McKonly & Asbury Webinar - Skimming: What the Auditor's Miss


Published on

We had another great webinar presented by Dave Hammarberg (Director of IT and Consulting Senior Manager) and Jim Shellenberger (Senior Manager) with McKonly & Asbury! Thank you to everyone that attended and received CPE credit.

We discussed what skimming is and went into a discussion of several examples and how to detect and prevent your organization from becoming a victim of skimming.

Check out our Upcoming Events page for news and updates on our future seminars and webinars.

For more information on this topic or to submit a question for Dave or Jim, use our contact page at

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • An audit involves performing procedures to obtain audit evidence about amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the Partnership’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Partnership’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.
  • Management of the entity and those charged with its governance have the primary responsibility for the prevention and detection of fraud.
  • Audit standards explicitly recognize that some misstatements might not be detected in a GAAS audit due to the inherent limitations of audits. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one from error due to attempts to conceal its detection. ( AU-C 240.05 -.06) Fraud may involve sophisticated and carefully organized ways to conceal it, deliberate failures to record transactions, or deliberate misrepresentations to the auditor.
  • Fraudulent Financial Reporting – Intentional misstatement, including omissions of amounts or disclosures, in the financial statements. “Cooking the books” Misappropriation of Assets – involves the theft of a company’s assets resulting in materially misstated financial statements. (i.e. Stealing)
  • Skepticism - Maintaining professional skepticism includes considering that there is a possibility of material misstatement due to fraud, regardless of the auditor's past experience with the honesty and integrity of the management and those charged with governance. Required to investigate and disclose if something doesn’t feel right Investigate responses that are inconsistent, vague, implausible, or otherwise unsatisfactory Engagement team brainstorming session - how and where the financial statements might be materially misstated due to fraud, how such a fraud might be perpetrated and concealed, and how assets could be misappropriated. Has to involve the partner Should ignore beliefs about the honesty and integrity of the client Ask a lot of “what if” questions Discuss known internal or external factors that might incentive, opportunity, or rationalization for committing fraud. Discuss management override of controls Inquires – Management, Internal Auditors (if any), Those Charged With Governance (different than management. i.e. Board, significant shareholders, general partner.) Actual, alleged, or suspected fraud Their views of where the financial statements could be materially misstatement due to fraud How management and others identify, respond to, and monitor risks of fraud Financial statement auditors are directed to “step outside” just the accounting department Assessing Fraud Risk – at the financial statement level, and at the assertion level for classes of transactions, account balances, and disclosures. Important: Not a conclusion about the level of fraud risk. Consider analytical procedures, including required Revenue Recognition Risk - Examples of inappropriate revenue recognition are recording fictitious revenues, prematurely recording revenue, or improperly shifting it to a later period. Audit procedures relevant to this risk include confirming certain contract terms with customers and observing shipments and performing appropriate sales cutoff procedures.
  • Respond to Fraud Risk Appropriately assign and supervise staff. Use of specialized staff with certain skills Evaluate client’s selection and use of accounting policies…especially those that involve complex transactions, measurements, estimates Unpredictability – testing different accounts, new locations, different sampling methods, etc. Obtaining more audit evidence from independent third parties Computer assisted audit techniques to gather more extensive evidence Inquiring of non financial personnel Testing transactions at or near the end of the reporting period Increasing sample sizes More detailed analytical procedures A risk of management override of controls exists in all entities because management is in a unique position to manipulate accounting records and prepare fraudulent financial statements. Test journal entries Review accounting estimates for bias Evaluate business rationale for significant transactions Journal Entry Testing Understanding of the entity’s process and controls for journal entries Inquire of individuals about inappropriate or unusual journal entry activity Select journal entries or adjustments made near the end of a reporting period Professional judgement is used to determine the nature, timing, and extent of journal entry testing. Many factors. Communicate If the auditor has identified fraud or obtained information that fraud may exist, communicate it to an appropriate level of management as soon as practicable, even if the matter is inconsequential. Communication to those charged with governance (board) fraud matters
  • Example, bookkeepers writing checks to themselves Substantive tests of the cash balance recorded in the financial statements may not be sufficient to respond to a material risk of fraudulent cash disbursements Consider the client's controls over disbursements: Segregation of duties and effective management oversight (for example, the owner/manager receives the bank statement unopened). Authorization and approval of transactions (for example, in purchasing or payroll disbursements) After considering controls, and in the auditor’s judgment, the risk that fraudulent disbursements could be material to the financial statements, an additional audit response is necessary. Auditors could perform all or some of following procedures : Performing extended analytical procedures on expense accounts. Reviewing selected disbursements for unusual payees, signatures, or endorsements. Reviewing vendor lists for unusual patterns. Reviewing payroll registers for unusual items. Performing paymaster procedures (that is, distributing payroll checks or observing their distribution). Proof of cash. Communication to those charged with governance regarding any significant deficiencies in internal control and if the results of the testing indicated that a fraud may have occurred.
  • McKonly & Asbury Webinar - Skimming: What the Auditor's Miss

    2. 2. / 13 / 2503
    3. 3. / 13 / 2503
    5. 5. A BIT ABOUT US Jim Shellenberger  Senior Manager  Audit Dave Hammarberg  Director of IT/Sr. Mgr.  Accounting and Fraud Certification
    6. 6. ABOUT MCKONLY & ASBURY• Audit, Tax, and Risk Management Firm.• Regional presence in Pennsylvania.• Clients ranging from large construction, manufacturing, and other industries.• Special capabilities in the risk management area.• Best Places to Work and Best Accounting Firm.
    8. 8. FINANCIAL STATEMENT AUDIT• Performed in accordance with auditing standards generally accepted in the United States of America• Statement on Auditing Standards No. 99  Issued by AICPA in 2002  Effective for audits of financial statements for periods beginning on or after December 15, 2002
    9. 9. AUDITOR’S RESPONSIBILITY• Plan and perform the financial statement audit to obtain reasonable assurance that the financial statements are free of material misstatement caused by:  Errors (unintentional misstatements or omissions)  Fraud (intentional misstatements or omissions)  Noncompliance with laws and regulations
    10. 10. MANAGEMENT’S RESPONSIBILITYFrom Independent Auditor’s Report: Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
    11. 11. FINANCIAL STATEMENT FRAUD DEFINED• An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception that results in a misstatement in financial statements that are subject of an audit. (AU-C-240.11)Although auditor may suspect or identify the occurrence of fraud, auditor does not make a legal determination of whether fraud has actually occurred.
    12. 12. TYPES OF FRAUD IN A FINANCIAL STATEMENT AUDITFraudulent Financial Reporting Misappropriation of Assets• Deceive financial statement users • Embezzling receipts• Manipulation of accounting records • Stealing physical assets or intellectual and supporting documents property• Misrepresentation or intentional • Using company’s assets for personal omissions of events, transactions, or use facts• Management override of controls • Usually accompanied by false or misleading records
    13. 13. AUDITOR’S “FRAUD” OBJECTIVES IN A FINANCIALSTATEMENT AUDIT• Identify and assess the risks of material misstatement of the financial statements due to fraud• Design and implement appropriate responses to the assessed risks of material misstatement due to fraud and obtain sufficient appropriate audit evidence• Appropriately respond to identified or suspected fraud
    14. 14. FRAUD REQUIREMENTS DURING A FINANCIALSTATEMENT AUDIT• Maintain Professional Skepticism• Engagement Team “Brainstorming” Discussion• Inquires of Management and Others• Assess Fraud Risk  Preliminary analytical procedures, including procedures related to revenue  Other information obtained (not just inquires and brainstorming)  Presumption that there is a risk of material misstatement due to fraud relating to revenue recognition
    15. 15. FRAUD REQUIREMENTS DURING A FINANCIALSTATEMENT AUDIT• Respond to Fraud Risk  Incorporate element of unpredictability  Can include test of controls, or substantive procedures• Management Override of Controls  Journal entry testing• Evaluate Audit Evidence and Identified Misstatements for Indication of Fraud• Communicate
    16. 16. COMMON EXAMPLE• Unauthorized Disbursements• Common to many business, often due to a lack of segregation of duties• If there is risk of material misstatement, audit response is required.
    18. 18. WHAT DOES A FRAUD ENGAGEMENT ORINVESTIGATION COVER?• No two fraud engagement are alike• Usually a fraud engagement will focus around a specific area of the organization where irregularities were found.• Usually evidence found in a fraud engagement will guide the rest of the engagement.• Misallocation or Reporting Fraud.
    19. 19. SKIMMING – AN AREA OF FRAUD THAT MAY NOTBE UNCOVERED DURING A NORMAL AUDITWikipedia definition A form of white-collar crime, skimming is a slang term that refers to taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total; the formal legal term is defalcation Skimming is the theft of money before it has been recorded in the books of a business as being received. Skimming sales is the theft of money received from a sale of goods or services before it has been recorded. The sales part of the name is simply a description of what money is targeted (sales) and the skimming part is a description of when the attack takes place (before recording). A different fraud - usually a billing fraud - is necessary once the receipt has been recorded and banked.
    20. 20. SKIMMING FACTS• Skimming frauds are never meant to be discovered or paid back.• In some cases frauds do not need to be hidden, and this is one of those cases. This will depend on the controls over inventory or whether a good or service was sold.• Gateway Fraud – this type of fraud often leads to larger more extensive frauds.
    21. 21. SKIMMING FACTS (CONT.)• Hard to detect – often times cash is taken prior to the recording of the transaction.• Most common fraud in a cash business• If a business owner fails to "ring up" a transaction and pockets the cash the crime becomes tax evasion.
    22. 22. SKIMMING FACTS (CONT.)• Skimming may additionally be the direct theft of the cash.• In addition to hiding it from tax authorities, the perpetrator hides the taking from an employer, business partners, or shareholders.• Other related usages can include things such as corrupt government officials in a poor country "skimming" cash received as foreign aid.
    23. 23. EXAMPLES OF SKIMMING• School store• Ice Cream Parlor• Bar
    24. 24. HOW TO DETECT SKIMMING• Company Hotline• Surveillance• Comparisons/Trending
    25. 25. HOW TO PREVENT SKIMMING• Training• Company Hotline• Surveillance• Job rotation• Segregation of duties
    26. 26. OBSERVATIONS• Money/cash is vulnerable to fraud whenever it is handled by employees.• Attacks on receipts can occur at any point of the business cycle. The two major areas are: • (a) where sales (cash or otherwise) are made; and • (b) where debtors receipts are collected.• Businesses without proper controls and those that are too reliant upon (trusting) one or a few employees handling money and recording transactions provide an opportunity for this fraud.• Thefts can be hidden by the lapping of a series individual frauds, each covering the last. Lapping is most easily uncovered by separating or rotating duties amongst employees, thus taking away the opportunity of the fraudster to continue with the scheme.
    27. 27. ANOTHER TYPE OF SKIMMING: CREDIT CARD FRAUD(OFTEN REPORTED BY THE MEDIA)• Skimming has been described as one of the most significant problems facing the credit card industry, as it can happen anywhere a credit card is accepted.• The best way for consumers to protect themselves from skimming is by paying attention to the details of credit card usage.
    28. 28. SKIMMING – CREDIT CARD FRAUD (CONT.)• When a credit card is skimmed, data on the card, including the account number, is electronically transmitted or stored.• The credit card information can then be encoded onto a lost, stolen, or counterfeit credit card and used anywhere in the world.• The best way for consumers to protect themselves from skimming is by paying attention to the details of credit card usage.
    29. 29. CREDIT CARD FRAUD SKIMMING EXAMPLES• A collusive store employee completes a valid sale, and then captures a second (unauthorized) swipe covertly on a portable device before returning the card to the cardholder.• A skimming device is added to the front of an ATM or gas pump and captures the credit card information as the consumer attempts to use the machine.• A skimming device is added inside an ATM or gas pump and captures information during a valid transaction. In many cases a covert camera is also set up to capture the card holder’s personal identification (PIN) number.
    30. 30. ATM SKIMMING FRAUD SUSPECTEDIN LAKE FOREST• Someone installed a hidden “skimming” device on a Lake Forest, IL ATM to steal private information from bank customers, Lake Forest police announced Thursday February 7, 2013.• Police said the device likely was attached to an ATM in the lobby of Northern Trust Bank, 265 E. Deerpath Rd. Police said it recorded customers’ account numbers, PIN numbers or both during the last two to three months.• That information was then used to make fraudulent withdrawals at numerous ATMs in the Chicago area, police said in a release.• Deputy Police Chief Karl Walldorf said the device was removed before bank officials could recover it.
    31. 31. FOUR CHARGED IN MCDONALDS CREDIT CARDSKIMMING SCAMWould you like some fraud with that?• Four men have been charged with using a handheld skimming device to clone nearly 300 cards from customers at a Tulsa, Okla., McDonalds. The alleged crooks, the Associated Press reported, enlisted an unnamed employee at a South Zurich Avenue outpost of the fast food chain to capture the customers card numbers for three weeks.• Daniel Jefferson, 20, allegedly gave the McDonalds employee the skimming device, and came to the employees apartment after work each day to download the skimmed credit card numbers — about 282 of them — onto a laptop. He then cloned the cards and used the new fraudulent ones to buy iPads and laptops.
    32. 32. WHAT DOES CREDIT CARD SKIMMING MEAN FOR YOURBUSINESS?• Loss of business due to a bad reputation.• Potential legal action by customers
    33. 33. HOW TO PREVENT CREDIT CARD FRAUD SKIMMING FORYOUR BUSINESS• Surveillance cameras at each cash registers.• Dummy cameras at each cash registers.• Training for employees• Fraud hotlineNote: This fraud is difficult to stop if employees are determined to profit from the information they have access to (credit card numbers).
    34. 34. HOW CAN YOU PREVENT OR DETECT CREDIT CARD FRAUDSKIMMING FOR YOURSELF?• Ensure your credit card is swiped only once at a register.• Conceal your PIN as you enter it into an ATM or credit card reader.• Subscribe to a service that checks your credit. (LifeLock)• Review your credit card statements.
    35. 35. / 13 / 2503
    36. 36. QUESTIONS Jim Shellenberger  Senior Manager  Audit Dave Hammarberg  Director of IT/Sr. Mgr.  Accounting and Fraud Certification
    37. 37. / 13 / 2503