AUDITING FOR FRAUD

Or

What Does Fraud Look Like?

2013

RED FLAGA set of circumstances that are

unusual in nature or vary from the “normal activity”

CAUTION Do not ignore a red flag

Conduct inquiry to determine reason for abnormal circumstances

Sometimes an error is just an errorIs there intent?

QUOTE OF THE DAY

Fraud and Stupid Often look exactly

the same

FRAUD TRIANGLE

RationaleNeed

Opportunity

Control Environment

CONTROLLING OPPORTUNITY #1 Reason Fraud Occurs:

Blind Trust

EMPLOYEE RED FLAGS High employee turnover Refusal to take vacation or sick leave Lack of segregation of duties Lifestyle changes Significant personal debt and credit

problems Behavioral changes

Drug or alcohol relatedGamblingFear of losing job

EMPLOYEE RED FLAGS Low or inadequate salary Difficulty in obtaining audit evidence Severe disciplinary actions Lack of respect or appreciation by

superiors Resentment for not being treated fairly

WHAT DOES FRAUD LOOK LIKE Remember that employees will

circumvent internal controls not for the purpose of committing fraud, but because….

It makes their job easier, but by doing so, an opportunity is provided

Sooner or later, an employee will have a need

They only need to be able to rationalize in order to take advantage of the opportunity

MANAGEMENT RED FLAGS Reluctance to provide information to

auditors Frequent changes in P-Card accounts Frequent changes in external auditors Missing documentation Often misplacement of the P-Card Frequent reports of fraud reported at the

end of the cycle

MANAGEMENT RED FLAGS

Excessive number of voids, discounts and returns

Accounts that are not reconciled in a timely manner

Split Purchasing Large number of charges to the same

vendor in a short time frame

MANAGEMENT RED FLAGS Missing receiving documentation High volume of purchases from a new

vendor Frequent requests for increase in P-card

monthly limits Turns in reports late or last minute Doctored receipts

REASONS FRAUD ISN’T SEEN We tend to accept any “Reasonable”

explanation We assume We just don’t want to find fraud It takes time Lack of training to recognize basic

internal controls

ACKNOWLEDGEMENT Recognizing the red flag is not sufficient Action must be taken to determine the cause

and the possible effect

Evaluate by: Observation Financial analysis Correct the situation Educate the responsible people

(red flags are most likely a warning that something is wrong either personally or professionally)

ACKNOWLEDGEMENT Red Flags are “Warnings” Do not ignore (They will be waiting for

you!) There are no “Little Frauds”

OMES P-Card Team suggests that you internally audit a random selection of charges each month

Put consequences in place for your p-card holders if rules are not followed

Make sure your policy and procedures are up to date

ACKNOWLEDGEMENT Look for duplicate charges Look for multiple purchases at the same

vendor Look for vendor names that seem like

an unusual place to buy product for what is needed

Always read the comments put in by the cardholder- they can give you information that might raise a flag

KEY ROLES Cardholder responsibility Do and don’ts of the program Program manager responsibilities Approver responsibilities Auditors

Breakdown of any of these roles can cause fraud to slip through the cracks

PROMOTE COMPLIANCE FROM THE START

Training- P-Card initial class Training aids posted online Refresher training every 2 years

The agency can perform this training and highlight issues their agency is having

All communication should emphasize compliance

Does it meet the scrutiny test??

FRIENDLY FOLLOW-UP Communicate using multiple methods Ask very specific “detailed” questions

when transactions are “flagged” Direct cardholders to additional

resources Follow-up routinely and consistently

until adequate response is received Advise cardholder when the matter is

resolved End each communication with your

contact information

INCORPORATING AUDIT RECOMMENDATIONS

Compare historical audit findings Look at other agencies’ audit findings

and recommendations Clearly define violations Consistent follow-through

CONCLUSION Use the gathered information for

continuous improvement Make sure appropriate controls and

workflows are in place Train, communicate, respond

accordingly

Questions?