Title: Fraud & Embezzlement
1Fraud Embezzlement
- Presenters
- Kirk B. Leoni, CPA (Principal) kleoni_at_nathanwechsl
er.com Kelli Boyle, CPA (Manager)
kboyle_at_nathanwechsler.com
2Why are we here?
- The median response indicated that the typical US
organization loses 7 of its annual revenue to
fraudulent activity. - This percentage applied to the estimated 2008 GDP
of 14.2 trillion would project that roughly 994
billion would be lost to fraud in 2008. - Source 2008 Report to the Nation on Occupational
Fraud and Abuse by the Association of Certified
Fraud Examiners
3How is Fraud Detected?
4Which Organizations Reported the Most Fraud?
5Control Weaknesses that Contributed to
Fraud(only selected weaknesses shown)
6Occupational Fraud Schemes by Accounting Personnel
7Fraud Triangle
OPPORTUNITY
PRESSURE / INCENTIVES RATIONALIZATION
- 10 of employees will never steal
- 10 of employees will always steal
- 80 of employees will steal if given the right
opportunity, motivation or justification
8Behavioral Red Flags
- of
cases of cases Median Loss - Living beyond means 370 38.6 250k
- Financial difficulties 327 34.1 111k
- Wheeler-dealer attitude 195 20.3
405k - Control issues
- (unwilling to share duties) 179 18.7 250k
- Divorce / Family problems 164 17.1 118k
- Unusually close association
- with vendor / customer 146 15.2 410k
- Addiction problems 128 13.3 225k
- Refusal to take vacations 65 6.8 250k
- Excessive pressure from
- within the organization 62 6.5 388k
9What is the objective of an Audit?
- The expression of an opinion about whether your
financial statements are fairly presented, in all
material respects, in conformity with U.S.
GAAP......not to detect fraud. - (According to the ACFE report to the nation, less
than 10 of fraud is discovered by an External
Audit)
10Limitations of an Audit
- Designed to obtain reasonable assurance, not
absolute assurance about whether the financial
statements are free from material misstatement
(caused by error or fraud) - Not designed to detect immaterial errors or
fraud. - Not designed to provide assurance about IC or
identify deficiencies - However, SAS 112 requires written communication
of those deficiencies the auditor becomes aware of
11Audit vs. Review vs. Compilation
- Compilation lowest level of service your
account balances assembled into financial
statement format - Review use of analysis as opposed to tracing to
source documents - Reviews Compilations do not contemplate
obtaining an understanding of IC or the
assessment of risk. - Reviews Compilations cannot be relied upon to
disclose errors, fraud or illegal acts that may
exist. - No requirement to communicate IC deficiencies
- Agreed upon procedures another option?
12Audit Responsibilities (1 of 3)
- Auditors
- Conduct the audit in accordance with GAAS
(Generally Accepted Auditing Standards) - Ensure those charged with governance are aware of
IC related matters required to be communicated - Ensure independence
13Audit Responsibilities (2 of 3)
- Governing Body (Audit Committee)
- Oversee the reliability of financial reporting
including effectiveness of internal controls - Review financial statements and determine whether
they are complete and consistent - Understand risks and exposures
- Understand the scope of the audit
14Audit Responsibilities (3 of 3)
- Management
- Properly record transactions in the accounting
records, establish and maintain internal controls - Make original accounting records and related
information available - Allow access to personnel to whom we may direct
inquiries - Provide written representations regarding the
financial statements and the effectiveness of IC - Ensure compliance with laws regulations
15Recent Developments
- SAS 104-111 Risk Assessment Standards
- Designed to improve the effectiveness of audits
- More rigorous assessment of risk
- Linkage between risks and audit procedures
- SAS 114 The Auditors Communication with those
Charged with Governance - Emphasizes our audit requirements and
communicates significant findings to the
appropriate level of governance
16Recent Developments (continued)
- SAS 112 Communicating Internal Control related
Matters Identified in an Audit - New definitions of significant deficiencies and
material weaknesses (less room for auditor
judgment) - Requires written communication of significant
deficiencies and material weaknesses
17SAS 112 Definitions
- Control Deficiency
- Exists when the design or operation of a control
does not allow for prevention or detection of a
misstatement on a timely basis - Deficiency in design a control is missing or
not properly designed - Deficiency in operation when a properly
designed control does not operate as designed or
when the person performing the control doesnt
have the necessary authority or qualifications
18SAS 112 Definitions (continued)
- Significant Deficiency
- A control deficiency (or combination of control
deficiencies) which result in a more than remote
likelihood that a misstatement that is more than
inconsequential (magnitude) will not be prevented
or detected - Material Weakness
- A significant deficiency (or combination of
significant deficiencies) that results in a more
than remote likelihood that a material
misstatement (magnitude) will not be prevented or
detected
19SAS 112 Examples
- Management letter comment
- Petty cash is not reconciled likelihood of
misstatement is more than remote the magnitude
would be inconsequential - Significant Deficiency
- Failure to perform monthly reconciliations of
significant accounts in a timely manner (AR, AP)
likelihood is more than remote however other
related procedures (bank statement review, budget
vs. actual analysis etc.) would reduce the
magnitude to less than material but more than
inconsequential -
- Material Weakness
- Same individual receives the bank statement,
prepares reconciliation and has check signing
authority. There is no formal review of the bank
reconciliations likelihood is more than remote
magnitude could be material
20Fraud Examples in the News
- Payroll Compensation
- Fictitious employees San Jose, CA employee
embezzled 11m from her employer by providing
false payroll data to a processing company and
forging signatures - People behave the way you pay them to behave
- Dominos Driver ran red light speeding to make
30-minute delivery. Woman received 750k in
actual damages 78m in punitive damages. - Commissions based on gross sales only (billing
schemes)
21Fraud Examples in the News
- Lack of oversight
- Portland, ME partner in Verrill Dana, LLP was
fired for stealing money from the firm and
clients - Managed private trusts and bank accounts
- Over billed clients
- Stole money from private accounts
- Redirected funds to himself that should have gone
to the firm - Stole over 400k
22Fraud Examples in the News
- White-Collar Crime Honest Person Turned Felon
(embezzled over 250,000) - CPA at local accounting firm in North Carolina
- Handled Trusts and Retirement accounts for
corporate and individual clients - Felt the need to keep up with the Joneses by
spending money they didnt have - Poster boy for the Fraud Triangle
23Action Steps
- Independent review of bank statements
- Conduct a brainstorming session with
appropriate staff and board members to identify
risk areas - Review Understanding Internal Control document
- Review Audit Organizer for proactive tips your
organization can use to be prepared for an audit - Establish a whistleblower protection policy
- Conduct background checks on employees
- Utilize internal control checklists to help
identify weaknesses - Provide employee training
- Monitor internal controls!
- available at nathanwechsler.com
- (under Resources gt NW Insights)