Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | roger-turner |
View: | 217 times |
Download: | 2 times |
Internal Control & Fraud Risks for Entities with Limited Segregation of
DutiesPresented by Ken Al-Imam, C.P.A.
MAYER HOFFMAN MCCANN P.C.
CONRAD GOVERNMENT SERVICES DIVISION(formerly Conrad and Associates, L.L.P.)
2301 Dupont Drive, Suite 200Irvine, California 92612(949) 474-2020 Ext. 273
2
Problem
Integrity is difficult to measure
3
Identifying Persons Capable of Fraud • We expect people to be like ourselves• Honest and responsible• Usually fraudsters are persons least expect• Great actors
4
Classic Fraudster
• Employed for many years• Loyal dependable employee• Never complains• Never asks for help• Works long hours (comes in early, stays late,
works weekends)• Never takes vacation
5
Fraud
• $600 billion per year• 6% of revenue lost to fraud• Average scheme lasts 18 months before
detected• Average loss is $127,500 per entity
6
The Perpetrators
• The higher the education, the higher the loss
• The higher the age, the higher the loss• 68% done by one perpetrator, 32%
involved collusion• 53.5% male, 46.5% female
7
Methods of Detection
• External Audit 10.9%• Internal Audit 23.8%• Internal Controls 18.4%• By Accident 21.3%• Tip 39.6%• Notified by Police 39.6%
8
Factors present in all Frauds
• Motive• Opportunity• Rationalization• Concealment
9
Ethics Policy
• Important • Tone from top• Emphasize policy and enforce violations
10
Cross-training/Mandatory Vacations• Important • Helpful when have turnover• Some frauds are difficult to conceal if
someone else is doing their job
11
Collusion
• Internal controls not designed to prevent• Has own built-in control• “No honor among thieves”• Segregation between departments
12
Segregation Between Departments
• Not a focal point of standards• Different persons in one department still
requires collusion for fraud to occur• Segregation between individuals is the
focus
13
Internal Control
• Focus of internal control is on internal fraud
• Difficult to control external fraud
14
Segregation of duties
• Goal is to make it difficult to both commit the fraud and to conceal the fraud
• Usually segregate access to assets from recordkeeping
15
Understanding Fraud Scenarios
• Best way to develop alternative controls is to understand in detail how a fraud scenario for that transaction cycle would take place.
• Smoke out alternative control opportunities
16
Use of auditor
• Consult with your auditors• Challenge your auditors with a detailed
discussion of the fraud scenario
17
Revenue Fraud
• Checks (not just cash) are subject to theft• Take money and destroy evidence of
transaction• Need system to ensure all money collected
ends up in bank account
18
Revenue Fraud
• Establish control as early as possible in process
• Document totality of receipts immediately upon receipt
• This creates controlled documentation that can be matched to bank deposit
19
Revenue Fraud
• Cash register is best control• Or uninterrupted sequence of receipt forms• Watch for receipt substitutes (license
certificates, permits, etc.) • List of checks received in the mail (and
what do with list)
20
Checks Received in Mail
• Controlled at opening• List or copy amounts received• Give copy to those maintaining records• Minimize number of persons handling
checks received prior to deposit
21
Revenue Controls
• Immediate restrictive endorsement • Timely deposits
22
Controls Over Person Preparing Bank Deposit• Often funds stolen at that point are not
detected • Support for bank deposit can be reviewed
by independent person• This can be done after the fact using the
deposit confirmation notice
23
Revenues—Alternative Controls
• Independent review of support for deposit• Can be done at the department level
24
Accounts Receivable
• Those posting payments to customer records should not have access to cash/checks
• Only give list or copies of checks • Or list created by mail opener agreed to deposit • Or independent agreement of system posting
report to funds deposited
25
Control Over Adjustments
• Persons posting adjustments should not be handling cash/checks
• Independent approval of adjustments• System produces report of adjustments
that are reviewed
26
Voided transactions
• Should be independently approved • Best for approval at time of void (in
presence of paying party)
27
Cash Disbursement Frauds
• Fictitious Vendor• Payment to “vendor” with same or similar
name as real vendor• Unauthorized disbursement• Unsupported disbursement
28
Alternative Controls
• Positive Pay • Vendor set up• More than one knowledgeable person
involved in every transaction (usually the knowledgeable approver will be in the same department as the initiator)
29
Duplicate Payment Schemes
• Multiple payments of invoices to legitimate vendors
30
Cash Disbursement Controls
• Canceling invoices (“entered”, etc.)• Cancellation of invoice (not just check
copy) • No payments from copies or statements• No return to initiator (or to person with
access to vendor master file)
31
Bank Reconciliation
• Such a key control that it should always be segregated from access to assets
32
Review of Bank Reconciliation
• Not as effective as separate preparation• Must be done in conjunction with
examination of original bank statement
33
Review of Unopened Bank Statement• Spot check debit memo charges• Out of sequence checks• Duplicate checks• Trace transfers to authorizing document
(with different initiator and approver)
34
Cancelled checks
• Obvious forgeries• Evidence of check alteration• Multiple endorsements
35
Review of Supporting Documentation• “Fraud can’t happen because approval is
required”• But review often done before checks are printed• This can’t detect unsupported checks created
after this review• Printed checks compared to support by someone
not involved in data entry to create check
36
Review of Supporting Documentation• Traditionally performed at time of check
signing • Some one other than accounts payable
personnel can do after checks are printed• Printed checks compared to support by
someone not involved in data entry to create check
37
Review of Supporting Documentation• Can be done on a spot check basis (with
check register to make sure received all checks)
• Checks should not be returned to persons that initiated them
38
Review of Supporting Documentation• Or A/P clerks switch (don’t match support
for those checks they created)• Or payroll clerk print, match, and mail
A/P checks and A/P clerk print and distribute payroll checks/check stubs
39
Procurement Fraud• Difficult to prevent and detect (collusion) • Bid rigging• Employee aids a vendor to obtain a kickback• Splitting purchases to avoid threshold for
competitive quotes• Drafting specs so that favored vendor is advantaged• Only receiving quote from favored vendor and
comparing to fictitious quotes
40
Procurement Fraud
• Providing advance notice to vendor and then issuing request for proposals with unrealistically short time frame
• Allowing favored vendor to propose late or with knowledge of other quotes
41
Procurement Controls
• Emphasize in ethics policy the unacceptability of these specific employee behaviors
• No purchase controlled by one person
42
Refund Schemes
• Controls are typically weaker than for standard vendor payments
43
Refund Schemes
• Cancellation of conference or travel• Cancellation of memberships or
subscriptions• Returns of goods purchased
44
Expense Reimbursement
• Focus should be on payments prior to event
• Reimbursed but then not go and get refund• Follow-up to received evidence trip
actually taken
45
Payroll Fraud
• Focus is on fictitious employees• Classic control is segregate:
– Access to payroll master file– Payroll processing
46
Payroll Fraud
• Often overlooked• Keeping an existing employee on the
system
47
Alternative Controls
• Review of payroll register• Review of direct deposit report from bank• Periodic spot-checking of a payroll
register by HR
48
Alternative controls• Comparing list of terminated employees to
payroll register• Department review of payroll register (labor
distribution run) for their department• Department monitoring of budget• Reviewing cancelled checks for multiple
endorsements
Questions or comments?
Thank you for your attention!