Fraud Risk and Control

FRAUD RISK
AND CONTROL
Recognizing the Prevalence of Risk and the
Importance of Prevention

Stop Fraud in its Tracks
“Don’t wait until you are working on fraud
detection within business operations.”

• Partner-in-Charge of Weaver’s Risk
Advisory Services
• 25+ years of experience in public
accounting, including 17+ years of
internal control process and risk
management experience
• Specializes in
– Internal control compliance and monitoring
– Risk and business management consulting
– Fraud Prevention
– Technology consulting
– Operational analysis
– Internal audit
– IT audit
Speaker Profile
Alyssa G. Martin, CPA, MBA

Session Agenda
• Definition of Fraud
• Identifying Fraud Schemes
• How Fraud Threatens Your
Organization’s Existence/Credibility
• Effective Elements of Fraud
Prevention & Detection
• Mitigating Fraud Risk

“… any illegal act
characterized by deceit,
concealment, or
violation of trust.
What is Fraud?
These acts are not dependent upon the threat
of violence or physical force. Frauds are
perpetrated by parties and organizations to
obtain money, property, or services; to avoid
payment or loss of services; or to secure
personal or business advantage.”
Fraud is defined as:

• Intentional act vs. error or mistake
• Ingenious schemes, limited only by
human imagination
• Gaining an advantage through false
suggestions and suppression of truth
• Using surprises, tricks or cunning, or any
other unfair means
The Nature of Fraud

Fraud is a
breach of
trust, not an
accident!
• Fraud is an “intentional” act
often involving detailed
planning and concealment
• Crooks “anticipate” the
routine procedures; evidence
is often fabricated
• Exploits weaknesses in routine
procedures or internal controls
Not an Accident

Fraudulent schemes are
“engineered”
(meticulously designed)
to perpetrate and
conceal the theft,
including an exit strategy
complete with “fall guys”
and “alibis”
Fraud Engineering

Fraud Impact in the US
% or $ Fraud Victims/Areas
5% Annual revenues lost of global entities
$3.7 Trillion Potential projected global fraud loss
$1,000,000 + Lost in over 24% of cases investigated
Median Loss Fraud Victims/Areas
$1,000,000 Financial statements
$200,000 Corruption schemes
$130,000 Asset misappropriation schemes
*Source: Association of Certified Fraud Examiners (ACFE) 2014 Report to the Nation on Occupational Fraud and Abuse

• Consistently meet/exceed budget
expectations
• Close relationships with
vendors/service providers
• Related party transactions/conflicts of
interest
• Missing, altered, late documents
• Relaxed oversight combined with
friendly employee relations
• Change in personal habits or behavior
• Regular adjustments for defective
items or shrinkage
• Compensation tied to financial results
• Material or frequent adjustments
Red Flags
Some of the
warning
signs…

Behavioral Red Flags
Source: 2014 Association of Certified Fraud Examiners “Report to the Nation”

Primary Fraud Risk Factors

The Fraud Triangle
Opportunity
• The only factor completely
controlled/prevented by an
organization
• Must gain access to
assets/records
INCENTIVE/PRESSURE
INTENT/MOTIVE
Incentive/Pressure
• The more incentive, the easier it is to justify
• Financial or personal problems, financial
pressure, mental instability
Rationalization
• Ability to follow through and
commit the fraud
• Perpetrator has to make it
“okay” internally to perform
the fraudulent act
An increase in any element in the triangle increases the
risks of fraud. Anti-fraud controls are built to deter or
prevent access and incentive for fraud.

The Fraud Diamond
Incentive
• Leads the
perpetrator to the
door
Rationalization
• Coaxes the
perpetrator to
the door
Opportunity
• Opens the door
for the
perpetrator
Capability
• Enables the
perpetrator to
walk through
the door
A person’s “capability”, or personal traits, plays a key
role in determining if a fraud will occur in the presence
of pressure, opportunity and rationalization.

Where Does Fraud Occur?
More than 75% of the frauds in the study were
committed by individuals in 7 departments:

Who Perpetrates Fraud?
Perpetrators’ Gender:
66.8% Male 33.2% Female

How is Fraud Perpetrated?
Public Sector: >360
Government Cases: >140 | Education Cases: 80 | Nonprofit Cases: 40

Fraud Tree

• External agents
– Lone hackers
– Organized crime
groups
– Former
employees
• Internal agents
– Regular staff
– Executives
– Contractors
– Students
• Partners
– Suppliers
– Vendors
– Other third parties
Don’t Forget: The IT Threat

HOW FRAUD THREATENS YOUR
ORGANIZATION’S EXISTENCE/CREDIBILITY

Areas Most Prone to Fraud:
• Cash Collections and Use of Funds
• Purchasing and P – Cards
• Expense Reporting and Travel
• Payroll
• Human Resources
• Inventory (Transportation, Maintenance,
Custodial, General Supplies)
• Construction and Facilities
• Technology
Current State
Despite aggressive prosecutions, fraud in the
workplace is alive and well.
Now more than ever
it is imperative that
organization’s
consider fraud
implications and
implement
preventative
measures.

Primary Fraud Categories
Asset
Misappropriation Corruption
Financial
Statement Fraud
Theft or misuse of tangible
and intangible assets
Utilizing influence in
business transactions to
obtain a personal benefit
Employee intentionally
causes misstatement of
material information in
organization’s financial
reports
Most Common Less Frequent Most Rare

Asset Misappropriation
Scheme Scenario
Payroll Fraud
• Payment to fictitious employees
• Overpayment to existing employees - collusion
• Issuing payroll checks to employees who no longer work for the organization
Procurement Fraud
• Payments to phantom vendors
• Control bidding process
Credit/Procurement
Card Fraud
• Use of Organization cards for personal purchases
• Use of procurement cards to circumvent competitive bid requirements
Travel/expense
reimbursement
Fraud
• Reimbursement of undocumented expenses
• Reimbursement for luxury accommodations
• Reimbursement for travel expenses of employee's family members
Revenue Skimming • Embezzlement of cash collections or funding
Theft • Theft of materials, supplies, merchandise
Misuse of Assets
• Unauthorized use of organization assets
• Inappropriate use of bond funds

Corruption
Scheme Scenario
Kickbacks and
Bribes
• Cash or non-cash gifts from vendors accepted by personnel
• Cash or non-cash gifts from vendors accepted by Board members
• Awarding contracts based on side agreements
Failure to Hold
Competitive Bidding
• Purchasing in smaller increments to avoid the bidding process
Competitive Bid
Rigging
• Limiting advertisement of bid to preferred vendors
• Related party transactions or dealing for personal benefit
• Preferential treatment of vendors during the award selection process
• Establishing selection criteria that give vendors an unfair advantage
• Profiteering as a result of insider knowledge
Failing to Disclose
Conflicts of Interest
• Awarding contracts to parties related to individuals involved in the
decision making process
Forgery or
Falsification of
Documents
• Falsification of contract terms, operating results
• Destruction or disappearance of records
• Altering or creating documents with the intent to defraud

Financial Statement Fraud
Scheme Scenario
Inflating Balance
Sheet/Fund Balance
• Manipulating fund balances
• Omission of material contingencies or subsequent events
• Inappropriately carrying over unused federal or state funds from one
year to the next
Inflating Income
Statement
• Hiding losses/expenses
• Falsifying revenue
• Improper recording of the period expenses occur
• Recording pending transactions as completed transactions
Misrepresentation of
Facts and Falsifying
Records
• Intentional reporting of inaccurate financial results
• Falsification of official documents or reports
• Public Information provides unsubstantiated favorable results
• Internal memos give misleading information
• Altering or creating documents with the intent to defraud
• Omission of subsequent events
• Destruction or disappearance of records

EFFECTIVE ELEMENTS OF FRAUD
PREVENTION & DETECTION

Assessing Fraud
Assessment and monitoring is key to
identification, prevention and detection.
• Brainstorm to uncover possible fraud
schemes and scenarios
• Assess gaps in the business office that
could be used for misappropriation
• Evaluate control design and operations
• Work now on prevention—rather than
detection—and improve safeguards

Fraud Risk Assessment
Prioritize significant fraud risks
Analyze root causes: incentives, pressures,
opportunities, attitudes and rationalizations
Identify how to address risk: accept, avoid,
control or transfer?
Test your solution
Monitor risk factors

Key Questions to Ask
• Who can be the potential fraud
perpetrator?
• How might a fraud perpetrator exploit
weaknesses in the system of controls?
• How could a perpetrator override or
circumvent controls?
• What are the possibilities that can be used
to hide fraud from detection?
• What is the cost versus benefit for
accepting, avoiding, controlling or
transferring the risk?
• What metrics and indicators exist that
could indicate a need to investigate of
examine a process for fraudulent activity?
When determining fraud risk, ask the following questions:

Scheme Prevention/Detection
Payroll Fraud
• Require supervisor approval of time sheets and approval of additional duty pay
• Separate access to HR system from access to payroll processes
• Designate a different employee to perform payroll reconciliations
• Require IT to remove terminated employees from all systems, including time
entry and payroll
Procurement
Fraud
• Separate purchasing from the requisitioning department and require
competitive bidding
• Separate access to approved vendor list from generation of purchase orders
• Require background checks and test vendors for exclusions
• Match invoices to purchase orders and packing slips prior to payment
Credit/
Procurement
Card Fraud
• Require documentation for procurement card purchases and review samples
of purchases
• Implement purchase vendor restrictions and MCCs
• Place dollar limits on each card
Travel/Expense
Reimbursement
Fraud
• Review samples of travel expense reimbursement documentation and require
prior supervisor approval for all travel

Scheme Prevention/Detection
Revenue
Skimming
• Require that a second employee reconcile activity fund receipts to
transaction detail and documentation
• Require two people to participate in collections and deposit preparation
• Require all cash be locked in a safe and daily deposit
• Require that an accounting employee record reconciled cash collection
transactions
• For events, use pre-numbered tickets; have two people with cash at all times;
and reconcile tickets to cash received
Theft • Restrict access to cash/supplies, requiring advance request and authorization
from the requisitioning department
• Require requisition forms, and investigate unusually high supply use
• Conduct inventory counts and investigate abnormalities
Misuse of Assets
• Initiate a fraud and abuse hotline
• Utilize firewalls and inappropriate and unsafe website blockers

Corruption
Scheme Scenario
Kickbacks and
Bribes
• Review documentation of bidding process for reasonableness
• Require employees to sign codes of conduct
Failure to Hold
Competitive Bidding
• Review repetitive payments to vendors or unusual purchases
Competitive Bid
Rigging
• Advertise all bids in a specific, well-known location
• Use established selection criteria and review any changes for
reasonableness
Failing to Disclose
Conflicts of Interest
• Research potential conflicts for major contracts
Forgery or
Falsification of
Documents
• Require employees to sign codes of conduct
• Require records/documents be submitted in a system that requires an
explanation for a change; review a sample of changes and excessive and
unusual changes
• Perform background checks on employees

Scheme Scenario
Inflating Balance
Sheet/Fund Balance
• Review financial statements and reconciliations monthly
• Ensure accounting management has financial expertise, perform
background checks, and verify credentials
• Become familiar with guidelines for federal and state funding
• Obtain a financial statement audit from a reputable firm
Inflating Income
Statement
• Require review and approval of journal entries
• Investigate any large or unusual journal entries or anything appearing to
originate from management
• Confirm accounting system access ensures segregation of duties and
does not provide unnecessary access to managers
Misrepresentation of
Facts and Falsifying
Records
• Do not use a signature stamp and briefly review documents before
signing, asking questions
• Receive and review unopened statements and documents from banks
and other third parties
• Utilize an electronic documentation system with access controls and a
retention schedule

Example – Payroll Fraud
Fraud Scenario
•A Payroll Manager was routing checks for terminated employees to
her own bank account. Internal Audit identified approximately
$50,000 in fraudulent payroll disbursements to this employee’s
account.
•Payroll was segregated from HR, however, the payroll manager had
access to modify employee profiles within the software. Additionally,
the payroll manager was responsible for approving the payroll
calculation and processing the check run, allowing for management
override of controls.
•No processes were in place to ensure segregation of duties. There was no
independent disbursement count, and the payroll manager was in
charge of reconciling the calculation to the approved hours and payroll
expense for each department.
Key Risks and Exposures

Example – Payroll Fraud
Lessons Learned
•The Payroll Manager was unwilling to change the existing process and
implement internal audit recommendations to segregate her
responsibilities for processing payroll.
•Auditor learned through interviewing HR personnel that the Benefits
Specialist had identified irregular transactions in the payroll system that
were entered by the Payroll Manager.
Necessary Controls
• An employee who is able to make changes to the employee master
file (add or delete employees or change compensation) should not
also be involved in the payroll process, including having access to the
payroll system or generating or distributing checks. A separate
employee should have been assigned this duty.

Corruption
Example – Kickback Arrangement
Fraud Scenario
•A member of management received cash and personal services in
exchange for fixing a bid for construction services.
•The official submitted the contractor’s inflated bid and recommended
its approval over the fraudulent higher bids he submitted to appear to
be from other contractors.
•Resulted in financial loss to the organization, inferior work product, and
taxpayer mistrust.
•Bid advertising procedures were not in place, and the official had a
significant amount of control and influence over the bid and selection
process.

Lessons Learned
•Auditor interviewed similar contractors to determine if they had been
consulted about providing services and obtain competitive rates for
similar services. Determined that they had not been aware of the bid
opportunity, and costs for the awarded contract exceeded quotes
from other providers.
Necessary Controls
• All major requests for proposal should be advertised in a well-known,
specified location.
• Documentation of bid advertisement, bids received, and evaluation
of those bids should be reviewed by the board for all major contracts.
Corruption
Example – Kickback Arrangement

Example – Understated Expenses
Fraud Scenario
•The Controller, under pressure from the Executive Director,
understated organization expenses on the financial statements.
•He used a dummy account in order to reduce the costs per program
to present a more favorable picture of the organization’s financial
situation.
•Public criticism for high costs were initially avoided, but the scandal
ultimately resulted in public outcry and terminations.
•Significant internal controls design deficiencies and a lack of adequate
segregation of duties and system access restrictions.

Lessons Learned
•Analytics indicated lower expenses than in previous years.
•Review of controls indicated lack of sufficient system access
restrictions.
•The Division Manager could not explain the “Prepaid Program
Clearing Account.”
•.
Necessary Controls
• Ability to prepare entries vs. approve them within the system should
be limited to create segregation of duties and prevent management
override.
• Monthly and annual reconciliations should be performed timely.
• A fraud and abuse hotline should be made available and widely
publicized to employees.
Example – Understated Expenses

Create a Entity-
wide culture of
integrity from the
boardroom,
throughout
administration,
and beyond.
Fraud Prevention Measures
• Commit organization resources to focus on
fraud
• Prosecute offenders
• Ensure appropriate segregation of duties
• Perform regular internal audits to deter fraud
• Implement IT controls
• Implement a fraud hotline & investigate
fraud tips
• Establish checks and balances for ongoing
monitoring at the administration level
How to Prevent Fraud
Best Practices Approach to Fraud Prevention

• Prevention is the most cost
effective approach to fraud
management.
• Losses are almost impossible
to recoup.
• Improve your Organization’s
internal controls and retain
funds for the intended use.
Cost-Effective Approach

• Segregation of duties
– Foundational element of prevention
– Establishes natural checks and balances
– Reduces errors
– Includes IT controls, access and
management
• Perceived opportunity is a common
driver
– Tone at the top
– Use a hotline - Investigate tips
– Segregation Of Duties is “built in”
– Fraud prevention as part of code of ethics
Key Internal Controls

Effective Fraud Detection
The Six Elements
INTENT
MOTIVE
OPPORTUNITY
CONCEALMENT
REPETITIVE ACTS
COMPETENCYFRAUD
When proving
fraud, focus
on the six key
elements:

An increase in any
element in the fraud
triangle (or diamond)
increases the risks of
fraud.
Anti-fraud controls are
built to deter or prevent
the ability, incentive,
and opportunity to
commit fraud.
Fraud Risks

• The financial costs alone are staggering and a waste of
taxpayer money
– Fraud/theft of funds or other assets
– Cost of investigation
– Increase in accounting fees/audit fees/legal fees
– Court costs
• Long-term loss of confidence and trust in the organization,
officials, and board of directors
– Conveys the wrong message to employees and the public
– Economic impact to programs
• Unanticipated terminations
– Loss of employees
– Potential termination of officials
– Potential removal of members of the Board of Directors
• Loss of public investment and community funding
Impact on Organizations

Lack of proactive fraud management could threaten
your organization’s long-term goals:
• Being accountable for taxpayer dollars
• Maintaining public confidence and trust
• Managing growth
• Providing a positive learning environment for
students
• Providing a high-integrity work environment for
personnel
• Safeguarding the assets of the organization
• Protecting the reputation of the organization
Prevention is Key!
Prevention is the key to retaining fund balances!
Organizations cannot afford to lose five percent of revenues - that is the
hidden cost of fraud (losses are almost impossible to recoup).

51
QUESTIONS?
Alyssa G. Martin, CPA, MBA | Partner, Risk Advisory Services
972.448.6975 | alyssa.martin@weaver.com

Fraud Risk and Control

More Related Content

What's hot

Viewers also liked

Similar to Fraud Risk and Control

Recently uploaded

Fraud Risk and Control