do’s and don’ts from a credit union perspective handling internal fraud investigations mike...
TRANSCRIPT
Do’s and Don’ts From a Credit Union Perspective
Handling Internal Fraud Investigations
Mike Mossel – RSM McGladrey, Inc June 15, 2011 – ACUIA Conference
Who Is This Guy??
Mike is the National Managing Director for McGladrey’s Credit Union Risk Advisory Services. Mike is responsible for managing all of McGladrey’s risk advisory-related services provided to credit unions. Mike’s practice consists of 21professionals who provide services to over 300 clients annually.Mike has over 30 years of internal audit experience – 20 years exclusively within the credit union industry. Mike’s credentials include certifications as a Certified Fraud Examiner (CFE), Certified Bank Auditor (CBA), Certified Risk Professional (CRP) and Certified Financial Services Auditor (CFSA).
Presentation Outline
Internal Fraud…..the Unspoken Risk – what is this animal?
Awareness: First Line of Defense – Case Studies
General Legal Aspects of Fraud Fraud Examination Methodology Expectations for Fraud Prevention &
Detection
Internal Fraud
The basic questions-------???
1. Who does it?
2. Why do they do it?
3. How do they do it?
Internal Fraud
Most frauds are committed by long-term employees with responsibilities.
Many times fraudulent funds are right in the employee’s account
Three elements of fraud:- Integrity
- Motive
- Opportunity
Internal Fraud
The most recently common types of internal frauds based on our experience:
Loans Identity Theft GL Accounts Stolen Cash Unauthorized use of corporate credit cards Kickbacks on sales of repossessed vehicles or indirect loan
dealers Procurement/Purchasing Functions
Case Study #1
Theft of $996,000 through the funding of RE loans
- Lack of adequate segregation of conflicting duties
- Lack of secondary review
- Lack of adequate control over GL reconcilement
Case Study #2
Theft of $1.3 million through the ATM GL Clearing accounts
- Lack of adequate segregation of conflicting duties
- Lack of secondary review
- Lack of assigned responsibility
- Lack of adequate control over GL reconcilement
- Lack of proper follow up
- Lack of identifying fraud indicators
Case Study #3
Theft of $140,000 through improper system access
- Lack of adequate assignment of system access
- Lack of periodic review
- Lack of adequate secondary controls over GLs
Case Study #4
Theft of $139,000 through branch over/short accounts
- Lack of secondary review
- Lack of assigned responsibility
- Lack of adequate control over GL reconcilement
- Lack of proper follow up
- Lack of identifying fraud indicators
General Legal Aspects of Internal Fraud
Elements of Fraud:
Misrepresentation Knowingly and with intent Reliance Injury
General Legal Aspects of Internal Fraud
Ways to Prove Intent:
Alteration of documents Concealment Destruction Lying Personal Gain Obstruction Pattern Testimony Confession
Fraud Examination Methodology
Circle the Wagons Document Examination Interview Process Display of Physical Evidence
Circle the Wagons
Confidentiality
On a Need to Know Basis
Document Examination
Personnel files Performance records Prior audit/investigative files Financial accounts and disclosures Documents pertinent to the investigation –
wherever that takes you
Interview Process
Neutral Third Party Witnesses Corroborative Witnesses Co-Conspirators Accused
Interview Process
Characteristics of a Good Interview:
Thoroughness Pertinence Objectivity Timeliness Observation
Interview Process
Characteristics of a Good Interviewer:
Good listener Demonstrates fairness Works informally Lacks bias Projects professionalism Presents no threat
Interview Process
Overview of Question Methodology:
Introductory Informational Assessment Closing Admission seeking
Display of Physical Evidence
Overestimation of the amount of physical evidence
Display one piece at a time Display in reverse order of importance When to cease displaying evidence Organized and thorough file documentation
Expectations for Fraud Prevention & Detection
Procedural & Behavior Policies:
The written documents that guide your employees….an instructional manual of sorts!
Management should determine that the credit union has designed written policies in the operations, codes of conduct, conflict of interest policies, and fraud policy.
Make sure they are effectively communicated to all employees.
Expectations for Fraud Prevention & Detection
Credit Union Policies:
Should clearly define the expectations for all aspects of operations.
Should be approved by the Board of Directors.
Expectations for Fraud Prevention & Detection
Code of Conduct Policies – written standards that promote:
Honest and ethical conduct. Compliance with credit union policies and
other rules and regulations. Internal reporting of anyone that violates the
code. Accountability for adherence to the code. Establishes a “tone at the top.”
Expectations for Fraud Prevention & Detection
Fraud Policy:
Establishes a “tone at the top” that fraudulent acts will not be tolerated.
Documents specifically what constitutes fraudulent acts.
Establishes responsibility for deterrence, detection, investigation and reporting.
Expectations for Fraud Prevention & Detection
Whistleblower Policy:
Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system
Tips are overwhelmingly the #1 method of initial detection
Implement hotlines to receive tips and specific avenues for employees to report
Allow anonymity and confidentiality Employees should be encouraged to report
suspicious activity without fear of reprisal
Expectations for Fraud Prevention & Detection
Employee Training:
Employee training is vital What constitutes fraud How it hurts everyone in the credit union How to report any questionable activity Identifying red flags
Living beyond means Financial difficulties Control issues Close relationship with vendor/member
Take Aways
Frauds are nasty but investigating them is an absolute necessity
Internal controls are a must Proper fraud examination methodology Policies and training
Questions & Answers
www.rsmmcgladrey.com