1. Management Override: Common Tactics and How to Audit For Red Flags November 14, 2013 Special Guest Presenter: David Zweighaft CPA/CFF, CFECopyright 2010 White-Collar Crime 101 LLC and AuditNet LLC Copyright 2013 FraudResourceNet LLCAbout Peter Goldmann, MSc., CFE President and Founder of White Collar Crime 101 Publisher of White-Collar Crime Fighter Developer of FraudAware antifraud training courses Monthly columnist, The Fraud Examiner, ACFE Newsletter Member of Editorial Advisory Board, ACFE Author of Fraud in the Markets Explains how fraud fueled the financial crisis. Copyright 2013 FraudResourceNet LLC

2. About Jim Kaplan, MSc, CIA, CFE President and Founder of AuditNet, the global resource for auditors (now available on Apple and Android devices) Auditor, Web Site Guru, Internet for Auditors Pioneer Recipient of the IIAs 2007 Bradford Cadmus Memorial Award. Author of The Auditors Guide to Internet Resources 2nd EditionCopyright 2013 FraudResourceNet LLCAbout David Zweighaft CPA/CFF, CFE Principal at DSZ Forensic Accounting & Consulting Services LLC David has been practicing Litigation Consulting and Forensic Accounting for over 20 years Assisted the US Dept of Justice in identifying and tracing asserts He managed the largest Swiss bank Holocaust Asset investigation in New York for the NYS Banking DepartmentCopyright 2013 FraudResourceNet LLC 3. Webinar Housekeeping This webinar and its material are the property of FraudResourceNet. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. We are recording the webinar and you will be provided access to that recording within 5 business days after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.Please complete the evaluation questionnaire to help us continuously improve our Webinars.You must answer the polling questions to qualify for CPE per NASBA.Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.If GTW stops working you may need to close and restart. You can always dial in and listen and follow along with the handout.Copyright 2013 FraudResourceNet LLCDisclaimers The views expressed by the presenters do not necessarily represent the views, positions, or opinions of FraudResourceNet LLC (FRN) or the presenters respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While FRN makes every effort to ensure information is accurate and complete, FRN makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. FRN specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the FRN website Any mention of commercial products is for information only; it does not imply recommendation or endorsement by FraudResourceNet LLCCopyright 2013 FraudResourceNet LLC5 4. Todays Agenda Introduction Fraud Statistics: The Growing Fraud Threat Authoritative Guidance Management Override: WHY? HOW? WHAT? Ripped from the Headlines Case Study and Demo Your Questions ConclusionCopyright 2013 FraudResourceNet LLCFraud: The Big Picture According to major accounting firms, professional fraud examiners and law enforcement: Fraud jumps significantly during tough economic times Business losses due to fraud increased 20% in last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. (Kroll 2010/2011 Global Fraud Report) Average cost to for each incident of fraud is $160,000 (ACFE) Of Financial Statement fraud: $2 million Approx. 67% of corporate fraud committed by insiders (Kroll) Approx. 50% of employees who commit fraud have been with their employers for over 5 years (ACFE)Copyright 2013 FraudResourceNet LLC 5. Management Override: IntroductionCopyright 2013 FraudResourceNet LLCWhat is Management Override? The term management override is used in ISA 240 on fraud to refer to the ability of management and/or those charged with governance to manipulate accounting records and prepare fraudulent financial statements by overriding these controls, even where the controls might otherwise appear to be operating effectively. From Right First Time with Clarified ISAs Module 4, ICAEW 2010Copyright 2013 FraudResourceNet LLC 6. Copyright 2013 FraudResourceNet LLCAuthoritative Guidance SAS 99 PreventionDeterrenceDetection Tone at the top Value system (Code of Ethics / Conduct) Positive workplace environment Hiring, promoting and retaining appropriate employees Training and awareness programs Confirmation / affirmation of Code of Conduct or Ethics Ombudsman programs Whistleblower programs Incident response / case management processes Investigative procedures Discipline, prosecution and recovery guidelines Active oversight by Board and/or Audit Committee Fraud risk assessment and related measures Code confirmation / affirmation process Managements involvement in financial reporting process and override of control Process to receive, retain and treat complaints of fraud / unethical conduct Internal and external audit effectiveness Internal audit Evaluation of adequacy / effectiveness of internal controls Disciplinary examples Identification and measurement of fraud risk (fraud risk assessment) Processes and procedures to mitigate identified fraud risk Effective internal controls at entity and process level On-going monitoring activities Computer-assisted audit techniques Investigation of: Internal control weaknesses / breaches Non-response to Code confirmation / affirmation Reported issuesCopyright 2013 FraudResourceNet LLC 7. PCAOB Audit Standard #12 69. Consideration of the Risk of Management Override of Controls. The auditor's identification of fraud risks should include the risk of management override of controls. Note: Controls over management override are important to effective internal control over financial reporting for all companies, and may be particularly important at smaller companies because of the increased involvement of senior management in performing controls and in the period-end financial reporting process. For smaller companies, the controls that address the risk of management override might be different from those at a larger company. For example, a smaller company might rely on more detailed oversight by the audit committee that focuses on the risk of override. Copyright 2013 FraudResourceNet LLCPCAOB Audit Standard #12 73. Controls that address fraud risks include (a) specific controls designed to mitigate specific risks of fraud, e.g., controls to address risks of intentional misstatement of specific accounts and (b) controls designed to prevent, deter, and detect fraud, e.g., controls to promote a culture of honesty and ethical behavior. Such controls also include those that address the risk of management override of other controls.Copyright 2013 FraudResourceNet LLC 8. Polling Question 1 The three main elements of guidance for fighting management override according to SAS 99 are (choose all that apply) A. Detection B. Awareness C. Deterrence D. Investigation E. PreventionCopyright 2013 FraudResourceNet LLCCopyright 2013 FraudResourceNet LLC 9. Assessing the Risk of Management Override Management override is very difficult to detect. However, an audit committee can take actions to address the risk of management override of controls: Maintaining an appropriate level of skepticism, Strengthening committee understanding of the business, Brainstorming about fraud risks, Using the code of conduct to assess financial reporting culture, Ensuring the entity cultivates a vigorous whistleblower program, and Developing a broad information and feedback network. Management Override of Internal Control: The Achilles Heel of Fraud Prevention 2005, AICPACopyright 2013 FraudResourceNet LLCAssessing the Risk of Management Override (contd) It is impossible to have controls In place that are sufficient tototally eliminate the Risk of Management Override (RMO) Controls to prevent, or detect and correct, such risks must be in place to minimize the risk, such as controls over the authorization and processing of journals and other adjustments to the financial statements. May include incentives or pressures for individuals to misrepresent the results or financial position of the entity such as: for personal gain (salary, promotion, bonuses, continued employment, etc); for gain on disposal of the entity or its business; to meet expectations or targets; to avoid tax; to obtain finance or to satisfy the requirements of lenders or other third parties. Copyright 2013 FraudResourceNet LLC 10. Common Characteristics of Management Override Top Side Journal Entries Timing, amounts,nature of the accounts and complexity of the entries Collusion Related to the size if the entity Undue Influence over Accounting/FinancialReporting Staff Use of system access and authorization controlsCopyright 2013 FraudResourceNet LLCTesting for Journal Entries When selecting items for testing, the auditor must consider: Whether there are any fraud risk factors that may help the auditor identify specific classes of Journal entries and other adjustments for testing; The effectiveness of controls over the preparation and posting of journal entries and other adjustments. This may reduce the extent of substantive testing necessary, provided that the auditor has tested the operating effectiveness of the controls; the characteristics of fraudulent journal entries or other adjustments. Copyright 2013 FraudResourceNet LLC 11. Polling Question 2 Maintaining a healthy level of skepticism will do little to help the audit committee address the risk of management override. A. True B. FalseCopyright 2013 FraudResourceNet LLCCopyright 2013 FraudResourceNet LLC 12. Testing for Journal Entries Indicators of inappropriate journal entries may include entries: made to unrelated, unusual, or seldom-used accounts or without identifying account numbers; made by individuals who typically do not make journal entries recorded at the end of the period or as post-closing entries that have little or no explanation or description containing round numbers or consistent ending numbers. the nature and complexity of the accounts.Copyright 2013 FraudResourceNet LLCTesting for Journal Entries (contd) Inappropriate journal entries or adjustments may be applied to accounts that: contain transactions that are inherently complex or unusual in nature; contain significant estimates and period-end adjustments; have been prone to misstatements in the past; have not been reconciled on a timely basis or contain unreconciled differences; contain inter-company transactions; and are otherwise associated with an identified risk of material misstatement due to fraud. Copyright 2013 FraudResourceNet LLC 13. Collusion What is COLLUSION? In order for there to be collusion there must be present: (1) a secret agreement, (2) involve two or more persons, (3) the intent to defraud a third party and (4) give a deceptive appearance of the transaction they engage in.Copyright 2013 FraudResourceNet LLCBasis for Undue Influence The 5 basis of power (http://learnaboutfraud.wordpress.com/2011/09/16/5-bases-ofpower-influencing-to-collude/) In relation to the perpetration of a fraud scheme, the alleged fraudster will desire to carry out their fraud scheme (their will), along with convincing another individual to do the alleged fraudsters bidding, without regard towards the other individuals wishes (resistance). So how does a fraud perpetrator accomplish getting another person to participate in their fraud scheme? The answer is . Copyright 2013 FraudResourceNet LLC 14. Basis for Undue Influence (contd) The answer is power, influence and coercion Reward power - The fraudsters ability to provide a benefit to the accomplice. Coercive power - The fraudsters ability to punish the accomplice if there is resistance. Expert power - The fraudsters perceived expertise or knowledge. Legitimate power - The fraudsters legitimate right to exercise authority over the accomplice. Referent power - The extent of the accomplice to identify with the fraudster.Copyright 2013 FraudResourceNet LLCPolling Question 3 Red flags of possible M/O include (choose all that apply) A. Entries made by individuals who typically do not make journal entries B. Entries recorded at the end of the period or as post-closing C. Entries containing round numbers or consistent ending numbers. D. All of the aboveCopyright 2013 FraudResourceNet LLC 15. Management Override ExamplesRipped from the HeadlinesCopyright 2013 FraudResourceNet LLCReal World Examples WHOSCHEMETYPE OF OVERRIDEHOW DISCOVEREDWorldcomImproper Capitalization of ExpensesCollusion, J/Es, InfluenceInternal AuditEnronOff-Balance Sheet Special Purpose EntitiesCollusion, J/Es, InfluenceInternal AuditComputer Associates35-day Accounting PeriodsCollusion, J/EsTip to the NY TimesBarings BankUnrecorded Trading LossesNo Segregation of DutiesRegulatory InvestigationCendantInflated Revenues, Improper Charges Against ReservesCollusion, J/EsPost AcquisitionComptronixCEO, COO, CFO Overstated Income and InventoryCollusion, J/EsConfession to BoardCopyright 2013 FraudResourceNet LLC 16. Real World Examples (contd)WHOJ/EsCollusionInfluenceOtherNo. of ParticipantsWorldcomManyEnronManyComputer AssociatesManyBarings BankCendant5Comptronix3No SoD1Copyright 2013 FraudResourceNet LLCData Analysis - Forensic AuditData Analysis TechniquesCopyright 2013 FraudResourceNet LLC 17. Case Study Background The Out-of-Control Controller Perpetrator failed to reconcile accounts Cost to the Company: $6.8 M over 4 years Fraudster Profile Financial Operations Sr VP; Male Prepared fictitious support for account reconciliations Directed staff to post fraudulent J/Es to the G/L No monitoring or oversight of his workCopyright 2013 FraudResourceNet LLCCase Study: Undue Influence & Segregation of Duties E-mailCopyright 2013 FraudResourceNet LLC 18. Case Study Background The Out-of-Control Controller(contd)Additional Tests Segregation of Duties Matching Journal Entry originators toauthorizers Identifying emails to staff instructing them to postfictitious Journal EntriesCopyright 2013 FraudResourceNet LLCPolling Question 4 Management power is an essential element to override of controls. Such power can come in which of the following forms (choose all that apply) A. Reward power B. Coercive power C. Expert power D. Legitimate power E. All of the aboveCopyright 2013 FraudResourceNet LLC 19. Demo Access and Authorization Controls Testing Demo: Matching Data Fields for Segregation of Duties Testing Learn How to: Match Journal Entry Initiators to Authorizers to Identify Segregation of Duty ViolationsCopyright 2013 FraudResourceNet LLCAdditional Tests Who Entered the Journal Summarize journal entries based on who entered the journal (i.e., the person listed as the one who typed in the journal entry) to determine if he or she is authorized to do so. Identifying who entered the data can become a bit complicated if data entry clerks are inputting the information rather than an authorized manager.What Was Entered Summarize journal entries by account and repetitive extracts (e.g., more than 50 instances) and unique account sequences used in the journal entry based on the first five debit and credit postings. Extract nonstandard or manual journal entries for further analysis rather than extracting an entry from a created system, such as an accounts payable ledger posting. Stratify the size of journal entries based on the journal entry amount, using the debit side of the transaction. Summarize general ledger activity on the amount field based on the absolute value of the debit or credit to identify top occurring amounts.Copyright 2013 FraudResourceNet LLC 20. Additional Tests (contd) When the Journal Was Entered Extract journal entries posted on weekends and holidays. Extract journal entries that were made immediately following the end of the fiscalyear. Summarize journal entry credits and debits processed by day, month, and year. Where the Journal Was Entered Extract journal entries made to suspense accounts and summarize them based on the person entering the journal entry and their corresponding account numbers. Extract journal entries to general ledger accounts that are problematic or complex based on past issues at the company or the industry in general (e.g., accounting journal errors subsequently corrected by accounting staff or auditors) by reviewing previous audits or by asking management to determine past issues. Extract debits in revenue and summarize them by their corresponding general ledger accounts.Copyright 2013 FraudResourceNet LLCAdditional Tests (contd) Why the Journal Was Entered Extract all general ledger transaction amounts, such as debits or credits, that exceed the average amounts for the general ledger account by a specified percentage five times the average is the default. Extract journal entries that equate to round multiples of 10,000, 100,000, and 1,000,000. Extract journal entries using key texts, such as "plug" and "net-to-zero," anywhere in the record. Extract JEs that are made just below set accounting department approval limits, especially multiple entries of amounts below such limits. Extract journal entries illustrating reclassification of expenses either by credit to an expense account and no corresponding debit to another expense account, or debit to the revenue account and no corresponding credit to another revenue account. Extract journal entries with other major classification changes in the area of assets, liabilities, net worth, and unbalanced fund transfers. Extract other major classification changes in the area of assets, liabilities, net worth, and unbalanced fund transfers.Copyright 2013 FraudResourceNet LLC 21. Polling Question 5 Among the most important preventive measures with regard to M/O is: A. Board oversight B. Segregation of duties C. Delegation of authority D. Job rotationCopyright 2013 FraudResourceNet LLCQuestions? Any Questions? Dont be Shy!Copyright 2013 FraudResourceNet LLC 22. Thank You! Website: http://www.fraudresourcenet.com Jim Kaplan FraudResourceNet 800-385-1625 jkaplan@fraudresourcenet.com Peter Goldmann FraudResourceNet 800-440-2261 pgoldmann@fraudresourcenet.com David Zweighaft dzweighaft@dszforensic.com 212-699-0901 Copyright 2013 FraudResourceNet LLCComing Up This Month Using Data Analysis to Detect and Prevent P-Card Fraud, Nov. 20Copyright 2013 FraudResourceNet LLC