Handout
Upcoming SlideShare
Loading in...5
×
 

Handout

on

  • 863 views

 

Statistics

Views

Total Views
863
Views on SlideShare
862
Embed Views
1

Actions

Likes
0
Downloads
18
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Handout Handout Presentation Transcript

  • An Organization-Wide Model of Fraud Protection By Gerard M. Zack, CPA, CFE, ACFE Fellow Partner – Wipfli, LLP Founder – Nonprofit Resource Center (301) 987-0287
  • Fraud – 2002 ACFE Study
    • $600 Billion/Year
      • Up from $400 billion estimate in 1996
      • 13.4% of cases studied involved nonprofits
    • 6% of Annual Revenue Lost to Fraud
    • Average Fraud Scheme Lasts 18 Months Before Being Detected
    • Small Organizations Are Most Vulnerable
  • Three Categories of Fraud
    • Fraud committed against an organization
      • Our focus today
    • Fraud committed by an organization
      • Financial reporting fraud
      • Fundraising fraud
      • Program fraud
    • Fraud committed through an organization
      • By employees against third parties
      • Credit card fraud or identity theft
  • Fraud Committed Against Organizations
    • Asset Misappropriations
      • Theft or misuse of assets
      • 85% of fraud cases involve this
    • Corruption
      • Inappropriate use of one’s influence in a business transaction
      • Kickbacks and conflicts of interest
  • Asset Misappropriations
    • Fraudulent Disbursements
      • Most common type of asset misappropriation
      • Disbursement schemes, billing schemes, payroll and expense reimbursement schemes, check tampering
    • Skimming
      • Stealing cash prior to it being recorded on the organization’s books
    • Cash Larceny
      • Stealing cash after it has been recorded
    • Theft of Noncash Assets (Inventory, etc.)
  • Our Goals
    • Prevent as much fraud as possible
    • Utilize detect ive controls to catch what cannot be prevented
    • Insure against acts that are not prevented or detected
    • Accept a certain, minimal level of risk
    • Continually update our understanding of fraud risks and manage those risks
    • Utilize EVERYONE in an ongoing system of fraud deterrence
  • Factors Present in All Frauds
    • Intent
    • Motive
      • External (substance abuse, peer pressure, health problems, etc.)
      • Internal (feeling unfairly treated, job pressures, etc.)
    • Opportunity
      • Real or perceived weaknesses in controls
    • Rationalization
      • Depersonalization, entitlement, etc.
    • Concealment
  • Fraud Prevention & Detection
    • Financial Controls
      • Preventive controls
      • Detective controls
    • Non-Financial Systems
    • Management Oversight and Behavior
  • For More on Fraud Protection, See: Fraud and Abuse in Nonprofit Organizations: A Guide to Prevention and Detection by Gerard M. Zack, CFE, CPA Published by John Wiley & Sons, Inc. June 2003
  • I. Financial Controls Over Frauds Against Organizations
  • Financial Controls
    • Two Categories
      • Preventive
      • Detective
    • Maintain in Written Form
    • Certain Elements Common to all Cycles
      • Segregation of duties
    • Other Elements Unique to Specific Cycles
      • Cash receipts
      • Cash disbursements
      • Payroll
  • Segregation of Duties
    • Goal : Make it Impossible to Commit and Conceal a Fraud
    • Example : Separate Functions Involved in Handling Funds From Those Involved With Recording
  • Examples of Revenue and Cash Receipts Frauds
    • Skimming – Most Common and Our Focus Today
    • Theft of Donated Assets
    • Write-offs of Receivables and Unauthorized Credits
    • Lapping Schemes
    • Unrecorded Sales
  • Skimming
    • “ Off-Book” Fraud - Stolen Prior to Entry on Books
      • Mail receipts
      • On-site receipts at events
      • Unrecorded sales (retail, warehouse, etc)
    • Checks are Just as Vulnerable as Cash
      • Establish phony account in name of organization
    • Contributions are Most Vulnerable
      • No exchange (outflow of resources)
    • Other Revenue Streams Also
      • Dues, off-site events, seminars, late fees
  • Revenue & Cash Receipts Controls
    • Segregation of Duties (receipt of funds from recording, posting to A/R, etc.)
    • Dual Control
      • Also rotation of duties, mandatory vacations
    • Lockbox
    • Timely Reconciliations (A/R, etc.)
    • Reasonableness Testing of Income Accounts
    • Trend and Budget Variance Analysis
    • Ratio Analysis
  • Additional Controls for Contributions
    • Dual Control or Lockbox
    • Use and Reconciliation of Business Reply Mail for Solicitations
    • Publication of Donor Names
    • Controls Over Acknowledgement Letters and/or Receipts (not very reliable as a control)
    • Periodic/Annual Donor Statements
    • Rotation of Duties and Analysis of Recorded Contributions
  • Examples of Purchasing and Cash Disbursements Frauds
    • Billing Schemes (most common)
      • Internal
      • External
    • Check Tampering
    • Electronic Funds Transfers
    • Conflicts of Interest
    • Kickbacks
    • Fraudulent Bidding Processes
  • Billing Schemes
    • Personal Purchases
    • Fictitious Vendor
    • Duplicate Payments
    • Refund Schemes
    • Financial Assistance Schemes
  • Fictitious Vendor Schemes
    • Usually Service-Providers
    • May be Former Valid Vendors
    • Insertion of Fraudulent Invoice
    • Authorization:
      • Perp is authorized to approve
      • Perp relies on “rubber-stamp” approval
      • Perp creates phony supporting documentation
    • May or May Not Need to Intercept Payment
  • Duplicate Payments
    • Submit Statement From Vendor, After Invoices Have Been Paid
    • Submit Copies of Invoices
    • Usually Need to Intercept Payment to Prevent Mailing to Valid Vendor
    • Conversion to Cash Via:
      • Establishment of account in vendor name
      • Sign payment over to another payee
  • Refund Schemes
    • Common With Seminars, Conferences, etc. if not Properly Controlled
    • Refund Checks Generated in Connection With Registrants Who Have not Cancelled
    • Controls Over Refunds Often Much Weaker than Controls Over Other Cash Disbursements (Purchases)
  • Check Tampering
    • Forgery of Signatures
      • Most common method
    • Altering Amounts or Payees
      • Check-washing, erasing, etc.
    • Duplicate Checks
      • Create phony checks
    • Need to Conceal Through Bank Reconciliation
  • Conflicts of Interest
    • Insider has Undisclosed Interest (Direct or Indirect) in the Transaction
    • Often Involves Vendors or Subcontractors in Whom Board Members, Executives Have Interest
    • Can Also Involve Customers (i.e. authorizing below-market prices, discounts, etc.)
  • Kickbacks
    • Payments From Vendors to Purchasing Agents
    • Associated With:
      • Bid-rigging
      • Inflated prices
      • Unnecessary purchases
      • Billing for goods not delivered
  • Purchasing & Disbursements Controls
    • Segregation of Duties (esp. initial receipt of bank statement and checks from writing and recording)
    • Only Pay From Original Invoices (no copies or statements)
    • Mail all Vendor Payments – No Returning of Checks to Person who Requested
    • Matching with Supporting Documents
    • Analysis of Vendor Master File and Payment Histories
    • Use of “Positive Pay” System
  • Bank Reconciliation
    • Review Statement for Duplicate Checks or Un-Numbered Checks
    • Investigate Gaps in Check Numbers
    • Review Statement for Other Debits
    • Examine Returned Checks
      • Signs of alteration or forged signatures
      • Review endorsements for consistency
    • Compare Payees With Check Register or Disbursements Journal
    • Verify Lists of Voided Checks
  • Other Detective Controls
    • Budget to Actual Expense Analysis
    • Trend Analysis
    • Ratio Analysis
      • Vertical analysis
      • Ratios involving non-financial factors
  • Payroll Schemes
    • Ghost Employees
    • Over-stating Hours Worked
    • Over-stating Pay Rates
    • Expense Reporting Schemes
      • Duplicate or personal expenditures
      • Airfare schemes
  • Ghost Employees
    • Insert New Employee on Payroll
      • Need access to payroll master files
    • Fail to Remove Valid Departing Employee from Payroll
      • Change address or direct deposit account information
  • Over-Stating Hours Worked
    • No Need to Have Access to Payroll Master Files – Simply Falsify Time Record
    • May Rely on Rubber-Stamp Approval of Supervisor
    • May Involve Changes to Record After Supervisor Approval
  • Over-Stating Pay Rates
    • Need Access to Payroll Master Files
    • May or May Not Involve Collusion
  • Payroll Controls
    • Segregation of Duties
      • Especially H.R. duties (master file data) from Payroll Processing
    • Data Analysis
      • Cross-check addresses, direct deposit info., etc.
      • Look into employees with no deductions
      • Match checks/stubs with employees
  • Expense Report Controls
    • Travel Authorizations in Anticipation of all Trips
    • Limit Travel Advances and Have Employee Authorize Deduction From Pay if not Accounted for
    • Timely Preparation and Submission of Expense Report
    • Appropriate Supporting Documentation
    • Establish and Monitor Travel Budgets
    • Per Diems or Specific Documentation Requirements
  • Supporting Documentation
    • Itemized Hotel Bills for Lodging
      • Do not accept credit card receipts
    • Receipts for Meals, Entertainment
    • Boarding Passes and Receipts for Airfare
      • Proof that trip was taken – itineraries only show that a reservation was made
  • Expense Report Review
    • Match Authorized Dates of Travel With Supporting Documentation
      • Watch for extra nights of lodging, etc.
    • Original Supporting Documentation
      • Vendor invoices (hotels, etc.), not just credit card receipts
    • Documentation of Business Purpose, etc. per IRS Requirements
    • Compare all Information on Receipts
      • Match airline ticket numbers
    • Cross-Check to Co-Workers’ Reports
  • Internal Controls Were Responsible for the Initial Detection of Fraud in Only 15% of Cases Studied Source: 2002 ACFE Report to the Nation on Occupational Fraud and Abuse
  • Initial Detection of Fraud
    • Tips From Employees (26%)
    • By Accident (19%)
    • Internal Audit (19%)
    • Internal Controls (15%)
    • External Audit (11%)
    • Tip From Customer (9%)
    • Tip From Vendor (5%)
  • Patterson & Kim Study
    • Workers Spend an Average of 7 Hrs/wk Goofing Off
    • 1 in 6 Workers Drank or Used Drugs at Work
    • 50% Feel One Gets Ahead Based on Politics, not Hard Work
    • 25% Expect to Compromise their Beliefs to Get Ahead on the Job
    • Only 20% are “Very Satisfied” With Jobs
  • What Does This Tell Us?
    • Internal Controls Generally Need to be Strengthened, AND
    • Systems Other Than Traditional Financial Controls Play Integral Roles in Fraud Prevention and Detection
  • II. Non-Financial Systems
  • Non-Financial Systems
    • Several Non-Financial Systems Play Roles in Controlling Fraud
    • Among the Most Important:
      • Information Technology Systems
      • Human Resources Systems (our focus today)
      • Physical Security
      • Communications Systems (our focus today)
      • Insurance Protection
  • H.R. Systems (1)
    • Hiring Policies and Practices
      • Identity verification
      • Background checks
    • New Employee Orientation
      • Establish tone
    • Codes of Conduct
      • Ethical behavior, policy on suspected misbehavior, etc.
    • Performance Evaluation Systems
  • H.R. Systems (2)
    • Grievance Policies
    • Compensation Adjustment Practices
      • Must be viewed as fair in all respects
    • Counseling of Troubled Employees
      • Alcoholism, drug abuse, etc.
    • Exit Interviews
      • Conduct by H.R. and/or Someone Other than Direct Supervisor
  • Communications
    • Organization Chart
      • Clear understanding of lines of communication
    • Access to Audit Committee
      • Or equivalent board-level representatives
    • Hotlines
      • Anonymous reporting of suspected fraud and abuse by employees
    • External
      • Crisis management
  • Hotlines
    • Allow for Anonymous Reporting of Suspected Wrongdoing
    • Utilize Third-Party Services (EthicsLine of the Association of CFE’s;Pinkerton Security; Other Services)
    • FraudNet, a Service of GAO to Report Wrongdoing Involving Federal Funds
      • [email_address]
      • (202) 512-3086
  • Bonding Coverage
    • Perpetrator Must be an Employee of Insured (Check Policy for Whether Volunteers are Covered)
    • Many Policies Require That Loss be Reported to Law Enforcement
    • Dishonest Act Must Occur and be Discovered During Bond Period
    • Policy May or May Not Cover Fidelity Claims Expenses (Costs of Investigation)
  • Bonding Coverage Denied If
    • Loss not Reported Timely
    • Reasonable Precautions not Taken
    • Misleading or Incomplete Information Provided in Application
    • Failure to Provide Updated Information About Risks/Operations
    • Failure to Follow Policies That Organization Claims are in Place
  • III. Management Oversight
  • Management Oversight
    • Day-to-Day Management Activities
    • Board of Directors
    • Financial Oversight
  • Day-to-Day Management
    • Setting an Example – Follow all Policies
      • “ Tone at the top”
      • Communicate seriousness of fraud control
    • All Supervisors and Managers Have Responsibilities
    • Enforcement of Policies
      • And reward ethical behavior
    • Responding to Fraud
    • Open-Door Policies
    • Corrective Actions
  • Board of Directors
    • Oversight Responsibilities
    • Establishment of Committees
    • Audit Committee
      • External audit
      • Internal audit
      • Investigative
    • Managing Conflicts of Interest
    • Direct Responsibilities Associated with Upper-Level Fraud
  • Audit Functions
    • External Audit
    • Internal Audit
    • Special Audits and Investigations
  • External Audit
    • Limited to Items That are “Material” to the Financial Statements
      • Provides reasonable assurance that financial statements are free of material misstatement
    • New Audit Standard SAS No. 99 Clarifies and Attempts to Provide Guidance to Auditors, But Does Not Change the Ultimate Level of Assurance You Get From an Audit
  • Internal Audit Function
    • Provides for More Detailed Analysis in Areas or Greatest Risk
    • Need or Degree of Use Varies Based on Complexity & Risks of Organization
    • Important Detective Control
    • Average Loss From Fraud:
      • With Internal Audit Function = $87,500
      • Without = $153,000
  • Financial Oversight
    • Budgeting
      • Establishing budgets
      • Variance analysis
    • Financial Analysis
      • Analysis of financial statements
      • Trend analysis
      • Ratio analysis
      • Benchmarking
  • Budgeting
    • Early and Timely Completion
    • Board Involvement
    • Zero-Based Budgeting
    • Format to Facilitate Analysis
    • Accountability
  • Variance Analysis
    • Timely – Throughout the Year
    • Involve All Who Are Accountable
    • Substantiate Explanations
    • Require Plans for Corrective Action Involving Variances and Projected Variances
    • Consider When Establishing Next Year’s Budget
  • Financial Analysis
    • 4-Step Process
      • Develop Expectation
      • Identify Fluctuations/Variances
      • Investigate Fluctuations
      • Evaluate Likelihood of Fraud
    • Identify Most Reliable Data on Which to Base Expectation
    • Benchmarking & Ratio Analysis
  • Analytical Procedures
    • Reasonableness Testing
      • Particularly useful for income accounts
      • Calculate “expected” revenue using information gathered from independent sources
    • Ratio Analysis
      • Financial
      • Financial and non-financial data
      • Particularly useful for expense accounts and to detect theft of assets (inventory, etc.)