Your SlideShare is downloading. ×
  • Like
The Importance of Internal Controls in Fraud Prevention
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

The Importance of Internal Controls in Fraud Prevention

  • 1,704 views
Published

Presentation made by Ohio Accounting Firm, Rea & Associates, on the how strong internal controls can help Ohio companies deter fraud in the workplace. Special attention is given to the 5 components of …

Presentation made by Ohio Accounting Firm, Rea & Associates, on the how strong internal controls can help Ohio companies deter fraud in the workplace. Special attention is given to the 5 components of internal controls and how to diffuse the traingle of fraud.

Published in Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,704
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
66
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Annual OAPT Conference -Understanding Internal Control & Fraud Prevention October 4, 2012 Presented by: Chad Welty, CPA Principal, Government Services
  • 2. Today…. Five Components of Internal Control Fraud Triangle Fraud Risk Assessment Fraud Statistics Fraud Prevention Tips
  • 3. What is the definition of Internal Control? Internal Control can be defined as the sum of:  An accounting procedure or system designed to promote : • Efficiency and effectiveness • Assure the implementation of a policy • Safeguard of assets • Avoid fraud • Avoid errors
  • 4. Five components of Internal Control Control Environment Risk Assessment Information and Communication Control Activities Monitoring
  • 5. Internal Control - Environment Definition – Management’s attitudes, awareness, and actions concerning the importance of a control.  The Environment sets the “tone” of the entity  Influences the control consciousness of it’s people  Serves as the foundation for all internal control components, providing components, discipline, and structure. The best designed policies and procedures have little hope of being effective without the proper “tone at the top”.  Management must lead by example. Controls are not limited to staff.
  • 6. Internal Control – Risk Assessment Definition – The entity’s identification and analysis of relevant risks to the achievement of its objectives, forming a basis for determining how the risk should be managed.  This is an ongoing process. The risks of yesterday, may not be the risks of today or tomorrow.  Risks must not only be identified, but must be anticipated so they can be avoided or mitigated. (analogy – installation of lights at a railway crossing before an accident occurs). • Managements focus on identifying risk should start with change: – Change in operating environment – Change in personnel – Change in information systems and technology – New programs or services provided – Change in structure
  • 7. Internal Control – Risk Assessment con’t • Management should also focus on the inherent risks – Complexity – Cash receipts – Third-party beneficiaries – Prior problems – Prior unresponsiveness to identified control weaknesses – Payroll withholdings – Fake vendors – Credit/purchase cards – Central garage/storage locations  Proper training, ongoing efforts, responsiveness and commitment to ongoing assessment will strengthen internal controls to ensure a strong framework.
  • 8. Internal Control – Information &Communication Definition – The identification, capturing, and exchange of information in a form and on a timely basis to enable employees to carry out their responsibilities .  Management must be able to obtain reliable information to determine and assess risk and communicate polices and other information to those who need it.  Potential issues effected by information: • The entity’s performance evaluation vs strategy or goal • Impact on efficiency and effectiveness • Management decisions on use of resources (financial or human)  Management can develop the best internal control environment, policies and procedures, etc., however if not properly communicated they may as well not exist. • Written policies and procedures distributed • Training programs established • New hire orientations • Polices posted on websites for easy access
  • 9. Internal Control – Information &Communication con’t  Potential issues facing communication of information: • Effectiveness and efficiency in the performance of the duties of employees • Lack of communication channels available to employees to report suspected improprieties • Untimely information reporting causing reduction in usefulness to make decisions
  • 10. Control Activities Definition – The policies and procedures that help ensure management directives are carried out.  As a result of ongoing risk assessment and the strategies to communicate information, management must develop policies and procedures to carry out and meet the goals and strategies of the entity.  Traditionally, control-related policies and procedures related to finance are classified into one of the following categories: • Authorization • Properly designed records • Security/safeguarding of assets and records • Segregation of duties • Periodic reconciliations • Analytical review
  • 11. Internal Controls - Monitoring Definition – The process used by those charged with governance (management AND the elected taxing authority) to assess the quality of internal control over time.  The best developed control policies and procedures require changes over time as the environment changes.  Not only are controls implemented to reduce/eliminate problems, they should be designed to alert management of a potential problem. Without proper monitoring, these problems could go undetected.
  • 12. Internal Controls – Monitoring con’t The Roles in monitoring internal controls  Who is “ultimately” responsible for internal control? • THE GOVERNING BODY!! – It’s the job of the governing board to ensure that management meets all of it’s responsibilities. – How can this be achieved? Establish an “audit committee” • Audit Committee responsibilities may include independent reviews and oversight of: – Reporting processes – Internal controls – Independent auditors  Who is “primarily” responsible for internal control? • MANAGEMENT!! – Fundamentally a management concern since it uses the tools and techniques in order to achieve managements objectives  Who’s role is it to “validate” the success of designed controls and determine operating effectiveness. • YOUR AUDITORS!!
  • 13. Internal Controls – Inherent Limitations No internal control framework can be perfect. Inherent limitations include:  Management over-ride of controls (policies and procedures)  Collusion  Cost of the control (policy or procedure) should not cost more than the benefit it was expected to achieve  Human judgment can be faulty, human errors and mistakes  Limitation on segregation of duties based on number of employees
  • 14. Cressey’s Fraud Triangle – Concept that dates back over half a century. Generally for fraud to occur, three things must be present: OpportunityPressure/Incentive Rationalization Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 15. Fraud Triangle Pressure – Financial need that is often unwilling to be shared (addictions, debt, etc.) or that emotions have impacted the person (sick child or “keeping up with the Joneses”) Opportunity – The ability to commit a fraudulent activity must exist (weaknesses in internal control or the ability to override them) Rationalization – When a person has the ability to justify their actions (I’m underpaid, I’ll pay it back, or the health of my child is more important)
  • 16. It Could Happen to YouEmbezzlement of Utility PaymentsMissing EvidenceIT Equipment and PurchasesOff-the Books Bank AccountsSee the AOS website for numerous stories and findings
  • 17. What is Fraud Risk Assessment? Proactive approach to mitigating fraud in your organization Analyzing where fraud can occur in your organization Fraud Prevention vs. Fraud Detection  Prevention = Proactive  Detection = Reactive
  • 18. Who is Responsible for Risk Assessment Governing Body  Audit or Finance Committee Mayor/Administrator Finance Director/Treasurer Executive Staff Everyone throughout the Organization– informal lines of communication
  • 19. Definition of Fraud “Intentional perversion of truth in order to induce another to part with something of value or to surrender legal right.” (Mirriam-Webster’s online dictionary) Association of Certified Fraud Examiners (ACFE)  Misrepresentation of material facts  Concealment of material facts  Bribery  Conflicts of Interest  Theft of money and property  Breach of Fiduciary Duty
  • 20. Risk Assessment Includes: Risk Identification Risk Likelihood Significance Assessment Risk Response
  • 21. Risk Identification Risk Identification  Gathering information from both internal and external sources • Brainstorming • Interviews • Analytical Procedures – Trend analysis: vendor example  Where are the inherent risks? • Cash collection points • Lack of oversight
  • 22. Risk Identification cont. Risk Identification  Incentives/Pressures • Budget constraints • Performance Bonuses  Opportunities • Cash collection points • Segregated accounts • Access to create vendors
  • 23. Risk Likelihood Risk Likelihood  More interviews  Historical information  Analyze vendor listing
  • 24. Risk Response Consider cost-benefit How will council/management respond  Increased Training  Surprise Audits  Change in Policy and Procedure
  • 25. Types of cases at risk Government & Public Administration-141 Cases Corruption 50 Billing 33 Expense Reimbursements 19 Non-Cash 27 Larceny 10 Check Tampering 15 Skimming 25 Cash on Hand 12 Payroll 18 Financial Statement Fraud 9 Register Disbursements 4 0 10 20 30 40 50 60Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 26. Who are the perpetrators? Position of Perpetrator-Frequency 42.1% Employee 41.6% 41.0% Manager 2010 37.5% 2012 16.9% Owner/Executive 17.6% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 27. Tenure of Perpetrator 50.0% 45.7% 41.5% 45.0% 40.0% 35.0% 27.2% 30.0% 25.3% 25.4% 23.2% 2010 25.0% 2012 20.0% 15.0% 10.0% 5.9% 5.7% 5.0% 0.0% < 1 Year 1-5 Years 6-10 Years >10 YearsSource: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 28. Schemes from Perpetrators working in Accounting Department Check Tampering 14.9% 29.7% Billing 26.1% 31.1% Skimming 15.7% 22.9% Cash Larceny 11.2% 17.1% Payroll 11.6% 18.4% Cash on Hand 11.4% 17.1% All Cases 16.6% Accounting Expense Reimbursement 13.3% Corruption 25.1% 17.1% Non-Cash 15.4% 5.5% Financial Statement Fraud 7.2% 9.2% Register Disbursements 3.1% 5.1% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 29. Schemes from Perpetrators in Executive or Upper Management Corruption 53.5% 48.7% Billing 32.7% 40.6% Expense Reimbursement 21.4% 29.9% Non-Cash 15.7% 18.3% Payroll 12.6% 16.1% Check Tampering 8.2% 2012 14.3% 20.8% 2010 Financial Statement Fraud 13.8% Skimming 15.1% 13.8% Cash on Hand 13.8% 12.5% Cash Larceny 11.9% 11.6% Register Disbursements 2.5% 1.3% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 30. Behavioral Red Flags Based on Perpetrator’s Position 39.6% Living beyond means 37.2% 32.7% 23.0% Financial dif f iculties 25.0% 30.5% 21.7% Owner/Executive Unusually close association with vendor 27.2% 11.9% Manager Employee 24.3%Control issues, unwillingness to share duties 23.4% 11.2% 26.0% Wheeler-dealer attitude 16.8% 8.3% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 31. Behavioral Red Flags Behavioral Red Flag Percent of Cases Living beyond means 35.6% Financial Difficulties 27.1% Unusually close association 19.2% with vendor Control 18.2% Issues, Unwillingness to Share Duties Divorce/Family Problems 14.8% Wheeler-Dealer Attitude 14.8% Irritability, Suspiciousness or 12.6% DefensivenessSource: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 32. Behavioral Red Flags Behavioral Red Flag Percent of Cases Addiction problems 8.4% Past-employment-related 8.1% problems Complained about 7.9% inadequate pay Refusal to Take Vacations 6.5% Excessive Pressure from 6.5% Within Organization Past Legal Problems 5.3%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  • 33. Billing Schemes False invoicing through a shell company Personal purchases with government funds False invoicing through an established vendor
  • 34. False Invoicing Fake invoice – no service or product exchange www.customreceipt.com
  • 35. Fake invoices many times lack information Street address – PO box only Phone number Good description Logo Packing slip for products purchased Shipping destination for products Invoice numbers are sequential
  • 36. Vendor Files What needs done to vendor’s files  Clean vendor file annually  Vendor approval process  Training  Google new vendor requests  IT controls limiting access
  • 37. Employee Expense Reimbursements – Whatto look for: Lack of invoice Fake invoices Lack of detail on invoices Wrong mileage False mileage Personal expenses Alcohol Per diems with no detailed receipts required
  • 38. Effective Fraud Deterrents Written Fraud Policy  Policy sets expectations • Zero Tolerance  Review and sign-off by each employee for personnel file  Include Reporting Process • Whistleblower Protection • Issues addressed consistently and timely Ethics Policy, Conflict of Interest Policy Training Continuous Risk Assessment
  • 39. Steps to Reduce Fraud Risk Fraud risk analysis performed Educate Tone at the Top Conflict Disclosures (Council and Management) Establish whistle-blower hotlines Rotation of job duties Zero tolerance Background checks for new hires – don’t hire crooks Keep eyes and ears open regarding employee behavior Discuss concerns with auditors Establish effective Internal Audit division Use of Data Mining Software Surprise audits
  • 40. Highlights Understand the Five Components of Internal Control Everyone is responsible for effective and efficient control development and/or application Train your Team(s) Ongoing evaluation of controls and fraud risk assessment Fraud Statistics Fraud Prevention tips Trust is never a control!
  • 41. Annual OAPT Conference -Understanding Internal Controls & Fraud Prevention October 4, 2012 QUESTIONS???