Fraud Prevention and Internal Controls
The Association of Government Accountants: The business risk of fraud March 26, 2015 Agenda • Types of fraud • Financial impact / Fraud statistics • Why fraud occurs • Fraud risk governance • Fraud risk assessment • Fraud prevention • Fraud detection How do you Define Fraud? 3 Prevalence of Misconduct Ethics Resource Center’s 2011 National Business Ethics Survey®: Workplace Ethics in Transition 4 Occupational Fraud Source: 2010 Report to the Nations on Occupational Fraud and Abuse ©2010 by the Association of Certified Fraud Examiners, Inc. 5 Types of Fraud Fraud Tree @2014 Association of Certified Fraud Examiners. All Rights Reserved. 7 Frequency of Fraud Categories 8 Type of Victim Organization 9 Type of Victim Organization 10 Industry of Victim Organization 11 Industry of Victim Organization 12 Financial Impact / Fraud Statistics Dollar Losses 14 Schemes by Industry 15 Median Loss by Type of Scheme 16 Frequency & Median Loss 17 Months to Detection 18 Method of Detection 19 Scheme Type by Size of Organization 20 Criminal History of Fraudster 86.6% Never Charged or Convicted 21 Why Fraud Occurs The Fraud Triangle The Fraud Triangle 23 It Starts with a Need The Fraud The Fraud Triangle Triangle 24 Need Meets Opportunity The Fraud The Fraud Triangle Triangle Perceived Opportunity 25 What was the “Opportunity” 26 Ends with Rationalization Ends with Rationalization The Fraud The Fraud Triangle Triangle Perceived Opportunity 27 What Rationalizations have you Heard? • It was a loan • My boss does it • It’s accepted in the industry • I deserve it • They left me no other choice • No one will notice • We’d all be out of a job if I didn’t 28 Beyond the Fraud Triangle Source: “Beyond the Triangle: Enhancing Deterrence of Economic Crimes,” Fraud Magazine, Sept/Oct 2011 29 Profile of a Fraudster 30 Profile of a Fraudster (cont’d) 31 Where is Fraud committed? 32 HR Related Red Flags 11.4% Poor Performance Evaluations 7.4 % Fear of Job Loss 33 Behavioral Red Flags 34 Fraud Risk Governance Principle #1 “As part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding managing fraud risk.” Source: “Managing the Business Risk of Fraud: A Practical Guide” 36 Who owns fraud? Source: “Who owns Fraud? Uniting Everyone to Effectively Manage the Anti-Fraud Program,” Fraud Magazine, Vol. 26, No. 1, Jan/Feb 2011 37 Who “Owns” Fraud? (cont’d) •In a breakdown of the survey results by group, only 2 percent of board directors believed it is their job to detect fraud, while nearly half said senior management holds primary responsibility. •Nearly 30 percent of directors pointed to internal audit, and 23 percent pointed to external audit. •Among external auditors in the poll only 4 percent believed they are primarily responsible for finding fraud; 32 percent said the primary duty falls to internal auditors, and 56 percent said it belongs to senior Closing the Expectation Gap in Deterring and Detecting management Financial Statement Fraud: A Roundtable Summary https://na.theiia.org/standards-guidance/Public%20Documents/Anti-Fraud%20Collaboration%20Report.pdf 38 Who is Responsible? • Board of directors • Audit committee • Management • Staff • Internal Audit 39 IA’s Roles and Responsibilities • Provide objective assurance that fraud controls are sufficient for identified fraud risks • Fraud controls are functioning effectively • Review risks identified by management – especially with regard to management override risks • Attention to evaluating design and operation of internal controls regarding fraud risk 40 IA’s Roles and Responsibilities • Consider identified fraud risks when developing annual audit plan • Interview and communicate regarding fraud risks • Investigate potential frauds in accordance with well-defined response plan 41 Key Components • Commitment • Fraud awareness • Affirmation process • Conflict disclosure • Fraud risk assessment • Reporting procedures • Whistleblower protections • Investigation process • Corrective action • Process evaluations and improvement • Continuous monitoring 42 Fraud Risk Assessment Principle #2 “Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate.” Source: “Managing the Business Risk of Fraud: A Practical Guide” 44 Three Key Elements • Identify inherent fraud risk • Assess likelihood and significance of inherent fraud risk • Respond to reasonably likely and significant inherent and residual fraud risks The Risk Assessment Team • Accounting and finance • Business unit and operations • Risk management • Legal and compliance • Internal audit • Management Brainstorming Fraud Risks • Incentives, pressures, and opportunities • Risk of management override of controls • Population of fraud risks • Fraudulent financial reporting • Misappropriation of assets • Corruption • Information technology • Regulatory and legal misconduct • Reputation risk Assessment • Likelihood: remote, reasonably possible, probable • Significance: generally adequate, inconsequential, more than inconsequently, material • People/Department Role of Corporate Culture Variable High Fraud Potential Low Fraud Potential Management style Autocratic Participative Management orientation Low trust, power driven High trust, achievement driven Distribution of authority Centralized Decentralized, delegated Planning Centralized, short range Decentralized, long range Performance Quantitative, short term Quantitative and qualitative, long term Business focus Profit Customer Management strategy Crisis Objective Reporting Routine Exception Policies and rules Rigid, inflexible, strongly enforced Reasonable, enforced fairly Source: “A Guide to Forensic Accounting Investigation” Role of Corporate Culture Variable High Fraud Potential Low Fraud Potential Management concern Capital assets Human, then capital and technology Reward system Punitive, penurious, political, monetary Generous, reinforcing, fair, recognition, promotion, responsibility, monetary Performance feedback Critical, negative Positive Interaction Avoided, repressed Confronted, addressed openly Ethics Ambivalent Clearly defined Internal relationships Highly competitive, hostile Friendly, competitive, supportive Values Economic, political, selfcentered Social, spiritual, groupcentered Source: “A Guide to Forensic Accounting Investigation” Role of Corporate Culture Variable High Fraud Potential Low Fraud Potential Success formula Works harder Works smarter Human resources Burnout, high turnover, grievances Not enough promotional opportunities for all the talent, low turnover, job satisfaction Company loyalty Low High Major financial concern Cash flow shortage Opportunities for new investments Growth pattern Sporadic Consistent Relationship with competitors Hostile Professional Innovativeness Copycat, reactive Leader, proactive Source: “A Guide to Forensic Accounting Investigation” Role of Corporate Culture Variable High Fraud Potential Low Fraud Potential CEO characteristics Self-interested, feared, profit seeker, partial Respected, thoughtful, composed, fair Management structure Bureaucratic, regimented, inflexible, imposed, hierarchical, a rule for everything Collegial, systematic, open to change, selfcontrolled, flat, some discretion afforded Internal communication Formal, written, stiff, ambiguous Informal, oral, clear, friendly, candid Peer relationships Hostile, aggressive, rivalrous Cooperative, friendly, trusting Source: “A Guide to Forensic Accounting Investigation” Strength of Corporate Culture Ethics Resource Center’s 2014 National Business Ethics Survey®: Workplace Ethics in Transition Fraud Prevention Principle #3 “Prevention techniques to avoid potentially key fraud risk events should be established, where feasible, to mitigate possible impacts on the organization.” Source: “Managing the Business Risk of Fraud: A Practical Guide” 55 Internal Controls: Managing Risk IDENTIFY RISKS MONITOR AND LEARN CONTROL RISKS ASSESS RISKS Organization Objectives PRIORITIZE RISKS 56 Internal Control Maturity Level Level 1: Unreliable Level 2: Informal Level 3: Standardized Level 4: Monitored Level 5: Optimized 57 Red Flags – Some Indicators • High degree of trust • Disorganized Operations • Unrecorded Transactions or Missing Records • Fund Transfers Among Company Bank Accounts • Bank Accounts not Reconciled Timely • Out of Balance Subsidiary Ledgers • Unusual Journal Entries (Round #’s, Post-Close) • Job Responsibility “Creep” • Handwritten Checks 58 Implement Effective Controls 59 Control Weaknesses That Contributed to Fraud 60 Controls: Human Resources • Background checks • Anti-fraud training • Evaluating compensation and advancement programs • Mandatory vacations • Conflicts of interests • Hotlines • Conducting exit interviews 61 Controls: Cash Receipts • Proper segregation of duties is key: • Receiving and recording payments • Use of lockbox • Daily deposits • “For deposit only” accounts • Bonded employees • Compare deposits to cash receipts journal 62 Controls: Cash Disbursements • Check writing and signing considerations • Check requisitions and other support • Vendor master files 63 Controls: The Bank Statement • Reconciliation should be independent from cash receipts and cash disbursements functions • Review of bank statement • Review of cancelled checks • Review of reconciliation 64 Controls: Other Considerations • Analytical review • Reporting requirements • Document policies and procedures • Officer and Board responsibilities 65 Common Threads • Weak internal controls • Too much trust • Poor management oversight • Lack of financial audit • No background checks • Lack of independent checks on bank credit card statements • Failure to use a bank’s fraud prevention tools 66 Fraud Detection Principle #4 “Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized.” Source: “Managing the Business Risk of Fraud: A Practical Guide” 68 How is fraud discovered? 69 Anti-Fraud Controls by Region 70 Detection of Fraud Schemes 71 Source of Tips 72 Detection of Fraud Schemes – Impact of Hotlines 73 Questions? Resources Resources Managing the Business Risk of Fraud: A Practical Guide http://www.aicpa.org/InterestAreas/ForensicAndValuation/Resources/FraudPreventionDetectio nResponse/DownloadableDocuments/managing_business_risk_fraud.pdf Report to the Nations on Occupational Fraud and Abuse: 2014 Global Fraud Study http://www.acfe.com/rttn.aspx Who Owns Fraud? Uniting Everyone to Effectively Manage the AntiFraud Program http://www.fraud-magazine.com/article.aspx?id=4294968975 Resources 2011 National Business Ethics Survey http://www.ethics.org/nbes/files/FinalNBES-web.pdf ACFE Fraud Prevention Check-up http://www.acfe.com/fraud-prevention-checkup.aspx Fraud Prevention Checklist Fraud Prevention Checklist The most cost-effective way to limit fraud losses is to prevent fraud from occurring. This checklist is designed to help organizations test the effectiveness of their fraud prevention measures. @2014 Association of Certified Fraud Examiners. All Rights Reserved. 79 Fraud Prevention Checklist (continued) Is ongoing anti-fraud training provided to all employees of the organization? ❑ Do employees understand what constitutes fraud? ❑ Have the costs of fraud to the organization and everyone in it — including lost revenue, adverse publicity, job loss and decreased morale and productivity — been made clear to employees? ❑ Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that they can speak freely? ❑ Has a policy of zero-tolerance for fraud been communicated to employees through words and actions? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 80 Fraud Prevention Checklist (continued) Is an effective fraud reporting mechanism in place? ❑ Have employees been taught how to communicate concerns about known or potential wrongdoing? ❑ Is there an anonymous reporting channel available to employees, such as a third-party hotline? ❑ Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear of reprisal? ❑ Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated? ❑ Do reporting policies and mechanisms extend to vendors, customers and other outside parties? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 81 Fraud Prevention Checklist (continued) To increase employees’ perception of detection, are the following proactive measures taken and publicized to employees? ❑ Is possible fraudulent conduct aggressively sought out, rather than dealt with passively? ❑ Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment questioning by auditors? ❑ Are surprise fraud audits performed in addition to regularly scheduled audits? ❑ Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known throughout the organization? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 82 Fraud Prevention Checklist (continued) Is the management climate/tone at the top one of honesty and integrity? ❑ Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity? ❑ Are performance goals realistic? ❑ Have fraud prevention goals been incorporated into the performance measures against which managers are evaluated and which are used to determine performance-related compensation? ❑ Has the organization established, implemented and tested a process for oversight of fraud risks by the board of directors or others charged with governance (e.g., the audit committee)? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 83 Fraud Prevention Checklist (continued) Are fraud risk assessments performed to proactively identify and mitigate the organization’s vulnerabilities to internal and external fraud? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 84 Fraud Prevention Checklist (continued) Are strong anti-fraud controls in place and operating effectively, including the following? ❑ Proper separation of duties ❑ Use of authorizations ❑ Physical safeguards ❑ Job rotations ❑ Mandatory vacations @2014 Association of Certified Fraud Examiners. All Rights Reserved. 85 Fraud Prevention Checklist (continued) Does the internal audit department, if one exists, have adequate resources and authority to operate effectively and without undue influence from senior management? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 86 Fraud Prevention Checklist (continued) Does the hiring policy include the following (where permitted by law)? ❑ Past employment verification ❑ Criminal and civil background checks ❑ Credit checks ❑ Drug screening ❑ Education verification ❑ References check @2014 Association of Certified Fraud Examiners. All Rights Reserved. 87 Fraud Prevention Checklist (continued) Are employee support programs in place to assist employees struggling with addictions, mental/emotional health, family or financial problems? Is an open-door policy in place that allows employees to speak freely about pressures, providing management the opportunity to alleviate such pressures before they become acute? Are anonymous surveys conducted to assess employee morale? @2014 Association of Certified Fraud Examiners. All Rights Reserved. 88
© Copyright 2025