330 likes | 497 Views
Internal Audit & Corporate Forensic Services. Florida Government Finance Officers Association 2013 Annual Conference. Agenda. Our View of Fraud Risk Irregularities & Defalcations Fraud Statistics Fraud in Most Organizations Frauds & Allegations in the News
E N D
Internal Audit &Corporate Forensic Services Florida Government Finance Officers Association 2013 Annual Conference
Agenda • Our View of Fraud Risk • Irregularities & Defalcations • Fraud Statistics • Fraud in Most Organizations • Frauds & Allegations in the News • Key Principles to Manage Fraud • Internal Reviews and Fraud Examinations • Common Red Flags • Red Flags and Red Herrings • Fraud Theory • The Good Person Test • Our Approach to Fraud Investigations • Why Assess Control Maturity? • Data Analytics • Business Cycle Fraud Areas • Fraud Red Flags & Cases • P2P Frauds & Controls • Reporting Results
Our View of Fraud Risk Our View of Fraud Risk Fraud Occurs Primarily Because… • Unseen fraud risk – blindsided • Unmanaged fraud risk • Anti-fraud controls being relied upon, failed Note that fraud most often occurs without the aid of collusion and could have been prevented by looking at a couple key areas.
Irregularities & Defalcations …are just fancy words for lying and stealing • There are operational risks involved in any business which includes the risk of loss due to fraud. • A typical organization loses 5% of its revenues to fraud each year1. • Applied to the 2011 Gross World Product, this figure translates to a potential projected annual fraud loss of more than $3.5 trillion1. 1According to the 2012 Report to the Nations published by the Association of Certified Fraud Examiners (ACFE). See the ACFE's website for a copy at http://www.acfe.com/fraud-resources.aspx
Fraud Statistics • Asset misappropriation comprises 87% of frauds with a median loss of $120,000 of frauds reported. • Corruption schemes have median losses of $250,000. • Financial statement fraud schemes make up 8% with a median loss of $1 million. Note that our experience is consistent with these statistics1. 1According to the 2012 Report to the Nations published by the Association of Certified Fraud Examiners (ACFE). See the ACFE's website for a copy at http://www.acfe.com/fraud-resources.aspx
Fraud in Most Organizations The vast majority of fraud occurs along the procurement cycle: • Asset misappropriation • Inventory • Fraudulent disbursements (there are a host of schemes) • Corruption • Conflicts of Interest (purchasing schemes) • Bribery • Illegal gratuities • Economic extortion • We focus much of our expertise on embezzlements. We leverage our industry expertize, internal control specialists, technology, forensic accountants and fraud examiners to bring value and insights to our clients.
Fraud & Allegations in the News • Mint Hill, NC – The former Fire Chief of the Mint Hill Volunteer Fire Department pleaded guilty to embezzling more than $225,000 from the Town of Mint Hill and the Fire Department, according to the U.S. Attorney's Office. The former Fire Chief carried out the embezzlement from May 2010 to April 2012, primarily by setting up a sham corporation.1 • Durham, NC – Two former North Carolina Central University administrators were indicted Wednesday on charges of embezzlement – a year after a state audit (June 2011) found they allegedly used an unauthorized bank account to divert more than $1 million from a state program.2 1wbtv.com 11/27/2012 - Former Mint Hill Fire Chief pleads guilty to embezzlement 2WRAL 8/6/2012 - Ex-NCCU administrators indicted on embezzlement charges
Fraud & Allegations in the News • Kinston, NC – July 17, 2012, Stephen LaRoque, a sharp-tongued former state lawmaker who often railed against wasteful government spending, had little to say Monday as he sat in a defendant’s chair for his first court appearance on charges of stealing federal funds. • LaRoque, 48, of Kinston, was named in an eight-count federal indictment last month, accused of money laundering and embezzling hundreds of thousands of dollars from two economic development non-profits, the East Carolina Development Company and Piedmont Development Company.1 1NC Policy Watch 8/6/2012 - A more subdued LaRoque in court on embezzlement charges
Key Principles to Manage Fraud • The 5 Key Principles to proactively Manage Risk1: • Written policies • Fraud risk assessment • Prevention controls • Detection controls • A reporting process, and a coordinated approach to investigation / corrective action 1Managing the Business - Risk of Fraud: A Practical Guide Joint Study conducted by The Institute of Internal Auditors, the American Institute of CPAs and the Association of Certified Fraud Examiners. Published July 2008 Source: “Managing the Business Fraud Risk,” 2008, Sponsored by the AICPA, & the ACFE
An internal review is used to determine if sufficient predication exists to commence a fraud examination. Predication is defined by the Association of Certified Fraud Examiners as, “the totality of circumstances that would lead a reasonable, professionally trained and prudent individual to believe a fraud has occurred, is occurring and/or will occur.” A fraud examination is an extension of a internal review to prove or disprove a suspected loss: Determine whether a loss due to fraud has occurred Determine the extent of loss (calculate estimated damages) Determine whether sufficient evidence exist to: Obtain a court order for further investigation e.g., off site search warrant of suspect’s property Obtain a court order to seize or freeze assets File criminal charges File civil charges Internal Reviews & Examinations
Common “Red Flags” • Attempt to Limit Access to Records, Personnel or Facilities • Missing Documents • Dominating Management • Ineffective Accounting Systems (Segregation of Duties) or Inadequate Monitoring Activities • Highly Complex Transactions Often Recorded Near Year-End • History of Internal Control Issues Not Resolved Satisfactorily or Timely • Poorly Communicated Code of Code or Lax Enforcement • Aggressive Use of Accounting Principles • Secretiveness by Employee(s) • Appearance of Living “Beyond One’s Means” • Failure to Take Vacation (or extended vacations without pay)
Conducting interviews and spotting deception The cast of characters - parsing out relevant facts from equivocations (or a/k/a “bunny trails”) The two types of deception Omission Falsification Understanding internal controls and the business cycle Key is defining the fraud(s) and related potential allegations Collecting facts (who, where, what, when and how) Often the hardest things is to find the proverbial “smoking gun” or “dead body”. Red Flags and Red Herrings
Determine if “Fraud Triangle” factors are present Need (whether actual or perceived) Opportunity Rationalization Fraud Theory FRAUD –Cressey, “the Fraud Triangle” PERCEIVED NEED (pressure) or (lifestyle) PERCEIVED OPPORTUNITY (control weakness) or (temptation) RATIONALIZATION (overcoming the conscience)
Why Assess Control Maturity? Leverage Regulation Stress
The Good Person • Do you think most people would consider themselves to be a good person? • Try conducting this scientific test (scientific means the test can be repeated) – Ask a sample of people (10 – 1,000) that you come in contact with this one “yes” or “no” question: “Would you consider yourself to be a good person?” • How do you think most people will respond? Yes or No? • Our hypothesis is that people that commit fraud, must first rationalize it, so that they suppress the alarm of their conscience. “Con” – “Science” or “With” – “Knowledge” of right and wrong. The Conscience must be overcome in order to maintain the self image of being good person. • It is important to understand that every person’s behavior is logical to them. Otherwise, it is hard, if not impossible for an individual to justify their behavior.
The Approach to Fraud Investigation • Working through an Attorney (work product doctrine) • Initial interviews and setting expectations • Determining the fraud area(s) and avoiding the wild goose chase • Policy and statute review • Working with/without law enforcement • Digital forensics • Assessing control maturity • Data Analytics • Fraud investigation (Fraud Red Flags) • Forensic accounting and estimating losses • Reporting results • Pre and post litigation support • Assessing control maturity • Data Analytics • Business Cycle Fraud Areas • Fraud Red Flags – Cases • Reporting
Data Analytics • We use Computer Aided Auditing Techniques (CAATs) to run tests for most likely red flags and to narrow the focus when investigating fraud and estimating losses. • Revenue cycle (Financial Fraud) • Procurement cycle (Corruption & Embezzlement) • Vendor management • Purchasing & Receiving • Inventory consumption & reclamation • Invoice processing • Cash disbursements • Inventory cycle (Shrinkage) • Payroll cycle (Fraudulent disbursements)
Business Cycle Fraud Areas • Procurement cycle (P2P) • Inventory • Payroll, compensation, and benefits
P2P Frauds • Corruption Activities • Conflicts of interest • Bribery • Illegal gratuities • Economic extortion
P2P Frauds • Fraudulent Disbursements • Billing Schemes • Shell companies • Non-accomplice vendors • Personal purchases • Check Tampering • Maker – forged or authorized • Forged endorsement • Altered payee or altered amount
P2P Frauds • Fraudulent Disbursements • Expense Reimbursement Schemes • Mischaracterized expenses • Overstated expenses • Fictitious expenses • Multiple reimbursements • What is the cheapest and best control to reduce exposure to the risks?
P2P Control Areas • Procurement cycle (purchasing & vendor schemes) • Vendor authorization & set up • Vendor credentials • Related parties and potential conflicts of interest • Competitive bidding • Vendor change management • Vendor inactivity • Vendor record maintenance (archives) • Purchase commitments • Gifts • Reporting improper/suspicious activities
P2P SOD Controls • Best practice is to separate these duties per the ACFE: • Purchasing Goods and Services • Authorizing the purchase • Receiving goods and services • Making payments • What control area is missing from this separation of duties (SOD)?
Inherent Business Risks: Lost invoices, Late vendor payments Missed vendor credits, Duplicate invoice payments, Missed early payment discounts, Ineffective payment push-outs and pull-ins (cash mgmt) Over-controlled back-end authorization activities Higher employee turnover creates exposure to change High cost of training Non-scalable and unsustainable business processes Impacts manufacturing execution and service delivery risk P2P – Inherent Business Risks
Significant value can be gained by maturing internal controls and can save mid-sized companies ($$$K - $M+) annually: Reduce AP headcount or create bandwidth for future growth Eliminate lost invoices Reduce risk of duplicate invoice payments Reduce invoices approval time (routing paper invoices) Reduce document retention costs Take advantage of early payment discounts Take advantage of electronic credit card payments Reduce cost of payment via electronic payments Reduce time for check voucher and payment authorizations Significantly reduce the risk of fraud Significant process efficiencies - save manager review time and allow monitoring using simple, effective metrics Lowers manufacturing and service delivery execution risk P2P - Opportunities
Measuring Success in Shared Services • Establish key metrics • Focus on vendor management & invoice matching (preventive) • Effective outsourcing (invoice entry & payments) • Create paperless shared service environment • Vendor discounts & electronic payments • Saves real $$$ and creates more bandwidth
Fraud Red Flags - Cases • Inventory (shrinkage) • Controls over raw consumption • Do cycle counts really work as an anti-fraud control? • Material issues to production • Controls over reclamation (waste streams) • Data analytics and expected relationships • Controls over finished goods • Cycle counts again • Accepted levels of shrinkage
Fraud Red Flags - Cases • Payroll, compensation, and benefits • Controls over new hires and terminations • Controls over salary and wages • Controls over manual check processing & payouts • Controls over stock based compensation • Controls over childcare benefits • Controls over medical benefits processing
Reporting Results The 4 elements of effective fraud reporting: • Brief clear statement of the issue(s) • Relevant policies, rules, standards, laws and regs • Analysis of evidence and impressions • Conclusions, i.e., findings and recommendations
Our Services • We focus on embezzlement in the form of asset misappropriations, financial statement fraud schemes, and corruption activities. • Our Firm provides the following services: • Fraud examination services • Computer examinations • Data Analysis • Forensic accounting and economic damage computation • Pre and post litigation support • Fraud risk assessment and advisory services • Anti-fraud control design and implementation • Targeted fraud awareness training Note: For suspected international corruption type activities, we work with global business partners with the regional expertise in foreign operations, law enforcement and legal systems.
Scott McKay – Brief BIO • Partner & Practice Leader – Risk Advisory Services, CPA, CFE, CIA, CCSA • Director Corporate Audit and Corporate Controller – Cree, Inc. (NASDAQ “CREE”) $1.2B MNC in Semiconductor Industry with operations in 18 countries. LED lighting technology leader. • Audit and Risk Advisory Mgr.- McGladrey. Large public and private clients in manufacturing, distribution, construction, gaming (Casinos), along with government and university experience. • Fraud investigation experience: purchasing schemes, conflicts of interest, credit card fraud, check tampering, embezzlements of inventory, financial fraud, ponzi and stock option schemes • Select speaking engagements: American Institute of Certified Public Accountants (AICPA) *AICPA Internal Control Task Force member - 2012 COSO Internal Control External Financial Reporting Exposure Draft *Member - AICPA Business and Industry - Risk Management and Internal Control Advisory Panel conference speaker *AICPA National CFO Conference (2010 Los Angeles); *AICPA Corporate Directors Conference (2010 New York) *AICPA task force member - Good Practice Guidance for Evaluating and Improving Internal Control in Organization published by International Federation of Accountants *Institute of Internal Auditors (IIA) Raleigh Chapter *Speaker continuing professional education classes on risk management for the local IIA Raleigh Chapter North Carolina State University (NCSU) *NCSU lecturer - Forensic Accounting, Internal Audit undergraduate classes Information Systems Audit and Control Association (ISACA) *Speaker for continuing professional education classes on risk management for the local Raleigh Chapter
Questions Contact. Scott McKay | Partner, Forensic and Advisory Servicessmckay@cbh.com | 919.782.1040Bruce Yasukochi| Senior Manager, Forensic and Advisory Services byasukochi@cbh.com |954.556.1720Cherry Bekaert LLPwww.cbh.com