The Florida Institute of Certified Public Accountants

October 21, 2010

Fraud and the Importance of Corporate Governance

Gary Jordan, CPA, CIAVice President Internal Audit

The PBSJ CorporationTampa, Florida

The fastest cars have the best brakes.

PBSJ - Who We Are

Founded in 1960 and acquired 3 weeks ago by WS Atkins

Employee-owned professional services organization

75 offices across the US and Puerto Rico

3,500 employees

3,000 clients (75% public, 25% private sector)

Employees include

– Engineers _ Architects

– Scientists _ Interior Designers

– Archeologists _ Surveyors

Engineering-News Record Rankings

Among the top 500 design consultants, we are currently ranked:

4th for pure design,

10th for transportation,

13th for bridges,

15th for mass transit and rail,

14th for construction management,

25th overall

What We Do

Professional services organization that provides a range of planning, design, and construction services to public and private clients.

5 business segments– Transportation Services

– Environmental Services

– Civil Engineering

– Construction Management

– Construction (at Risk Contractor)

Revenue $850M during fiscal year 2009

Positive Net Income

Paid off line of credit

PBS&J Projects

Coral reef analysis, protection, and rehabilitations (FL Keys).

Metrorail rapid transit

– Miami, Houston, Atlanta

Airport Expansion

– Tampa, Atlanta, Miami

New Orleans Levy

7 mile bridge (FL Keys)

Lessons in Corporate Governance

Independent Audit CommitteePhillip E. Searcy Frank A. StasiowskiWilliam D. Pruitt

What Actually Happened?

Fraud began 15 years ago

Collusion by trusted employees in corporate finance and treasury

–Chief Financial Officer

–Manager of Business Systems

–Accounting Manager

Discovered March 2005 by Internal Auditor

How’d it happen?

Secret accounts

–PO Box

Cash accounts

Medical reserves

Income taxes

Methods changed to avoid detection

How much taken?

Chief Financial Officer - $17 million

BIS Manager - $10 million

Accounting Manager - $9 million

Misappropriation

By the dollars:

–$36 million misappropriated

–$16 million recovered

–$22 million self investigating

–$40 million in client refunds nationwide

–$22 million in lost work

$100+ Million Hit!

How discovered… then what?

Persistent internal auditor

Audit Committee internalinvestigation

White collar crime attorneys

Forensic accounts

Private investigators

Voluntary Disclosure!

Fact Finders

State Attorneys General

Securities andExchange Commission

United States Attorney

Tennessee

Federal Bureauof Investigation

Florida Nevada

US Department of Justice

And Beyond

15

Crisis Management

Proactive internal investigations

Cooperation with fact finders

Transparency and openness

Honesty and sincerity

Voluntary Disclosure

Just do the right thing!

Public relations

First -- Know the Difference!

The practice of engineering

The business of engineering

Operational Management

Business development

Staff productivity

Revenue generation

Controllable overhead

People management

Unit profitability

Typical Business Controls

Entity Level Controls

Controls over Financial Reporting

Operational Controls

Generally Accepted Accounting

Procedures (GAAP)

Corporate Accounting 101

Qualified Personnel

Segregation of Duties

Key Controls

Secondary review

Automation/Efficiency

Culture of Compliance

Tone from the top

Development an ethics and compliance function

Business Code of Conduct

Employee hotline

Provide ethics training and compliance training

WorldCom Experience

Somewhat surreal

It permanently altered my view of the importance of Corporate Governance

The cases we are about to discuss are what happens when governance is weak

I became passionate about the role of internal audit and made the career decision to return to that space for the remainder of my career.

Survey Question #1

What do you think the answer was to this Comprehensive Business

Risk Assessment survey question? Yes, No or Unsure?

~

Do you think fraud can occur at your company?

Survey Question #2

Ask this question in your Risk Assessments:

Where do you feel is the most likely and/or vulnerable to have

a fraud carried out?

Survey Question 3

Ask this question in your Risk Assessments and as a closure question in field audit work!

Have you witnessed any other improprieties or have you or any other employee been

asked to circumvent existing procedures or policies?

Fraud Facts

Average length of time from fraud start to detection:

2 years

Frauds exposed by whistle-blowers:

46%

* Source - CFO Magazine, April 2009

Corporate-fraud victims that blamed lack of adequate controls:

35%

Companies that modified controls after fraud was detected:

78%

* Source - CFO Magazine, April 2009

Fraud Facts

Frauds by persons in the

accounting department:

Frauds by executives or

upper management:

Frauds by perpetrators living

beyond their means:

Frauds by perpetrators experiencing

financial difficulty at the time

of the fraud:

* Source - CFO Magazine, April 2009

Fraud Facts

29%

18%

39%

34%

Codes of Conduct

What percentage of U.S. employees reported that their codes of conduct are

not taken seriously?

51%

KPMG Forensic Integrity Survey

2008-2009

What percentage of U.S. employees reported that they would be rewarded based on

results, not the means used to achieve them?

52%KPMG Forensic Integrity Survey

2008-2009

Corporate Behavior

Corporate Behavior

What percentage of U.S. employees reported that they lacked understanding of the standards of conduct that apply to their jobs?

51%

KPMG Forensic Integrity Survey

2008-2009

Executives Reluctant to Disclose Corruption

Although respondents have differing views about disclosure, 93% say that an internal investigation should be conducted if a significant incident of corruption were uncovered.”

“Four out of 10 global executives are reluctant to disclose significant corruption incidents to authorities, according to Fortifying Anti-corruption in Today’s Corporation, a Deloitte survey of 329 executives from around the world.

The percentage of students who acknowledged that they cheated in order to improve their odds of getting into graduate school:

–Liberal arts students 43%–Education students 52%–Medical students 63%–Law students 63%–Business students 75%

The Speed of Trust by Stephen M.R. Covey

76% of MBAs were willing to understate expenses that cut into their profits, and that convicts in minimum-security prisons scored as high as MBA students on their ethical dilemma exams.

The Speed of Trust by Stephen M.R. Covey

Neville Isdell, recently retired chairman and CEO of the Coca-Cola Company and Robinson Hall of Fame inductee, warns,

“the challenge is for us as business

leaders to rewire how our companies

relate to society. And if we don’t do that,

we will discover that society has

redesigned our business for us.”

BIZ, State of Business Magazine, Vol XXI, No. 2, Dean’s Letter

How to Position the Importance of Governance

A 2002 study by Watson Wyatt shows that total return to shareholders in high-trust organizations is almost three times higher than the return in low-trust organizations. That’s a difference of nearly 300 percent!

The Speed of Trust by Stephen M.R. Covey

Companies Complying with SOX Rules

Source: Lord & Benoit, 2006

����28%

����26%

����

Control weakness in 2004, but none

in 2005

No control weaknesses in 2004 -05Passed SOX Testing

Reported control weakness 2004-05

6%

Share-price Performance

40 Source: Lord & Benoit, 2006

Data Vendors

Reuters

Standard & Poor’s

EDGAR

Lexis-Nexis

* Partial List

Audit Integrity41

• Stanford Law School

• 10-K Wizard

• Securities Mosaic

• CSI Data

Why Internal Audit Must Get Up to Speed

“The current global economic crisis has also exposed a number of exceptional and brazen fraud schemes. These revelations remind us that internal audit must be more vigilant than ever in its fraud-detection activities. Therefore, internal audit’s data-mining and data-analytic capabilities, instrumental to efficiently examining the large volume of data readily accessible through ERP systems for anomalies and other fraud indicators, are now even more critical.”2009 IT PrciewaterhouseCoopers:

Business upheaval: internal audit weights its roleamid the recession and evolving enterprise risks

ERP Systems and Data Analytics

42

Fraud Probability Drivers

The FRAUD Triangle Justification or History

Beliefs such as “the activity is not criminal,” “Everybody is

doing it”

Real or Perceived Opportunity

Weak controls/Employees in positions of trust

PressureFinancial, personal, unrealistic

corporate objectives, etc.

Source: KPMG

Recent studies show that three-quarters of U.S. workers surveyed witnessed misconduct on the job in the past year. This indicates that organizations need to continually assess whether or not their control environment takes into account the elements of the “fraud triangle.” The fraud triangle comprises:

“Incentives and pressure” – manipulating information to succeed, whether the strain is real or self-imposed

“Opportunities” – practicing deception when relaxed/loose corporate controls permit

“Attitude rationalization” – justifying actions for the perceived good of the organization

Source: KPMG

On a personal level, high-trust individuals are more likely to be promoted, make more money, receive the best opportunities, and have more fulfilling and joyful relationships.

The Speed of Trust by Stephen M.R. Covey

NOTE!!

If we demonstrate that we have a moral compass and can adhere to it, we will have a competitive advantage. We should do this because its not only the right thing to do but its easy and each of us can decide to do it today!!

Now if the last few slides were not bad enough….

Is everyone sitting down for the next one?

"I'll trade you two Bernie Madoffs for a Derek Jeter and David Wright."

Fidelity.com

So what do we do now?

Is fraud and corporate misconduct so widespread and accepted do we just give up and go home?

Or maybe we should position our functions for the fight and sell our value proposition to the Directors and Leaders of our entities.

3 Angles of Attack

• In the Community: Push for more ethics based education curriculum at all levels

• At work: Identify, reward, promote based on the key elements of integrity and ethical behavior in addition to performance

• At the Entity level: Promote GRC and its benefits to decision makers

On a personal level, high-trust individuals are more likely to be promoted, make more money, receive the best opportunities, and have more fulfilling and joyful relationships.

The Speed of Trust by Stephen M.R. Covey

NOTE!!

If we demonstrate that we have a moral compass and can adhere to it we will have a competitive advantage. We should do this because its not only the right thing to do but its easy and each of us can decide to do it today!!

50

What is GRC?and

Why do I care?

We must convince leadership that good governance pays, and they must champion the practices.

What ammunition

do we have?

There are significant value creating business benefits for

moving entities to stronger Control Environments =

Stronger Measurable Governance Metrics

Key Findings

There is a large and persistent returns spread

between the highest and lowest-

rated companies – a 15.3%spread between the best and

worst decile over the prior 10 years.

Source: Audit Integrity

55

Price of Control Deficiency for$1 Billion Company

Source: University of Wisconsin, 2006

$10 million in higher cost of equity capital

Savings on Legal Liability Avoidance from GRC Investment

Source: General Counsel Roundtable, 2006

$1$5

Spending on Compliance

Savings on Lower Legal Liability $1$5

How to Position the Importance of Governance in Your Entities

This increasing focus on governance has

also resulted in a proliferation of published rating systems that rank on an absolute basis, and analyse and compare the relative corporate governance practices of public companies. With these developments, directors should address the implications of the ratings and the criteria they use.

Who’s Watching?

A few examples are:

Institutional Shareholder Services (ISS)

Moody’s Investors Service

Audit Integrity

Standard and Poor

GMI

59

Over 200-450 data fields are manually annotated and updated.

SEC ActionsClass Action

Litigations

Financial

Restatements

The Impact of Integrity on Stock Returns: Corporate Integrity Ratings Provide Unique Risk Factor

60

What Are They Watching?

Board

Independence

Data Vendors

Reuters

Standard & Poor’s

EDGAR

Lexis-Nexis

* Partial List

Audit Integrity61

• Stanford Law School

• 10-K Wizard

• Securities Mosaic

• CSI Data

For example:

Audit Integrity is the leading provider of accounting and governance risk analysis on public companies.

Through extensive statistical analysis of a vast array of information, Audit Integrity produces objective reports on 9,900 corporations traded on U.S. stock exchanges.

The Audit Integrity Accounting and Governance Risk Ranking (AGR*) is a measure of the overall risk of potentially fraudulent or misleading accounting and governance activity.

62

What is GRC?Faced with mandates for tighter corporate governance and enterprise risk management and barraged by compliance regulations, organizations are adopting platforms that are focused on enterprise governance, risk, and compliance (GRC) management.

GRC is a combined area of focus within an organization that developed because of interdependencies between the three components

This un-fragmented approach to risk management provides the benefit of:

Enterprise Wide Risk Monitoring

Greater Transparency

Increased Automation

Simplified Compliance

What is Corporate Governance?

The corporate governance framework depends on the legal, regulatory, institutional and ethical environment of the community. Whereas the 20th century might be viewed as the age of management, the early 21st century is predicted to be more focused on governance. Both terms address control of corporations but governance has always required an examination of underlying purpose and legitimacy.

James McRitchie, 8/1999

Governance Model

Strategy

Monitoring &Communication

Enterprise RiskManagement

Transparency& Reporting

Ethics &BusinessConduct

Legal,Regulatory,Standards

Roles andResponsibilities

A Big Picture Perspective

Tone at the Top, July 2006

Audit Integrity is the leading provider of accounting and governance risk analysis on public companies. Through extensive statistical analysis of a vast array of information, Audit Integrity Accounting and Governance Risk rating (AGRR) is a measure of the overall risk of potentially fraudulent or misleading accounting and governance activity.

Audit Integrity

Extensive research has also shown a clear relationship between Audit Integrity’s primary risk measure, the Accounting and Governance Risk (AGRR) rating, and equity returns. Consistently, the lowest-rated companies underperform the market and highest-rated companies outperform.

Audit Integrity

Corporations must support a culture of

“Trust but Verify”

Accounting Personnel

Certified Professionals

Chief Financial Officers

Internal Auditors

External Auditors

Government Auditors

So how does Internal Audit fit into this and what are emerging

trends and tools?

Internal Audit

Know where your risks are

Conduct business fraud risk assessment

Support the function

Document controls

Identify control gaps

Remediate gaps

Practice good business discipline

Why Internal Audit Must Get Up to Speed

“The current global economic crisis has also exposed a number of exceptional and brazen fraud schemes. These revelations remind us that internal audit must be more vigilant than ever in its fraud-detection activities. Therefore, internal audit’s data-mining and data-analytic capabilities, instrumental to efficiently examining the large volume of data readily accessible through ERP systems for anomalies and other fraud indicators, are now even more critical.”2009 IT PrciewaterhouseCoopers:

Business upheaval: internal audit weights its roleamid the recession and evolving enterprise risks

ERP Systems and Data Analytics

72

Changing Internal Audit RolesTechnology expected to have major impact on internal audit

Business trends expected to have the most impact on internal audit roles, responsibilities, and functions between now and 2012 are technology, new regulations, risk management, corporate governance, and ethics and compliance.

By 2012, strategic internal audit groups will be providing risk assurance as well as controls assurance as part of coordinated efforts to keep in step with corporate advances in risk and control processes.

PricewaterhouseCoopers

Don’t expect personnel in Corporate America to improve its business values and morality!!

The upcoming segment of your career is a golden opportunity…to demonstrate the value of strong corporate governance and strengthen your organizations controls….seize it!!

Questions? Comments?

If you have questions

or comments, contact:

Gary Jordan

727-224-8700 or

garybennettjordan@hotmail.com