Post on 24-Dec-2015
transcript
1
Fraud in the City Fleet - A Reputational Risk for
Your Organization
Sam M. McCall, PhD, CGFM CPA, CIA, CGAP
City Auditor
City of Tallahassee
2
Session Outline
Public Expectations
Internal Control and Risk
The Elements of Internal Control
Weaknesses in Internal Control can Result in Fraud and Illegal Acts
Case Studies
Reviewing Internal Control and Identifying Fraud and Illegal Acts, and Abuse
Summary and Wrap Up
3
Public Expectations
Expectation of high ethical and moral behaviors of Public employees
Expectation that Public employees will conduct business within policy and procedures
Expectation that Public resources will not be wasted, abused, lost or stolen
4
Definition of Terms
Misfeasance
Malfeasance
Nonfeasance
Abuse
Fraud
Internal controls
5
What Is Misfeasance?
The improper or wrongful performance of some act that a person may lawfully do
6
What Is Malfeasance?
Comprehensive term including any wrongful conduct that interferes with the performance of official dutiesThe doing of an act that a person should not do at all
7
What is Nonfeasance?
Nonperformance of an act that a person is obligated or has a responsibility to perform
Not doing what you should do
Total neglect of duty
8
What Is Abuse?
Improper or inappropriate program management
Everything that is contrary to good order
Can be intentional or unintentional
Does not have to violate a law, regulation, or contract provision
9
What Is Fraud?
A false representation of a matter of fact
Concealing that which should be disclosed – deceiving to cause legal injury
Intentional perversion of the truth
To deceive another such that they rely on the false representation and surrender a valuable thing or a legal right
10
City Auditor Risk Assessment Criteria
Fiscal Impact 20
Strength of Management 20
Sensitivity and Public Relations 15
Risk of Loss, Noncompliance, Corruption or Fraud 10
Complexity of Activity 20
Risk to Public Welfare 15
100
11
Components of Internal Control
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
12
Components of Internal Control – Control Environment
The building block for all other components: Integrity & ethical values Commitment to competence Independent audit committee Management philosophy & operating style Organizational structure Assignment of authority & responsibility Human resource policy & practices
13
Components of Internal Control – Risk Assessment
Segmenting department into organizational components
Analyze general control environment
Analyze inherent risk
Develop appropriate control activities
14
Risk
Risk are essentially the opposite of control objectivesIf the objective is to safeguard assets, the risk is that assets will be lost or stolen. Therefore, without knowing the risk, one cannot decide on the appropriate control activities
15
Risk – Questions to Consider
Chance of Occurrence - How likely is it to go wrong? (High, Medium, Low)Impact of Occurrence - What will happen if it goes wrong (assets lost, clients unserved, noncompliance with law, etc.) (High, Medium, Low)Assessment of Risk (High, Medium, Low)
16
Components of Internal Control – Control ActivitiesLink to objectives
Accountability for resources
Direct activity management
Top level reviews
Segregation of duties
Physical controls
Execution & recording of transactions & events
17
Components of Internal Control – Information and Communication
Information – Reports
Communication – Dissemination of Reports
18
Components of Internal Control - Monitoring
Ongoing monitoring
Separate evaluations
Reporting deficiencies
19
Who Commits Fraud?
MarriedBetween 18 and 36Has 2 childrenOwns a homeDoes not have a drug or alcohol problemDoes not recognize harm to victimsBrightStrong sense of challenge and game playingVersed in technology and skillfulHas a position of trust
20
Reporting Fraud – Employees Do It Best
1.7%
5.1%
6.2%
8.6%
11.5%
15.4%
18.6%
18.8%
26.3%Tip from employee
Accidental discovery
Internal Audit
Internal controlsExternal audit
Tip from customerAnonymous tip
Tip from VendorNotification from law enforcement
21
Who Has the Responsibility for Detecting Fraud?
Management
Employees
External Auditors
Internal Auditors
Government Vendors
Public
22
ManagementResponsibilities
Adopt and implement internal control policies
Establish a control environment
Assess and analyze risks
Establish control activities to address risks
Develop information and reporting systems
Monitoring activities
23
Management Responsibilities
Comply with applicable laws & regulationsEstablish & maintain effective internal controlsAddress findings & recommendations and to maintain a process to track their statusFollow sound procurement processes when contracting for audits or attestation engagements
24
EmployeeResponsibilities
Be aware of where fraud can occur
Look for irregularities
Report suspicious activities (don’t assume others know)
Conduct work in an ethical manner that complies with organization policies and procedures
25
External AuditorsResponsibilities
Review internal control over financial reporting
Examine the government’s financial statements
Plan the audit to detect fraud material to the financial statements and be alert to the possibility of fraud throughout the audit
26
Government AuditorResponsibilities
Review department, division, unit and/or program internal controls
Review transactions for possible waste, fraud and abuse
Plan the audit to detect fraud material to audit objectives
27
VendorsResponsibilities
Be aware of how and where fraud can occur in their operations
Look for irregularities
Report suspicious activities (don’t assume others know)
28
PublicResponsibilities
Report suspicious transactions or behaviors
29
Approach to Detecting Fraud
Exercise professional judgment
Exercise professional skepticismBalance between a questioning mind and
doubting everyoneCritical assessment of evidence
30
Management Red FlagsReluctance to provide information when requestedEmployee turnover in high risk areasLack of segregation of duties in a high risk areaExcessive number of checking accounts Increase in purchase of inventory but no increase in productivityAbnormal inventory shrinkageLack of physical security over assetsPayments to vendors not on approved vendor list
31
Employee Red FlagsEmployee lifestyle changes (expensive cars, jewelry, homes, etc.)
Behavior changes (drug, alcohol, gambling)
Reluctance to provide information when requested
Refusal to take vacation or sick leave
Excessive purchasing of supplies
Inappropriate overtime hours
32
How to Improve Your Chance of Detecting
Fraud?Assume anyone can commit fraudGood documentation does not mean something happened – only that someone said it happenedPay attention to detail (numbers, dates, amounts, alterations, reasonableness, etc.)Pay attention to hints or rumors of wrong doingLook for patterns or unusual transactions
33
Potential Red Flags
Erased or crossed out figuresInconsistent inks and typefacesUnusual dates, amounts, notes, phone numbers and calculationsConsecutively numbered invoicesExcessive voids or refundsInvoices in large even sumsMultiple invoices to the same vendor just under $10,000
34
Potential Red Flags(Continued)
Invoices printed on other than prepared forms
Vendor address change
Unusual number of payments to one payee
Inadequate description of item purchased
Delay in responding to request for documentation
Stale invoice dates
35
What Conditions Make Fraud Easier
Weaknesses in Internal Controls relating to: Control Environment Risk Assessment Control Activities Information and
Communication Monitoring
The Fraud Triangle Incentive Opportunity Rationalization
36
Frauds to Discuss
City Fleet Department – almost $3 million in fraud over a five year period
37
Case Study 3 – City Fleet
Parts supervisor could order, receive, and issue parts. Could also open closed work orders and add cost, and adjust the inventorySuspicious transactions with three vendors identifiedCollusion with one vendorLosses totaled almost $3 million over five years.City employees and vendors prosecuted
38
See Page 2 for
Invoices
39
Number of large dollar invoices all for the same amount
40
Notice instructions Valid Invoice
41
Same Amounts and Consecutive
Invoice #
42
Same Amounts
No Description
Consecutive #
43
Invoice Altered
with Whiteout
44
ZZ4 / 350 Engine
355 horsepower out of a small block aluminum head engine! The evolution of the ZZ series, this engine powers thousands of street rods, drag racers, and show cars. With 405 ft/lbs of torque, the ZZ4 is the best way to put a high performance small block engine under your hood!
45
High Risk Areas Susceptible to Fraud
Travel reimbursements
Time & attendance
Overtime
Cash collections
Use of vehicles and equipment
P-card transactions
Capital construction projects
46
10 Tips onHow to Deter Fraud in
Your Organization
1. Integrity at the Top
2. Positive Reputation
3. New-hire Screening Process
4. Ethics Programs
5. Written Fraud Program
47
10 Tips onHow to Deter Fraud in
Your Organization(Continued)
6. Communicate Policies to Vendors
7. Proper Handling of Investigations
8. Independent Internal Audit Function
9. Effective Internal Controls and Auditing
10. Open Internal Reporting
What are Some Suggestions for the Auditors
Plan the audit to detect fraud material to the audit objectives
Document the use of professional judgment and professional skepticism
Ask about background checks
Discuss risk and fraud with auditee and whether there are mitigating controls
Brainstorm with staff and supervisor on risk, controls, and testing to be done. Document discussions
Look for persuasive fact-based evidence
Document supervisory review of W/P’s and adequacy of response to questions
48
49
What to Do When You Suspect or Discover Fraud?Do not pursue so as not to interfere with potential future investigations or legal proceedingsSecure documentationNotify your supervisor Notify upper management (department directors) if you do not feel that your concerns have been investigated satisfactorily, orCall the Auditor
50
Questions?