fraud-the risk has increased

FRAUD-THE RISK HAS INCREASED

Larry Finney, GF&H October, 2009 [email protected]

INTRODUCTION

General increase in fraud awareness (risk of fraud) in past Sarbanes-Oxley Creation of PCAOB Various Statements on Auditing Standards

Risk of fraud More emphasis on internal controls

INTRODUCTION

Now actual fraud is on the rise But it is not just fraud-it is questionable

ethics, manipulation, expediency, bending the rules-it is all on the rise

Not just the economy-it looks like values and morals are slowly eroding in our society

CASE STUDIES FROM 2008/2009

Small local government Treasurer Worked at gov’t for 34 years Grown up in community Three changes in bosses over 18 month

period Responsible for some deposits and

receipting, bank reconciliations, payroll, accounts payable, and help with other functions in small finance office


Small local government Started paying herself

Vacation and sick pay, but not deducting hours Extra payroll payment on off payroll day Infrequent at first , but then more often

Charged to different accounts to stay under budget

Explanation Family members having financial difficulties Figured could pay it back


Larger local government Bookkeeper Responsible for some depositing, accounts

payable and some reporting Made credit card purchases for government

at request of others, including boss Reconciled credit card purchases monthly

and prepared check Would give checks to boss or boss’ designee for

signature Would not include statements with checks


Larger local government Boss signed checks and gave back to

bookkeeper Bookkeeper started making personal

purchases with credit card When got short on cash, would not pay full

balance No one aware inside government Multiple years


Larger local government Explanation

????? This one should have been caught-but not

proper review and monitoring-too busy Seemed okay with bending the rules-it was

just a few personal things here and there-not a big deal

WHY IS FRAUD RISK HIGHER NOW?

THE FRAUD TRIANGLE

Opportunity

MotiveRationalization

WHY IS FRAUD RISK HIGHER NOW?

It’s the economy stupid! Family members have lost jobs or are

working less hours With less people at work, internal controls

tend to fail more Less monitoring and review (“I don’t have

time to get it all done”) Even the most trustworthy of people can

fall to temptation, especially in certain circumstances

RISK OF FRAUD HIGHER NOW

This is why two things are critical in your organization:

Continuous fraud risk management process Strong organizational culture regarding ethics

and values

ETHICS

Ability to distinguish right from wrong AND the commitment to do what is right

Following the spirit and intent of rules and regulations as well as the letter

As opposed to: Expediency Manipulation Bending rules where there is no flexibility Rationalization

ETHICS

Much of what happens ethically within an organization depends on the culture and environment

The culture and environment is set by the “tone at the top” of the organization

ETHICS-2007 National Survey

Strength of organization-wide ethics culture has biggest impact on misconduct 56% of employees observe misconduct Top types of misconduct

Conflicts of interest Abusive or intimidating behavior Lying to employees Fraudulent activity is further down the list

Increases dramatically as work environment increases in negativity


Strength of formal ethics program has greatest impact on encouraging employee reporting 42% of employees don’t report observed

misconduct Primarily due to thoughts of futility fear of

retaliation 36% feared retaliation and didn’t report, but

only 12% who reported experienced retaliation One-third took matters into own hands 40% would have had to report to person

involved


25% of organizations had well-implemented and comprehensive ethics and compliance program in place Ethical leadership, supervisor

reinforcement, peer commitment, embedded ethical values

29% of employees with these organizations failed to report versus 61% of employees without comprehensive programs

25% believe they are rewarded for ethical behavior and feel prepared to handle situations that could lead to misconduct


But only 9% have very strong ethical cultures!

Another 43% of fairly strong ethical cultures

24% observed misconduct on very strong cultures versus 98% in weak cultures

FRAUD RISK MANAGEMENT

Overall goal:

More Self Governance By Organizations

(Trust but be skeptical)

MORE SELF GOVERNANCE…

Detection of fraud in government Internal controls Accident Tips Internal audit External audit Police

Source: ACFE 2008 report to the nation on occupational fraud and abuse


ASSESS

DESIGN

IMPLEMENT

EVALUATE

PREVENT

DETECTRESPOND

From KPMG


Prevention Leadership and Governance

Board/Audit committee oversight Senior management oversight Internal audit function Fraud and misconduct risk assessment

What could go wrong? Think criminally-put yourself in their shoes-if I wanted

to commit fraud what could I do? Then decide what to do about those high risks


Prevention Code of conduct

Should be based on organization’s core values Should be backed up by good environment

Hiring, retention and promotion of employees and third-parties

Communication and training-continually Internal controls

Limited access to data/information Segregation of duties Monitoring and review Surprise people-be unpredictable


Detection Open culture and environment Processes for reporting misconduct and

seeking counsel Auditing and monitoring

Proactive data analysis Surprise audits


Response Investigations Enforcement and accountability Corrective action Consistency


PREVENTION DETECTION RESPONSE

Board/Audit Committee oversightExecutive and other management functions

Internal audit, compliance and monitoring functionsRisk assessment Process for reporting and counsel Investigation processCode of conduct Auditing and monitoring Enforcement and accountabilityHR/Procurement due diligence Data Analysis Corrective action processCommunication and trainingLimited access to data

SO WHAT?

The best organizations are those with very strong ethics cultures and with a strong ethics and compliance program, including a continuous fraud risk management program

SO WHAT?

So what do these organizations look like? Strong support and communication from

top management and supervisors regarding time, effort and energy into ethics and fraud risk management

Top management and supervisors keep promises and follows through on commitments (only commit to what you know you can do)

Policies and procedures show commitment to ethics and compliance

SO WHAT?

So what do these organizations look like? Decisions/actions from top management and

supervisors reinforce policies and procedures Success through questionable means is not

rewarded Long-term commitment is seen through time

and perseverance Communicate policies and procedures often Each person (especially managers and

supervisors) must pay attention to the people around them and how they are doing

SO WHAT?

So what do these organizations look like? Employees:

Willing to seek advice about ethical issues Are trained to handle ethical situations as they

arise Are rewarded for ethical behavior

Understand that trust is not enough Employees must believe reported situations will

be handled honestly and properly and that retaliation will not occur

Everything written and verbally stated is lived out

SO WHAT?

Organizations train their people to consider three questions when faced with an ethical dilemma:

1. Is it legal?2. Is it balanced and consistent?3. Is it right?

Be careful-rationalization can eliminate logic very quickly

SO WHAT?

NOTE: you will find out a lot about your organizational culture and your people when you get involved in ethics policy and risk management

“Leadership is a potent combination of strategy and character. But if you must be without one, be without strategy.”

General Norman Schwarzkopf

FRAUD STATISTICS FOR GOVERNMENT(ACFE Biannual report-2008)

Estimated that organizations lose 7% of annual revenues to fraud

Average loss was $100,000 based on 106 cases Corruption, billing, non-cash, skimming, cash on hand

and expense reimbursement most common Average fraud lasts 24 months before detected If organization had:

external audit of internal controls median loss was 69% less than those who did not,

independent audit committee 37% less, management review of internal controls 33% less, management certification of financial statements 27% less implemented a hot line 17% less


The most effective controls in reducing the loss due to fraud: Surprise audits-reduced loss by 66% Mandatory job rotation/vacation-61% Fraud hotline-60% Internal audit-53% External audit of internal controls-48%

Most common modifications after fraud discovered Management review of and changes to internal controls Surprise audits Fraud training for management Job rotation/mandatory vacation Anti-fraud policy


Over 80% of perpetrators had no criminal history and no punishment or terminations in work history

Most common behavioral red flags present during fraud schemes: Living beyond means Financial difficulties Wheeler-dealer attitude Control issues-unwilling to share duties Divorce/family problems Unusually close association with vendor/customer Irritability, defensiveness Addiction problems

fraud-the risk has increased

Documents

fraud awareness risk

fraud risk higher

backcase studies

checkscase studies

small local governmentstarted

societycase studies

larger local governmentboss

wide ethics culture