1. The Importance of a Fraud & Misconduct Strategy NYSICA
March 25, 2004
Presented by:
Christopher J. Rosetti, Partner
BST Advisors, LLC
Forensic Accounting and Investigative Services
2. BST Advisors, LLC 1 AGENDA: Introduction
Tone at the Top
Code of Conduct
Effective Fraud and Misconduct Strategy
Best Practices
Grant Administration
3. BST Advisors, LLC 2 Unknown: “Confidence and trust are like a mortal’s need for air. When the required good is present, it’s never noticed. When it’s missing, it’s all that’s noticed”
4. BST Advisors, LLC 3 Public Misconduct
5. Audit Risks for the Public Sector
6. BST Advisors, LLC 5 The Principal Types of Fraud Bribery
Conflicts of Interest
Theft of Money or Property
Breach of Fiduciary Duty
7. BST Advisors, LLC 6 Bribery Giving or receiving a thing of value to influence a business decision without the consent or knowledge of the principal.
8. BST Advisors, LLC 7 Conflicts of Interest An agent taking an interest in a transaction that is actually or potentially adverse to the principal without full and timely disclosure to the principal
9. BST Advisors, LLC 8 Theft of Money or Property Embezzlement
The defendant took or converted, without the knowledge or consent of the organization, money or property of another that was properly entrusted to the defendant.
Larceny
Taking and carrying away money or property of another, without the consent of the owner, with the intent to permanently deprive the owner of its use or possession.
10. BST Advisors, LLC 9 Breach of Fiduciary Duty The principal fiduciary duties are loyalty and care.
Duty of Loyalty requires that the employee act solely in the best interest of the employer, free of any self dealing, conflicts of interest, or other abuse for personal advantage.
Duty of Care requires that persons in a fiduciary relationship must conduct business affairs prudently with the skill and attention normally exercised by a person in similar positions.
11. Many technological advances reduce the audit trail and facilitate perpetration of sophisticated computer crimes which siphon funds to fictitious or unauthorized accounts.
12. BST Advisors, LLC 11 Internal Control Facts Internal control starts with a strong control environment:
Management has the proper attitude and operating style
Management is the owner of internal control
Internal controls are built into the business process
Adapted from the 12/03 issue of Financial & Audit Solutions
13. BST Advisors, LLC 12 Is there an ethics/compliance program in place?
Has it been designed to satisfy leading governmental models (e.g., federal sentencing guidelines)?
Has it been implemented throughout the organization, are there indicators that it is operating as intended (e.g., frequency of training, volume of hotline calls, consistency of discipline)?
Has it been effective in achieving compliance with the organization’s ethical and legal obligations? Tone at the Top
14. BST Advisors, LLC 13 An Effective Fraud and Misconduct Strategy
15. BST Advisors, LLC 14 An Effective Fraud and Misconduct Strategy (continued)
16. BST Advisors, LLC 15 Effective �Ethics/Code of Conduct Helps prevent misconduct
Detects violations and provides and early warning system
Timely and responsible actions help avert prosecution
17. BST Advisors, LLC 16 Code of Conduct Checklist
Use of equipment (telephone, vehicle, photocopiers, scanner, supplies, credit cards)
Use of the internet during work hours and/or for non-work related reasons.
Acceptance of gifts from vendors, suppliers and contractors
18. BST Advisors, LLC 17 Code of Conduct Checklist (continued) Conflicts of interest (sign form annually): Having direct or indirect, financial or otherwise, in any transaction or activity that conflicts with the proper discharge of the employee’s duties.
Outside employment or dual employment
Confidential information
Intellectual property
19. BST Advisors, LLC 18 Code of Conduct Checklist (continued) Use of official position to secure unwarranted privileges or exemptions
On-site weapons
Restricting competition
Computer security
Time and attendance
20. BST Advisors, LLC 19 Code of Conduct Checklist (continued) Exercising common sense
Expense reimbursements
Disparaging contractors
Illegal betting or gambling
Destruction of organizational records
21. BST Advisors, LLC 20 Reasons for Failure The message is not supported by senior management
The ethics policy/code of conduct does not provide practical guidance or example
Regular training is not provided
Compliance officer is overburden with other matters
22. BST Advisors, LLC 21 Reasons for Failure (continued) People are not aware of the hotline nor is it used
Corrective actions are not initiated
Compliance is not monitored and an annual report is not issued
23. BST Advisors, LLC 22 Periodically Reinforce Values Annual training
Annual conflicts of interest affidavit
Posted flyers
Reminders with W-2s
24. BST Advisors, LLC 23 Periodically Reinforce Values (continued) Weekly or monthly email reminders about policies
Code of conduct and ethics policy posted on intranet
Posters advertising anonymous reporting mechanism
25. BST Advisors, LLC 24 An Effective Fraud and Misconduct Strategy (continued)
26. BST Advisors, LLC 25 Effective Personnel Policies Recruitment screening
Verify identity
Check qualifications, names of schools
Probe employment gaps
Obtain references
Vacation policies and work patterns
Enforce vacations
Appraisal and counseling
Employee attitude surveys
27. BST Advisors, LLC 26 Effective Personnel Policies (continued) Background checks
Social security number verification
OFAC check
Media checks
28. BST Advisors, LLC 27 An Effective Fraud and Misconduct Strategy Fraud\misconduct awareness
Typical fraud risks
Common indicators
Behavioral issues
Control benchmarking
Reporting fraud suspicions
29. BST Advisors, LLC 28 Quality of Your Fraud and Misconduct Strategy Score each of these on a 1 to 10 scale.
What is the quality of your anti-fraud and misconduct strategy?
Is responsibility for managing fraud and misconduct risk well defined?
How clear are reporting channels for reporting suspicions of fraud or misconduct?
Are there clear protections for those reporting fraud or misconduct?
How effective is your fraud and misconduct awareness program?
30. BST Advisors, LLC 29 Quality of Your Fraud and Misconduct Strategy Score each of these on a 1 to 10 scale.
How effective is your recruitment screening process?
How developed is the understanding of fraud and misconduct risks facing your organization?
How have you matched these risks to controls to see how they are managed?
How effectively does your organization learn from fraud and misconduct incidents?
How aware of fraud and misconduct are head office and regional personnel?
What is the total score?
31. BST Advisors, LLC 30 Quality of Your Fraud and Misconduct Strategy (continued) How did your organization rate?
90 to 100 points = Strong
80 to 89 points = Effective
70 to 79 points = Needs Improvement
60 to 69 points = High Risk
Below 60 points = Very High Risk
32. BST Advisors, LLC 31 Indications of Low Fraud and Misconduct Awareness
33. BST Advisors, LLC 32 An Effective Fraud and Misconduct Strategy (continued) Effective Fraud and Misconduct �Reporting and Response Program
Fraud and misconduct reporting channels
Whistler blower protection and non-retaliation policy
Fraud and misconduct response plans
34. BST Advisors, LLC 33 Effective Fraud and Misconduct Reporting �and Response Questions
Why investigate?
When to investigate?
What to investigate?
Who should investigate?
How to conduct investigation?
35. BST Advisors, LLC 34 Effective Fraud and Misconduct Reporting and Response (continued) Importance of fraud risk management
Every organization should have a documented anti-fraud strategy and corporate integrity program. At a minimum it should include:
Agency’s stance on fraud and other breaches of company’s policies and ethical code
To whom and how should suspicions of fraud or misconduct be reported
What will be done and by whom in the case that fraud or other breaches are suspected
Employee rights - including limitations on expectations of privacy and company’s rights to gain access and search all work areas
36. BST Advisors, LLC 35 Effective Fraud and Misconduct Reporting and Response (continued) Why investigate?
It’s your duty
It’s the right thing
37. BST Advisors, LLC 36 Effective Fraud and Misconduct Reporting and Response (continued) Why it’s your duty
Organizations have no choice
1991 Sentencing Guidelines
Prevalence of government voluntary disclosure programs
Administrative and court rulings
38. BST Advisors, LLC 37 Effective Fraud and Misconduct Reporting and Response (continued) Why it’s the right thing
Best practice
Conducting internal investigations is the norm rather than the exception
94% of companies responding to 1998 Fraud Survey said that conducting an investigation was the leading response to the discovery of fraud
Assists organizations in determining the extent of potential civil or criminal liability
Assists in determining facts, available defenses, and appropriate response
Assist in negotiating a favorable resolution or avoiding an intrusive government investigation
39. BST Advisors, LLC 38 Effective Fraud and Misconduct Reporting and Response (continued) Why it’s the right thing
Bottom Line protection
Deterrence
Given the cost of fraud, a fraud response is essential
Recovery
Asset tracing and recovery
Insurance coverage
Public relations
Permits affirmative, proactive communications strategy
Avoids charge of cover up
40. BST Advisors, LLC 39 Effective Fraud and Misconduct Reporting and Response (continued) When to investigate
Knowledge of information suggesting reasonable possibility that a third party and/or an employee might have engaged in wrongful conduct exposing the organization to risk of criminal liability, substantial monetary loss or damage, injury to its reputation, or other type of significant harm
41. BST Advisors, LLC 40 Effective Fraud and Misconduct Reporting and Response (continued) When to investigate
Timing
Decision should be made as soon as possible
Advantages of early start
Greater ability to develop appropriate response and defense
Increases likelihood that corporations can gather information and interview employees before government
Enables corporations to qualify for credit for full cooperation under Sentencing Guidelines
Importance of Fraud and Misconduct Response Plan as part of a compliance program
Corporation needs to be prepared in advance to insure prompt and appropriate response
42. BST Advisors, LLC 41 Effective Fraud and Misconduct Reporting and Response (continued) What to investigate
Fraud – Internal or external
Falsification of financial data
Misappropriation of assets
Theft or embezzlement
43. BST Advisors, LLC 42 Effective Fraud and Misconduct Reporting and Response (continued) What to investigate
Violations of organization policy
Examples
Conflicts of interest
Policies regarding giving or receiving gifts
Waste/Mismanagement
Mishandling of confidential or proprietary information
44. BST Advisors, LLC 43 Effective Fraud and Misconduct Reporting and Response (continued) Who should investigate
Chief of internal compliance (Integrity Officer)
An individual should be designated by each organization to whom all information regarding potential misconduct should be reported
Responsibility
To receive reports of fraud or misconduct
To conduct initial evaluation (refer to either HR or GC)
General Counsel
Responsibility
To determine seriousness of allegation
To determine scope and direction of investigation
To consult and advise other relevant executives
To determine the need for retention of outside counsel
45. BST Advisors, LLC 44 Effective Fraud and Misconduct Reporting and Response (continued) Who should investigate
All internal investigations should always be directed by counsel
Principal reason:
Permits invocation of privilege to protect the confidentiality of internal investigative results
46. BST Advisors, LLC 45 !!!Assume all Cases �Will End in Litigation!!!
47. BST Advisors, LLC 46 Findings Could Result in: Civil Litigation
Criminal Litigation
No Action
48. BST Advisors, LLC 47 False Imprisonment Occurs When There Is An intent to confine
An act resulting in confinement
Consciousness of confinement �or resulting harm.
49. BST Advisors, LLC 48 Effective Fraud and Misconduct Reporting and Response (continued) How to investigate
Develop Investigative Hypothesis
Theory of fraud or misconduct - Extent and elements
Who may be involved
Where is the evidence likely to be found
Documents
Witnesses
Individual computers
Transportable media
Network servers
Constantly refine and re-examine
50. BST Advisors, LLC 49 Effective Fraud and Misconduct Reporting and Response (continued) How to investigate
Develop Work Plan
Consistent with theory of fraud or misconduct
Identify documents to be examined
Procedures to be followed
Examples
Document examination and verification
Types of analysis
Manual review
Gap, variance
Reconciliation
Sorting and comparisons
Trend
51. BST Advisors, LLC 50 Effective Fraud and Misconduct Reporting and Response (continued) How to investigate
Identify potential sources of electronic or voice information and data
Examples
PCs
Laptops
Transportable media
Network servers
Voice-mails
Emails
Recorded conversations – e.g. securities trading
Video tapes
Procedures and tools to be used to retrieve electronic and voice data
52. BST Advisors, LLC 51 Effective Fraud and Misconduct Reporting and Response (continued) How to investigate
Identify individuals to be interviewed
Inside organization
Outside organization – e.g. vendors
Develop interview menus
Order of interviews
Questions to be asked
Identify other investigative procedures
Public database searches
Data analysis
53. BST Advisors, LLC 52 Effective Fraud and Misconduct Reporting and Response (continued) Respecting employee rights
Employee’s Duty to Cooperate:
Duty to cooperate exists in every internal investigation, unless compliance is
impossible
unlawful
unreasonable
54. BST Advisors, LLC 53 Effective Fraud and Misconduct Reporting and Response (continued) Respecting employee rights
Employee Rights include:
Contractual Right
Example
If employee is a member of a union, union contract or collective bargaining agreement may contain restrictions on investigation procedures
Whistleblower laws
Protect employees who report misconduct to government from retaliatory action
55. BST Advisors, LLC 54 An Effective Fraud and Misconduct Strategy (continued) Effective Compliance Program
Standards and procedures that are reasonably �capable of preventing fraud and misconduct
High-level oversight
Due care in delegating discretionary authority
Effective communication of standards and procedures (Training)
Monitoring and auditing of compliance program
Enforcement of program through discipline
Appropriate response upon notification of wrongdoing
56. BST Advisors, LLC 55 Federal Sentencing Guidelines for an Effective Compliance Program High level oversight
Standards of conduct
Communications and training
Compliance auditing and monitoring
Pre-employment screening
Enforcement of standards and disciplinary actions
Corrective actions taken
57. BST Advisors, LLC 56 An Effective Fraud and Misconduct Strategy (continued) �
58. BST Advisors, LLC 57 Objectives of a Fraud Response Plan Provide a conduit for whistleblowers
Identify internal affairs personnel
Outline the manner in which all reviews should proceed
Prevent further loss
Identify high risk areas
59. BST Advisors, LLC 58 Objectives of a Fraud Response Plan Respond quickly
Secure evidence
Identify parties involved
Identify loss remedies
Identify specialists
60. BST Advisors, LLC 59 Best Practices (continued) Collecting payments with credit cards: Reduces exposure to cash and transfers risk to credit card issuer.
Typical payments: Water rents, sewer rents, taxes.
61. BST Advisors, LLC 60 Best Practices (continued) Third party receives complaints about billing, collections and payments.
Clerk who issued bills, collected cash and received complaints misappropriated $357,000 via a lapping scheme involving 4,000 water utility customers.
62. BST Advisors, LLC 61 Best Practices (continued) Bonding employees:
Estimate the amount and add a cushion (Nobody steals small amounts)
63. BST Advisors, LLC 62 Best Practices (continued) Telephone Audits: www.google.com. Type in telephone number and hit google search.
900 calls by mailman during lunch
Go out an let people know what your doing. They don’t know who you’re looking at.
64. BST Advisors, LLC 63 Best Practices (continued) Checking inventory annually to identify excess inventory
65. BST Advisors, LLC 64 Right to Audit Obtaining the right:
Right to Audit Agreement - on the back of purchase order or procurement form
Right to Audit Clause in a Contract - include language in the body of the contract
66. BST Advisors, LLC 65 Best Practices (continued) Compliance audits of purchasing policies (kickbacks and embezzlements)
Written policies and procedures
67. BST Advisors, LLC 66 The Value of Nothing No telephone number is master vendor file
Telephone number is the same digit, i.e. all 9’s
No address
No contact person of fed ID #
68. BST Advisors, LLC 67 Grant Administration Right to audit
Purchasing vs. leasing
Tel Calls
Travel
Food Vendors
Subcontracts
Employees
69. Questions? Chris Rosetti
crosetti@bstadvisors.com
BST Advisors, LLC
26 Computer Drive West
Albany, New York 12205
Tel: 518-459-6700 / 800-724-6700 ? Fax 518-459-8492
www.bstadvisors.com
