Preventing and Detecting Fraud in the Workplace

Sharon P. Hamrick, CPA, CFF, CFE
Senior Manager, Decosimo

ASWA - Huntsville 2012

 What is Fraud in the Workplace?
 Occupational fraud and abuse is the use of one’s
occupation for personal enrichment and can result from
misconduct of employees, managers and/or officers.

Common Asset Misappropriation Schemes –

 Payroll fraud
 Check tampering
 Skimming
 Expense account schemes
 Fraudulent disbursements
 False billing
 Larceny
 Inventory theft


 41% of perpetrators are employees; 38% of perpetrators are managers
 Median losses of frauds by employees = $60,000; by managers = $182,000
 Frauds lasted a median of 18 months before being detected
 38% of perpetrators were between the ages of 36 and 45
 Median losses by gender: Males $200,000; by female fraudsters $91,000
 Executive/upper management caused largest fraud losses
 49% of victim organizations in the study had not recovered any losses due
to fraud


Opportunities

Fraud
Incentives/Pressures Rationalization


To n e a t t h e To p
 Management’s behavior creates an environment in the
company - that environment can breed or condone
fraudulent activity.

 Tips for management:

 Create and promote a comprehensive fraud policy

 Implement an entity specific code of ethics

 Consider a reporting hotline


 An organizational wide Fraud Policy can send a
clear message that workplace fraud will not be
tolerated.

 Scope of Policy
 Identify Behavior That Constitute Fraud
 Assign Responsibility for Fraud Investigation
 Reiterate Confidentiality
 Develop Procedures for Reporting Fraud
 Consequences and Corrective Action


Ethical
Mind
Legal Moral
Set &
Behavior


 According to ACFE Reduces Fraud by 50%
 Effective Method of Deterrence
 SOX requires anonymity for whistleblowers
 Outsourcing to third parties is an option
 24 Hours/365
 Skilled Interviewer


 No two organization are exactly alike!
 Knowing your company-specific risk factors
can help in fraud prevention.

 Size
 Types of products and services
 Ownership
 Financing
 Banking relationships
 Financial reporting requirements


 Human Resources practices and procedures
can be very effective tools in the effort to
prevent Workplace Fraud

 Verify references, work experience and
education
 Criminal records checks
 Annual employee evaluations
 Permission for drug, criminal and financial
checks if company policy or position
requires


Internal Controls
 A thoughtfully designed and effectively
implemented internal control structure is essential
to prevent ongoing and pervasive Workplace Fraud
from occurring and going undetected.

 Segregation of duties between recording, asset
custody and reporting
 Supervision and oversight by management and
board of directors
 External checks
 Monitoring to make sure internal controls
continue to work over time

 Your company’s digital assets are perhaps
some of its most valuable. Help shield them from
Workplace Fraud with effective IT controls in
place.

 Physical access to servers and computer
center controlled
 Passwords secure and regularly changed
 Access only to necessary software
modules
 Computer records maintained of log-ins;
 Reports generated of failed log-in attempts
and maximum limit on number of log-in
attempts

Saves Money
Creates Fraud Awareness
Enhanced Reputation
Compliance with SOX


Behavioral Red Flags Exhibited
 81% of fraudsters exhibited at least one of the listed
behavioral red flags:
 36% Living beyond their means

 27% with financial difficulties

 19% with unusually close associations with vendors
or customers

 18% had excessive control issues with their duties


Analytical Red Flags
 Recurring negative cash flows from operations
 Unusual general journal entries or unusual
transactions, especially close to end of a period
 Significant related party transactions not in the
ordinary course of business
 Abnormal profitability when compared to similar
companies in the same industry
 Abnormal gross profit margin or growth in gross
profit margin when compared to similar companies in
the same industry
 Management override


Other Data Analytics
 Trend analysis – comparison to prior periods
 Comparison to forecasts, budgets
 Vertical and horizontal ratio analysis
 Correlation analysis
 Searches for duplicates
 Compliance verification
 Aging
 Benford’s law
 Beneish m-score model
 Dechow-Dichev accrual quantity


 Duplicate payments tests
 Benford’s Law analysis
 Rounded amount invoices
 Invoices just below approval levels
 Abnormal invoice volume activity
 Rapid increase
 High variance
 Vendors with sequential invoice Numbers or where
numbers and dates are inconsistent
 Merge vendor and employee files


Examples of Phishing Emails


What is OPSEC?
Military term • Analytic process used to deny an
meaning adversary information
Operational
Security • Risk assessment tool

Universal • Examines day-to-day activities
concepts • Controls information

• Equally applicable to individuals
Applied in any and businesses in general
environment
• Identifies security risks


OPSEC Is Not:
An expensive
A strict set of
and time-
rules and
consuming
procedures
process

Used only by
the
government or
military


Consequences
Loss of customer trust and business

Possible law suits

Legal issues

 Gramm-Leach-Bliley Act
 Fair Credit Reporting Act
 Federal Trade Commission Act
 Health Insurance Portability and Accountability
Act (HIPPA)
 Family Educational Rights and Privacy Act
 Drivers Privacy Protection Act
 Privacy Laws
 State Laws


Bottom Line – Companies
must develop and maintain
reasonable procedures to
protect sensitive information


You and Your Employees

Know the Know what
threat to protect

Know how
to protect

Know the Threat-Who
Adversary – the Bad Guy

Terrorist groups

Criminals

Organized crime

Hackers/Crackers
Insider threats – generally more costly and often
overlooked


What to do if you have
suspicions


What resources do you have at your disposal for
guidance

Outside CPAs
Attorney
Internal audit
Law enforcement


Legal restrictions and ramifications

Does your company require employees
sign a fraud policy statement

Chain of custody of documents, paper
and otherwise

Suspect’s rights to privacy – Their work
area

Interview do’s and don'ts


What a CFE can do if you have
suspicions
Investigate on behalf of the board of directors

Conduct interviews

Perform data analysis, data mining

Search computer records
Search sources of outside information related to
the suspect


Sources
 Cornell University IT: Phish Bowl
 www.it.cornell.edu/security/safety/phishbowl.cfm
 Protect your business by understanding common
social engineering techniques, Small Business Blog
 http://googlesmb.blogspot.com/2012/04/protect-your-
business-by-understanding.html
 Microsoft
 www.microsoft.com/security/online-privacy/phishing-
symptoms.aspx


Contact Info

Sharon P. Hamrick, CPA•CFF, CFE
Senior Manager, Decosimo Advisory
Services
sharonhamrick@decosimo.com
www.linkedin.com/in/sharonhamrick

423-756-7100

The contents and opinions contained in this article are for informational purposes only. The information is
not intended to be a substitute for professional accounting counsel. Always seek the advice of your
accountant or other financial planner with any questions you may have regarding your financial goals.


Preventing and Detecting Fraud in the Workplace

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Preventing and Detecting Fraud in the Workplace

Similar to Preventing and Detecting Fraud in the Workplace (20)

More from DecosimoCPAs

More from DecosimoCPAs (20)

Recently uploaded

Recently uploaded (20)

Preventing and Detecting Fraud in the Workplace