Using Internal Controls to Prevent andor Detect Fraud

1
Using Internal Controls to Prevent (and/or
Detect) Fraud

• Judy Aug, CIA, CPA
• City Utilities of Springfield
• Senior Internal Auditor

2
What is an Internal Control?

• Internal controls are a coordinated set of
  policies and procedures that reflect a
  comprehensive strategy for achieving management
  objectives.
• Internal controls are various practical means to
• Protect assets against the danger of loss or
  misuse
• Ensure that all transactions are properly
  authorized
• Purpose of internal controls is to provide good
  stewardship by ensuring that assets are properly
  safeguarded, managed and accounted for.

3
Who has responsibility for Internal Controls?

• YOU!!!!!
• Management is officially responsible for
  designing, implementing and ensuring controls are
  working.
• Controls involve everyone and everything (all
  levels of the company).
• Controls protect YOU, so be active in their
  effectiveness!
• Management must be committed to provide resources
  for, and ensure the effectiveness of, internal
  controls.

4
Internal Controls Protect -

• ALL EMPLOYEES
• Managers
• Executives/Board Members
• Owners/Shareholders
• General Public
• EVERYONE

5
How Do Internal Controls Protect?

• Internal controls protect an organizations
  employees from false accusations and help support
  actions.
• Internal controls protect an otherwise honest
  employee from temptation. Protection from self
  in extenuation circumstances or difficult times.
• Internal controls protect Management and the
  governing body by providing evidence in support
  of good oversight and proper fiduciary
  responsibilities.

6
Internal Controls

• Prevent
• Mistakes
• Oversight of details
• Unintentional errors
• FRAUD

7

• Question
• Does a good supervisor trust his/her employees?
• Answer
• YES!
• We typically dont hire people we dont trust.
• We shouldnt promote people we dont trust.
• We often dont retain people we dont trust.

8
The Role of Trust

• Trust is different than blind faith.
• Trust and internal controls are not incompatible.
• Trust is not ignoring risks.
• Remember All fraud is committed by someone
  trusted by the organization.
• TRUST BUT VERIFY!!

9
Examples of Internal Controls

• Supervisory review of documents
• Dual signature requirements
• Pre-numbered receipts
• Checks immediately stamped for deposit only
• Restricted access to documents/files/computers
• Mandatory vacations
• Budgets
• Written policies and procedures
• Fidelity bonding
• Etc., etc., etc.

10
The King of Internal Controls

• Segregation of Duties and Functions at the
  basic level separate the duties of
• Authorization for a transaction
• Recording of that transaction on the books
• Receipt of, or ensure custody of, the asset
  resulting from the transaction
• Assets includes both physical/tangible and non
  tangible assets (accounts receivable, account
  credits, allowances, write-offs)
• Incompatible duties must be segregated No
  employee should be in a position to commit an
  irregularity and then conceal it!

11
Cost vs. Benefit of Internal Controls

• Theoretically, the cost of the control should not
  exceed the expected benefits of the control.
• When costs exceed benefits could implement
  compensating controls (mandatory vacations,
  periodic rotation of duties, supervisory detail
  review, analytic review, etc.)
• Sometimes non financial benefits justify cost
  CU reviews all procurement card transactions to
  prevent misuse, bad publicity and damage to
  reputation (highly visible and heavily
  scrutinized by public).

12
Monitoring Internal Controls

• Internal controls are a lot like smoke alarms
  they arent designed to put out fires but to
  alert those who can.
• Controls can not eliminate errors and
  irregularities but can alert management to their
  presence so that timely and effective corrective
  action can be taken.
• Follow up on red flags as they occur
• Investigate all indications of potential errors
  or irregularities
• Incorporate a healthy skepticismobtain
  explanations but corroborate with supporting
  evidence (trust but verify!)

13
Occupational Fraud

• Definition The use of ones occupation for
  personal enrichment through the deliberate misuse
  or misapplication of the employing organizations
  resources or assets.
• In essence, using your job or position to get
  something you are not entitled to.

14
Fraud Occurrence

• The incidence of fraud is now so common that its
  occurrence is no longer remarkable, only its
  scale.
• Fraud, by its nature, is hidden, so the true
  amount of fraud taking place in businesses at any
  one time can not really be known.
• Many frauds are never discovered
• Many frauds are hidden for years and only losses
  of recent years are determined
• Many frauds discovered are not reported because
  of bad publicity, legal costs, time to
  investigate and prosecute, fear of repercussions,
  etc.
• US has no centralized authority to which all
  frauds must be reported

15
Who has Primary Control for Preventing Fraud?

• Internal controls prevent and detect fraud.
• Management is responsible for the internal
  control structure.
• Therefore, Management is responsible for
  preventing fraud.
• Only the governing body (BOD) is in a position to
  ensure Management fulfills its obligation to
  establish and maintain an adequate internal
  control structure.

16
Best Fraud Prevention Tool

• The single most important step that can be taken
  to prevent fraud is for Management to establish
  and maintain an effective internal control
  structure.
• Managements commitment to internal controls is
  critical to their effectiveness and fraud
  prevention.
• The best designed internal controls can not be
  effective without active involvement of
  Management.

17
ACFE Fraud Triangle

• To commit fraud an employee typically has the
  following
• Perceived pressure (professional or personal)
• Ability to rationalize fraud/compromised
  integrity
• Perceived opportunity to commit fraud
• The only factor the organization has control over
  is opportunity. Opportunity is limited through
  the use of effective internal controls.

Association of Certified Fraud Examiners
18
Categories of Occupational Fraud

• Asset misappropriation theft or misuse of
  assets (the most common type of fraud)
• Corruption employee uses influence to obtain
  unauthorized benefit
• Fraudulent statements falsification of
  financial statements (the most costly type of
  fraud)

19
ACFE 2006 Report to the Nation
20
ACFE Fraud Statistics

• Estimated 5 of annual revenues are lost to fraud
• Median loss - 159,000
• Median length of fraud scheme 18 months

ACFE 2006 Report to the Nation
21
Fraud Stats (contd)

• Average loss per fraudulent scheme increases
  with
• Position within the organization
• Length of service with the organization
• Age of perpetrator
• Income level of perpetrator
• Education level of perpetrator

ACFE 2006 Report to the Nation
22
Fraud Stats (contd)

• Average fraud loss per level of employee
• Employee 78,000
• Manager 218,000
• Owner/Executive 1,000,000
• Men perpetrate fraud more than women (61 to 39)
• Women are closing the gap as professional women
  continue to join the executive ranks and remain
  in the workforce longer.

ACFE 2006 Report to the Nation
23
Fraud Stats (contd)

• Most frauds are committed by individuals in the
  31-50 age group. However, total dollar loss of
  fraud increases with age of perpetrator.
• Majority of occupational fraudsters have never
  been charged or convicted of any fraud related
  offenses before committing their crime. These
  are not typically career criminals.

ACFE 2006 Report to the Nation
24
Fraud Stats (contd)

• Fraud perpetrator employed department
• Accounting/Finance 34.4
• Executives/Management 20.9
• Sales 14.0
• Customer Service 11.2

ACFE 2006 Report to the Nation
25
Fraud Stats (contd)

• Government and Public Admin Fraud Schemes
• Billing 21.8
• Non-cash 21.8
• Payroll 21.0
• Exp. Reimbursement 19.3
• Skimming 18.5
• Check Tampering 11.8
• Cash Larceny 10.9

ACFE 2006 Report to the Nation
26
Fraud Scheme by Area
ACFE 2006 Report to the Nation
27
Fraud and Preventive Controls

• Asset Misappropriation
• FRAUD Skimming-cash stolen from organization
  before recorded in books and records (ex.
  pocketing cash without recording sale)
• CONTROL cash drawer access only when sale is
  recorded, pre-numbered receipts/automated
  receipts only when sale recorded, supervision,
  cameras, segregate duties of recording sales,
  depositing cash and adjusting balances

28
Fraud and Preventive Controls

• Asset Misappropriation (contd)
• FRAUD Cash larceny-cash stolen from organization
  after recorded in books and records (ex.
  pocketing cash after recording sale, reducing
  deposited cash, petty cash theft)
• CONTROL cash drawer access only when sale is
  recorded, supervision, cameras, segregate duties
  of recording sales, depositing cash and adjusting
  balances

29
Fraud and Preventive Controls

• Fraudulent Disbursements
• FRAUD Billing-invoicing organization for
  fictitious goods/services with bogus vendor,
  submitting invoices for personal goods
• CONTROL pre-approved vendor lists, invoice
  approval signatures by benefiting department,
  require supervisory review and supporting
  documentation, AP require receiving documentation
  for payment on all goods, review for
  reasonableness of types of expenses

30
Fraud and Preventive Controls

• Fraudulent Disbursements (contd)
• FRAUD Exp. Reimbursement-employee makes claim
  for fictitious or inflated business expenses
  (ex.-fictitious meals on travel reimbursement)
• CONTROL require original itemized receipts for
  all expense reimbursements, supervisory review
  and sign-off, analytic review for reasonableness

31
Fraud and Preventive Controls

• Fraudulent Disbursements (contd)
• FRAUD Check tampering-stealing funds by forging
  or altering a company check, stealing checks
  payable to company
• CONTROL segregate duties-check stock access,
  payment authorization, check printing, possession
  of signatures and check mailing. Stamp incoming
  checks for deposit only immediately, ensure
  check stock and printing methods are fraud
  resistant, positive pay confirmation.

32
Fraud and Preventive Controls

• Fraudulent Disbursements (contd)
• FRAUD Payroll schemes-employee causes employer
  to issue payment for false claims for
  compensation (ex.-un-worked OT hours, ghost
  employee)
• CONTROL segregate duties-adding employees (HR)
  and paying employees (PR), require supervisory
  review and sign-off for all OT, hand deliver
  checks to all employees on surprise basis
  occasionally

33
Fraud and Preventive Controls

• Non Cash Misappropriation of Assets
• FRAUD Inventory-theft of inventory or supplies
  from warehouse or stock area, diverting incoming
  shipments for personal use
• CONTROL segregate duties-authorization,
  purchasing and receiving functions, restrict
  physical access to inventory areas, supervision,
  cameras

34
Fraud and Preventive Controls

• Non Cash Misappropriation of Assets (contd)
• FRAUD Information-theft of proprietary
  information or trade secrets, using customer
  records to commit identity theft or sell to
  competitors
• CONTROL restrict access (passwords, user roles),
  monitor users activity (file access logs), store
  sensitive information on separate server, encrypt
  sensitive data

35
Fraud and Preventive Controls

• Financial Statement Falsification
• FRAUD Concealed Liabilities-improperly recording
  liabilities and/or expenses (ex.-omit
  liabilities, capitalize expenses)
• CONTROL review capitalized assets, review
  subsequent period payments, segregate recording
  and authorization functions

36
Fraud and Preventive Controls

• Financial Statement Falsification (contd)
• FRAUD Fictitious Revenues-inflating actual sales
  or recording non existent sales (ex.-sales to
  phantom customers, false sales to existing
  customers reversed next period)
• CONTROL segregate recording, authorization and
  physical custody functions, review subsequent
  period sales adjustments and reversals, reconcile
  sales and receipts daily

37
Fraud and Preventive Controls

• Financial Statement Falsification (contd)
• FRAUD Timing Differences-recording revenues in a
  different accounting period than the related
  expenses
• CONTROL automated revenue postings with review
  of adjustments, review subsequent period sales
  and adjustments, ensure good accrual procedures,
  analytic review of revenues and expenses, promote
  ethical environment with attainable expectations,
  segregate duties

38
Fraud and Preventive Controls

• Corruption
• FRAUD Conflicts of Interest-undisclosed economic
  or personal interest in a transaction that
  adversely affects the company (ex.-employee has
  ownership interest in supplier and negotiates a
  contract for goods at an inflated price)
• CONTROL segregate authorization and acquisition
  functions, pre-approved vendor list, sealed
  competitive bidding process, periodically
  question employees for conflicts of interest

39
Fraud and Preventive Controls

• Corruption (contd)
• FRAUD Bribery-employee offers, gives, receives
  or solicits something of value for the purpose of
  influencing an act or business decision without
  knowledge to the organization (ex.-employee
  processes inflated invoices for kickback of
  profit, payment for information on competitive
  bids)
• CONTROL segregate authorization, acquisition and
  recording duties, restrict access to information,
  vendor surveys and distribution of company
  policies

40
Individual vs. Collusion

• Internal controls mitigate the risk of single
  employee fraud. Good controls prevent an
  otherwise honest person from temptation.
• Collusion is two or more individuals conspiring
  to commit fraud. This by-passes controls - one
  person convinces another person to defraud the
  company by utilizing both employees access and
  authority. This can be individuals inside and/or
  outside the company. Collusion frauds tend to be
  much more costly to the company.

41
Fraud Indicators

• Unusual bank statement items
• Increases in write-offs, refunds or credits
• Missing documentation
• Things that simply dont make sense
• Complaints from customers or other employees
• Employee tips to unusual situations
• Out of balance conditions
• Large adjustments

42
Method of Detection
ACFE 2006 Report to the Nation
43
Fraud Detection Methods

• Effective reporting system employees report
  problem areas to management and issues are dealt
  with accordingly
• Management review consistent reviews of
  discrepancies between actual and expected
  performance
• Hotline an anonymous reporting mechanism for
  employees to report possible fraud

44
Fraud Prevention Methods

• Complete and effective internal controls remove
  the opportunity for employees to commit fraud
• Promote an ethical environment employees will
  model behavior seen - good and bad
• Training/Education educate employees on fraud
  prevention, company policies, reporting
  mechanisms, internal controls, etc.
• Create awareness knowledge of fraud detection
  methods in place, addressing frauds detected and
  effective reporting structures will deter future
  frauds
• Realistic expectations unattainable
  expectations create pressure to alter results
  (meet budgets, market prices, bond ratings)
• Prevent conflicting goals incentive
  compensation based on financial results creates
  conflicting personal and professional goals and
  responsibilities

45
If Fraud is Discovered

• Notify management immediately
• Gather sufficient documentation to prove fraud
• Contact legal counsel
• Highly recommend contacting fraud specialist
• Remove employee-terminate if sufficient evidence
• Act swiftly and quietly
• Handle carefully

46

• QUESTIONS?

47

• THANK YOU!!!