This is your presentation title• Subsidiary ledgers, including non-financial software, regularly...

5/15/2018

1

5/15/2018

2

Source: ACFE’s 2016 Report to the Nations: https://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf

• Discuss IC over Receipts and Disbursements

• Fraud example

• Dissect what went wrong

• Questions to consider

• Practical examples internal control procedures

5/15/2018

3

Benjamin Franklin

5/15/2018

4

• 4 year employee

• Complaints received during latter 2 years – not suitably

addressed

• Employee’s reviews – positive

• Employee left for another job

• After separation, administration reported to the police

possible $20,000 embezzled funds

• NM State Auditor – special audit initiated

• Report was issued in November 2017

• Mishandled purchase cards (disbursements)

• Did not deposit all checks

• Skimmed cash

• Report alleged fraud up to $145,000

5/15/2018

5

• Secretary collected cash/checks for:

• School activities funds

• Other fees

• Donations for students’ families

• Receipts issued for less than half of funds actually received

• Donations likely not ever remitted

• Lack of segregation of duties

• Cash collections

• Bookkeeping

• Depositing or remitting funds

• Receipts not issued for all funds

• No accountability over funds not remitted

• Minimal follow-up to complaints

5/15/2018

6

• Cash collection separate from bookkeeping duties?

• Cash register / electronic system?

• Can these records be modified?

• Only 1 cashier per 1 drawer?

• Drawer counted – beginning and ending?

• Opportunity to collect without recording?

• Decentralized receipts:

• At least two parties present during collection?

• Even during breaks/lunchtime?

• Payees informed they should be given a receipt?

• Who is reviewing adjustments made to:

• Receivables?

• Billed write-offs?

• Other adjustments?

• Does the reviewer have access to cash?

• Does the person who receives/logs the payment also have access to

delete or modify the invoice associated with the payment (e.g., GL

access on server, etc.)?

5/15/2018

7

At the high school, a safe containing cash for deposits was kept

unlocked in a closet; reportedly no one knew the combination.

• What key assets are at risk?

• Secure during business hours?

• Secure after business hours?

• Unlocked safe?

• Locked safe/register but with common access?

• Blank checks?

• Receipt books?

• Signature stamps?

• Blank invoices?

5/15/2018

8

• Computer/electronic risks:

• Unsecured computers and applications?

• Individual computers

• General ledger

• Payroll ledger

• Ticket software

• Donor records

• Inventory and receiving software

• Unlocked computers during breaks?

• Sharing logons (software, banking, other)?

• Sending unsecured, unencrypted sensitive emails?

Secretary kept a second, untracked book of receipts to deceive

students and teachers regarding the school’s receipts for activity

funds, student fees, and donations.

5/15/2018

9

• Do you timely reconcile receipts?

• Is the receipting party able to modify or delete the receipts

or deposit records?

• Verify sequential receipt numbers?

• Account for missing receipts?

• Confirm receipts match deposit slips and bank

statements?

• Electronic receipts automatically generated, and unable to

modify computerized receipt numbering?

• Departmental spreadsheets reconciled to GL?

• Subsidiary ledgers, including non-financial software, regularly

reconciled to GL?

5/15/2018

10

At the central office, other employees revised journal entries to

hide unfavorable balances in order to keep the records “clean”

for annual audits.

• “Setting the tone at the top” - fraud not tolerate?

• Pressure to reduce findings? Cover-up discrepancies?

• Or utilize audit findings as a tool to strengthen IC?

• Process for collecting tips? Well-communicated hotline?

• Is staff/others aware of whom they contact if they suspect fraud?

• Are there negative ramifications for reporting persons?

• Available and approachable administration?

• Compensating controls?

5/15/2018

11

1. Train your employees to spot fraud or abuse and how to report it.

• What? Explain what a “red flag” may look like.

• How? Communicate proper avenues to report it.

• When? Immediately communicate, even without all the details.

• Who? Even trusted employees can commit fraud.

• Where? It can happen at any organization.


5/15/2018

12



5/15/2018

13

2. Establish, publicize, and monitor fraud hotlines.

• Telephone hotlines

• Internet hotlines (email or web-based)


5/15/2018

14



5/15/2018

15

3. Establish and monitor effective internal controls, including proper

segregation of duties.

• Use a centralized receipting location.

• Assign separate cash drawers.

• Require daily reconciliations and second-person reviews.

• Deposit cash timely.

• Require detailed listing on each deposit ticket.

• Immediately issue a receipt for each payment received; retain a

duplicate, unmodifiable paper or electronic receipt.

5/15/2018

16

• Adjustments made to receipts, accounts receivable, and other accounts

should be reviewed (and signed-off) by separate personnel, ideally prior

to posting.

• Supporting documentation should accompany all adjustments.

• No cashing of or change from personal checks.

• Regular independent reconciliation of bank receipts/deposits.

Adapted from: http://cpa-scribo.com/governmental-internal-controls/

• Segregation of duties is vital in prevention of fraud, abuse, and mistakes.

• Four main duties to keep separated are:

• Authorization,

• Record keeping,

• Custody, and

• Independent review

5/15/2018

17

• COSO - “Internal Control Integrated Framework,” issued by the Committee

of Sponsoring Organizations of the Treadway Commission

• SAS 57/78 - American Institute of Certified Public Accountants

• Green Book - “Standards for Internal Control in the Federal Government”

issued by the Government Accountability Office

• CoCo - “Criteria of Control Framework” issued by CICA

• ISO - International Organization for Standardization

• PCAOB - Public Company Accounting Oversight Auditing Standard No.2

• Piecemeal / no model

• Example for large entities: Northwestern University

has published their cash handling procedures.

• https://www.northwestern.edu/controller/treasury-

operations/depository-services/cash-policy.pdf

• To find via search engine: Northwestern University

Cash Policy.

• As follows: Brainstorming questions in NW’s cash

policy.

5/15/2018

18

• Segregation of Duties:

• Are the following responsibilities distributed among

personnel so one person is not responsible for all

aspects?

• Opening mail?

• Endorsing checks?

• Preparing deposits?

• Reconciling to budget statements?

• Are billing and collection duties distributed among

personnel?

• Safeguarding of Cash/Receipts:

• Are checks endorsed immediately upon receipt?

• Are receipts kept in a secure location until deposit (e.g., safe,

locked drawer, etc.)?

• Is access to credit card terminals and cash registers restricted to

authorized personnel?

5/15/2018

19

• Bonding of employees

• Frequency of deposits

• Cash collection procedures

• Cash reconciliation procedures and purpose

• Specific examples, including screenshots of

electronic software and/or copies of paper forms

5/15/2018

20

• Even small entities should and can establish effective internal controls!

• Compensating controls and involvement of personnel outside of accounting

may be necessary.

• The following slides provide examples of segregation of duties over cash

receipts for 2, 3, and 4 person offices.

• Examples are not all-inclusive nor fraud-proof.

• Controls should always be evaluated by organization, including

personnel’s competence and expected role, locations, etc.

• Spouses are not considered separate parties.

• Reminder, your external auditors are not part of your internal controls.


• Record accounts

receivable entries

• Mail checks

• Write checks

• Record general ledger

entries

• Reconcile bank

statements

• Record credits/debits in

accounting records

• Receive cash

• Disburse petty cash

• Authorize purchase

orders

• Authorize check

requests

• Authorize invoices for

payment

Bookkeeper/Accountant

• Sign checks

• Complete deposit slips

• Perform interbank transfers

• Reconcile petty cash

• Process vendor invoices

• Review bank reconciliations

Owner/Manager or President or CEO

5/15/2018

21


Bookkeeper

• Sign checks


• Perform interbank

transfers

• Review bank

reconciliations

Owner/Manager or

President or CEO

• Record accounts receivable

entries


• Write checks

• Record general ledger entries

• Reconcile bank statements


accounting records


• Receive cash

• Mail checks

• Approve invoices for

payment

• Authorize purchase orders


Office Manager


Bookkeeper

• Sign checks


• Perform interbank

transfers

• Review bank

reconciliations

Owner/Manager

or Pres. or CEO• Record accounts

receivable entries


• Write checks

• Record general ledger

entries

• Reconcile bank

statements


accounting records


• Receive cash

• Mail checks


payment


orders


Office Manager


• Receive cash

• Mail checks


payment


orders


Clerk

5/15/2018

22

Do not let efficiency trump effectiveness.

Example where efficiency trumped effectiveness.

Weigh if you are “putting dollars at risk to save pennies.”

Controls need to be assessed on an ongoing basis.

Decentralized receipts can be problematic.

5/15/2018

23

• South Carolina’s Greenville County published

procedures over decentralized receipts in the

recreation department.

• To find via search engine: Greenville SC

Cashier’s Cash Handling Procedures

• Website of published procedures:

http://greenvillerec.com/wp-

content/uploads/2014/03/5.3.3.e-GCPRT-

Cashiers-Cash-Handling-Procedures.pdf

• First section entitled: “Why Your Job Is Important!”

• “We are very serious about handling cash” which

“requires skill and concentration.”

• One employee per cash drawer at a time.

• Clerk logins/passwords. Do not share it with

anyone. What to do if it has been compromised.

• Checks received for the purchase amount only. No

change.

http://greenvillerec.com/wp-content/uploads/2014/03/5.3.3.e-GCPRT-Cashiers-Cash-Handling-Procedures.pdf

5/15/2018

24

• Give every customer a receipt.

• Short-changed claims, involve supervisor.

• Money is sealed in plastic bank deposit bag. Sign the

cash journal verifying receipts and any

overages/shortages. Drop bag into safe.

• “If a transaction begins to get confusing, take things at a

slower pace or even stop the transaction and call for your

supervisor immediately.”

• Remember not to copy any of these examples verbatim. May not be

perfect or perfectly transferrable. Your entity needs to evaluate your own

system /entity.

• E.g., SC’s example: Cancellations/Voids section – somewhat weak.

• Evaluate your entity’s needs, personnel availability and skillset, etc.

5/15/2018

25

5/15/2018

26

• Former Swift employee embezzled more than $1.6M

from trucking company

• Reynolds defrauded Swift out of more than $1.65

million, including $850,000 in fraudulent purchases

with the MasterCard and more than $800,000 checks to

PGN Solutions. Other purchases Reynolds made

include personal credit card bills, his wife’s tuition,

blank discs, DVD burner and Bose headphones

Altered invoices and a fictitious vendor

5/15/2018

27

• Billing – Fictitious Vendor

• Payroll Scheme – “Ghost Employees or Inflated Time Cards”

• Improper Expense Reimbursements

• Check Tampering/Wire Fraud

• Usually involves an internal employee submitting false invoices

through a fictitious vendor

• Way to prevent:

• Vendor Approval

• Separate Procurement, Approval, and Payment Function

• Third Party Inspection of Items received/Work Performed

5/15/2018

28

• Usually occurs through “Ghost Employees” or false time

reporting

• Ways to Prevent:

• Approval of new employees/Require Physical Presence

• Separate entry of new employee from payroll processing

• Require approval of time cards by direct supervisor

• Monitor Overtime and large fluctuations in time

5/15/2018

29

• Improper Reimbursements for travel or purchases made with

personal funds

• Ways to Prevent:

• Require Itemized Receipts and Support

• Travel Policy

• Require Approval

• Outline Acceptable Expenses and Amounts

• Forging of Check Signatures

• Require Two Signatures

• Review Cancelled Checks

• Keep Signature Stamps Locked Up

• Improper Bank Transfer

• Require Secondary Approval at the Bank Level

• Verify with person requesting transfer – External

Email Scam

5/15/2018

30

• Increased use of Purchase Cards and ACH Payments

• Purchase Cards are becoming more popular due to

convenience

• Require approval before purchase

• Reconcile Statements to invoices/support

• ACH is increasingly being used for Payroll and

A/P Payments

• Segregate Duties at Bank Level

• Reconcile Bank Statement activity with

invoices/support

• It is important that you always refer back to your

policies and internal control documents when

evaluating your controls over cash disbursements.

• It is good practice to update your policies on a regular

basis (i.e. yearly)

• Be practical but specific

• Consult with your external auditor and Board so that

everyone has input

5/15/2018

31

Date post:	17-Oct-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

This is your presentation title• Subsidiary ledgers, including non-financial software, regularly...

Documents