q1 2016 fraud detection, prevention & risk management
TRANSCRIPT
Q1-2016 PUBLIC SECTOR ADVISORY BRIEFING
FRAUD PREVENTION, DETECTION AND RISK MANAGEMENT
March 2016
Ron SteinkampPartner, Advisory ServicesBrown Smith Wallace [email protected] City Place Drive, Suite 900St. Louis, Missouri 63141
2
• 2014 ACFE Global Fraud Study
• Fraud Categories and Schemes
• Red Flags of Fraud
• Conducting a Fraud Risk Assessment
• Anti-Fraud Controls
Agenda
© 2016 All Rights Reserved Brown Smith Wallace LLP
3
2014 ACFE Global Fraud Study
© 2016 All Rights Reserved Brown Smith Wallace LLP
4
The use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets.
Violation of trust
Definition
© 2016 All Rights Reserved Brown Smith Wallace LLP
5
• Typical organization loses 5% of annual revenue to fraud – applied to 2013 Gross World Product translates to potential fraud loss of more than $3.7 trillion annually
• Median loss in the study was $145,000 with more than 22% of the cases involving losses over $1 million
• Fraud lasted a median of 18 months
• Asset misappropriation schemes (fraudulent disbursements, theft of cash receipts, other asset misappropriations) were the most common form of fraud, representing 85% of the cases and least costly at a median loss of $130,000
• Financial statement fraud schemes were the least common form of fraud, representing 9% of the cases and most costly at a median loss at $1 million
Summary of Findings
© 2016 All Rights Reserved Brown Smith Wallace LLP
6
• Corruption schemes fell in the middle, comprising just over 37% of cases and causing a median loss of $200,000
• Occupational frauds are most likely to be detected by tips (40%) followed by management review (15%) and Internal Audit (14%)
• Small organizations are disproportionately victimized by occupational fraud
• Public Sector was one of the most commonly victimized industries
• Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes
• High-level perpetrators cause the greatest damage to their organizations
Summary of Findings
© 2016 All Rights Reserved Brown Smith Wallace LLP
7
• 77% of frauds were committed by individuals in one of six departments:• Accounting/Finance• Operations• Sales• Executive/upper management• Customer service• Purchasing
• More than 85% of fraudsters had never been previously charged or convicted for a fraud-related offense
• Fraud perpetrators often display warning signs – most common behavioral red flag reported in the survey were perpetrators living beyond their means (36%) and experiencing financial difficulty (27%)
• Nearly half of victim organizations do not recover any losses that they suffer due to fraud
Summary of Findings
© 2016 All Rights Reserved Brown Smith Wallace LLP
8
How Are Frauds Detected?
© 2016 All Rights Reserved Brown Smith Wallace LLP
9
How Are Frauds Detected?
© 2016 All Rights Reserved Brown Smith Wallace LLP
10
Fraud Categories & Schemes
© 2016 All Rights Reserved Brown Smith Wallace LLP
11 Client Logo
ACFE Fraud Tree
© 2016 All Rights Reserved Brown Smith Wallace LLP
12
Employee steals or misuses an organization’s resources.
• Most common category of occupational fraud – over 85% of cases reported
• Least costly – median loss of $130,000
• Median duration – 12 to 26 months
Asset Misappropriation
© 2016 All Rights Reserved Brown Smith Wallace LLP
13
• Check Tampering - Steal employer funds by intercepting, forging or altering a check drawn on employer bank account.
• Billing - Cause employer to issue payment for fictitious goods or services, inflated invoices or invoices for personal purchases.
• Non-Cash - Employee steals or misuses any non-cash assets of the organization.
• Payroll - Employee causes employer to issue a payment by making false claims for compensation.
• Skimming - Employee steals an incoming payment from an organization before it is recorded on the organization’s books and records.
Asset Misappropriation Schemes
© 2016 All Rights Reserved Brown Smith Wallace LLP
14
• Expense Reimbursements - Employee makes a claim for reimbursement of fictitious or inflated business expenses.
• Cash Larceny - Employee steals cash receipts from an organization after it has been recorded on the organization’s books and records.
• Cash on Hand - Employee steals cash kept on hand at organization.
• Cash Register Disbursements - Employee makes false entries on a cash register to conceal the fraudulent removal of cash.
Asset Misappropriation Schemes
© 2016 All Rights Reserved Brown Smith Wallace LLP
15
Employee’s use of influence in business transactions in a way that violates duty to the employer for the purpose of obtaining benefit for self or someone else.
• 37% of cases reported
• Median loss of $200,000
• Median duration – 18 months
• Most common area – Purchasing
• Employees acting alone or in collusion with vendors/contractors
Corruption
© 2016 All Rights Reserved Brown Smith Wallace LLP
16
• Kickbacks Bribery - Improper, undisclosed payments made to obtain favorable treatment. Diverting Business - Employee receives kickback for directing business to a
vendor. Overbilling - Vendor submits false invoices that either overstate the cost of
goods/services or reflect fictitious sales. Employee approves and receives kickback.
Other - External party seeks fraudulent assistance from employees of victim organization.
• Economic Extortion - Employee, through the wrongful use of actual or threatened force or fear, demands money or other form of consideration to make a particular business decision.
Corruption Schemes
© 2016 All Rights Reserved Brown Smith Wallace LLP
17
• Illegal Gratuities - Giving or receiving something of value to reward a business decision.
• Conflicts of Interest - Employee/agent has an undisclosed personal or economic interest in a matter that influences decisions and undermines their responsibility to their organization.
Corruption Schemes
© 2016 All Rights Reserved Brown Smith Wallace LLP
18
Intentional misstatement or omission of material information in the organization’s financial reports.
• 9% of cases reported
• Median loss of $1,000,000
• Median duration – 24 months
• Occurs at higher levels/positions in the organization
Financial Statement Fraud
© 2016 All Rights Reserved Brown Smith Wallace LLP
19
• Fictitious Revenues - Recording of sales of goods/services that did not occur.
• Timing Differences - Recording of revenues/expenses in improper periods.
• Improper Asset Valuations - Manipulate the valuation of a company’s assets to strengthen the balance sheet and financial ratios.
• Concealed Liabilities and Expenses - Understate liabilities/expenses to make a company appear more profitable.
• Improper Disclosures - Failure to disclose or properly disclose all significant (material) information appropriately in the financial statements.
Financial Statement Fraud Schemes
© 2016 All Rights Reserved Brown Smith Wallace LLP
20
Red Flags of Fraud
© 2016 All Rights Reserved Brown Smith Wallace LLP
21
Fraud Triangle
© 2016 All Rights Reserved Brown Smith Wallace LLP
22
Red FlagsPressure Opportunity RationalizationLiving beyond their means
Inadequate controls Not compensated fairly
High personal debt Too “cozy” with suppliers No recent raisesExcessive investment speculation
Vacation not taken Everyone else does it
Excessive gambling Weak management Intend to pay backSubstance abuse Ineffective or no internal
auditNeeded the money
Extra-marital affairs No job rotation Felt cheated/wanted revenge
Job frustration Always in crisis mode Bribe/kickback too tempting
Resentment of superiors Large amounts of cash on hand or processed
© 2016 All Rights Reserved Brown Smith Wallace LLP
23
Conducting A Fraud Risk Assessment
© 2016 All Rights Reserved Brown Smith Wallace LLP
• Conduct an annual fraud risk assessment.– Assists management in identifying where and how fraud may
occur and who may be in a position to commit fraud.
– Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.
– General steps:• Identify areas and processes to assess• Identify potential fraud schemes in each area/process• Assess likelihood and significance of each scheme• Map existing anti-fraud controls to potential fraud schemes• Test operating effectiveness of antifraud controls• Identify any control gaps and/or deficiencies = Residual risks• Document and report on the fraud risk assessment
Assess Fraud Risks
© 2016 All Rights Reserved Brown Smith Wallace LLP
• Mitigate Fraud Risks– Make changes to activities and/or processes = transfer or eliminate
the risks.– Improve anti-fraud controls.
• Monitor Fraud Risks– Develop data analytics for management to use to monitor fraud risks.– Utilize Internal Audit to conduct audits of risk areas.
Assess Fraud Risks
© 2016 All Rights Reserved Brown Smith Wallace LLP
Example Summary
© 2016 All Rights Reserved Brown Smith Wallace LLP
OCCUPATIONAL FRAUD RISK Potential Occupational Fraud Schemes DEPT A DEPT B DEPT C DEPT E DEPT F DEPT G DEPT H DEPT IAsset Misappropriation - Theft of Cash on Hand. High High Low Low Low High Moderate Low
Asset Misappropriation - Skimming (Receipts stolen before recording in books - sales, receivables, refunds/credits).
High High Low Low Low High Low Low
Asset Misappropriation - Cash Larceny (Receipts stolen after recording in books). High High Low Low Low High Low Low
Asset Misappropriation - Check Tampering (Intercept, forge or alter a check drawn on the organization's bank account.).
Low Low Low Low Low Low Low Low
Asset Misappropriation - Cash Register Disbursements (False entries on cash register to conceal the fraudulent removal of cash).
High High Low Low Low High Low Low
Asset Misappropriation - Purchasing/Billing (Invoices for fictitious goods or services, inflated invoices or invoices for personal purchases).
Moderate Moderate Low Moderate Moderate Moderate Low Low
Asset Misappropriation - Payroll (False claims for compensation). Moderate Moderate Low Moderate Moderate Moderate Low Low
Asset Misappropriation - Expense Reimbursements (Fictitious or inflated business expenses).
Low Low Low Low Moderate Moderate Low Low
Asset Misappropriation - Inventory (Theft or misuse of organization inventory) High High Low Low Moderate Low Low Low
Asset Misappropriation - Fixed Assets/Supplies/ etc. (Theft or misuse of organization assets)
High Moderate Low Moderate High Low Moderate Low
Corruption - Conflict of Interest Low Low Low Low Low Moderate Low LowCorruption - Bribery Low Low Low Low Low Moderate Low LowFinancial Statement Fraud - Asset/Revenue Overstatement Low Low Low Low Low Moderate Low Low
Financial Statement Fraud - Asset/Revenue Understatement. Low Low Low Low Low Moderate Low Low
27
Anti-Fraud Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
28
• Utilize electronic payments• Properly secure unused checks and equipment• Utilize security features on checks• Prohibit hand written checks• Require two signatures on checks over a certain amount• Segregate check preparation from signing• Immediately mail checks after signing• Establish positive pay controls with the bank• Complete independent bank reconciliations timely• Review checks issued to employees for irregularities• Segregate vendor approval from disbursement responsibilities• Perform periodic vendor master file maintenance and review for
irregularities
Check Tampering Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
29
• Segregate purchasing from accounting and receiving departments• Require management approval of purchase requisitions/orders• Maintain a master vendor file• Require competitive bids• 3 way match by accounting of vendor invoice, receiving report and purchase
order• Periodically review master vendor file for unusual vendors and addresses• Implement automated controls to check for duplicate invoices and purchase
orders• Verify vendors with post office boxes• Review voucher payments for proper documentation
Billing Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
30
• Asset policy and procedure manual• Tag assets• Maintain asset, supply and inventory records• Conduct independent periodic inventories of assets, supplies and
inventories• Reconcile the physical inventory to asset, supply and inventory records• Properly secure and safeguard assets, supplies and inventories• Implement an asset, supply and inventory removal policy• Store high value items in secure and continuously monitored areas• Secure organization, employee and customer data• Maintain secure information systems• Protect intellectual property, trade secrets, etc.
Non-Cash Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
31
• Maintain personnel records independent of payroll and timekeeping• Utilize electronic payroll deposit• Periodically review employee payroll list• Review paid time off for compliance with policy• Periodically compare payroll with personnel records• Issue pre-numbered payroll checks in sequential order• Payroll bank account reconciled by employee not involved in preparing,
signing or distributing checks• Restrict access to payroll check stock and signature stamp• Periodically review payroll withholdings• Periodically review automatic payroll deposits for duplicates• Require salary changes require more than one level of approval• Require supervisor authorization of overtime• Require supervisors review and approve time
Payroll Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
32
• Periodic analytical review of revenue• Periodic review of accounts receivable for write-offs• Periodic review of cash accounts for irregular entries• Segregate receipt of cash and checks from deposit and recording functions• Restrict cashier from accounts receivable and customer records• Immediately restrictively endorse all checks when received• Utilize a lockbox service for cash receipts• Maintain a safe with restricted access• Utilize cameras in cashier areas• Deposit cash and checks daily• Issue receipts for all transactions• Bond employees who handle cash
Skimming Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
33
• Expense reimbursement policy• Require detailed expense reports• Supervisory review and approval of expense reimbursement claims• Place limits on expenses• Require original and detailed receipts• Detailed review of expense reimbursement claims• Credit/Procurement card policy with limits• Safeguards credit/procurement cards• Receive and review monthly automated statements from credit/procurement
card companies• Require and review monthly detailed credit/procurement card reports from
employees• Reconcile credit card statement to employee report
Expense Reimbursement Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
34
• Independently reconcile cash register tape totals daily to the cash drawer• Limit and monitor access to cash draw and safe• Properly supervise cashiers• Utilize cameras in cashier areas• Segregate cash receipts, bank deposit, reconciliation, posting/accounting
and cash disbursement duties• Periodic mandatory job rotation for employees who handle cash and
accounting duties• Mandatory vacations• Surprise cash counts• Utilize point of sale system
Cash Larceny Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
35
• Limit and monitor access:– Safe– Cash handling areas– Cash drawer– Petty cash
• Properly supervise cashiers• Utilize cameras in cash handling areas• Periodic mandatory job rotation for employees who handle cash and
accounting duties• Mandatory vacations• Surprise cash counts
Cash On Hand Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
36
• Management approval for refunds, voids, discounts• Review refunds, voids and discounts on a periodic basis• Require receipts to customers – post sign• Record disbursements out of the register and independently reconcile• Investigate missing or altered register tapes• Daily reconciliation of cash register drawer by independent person• Investigate over and short incidents
Cash Register Disbursement Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
37
• Conflict of interest policy• Policy addressing employee receipt of gifts, discounts, and services offered
by suppliers and customers• Established procurement/bidding process• Pre-Bid solicitation documents reviewed for restrictions on competition• Bid solicitation packages numbered and controlled• All bids kept confidential• Bidder qualifications verified• Contracts awarded based on predetermined criteria and documentation of
criteria assessment and award decision maintained• Periodic review of purchases for:
– Unreasonable costs– Excessive purchases– Favored vendors
Anti-Corruption Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
38
• Proper segregation of duties in purchasing and accounts payable as well as sales and accounts receivable
• Purchasing account assignments rotated• Periodic comparison of vendor information with employee information• Vendors who employ former employees under increased scrutiny• Reporting procedure for personnel and other vendors to report concerns
about vendors receiving favored treatment• All employees required to complete annual disclosure document that
includes potential conflicts resulting from business ownership and investment
• Audit clause in each contract allowing Internal Audit access to audit contract records and documentation related to contract compliance and performance
• Periodic contract audits conducted by Internal Audit
Anti-Corruption Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
39
• Reduce situational pressures
• Reduce the opportunity to commit fraud
• Reduce the rationalization of fraud = strengthen employee personal integrity
• Financial Statement Analysis
Financial Statement Controls
© 2016 All Rights Reserved Brown Smith Wallace LLP
40
Questions
© 2016 All Rights Reserved Brown Smith Wallace LLP