Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
-
Upload
rea-associates -
Category
Documents
-
view
223 -
download
0
Transcript of Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
1/41
Annual OAPT Conference -Understanding Internal Control &
Fraud PreventionOctober 4, 2012
Presented by: Chad Welty, CPA
Principal, Government Services
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
2/41
Today.
Five Components of Internal Control
Fraud Triangle
Fraud Risk Assessment
Fraud Statistics
Fraud Prevention Tips
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
3/41
What is the definition of Internal Control?
Internal Control can be defined as the sum of:
An accounting procedure or system designed to promote :
Efficiency and effectiveness
Assure the implementation of a policy
Safeguard of assets
Avoid fraud
Avoid errors
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
4/41
Five components of Internal Control
Control Environment
Risk Assessment
Information and Communication
Control Activities
Monitoring
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
5/41
Internal Control - Environment
DefinitionManagements attitudes, awareness, andactions concerning the importance of a control.
The Environment sets the tone of the entity
Influences the control consciousness of its people Serves as the foundation for all internal control components,
providing components, discipline, and structure.
The best designedpolicies and procedures have little
hope of being effective without the proper tone at thetop.
Management must lead by example. Controls are not limited to
staff.
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
6/41
Internal Control Risk Assessment
DefinitionThe entitys identification and analysis of relevant risksto the achievement of its objectives, forming a basis for determininghow the risk should be managed.
This is an ongoingprocess. The risks of yesterday, may not be the risksof today or tomorrow.
Risks must not only be identified, but must be anticipatedso they canbe avoided or mitigated. (analogy installation of lights at a railwaycrossing beforean accident occurs).
Managements focus on identifying riskshould start with change:
Change in operating environment
Change in personnel
Change in information systems and technology
New programs or services provided
Change in structure
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
7/41
Internal Control Risk Assessment cont
Management should also focus on the inherent risks
Complexity
Cash receipts
Third-party beneficiaries
Prior problems
Prior unresponsiveness to identified control weaknesses
Payroll withholdings
Fake vendors
Credit/purchase cards
Central garage/storage locations
Proper training, ongoing efforts, responsiveness and commitment toongoing assessment will strengthen internal controls to ensure a strongframework.
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
8/41
Internal Control Information &Communication
DefinitionThe identification, capturing, and exchange of information in a form and on atimely basis to enable employees to carry out their responsibilities.
Management must be able to obtain reliable information to determine and assess riskand communicate polices and other information to those who need it.
Potential issues effected by information:
The entitys performance evaluation vs strategy or goal
Impact on efficiency and effectiveness
Management decisions on use of resources (financial or human)
Management can develop the best internal control environment, policies andprocedures, etc., however if not properly communicatedthey may as well not exist.
Written policies and procedures distributed
Training programs established
New hire orientations
Polices posted on websites for easy access
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
9/41
Internal Control Information &Communication cont
Potential issues facing communicationof information:
Effectiveness and efficiency in the performance of the duties of employees
Lack of communication channels available to employees to report suspected
improprieties
Untimely information reporting causing reduction in usefulness to makedecisions
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
10/41
Control Activities
Definition The policies and procedures that help ensuremanagement directives are carried out.
As a result of ongoing risk assessmentand the strategies tocommunicate information, management must develop policies andprocedures to carry out and meet the goals and strategies of the entity.
Traditionally, control-related policies and procedures related to financeare classified into one of the following categories:
Authorization
Properly designed records
Security/safeguarding of assets and records Segregation of duties
Periodic reconciliations
Analytical review
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
11/41
Internal Controls - Monitoring
Definition The process used by those charged with governance(management AND the elected taxing authority) to assess the
quality of internal control over time.
The best developed control policies and procedures require changes
over time as the environment changes. Not only are controls implemented to reduce/eliminate problems, they
should be designed to alert management of a potential problem.
Without proper monitoring, these problems could go undetected.
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
12/41
Internal ControlsMonitoring cont
The Roles in monitoringinternal controls
Who is ultimately responsible for internal control?
THE GOVERNING BODY!!
Its the job of the governing board to ensure that management meets all of itsresponsibilities.
How can this be achieved? Establish an audit committee
Audit Committee responsibilities may include independent reviews and oversight of:
Reporting processes
Internal controls
Independent auditors
Who is primarily responsible for internal control?
MANAGEMENT!!
Fundamentally a management concern since it uses the tools and techniques in orderto achieve managements objectives
Whos role is it to validate the success of designed controls and determine operatingeffectiveness.
YOUR AUDITORS!!
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
13/41
Internal Controls Inherent Limitations
No internal control framework can be perfect.
Inherent limitations include:
Management over-ride of controls (policies and procedures)
Collusion Cost of the control (policy or procedure) should not cost more than the
benefit it was expected to achieve
Human judgment can be faulty, human errors and mistakes
Limitation on segregation of duties based on number of employees
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
14/41
Cresseys Fraud Triangle Concept that datesback over half a century. Generally for fraud to occur,three things must be present:
Opportunity
RationalizationPressure/Incentive
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
15/41
Fraud Triangle
Pressure Financial need that is often unwilling to beshared (addictions, debt, etc.) or that emotions haveimpacted the person (sick child or keeping up with theJoneses)
OpportunityThe ability to commit a fraudulent activitymust exist (weaknesses in internal control or the abilityto override them)
RationalizationWhen a person has the ability to
justify their actions (Im underpaid, Ill pay it back, or thehealth of my child is more important)
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
16/41
It Could Happen to You
Embezzlement of Utility Payments
Missing Evidence
IT Equipment and Purchases
Off-the Books Bank Accounts
See the AOS website for numerous stories and findings
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
17/41
What is Fraud Risk Assessment?
Proactive approach to mitigating fraud in your
organization
Analyzing where fraud can occur in your organization
Fraud Prevention vs. Fraud Detection
Prevention = Proactive
Detection = Reactive
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
18/41
Who is Responsible for Risk Assessment
Governing Body
Audit or Finance Committee
Mayor/Administrator
Finance Director/Treasurer
Executive Staff
Everyone throughout the Organization informal lines
of communication
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
19/41
Definition of Fraud
Intentional perversion of truth in order to induce anotherto part with something of value or to surrender legalright. (Mirriam-Websters online dictionary)
Association of Certified Fraud Examiners (ACFE)
Misrepresentation of material facts
Concealment of material facts
Bribery
Conflicts of Interest Theft of money and property
Breach of Fiduciary Duty
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
20/41
Risk Assessment Includes:
Risk Identification
Risk Likelihood
Significance Assessment
Risk Response
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
21/41
Risk Identification
Risk Identification
Gathering information from both internal and external sources
Brainstorming
Interviews
Analytical Procedures
Trend analysis: vendor example
Where are the inherent risks?
Cash collection points
Lack of oversight
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
22/41
Risk Identification cont.
Risk Identification
Incentives/Pressures
Budget constraints
Performance Bonuses
Opportunities
Cash collection points
Segregated accounts
Access to create vendors
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
23/41
Risk Likelihood
Risk Likelihood
More interviews
Historical information
Analyze vendor listing
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
24/41
Risk Response
Consider cost-benefit
How will council/management respond
Increased Training
Surprise Audits
Change in Policy and Procedure
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
25/41
Types of cases at risk
4
9
18
12
25
15
10
27
19
33
50
0 10 20 30 40 50 60
Register Disbursements
Financial Statement Fraud
Payroll
Cash on Hand
Skimming
Check Tampering
Larceny
Non-Cash
Expense Reimbursements
Billing
Corruption
Government & Public Administration-141 Cases
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
26/41
Who are the perpetrators?
17.6%
37.5%
41.6%
16.9%
41.0%
42.1%
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0%
Owner/Executive
Manager
Employee
2010
2012
Position of Perpetrator-Frequency
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
27/41
Tenure of Perpetrator
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
50.0%
< 1 Year 1-5 Years 6-10 Years >10 Years
5.7%
45.7%
23.2%25.4%
5.9%
41.5%
27.2%25.3%
2010
2012
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
28/41
Schemes from Perpetrators working in
Accounting Department
5.1%
9.2%
5.5%
17.1%
13.3%
17.1%
18.4%
17.1%
22.9%
31.1%
29.7%
3.1%
7.2%
15.4%
25.1%
16.6%
11.4%
11.6%
11.2%
15.7%
26.1%
14.9%
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0%
Register Disbursements
Financial Statement Fraud
Non-Cash
Corruption
Expense Reimbursement
Cash on Hand
Payroll
Cash Larceny
Skimming
Billing
Check Tampering
All Cases
Accounting
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
29/41
Schemes from Perpetrators in Executive orUpper Management
1.3%
11.6%
12.5%
13.8%
13.8%
14.3%
16.1%
18.3%
29.9%
40.6%
48.7%
2.5%
11.9%
13.8%
15.1%
20.8%
8.2%
12.6%
15.7%
21.4%
32.7%
53.5%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0%
Register Disbursements
Cash Larceny
Cash on Hand
Skimming
Financial Statement Fraud
Check Tampering
Payroll
Non-Cash
Expense Reimbursement
Billing
Corruption
2012
2010
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
30/41
Behavioral Red Flags Based on Perpetrators
Position
8.3%
11.2%
11.9%
30.5%
32.7%
16.8%
23.4%
27.2%
25.0%
37.2%
26.0%
24.3%
21.7%
23.0%
39.6%
0.0% 5.0% 10.0%15.0%20.0%25.0%30.0%35.0%40.0%45.0%
Wheeler-dealer attitude
Control issues, unwillingness to share duties
Unusually close association with vendor
Financial difficulties
Living beyond means
Owner/Executive
Manager
Employee
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
31/41
Behavioral Red Flags
Behavioral Red Flag Percent of Cases
Living beyond means 35.6%
Financial Difficulties 27.1%
Unusually close associationwith vendor
19.2%
Control Issues,
Unwillingness to Share
Duties
18.2%
Divorce/Family Problems 14.8%
Wheeler-Dealer Attitude 14.8%
Irritability, Suspiciousness or
Defensiveness
12.6%
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
32/41
Behavioral Red Flags
Behavioral Red Flag Percent of Cases
Addiction problems 8.4%
Past-employment-relatedproblems 8.1%
Complained about
inadequate pay
7.9%
Refusal to Take Vacations 6.5%
Excessive Pressure fromWithin Organization
6.5%
Past Legal Problems 5.3%
Source: ACFE 2012 Report to the Nations on Occupational Fraud and Abuse
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
33/41
Billing Schemes
False invoicing through a shell company
Personal purchases with government funds
False invoicing through an established vendor
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
34/41
False Invoicing
Fake invoice no service or product exchange
www.customreceipt.com
http://www.customreceipt.com/http://www.customreceipt.com/ -
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
35/41
Fake invoices many times lack information
Street address PO box only
Phone number
Good description
Logo
Packing slip for products purchased
Shipping destination for products
Invoice numbers are sequential
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
36/41
Vendor Files
What needs done to vendors files
Clean vendor file annually
Vendor approval process
Training
Google new vendor requests
IT controls limiting access
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
37/41
Employee Expense Reimbursements Whatto look for:
Lack of invoice
Fake invoices
Lack of detail on invoices
Wrong mileage
False mileage
Personal expenses
Alcohol
Per diems with no detailed receipts required
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
38/41
Effective Fraud Deterrents
Written Fraud Policy
Policy sets expectations
Zero Tolerance
Review and sign-off by each employee for personnel file
Include Reporting Process
Whistleblower Protection
Issues addressed consistently and timely
Ethics Policy, Conflict of Interest PolicyTraining
Continuous Risk Assessment
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
39/41
Steps to Reduce Fraud Risk
Fraud risk analysis performed
Educate
Tone at the Top
Conflict Disclosures (Council and Management)
Establish whistle-blower hotlines
Rotation of job duties
Zero tolerance
Background checks for new hiresdont hire crooks
Keep eyes and ears open regarding employee behavior
Discuss concerns with auditors
Establish effective Internal Audit division
Use of Data Mining Software
Surprise audits
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
40/41
Highlights
Understand the Five Components of Internal Control
Everyone is responsible for effective and efficient control
development and/or application
Train your Team(s)Ongoing evaluation of controls and fraud risk
assessment
Fraud Statistics
Fraud Prevention tips
Trust is never a control!
-
7/30/2019 Understanding the Dynamic Relationshipo Between Internal Controls and Fraud Prevention
41/41
Annual OAPT Conference -Understanding Internal Controls & Fraud
PreventionOctober 4, 2012
QUESTIONS???