2. Increased Fraud Risks from a
Challenging Economy
What Y C D to Protect Your
Wh t You Can Do t P t t Y
Organization
Brian R. DuMond, CPA
Partner
Dermody, Burke & Brown, CPAs, LLC
Catherine L. Casler, CIA
Audit & Accounting Manager
Dermody, Burke & Brown, CPAs, LLC
3. Overview
A Sign of the Times
Internal Controls
Impact of Challenging Economy on Internal Controls
Fraud
Impact of Challenging Economy on Internal Controls and
Fraud Risk
What to Look For
Protecting Your Business/Entity
g y
What to do if you see it
Final Thoughts & Questions
4. A Sign of the Times
Recession
Budget Cuts â Companies/Organizations trying to do more
with l
ith less.
People/companies who never had financial concerns are
e pe e c g sca st ess
experiencing fiscal stress.
⢠Credit card rate increases, cut off of credit lines.
⢠Inability to sell homes / âtoysâ.
⢠Higher living expenses â property taxes, medical, fuel,
utilities, food.
utilities food
⢠Shrinking residual income.
⢠Cut-backs on OT reduce take home pay.
⢠Spouse may be unemployed.
p y p y
As economic recovery gets underway, the risk of fraud may
not be reduced. It could be magnified!
5. A Sign of the Times
Recovery
As some sectors of the economy start to improve, businesses
are reaching for new revenue opportunities.
Companies that have cut staff are reluctant to staff up again.
Now they will have even more work to do with fewer people
than before the recession.
Internal controls th t were weakened d
I t l t l that k d due t cutbacks d i
to tb k during
the recession will be under even more stress when new
business is added.
As sales increase, some employees may rationalize helping
themselves to make up for their past sacrifices.
6. A Sign of the Times
Statistics
In May 2008, the NYS Unemployment Rate was 4.8%. In Jan 2010
it hit a high of 9 6% As of May 2011 itâs still 7 8%
9.6%. it s 7.8%.
Thatâs 278,300 more unemployed NYS residents in the Spring of
2011 than there were in the Spring of 2008.
g
2010 ACFE survey of 1,843 U.S. and International fraud
professionals estimated that the average organization loses 5% of
its annual revenue to fraud ($50 000 lost to fraud per $1 million in
fraud. ($50,000
income.)
The median loss caused by the 1,843 occupational fraud cases
reported by participants in the 2010 ACFE survey was $160,000.
7. Small businesses (less than 100 employees) were the
most frequently reported victim of fraud (31%) of reports.
8. Small business had almost as great a median loss per
fraud as larger co pa es
aud a ge companies.
9. In small businesses, the primary contributing factors in
65% of the reported fraud incidents were Lack of Internal
Controls and Lack of Management Review.
Review
Primary Internal Control Weakness by Size of Victim
Organization
Lack of Internal Controls 47.0%
47 0%
22.7%
Most Importa Contributin Factor
Lack of Management Review 17.5%
17.8% <100 Employees
12.0% 100+ Employees
Override of Existing Internal Controls
ng
22.0%
Poor Tone at the Top 7.8%
8.5%
Lack of Independent Checks/Audits 7.0%
5.8%
ant
Lack of Competent Personnel in Overnight Roles 5.6%
7.0%
Lack of Clear Lines of Authority 1.6%
2.0%
Lack of Employee Fraud Education 1.2%
2.0%
Lack of Reporting Mechanism 0.2%
0.9%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0%
Percent of Cases
10. Employees in Accounting, Finance and Operations
perpetrated 44% of the reported cases and were
responsible for 44% o t e median losses.
espo s b e o % of the ed a osses
11. More Statistics
Nearly 25% of the frauds reported to the
ACFE involved losses of at least $1 million.
New Citigroup case - $19.2 million
12. Internal Controls
Internal control is what management does
g
to see that things they want to happen will
happen, and the things they donât want to
happen wonât happen
won t happen.
Controls are a way to minimize risks or
exposures that an entity may f
face.
13. Internal Co t o s
te a Controls
Five Key Control Activities
Top level reviews â management oversight, surprise
cash counts, review, audit.
Authorization and approval â review of transactions
prior to completing a cycle.
Information processing controls â IT security and
application controls.
Physical Controls â Safeguarding of Assets
Separation of Duties â no single person handles the
entire process.
14. Fraud
Fraud is the intentional manipulation of financial data
to
t reach a diff
h different result, or
t lt
The intentional taking of assets that belong to another
party.
party
Occupational fraud is conducted in the course of oneâs
employment.
Asset misappropriation was the most common fraud
reported in the ACFE 2010 survey - 90% of cases.
y
15.
16. Review
So far weâve spoken about:
The economic conditions that increase the likelihood
of fraud happening,
The businesses that are the most frequently victims of
fraud,
The insider sources of fraud,
We touched briefly on the key control activities to
deter fraud and
fraud,
We discussed Asset Misappropriation, the most
commonly reported category of fraud.
Next, weâll move on to discussing in more detail, the
circumstances within organizations that lead insiders to
commit fraud
fraud.
17. Fraud
In the 1950âs, Criminologist Donald Cressey interviewed
200 people who were incarcerated for embezzling.
His study was geared to find out what circumstances led
them to commit the fraud.
He noted the following:
1.
1 There was a significant personal need
as need.
2. An idea formulated to fix the need.
3. The individual may have thought stealing was
dishonest previously, however, due to the significance
of the need and the idea, it no longer seemed as dishonest.
And the famous f d t i
A d th f fraud triangle was b
l born.
Pressure x Perceived Opportunity x Rationalization many times
Results in Fraud.
18. Internal Controls and Fraud
How i the Challenging Economy Impacting
H is th Ch ll i E I ti
Internal Controls and Fraud Risk?
Authorization and Approval â
With less staff, management has less time to perform authorization
and approval as they try and perform additional responsibilities
responsibilities.
⢠Approvals delayed, done after the fact, or not done at all;
⢠Less time/scrutiny during the review and approval process due
to time restrictions. As a result, the process is less effective in
identifying errors or irregularities;
⢠This could be seen as perceived opportunity by the potential
fraud perpetrator.
19. Internal Controls and Fraud
How i the Challenging Economy Impacting
H is th Ch ll i E I ti
Internal Controls and Fraud Risk?
Information Technology controls â IT security and application
controls.
⢠As organizations downsize their employees need to do more
downsize, more.
In order to accomplish that, they need to have more access to
more areas in the accounting systems. This can create a fraud
risk with additional opportunity to access areas within the system
that can start and complete a transaction.
⢠One place organizations may look to cut costs is in the
Information Technology department If an organization goes down
department.
to one IT person, who is reviewing the work that this IT person is
doing?
20. Internal Controls and Fraud
How i the Challenging Economy Impacting
H is th Ch ll i E I ti
Internal Controls and Fraud Risk?
Separation of Duties â no single person should h dl th entire
S ti f D ti i l h ld handle the ti
process.
⢠Remaining employees do more work. As workers try to balance a
greater load, there is a greater risk for errors. This can also serve as a
way to rationalize fraud. An I deserve mentality.
⢠Work of one person is not under review of another, creating
p , g
opportunity for errors to go undetected. Also, if the work of a person is
not under the review of another, they may sense an opportunity to
commit fraud.
⢠As previously discussed, with management having less time to review
and approve, and workers taking on more and more responsibilities,
concern as to accuracy and quality of work increases as well as fraud
risk associated with opportunity and rationalization.
i k i t d ith t it d ti li ti
21. Internal Controls and Fraud
How i the Challenging Economy Impacting
H is th Ch ll i E I ti
Internal Controls and Fraud Risk?
Recovery
As some sectors of the economy start to improve, businesses may
reach for new revenue opportunities in unfamiliar territories or new
product li
d t lines.
Has management taken the time to perform a thorough risk
assessment of new opportunities? Have appropriate control
pp pp p
processes been designed to deter loss of revenue from fraud?
As weâve said before, companies that have cut staff are reluctant to
hire.
hire Now they will have even more work to do with fewer people
than before the recession.
As sales increase, some employees may rationalize helping
themselves t make up f th i past sacrifices.
th l to k for their t ifi
22. Internal Controls and Fraud
How i the Challenging Economy Impacting
H is th Ch ll i E I ti
Internal Controls and Fraud Risk?
TopâLevel Reviews and Safeguarding of assets are the
remaining two key control activities.
We will focus on these areas later when discussing
opportunities to mitigate the risks that arose as a result of
downsizing.
23. Fraud
What to Look for
Business owner/board members/key management giving
impression too busy or uninterested in financial reports.
Financial reports are not prepared in sufficient detail and/or not
prepared and presented timely.
Aggressive financial goals and/or incentive programs.
Financial targets continue to be achieved, but payables continue
to build and cash flow continues to be a concern.
Questions asked of management are not addressed appropriately
or satisfactorily.
Poorly monitored events/locations
events/locations.
24. Fraud
What to Look for
High/Unexpected Turnover
Accounting Anomalies â numbers just donât make sense.
Systems or procedures that are not well designed / documented /
understandable / well known.
Employees that appear to be living beyond their means.
Employees lifestyle changes or behavior changes.
25. Fraud
What to Look for
Employees experiencing financial difficulties.
Employees who take on more authority than needed for their job
responsibilities.
ibiliti
Employees who are uncooperative with management oversight,
audits or independent reviews.
p
Employees with inflated ego/craving for success.
Employees who voluntarily take on unusual work schedules schedules,
refuse to take vacations, or who are hesitant to delegate tasks.
26.
27. Protecting Your Business/Entity
Fraud Prevention
It is easier to prevent fraud than detect it.
⢠Increasing the perception of detection might be the most effective
fraud prevention method
method.
⢠Going back to the fraud triangle, it is difficult to take away the
pressure the individual is under or the rationalization (although
these can be mitigated), so organizations should focus primarily
on limiting opportunity.
⢠This is especially challenging in light of all of the issues we have
already brought up in regard to decreased staff, management
and resources.
28. Protecting Your Business/Entity
Fraud Prevention
Some ideas to mitigate risks associated with financial pressures:
⢠Make sure management incentives are not overly aggressive.
⢠Pay attention to what is going on in employees personal lives.
Has spouse lost their job? New kid in college? Unanticipated
medical expenses?
p
⢠Is there any way your company can help the employee
through the tough time? Build gratitude instead of resentment.
29. Protecting Your Business/Entity
Fraud Prevention
Some ideas to mitigate risks associated with rationalization:
⢠In staff meetings, promote that the organization stands for
high ethics
ethics.
⢠Introduce/reinforce code of ethics, conflict of interest policy,
etc.
⢠Hold accountable those that violate these standards.
⢠Present a sense of teamwork, that everyone is in this
together.
⢠When hiring, do a thorough background check!
30. Protecting Your Business/Entity
Fraud Prevention
Some ideas to mitigate risks associated with opportunity:
⢠Implement whistleblower policy that truly allows anonymous
reporting.
reporting
⢠Foster an open door policy environment.
⢠Discipline violators/wrong doers.
⢠Change it up! Management should ask for different reports from
time to time.
⢠Ask questions and follow up on unanswered questions.
31. Protecting Your Business/Entity
Fraud Prevention
Some ideas to mitigate risks associated with opportunity - Continued
⢠Monitor and Review â with decreased management and staff, the
business owner/board and CFO need t play a more active role i
b i /b d d d to l ti l in
monitoring operations.
⢠Business owners/Boards and CFOs should meet with the external
and internal auditors and ask what areas they feel are the high
risk , and what can be done.
⢠Be sure that the policies and procedures are documented
documented,
understood, and enforced, especially in the high risk areas.
32. Protecting Your Business/Entity
Fraud Prevention
Some ideas to mitigate risks associated with opportunity â Continued
⢠Enforce holidays, vacations and handover of work.
⢠Ensure that both physical access to the premises and computer
access are appropriately limited or removed.
⢠Management/Owner/CFO review journal entry reports, payroll
change reports, bank reconciliations, receive bank statements
and investment statements unopened and review.
⢠If staffing is limited, segregation of duties can be a challenge, so
additional monitoring is needed in these areas.
33. Protecting Your Business/Entity
Fraud Prevention
Separation of duties can be difficult in a small accounting/business office.
Suggestions for splitting up duties in 2, 3 and 4 person offices.
Quick Books - Set it up to take advantage of system controls and reports
that can help prevent and detect fraud.
34. Protecting Your Business/Entity
Fraud Prevention
Some ideas to mitigate risks associated with opportunity â Continued
⢠Perform a risk assessment to identify fixed assets that are most
likely bj t to fraud d develop a security plan.
lik l subject t f d and d l it l
⢠Consider an outside IT risk review.
⢠Secure monies properly in a locked safe. Deposits should be made
daily.
⢠Get on line banking under control
on-line control.
35. Protecting Your Business/Entity
Fraud Prevention
Protect bank accounts
⢠Many businesses use at least some on-line banking tools. Be sure to
follow recommended computer/internet security practices.
⢠Definitely do not use âsharedâ user ids and passwords. If fraud
happens, how would you know who did it?
⢠Monthly
M thl account reconciliation i not enough f b k accounts th t
t ili ti is t h for bank t that
hold high dollars or have frequent transactions. Better to reconcile
daily.
⢠Consider setting up Positive Pay restrictions. Your bank will only
accept only the checks and ACHâs you tell them you have issued.
Again, be careful of separating the duties of persons who create the
checks & ACH instructions and those who issue the Positive Pay
lists.
36. Protecting Your Business/Entity
Fraud Prevention
Protect bank accounts - Continued
⢠Wires â Set up meaningful verification processes. Set up specific
wire instructions with your bank as to the telephone # and person
they can speak to verify wire instructions.
⢠Bank account changes - Set up similar verification procedures for
your bank to confirm that administrative changes to your accounts
are authorized.
⢠Consider setting up restricted funds transfer lists with your bank.
(For A/C # XXXX, funds may be transferred only to A/C # YYYYY
and A/C # ZZZZ)
37. Although fraud controls do not prevent all fraud, they do greatly reduce the loss. Additionally, on average,
the fraud was detected 7 months sooner than in organizations that did not have the control in place.
Median Loss Based on Presence of AntiâFraud Controls
Control Percent of Cases Implemented Control In Place Control Not In Place Percent Reduction
Hotline 48.6% $100,000 $245,000 59.2%
Employee Support Programs
E l S P 44.5%
44 5% $100,000
$100 000 $244,000
$244 000 59.0%
59 0%
Surprise Audits 26.2% $27,000 $200,000 51.5%
Fraud Training for Employees 30.6% $100,000 $200,000 50.0%
g g /
Fraud Training for Management/Execs 41.5% $ ,
$100,000 $ ,
$200,000 50.0%
Job Rotation/Mandatory Vacation 14.0% $100,000 $165,000 46.8%
Code of Conduct 0.2% $140,000 $262,000 46.6%
AntiâFraud Policy 30.0% $120,000 $200,000 40.0%
Management Review
Management Review 53.3%
53 3% $120,000
$120 000 $200,000
$200 000 40.0%
40 0%
External Audit of ICOFR 50.3% $140,000 $215,000 34.2%
Internal Audit/FE Department 0.4% $145,000 $200,000 30.6%
Independent Audit Committee 53.2% $140,000 $200,000 30.0%
Management Certification of F/S 58.2% $150,000 $200,000 25.0%
External Audit of F/S 76.1% $150,000 $200,000 25.0%
Rewards for Whistleblowers 7.4% $112,000 $155,000 23.2%
38. Tips are by far the most frequent way that fraud is found.
39. Hotlines are an effective way to facilitate the collection of tips.
40. Fraud
What to do if you See or Suspect Fraud
1.
1 Call the attorney
2. Call the Owner, President of the Board/Finance Committee
3. Call the CPA firm.
4. Call your insurance company
5. Then make the decision with your trusted advisors what the next
step is.
6. In
6 I most cases, company will end up reporting th case t l
t ill d ti the to law
enforcement. In order to prosecute, the case will need to be
thoroughly documented and evidence preserved.
41. Final Thoughts
Severe economic pressures can cause previously honest people to
become dishonest
dishonest.
Fewer people normally result in poorer segregation of duties.
This is overcome by more owner/board and management oversight,
either real or perceived.
As the economy recovers and businesses get busier the controls that
busier,
were weakened during the recession will be under even more stress.
Fix weak controls before a fraud event happens!
Good controls keep honest people honest!