fraud-the risk has increased larry finney, gf&hoctober, [email protected]
TRANSCRIPT
INTRODUCTION
General increase in fraud awareness (risk of fraud) in past Sarbanes-Oxley Creation of PCAOB Various Statements on Auditing Standards
Risk of fraud More emphasis on internal controls
INTRODUCTION
Now actual fraud is on the rise But it is not just fraud-it is questionable
ethics, manipulation, expediency, bending the rules-it is all on the rise
Not just the economy-it looks like values and morals are slowly eroding in our society
CASE STUDIES FROM 2008/2009
Small local government Treasurer Worked at gov’t for 34 years Grown up in community Three changes in bosses over 18 month
period Responsible for some deposits and
receipting, bank reconciliations, payroll, accounts payable, and help with other functions in small finance office
CASE STUDIES FROM 2008/2009
Small local government Started paying herself
Vacation and sick pay, but not deducting hours Extra payroll payment on off payroll day Infrequent at first , but then more often
Charged to different accounts to stay under budget
Explanation Family members having financial difficulties Figured could pay it back
CASE STUDIES FROM 2008/2009
Larger local government Bookkeeper Responsible for some depositing, accounts
payable and some reporting Made credit card purchases for government
at request of others, including boss Reconciled credit card purchases monthly
and prepared check Would give checks to boss or boss’ designee for
signature Would not include statements with checks
CASE STUDIES FROM 2008/2009
Larger local government Boss signed checks and gave back to
bookkeeper Bookkeeper started making personal
purchases with credit card When got short on cash, would not pay full
balance No one aware inside government Multiple years
CASE STUDIES FROM 2008/2009
Larger local government Explanation
????? This one should have been caught-but not
proper review and monitoring-too busy Seemed okay with bending the rules-it was
just a few personal things here and there-not a big deal
WHY IS FRAUD RISK HIGHER NOW?
It’s the economy stupid! Family members have lost jobs or are
working less hours With less people at work, internal controls
tend to fail more Less monitoring and review (“I don’t have
time to get it all done”) Even the most trustworthy of people can
fall to temptation, especially in certain circumstances
RISK OF FRAUD HIGHER NOW
This is why two things are critical in your organization:
Continuous fraud risk management process Strong organizational culture regarding ethics
and values
ETHICS
Ability to distinguish right from wrong AND the commitment to do what is right
Following the spirit and intent of rules and regulations as well as the letter
As opposed to: Expediency Manipulation Bending rules where there is no flexibility Rationalization
ETHICS
Much of what happens ethically within an organization depends on the culture and environment
The culture and environment is set by the “tone at the top” of the organization
ETHICS-2007 National Survey
Strength of organization-wide ethics culture has biggest impact on misconduct 56% of employees observe misconduct Top types of misconduct
Conflicts of interest Abusive or intimidating behavior Lying to employees Fraudulent activity is further down the list
Increases dramatically as work environment increases in negativity
ETHICS-2007 National Survey
Strength of formal ethics program has greatest impact on encouraging employee reporting 42% of employees don’t report observed
misconduct Primarily due to thoughts of futility fear of
retaliation 36% feared retaliation and didn’t report, but
only 12% who reported experienced retaliation One-third took matters into own hands 40% would have had to report to person
involved
ETHICS-2007 National Survey
25% of organizations had well-implemented and comprehensive ethics and compliance program in place Ethical leadership, supervisor
reinforcement, peer commitment, embedded ethical values
29% of employees with these organizations failed to report versus 61% of employees without comprehensive programs
25% believe they are rewarded for ethical behavior and feel prepared to handle situations that could lead to misconduct
ETHICS-2007 National Survey
But only 9% have very strong ethical cultures!
Another 43% of fairly strong ethical cultures
24% observed misconduct on very strong cultures versus 98% in weak cultures
MORE SELF GOVERNANCE…
Detection of fraud in government Internal controls Accident Tips Internal audit External audit Police
Source: ACFE 2008 report to the nation on occupational fraud and abuse
FRAUD RISK MANAGEMENT
Prevention Leadership and Governance
Board/Audit committee oversight Senior management oversight Internal audit function Fraud and misconduct risk assessment
What could go wrong? Think criminally-put yourself in their shoes-if I wanted
to commit fraud what could I do? Then decide what to do about those high risks
FRAUD RISK MANAGEMENT
Prevention Code of conduct
Should be based on organization’s core values Should be backed up by good environment
Hiring, retention and promotion of employees and third-parties
Communication and training-continually Internal controls
Limited access to data/information Segregation of duties Monitoring and review Surprise people-be unpredictable
FRAUD RISK MANAGEMENT
Detection Open culture and environment Processes for reporting misconduct and
seeking counsel Auditing and monitoring
Proactive data analysis Surprise audits
FRAUD RISK MANAGEMENT
Response Investigations Enforcement and accountability Corrective action Consistency
FRAUD RISK MANAGEMENT
PREVENTION DETECTION RESPONSE
Board/Audit Committee oversightExecutive and other management functions
Internal audit, compliance and monitoring functionsRisk assessment Process for reporting and counsel Investigation processCode of conduct Auditing and monitoring Enforcement and accountabilityHR/Procurement due diligence Data Analysis Corrective action processCommunication and trainingLimited access to data
SO WHAT?
The best organizations are those with very strong ethics cultures and with a strong ethics and compliance program, including a continuous fraud risk management program
SO WHAT?
So what do these organizations look like? Strong support and communication from
top management and supervisors regarding time, effort and energy into ethics and fraud risk management
Top management and supervisors keep promises and follows through on commitments (only commit to what you know you can do)
Policies and procedures show commitment to ethics and compliance
SO WHAT?
So what do these organizations look like? Decisions/actions from top management and
supervisors reinforce policies and procedures Success through questionable means is not
rewarded Long-term commitment is seen through time
and perseverance Communicate policies and procedures often Each person (especially managers and
supervisors) must pay attention to the people around them and how they are doing
SO WHAT?
So what do these organizations look like? Employees:
Willing to seek advice about ethical issues Are trained to handle ethical situations as they
arise Are rewarded for ethical behavior
Understand that trust is not enough Employees must believe reported situations will
be handled honestly and properly and that retaliation will not occur
Everything written and verbally stated is lived out
SO WHAT?
Organizations train their people to consider three questions when faced with an ethical dilemma:
1. Is it legal?2. Is it balanced and consistent?3. Is it right?
Be careful-rationalization can eliminate logic very quickly
SO WHAT?
NOTE: you will find out a lot about your organizational culture and your people when you get involved in ethics policy and risk management
“Leadership is a potent combination of strategy and character. But if you must be without one, be without strategy.”
General Norman Schwarzkopf
FRAUD STATISTICS FOR GOVERNMENT(ACFE Biannual report-2008)
Estimated that organizations lose 7% of annual revenues to fraud
Average loss was $100,000 based on 106 cases Corruption, billing, non-cash, skimming, cash on hand
and expense reimbursement most common Average fraud lasts 24 months before detected If organization had:
external audit of internal controls median loss was 69% less than those who did not,
independent audit committee 37% less, management review of internal controls 33% less, management certification of financial statements 27% less implemented a hot line 17% less
FRAUD STATISTICS FOR GOVERNMENT(ACFE Biannual report-2008)
The most effective controls in reducing the loss due to fraud: Surprise audits-reduced loss by 66% Mandatory job rotation/vacation-61% Fraud hotline-60% Internal audit-53% External audit of internal controls-48%
Most common modifications after fraud discovered Management review of and changes to internal controls Surprise audits Fraud training for management Job rotation/mandatory vacation Anti-fraud policy
FRAUD STATISTICS FOR GOVERNMENT(ACFE Biannual report-2008)
Over 80% of perpetrators had no criminal history and no punishment or terminations in work history
Most common behavioral red flags present during fraud schemes: Living beyond means Financial difficulties Wheeler-dealer attitude Control issues-unwilling to share duties Divorce/family problems Unusually close association with vendor/customer Irritability, defensiveness Addiction problems