audit and to provide
entities
reasonable assurance on
• Report on significant
whether the f/s are free of
deficiencies and material
material misstatement,
weaknesses in internal
whether caused by error or
control over financial
fraud
reporting
• To brainstorm about fraud risk
Opportunities to Detect Fraud
• Confirm vendor payments or year-end payables
• Obtain copies of cancelled checks directly from the bank or
review checks on-line. Instead, cancelled checks provided by
the Office manager were traced to vendor invoices and
accounting records
• Review the organization process for performing background
checks
• Requests were made to the accountant to review specific
checks. Bank statements were not reviewed
• W/P’s indicate no conditions susceptible to fraud in amounts
material to the financial statements
• Audit procedures did not vary from year to year
This was not a complicated fraud – it was a fraud of
111
opportunity and did not involve collusion among employees.
Reputational Risk
• This fraud made the front page of the local
paper on numerous occasions
• Previous Board members were
embarrassed
• The name of the Board (Park) was linked
to the fraud as opposed to its mission for
many months
• Subsequent clean audits
• For recent audits, there were no material
weaknesses, significant deficiencies, or
112
management comments.
Comment from Office Manager to previous
auditor’s inquiry about any knowledge of
fraud:
“I can honestly say that I
know of none, nor do I
know of any allegations of
fraud.”
113
Where Do you Place
Responsibility?
• With the Board?
• With the Audit Committee?
• With Management (one
person)
• With the Auditors?
• With all of them?
114
Case Study Two
• Was there a weakness in
•
•
•
•
•
Control environment?
Control risk?
Control activities?
Information and communication?
Monitoring?
115
Examples of Fraud
116
• Lack of accountability
over ticket sales
• Lack of segregation of
duties for receipt of
money and the
recording of the
money
• Writing off accounts
receivable and
subsequent collection
of the money
• Theft of supplies,
parts, fuel,
• Theft of equipment –
computers, blowers,
chain saws, lawn mowers
• Making refunds for
fictitious items
• Falsifying a travel
voucher for travel not
performed or for
payments not made
• Collusion in capital
construction projects
Other examples?
What are Some Suggestions
117
• Be aware that fraud
and abuse can exist
• Exercise professional
judgment and
professional
skepticism
• Perform background
checks
• Discuss risk and
fraud with employees
and assess the
adequacy of
mitigating controls
• Brainstorm with staff and
supervisors on risk and
controls. Document
discussions
• Look for persuasive factbased evidence of
asserted controls
• Assess the adequacy of
responses to questions
10 Tips on How to Deter Fraud
in Your Organization
1.
2.
3.
4.
5.
Integrity at the Top
Positive Reputation
New-hire Screening Process
Ethics Programs
Written Fraud Program with
Expectation of Consequences
118
10 Tips on How to Deter Fraud
in Your Organization
6.
7.
8.
9.
Communicate Policies to Vendors
Proper Handling of Investigations
Independent Internal Audit Function
Effective Internal Controls and
Auditing
10. Open Internal Reporting
119
What to Do When You Suspect or
Discover Fraud?
• Do not pursue or investigate yourself so as
not to interfere with potential future
investigations or legal proceedings
• Secure documentation
• Do not discuss with fellow employees
• Notify your supervisor
• Notify upper management (department
directors) if you do not feel that your concerns
have been investigated satisfactorily
120
Reporting Fraud
•
•
•
•
•
Report fraud as soon as you become aware of it
Don’t assume someone else will report it
Prevents fraud from growing
Discourages others from committing fraud
Employees who report fraud in good faith are
protected from retaliation
121
IMPROVING INTERNAL
CONTROLS AND REDUCING
THE LIKELIHOOD OF
FRAUD
It Starts With You!
122
Thank you!!!
Sam McCall
850 644-0651
[email protected]
123
Questions?
124

similar documents