The document discusses the COSO internal control framework and its five components for organizational and functional levels. It then examines common internal control weaknesses that can contribute to fraud, examples of internal fraud, and specific factors that allowed fraud to occur in cases of embezzlement, billing fraud, corruption, payroll fraud, and expense reimbursement schemes. Finally, it lists internal controls that were modified or implemented in organizations after fraud was discovered.

1. A Global Reach with a Local Perspective
www.decosimo.com

2. CONTACT ME
Pam Mantone, CPA, CFF, CFE,
CITP, FCPA
Senior Manager
pammantone@decosimo.com
423-756-7100
The contents and opinions contained in this presentation are my opinions and do not reflect the
representations and opinions of Decosimo.

3. COSO Control Framework

4. COSO Control Framework
• Control environment
Organizational • Risk assessment
level • Communications
• Monitoring
Functional • Control activities
level • Information systems

5. Control Environment Principles
Hard Controls
• Attention and direction by a board of directors
and/or audit committee
• Organizational Structure
• Manner of assigning authority and
responsibility
• Policies and procedures
Soft Controls
• Integrity and ethical values
• Commitment to competence
• Management’s philosophy and operating style

6. Control Environment Factors
 Appropriate oversight
 Hiring practices
 Demonstration of integrity in every day
dealings with customers, employees, suppliers
and other parties
 Workload
 Communication to employees on
management’s views of business practices and
ethical behavior
 Management takes appropriate action to
address known departures from approved
policies and procedures or unacceptable
business practices or conduct
 Investigation of alleged fraud incidents

7. Inherent Limitations
Judgment
Cost/benefit
Breakdowns
considerations
Point-in-time Management
evaluation override
Materiality Collusion

8. Control Weaknesses that Contributed to Fraud
Primary Internal Control Weaknesses
Poor Tone at the Top
2010 Report Lack of Competent Personnel in Oversight Roles
to the Lack of Independent Checks/Audits
Nations Lack of Employee Fraud Education
Lack of Clear Lines of Authority
Lack of Reporting Mechanism
Lack of Internal Controls
Override of Existing Internal Controls 6.9%
Lack of Management Review
8.4% 5.6%
17.9% 1.9%
19.2% 1.8%
37.8% 0.6%

9. Internal Fraud
• Embezzlement – skimming,
check tampering, cash larceny,
wire fraud, check fraud
• AP – Billing Fraud
• Theft of confidential
information
• Kickbacks - corruption
• Payroll fraud
• Expense reimbursement
schemes

10. Internal Fraud
• Financial statement fraud
• Illegal financial
transactions
• Embezzlement/theft
• Concealing material facts
• Giving/accepting bribes
• Expense reimbursement
schemes

11. What Went Wrong – Embezzlement
 Trust and absence of skepticism (think Madoff)
 Open access to blank checks, financial records, and/or
cash
 Improper or no bank statement reconciliation or review
 No monitoring of customer complaints
 No verification/approvals of discounts, credit memos
 No review of delinquent accounts
 Did not perform analytical procedures that compare
adjusted inventory levels to sales
 No review of journal entries posted to balance accounts
 No detailed review of inter-bank and/or inter-company
transfers
 No review of the allowance for doubtful accounts

12. What Went Wrong – Billing Fraud
 No review of vendor transactions for non-
consecutive vendor invoice numbers
 Hint: Many vendors will assign the same beginning
invoice number to each customer, i.e. 98XXXXXX
 POs not required and/or not pre-numbered
 Did not maintain a listing of outstanding POs
 No management approval of purchases and
payments
 No review of vendor monthly statements for O/S
items
 Did not develop or maintain an approved vendor list
 Did not use competitive bids

13. What Went Wrong – Corruption
 No review of recent purchases to see whether the same
vendor is winning bids let by a specific purchasing agent
 Did not include a right-of-audit and access to vendor’s
books clause in contract
 Did not conduct background checks on new vendors or
obtained references
 Competitive bids opened by one employee
 No company policy addressing the receipt of gifts by an
employee
 No conflict-of-interest policy
 Lack of independent review of vendor pricing
 No follow-up discussions with vendors who did not win
the contracts

14. What Went Wrong – Payroll
 Lack of appropriate approvals for overtime, rate of pay,
commission rates
 Did not use a separate bank account (impress account)
or use direct deposit
 No approvals for all changes in the employee master file
 No external review of payroll registers and general ledger
to tax reporting
 Did not designate someone outside of payroll as contact
for taxes, etc.
 No comparison of the number of employees to actual
number of payroll checks issued
 No periodic review of paid leave and vacation totals per
employee

15. What Went Wrong – Expense reimbursements
 Original receipts not required
 P-Card statements, credit card statements, etc. not
reconciled or not reconciled timely
 No requirement to close out cash advances
 No comparison to prior year’s expenses
 No review of support documentation for duplicates,
sequential numbers, or unusual amounts.
 No comparison of dates of expenditures to
expected travel dates
 No review and approval of expense reports
 No established policies regarding travel, hotel and
meal guidelines and limits on entertaining

16. What Went Wrong – Financial Statement Fraud
 Lack of effective oversight
 Organizational structure complex with no clear
lines of reporting authority
 Lack of the appropriate “Tone at the Top”
 Setting unachievable financial goals and applying
excessive pressure to employees to achieve them
 Unfair compensation systems with compensation
based upon incentives
 Lack of physical security or restricted access
 No clear and uniform accounting procedures

17. Internal Controls Modified or Implemented
Increased Segregation of Duties
Management Review
Surprise Audits
2010
Report to 4% 3% 2% Fraud Training for Employees
the Nation 4% 3% 2% 2% 1% Job Rotation/Mandatory Vacation
5% 26% Internal Audit/FE Department
Anti-Fraud Policy
9% 21%
Code of Conduct
5% External Audit of F/S
6% 7% Hotline
External Audit of ICOFR
Independent Audit Committee
Management Certification of F/S
Rewards for Whistleblowers
Employee Support Programs