240 likes | 542 Views
Fraud & Embezzlement. Presenters: Kirk B. Leoni, CPA (Principal) kleoni@nathanwechsler.com Kelli Boyle, CPA (Manager) kboyle@nathanwechsler.com. Why are we here?. The median response indicated that the typical US organization loses 7% of its annual revenue to fraudulent activity.
E N D
Fraud & Embezzlement Presenters: Kirk B. Leoni, CPA (Principal) kleoni@nathanwechsler.com Kelli Boyle, CPA (Manager) kboyle@nathanwechsler.com
Why are we here? • The median response indicated that the typical US organization loses 7% of its annual revenue to fraudulent activity. • This percentage applied to the estimated 2008 GDP of $14.2 trillion would project that roughly $994 billion would be lost to fraud in 2008. Source: 2008 Report to the Nation on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners
Control Weaknesses that Contributed to Fraud(only selected weaknesses shown)
Fraud Triangle OPPORTUNITY PRESSURE / INCENTIVESRATIONALIZATION • 10% of employees will never steal • 10% of employees will always steal • 80% of employees will steal if given the right opportunity, motivation or justification
Behavioral Red Flags # of cases% of casesMedian Loss • Living beyond means 370 38.6% $250k • Financial difficulties 327 34.1% $111k • Wheeler-dealer attitude 195 20.3% $405k • Control issues (unwilling to share duties) 179 18.7% $250k • Divorce / Family problems 164 17.1% $118k • Unusually close association with vendor / customer 146 15.2% $410k • Addiction problems 128 13.3% $225k • Refusal to take vacations 65 6.8% $250k • Excessive pressure from within the organization 62 6.5% $388k
What is the objective of an Audit? • The expression of an opinion about whether your financial statements are fairly presented, in all material respects, in conformity with U.S. GAAP......not to detect fraud. • (According to the ACFE report to the nation, less than 10% of fraud is discovered by an External Audit)
Limitations of an Audit • Designed to obtain reasonable assurance, not absolute assurance about whether the financial statements are free from material misstatement (caused by error or fraud) • Not designed to detect immaterial errors or fraud. • Not designed to provide assurance about IC or identify deficiencies • However, SAS 112 requires written communication of those deficiencies the auditor becomes aware of
Audit vs. Review vs. Compilation • Compilation – lowest level of service – your account balances assembled into financial statement format • Review – use of analysis as opposed to tracing to source documents • Reviews & Compilations do not contemplate obtaining an understanding of IC or the assessment of risk. • Reviews & Compilations cannot be relied upon to disclose errors, fraud or illegal acts that may exist. • No requirement to communicate IC deficiencies • Agreed upon procedures – another option?
Audit Responsibilities (1 of 3) • Auditors • Conduct the audit in accordance with GAAS (Generally Accepted Auditing Standards) • Ensure those charged with governance are aware of IC related matters required to be communicated • Ensure independence
Audit Responsibilities (2 of 3) • Governing Body (Audit Committee) • Oversee the reliability of financial reporting including effectiveness of internal controls • Review financial statements and determine whether they are complete and consistent • Understand risks and exposures • Understand the scope of the audit
Audit Responsibilities (3 of 3) • Management • Properly record transactions in the accounting records, establish and maintain internal controls • Make original accounting records and related information available • Allow access to personnel to whom we may direct inquiries • Provide written representations regarding the financial statements and the effectiveness of IC • Ensure compliance with laws & regulations
Recent Developments • SAS 104-111 “Risk Assessment Standards” • Designed to improve the effectiveness of audits • More rigorous assessment of risk • Linkage between risks and audit procedures • SAS 114 “The Auditor’s Communication with those Charged with Governance” • Emphasizes our audit requirements and communicates significant findings to the appropriate level of governance
Recent Developments (continued) • SAS 112 “Communicating Internal Control related Matters Identified in an Audit” • New definitions of significant deficiencies and material weaknesses (less room for auditor judgment) • Requires written communication of significant deficiencies and material weaknesses
SAS 112 – Definitions • Control Deficiency • Exists when the design or operation of a control does not allow for prevention or detection of a misstatement on a timely basis • Deficiency in design – a control is missing or not properly designed • Deficiency in operation – when a properly designed control does not operate as designed or when the person performing the control doesn’t have the necessary authority or qualifications
SAS 112 – Definitions (continued) • Significant Deficiency • A control deficiency (or combination of control deficiencies) which result in a more than remote likelihood that a misstatement that is more than inconsequential (magnitude) will not be prevented or detected • Material Weakness • A significant deficiency (or combination of significant deficiencies) that results in a more than remote likelihood that a material misstatement (magnitude) will not be prevented or detected
SAS 112 Examples • Management letter comment • Petty cash is not reconciled – likelihood of misstatement is more than remote; themagnitude would be inconsequential • Significant Deficiency • Failure to perform monthly reconciliations of significant accounts in a timely manner (AR, AP) – likelihood is more than remote however other related procedures (bank statement review, budget vs. actual analysis etc.) would reduce the magnitude to less than material but more than inconsequential • Material Weakness • Same individual receives the bank statement, prepares reconciliation and has check signing authority. There is no formal review of the bank reconciliations – likelihood is more than remote; magnitude could be material
Fraud Examples “in the News” • Payroll & Compensation • Fictitious employees: San Jose, CA – employee embezzled $11m from her employer by providing false payroll data to a processing company and forging signatures • People behave the way you pay them to behave • Dominos – Driver ran red light speeding to make 30-minute delivery. Woman received $750k in actual damages & $78m in punitive damages. • Commissions based on gross sales only (billing schemes)
Fraud Examples “in the News” • Lack of oversight • Portland, ME – partner in Verrill Dana, LLP was fired for stealing money from the firm and clients • Managed private trusts and bank accounts • Over billed clients • Stole money from private accounts • Redirected funds to himself that should have gone to the firm • Stole over $400k
Fraud Examples “in the News” • White-Collar Crime: “Honest Person Turned Felon” (embezzled over $250,000) • CPA at local accounting firm in North Carolina • Handled Trusts and Retirement accounts for corporate and individual clients • Felt the need to “keep up with the Joneses” by spending money they didn’t have • “Poster boy for the Fraud Triangle”
Action Steps • Independent review of bank statements • Conduct a “brainstorming session” with appropriate staff and board members to identify risk areas • Review “Understanding Internal Control” document* • Review “Audit Organizer” for proactive tips your organization can use to be prepared for an audit* • Establish a whistleblower protection policy • Conduct background checks on employees • Utilize internal control checklists to help identify weaknesses • Provide employee training • Monitor internal controls! *available at nathanwechsler.com (under Resources > NW Insights)