approaches to fraud prevention bill brown: partner – forensic & litigation services tel:...

Post on 14-Dec-2015






Click to see full reader


Approaches to Fraud Prevention

Bill Brown: Partner – Forensic & Litigation Services Tel: 972-448-6966



• Introduction: Padlock vs. Bolt cutter• Goal of Fraud Prevention• Internal Controls, the “Conventional

Wisdom”• Fraud’s Impact on Prevention• The “People” Solution

Padlock Theory

Padlock Theory

• Basic internal control• Controls physical access• Safeguards property/assets• Will keep the 95% “honest” people


Bolt Cutter Theory

The Bolt Cutter Theory

• Controls will not deter the “other” 5% • The dishonest people will find a way to

“beat” the controls• They have time and energy on their side• They know where to find the bolt


Beaumont ISD$4,041,705 Fraud

Beaumont ISD

• Collusion between CFO & Controller• I8 fraudulent transfers over 16 months• Each had “Unilateral” funds transfer

authority (no $$ limitation)

Beaumont ISD Cont’

• Assumed Name Record (dba) to create bogus bank accounts: fooled the bank

• Legitimate sounding descriptions documenting transfers: fooled the District and others

Fraud Prevention Goal

The Goal of Fraud Prevention

Fraud Prevention Goal

Anti-fraud programs should be aimed at reducing the likelihood that if fraud occurs, it will not go undetected for an unreasonable amount of time

Cost vs. Benefit – can’t completely prevent fraud

Internal Controls

The Conventional Wisdom Re: Controls

General Conception

• Careful consideration & design• Proper implementation• Effective compliance/monitoring• Appropriate corrective/remedial actions• Reliance on routine auditing procedure

So What’s the Problem?

5% “Tool Kit”

Circumventing Internal Controls

• 5% have intimate knowledge of controls exposes weaknesses

• Collusion will circumvent most controls• Flawed design• Ineffective implementation• Auditing procedures can be predictable

& easily fooled

Fraud’s Impact on Prevention

What is Fraud?

A generic term, embracing all multifarious means which human ingenuity can devise and which are resorted to by individual(s) to get advantage over another byfalse suggestions or suppression of truth, and includes surprise, trick, cunning, and any unfair way by which another is cheated

Fraud Engineering

Fraudulent schemes are “engineered” (meticulously designed) to perpetrate and conceal the theft, including an exit strategy complete with “fall guys” and “alibis”

Detection is Difficult

• Fraud is an “intentional” act, often involving detailed planning and concealment

• Crooks “anticipate” the routine audit procedures, audit evidence is often fabricated

• Exploits weaknesses in routine audit procedures or internal controls

• Breach of trust• Test crash dummy – observe & adapt

Initial Detection

• Tip 43.3%• Management Review 14.6%• Internal Audit 14.4%• By Accident 7.0%• External Audit 3.3%• IT Controls 1.1%

Source: 2012 ACFE Report to the Nation

Tipsters vs. Controls

Why are tipsters, management, and internal auditors the most effective sources for the detection of fraud?

Inside Info

• Intimately familiar with “detailed” information

• First-hand knowledge: know the entity, live it daily

• See and hear what other employees say and do (lifestyle changes)

• Understand the control systems and how to circumvent

Prevention: The “People” Solution

The “People” Solution






TONE at the Top



Tone at the Top

• Establishes standards for ethical behavior• Affixes responsibility for maintaining

ethical culture• Sets positive example for others to follow

El Paso ISD: Cheating Scandal

El Paso ISD

• Wide-spread cheating scandal, state & federal accountability standards

• Superintendent created “culture of corruption” – Top administration– Campus Directors– Cutoff communications between campuses &

Central Office


• Arrest & Removal of Superintendent created a “void”

• “Culture” devised new schemes to continue the corrupt environment

• Internal audit manipulated by Superintendent & top administration

• I/A reports “draft” form >over 18 months

EPISD Cont’ I/A Failures

• Internal audit manipulated by Superintendent & top administration

• I/A reports kept in “draft” form >over 18 months to avoid public disclosure

• Board of Trustees unaware of internal audit

Informed Employees

• Informed employees will be more likely to act ethically

• Raises awareness of potentially fraudulent conduct by other employees or vendors

• Encourages reporting of fraudulent conduct (early detection)

Reporting Mechanism

• Commitment to non-retaliation• Anonymous reporting extremely

important• Appropriate response (part of the

solution or part of the problem)• Reduces detection time• Cornerstone to enterprise-wide anti-

fraud system


• Objective/probing• Identify stakeholders/isolate interested

individuals• Utilize appropriate investigative

personnel (appropriate skills)• Timely conclusion/recommendations


• Report to appropriate level within entity• Report facts upon which appropriate

action can be taken• Detailed recommendations for corrective

actions• Inform affected (especially the tipsters)

of investigative results and corrective actions taken

Goal: Reduce Detection Time:“reducing the likelihood that if fraud occurs, it

will not go undetected for an unreasonable amount of time”

Engage the 95% to improve the effectiveness of “detection” efforts

Fraudulent activity manifests itself in changes in behavior

Common Red Flags

• Living Beyond Means 35.6%• Financial Difficulties 27.1%• Close Association with Vendor 19.2%• Control Issues 18.2%• Divorce/Family Issues 14.8%• Addiction Problems 8.4%

Source: 2012 ACFE Report to the Nation

Observe Lifestyle Changes

• Spending habits: people generally spend what they steal. The more they steal, the more they spend. Fraud almost always starts small and grows.

• Behavioral changes: look for signs of drug abuse, gambling or other patterns (dress, work habits, or attitude toward others)

City Dixon, Illinois: $53,000,000 Theft

City of Dixon, Ill

• 12/18/1990 thru 4/17/2012• City Finance Officer indicted 5/1/2012,• Transferred funds to bank account in

name of City with her as signatory• Forged endorsement & deposit in fake

City account

City of Dixon, Cont’

• Always picked up City’s mail & no one saw fake bank account statements, until the end (accidental)

• Extravagant life style:– Large horse ranch (150 horses)– Two 18-wheel transport trucks– Expensive real estate– Lavish personal expenses Change in lifestyle went on for over 12 years!


• The most effective crime detection device is the Hotline.

• Expands your view to all the “eyes” in your organization.

• Cost effective• Provides a vehicle for honest employees

to contribute to the well being of the organization

95% Solution

• Your people are the best control system!–Encourage–Empower–Enlist

top related