Internal Control - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

Internal Control

Description:

Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. MAYER HOFFMAN MCCANN P.C. CONRAD GOVERNMENT SERVICES ... – PowerPoint PPT presentation

Number of Views:124
Avg rating:3.0/5.0
Slides: 50
Provided by: EWo83
Learn more at: http://media.csmfo.org
Category:

less

Transcript and Presenter's Notes

Title: Internal Control


1
Internal Control Fraud Risks for Entities with
Limited Segregation of Duties
  • Presented by Ken Al-Imam, C.P.A.
  • MAYER HOFFMAN MCCANN P.C.
  • CONRAD GOVERNMENT SERVICES DIVISION
  • (formerly Conrad and Associates, L.L.P.)
  • 2301 Dupont Drive, Suite 200
  • Irvine, California 92612
  • (949) 474-2020 Ext. 273
  • kalimam_at_cbiz.com

2
Problem
  • Integrity is difficult to measure

3
Identifying Persons Capable of Fraud
  • We expect people to be like ourselves
  • Honest and responsible
  • Usually fraudsters are persons least expect
  • Great actors

4
Classic Fraudster
  • Employed for many years
  • Loyal dependable employee
  • Never complains
  • Never asks for help
  • Works long hours (comes in early, stays late,
    works weekends)
  • Never takes vacation

5
Fraud
  • 600 billion per year
  • 6 of revenue lost to fraud
  • Average scheme lasts 18 months before detected
  • Average loss is 127,500 per entity

6
The Perpetrators
  • The higher the education, the higher the loss
  • The higher the age, the higher the loss
  • 68 done by one perpetrator, 32 involved
    collusion
  • 53.5 male, 46.5 female

7
Methods of Detection
  • External Audit 10.9
  • Internal Audit 23.8
  • Internal Controls 18.4
  • By Accident 21.3
  • Tip 39.6
  • Notified by Police 39.6

8
Factors present in all Frauds
  • Motive
  • Opportunity
  • Rationalization
  • Concealment

9
Ethics Policy
  • Important
  • Tone from top
  • Emphasize policy and enforce violations

10
Cross-training/Mandatory Vacations
  • Important
  • Helpful when have turnover
  • Some frauds are difficult to conceal if someone
    else is doing their job

11
Collusion
  • Internal controls not designed to prevent
  • Has own built-in control
  • No honor among thieves
  • Segregation between departments

12
Segregation Between Departments
  • Not a focal point of standards
  • Different persons in one department still
    requires collusion for fraud to occur
  • Segregation between individuals is the focus

13
Internal Control
  • Focus of internal control is on internal fraud
  • Difficult to control external fraud

14
Segregation of duties
  • Goal is to make it difficult to both commit the
    fraud and to conceal the fraud
  • Usually segregate access to assets from
    recordkeeping

15
Understanding Fraud Scenarios
  • Best way to develop alternative controls is to
    understand in detail how a fraud scenario for
    that transaction cycle would take place.
  • Smoke out alternative control opportunities

16
Use of auditor
  • Consult with your auditors
  • Challenge your auditors with a detailed
    discussion of the fraud scenario

17
Revenue Fraud
  • Checks (not just cash) are subject to theft
  • Take money and destroy evidence of transaction
  • Need system to ensure all money collected ends up
    in bank account

18
Revenue Fraud
  • Establish control as early as possible in process
  • Document totality of receipts immediately upon
    receipt
  • This creates controlled documentation that can be
    matched to bank deposit

19
Revenue Fraud
  • Cash register is best control
  • Or uninterrupted sequence of receipt forms
  • Watch for receipt substitutes (license
    certificates, permits, etc.)
  • List of checks received in the mail (and what do
    with list)

20
Checks Received in Mail
  • Controlled at opening
  • List or copy amounts received
  • Give copy to those maintaining records
  • Minimize number of persons handling checks
    received prior to deposit

21
Revenue Controls
  • Immediate restrictive endorsement
  • Timely deposits

22
Controls Over Person Preparing Bank Deposit
  • Often funds stolen at that point are not detected
  • Support for bank deposit can be reviewed by
    independent person
  • This can be done after the fact using the deposit
    confirmation notice

23
RevenuesAlternative Controls
  • Independent review of support for deposit
  • Can be done at the department level

24
Accounts Receivable
  • Those posting payments to customer records should
    not have access to cash/checks
  • Only give list or copies of checks
  • Or list created by mail opener agreed to deposit
  • Or independent agreement of system posting report
    to funds deposited

25
Control Over Adjustments
  • Persons posting adjustments should not be
    handling cash/checks
  • Independent approval of adjustments
  • System produces report of adjustments that are
    reviewed

26
Voided transactions
  • Should be independently approved
  • Best for approval at time of void (in presence of
    paying party)

27
Cash Disbursement Frauds
  • Fictitious Vendor
  • Payment to vendor with same or similar name as
    real vendor
  • Unauthorized disbursement
  • Unsupported disbursement

28
Alternative Controls
  • Positive Pay
  • Vendor set up
  • More than one knowledgeable person involved in
    every transaction (usually the knowledgeable
    approver will be in the same department as the
    initiator)

29
Duplicate Payment Schemes
  • Multiple payments of invoices to legitimate
    vendors

30
Cash Disbursement Controls
  • Canceling invoices (entered, etc.)
  • Cancellation of invoice (not just check copy)
  • No payments from copies or statements
  • No return to initiator (or to person with access
    to vendor master file)

31
Bank Reconciliation
  • Such a key control that it should always be
    segregated from access to assets

32
Review of Bank Reconciliation
  • Not as effective as separate preparation
  • Must be done in conjunction with examination of
    original bank statement

33
Review of Unopened Bank Statement
  • Spot check debit memo charges
  • Out of sequence checks
  • Duplicate checks
  • Trace transfers to authorizing document (with
    different initiator and approver)

34
Cancelled checks
  • Obvious forgeries
  • Evidence of check alteration
  • Multiple endorsements

35
Review of Supporting Documentation
  • Fraud cant happen because approval is required
  • But review often done before checks are printed
  • This cant detect unsupported checks created
    after this review
  • Printed checks compared to support by someone not
    involved in data entry to create check

36
Review of Supporting Documentation
  • Traditionally performed at time of check signing
  • Some one other than accounts payable personnel
    can do after checks are printed
  • Printed checks compared to support by someone not
    involved in data entry to create check

37
Review of Supporting Documentation
  • Can be done on a spot check basis (with check
    register to make sure received all checks)
  • Checks should not be returned to persons that
    initiated them

38
Review of Supporting Documentation
  • Or A/P clerks switch (dont match support for
    those checks they created)
  • Or payroll clerk print, match, and mail A/P
    checks and A/P clerk print and distribute payroll
    checks/check stubs

39
Procurement Fraud
  • Difficult to prevent and detect (collusion)
  • Bid rigging
  • Employee aids a vendor to obtain a kickback
  • Splitting purchases to avoid threshold for
    competitive quotes
  • Drafting specs so that favored vendor is
    advantaged
  • Only receiving quote from favored vendor and
    comparing to fictitious quotes

40
Procurement Fraud
  • Providing advance notice to vendor and then
    issuing request for proposals with
    unrealistically short time frame
  • Allowing favored vendor to propose late or with
    knowledge of other quotes

41
Procurement Controls
  • Emphasize in ethics policy the unacceptability of
    these specific employee behaviors
  • No purchase controlled by one person

42
Refund Schemes
  • Controls are typically weaker than for standard
    vendor payments

43
Refund Schemes
  • Cancellation of conference or travel
  • Cancellation of memberships or subscriptions
  • Returns of goods purchased

44
Expense Reimbursement
  • Focus should be on payments prior to event
  • Reimbursed but then not go and get refund
  • Follow-up to received evidence trip actually
    taken

45
Payroll Fraud
  • Focus is on fictitious employees
  • Classic control is segregate
  • Access to payroll master file
  • Payroll processing

46
Payroll Fraud
  • Often overlooked
  • Keeping an existing employee on the system

47
Alternative Controls
  • Review of payroll register
  • Review of direct deposit report from bank
  • Periodic spot-checking of a payroll register by
    HR

48
Alternative controls
  • Comparing list of terminated employees to payroll
    register
  • Department review of payroll register (labor
    distribution run) for their department
  • Department monitoring of budget
  • Reviewing cancelled checks for multiple
    endorsements

49
Questions or comments?
  • Thank you for your attention!
Write a Comment
User Comments (0)
About PowerShow.com