27
Fraud Red Flags? Get the Big Picture Rachel Snell, M.P.A. C.I.A., C.R.M.A., C.F.E., C.I.C.A.
Fraud Red Flags?
Get the Big Picture
Rachel Snell, M.P.A. C.I.A., C.R.M.A., C.F.E., C.I.C.A.
Background
• Nine years of government auditing experience (State, Municipal, Higher Education)
• IIA-Austin, Texas chapter President (2012-2013)
• Published in IIA Internal Auditor Magazine, ALGA Quarterly, and ACFE Fraud Magazine
• Private industry experience in loss prevention,
internal investigations, and banking
Session Objectives
Identify common red flags and types of evidence
Review audit standards related to fraud, waste, and abuse
Examples of red flags identified during the course of audits
Audit Standards: Fraud, Waste, and Abuse
http://www.sltrib.com/sltrib/world/53969901-68/medicare-program-administration-plans.html.csp
Red Book (IIA-IPPF) Yellow Book (GAO-GAS)
1210.A2: Must have sufficient knowledge to evaluate fraud risk and how it is managed by the organization, but not a level whose primary responsibility is detecting /investigating fraud.
6.30: Gather and assess information to identify risks of fraud that are significant within the scope of the audit objectives or that could affect the findings and conclusions.
1220.A1: Internal auditors must exercise due professional care by considering the probability of significant errors, fraud, or noncompliance. PA 1220-1: Exercising due professional care involves internal auditors being alert to the possibility of fraud, intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest, as well as being alert to those conditions and activities where irregularities are most likely to occur.
6.31: Design procedures to obtain reasonable assurance of detecting fraud. Assessing fraud risk is an ongoing process throughout the audit.
6.33: Abuse--behavior that is deficient/improper when compared with behavior that a prudent person would consider reasonable. Includes misuse of authority/position.
6.34: Determination of abuse is subjective so auditors are not required to detect it during an audit; if become aware of abuse significant to the audit, apply procedures to determine the effect.
Objective 1 In Review: Audit Standards
http://www.sltrib.com/sltrib/world/53969901-68/medicare-program-administration-plans.html.csp
Audit standards require auditors maintain awareness of fraud risks and perform due diligence in performing audit work that could detect it. Waste is not specifically addressed in standards, but could occur and could be significant to the audit objectives. Abuse is subjective but could potentially effect the conclusions drawn if significant to the audit.
Common Red Flags: The Fraud Triangle
http://www.sltrib.com/sltrib/world/53969901-68/medicare-program-administration-plans.html.csp
Motive
Opportunity
Fraud, Waste, Abuse
Rationalization
“My kid is sick”
“Nobody watches it.” “I can put it back later.”
Common Red Flags: Flow of Pressures
MOTIVE * Financial-unemployment, illness, lifestyle * Greed-can, willing, able * Performance-sales, bonus, employment * Dissatisfaction-poor morale, turnover
OPPORTUNITY * No/weak controls- accessible, mgmt overrides * Limited/no oversight , oppty for collusion
RATIONALIZATION * Need-cure financial * Entitled-cure greed/performance * Victim deserved it-cure dissatisfaction
Common Red Flags: Examples
Common Types of Evidence
DOCUMENTATION
Employee
Purchasing
Other
Financial
• Employee List • Address Info • Credit Reports • Background Checks
• PO’s • Inventory Logs • Invoices • Vendor Lists
• A/P or A/R • Bank
Statements • Cash Logs
• System Reports • Other Forms • Observation Logs
Objective 2 In Review: Red flags and types of evidence
While there a many red flags and various types of documentation that could be used to determine whether or not wrongdoing has occurred, it is the accumulation of red flags, supported by documentary evidence, that assists in making determinations of whether or not fraud, waste, or abuse has occurred.
Examples of Fraud-Three Strikes
Background: Financial assistance for low-income persons. Apply for assistance. Review by various departments. Approved by finance department.
Condition: Supervisor’s approval signed 3 different ways on the applications. Appeared forged by one or more employees. Criteria: Supervisor must approve application.
Examples of Fraud-Three Strikes
Based upon the approval date, supervisor was not in the office (opportunity). Patients needed medical care & couldn’t receive it without the approval. (rationalization). Auditors ASSUMED collusion between the employees and ASSUMED applications approved were friends or relatives of the employees (motive).
Examples of Fraud-Three Strikes Additional Audit Work: Interviews and document analysis revealed: 1. No cash flow in/out 2. Patients met eligibility
requirements 3. No conflicts identified
Conclusion/Effect: Employees signed forms for the auditors so the supervisor wouldn’t get in trouble. Forms were not used by finance to make final approval decision. Focus was on a form that wasn’t used and resulted in forged government records. No fraud. Management trained staff and eliminated the forms.
Examples of Fraud- Game Day Background: Sponsors provided discount tickets and other prizes for a youth art contest. but word spread that high value items were arriving, especially sporting event tickets. Total value of prizes was over $10,000 (motive).
Condition: Prizes kept in unlocked drawer (opportunity). Criteria: Mail room staff maintained photocopies of incoming mail and the room was under video surveillance.
Examples of Fraud- Game Day
Contest coordinator admitted to taking home most coveted prizes “for the good of the organization”. No policies in place allowing or disallowing this practice. (rationalization) Auditors ASSUMED the contest coordinator stole the prizes.
Examples of Fraud-Game Day Additional Audit Work: Interviews and document analysis revealed: 1. Supervisor wanted prize for
personal use. 2. Employees feared retaliation. 3. No anonymous reporting
mechanism (fraud hotline).
Conclusion/Effect: All prizes were accounted for and returned, and supervisor never took possession of the tickets. Management determined there was abuse of authority and created policies and procedures for soliciting, monitoring, and securing sponsorships.
Examples of Fraud- Picture Perfect Background: Annual celebration that recognizes community volunteers and staff photographs winners. Financial review revealed film development expenses were unusually high ($3500). Anonymous tipster suggested auditors take a closer look.
Condition: Receipts matched statements and were recorded accurately. Employee enrolled in a photo class at a local school. Individual receipts totaled less than $20 each, and immaterial amount (rationalization).
Examples of Fraud- Picture Perfect Criteria: Receipts required for purchases. Tuition reimbursement provided for work-related courses. Employee received approval to attend a private school for a photo class. Employee also paid invoices and dropped off/picked up of film (opportunity). Auditors ASSUMED this was a segregated duty issue.
Examples of Fraud- Picture Perfect Additional Audit Work: Interviews and document analysis revealed: 1. Employee had part-time
photography side business (motive).
2. Number of rolls of film on file were less than the number listed on the receipts. (Estimated discrepancy $1000)
3. Management approved tuition at a private 4-year institution (Estimated $2500 more than a course at a public institution). Approved some of the film development as “homework.”
Examples of Fraud- Picture Perfect Conclusion/Effect: Referred to HR for investigation. Despite the appearance of fraud, some activities were approved by management. Determined that there was a waste of resources. HR revised tuition reimbursement policy to include 3 levels of approval. Note: There was no change to the segregation of duty issue or any acknowledgment of outside employment.
Examples of Fraud- Free Ride Background: Persons with medical needs received transportation assistance to medical related appointments. Requests were made via telephone to a call center where either a 3rd party vendor would provide transit or a friend/family member could receive mileage reimbursement.
Condition: Data analysis revealed a high incidence of advance payments when friends or family provided the transportation. For some employees, the incident rate was higher than others.
Examples of Fraud- Free Ride Criteria: Transportation requests entered into IT system for supervisory review and approval. Detailed procedures non-existent and training was limited. Evidence of review was inconsistent (opportunity) Auditors ASSUMED fraud was occurring based upon the limited controls/data analysis. Auditors ASSUMED multiple employees were conspiring with each other to commit a fraud.
Examples of Fraud- Free Ride Additional Audit Work: Interviews and document analysis revealed: 1. Employees approved advance
payments for unnecessary services and shared money with co-conspirators (motive).
2. Management and staff cited communication issues, pay dissatisfaction, and low morale (rationalization).
3. Several different employees perpetrated the same act.
Examples of Fraud- Free Ride
Conclusion/Effect: Analysis revealed a fraud was perpetrated over several months exceeding $50,000. Employees also used existing patient information to schedule fictitious medical trips. Referred to investigating agency, a new manager was appointed, and the entity began reviewing the organizational, operational, and personnel structure of the department.
Objective 3 In Review: Examples
Obtaining documents, evaluating processes, comparing and contrasting testimony, and looking beyond policies and procedures is important to understanding the climate for fraud, waste, and abuse. Ticking and tying often does not get to the “nitty gritty”. Maintain professional due diligence. We are auditors and ultimately are not involved in the decisions made by management. We assess the control environment and report our findings.
Session Objectives
Identify common red flags and types of evidence
Review audit standards related to fraud, waste, and abuse
Examples of red flags identified during the course of audits
Questions
