Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Importance of Internal Controls in Fraud Prevention

5,075 views

Published on

Presentation made by Ohio Accounting Firm, Rea & Associates, on the how strong internal controls can help Ohio companies deter fraud in the workplace. Special attention is given to the 5 components of internal controls and how to diffuse the traingle of fraud.

Published in: Business
  • Be the first to comment

The Importance of Internal Controls in Fraud Prevention

  1. 1. Annual OAPT Conference -Understanding Internal Control & Fraud Prevention October 4, 2012 Presented by: Chad Welty, CPA Principal, Government Services
  2. 2. Today…. Five Components of Internal Control Fraud Triangle Fraud Risk Assessment Fraud Statistics Fraud Prevention Tips
  3. 3. What is the definition of Internal Control? Internal Control can be defined as the sum of:  An accounting procedure or system designed to promote : • Efficiency and effectiveness • Assure the implementation of a policy • Safeguard of assets • Avoid fraud • Avoid errors
  4. 4. Five components of Internal Control Control Environment Risk Assessment Information and Communication Control Activities Monitoring
  5. 5. Internal Control - Environment Definition – Management’s attitudes, awareness, and actions concerning the importance of a control.  The Environment sets the “tone” of the entity  Influences the control consciousness of it’s people  Serves as the foundation for all internal control components, providing components, discipline, and structure. The best designed policies and procedures have little hope of being effective without the proper “tone at the top”.  Management must lead by example. Controls are not limited to staff.
  6. 6. Internal Control – Risk Assessment Definition – The entity’s identification and analysis of relevant risks to the achievement of its objectives, forming a basis for determining how the risk should be managed.  This is an ongoing process. The risks of yesterday, may not be the risks of today or tomorrow.  Risks must not only be identified, but must be anticipated so they can be avoided or mitigated. (analogy – installation of lights at a railway crossing before an accident occurs). • Managements focus on identifying risk should start with change: – Change in operating environment – Change in personnel – Change in information systems and technology – New programs or services provided – Change in structure
  7. 7. Internal Control – Risk Assessment con’t • Management should also focus on the inherent risks – Complexity – Cash receipts – Third-party beneficiaries – Prior problems – Prior unresponsiveness to identified control weaknesses – Payroll withholdings – Fake vendors – Credit/purchase cards – Central garage/storage locations  Proper training, ongoing efforts, responsiveness and commitment to ongoing assessment will strengthen internal controls to ensure a strong framework.
  8. 8. Internal Control – Information &Communication Definition – The identification, capturing, and exchange of information in a form and on a timely basis to enable employees to carry out their responsibilities .  Management must be able to obtain reliable information to determine and assess risk and communicate polices and other information to those who need it.  Potential issues effected by information: • The entity’s performance evaluation vs strategy or goal • Impact on efficiency and effectiveness • Management decisions on use of resources (financial or human)  Management can develop the best internal control environment, policies and procedures, etc., however if not properly communicated they may as well not exist. • Written policies and procedures distributed • Training programs established • New hire orientations • Polices posted on websites for easy access
  9. 9. Internal Control – Information &Communication con’t  Potential issues facing communication of information: • Effectiveness and efficiency in the performance of the duties of employees • Lack of communication channels available to employees to report suspected improprieties • Untimely information reporting causing reduction in usefulness to make decisions
  10. 10. Control Activities Definition – The policies and procedures that help ensure management directives are carried out.  As a result of ongoing risk assessment and the strategies to communicate information, management must develop policies and procedures to carry out and meet the goals and strategies of the entity.  Traditionally, control-related policies and procedures related to finance are classified into one of the following categories: • Authorization • Properly designed records • Security/safeguarding of assets and records • Segregation of duties • Periodic reconciliations • Analytical review
  11. 11. Internal Controls - Monitoring Definition – The process used by those charged with governance (management AND the elected taxing authority) to assess the quality of internal control over time.  The best developed control policies and procedures require changes over time as the environment changes.  Not only are controls implemented to reduce/eliminate problems, they should be designed to alert management of a potential problem. Without proper monitoring, these problems could go undetected.
  12. 12. Internal Controls – Monitoring con’t The Roles in monitoring internal controls  Who is “ultimately” responsible for internal control? • THE GOVERNING BODY!! – It’s the job of the governing board to ensure that management meets all of it’s responsibilities. – How can this be achieved? Establish an “audit committee” • Audit Committee responsibilities may include independent reviews and oversight of: – Reporting processes – Internal controls – Independent auditors  Who is “primarily” responsible for internal control? • MANAGEMENT!! – Fundamentally a management concern since it uses the tools and techniques in order to achieve managements objectives  Who’s role is it to “validate” the success of designed controls and determine operating effectiveness. • YOUR AUDITORS!!
  13. 13. Internal Controls – Inherent Limitations No internal control framework can be perfect. Inherent limitations include:  Management over-ride of controls (policies and procedures)  Collusion  Cost of the control (policy or procedure) should not cost more than the benefit it was expected to achieve  Human judgment can be faulty, human errors and mistakes  Limitation on segregation of duties based on number of employees
  14. 14. Cressey’s Fraud Triangle – Concept that dates back over half a century. Generally for fraud to occur, three things must be present: OpportunityPressure/Incentive Rationalization Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  15. 15. Fraud Triangle Pressure – Financial need that is often unwilling to be shared (addictions, debt, etc.) or that emotions have impacted the person (sick child or “keeping up with the Joneses”) Opportunity – The ability to commit a fraudulent activity must exist (weaknesses in internal control or the ability to override them) Rationalization – When a person has the ability to justify their actions (I’m underpaid, I’ll pay it back, or the health of my child is more important)
  16. 16. It Could Happen to YouEmbezzlement of Utility PaymentsMissing EvidenceIT Equipment and PurchasesOff-the Books Bank AccountsSee the AOS website for numerous stories and findings
  17. 17. What is Fraud Risk Assessment? Proactive approach to mitigating fraud in your organization Analyzing where fraud can occur in your organization Fraud Prevention vs. Fraud Detection  Prevention = Proactive  Detection = Reactive
  18. 18. Who is Responsible for Risk Assessment Governing Body  Audit or Finance Committee Mayor/Administrator Finance Director/Treasurer Executive Staff Everyone throughout the Organization– informal lines of communication
  19. 19. Definition of Fraud “Intentional perversion of truth in order to induce another to part with something of value or to surrender legal right.” (Mirriam-Webster’s online dictionary) Association of Certified Fraud Examiners (ACFE)  Misrepresentation of material facts  Concealment of material facts  Bribery  Conflicts of Interest  Theft of money and property  Breach of Fiduciary Duty
  20. 20. Risk Assessment Includes: Risk Identification Risk Likelihood Significance Assessment Risk Response
  21. 21. Risk Identification Risk Identification  Gathering information from both internal and external sources • Brainstorming • Interviews • Analytical Procedures – Trend analysis: vendor example  Where are the inherent risks? • Cash collection points • Lack of oversight
  22. 22. Risk Identification cont. Risk Identification  Incentives/Pressures • Budget constraints • Performance Bonuses  Opportunities • Cash collection points • Segregated accounts • Access to create vendors
  23. 23. Risk Likelihood Risk Likelihood  More interviews  Historical information  Analyze vendor listing
  24. 24. Risk Response Consider cost-benefit How will council/management respond  Increased Training  Surprise Audits  Change in Policy and Procedure
  25. 25. Types of cases at risk Government & Public Administration-141 Cases Corruption 50 Billing 33 Expense Reimbursements 19 Non-Cash 27 Larceny 10 Check Tampering 15 Skimming 25 Cash on Hand 12 Payroll 18 Financial Statement Fraud 9 Register Disbursements 4 0 10 20 30 40 50 60Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  26. 26. Who are the perpetrators? Position of Perpetrator-Frequency 42.1% Employee 41.6% 41.0% Manager 2010 37.5% 2012 16.9% Owner/Executive 17.6% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  27. 27. Tenure of Perpetrator 50.0% 45.7% 41.5% 45.0% 40.0% 35.0% 27.2% 30.0% 25.3% 25.4% 23.2% 2010 25.0% 2012 20.0% 15.0% 10.0% 5.9% 5.7% 5.0% 0.0% < 1 Year 1-5 Years 6-10 Years >10 YearsSource: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  28. 28. Schemes from Perpetrators working in Accounting Department Check Tampering 14.9% 29.7% Billing 26.1% 31.1% Skimming 15.7% 22.9% Cash Larceny 11.2% 17.1% Payroll 11.6% 18.4% Cash on Hand 11.4% 17.1% All Cases 16.6% Accounting Expense Reimbursement 13.3% Corruption 25.1% 17.1% Non-Cash 15.4% 5.5% Financial Statement Fraud 7.2% 9.2% Register Disbursements 3.1% 5.1% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  29. 29. Schemes from Perpetrators in Executive or Upper Management Corruption 53.5% 48.7% Billing 32.7% 40.6% Expense Reimbursement 21.4% 29.9% Non-Cash 15.7% 18.3% Payroll 12.6% 16.1% Check Tampering 8.2% 2012 14.3% 20.8% 2010 Financial Statement Fraud 13.8% Skimming 15.1% 13.8% Cash on Hand 13.8% 12.5% Cash Larceny 11.9% 11.6% Register Disbursements 2.5% 1.3% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  30. 30. Behavioral Red Flags Based on Perpetrator’s Position 39.6% Living beyond means 37.2% 32.7% 23.0% Financial dif f iculties 25.0% 30.5% 21.7% Owner/Executive Unusually close association with vendor 27.2% 11.9% Manager Employee 24.3%Control issues, unwillingness to share duties 23.4% 11.2% 26.0% Wheeler-dealer attitude 16.8% 8.3% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  31. 31. Behavioral Red Flags Behavioral Red Flag Percent of Cases Living beyond means 35.6% Financial Difficulties 27.1% Unusually close association 19.2% with vendor Control 18.2% Issues, Unwillingness to Share Duties Divorce/Family Problems 14.8% Wheeler-Dealer Attitude 14.8% Irritability, Suspiciousness or 12.6% DefensivenessSource: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  32. 32. Behavioral Red Flags Behavioral Red Flag Percent of Cases Addiction problems 8.4% Past-employment-related 8.1% problems Complained about 7.9% inadequate pay Refusal to Take Vacations 6.5% Excessive Pressure from 6.5% Within Organization Past Legal Problems 5.3%Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
  33. 33. Billing Schemes False invoicing through a shell company Personal purchases with government funds False invoicing through an established vendor
  34. 34. False Invoicing Fake invoice – no service or product exchange www.customreceipt.com
  35. 35. Fake invoices many times lack information Street address – PO box only Phone number Good description Logo Packing slip for products purchased Shipping destination for products Invoice numbers are sequential
  36. 36. Vendor Files What needs done to vendor’s files  Clean vendor file annually  Vendor approval process  Training  Google new vendor requests  IT controls limiting access
  37. 37. Employee Expense Reimbursements – Whatto look for: Lack of invoice Fake invoices Lack of detail on invoices Wrong mileage False mileage Personal expenses Alcohol Per diems with no detailed receipts required
  38. 38. Effective Fraud Deterrents Written Fraud Policy  Policy sets expectations • Zero Tolerance  Review and sign-off by each employee for personnel file  Include Reporting Process • Whistleblower Protection • Issues addressed consistently and timely Ethics Policy, Conflict of Interest Policy Training Continuous Risk Assessment
  39. 39. Steps to Reduce Fraud Risk Fraud risk analysis performed Educate Tone at the Top Conflict Disclosures (Council and Management) Establish whistle-blower hotlines Rotation of job duties Zero tolerance Background checks for new hires – don’t hire crooks Keep eyes and ears open regarding employee behavior Discuss concerns with auditors Establish effective Internal Audit division Use of Data Mining Software Surprise audits
  40. 40. Highlights Understand the Five Components of Internal Control Everyone is responsible for effective and efficient control development and/or application Train your Team(s) Ongoing evaluation of controls and fraud risk assessment Fraud Statistics Fraud Prevention tips Trust is never a control!
  41. 41. Annual OAPT Conference -Understanding Internal Controls & Fraud Prevention October 4, 2012 QUESTIONS???

×