colors i like (in this presentation) anti-fraud and the internal audit function proactive measures...
TRANSCRIPT
Anti-Fraud and the Internal Audit Function
Proactive Measures for Finding Fraud, Waste, and Abuse
Washington, D.C. IIA ChapterJanuary 16, 2013
2
• Introduction• Defining Fraud – ACFE Statistics• Auditor Responsibilities• Developing a Robust Anti-Fraud
Program• Overview• Discussion of Specific Elements
• Questions/Discussion
Agenda
3
• Manager of Anti-Fraud & AP Recovery Services• BA (Accounting) Baldwin-Wallace College• Certified Internal Auditor• Certified Fraud Examiner• Certified Internal Controls Auditor• CPA Candidate• Past President of NE Ohio ACFE Chapter • Past Audit Director - The Scott Fetzer Company
Paul J. Soos – CIA, CFE, CICA
4
About CBIZ, Inc.
CBIZ MHM offices in major cities,
nationwide.
5
About CBIZ, Inc. (cont.)
• CBIZ is the 7th largest provider of professional services in the U.S. and is NYSE listed
(CBZ) • 4,500 people in 200 offices across the USA• CBIZ provides consulting and advisory
services for HR, CFOs and CIOs• Global coverage in 70 countries – Partners
with Kreston International
6
About CBIZ Risk & Advisory Services• CBIZ Risk & Advisory Services (RAS) is the National Internal Audit and
Sarbanes-Oxley practice within CBIZ• Internal Audit: Significant experienced practitioners with prior Fortune
1000 and Big 4 experience• Sarbanes-Oxley: More than 900 CPAs, CIAs, CFEs, CISAs and technical
professionals• Strong Anti-Fraud Practice – Prevention, Detection and Investigative
Services• Significant depth in a wide variety of IT audit services including general
controls, application controls, security, and disaster recovery planning
• Local access: In major cities throughout the United States • High percentage of Director and Manager time included in every
engagement• Our practitioners have greater than 15 years of internal audit experience• Independent: No attest work to cause independence conflicts
7
Anti-Fraud Services – Two Service Lines
Reactive Investigations• A problem is suspected• Quantification• Prove elements of offense• Recovery focused
– Insurance– Restitution– Civil remedies
• All-Size Companies
Fraud Prevention/Detection• Fraud Risk Assessments
– Evaluating Controls Through Eyes of a Forensic Accountant
• Data Mining/Analysis– Seek indicators of
fraudulent activity– “Checkbook Analysis”
• All-Size Companies
8
Financial Statement Auditors
Private Investigators
Forensic/Investigative Accountants
Investigations – Anti-Fraud Consultants
9
Understanding Fraud
• ACFE Report to the Nation Statistics• The Fraud Triangle• Most Common Schemes
– In Total– By Industry– By Size of Company
• Likely Perpetrators
10
• Survey of CFE’s – 1,388 cases (01/10 – 12/11)• Median loss - $140,000 – 20%+ over $1 million• Median length of scheme – 18 months, which means
that it was not uncovered during a year-end audit• Asset misappropriation – 87% of all cases with a
median loss of “only” $120K• Financial Statement Fraud – only 8% of all cases, but
a median loss of over $1 million• Corruption schemes fell in the middle, comprising just
under one-third of cases and causing a median loss of $250,000.
ACFE Report to the Nation (2012)
11
• Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2011 Gross World Product, this figure translates to a potential total fraud loss of more than $3.5 trillion.
ACFE Report to the Nation (2012)
12
• Small organizations are disproportionately victimized by occupational fraud, and suffer the largest median losses. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable.
ACFE Report to the Nation (2012)
13
• The industries most commonly victimized in the study were:– Banking/financial services– Government and public administration– Manufacturing sectors
ACFE Report to the Nation (2012)
14
• High-level perpetrators cause the greatest damage to their organizations. Frauds committed by owners/executives were more than three times as costly as frauds committed by managers, and more than nine times as costly as employee frauds. Executive-level frauds also took much longer to detect.
ACFE Report to the Nation (2012)
15
• Almost 80% of the frauds in the study were committed by individuals in one of six departments:
• Accounting• Operations• Sales• Executive/Upper Management• Customer Service• Purchasing
ACFE Report to the Nation (2012)
16
• 87% of fraudsters in the study had never been previously charged or convicted for a fraud-related offense and 84% had never been punished or terminated by an employer for fraud-related conduct. This finding is consistent with prior studies.
ACFE Report to the Nation (2012)
17
• Fraud perpetrators often display warning signs that they are engaging in illicit activity. The most common behavioral red flags displayed by the perpetrators in our study were:– Living beyond their means (36% of cases)– Experiencing financial difficulties (27%)– Close relationships with vendors/customers (19%)– Excessive control issues (18%)
ACFE Report to the Nation (2012)
18
• 49% of victims have not recovered ANY of the perpetrator’s takings. This finding is consistent with prior studies, which show 40% - 50% of victim organizations do not recover any of their fraud-related losses.
• Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. They looked at the effect of 16 common controls on the median loss and duration of the frauds. Victim organizations that had these controls in place had significantly lower losses and time-to-detection than organizations without the controls.
ACFE Report to the Nation (2012)
19
• Profile of common victims and perpetrators• Identifies most common fraud schemes• Quantifies rate of occurrence and relative
losses• In short – know what to look for• Evaluate your fraud risk and procedures
What Can the Report Do For Us?
20
The Fraud Triangle – Donald Cressey
Opportunity
Incentive
Rationalization
21
Distribution of Losses
< $200,000 $200,000 - $399,999
$400,000 - $599,999
$600,000 - $799,999
$800,000 - $999,999
> $1,000,0000.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0% 55.5%
12.8%
5.7%3.5% 1.9%
20.6%
Dollar Loss
Per
cen
t of
Cas
es
22
Asset Misappropriation – 86.7% - $120K• Stealing stuff – $ (88%), Inventory, Other Assets• Billing schemes, T&E, check tampering
Corruption Schemes – 33.4% - $250K• Conflicts of interest, bribery, improper gratuities
Fraudulent Financial Statements – 7.6% - $1M• Concealed liabilities, fictitious revenues,
improper valuation
The Three Main Types of Fraud
23
Asset Misappropriation Sub-CategoriesSchemes Involving Theft of Cash Receipts
CATEGORY
Skimming
14.6%$58K
Cash Larceny
11.0%$54K
DESCRIPTION
Any scheme in which cash is stolen from an organization before it is recorded on the organization’s books and records
Any scheme in which cash is stolen from an organization after it has been recorded on the organization’s books and records
EXAMPLES
Employee accepts payment from a customer but does not record sale, and instead pockets the money
Employee steals cash and/or checks from daily receipts before they can be deposited in the bank
24
Asset Misappropriation Sub-CategoriesSchemes Involving Fraudulent Disbursements of Cash
CATEGORY
Billing24.9%$100K
T&E Reimbursement14.5%$26K
DESCRIPTION
Any scheme in which a person causes his employer to issue a payment by submitting invoices for fictitious goods or services, inflated invoices, or invoices for personal purchases
Any scheme in which an employee makes a claim for reimbursement of fictitious or inflated business expenses
EXAMPLES
Employee creates a shell company and bills employer for services not actually rendered
Employee purchases personal items and submits invoice to employer for payment
Employee files fraudulent expense report, claiming personal travel, nonexistent meals, etc.
25
Asset Misappropriation Sub-CategoriesSchemes Involving Fraudulent Disbursements of Cash (cont.)
CATEGORY
Check Tampering11.9%$143K
DESCRIPTION
Any scheme in which a person steals his employer’s funds by intercepting, forging, or altering a check drawn on one of the organization’s bank accounts
EXAMPLES
Employee steals blank company checks, makes them out to himself or an accomplice
Employee steals outgoing check to a vendor, deposits it into his own bank account
26
Asset Misappropriation Sub-CategoriesSchemes Involving Fraudulent Disbursements of Cash (cont.)
CATEGORY
Payroll9.3%$48K
Cash Register Disbursements3.6%$25K
DESCRIPTION
Any scheme in which an employee causes his employer to issue a payment by making false claims for compensation
Any scheme in which an employee makes false entries on a cash register to conceal the fraudulent removal of cash
EXAMPLES
Employee claims overtime for hours not worked
Employee adds ghost employees to the payroll
Employee fraudulently voids a sale on his cash register and steals the cash
27
Asset Misappropriation Sub-CategoriesOther Asset Misappropriation Schemes
CATEGORY
Cash on Hand11.8%$20K
Non-Cash17.2%$58K
DESCRIPTION
Any scheme in which the perpetrator misappropriates cash kept on hand at the victim organization’s premises
Any scheme in which an employee steals or misuses non-cash assets of the victim organization
EXAMPLES
Employee steals cash from a company vault
Employee steals inventory from a warehouse or storeroom
Employee steals or misuses confidential customer financial information
28
Fraudulent Asset MisappropriationCategory Cases % of Cases Median Loss
Skimming 203 14.6% $58,000
Cash Larceny 152 11.0% $54,000
Billing Schemes 346 24.9% $100,000
T&E Reimbursements 201 14.5% $26,000
Check Tampering 165 11.9% $143,000
Payroll 129 9.3% $48,000
Register Disbursements 50 3.6% $25,000
Cash on Hand 164 11.8% $20,000
Non-Cash 239 17.2% $58,000
29
Frauds by Industry
Industry CasesMost
Common
Second Most
Common
Financial Services 229 Corruption Cash on Hand
Government 141 Corruption Billing
Manufacturing 139 Corruption Billing
Health Care 92 Billing Corruption
Education 88 Billing T&E
Retail 83 Non-Cash Corruption
Insurance 78 Billing Corruption
Professional Services 55 Billing Corruption
30
Victim Organizations of Fraud (Size)
> 10,000 (20.6%)
1,000 - 9,999 (28.1%)
100 - 999 (19.5%)
< 100 (31.8%)
$0 $50,000 $100,000 $150,000 $200,000
$140,000
$100,000
$150,000
$147,000
Median Loss
Em
plo
yees
31
Profile of Perpetrators
• Position• Gender• Age• Tenure• Education Level• History
32
The Position of Perpetrators
$573,000
$182,000
$60,000
$0 $300,000 $600,000 $900,000
Owner/Executive (17.6%)
Manager (37.5%)
Employee (41.6%)
Median Loss
Pos
itio
n o
f Per
pet
rato
r (%
of C
ases
)
33
The Gender of Perpetrators
$100,000
$232,000
$0 $300,000
Female (35.0%)
Male (65.0%)
Median Loss
Gen
der
(%
of C
ases
)
34
The Age of Perpetrators
<26 26-30 31-35 36-40 41-45 46-50 51-55 56-60 >600.0%
5.0%
10.0%
15.0%
20.0%
25.0%
5.8%
9.8%
16.1%
18.0%19.6%
13.5%
9.0%
5.2%
3.1%
Age of Perpetrator
Per
cen
t of
Cas
es
35
The Age of Perpetrators
<26 26-30 31-35 36-40 41-45 46-50 51-55 56-60 >60$0
$250,000
$500,000
$750,000
$25,000 $50,000
$100,000 $150,000
$183,000 $200,000
$600,000
$232,000 $250,000
Age of Perpetrator
Med
ian
Los
s
36
The Age of Perpetrators (2010 Survey)
$15,000$60,000
$120,000 $127,000
$270,000 $265,000$321,000
$428,000
$974,000
$0
$250,000
$500,000
$750,000
$1,000,000
$1,250,000
<26 26-30 31-35 36-40 41-45 46-50 51-55 56-60 >60
Age of Perpetrator
Med
ian
Los
s
37
The Tenure of Perpetrators
<1 Yr (5.9%)
1-5 Yrs (41.5%)
6-10 Yrs (27.2%)
10+ Yrs (25.3%)
$0 $100,000 $200,000 $300,000
$25,000
$100,000
$200,000
$229,000
Median Loss
Ten
ure
wit
h V
icti
m O
rgan
iza-
tion
(% o
f C
ases
)
38
The Education Level of Perpetrators
Other (0.5%)
High School or Less (25.3%)
Some College (20.5%)
College Degree (36.9%)
Postgraduate Degree (16.9%)
$0 $150,000 $300,000 $450,000
$38,000
$75,000
$125,000
$200,000
$300,000
Median Loss
Ed
uca
tion
Lev
el o
f P
erp
etra
tor
(% o
f C
ases
)
39
Perpetrator’s Criminal/Employment History• Only 5.6% of the fraud perpetrators in the study
had been previously convicted of a fraud-related offense, and another 5.9% were charged but not convicted, which has been virtually unchanged since 2008.
• 83.7% had never been punished or terminated by a previous employer.
• These statistics suggest that criminal background checks and employment checks may have some effect in preventing fraud, but the effect is probably limited.
40
Behavioral Red Flags of Perpetrators
Organizational Pressure
Refusal to Take Vacations
Inadequate Pay Complaints
Past Employment Issues
Addiction Problems
Irritability/Defensiveness
Wheeler-Dealer Attitude
Divorce/Family Problems
Control Issues
Close Vendor/Customer Relations
Financial Difficulties
Living Beyond Means
0.0% 10.0% 20.0% 30.0% 40.0%
6.5%
6.5%
7.9%
8.1%
8.4%
12.6%
14.8%
14.8%
18.2%
19.2%
27.1%
35.6%
Percent of Cases
Red
Fla
g (%
Of
Cas
es)
41
How is Fraud Detected?Percent Occurrence Quiz
Name potential methods of detection
42
How is Fraud Detected?
Alphabetical Listing1. Account Reconciliation2. By Accident 3. Document Examination4. External Audit5. Internal Audit6. Management Review7. Notified by Police8. Tip
Percent Occurrence Quiz
43
How is Fraud Detected?
Notified by Police
0% 10% 20% 30% 40% 50%
0.03
Det
ecti
on M
eth
od
% of Cases
44
How is Fraud Detected?
Notified by Police
External Audit
0% 10% 20% 30% 40% 50%
3.0%
3.3%
Det
ecti
on M
eth
od
% of Cases
45
How is Fraud Detected?
Notified by Police
External Audit
Document Examination
0% 10% 20% 30% 40% 50%
3.0%
3.3%
4.1%
Det
ecti
on M
eth
od
% of Cases
46
How is Fraud Detected?
Notified by Police
External Audit
Document Examination
Account Reconciliation
0% 10% 20% 30% 40% 50%
3.0%
3.3%
4.1%
4.8%
Det
ecti
on M
eth
od
% of Cases
47
How is Fraud Detected?
Notified by Police
External Audit
Document Examination
Account Reconciliation
By Accident
0% 10% 20% 30% 40% 50%
3.0%
3.3%
4.1%
4.8%
7.0%
Det
ecti
on M
eth
od
% of Cases
48
How is Fraud Detected?
Notified by Police
External Audit
Document Examination
Account Reconciliation
By Accident
Internal Audit
0% 10% 20% 30% 40% 50%
3.0%
3.3%
4.1%
4.8%
7.0%
14.4%
Det
ecti
on M
eth
od
% of Cases
49
How is Fraud Detected?
Notified by Police
External Audit
Document Examination
Account Reconciliation
By Accident
Internal Audit
Management Review
0% 10% 20% 30% 40% 50%
3.0%
3.3%
4.1%
4.8%
7.0%
14.4%
14.6%
Det
ecti
on M
eth
od
% of Cases
50
How is Fraud Detected?
Notified by Police
External Audit
Document Examination
Account Reconciliation
By Accident
Internal Audit
Management Review
Tip
0% 10% 20% 30% 40% 50%
3.0%
3.3%
4.1%
4.8%
7.0%
14.4%
14.6%
43.3%
Det
ecti
on M
eth
od
% of Cases
51
Median Loss By Detection Method
Management Review (14.6%)
Account Reconciliation (4.8%)
Tip (43.3%)
By Accident (7.0%)
Confession (1.5%)
External Audit (3.3%)
Other (1.1%)
Notified by Police (3.0%)
$0 $250,000 $500,000 $750,000 $1,000,000
123,000
124,000
144,000
166,000
225,000
370,000
378,000
1,000,000
Median Loss
Det
ecti
on M
eth
od
(% o
f C
ases
)
52
Source of Tips?
Quiz
Name potential sources of tips
53
Source of Tips?
Alphabetical Listing1. Anonymous2. Competitor 3. Customer4. Employee5. Other6. Shareholder/Owner7. Vendor
54
Source of Tips
Competitor
-10% 0% 10% 20% 30% 40% 50% 60%
0.015
Det
ecti
on M
eth
od
% of Cases
55
Source of Tips
Competitor
Shareholder/Owner
-10% 0% 10% 20% 30% 40% 50% 60%
1.5%
2.3%
Det
ecti
on M
eth
od
% of Cases
56
Source of Tips
Competitor
Shareholder/Owner
Vendor
-10% 0% 10% 20% 30% 40% 50% 60%
1.5%
2.3%
9.0%Det
ecti
on M
eth
od
% of Cases
57
Source of Tips
Competitor
Shareholder/Owner
Vendor
Other
-10% 0% 10% 20% 30% 40% 50% 60%
1.5%
2.3%
9.0%
11.6%
Det
ecti
on M
eth
od
% of Cases
58
Source of Tips
Competitor
Shareholder/Owner
Vendor
Other
Anonymous
-10% 0% 10% 20% 30% 40% 50% 60%
1.5%
2.3%
9.0%
11.6%
12.4%
Det
ecti
on M
eth
od
% of Cases
59
Source of Tips
Competitor
Shareholder/Owner
Vendor
Other
Anonymous
Customer
-10% 0% 10% 20% 30% 40% 50% 60%
1.5%
2.3%
9.0%
11.6%
12.4%
22.1%
Det
ecti
on M
eth
od
% of Cases
60
Source of Tips
Competitor
Shareholder/Owner
Vendor
Other
Anonymous
Customer
Employee
0% 10% 20% 30% 40% 50% 60%
1.5%
2.3%
9.0%
11.6%
12.4%
22.1%
50.9%
Det
ecti
on M
eth
od
% of Cases
61
Conclusions/Recommendations• Occupational fraud is a global problem.
• Fraud reporting mechanisms, such as hotlines, are a critical component of an effective fraud prevention and detection system.
• Organizations tend to over-rely on audits, especially external audits.
• Audits should not be relied upon exclusively for fraud detection.
• Employee education is the foundation of preventing and detecting occupational fraud.
• Most frauds are detected by tips.
62
Conclusions/Recommendations• Organizations that have anti-fraud training for employees
and managers experience lower fraud losses. • Surprise audits are an effective, yet underutilized, tool in
the fight against fraud.
• While surprise audits can be useful in detecting fraud, their most important benefit is in preventing fraud by creating a perception of detection.
• Small businesses are particularly vulnerable to fraud.
• Managers and owners of small businesses should focus their control investments on the most cost-effective mechanisms, such as hotlines and setting an ethical “tone from the top” for their employees.
63
Conclusions/Recommendations• Internal controls alone are insufficient to fully prevent
occupational fraud.• Fraudsters exhibit behavioral warning signs of their
misdeeds which will not be identified by traditional controls.
• Auditors and employees alike should be trained to recognize the common behavioral signs that a fraud is occurring and encouraged not to ignore them.
• Given the high costs of occupational fraud, effective fraud prevention measures are critical.
64
Internal Audit’s Role• What are our responsibilities?• What do others (management, the board,
stakeholders) think our responsibilities are?• How much time do we spend considering
fraud matters?• Do we incorporate fraud risks into our risk
assessment?• Do we use fraud specialists to
supplement/train our staff?
65
SAS 99 Considerations• Description and characteristics of fraud
This section describes fraud and its characteristics. • The importance of exercising professional skepticism
This section discusses the need for auditors to exercise professional skepticism when considering the possibility that a material misstatement due to fraud could be present.
• Discussion among engagement personnel regarding the risks of material misstatement due to fraudThis section requires, as part of planning the audit, that there be a discussion among the audit team members to consider how and where the entity's financial statements might be susceptible to material misstatement due to fraud and to reinforce the importance of adopting an appropriate mindset of professional skepticism.
66
SAS 99 Considerations• Obtaining the information needed to identify risks of
material misstatement due to fraudThis section requires the auditor to gather information necessary to identify risks of material misstatement due to fraud, by
• Inquiring of management and others within the entity about the risks of fraud.
• Considering the results of the analytical procedures performed in planning the audit.
• Considering fraud risk factors. • Considering certain other information.
• Identifying risks that may result in a material misstatement due to fraudThis section requires the auditor to use the information gathered to identify risks that may result in a material misstatement due to fraud.
67
SAS 99 Considerations• Assessing the identified risks after taking into account
an evaluation of the entity's programs and controlsThis section requires the auditor to evaluate the entity's programs and controls that address the identified risks of material misstatement due to fraud, and to assess the risks taking into account this evaluation.
68
SAS 99 Considerations• Responding to the results of the assessment
This section emphasizes that the auditor's response to the risks of material misstatement due to fraud involves the application of professional skepticism when gathering and evaluating audit evidence. The section requires the auditor to respond to the results of the risk assessment in three ways:
1. A response that has an overall effect on how the audit is conducted, that is, a response involving more general considerations apart from the specific procedures otherwise planned.
2. A response to identified risks that involves the nature, timing, and extent of the auditing procedures to be performed.
69
SAS 99 Considerations• Responding to the results of the assessment
This section emphasizes that the auditor's response to the risks of material misstatement due to fraud involves the application of professional skepticism when gathering and evaluating audit evidence. The section requires the auditor to respond to the results of the risk assessment in three ways:
3. A response involving the performance of certain procedures to further address the risk of material misstatement due to fraud involving management override of controls. The procedures include:
• Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud.
• Reviewing accounting estimates for biases that could result in material misstatement due to fraud.
• Evaluating the business rationale for significant unusual transactions.
70
SAS 99 Considerations• Evaluating audit evidence
This section requires the auditor to assess the risks of material misstatement due to fraud throughout the audit and to evaluate at the completion of the audit whether the accumulated results of auditing procedures and other observations affect the assessment. It also requires the auditor to consider whether identified misstatements may be indicative of fraud and, if so, directs the auditor to evaluate their implications.
71
SAS 99 Considerations• Communicating about fraud to management, the audit
committee, and othersThis section provides guidance regarding the auditor's communications about fraud to management, the audit committee, and others.
• Documenting the auditor's consideration of fraudThis section describes related documentation requirements.
72
CFO Magazine
• Start at the top• Educate employees
• Change the culture ASAP
• Hold surprise audits• Check (and double-check) employee backgrounds• Prepare a data-breach response plan• Make sure the Board of Directors plays its role
March 2011 Article – Where There’s Smoke, There’s Fraud
An Action Plan
73
Tone From the Top
Two prevailing attitudes regarding fraud:
• We would never hire someone like that (head in the sand)
• We are willing to be proactive in making sure that these situations do not occur (professional skepticism)
74
Primary Internal Control Weakness Observed by CFEs
Lack of Fraud Education
Lack of Independent Checks
Lack of Competent Oversight
Poor Tone at the Top
Lack of Maganement Review
Override of Existing I/C
Lack of Internal Controls
0% 5% 10% 15% 20% 25% 30% 35% 40%
2.5%
3.3%
7.3%
9.1%
18.7%
19.4%
35.5%
Mos
t Im
port
ant
Con
trib
utin
g F
acto
r
% of Cases
75
Frequency of Anti-Fraud Controls
Surprise AuditsFormal Fraud Risk Assessments
Anti-Fraud PolicyEmployee Fraud Training
Management Fraud TrainingHotline
Employee Support ProgramsIndependent Audit Committee
Management ReviewExternal Audit of ICOFR
Internal Audit DepartmentManagement F/S Certification
Code of ConductExternal F/S Audit
0% 25% 50% 75% 100%
32.2%35.5%
46.6%46.8%47.4%
54.0%57.5%
59.8%60.5%
67.5%68.4%68.5%
78.0%80.1%
Ant
i-F
raud
Con
trol
% of Cases
76
Dollar Impact of Anti-Fraud ControlsControl
% Implemented
Control In Place
Control Not In Place
% Reduction
Management Review 60.5% $100,000 $185,000 45.9%
Employee Support Programs 57.5% $100,000 $180,000 44.4%
Hotline 54.0% $100,000 $180,000 44.4%
Manager/Executive Fraud Training
47.4% $100,000 $158,000 36.7%
External Audit of ICOFR 67.5% $120,000 $187,000 35.8%
Employee Fraud Training 46.8% $100,000 $155,000 35.5%
Anti-Fraud Policy 46.6% $100,000 $150,000 33.3%
Formal Fraud Risk Assessments 35.5% $100,000 $150,000 33.3%
Internal Audit Department 68.4% $120,000 $180,000 33.3%KEY:
External Audit of F/S = Independent external audits of the organization’s financial statementsInternal Audit / FE Department = Internal audit department or fraud examination department
External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reportingManagement Certification of F/S = Management certification of the organization’s financial statements
77
Duration Impact of Anti-Fraud ControlsControl
% Implemented
Control In Place
Control Not In Place
% Reduction
Job Rotation/Mandatory Vacation 16.7% 9 months 24 months 62.5%
Rewards for Whistleblowers 9.4% 9 months 22 months 59.1%
Surprise Audits 32.3% 10 months 24 months 58.3%
Code of Conduct 78.0% 14 months 30 months 50.0%
Anti-Fraud Policy 46.6% 12 months 24 months 50.0%
External Audit of ICOFR 67.5% 12 months 24 months 50.0%
Formal Fraud Risk Assessments 35.5% 12 months 24 months 50.0%
Employee Fraud Training 46.8% 12 months 24 months 50.0%
Manager/Executive Fraud Training
47.4% 12 months 24 months 50.0%
KEY:External Audit of F/S = Independent external audits of the organization’s financial statementsInternal Audit / FE Department = Internal audit department or fraud examination department
External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reportingManagement Certification of F/S = Management certification of the organization’s financial statements
78
Anti-Fraud Program ComponentsOften Managed by Internal Audit
– Should Incorporate Board of Directors and Senior Management Involvement –
Prevention Detection Response
Organizational Ethics Policy
Employee and Vendor Validations
Transactional and/or Process-Specific Anti-Fraud Controls
Reporting Mechanisms (i.e. Hotlines)
Fraud Detection Analyses Continuous Monitoring
Process/protocols for: Internal
Investigations Disciplinary Actions Remediation to
Prevent Repeat Occurrences
Adequate Insurance
– Continuous Evolution –Program components should be periodically evaluated for effectiveness, efficiency, and to ensure current organizational anti-fraud risks, or goals, are addressed.
79
Areas of Proactive Fraud Reviews
Accounts Payable/Human Resources Testing Vendor Master File (incomplete records, shared
addresses, TIN, phone) Invoice Testing (even dollar, sequential, numbering) Employee Testing (SSN, shared addresses, bank
accounts) Shell company (vendors and employees sharing info –
addresses, bank accounts)
80
Vendors/Employees Sharing Addresses
Vendor Name Vendor Address 1Employee
NameEmployee Address 1
Employee City
Invoice Amount
SOUTH EDUCATORS 709 MALL BLVD X, Lynn 709 Mall Boulevard Savannah 1,917,034.00$
GREEN VAUGHN LLC 709 MALL BOULEVARD X, Lynn 709 Mall Boulevard Savannah 746,688.96
HOLIDAY INN NEWTON 399 GROVE STREET X, Brian 399 Grove St. New ton 305,620.00
THE INCENTIVE SHOP 706 DUNCAN AVENUE X, Phyllis 706 Duncan Ave. Pittsburgh 190,838.00
ALBERT GREENSTONE 750 PARK AVENUE, NE X, Ophelia 750 Park Ave Atlanta 52,174.23
R KEITH & LIZ SWICK RT 1 BOX 775 X, Elizabeth Route 1 Box 775 Clarksburg 24,874.06
TESTA CONSULTING SERVICES INC 40 24TH STREET X, Vincent 40 24th St Pittsburgh 20,538.24
CULINARY THOUGHTS 2927 AVENUE D. X, Michael 2927 Avenue D Katy 12,272.30
DAY'S LAWN CARE, INC 2343 NOTTINGHAM NW X, Toni 2343 Nottingham NW Massillon 11,523.60
LOIS NENES 2927 AVENUE D X, Michael 2927 Avenue D Katy 11,000.00
81
Areas of Proactive Fraud Reviews(continued)
Purchase/Procurement Card (P-Card) Transactional/monthly/credit limit Potential split transactions Prohibited categories High-risk merchants (PayPal) Other policy violations
82
Areas of Proactive Fraud Reviews(continued)
Travel & Entertainment (T&E) Policy compliance (company card, agency, etc.) Potential split transactions Prohibited categories High-risk merchants (airfare)
Wire Transfers and ACH Transactions Policy compliance/approvals Tie in to vendor testing
83
Conflict of Interest
84
1. Is ongoing anti-fraud training provided to all employees of the organization?
2. Is an effective fraud reporting mechanism in place?
3. To increase employees’ perception of detection, are the following proactive measures taken and publicized to employees?
– Is fraudulent conduct proactively sought out?– Are surprise audits performed?– Is continuous auditing software utilized?
4. Is the management climate/tone at the top one of honesty and integrity?
Fraud Prevention Checklist
85
5. Are fraud risk assessments performed to proactively indentify and mitigate the company’s vulnerabilities to internal and external fraud?
6. Are strong anti-fraud controls in place and operating effectively, including the following?
• Proper separation of duties• Use of authorizations• Physical safeguards • Job rotations• Mandatory vacations
Fraud Prevention Checklist
86
7. Does the internal audit department, if one exists, have adequate resources and authority to operate effectively and without undue influence from senior management?
8. Does the hiring policy include the following (where permitted by law)?
• Past employment verification• Criminal and civil background checks• Credit checks• Drug screening• Education verification• References check
Fraud Prevention Checklist
87
9. Are employee support programs in place to assist employees struggling with addictions, mental/emotional health, family or financial problems?
10. Is an open-door policy in place that allows employees to speak freely about pressures, providing management the opportunity to alleviate such pressures before they become acute?
11. Are anonymous surveys conducted to assess employee morale?
Fraud Prevention Checklist
88
Questions/Discussion
ACFE Report To The Nations (includes Fraud Prevention Checklist)
www.acfe.com
Paul J. Soos - CFE, CIA, [email protected] 812.637.5737