Fraud Awareness and Internal Controls REMA Financial Managers Conference

1
Fraud Awareness and Internal ControlsREMA
Financial Managers Conference

• August 19, 2009

2
Fraud Awareness

• What is Fraud?

One or more intentional acts designed to
deceive other persons and cause them
financial loss
3
Fraud Awareness

• The average organization loses 7 of its total
  annual revenue to fraud and abuse committed by
  its own employees.
• The most costly abuses occur in organizations
  with fewer than 100 employees by long term
  trusted employees.
• The median loss suffered by organizations with
  fewer than 100 employees was 200,000.
• Losses caused by executives are calculated to be
  sixteen times more costly than those of employees

4
Initial Detection of Occupational Frauds1
1. 2008 Report to the Nation on Occupational
Fraud and Abuse
5
Elements of Fraud

• Opportunity

Fraud
Dr. Donald Cressey
Rationalization
Motive
In order for a fraud to occur, three primary
elements must be present opportunity, motive,
rationalization. These three elements create the
widely recognized fraud triangle.
6
Opportunity

• Opportunities Attributes or policies that allow
  fraud to
• occur or that decrease the probability that fraud
  will be
• disclosed or punished
• Personally created opportunities
• Familiarity with operations, including cover-up
  capabilities
• Position of trust where employee is left on their
  own
• Close association with suppliers/vendors and
  other key people
• Collusion

7
Opportunity (cont.)

• Organizationally created opportunities
• Lack of adequate administrative, operational,
  processing or documentation controls
• Rapid turnover of key employees
• Inadequate personnel screening policies
• Dominant top management
• Constantly operating under crisis conditions

8
Opportunity (cont.)

• Organizationally created opportunities
  (continued)
• Impersonal relationships and low morale
• Inadequate Board involvement/independence
• Absence of policies and procedures
• Mergers and acquisitions
• Changing control environment
• Changing roles and responsibilities

9
Motive

• Individual Motivations
• Gambling, extramarital activity, alcohol/drugs
• Unexpected expenses-illness
• Resentment against company, boss
• Getting even or just taking what they owe me
• Living beyond ones means
• Mergers and acquisition
• Layoffs result in additional work
• Position going away over time disgruntled
• Reduction/change in benefits

10
Motive (continued)

• Management Motivations
• Insufficient working capital
• Deterioration in earnings
• Publishing overly optimistic earnings forecasts
• Stockholder/analysis pressure
• Unfavorable economic conditions
• Merger and acquisition activity-earnings pressure

11
Rationalization

• Rationalization End justifies the means
• Owed to me
• Just borrowing
• Taking a little wont hurt
• Im mistreated
• The employer deserves it
• Ill stop when.
• The employee still thinks of themselves as
  honest.
• An organization can have the best controls in the
  world
• however, if someone is motivated to commit a
  fraud they
• can not be stopped.

12
Characteristics of Fraud Perpetrators

• In general, fraud perpetrators tend to be
• In a position of trust
• Mostly high school educated or above
• Males versus females
• Have a family/children
• Motivated-often by some need
• Able to rationalize action
• Involved in community/charity

13
Conditions Conducive to Fraud

• Weakness in the system of internal
  control-segregation of duties and management
  overrides.
• Independent and domineering individuals
• nerves of steel.
• Weakness in management abilities of senior
  officers.
• Poor Maintenance of Records/Incomplete or Missing
  documentation.

14
Conditions Conducive to Fraud (continued)

• Lack of effective internal audit.
• Lack of board involvement or weak audit
  committee.
• High levels of personal indebtedness by employee.
• Account reconciliation.

15
Internal Control Framework
In many cases, you perform controls and interact
with the control structure every day, perhaps
without even realizing it.

• Monitoring
• Monthly reviews of performance reports
• Internal audit function

MONITORING

• Information Communication
• Reporting
• Corporate communications (e-mail, meetings)

INFORMATION AND
COMMUNICATION

• Control Activities
• Purchasing limits
• Approvals
• Security
• Reconciliations
• Specific policies

CONTROL ACTIVITIES

• Risk Assessment
• Internal and external events
• Internal audit risk assessment
• A strategy to manage risks

RISK ASSESSMENT
CONTROL ENVIRONMENT

• Control Environment
• Tone from the top
• Corporate Policies
• Organizational authority

An internal control structure is simply a
different way of viewing the business a
perspective that focuses on doing the right
things in the right way.
16
Your Organization Benefits from Strong Internal
Controls by

• Reducing and preventing errors in a
  cost-effective manner
• Ensuring priority issues are identified and
  addressed
• Protecting employees and resources
• Providing appropriate checks and balances
• Having more efficient audits, resulting in
  shorter timelines, less testing, and fewer
  demands on staff

17
Important Concepts

• Internal control is a process it is a means to
  an end, not an end itself.
• Internal control is affected by people its not
  merely policy manuals and forms but people at
  every level of an organization.
• Internal control can be expected to only provide
  reasonable assurance, not absolute assurance.

18
Five Key Internal Control Activities
19
1. Separation of Duties

• Divide responsibilities between different
  employees so one individual doesnt control all
  aspects of a transaction.
• Reduce the opportunity for an employee to commit
  and conceal errors (intentional or unintentional)
  or perpetrate fraud.

20
2. Documentation

• Document preserve evidence to substantiate
• Critical decisions and significant
  eventstypically involving the use, commitment,
  or transfer of resources.
• Transactionsenables a transaction to be traced
  from its inception to completion.
• Policies Proceduresdocuments which set forth
  the fundamental principles and methods that
  employees rely on to do their jobs.

21
3. Authorization Approvals

• Management documents and communicates which
  activities require approval, and by whom, based
  on the level of risk to the organization.
• Ensure that transactions are approved and
  executed only by employees acting within the
  scope of their authority granted by management.

22
4. Security of Assets

• Secure and restrict access to equipment, cash,
  inventory, confidential information, etc. to
  reduce the risk of loss or unauthorized use.
• Perform periodic physical inventories to verify
  existence, quantities, location, condition, and
  utilization.
• Base the level of security on the vulnerability
  of items being secured, the likelihood of loss,
  and the potential impact should a loss occur.

23
5. Reconciliation Review

• Examine transactions, information, and events to
  verify accuracy, completeness, appropriateness
  and compliance.
• Base level of review on materiality, risk and
  overall importance to organizations objectives.
• Ensure frequency is adequate enough to detect and
  act upon questionable activities in a timely
  manner.

24
Internal Fraud Red Flags
25
Red Flags - Employees

• Living beyond ones means
• Unusually high personal debts/financial
  difficulties
• Wheeler-dealer attitude
• Excessive gambling habits
• Alcohol problems
• Drug problems
• Feeling of being underpaid

26
Red Flags - Employees

• Feeling of insufficient recognition for job
  performance
• Poor credit rating
• Consistent rationalization of poor performance
• Never out of balance - perfect
• Secretive, territorial
• Criminal record
• Not taking vacations of more than two or three
  days

27
Red Flags - Department

• A department that lacks competent personnel
• A department that does not enforce proper
  procedures for authorization of transactions
• No separation of duties between the accounting
  functions
• No explicit and uniform personnel policies
• Inadequate attention to detail
• Criminal record

28
Red Flags - Department

• Placing too much trust in key employees
• Pay levels not commensurate with the level of
  responsibility assigned
• Failure to discipline violators of company policy
• Not adequately checking background before
  employment
• Customer complaints

29
Red Flags - Organizational

• Weak Corporate Culture and Ethics
• No Code of Ethics or Code not enforced
• No policy on Conflict of Interest
• Weak leadership
• Dominant top management
• Crisis management
• Audit not reporting to highest level
• Overly optimistic budget and earnings goals or
  results

30
Red Flags - Organizational

• Lack of planning, training, hiring and
  organizational policies
• Significant management changes
• Unusually rapid growth/profitability
• Unusual balance sheet changes or trends
• Significant related-party transactions
• Overly complex organization structure
• Complex business arrangements

31
Internal Fraud Schemes
32
Schemes Involving Cash Receipts
33
Schemes Involving Fraudulent Disbursements of
Cash
34
Schemes Involving Fraudulent Disbursements of
Cash
35
Expense Account Fraud

• The improper use of expense accounts is still a
  very common way for individuals to defraud their
  employer.
• The most common types of abuse include
• Requesting reimbursements for travel/entertainment
  that did not occur
• Expensing items as business expenses that were
  actually for personal use
• Raising the actual expense

36
Expense Account Fraud - Prevention

• Require all expense reports to be fully reviewed
  and approved by a supervisor. For the CEO,
  designate another senior manager (e.g. the CFO)
  or a Board member to review/approve the expense
  report.
• Require actual receipts (not hand written by the
  employee or photocopied) for all expenses about a
  cut-off amount (e.g. 25).

37
Purchasing Fraud

• The fraudulent purchasing of goods (either goods
  that dont exist, actual goods used for personal
  rather than business use, or over priced goods
  with a kickback going to the employee).
• In some cases, the individual may also be the
  vendor of the non-existent or over-priced
  goods.

38
Purchasing Fraud - Prevention

• Standard segregation of duties
• One individual requests goods
• Another individual receives the goods
• The independent accounts payable function pays
  for the goods (only after agreeing the purchase
  order to the receiving document and vendor
  invoice)
• All invoices should be approved by someone with
  the appropriate authority.

39
Purchasing Fraud Scheme

• Liar/Liar Purchasing Agent
• Made numerous purchases using a warehouse club
  purchasing card.
• Approved the warehouse club statement (only the
  purchasing agent saw the detail).
• Stole through buying personal items and expensing
  to the company.

40
Undeliverable Expense Checks

• Occasionally, expense checks will be returned by
  the post office as undeliverable (could be a
  legitimate or fictitious expense/vendor).
• If the individual who researches for a better
  address is not independent, then the check could
  be negotiated for the benefit of the employee.
• For legitimate expenses, when the vendor
  complains and the same individual is again
  assigned the task of researching, then the
  individual could issue another payment and,
  thereby, continue to conceal the fraud (i.e. a
  lapping scheme).

41
Undeliverable Expense Checks - Prevention

• Segregate the duties of handling returned mail
  and performing research for a better address from
  the accounts payable function.
• Any undeliverable expense checks where a better
  address cant be found should be reversed back to
  the company expense account.

42
Accounts Payable Fraud

• A ghost vendor is a common way for an accounts
  payable clerk to defraud a company.
• The clerk creates a phony invoice that appears to
  be for legitimate purchases (forms, copy paper,
  supplies, etc.)
• The clerk then processes the invoices as if they
  were legitimate.
• The phony invoices might even receive supervisor
  approval, if the supervisor doesnt review the
  invoice carefully.

43
Accounts Payable Fraud - Prevention

• Detailed invoice approval process.
• Use of an Approved Vendor List that cant be
  changed by the accounts payable clerk.
• Any payments to vendors not on the Approved
  Vendor List should be highlighted on an exception
  report that is received/reviewed by a supervisor,
  absent of any handling by the accounts payable
  clerk.

44
Employee Access to Data

• Many employees are granted access to personal
  customer data (SSN, Credit Card Numbers, etc.)
• Employees may misuse this information for
  personal gain
• Sell confidential customer information to a third
  party
• Attempt to assume a customers identity

45
Employee Access to Data- Prevention

• Employee background/credit checks
• Segregation of duties
• Monitoring of Access to Sensitive Data
• Corporate Culture (Expressing the importance of
  Security from the Top of the Organization)

46
Other Schemes - Examples

• Making payments to fictitious companies.
• Include payments to bookkeeper in groups of
  checks
• Capital credit checks
• Segregation of duties
• Regular vacations

47
Antifraud Framework

• Establishing an environment that supports
• prevention, deterrence, and detection of fraud
• requires the following fundamental components
• Creating and maintaining a culture of honesty
  based on ethics and integrity.
• Evaluating the risks of fraud and implementing
  the appropriate safeguards.
• Developing an appropriate oversight process.
• The above components are the foundation for
  building an
• antifraud framework at your company.

48
Prevention of Management Occupational Fraud

• Strengthen Internal Control
• Segregation of duties
• Physical Safeguards
• Independent checks
• Proper authorization on documents and records
• Override of existing controls
• Adequate accounting system
• Increase the perception of detection
• Employee education
• Management review of internal controls/oversight
• Dishonest acts will be punished

49
Prevention of Management Occupational Fraud
(continued)

• Reporting activities
• Hotlines
• Minimize Employee Pressures
• Open door policy
• Employee support program
• Ethics Policy
• Increased analytical review
• Mandatory vacations
• Job rotation
• Fraud policy
• Surprise audits

50
Effectiveness of Anti-Fraud Controls
51
Red Flags Rule

• Guide released on April 2nd
• Provides Q A and Examples
• Available at http//www.ftc.gov/redflagsrule
• See Cooperative.com for more information at
  https//www.cooperative.com/general/resources/redf
  lags/redflags.htm
• Delayed until November 1, 2009

52
Questions/Comments
53
Contact Information

• Sandy Sowieja, CPA, CFE
• Principal
• National Consulting Group
• NRECA
• 612-232-2663
• sandy.sowieja_at_nreca.coop