q1 2016 fraud detection, prevention & risk management

Q1-2016 PUBLIC SECTOR ADVISORY BRIEFING

FRAUD PREVENTION, DETECTION AND RISK MANAGEMENT

March 2016

Ron SteinkampPartner, Advisory ServicesBrown Smith Wallace [email protected] City Place Drive, Suite 900St. Louis, Missouri 63141

mailto:[email protected]

2

• 2014 ACFE Global Fraud Study

• Fraud Categories and Schemes

• Red Flags of Fraud

• Conducting a Fraud Risk Assessment

• Anti-Fraud Controls

Agenda

© 2016 All Rights Reserved Brown Smith Wallace LLP

3

2014 ACFE Global Fraud Study


4

The use of one’s occupation for personal enrichment through the deliberate misuse or application of the employing organization’s resources or assets.

Violation of trust

Definition


5

• Typical organization loses 5% of annual revenue to fraud – applied to 2013 Gross World Product translates to potential fraud loss of more than $3.7 trillion annually

• Median loss in the study was $145,000 with more than 22% of the cases involving losses over $1 million

• Fraud lasted a median of 18 months

• Asset misappropriation schemes (fraudulent disbursements, theft of cash receipts, other asset misappropriations) were the most common form of fraud, representing 85% of the cases and least costly at a median loss of $130,000

• Financial statement fraud schemes were the least common form of fraud, representing 9% of the cases and most costly at a median loss at $1 million

Summary of Findings


6

• Corruption schemes fell in the middle, comprising just over 37% of cases and causing a median loss of $200,000

• Occupational frauds are most likely to be detected by tips (40%) followed by management review (15%) and Internal Audit (14%)

• Small organizations are disproportionately victimized by occupational fraud

• Public Sector was one of the most commonly victimized industries

• Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes

• High-level perpetrators cause the greatest damage to their organizations

Summary of Findings


7

• 77% of frauds were committed by individuals in one of six departments:• Accounting/Finance• Operations• Sales• Executive/upper management• Customer service• Purchasing

• More than 85% of fraudsters had never been previously charged or convicted for a fraud-related offense

• Fraud perpetrators often display warning signs – most common behavioral red flag reported in the survey were perpetrators living beyond their means (36%) and experiencing financial difficulty (27%)

• Nearly half of victim organizations do not recover any losses that they suffer due to fraud

Summary of Findings


8

How Are Frauds Detected?


9

How Are Frauds Detected?


10

Fraud Categories & Schemes


11 Client Logo

ACFE Fraud Tree


12

Employee steals or misuses an organization’s resources.

• Most common category of occupational fraud – over 85% of cases reported

• Least costly – median loss of $130,000

• Median duration – 12 to 26 months

Asset Misappropriation


13

• Check Tampering - Steal employer funds by intercepting, forging or altering a check drawn on employer bank account.

• Billing - Cause employer to issue payment for fictitious goods or services, inflated invoices or invoices for personal purchases.

• Non-Cash - Employee steals or misuses any non-cash assets of the organization.

• Payroll - Employee causes employer to issue a payment by making false claims for compensation.

• Skimming - Employee steals an incoming payment from an organization before it is recorded on the organization’s books and records.

Asset Misappropriation Schemes


14

• Expense Reimbursements - Employee makes a claim for reimbursement of fictitious or inflated business expenses.

• Cash Larceny - Employee steals cash receipts from an organization after it has been recorded on the organization’s books and records.

• Cash on Hand - Employee steals cash kept on hand at organization.

• Cash Register Disbursements - Employee makes false entries on a cash register to conceal the fraudulent removal of cash.

Asset Misappropriation Schemes


15

Employee’s use of influence in business transactions in a way that violates duty to the employer for the purpose of obtaining benefit for self or someone else.

• 37% of cases reported

• Median loss of $200,000

• Median duration – 18 months

• Most common area – Purchasing

• Employees acting alone or in collusion with vendors/contractors

Corruption


16

• Kickbacks Bribery - Improper, undisclosed payments made to obtain favorable treatment. Diverting Business - Employee receives kickback for directing business to a

vendor. Overbilling - Vendor submits false invoices that either overstate the cost of

goods/services or reflect fictitious sales. Employee approves and receives kickback.

Other - External party seeks fraudulent assistance from employees of victim organization.

• Economic Extortion - Employee, through the wrongful use of actual or threatened force or fear, demands money or other form of consideration to make a particular business decision.

Corruption Schemes


17

• Illegal Gratuities - Giving or receiving something of value to reward a business decision.

• Conflicts of Interest - Employee/agent has an undisclosed personal or economic interest in a matter that influences decisions and undermines their responsibility to their organization.

Corruption Schemes


18

Intentional misstatement or omission of material information in the organization’s financial reports.

• 9% of cases reported

• Median loss of $1,000,000

• Median duration – 24 months

• Occurs at higher levels/positions in the organization

Financial Statement Fraud


19

• Fictitious Revenues - Recording of sales of goods/services that did not occur.

• Timing Differences - Recording of revenues/expenses in improper periods.

• Improper Asset Valuations - Manipulate the valuation of a company’s assets to strengthen the balance sheet and financial ratios.

• Concealed Liabilities and Expenses - Understate liabilities/expenses to make a company appear more profitable.

• Improper Disclosures - Failure to disclose or properly disclose all significant (material) information appropriately in the financial statements.

Financial Statement Fraud Schemes


20

Red Flags of Fraud


21

Fraud Triangle


22

Red FlagsPressure Opportunity RationalizationLiving beyond their means

Inadequate controls Not compensated fairly

High personal debt Too “cozy” with suppliers No recent raisesExcessive investment speculation

Vacation not taken Everyone else does it

Excessive gambling Weak management Intend to pay backSubstance abuse Ineffective or no internal

auditNeeded the money

Extra-marital affairs No job rotation Felt cheated/wanted revenge

Job frustration Always in crisis mode Bribe/kickback too tempting

Resentment of superiors Large amounts of cash on hand or processed


23

Conducting A Fraud Risk Assessment


• Conduct an annual fraud risk assessment.– Assists management in identifying where and how fraud may

occur and who may be in a position to commit fraud.

– Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.

– General steps:• Identify areas and processes to assess• Identify potential fraud schemes in each area/process• Assess likelihood and significance of each scheme• Map existing anti-fraud controls to potential fraud schemes• Test operating effectiveness of antifraud controls• Identify any control gaps and/or deficiencies = Residual risks• Document and report on the fraud risk assessment

Assess Fraud Risks


• Mitigate Fraud Risks– Make changes to activities and/or processes = transfer or eliminate

the risks.– Improve anti-fraud controls.

• Monitor Fraud Risks– Develop data analytics for management to use to monitor fraud risks.– Utilize Internal Audit to conduct audits of risk areas.

Assess Fraud Risks


Example Summary


OCCUPATIONAL FRAUD RISK Potential Occupational Fraud Schemes DEPT A DEPT B DEPT C DEPT E DEPT F DEPT G DEPT H DEPT IAsset Misappropriation - Theft of Cash on Hand. High High Low Low Low High Moderate Low

Asset Misappropriation - Skimming (Receipts stolen before recording in books - sales, receivables, refunds/credits).

High High Low Low Low High Low Low

Asset Misappropriation - Cash Larceny (Receipts stolen after recording in books). High High Low Low Low High Low Low

Asset Misappropriation - Check Tampering (Intercept, forge or alter a check drawn on the organization's bank account.).

Low Low Low Low Low Low Low Low

Asset Misappropriation - Cash Register Disbursements (False entries on cash register to conceal the fraudulent removal of cash).

High High Low Low Low High Low Low

Asset Misappropriation - Purchasing/Billing (Invoices for fictitious goods or services, inflated invoices or invoices for personal purchases).

Moderate Moderate Low Moderate Moderate Moderate Low Low

Asset Misappropriation - Payroll (False claims for compensation). Moderate Moderate Low Moderate Moderate Moderate Low Low

Asset Misappropriation - Expense Reimbursements (Fictitious or inflated business expenses).

Low Low Low Low Moderate Moderate Low Low

Asset Misappropriation - Inventory (Theft or misuse of organization inventory) High High Low Low Moderate Low Low Low

Asset Misappropriation - Fixed Assets/Supplies/ etc. (Theft or misuse of organization assets)

High Moderate Low Moderate High Low Moderate Low

Corruption - Conflict of Interest Low Low Low Low Low Moderate Low LowCorruption - Bribery Low Low Low Low Low Moderate Low LowFinancial Statement Fraud - Asset/Revenue Overstatement Low Low Low Low Low Moderate Low Low

Financial Statement Fraud - Asset/Revenue Understatement. Low Low Low Low Low Moderate Low Low

27

Anti-Fraud Controls


28

• Utilize electronic payments• Properly secure unused checks and equipment• Utilize security features on checks• Prohibit hand written checks• Require two signatures on checks over a certain amount• Segregate check preparation from signing• Immediately mail checks after signing• Establish positive pay controls with the bank• Complete independent bank reconciliations timely• Review checks issued to employees for irregularities• Segregate vendor approval from disbursement responsibilities• Perform periodic vendor master file maintenance and review for

irregularities

Check Tampering Controls


29

• Segregate purchasing from accounting and receiving departments• Require management approval of purchase requisitions/orders• Maintain a master vendor file• Require competitive bids• 3 way match by accounting of vendor invoice, receiving report and purchase

order• Periodically review master vendor file for unusual vendors and addresses• Implement automated controls to check for duplicate invoices and purchase

orders• Verify vendors with post office boxes• Review voucher payments for proper documentation

Billing Controls


30

• Asset policy and procedure manual• Tag assets• Maintain asset, supply and inventory records• Conduct independent periodic inventories of assets, supplies and

inventories• Reconcile the physical inventory to asset, supply and inventory records• Properly secure and safeguard assets, supplies and inventories• Implement an asset, supply and inventory removal policy• Store high value items in secure and continuously monitored areas• Secure organization, employee and customer data• Maintain secure information systems• Protect intellectual property, trade secrets, etc.

Non-Cash Controls


31

• Maintain personnel records independent of payroll and timekeeping• Utilize electronic payroll deposit• Periodically review employee payroll list• Review paid time off for compliance with policy• Periodically compare payroll with personnel records• Issue pre-numbered payroll checks in sequential order• Payroll bank account reconciled by employee not involved in preparing,

signing or distributing checks• Restrict access to payroll check stock and signature stamp• Periodically review payroll withholdings• Periodically review automatic payroll deposits for duplicates• Require salary changes require more than one level of approval• Require supervisor authorization of overtime• Require supervisors review and approve time

Payroll Controls


32

• Periodic analytical review of revenue• Periodic review of accounts receivable for write-offs• Periodic review of cash accounts for irregular entries• Segregate receipt of cash and checks from deposit and recording functions• Restrict cashier from accounts receivable and customer records• Immediately restrictively endorse all checks when received• Utilize a lockbox service for cash receipts• Maintain a safe with restricted access• Utilize cameras in cashier areas• Deposit cash and checks daily• Issue receipts for all transactions• Bond employees who handle cash

Skimming Controls


33

• Expense reimbursement policy• Require detailed expense reports• Supervisory review and approval of expense reimbursement claims• Place limits on expenses• Require original and detailed receipts• Detailed review of expense reimbursement claims• Credit/Procurement card policy with limits• Safeguards credit/procurement cards• Receive and review monthly automated statements from credit/procurement

card companies• Require and review monthly detailed credit/procurement card reports from

employees• Reconcile credit card statement to employee report

Expense Reimbursement Controls


34

• Independently reconcile cash register tape totals daily to the cash drawer• Limit and monitor access to cash draw and safe• Properly supervise cashiers• Utilize cameras in cashier areas• Segregate cash receipts, bank deposit, reconciliation, posting/accounting

and cash disbursement duties• Periodic mandatory job rotation for employees who handle cash and

accounting duties• Mandatory vacations• Surprise cash counts• Utilize point of sale system

Cash Larceny Controls


35

• Limit and monitor access:– Safe– Cash handling areas– Cash drawer– Petty cash

• Properly supervise cashiers• Utilize cameras in cash handling areas• Periodic mandatory job rotation for employees who handle cash and

accounting duties• Mandatory vacations• Surprise cash counts

Cash On Hand Controls


36

• Management approval for refunds, voids, discounts• Review refunds, voids and discounts on a periodic basis• Require receipts to customers – post sign• Record disbursements out of the register and independently reconcile• Investigate missing or altered register tapes• Daily reconciliation of cash register drawer by independent person• Investigate over and short incidents

Cash Register Disbursement Controls


37

• Conflict of interest policy• Policy addressing employee receipt of gifts, discounts, and services offered

by suppliers and customers• Established procurement/bidding process• Pre-Bid solicitation documents reviewed for restrictions on competition• Bid solicitation packages numbered and controlled• All bids kept confidential• Bidder qualifications verified• Contracts awarded based on predetermined criteria and documentation of

criteria assessment and award decision maintained• Periodic review of purchases for:

– Unreasonable costs– Excessive purchases– Favored vendors

Anti-Corruption Controls


38

• Proper segregation of duties in purchasing and accounts payable as well as sales and accounts receivable

• Purchasing account assignments rotated• Periodic comparison of vendor information with employee information• Vendors who employ former employees under increased scrutiny• Reporting procedure for personnel and other vendors to report concerns

about vendors receiving favored treatment• All employees required to complete annual disclosure document that

includes potential conflicts resulting from business ownership and investment

• Audit clause in each contract allowing Internal Audit access to audit contract records and documentation related to contract compliance and performance

• Periodic contract audits conducted by Internal Audit

Anti-Corruption Controls


39

• Reduce situational pressures

• Reduce the opportunity to commit fraud

• Reduce the rationalization of fraud = strengthen employee personal integrity

• Financial Statement Analysis

Financial Statement Controls


40

Questions


q1 2016 fraud detection, prevention & risk management

Documents