2013-06-05 Nonprofit Fraud Series - Part III: The Prevention


Published on

In Part III of our Three-Part Nonprofit Fraud Seminar, you will learn:
- The primary factors that contribute to fraud in nonprofits.
- Detective controls versus preventive controls.
- Actions and tools used to reduce the risk of fraud; and
- Important takeaways!

Published in: Economy & Finance, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

2013-06-05 Nonprofit Fraud Series - Part III: The Prevention

  1. 1. NONPROFIT FRAUD: WHATYOU NEED TO KNOWPART III: THE PREVENTIONJune 5, 2013Lawrence J. Hoffman, CPA/CFF, CVA, CFESenior Partner and Director of ForensicConsulting Services
  2. 2. OBJECTIVESNONPROFIT FRAUD: THREE-PART SERIESPART I: THE FRAUD• Why it is important that you are educated in fraud• The magnitude of fraud in nonprofits• The types of frauds in nonprofits• Why does fraud occur in nonprofits• Some important fraud prevention measuresPART II: THE DETECTION• Why do people commit fraud?• How is fraud detected?• Who are the fraud perpetrators?• Fraud detection techniques• What should you do when you uncover fraud?PART III: THE PREVENTION• Common preventive controls• What are the best preventative measures and controls?• Conducting a fraud risk assessment• Implementing a fraud prevention programPart III: The Prevention* Page 2
  3. 3. AGENDA• What are the best preventative measures and controls?• Key internal controls• Conducting a fraud risk assessment• Implementing a fraud prevention program• The five critical takeaways!3Part III: The Prevention* Page
  6. 6. WHAT ARE THE BEST PREVENTIVEMEASURES AND CONTROLS?FRAUD IS A PEOPLE PROBLEM!• Are you hiring fraudsters?• Are you enabling someone predisposed to commitfraud?• Is your organization’s environment promoting fraud?• Does your organization’s system of internal controlsprovide the opportunity to commit fraud?• Is your organization educated and aware of fraudschemes and red flags?• Do you have a process that provides your employeesand others to report possible fraud and abuse?• Does your organization tolerate fraud? Do you have azero tolerance policy for fraud?6Part III: The Prevention* Page
  7. 7. REVIEW OF COMMON PREVENTIVECONTROLSPREVENTIVE CONTROLSPreventive controls attempt to deter or preventundesirable events from occurring. They are proactivecontrols that help prevent a loss.DETECTIVE CONTROLSDetective controls, on the other hand, attempt to detectundesirable acts. The provide evidence that a loss hasoccurred but do not prevent a loss from occurring.Detective techniques should be used to uncover fraudevents when preventive measures fail or unmitigated risksare realized.Effective Preventive Measures Serve asStrong DeterrentsPart III: The Prevention* Page 7
  8. 8. WHAT ARE THE BEST PREVENTIVEMEASURES AND CONTROLS?1. Internal Controls•design your system and procedures so you do not have torely on trust as a control!•remember any person is capable of committing fraud!•keep in mind the persons role and access to commit fraud!•you must segregate the recordkeeping and the custody ofthe assets!•do you have adequate oversight controls?REMEMBERTRUST IS NOT AN INTERNAL CONTROL!8Part III: The Prevention* Page
  9. 9. WHAT ARE THE BEST PREVENTIVEMEASURES AND CONTROLS?2. Tone from the Top!•What is your “control environment”?•Do you have a strong internal control system?•Directors and officers need to set the tone for ethicalbehavior•How effective is your Audit Committee?•If unethical behavior is tolerated at the top you can beassured it is happening in the rest of the organization!9Part III: The Prevention* Page
  10. 10. WHAT ARE THE BEST PREVENTIVEMEASURES AND CONTROLS?3. Know Your Employees!•Background checks and investigations-know whoyou are hiring!– how well do you know that person?– what due diligence are you doing?– do you believe their resume?– not just a one-time occurrence!•Know your employees and what they are doing– executives and managers need to pay attentionand spend time with their employees-be engaged!– establish that baseline!•Perform exit interviews– what do employees leaving tell you?– what do you ask them?10Part III: The Prevention* Page
  11. 11. WHAT ARE THE BEST PREVENTIVEMEASURES AND CONTROLS?4. Fraud Prevention Program• Fraud risk assessment• Fraud awareness and ongoing training for all levels of theorganization• Reporting mechanisms and whistle-blower protections• Investigation / response process• Board and audit committee oversight• Conflict resolution• Communications• Continuous monitoring• Employer-provided employee assistance services (financialcounselors etc.)• Evaluate performance and compensation programs– do they promote fraud and abuse?– are they fair and provide incentive for performers and hardwork?11Part III: The Prevention* Page
  12. 12. WHAT ARE THE BEST PREVENTIVEMEASURES AND CONTROLS?5. Your Employees Eyes and Ears!• tips are number one method for detecting fraud!• establish a formal written whistleblower policy-procedures for receiving complaints-procedures for investigating complaints-policy for protecting whistleblowers-confidentiality polices for whistleblowers-role and responsibilities of audit committee-educating employees on the policy• establish independent hotline for tips!12Part III: The Prevention* PageYou must create the impression thatsomeone is watching!
  13. 13. KEY INTERNAL CONTROLSSEGREGATION OF DUTIES• Must segregate the recordkeeping and the custody of theassets!• Cash receipts-no single person should−receive the money,−deposit the money,−record the receipts and−reconcile the receipts to the books and records• Cash disbursements-no single person should−authorize payments,−disburse funds (write checks, ACH, wires etc) and−reconcile the bank accounts.13Part III: The Prevention* Page
  14. 14. KEY INTERNAL CONTROLSSEGREGATION OF DUTIES• Use a board member or volunteer if there is not enoughinternal staff to achieve the segregation of duties• Require accounting and finance personnel to take vacationsand not to take work home14Part III: The Prevention* Page
  15. 15. KEY INTERNAL CONTROLSACCOUNTS RECEIVABLE/CASH RECEIPTS• Restrictively endorse checks “for deposit only” immediately• Keep a permanent cash receipts log• Make and reconcile deposits daily• Ask donors and others to write out full name of organization onchecks• Use a bank lockbox service• Cash should be counted with two people present• Publish donor names• Review accounts receivable aging• Independent approval of all accounts receivable write-offs andrefunds15Part III: The Prevention* Page
  16. 16. KEY INTERNAL CONTROLSACCOUNTS PAYABLE/DISBURSEMENTS• Have a formal purchase requisition system• Understand procurement process between goods and services(3 way match for goods!)• Only original invoices and documents-no photocopies• Require dual signatures for expenditures over a certain dollaramount (no signature stamps or electronic signatures!)• Mail all checks after approval and signature promptly• No pre-signed checks!• No checks made payable to “cash”• Keep blank check stock locked up• Have independent reviews of management expense reports(even if a board members must do this!) (check calendars!)16Part III: The Prevention* Page
  17. 17. KEY INTERNAL CONTROLSACCOUNTS PAYABLE/DISBURSEMENTS• Have preauthorized set limits on corporate credit cards and limiton who receives them• Have a written policy on use of corporate credit cards-nopersonal use!• Independent review credit card statements as soon as theyarrive• Review vendor lists and have approval process for newvendors-know your vendors Identify any related-partytransactions (watch for P.O. boxes!) (Google suspected names)• Contracts for services and goods should be competitive bid (atleast 3) and approved by someone independent of personrequisitioning• No hand delivery of checks by person requesting the check• Investigate vendor complaints promptly!17Part III: The Prevention* Page
  18. 18. KEY INTERNAL CONTROLSPAYROLL• Independent approval of employees added to payroll includingpay rate• Independent review of payroll register from payroll processingfirm• Verify that payroll taxes and other withholdings are beingdeposited timely• Use a separate bank account for payroll• Timely reporting of time of effort by employees with propersupervisory approval• Use outside payroll processing service18Part III: The Prevention* Page
  19. 19. KEY INTERNAL CONTROLSFINANICAL REPORTING• Have a well defined and time lined financial reporting checklist• Financial statements should be timely and complete• Have a detailed annual/monthly budget-zero based• Budget versus actual analysis with detailed explanations (areexplanations in line with expectations?)• Review journal entries at the end of each reporting period• Reconciliations, including bank reconciliations, should beprepared promptly after reporting period and independentlyreviewed19Part III: The Prevention* Page
  20. 20. KEY INTERNAL CONTROLSOTHER CONTROLS• Notification and alert services with your bank– Wire notifications– ACH Fraud Filters– Balance threshold– Positive Pay exceptions– Credit card transactions– Authorization limits• Conduct fixed asset inventories at least annually• Close inactive bank accounts immediately• Update bank authorized signatures promptly whenchanges in personnel• Job rotation and mandatory vacations• Fidelity bond coverage• Surveillance20Part III: The Prevention* Page
  21. 21. CONDUCTING A FRAUD RISK ASSESSMENTTHE FRAUD RISK ASSESSMENT PROCESS• Purpose is to identify where fraud may occur and how it maybe perpetrated• The organization chart-the map of the people and processespresents a picture and starting point• Remember to overlay macro elements such as industry andorganizational changes, economic climate, governmentregulations and climate, technology changes andadvancements• Brainstorming the possible threats and schemes• Are there any current warning flags?• Where are you most vulnerable?21Part III: The Prevention* Page
  22. 22. CONDUCTING A FRAUD RISK ASSESSMENTTHE FRAUD RISK ASSESSMENT PROCESS• Are there serious weaknesses in internal controls?• Are there any mitigating controls?• Do you have physical security breach threats?• What do you need to do to secure significant threats?22Part III: The Prevention* Page
  23. 23. CONDUCTING A FRAUD RISK ASSESSMENTFACTORS THAT CREATE ENVIRONMENT ANDOPPORTUNITIES FOR FRAUD• Lack of awareness of fraud risk factors and warning signs• Inadequate control activities to mitigate identified fraud risk• Inadequate screening practices (for employees, vendors,customers, and / or business partners)• Insufficient understanding of ethical duties at all levels• Ineffective mechanisms for reporting and investigating fraud• Ineffective board and audit committee oversight• Situational (internal and external) pressures that encouragefraud23Part III: The Prevention* Page
  24. 24. CONDUCTING A FRAUD RISK ASSESSMENTSource: Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraudand Abuse: 2012 Global Fraud Study24Part III: The Prevention* Page
  26. 26. FRAUD RISK ASSESSMENTPart III: The Prevention* Page 26
  27. 27. CONDUCTING A FRAUD RISK ASSESSMENTKEY ASSESSMENT QUESTIONS(RATE YOUR ORGANIZATION FROM 1 (POOR) TO 10 (GREAT)• What is your “tone at the top”? ______• What is the level of your certainty that people in yourorganization will do the right thing? ______• Are people in your organization made to fell that they arepart of a team and have a vested interest in the value ofthe organization? ______• Do people in your organization act with good moral/ethicalcharacter without much force? ______• How is your organization’s current financial health? ______* How timely is your organization’s financial reporting? ______27Part III: The Prevention* Page
  28. 28. CONDUCTING A FRAUD RISK ASSESSMENTKEY ASSESSMENT QUESTIONS(RATE YOUR ORGANIZATION FROM 1 (POOR) TO 10 (GREAT)• Is your key management hands on and visible? ______• Is key management “connected” with their staff/baseline? ______• How effective is your board of directors? ______• How effective is your audit committee? ______• Do you effective internal controls? ______• How do you view the importance of your independentaudit and process? ______28Part III: The Prevention* Page
  29. 29. IMPLEMENTING A FRAUD PREVENTIONPROGRAMKEY ELEMENTS AND OBJECTIVESOBJECTIVES• Opportunity – removing or lessening the opportunity to commitfraud• Detection – ensuring fraud and abuse can be timely detectedELEMENTS• Policies – implement clear and concise written polices for fraud,code of conduct, and conflict of interest and be affirmed by allemployees in writing• Communicated-continually communicated and reinforced• Tone from Top – Board-appointed high-level executive responsiblefor coordinating fraud-risk management and directly reporting to theBoard. Must lead by example.• Leadership – executives and managers must lead by example29Part III: The Prevention* Page
  30. 30. IMPLEMENTING A FRAUD PREVENTIONPROGRAMKEY ELEMENTS AND OBJECTIVES• Training – ethical conduct and fraud prevention training is neededon at least an annual basis for all employees• Accountability-must make all people accountable in detectingfraud• Reporting – must have a means for employees to report potentialviolations and issues, such as whistleblower process and hotlines• No Retaliation – employees need to be encouraged to reportsuspicious behavior and be reassured that any reports are made instrict confidence and that the organization prohibits retaliation ofany type• Communicate the Risks – All employees should be told wheneverany employee or others doing business with the organization arearrested or discharged for fraudulent activity30Part III: The Prevention* Page
  31. 31. IMPLEMENTING A FRAUD PREVENTIONPROGRAMKEY ELEMENTS AND OBJECTIVES• Enforcement-you must prosecute fraud. An organization that doesnot prosecute sends a message that encourages fraud.• Zero Tolerance – you must have a zero tolerance for fraud andmust apply to ALL employees. As soon as a high-level executivewho commits any kind of fraud is not held accountable, the entireprogram has lost credibility• Surprise Audits – conduct surprise audits in high risk areas. Putin policy that random tests may be performed to ensure that theorganization’s controls are not being circumvented (keep fraudstersguessing!)• Monitoring – you should conduct a periodic assessment andensure the process is working• Remediation-all weaknesses in controls must be fixedimmediately. Always be strengthening controls.31Part III: The Prevention* Page
  32. 32. THE FIVE TAKEAWAYS!THE FIVE MOST IMPORTANT TAKEAWAYS – AGAIN!1. Trust is not an internal control!– Establish, to the extent possible, controls and procedures that eliminatethe element of trust– Always segregate the custody of the asset with the recordkeeping for theasset2. Set the tone from the top!– “If you are stealing, your employees are stealing!”– E.g., office supplies, expense reports, etc.3. Know your employees!– Background investigations and public records checks before hiring– Meet and establish a baseline relationship4. Institute a fraud policy– No tolerance– Will prosecute5. Establish a hotline for tips– Number one method for detecting fraud!– Can outsourcePart III: The Prevention* Page 32
  33. 33. WHAT WE LEARNED ABOUT FRAUD INOUR THREE-PART SERIESPART I: THE FRAUD• Why it is important that you are educated in fraud• The magnitude of fraud in nonprofits• The types of frauds in nonprofits• Why does fraud occur in nonprofits• Some important fraud prevention measuresPART II: THE DETECTION• Why do people commit fraud?• How is fraud detected?• Who are the fraud perpetrators?• Fraud detection techniques• What should you do when you uncover fraud?PART III: THE PREVENTION• Common preventive controls• What are the best preventative measures and controls?• Setting the tone at the top!• Conducting a fraud risk assessment33Part III: The Prevention* Page
  34. 34. HOW CAN RAFFA ASSIST YOU INPREVENTING AND DETECTING FRAUD?FORENSIC CONSULTING SERVICES• Pre-hire investigations and background checks• Fraud risk assessment• Internal control / program review• Fraud awareness training• Fraud prevention programs and policies implementation• Due diligence investigations• Fraud investigationsPart III: The Prevention* Page 34
  35. 35. RESOURCES AND SUGGESTED READING• 2012 Report to the Nations on Occupational Fraud andAbuse, Association of Certified Fraud Examiners,http://www.acfe.com/rttn.aspx• “The American Fraud Report,” www.jpsimsconsulting.com• The CPA’s Handbook of Fraud and Commercial CrimePrevention, AICPA• Managing the Business Risk of Fraud: A Practical Guide;AICPA, ITA, and ACFE; https://na.theiia.org/standards-guidance/Public%20Documents/fraud%20paper.pdf35Part III: The Prevention* Page
  36. 36. QUESTIONS AND ANSWERS36Part III: The Prevention* Page
  37. 37. BIOGRAPHY37• 35 years of consulting, audit, accounting and tax experience in the public and privatesectors.• Started career with a Big-Four international accounting firm in Washington, DC.• Founded a regional certified public accounting and consulting firm in 1982 and grew it toon of the Washington, DC’s largest firms in seven years. Merged his practice with RaffaP.C. in 2008.• Managed and conducted audit and accounting engagements ranging from small privatelyheld to large publicly held businesses in various industries, including multi-nationalbusinesses, nonprofit organizations, and governmental entities and agencies.• Performed economic and financial analysis, including projections and forecasts, in supportof litigation and claims for lost earnings and profits, business interruption, shareholderdisputes, patent and trademark infringements, bankruptcy and restructuring, and structuralsettlements; assistance with interrogatories, document requests and depositions; andserving as an expert and consulting witness.• Performed and supervised business valuations for both public and closely held companiesin a variety of industries, individuals and estates, family limited partnerships and limitedliability companies, including valuations for business combinations (SFAS 141R), mergers,acquisitions, and divestitures, estate and gift taxes, marital dissolution proceedings, buy-sell agreements, intangible assets and intellectual property, purchase price allocations,goodwill (SFAS 142) and long-lived asset (SFAS 144) impairment, fair value accounting(SFAS 157), cheap stock (IRC 409A), stock-based compensation (SFAS 123R), phantomstock and employee stock ownership plans.• Conducted and led teams of forensic accountants on fraud audits and investigations,including fraudulent financial statements, misappropriations of assets and embezzlements;money laundering, kickbacks, bribery and conflicts of interest; insurance claims;bankruptcy; financial institutions and loan fraud. Also has conducted fraud riskassessments, anti-fraud programs, and fraud training and education.LAWRENCE J. HOFFMAN,CPA/CFF, CVA, CFESENIOR PARTNERRAFFA, P.C.1899 L STREET, NWWASHINGTON, DC 20036TEL. 202-822-5408FAX 202-822-0669LHOFFMAN@RAFFA.COMPart III: The Prevention* Page
  38. 38. BIOGRAPHY38• Assisted companies and nonprofits with restructuring and turnaround situations, includingrecapitalizations, reorganizations and liquidations. Advised entities on Chapters 11 and 7,bankruptcy filings and proceedings and non-judicial workouts. Developed andadministered crisis management plans, cash flows, liquidation and turnaround analysis,debt restructuring and creditor negotiations, and turnaround plans.• Formulated strategic short- and long-term business and financial planning for variousbusiness organizations and served as interim “C” level positions, including for a majorNorth American sports league, European and U.S. aircraft manufacturer, aviation charterairline and travel company, and a multi-chain quick service food chain.• Formulated syndication strategies and prepared business plans and private placementofferings, including financial forecasts, market research and analysis, due diligence,securities pricing and structuring for various public and private securities offerings,including SEC filing.• Founded and developed a regional NASD licensed broker dealer investment banking firm.Placed over $150 million in debt and equity and represented over $200 million in mergerand acquisition transactions.• Founded and developed two private equity funds in excess of $10 million, includinginvestments in early stage and mature emerging companies in the form of debt and equity.Portfolio investments included aviation, food and hospitality, software and technology,telecommunications, sports and entertainment, banking and financial institutions,healthcare, and wholesale and retail.• Co-founded and managed various real estate acquisition, ownership, and operatingentities, including commercial office buildings, shopping centers, flex warehouses,residential housing and developed land.• Performed tax and financial consulting services for individuals and closely heldbusinesses.• Instructor in audit, accounting, finance, and forensic accounting.LAWRENCE J. HOFFMAN,CPA/CFF, CVA, CFESENIOR PARTNERPart III: The Prevention* Page
  39. 39. BIOGRAPHY39LAWRENCE J. HOFFMAN,CPA/CFF, CVA, CFESENIOR PARTNEREDUCATION & CERTIFICATIONS• Bachelor of Science, Accounting – Mount St. Mary’s University• Certified Public Accountant (CPA)• Certified Fraud Examiner (CFE)• Certified in Financial Forensics (CFF)• Certified Valuation Analyst (CVA)• Private Investigator (PI), Virginia• Series 7 General Securities Representative (not active)• Series 24 General Securities Principal (not active)• Series 63 Uniform Securities Agent (not active)PROFESSIONAL ASSOCIATIONS & AFFILIATIONS• American Institute of Certified Public Accountants, Member• Virginia Society of Certified Public Accountants• Association of Certified Fraud Examiners• National Association of Certified Valuation Analysts• Institute of Business AppraisersPERSONAL INTERESTS• Private pilot with instrument, multi-engine, high performance complex and aircraftratings• Golf and fishing• Reading and politicsPart III: The Prevention* Page