2. What is Fraud in the Workplace?
Occupational fraud and abuse is the use of one’s
occupation for personal enrichment and can result from
misconduct of employees, managers and/or officers.
Common Asset Misappropriation Schemes –
Payroll fraud
Check tampering
Skimming
Expense account schemes
Fraudulent disbursements
False billing
Larceny
Inventory theft
ASWA - Huntsville 2012
8. 41% of perpetrators are employees; 38% of perpetrators are managers
Median losses of frauds by employees = $60,000; by managers = $182,000
Frauds lasted a median of 18 months before being detected
38% of perpetrators were between the ages of 36 and 45
Median losses by gender: Males $200,000; by female fraudsters $91,000
Executive/upper management caused largest fraud losses
49% of victim organizations in the study had not recovered any losses due
to fraud
ASWA - Huntsville 2012
12. To n e a t t h e To p
Management’s behavior creates an environment in the
company - that environment can breed or condone
fraudulent activity.
Tips for management:
Create and promote a comprehensive fraud policy
Implement an entity specific code of ethics
Consider a reporting hotline
ASWA - Huntsville 2012
13. An organizational wide Fraud Policy can send a
clear message that workplace fraud will not be
tolerated.
Scope of Policy
Identify Behavior That Constitute Fraud
Assign Responsibility for Fraud Investigation
Reiterate Confidentiality
Develop Procedures for Reporting Fraud
Consequences and Corrective Action
ASWA - Huntsville 2012
14. Ethical
Mind
Legal Moral
Set &
Behavior
ASWA - Huntsville 2012
15. According to ACFE Reduces Fraud by 50%
Effective Method of Deterrence
SOX requires anonymity for whistleblowers
Outsourcing to third parties is an option
24 Hours/365
Skilled Interviewer
ASWA - Huntsville 2012
16. No two organization are exactly alike!
Knowing your company-specific risk factors
can help in fraud prevention.
Size
Types of products and services
Ownership
Financing
Banking relationships
Financial reporting requirements
ASWA - Huntsville 2012
17. Human Resources practices and procedures
can be very effective tools in the effort to
prevent Workplace Fraud
Verify references, work experience and
education
Criminal records checks
Annual employee evaluations
Permission for drug, criminal and financial
checks if company policy or position
requires
ASWA - Huntsville 2012
18. Internal Controls
A thoughtfully designed and effectively
implemented internal control structure is essential
to prevent ongoing and pervasive Workplace Fraud
from occurring and going undetected.
Segregation of duties between recording, asset
custody and reporting
Supervision and oversight by management and
board of directors
External checks
Monitoring to make sure internal controls
continue to work over time
ASWA - Huntsville 2012
20. Your company’s digital assets are perhaps
some of its most valuable. Help shield them from
Workplace Fraud with effective IT controls in
place.
Physical access to servers and computer
center controlled
Passwords secure and regularly changed
Access only to necessary software
modules
Computer records maintained of log-ins;
Reports generated of failed log-in attempts
and maximum limit on number of log-in
attempts
ASWA - Huntsville 2012
26. Behavioral Red Flags Exhibited
81% of fraudsters exhibited at least one of the listed
behavioral red flags:
36% Living beyond their means
27% with financial difficulties
19% with unusually close associations with vendors
or customers
18% had excessive control issues with their duties
ASWA - Huntsville 2012
28. Analytical Red Flags
Recurring negative cash flows from operations
Unusual general journal entries or unusual
transactions, especially close to end of a period
Significant related party transactions not in the
ordinary course of business
Abnormal profitability when compared to similar
companies in the same industry
Abnormal gross profit margin or growth in gross
profit margin when compared to similar companies in
the same industry
Management override
ASWA - Huntsville 2012
29. Other Data Analytics
Trend analysis – comparison to prior periods
Comparison to forecasts, budgets
Vertical and horizontal ratio analysis
Correlation analysis
Searches for duplicates
Compliance verification
Aging
Benford’s law
Beneish m-score model
Dechow-Dichev accrual quantity
ASWA - Huntsville 2012
30. Duplicate payments tests
Benford’s Law analysis
Rounded amount invoices
Invoices just below approval levels
Abnormal invoice volume activity
Rapid increase
High variance
Vendors with sequential invoice Numbers or where
numbers and dates are inconsistent
Merge vendor and employee files
ASWA - Huntsville 2012
33. What is OPSEC?
Military term • Analytic process used to deny an
meaning adversary information
Operational
Security • Risk assessment tool
Universal • Examines day-to-day activities
concepts • Controls information
• Equally applicable to individuals
Applied in any and businesses in general
environment
• Identifies security risks
ASWA - Huntsville 2012
34. OPSEC Is Not:
An expensive
A strict set of
and time-
rules and
consuming
procedures
process
Used only by
the
government or
military
ASWA - Huntsville 2012
35. Consequences
Loss of customer trust and business
Possible law suits
Legal issues
Gramm-Leach-Bliley Act
Fair Credit Reporting Act
Federal Trade Commission Act
Health Insurance Portability and Accountability
Act (HIPPA)
Family Educational Rights and Privacy Act
Drivers Privacy Protection Act
Privacy Laws
State Laws
ASWA - Huntsville 2012
36. Bottom Line – Companies
must develop and maintain
reasonable procedures to
protect sensitive information
ASWA - Huntsville 2012
37. You and Your Employees
Know the Know what
threat to protect
Know how
to protect
ASWA - Huntsville 2012
38. Know the Threat-Who
Adversary – the Bad Guy
Terrorist groups
Criminals
Organized crime
Hackers/Crackers
Insider threats – generally more costly and often
overlooked
ASWA - Huntsville 2012
39. What to do if you have
suspicions
ASWA - Huntsville 2012
40. What resources do you have at your disposal for
guidance
Outside CPAs
Attorney
Internal audit
Law enforcement
ASWA - Huntsville 2012
41. Legal restrictions and ramifications
Does your company require employees
sign a fraud policy statement
Chain of custody of documents, paper
and otherwise
Suspect’s rights to privacy – Their work
area
Interview do’s and don'ts
ASWA - Huntsville 2012
42. What a CFE can do if you have
suspicions
Investigate on behalf of the board of directors
Conduct interviews
Perform data analysis, data mining
Search computer records
Search sources of outside information related to
the suspect
ASWA - Huntsville 2012
43. Sources
Cornell University IT: Phish Bowl
www.it.cornell.edu/security/safety/phishbowl.cfm
Protect your business by understanding common
social engineering techniques, Small Business Blog
http://googlesmb.blogspot.com/2012/04/protect-your-
business-by-understanding.html
Microsoft
www.microsoft.com/security/online-privacy/phishing-
symptoms.aspx
ASWA - Huntsville 2012
44. Contact Info
Sharon P. Hamrick, CPA•CFF, CFE
Senior Manager, Decosimo Advisory
Services
sharonhamrick@decosimo.com
www.linkedin.com/in/sharonhamrick
423-756-7100
The contents and opinions contained in this article are for informational purposes only. The information is
not intended to be a substitute for professional accounting counsel. Always seek the advice of your
accountant or other financial planner with any questions you may have regarding your financial goals.
ASWA - Huntsville 2012