2. CONTACT ME
Pam Mantone, CPA, CFF, CFE,
CITP, FCPA
Senior Manager
pammantone@decosimo.com
423-756-7100
The contents and opinions contained in this presentation are my opinions and do not reflect the
representations and opinions of Decosimo.
4. COSO Control Framework
• Control environment
Organizational • Risk assessment
level • Communications
• Monitoring
Functional • Control activities
level • Information systems
5. Control Environment Principles
Hard Controls
• Attention and direction by a board of directors
and/or audit committee
• Organizational Structure
• Manner of assigning authority and
responsibility
• Policies and procedures
Soft Controls
• Integrity and ethical values
• Commitment to competence
• Management’s philosophy and operating style
6. Control Environment Factors
Appropriate oversight
Hiring practices
Demonstration of integrity in every day
dealings with customers, employees, suppliers
and other parties
Workload
Communication to employees on
management’s views of business practices and
ethical behavior
Management takes appropriate action to
address known departures from approved
policies and procedures or unacceptable
business practices or conduct
Investigation of alleged fraud incidents
8. Control Weaknesses that Contributed to Fraud
Primary Internal Control Weaknesses
Poor Tone at the Top
2010 Report Lack of Competent Personnel in Oversight Roles
to the Lack of Independent Checks/Audits
Nations Lack of Employee Fraud Education
Lack of Clear Lines of Authority
Lack of Reporting Mechanism
Lack of Internal Controls
Override of Existing Internal Controls 6.9%
Lack of Management Review
8.4% 5.6%
17.9% 1.9%
19.2% 1.8%
37.8% 0.6%
11. What Went Wrong – Embezzlement
Trust and absence of skepticism (think Madoff)
Open access to blank checks, financial records, and/or
cash
Improper or no bank statement reconciliation or review
No monitoring of customer complaints
No verification/approvals of discounts, credit memos
No review of delinquent accounts
Did not perform analytical procedures that compare
adjusted inventory levels to sales
No review of journal entries posted to balance accounts
No detailed review of inter-bank and/or inter-company
transfers
No review of the allowance for doubtful accounts
12. What Went Wrong – Billing Fraud
No review of vendor transactions for non-
consecutive vendor invoice numbers
Hint: Many vendors will assign the same beginning
invoice number to each customer, i.e. 98XXXXXX
POs not required and/or not pre-numbered
Did not maintain a listing of outstanding POs
No management approval of purchases and
payments
No review of vendor monthly statements for O/S
items
Did not develop or maintain an approved vendor list
Did not use competitive bids
13. What Went Wrong – Corruption
No review of recent purchases to see whether the same
vendor is winning bids let by a specific purchasing agent
Did not include a right-of-audit and access to vendor’s
books clause in contract
Did not conduct background checks on new vendors or
obtained references
Competitive bids opened by one employee
No company policy addressing the receipt of gifts by an
employee
No conflict-of-interest policy
Lack of independent review of vendor pricing
No follow-up discussions with vendors who did not win
the contracts
14. What Went Wrong – Payroll
Lack of appropriate approvals for overtime, rate of pay,
commission rates
Did not use a separate bank account (impress account)
or use direct deposit
No approvals for all changes in the employee master file
No external review of payroll registers and general ledger
to tax reporting
Did not designate someone outside of payroll as contact
for taxes, etc.
No comparison of the number of employees to actual
number of payroll checks issued
No periodic review of paid leave and vacation totals per
employee
15. What Went Wrong – Expense reimbursements
Original receipts not required
P-Card statements, credit card statements, etc. not
reconciled or not reconciled timely
No requirement to close out cash advances
No comparison to prior year’s expenses
No review of support documentation for duplicates,
sequential numbers, or unusual amounts.
No comparison of dates of expenditures to
expected travel dates
No review and approval of expense reports
No established policies regarding travel, hotel and
meal guidelines and limits on entertaining
16. What Went Wrong – Financial Statement Fraud
Lack of effective oversight
Organizational structure complex with no clear
lines of reporting authority
Lack of the appropriate “Tone at the Top”
Setting unachievable financial goals and applying
excessive pressure to employees to achieve them
Unfair compensation systems with compensation
based upon incentives
Lack of physical security or restricted access
No clear and uniform accounting procedures
17. Internal Controls Modified or Implemented
Increased Segregation of Duties
Management Review
Surprise Audits
2010
Report to 4% 3% 2% Fraud Training for Employees
the Nation 4% 3% 2% 2% 1% Job Rotation/Mandatory Vacation
5% 26% Internal Audit/FE Department
Anti-Fraud Policy
9% 21%
Code of Conduct
5% External Audit of F/S
6% 7% Hotline
External Audit of ICOFR
Independent Audit Committee
Management Certification of F/S
Rewards for Whistleblowers
Employee Support Programs