2017 NACACS - Building Fraud & Spend Review Program

PowerPoint Presentation

Building a Fraud & Spend Review ProgramNathan Anderson, CISA, CRISCDVP Internal Audit, Sears Holdings

Copyright 2017 Information Systems Audit and Control Association, Inc. All rights reserved.

Topics CoveredThe case for audit performing cost oversightTop cost oversight opportunitiesApproach to assessing opportunitiesEstablishing cost oversight processesCase studies Spendthrift application demo


Case for Audit Performing Cost Oversight


Reasons for Assessing Cost OversightStrategic focus area for organizationLack of effective cost oversight processes & controlsReach and regard for audit functionAnalytics & technical capabilitiesUnique combination of financial and process focus


Cost Oversight ConsiderationsLack of leadership supportChallenges collaborating with business Access to relevant data Resource limitations


Top Cost Oversight Opportunities


Travel & Procurement CardLack of receipts / supporting documentationPolicy violationsDuplicate paymentsInappropriate transaction types or spend levelsGhost card abuseFocus on one-off processes & disparate systemsCollaboration with Procurement, Field Operations, SG&A


PurchasingNon-merchandise purchasingHighly complex areas (telecom, marketing, etc.)Focus on high-spend categoriesFocus on one-off processes & disparate systemsCollaboration with Procurement, Accounts Payable, Vendor Management, SG&A


Payroll & ContractorsTerminated personnel still receiving paychecksGhost employee identificationPayments to contractors no longer active


Approach for Assessing Opportunities


Spend Oversight AuditsFocus on 1st and 2nd line of defense effectivenessHighlight lack of existing controls Quantify risk of waste, fraud, and abuse by process/areaLeverage cost recovery firm assessmentsGain familiarity with data


Audit Example: TelecomApproach for Assessing Opportunities


Telecom Spend Oversight Audit BackgroundTwo cost recovery firms were hired to identify and recover inappropriate spendInternal Audit obtained details from both auditsKey Objectives: Understand all reported waste and how it was identifiedConfirm that identified waste was truly discontinuedHighlight root causes for waste to help prevent future need for recovery audits


Telecom Firm 1: Savings Categories

Key cost recovery opportunities~$350k savings proposed


Telecom Firm 2: Savings Categories

~$2.2m savings proposedKey recovery opportunity: Unused lines/circuits


Audit Finding: Savings Opportunities

Opportunities for preventive controls


Telecom Firm 1: Spend by Location

Abnormally large spend: Overall CorporateOnlineOpportunity: Monitor % change by site over time


Opportunity AnalysisGain access to relevant informationPivot table analysisIdentify and focus on top opportunities Determine auditability of areaDevelop and test fraud, waste, and abuse scenarios


Opportunity Analysis ProcessObtain & evaluate available dataDevelop fraud, waste, & abuse scenariosAssess potential opportunityIdentify existing processes & controls1432


Example: PurchasingBuild Scenarios & Evaluate Data


Fraud, Waste & Abuse ScenariosMore than 50% of invoices by a single vendor are divisible by 1,000 (more than 4 invoices)More than 50% of invoices by a single vendor are between $50K and $100K (more than 4 invoices)Invoice frequency is higher than 8 in a single monthBackdated Vendor / Invoice was submitted before the vendor was created.Single invoice vendor (one time vendor) over X period of timeSequential InvoicesRandom Sample of Marketing & Consulting Invoices


Required Purchasing DataVendor Name / NumberInvoice DateProcessing DateAmountAccount #Vendor Create DateVendor YTD SpendAccount YTD Spend


Assess Spend Appropriateness: Email RequestsCan you provide some additional detail on who this vendor is, what service they provide to us, and what type of ROI we obtain on these activities?Can you give me some insight to their billing structure with us? How often are they billing us and how are those charges calculated/what are they based on?Were multiple bids obtained (greater than $100k in spend question)?What value has been obtained from the service that was provided?

Based on the answers to these questions, additional support is gathered or further questions are asked


Inappropriate Spend Example #1Pagemaster CorporationProvided access to 100k mobile smart phones to offer members for free when they sign a contract with the carrier. We receive $30 for each contract, resulting in a $3M potential opportunity. Spent $100k in December 2015As of October 2016, 42 phones have been sold.


Inappropriate Spend Example #2Medialink IncAssisted with lead generation and helped provide senior level contacts for Partner efforts. Leadership was unsure how many total connections they made for us. Let them go because didnt think the expense was worth it. Managed by people that arent here anymore.Total spend $350k (7 invoices of $50k each)


Inappropriate Spend Example #3Holiday Foliage Inc.Provided decorative planters for the cosmetic department of 8 storesSpent $63,150


Example: Travel & Procurement CardAssess Size of Opportunity


Total Travel & Procurement Card Spend

Corporate & Field ExecutivesAutomotive & In-Home RepairGhost CardsCash ReimburseCorporate & Field Associates

~ $150M in FY15 / ~ $171M in FY14

~ $70M in FY 201511234

~ $18M in FY 2015


Travel & Procurement Card: Spend by Category


Example: Travel & Procurement CardEstablishing Cost Oversight Processes


Clarify Goals & ObjectivesClarify with audit leader and business unitsAlign to overall strategyWhat can audit commit to delivering?Tangible results (e.g., cost recovery target, policy violations identified)Intangible results (e.g., preventive measure, watchdog effect)


Example: Travel & Procurement CardPrevent questionable cash reimbursementsInfluence employee behavior through:Escalation to manager, HR, LegalExplanation and Education about expense rulesHold employees accountable for unethical behaviorEscalate cases of inappropriate behavior to HR and compliance


Implement Manual Oversight ProcessRule of thumb: You cant automate what doesnt exist.Establish repeatable process for data updatesAssess based on scenarios and thresholds; test and learnExecute standard communications and escalationsAlign process with existing policies & procedures


Implement Manual Oversight ProcessAnalyst review & researchList of red-flagged recordsCorrespondence with related partiesFinal determination & notification1342Updates relevant parties & metrics5


Travel & Procurement Card RulesIdentify Red Flags: Outlier Review (Inappropriate spend)Be targeted find the false positivesDuplicate ReimbursementCash reimbursement with matching credit expenseMileage Calculations


Example: Query Logic to Identify Red Flags


Review of Outliers in Group Meal Category


Group Meal Quantifications


Group Meals - # of Meals & Average Per Person Spend

False PositiveConfirmed Abuse


Group Meals Poor Judgment #1








Group Meals External Partners


Group Meals - QuantificationCategorized each sample reviewed based on business responseDetermine next steps and action items


Contractor Example


Contractor Example


Contractor Example


Car Rental Example


Car Rental Example


Car Rental Example


Duplicate Reimbursement Review






Implement measures & metricsEnsure that metrics answer critical questionsPursue challenging questions: What does our process assess? What does it exclude?Are we achieving our stated goals?Are we able to measure our cost reduction? How do we conclude and finalize questionable items?


Implement measures & metrics# of Total Expenses (Bank of America)# of Total Expenses (Bank of America - Non-Concur - Ghost Card)# of Total Expenses (Bank of America - Non-Concur - In Home)# of Total Expenses (Bank of America - Non-Concur - Automotive)# of Total Expenses (Bank of America - Concur)# of Total Expenses (Concur - Cash)# of Total Expenses (Concur )# of Total Expenses (Concur - Spendthrift)# of Total Expenses (Concur - Cash)# of Total Expenses (Concur - Credit)# of Expenses Reviewed# of Expenses Skipped# of Expenses False Positives# of Expenses Flagged# of Expenses In Review# of Expenses Finalized# of Expenses Appropriate# of Expenses Inappropriate

# of Explanations Requested# of Explanations Outstanding# Pending Associate Response# Pending Audit Response# of Explanations Finalized# Confirmed Appropriate# Confirmed InappropriateInappropriate Ratio (Total)Inappropriate Ratio (by Type)# of Escalations to Team LeadEscalation Ratio


Maturing Spend Review ActivitiesFormalize program documentation for long-term sustainabilityFor dedicated roles Partner to:Enhance existing applicationsAutomate data feedsBuild spend review applications


Spendthrift Application Demo


Thank you for attending!


2017 NACACS - Building Fraud & Spend Review Program

Data & Analytics

Transcript of 2017 NACACS - Building Fraud & Spend Review Program