1

Top 10 Fraud Warning SignsMCTI Workshop

Stephanie O’Cain, CPA

Jackie F. Breland, CPA

September 9, 2010

2

Today’s Outline

Why fraud occurs, why you should care

and 10 financial warning signs

Internal control discussion

Fraud case studies

Types of fraud and tools you can

implement to protect your municipality

3

Key Message

Fraud can, and most likely will, happen to your municipality at some point.

Analyze your municipality for fraud potentials

Implement 3 prevention tools upon returning to your office

4

Why Does Fraud Occur?

Today’s employee environment:

– Rising interest rates

– Floating home mortgages

– Increasing gas prices

– Rising personal debt and less personal savings

– Cost of health care

5

Why does Fraud Occur

Today’s business environment:

– Organized and professional fraud rings are

becoming more prevalent and more

sophisticated

– Cyber-crime advances make it possible to

compromise large quantities of data

– Desktop publishing makes counterfeiting

checks relatively cheap and easy

6

Why Does Fraud Occur?

7

Why Does Fraud Occur?

Incentive – what drives an employee to commit fraud

Opportunity – this is created from too much trust, poor internal controls, lack of supervision, and no financial audit by independent CPAs

Rationalization – perpetrators of fraud convince themselves that they are not stealing

8

Who Commits Fraud?

Who are the internal perpetrators? Why they do

it?

– Disgruntled employees

– Stressed-out employees

– Employees who live above their means

– Employees who never take a vacation

– Employees experiencing financial difficulties

– Employees with drug problems

– Employees with gambling problems

9

Who Commits Fraud?

Who are the external perpetrators?

– Vendors who intentionally double bill

– Vendors who intentionally over bill

– Fraud rings that target various businesses

– Fraud rings that target identity theft

10

Why Municipalities Should

Care About Fraud

Potential impact from fraud:

– Financial loss

– Reputation

– Damaged relationships

– Loss of integrity with taxpayers

– Negative publicity

– Damaged employee morale

11

Why Municipalities Should

Care About Fraud

Estimated annual cost of fraud in U.S

– $652 billion was estimated to be lost to fraud in 2006 by the Assoc. of Certified Fraud Examiners (for all organizations)

– Government sector cases were 10% of the total reported to ACFE

In the government sector, billing schemes and non-cash theft were the most commonly reported forms of fraud

12

Top 10 Financial Warning

Signs of Fraud

1. Unexplained variances between budgeted and actual amounts

2. Large liabilities related to unexpected contracts

3. Significant internal control issues reported by external auditors

4. Appearance of personnel living beyond their means

5. Abnormal changes in account balances

13

Top 10 Financial Warning

Signs of Fraud

6. Unusual write-offs or other “out of the

ordinary” transactions

7. Shortages in cash, investments or other

assets

8. Complaints from taxpayers

9. Infrequent or late financial reports

10. Accounting staff is behind 3-4 months on

preparation of monthly bank reconciliations

14

Internal Controls – An In

Depth Discussion

Objectives of internal control

COSO framework and recent guidance

Fraud-specific internal controls

Roles and responsibilities in an internal

control system

What internal controls can and cannot do

15

Objectives of Internal Control

Safeguarding of assets

Compliance with policies, procedures, laws and regulations

Accomplishment of organizational objectives

Reliability and integrity of information for financial reporting

Economical and efficient use of resources

16

COSO Framework

This is a continuous, integrated process.

17

COSO Key Concepts

Internal control is a process. It is a means

to an end, not the end in itself.

Internal control is effected by people. It’s

not merely policy manuals and forms, but

people at every level of an organization.

18

Fraud-Specific Internal

Controls

Two major types of internal controls =

active and passive

Active controls = seek to prevent fraud

from occurring

Passive controls = seek to deter fraud by

significantly increasing the risk of

discovery

19

Active Internal Controls

Think of active controls like a sturdy padlock on a gate

Examples:

– Segregation of duties

– Separation of functions

– Physical asset control

– Physical restraints (e.g., locked file cabinets)

– Document matching

– Signatures, PINs

20

Passive Internal Controls

Passive internal controls seek to stop fraud

from occurring indirectly through

deterrence measures

Can be economical and effective

They create sufficient risk and make the

would-be perpetrator think “I don’t want

to go there!”

21

Passive Internal Controls

Examples:

– Audit trails

– Review processes and procedures

– Focused audits / Surprise audits

– Surveillance of key activities

– Rotation of key personnel

22

Fraud-Specific Internal

Controls

“Fraud-specific” internal control = system of

special purpose processes and procedures

designed for the primary purpose of

preventing fraud

Each city is different, with different needs.

A city’s internal control system must be

custom designed to have the maximum

effect upon fraud.

23

Roles and Responsibilities in

an Internal Control System

Everyone in a local government has responsibility for internal control.

Management (Mayor / City Manager)

– Ownership of the system

– “Tone at the top”

City Council

– Governance, guidance and oversight

– Can identify problems and intervene if management overrides internal controls

24

Roles and Responsibilities in

an Internal Control System

Other personnel / staff

– Should be explicit part of everyone’s job

description

– All personnel should be responsible for

communicating upward problems in

operations, noncompliance with code of

conduct, policy violations or illegal actions

– Do you have a whistleblower policy in place?

25

Internal Controls: What They

Can Do For a Municipality

What internal control can do:

– Helps a municipality achieve its objectives

and performance targets

– Prevents loss of resources

– Helps ensure reliable and accurate financial

reporting

– Helps a municipality comply with laws and

regulations

26

Internal Controls: What They

Can’t Do For a Municipality

What internal control can’t do:

– Change an inherently poor manager into a

good one

– Ensure success or survival, due to possible

shifts in government policies or economic

conditions

– Provide absolute assurance

– Prevent collusion between employees

27

Fraud Case Studies

Next, we will discuss specific fraud case

studies.

In each case, we will discuss:

– What fraud-specific internal controls might

have prevented the fraud from occurring?

– How could they have detected the fraud

sooner?

28

Review -- Why does Fraud

Occur?

The risk of external fraud is increasing due to new technologies– Fraud rings, cyber-crime, desktop publishing

The risk of internal fraud is increasing due to external pressures many employees are facing– Rising interest rates, adjustable rate home mortgages,

increasing gas prices, rising personal debt, cost of health care

29

Types of Fraud

Asset Misappropriations – Larceny,

skimming, fraudulent disbursements,

inventory, other assets

Corruption – Bid rigging, invoice kickbacks,

conflict of interest

Fraudulent Statements - Asset or revenue

overstatement, fictitious revenues, improper

asset valuation

30

Cash Misappropriations

Fraudulent disbursements– Causes organization to disburse funds through

some trick or device. This is the most common form of fraud

Larceny – Cash is stolen after it is recorded on the

municipalities’ books

Skimming – Cash is stolen before it is recorded on the

municipalities’ books

31

Fraudulent Disbursements

(Payment Fraud)

Check tampering

Counterfeit checks

ACH schemes

Expense reimbursement schemes

Payroll schemes

Vendor billing schemes

32

AFP’s 2007 Payment Fraud

Survey

Association of Financial Professionals (AFP) www.afponline.org

Purpose of the survey

– Review type and frequency of payment fraud in 2006

– Expose gaps in organizational defenses that could result in financial liability

– Determine whether new payment options are leading to new methods of fraud by criminals

– Promote awareness of protections organizations can take to guard against fraud

33

AFP’s 2007 Payment Fraud

Survey

Payment fraud is on the rise– 2004 55%

– 2005 68%

– 2006 72%

Checks were most often the vehicle for fraud –with ACH second

Check fraud is increasing in an environment of declining check volume

Banks bear the greatest financial burden for payment fraud losses

34

AFP’s 2007 Payment Fraud

Survey

Check Fraud

Over 9 out of 10 that experienced payment fraud included check fraud

Of the organizations that experienced check fraud

– 61% had altered payee names on checks issued

– 57% had counterfeit checks that had the organization’s MICR line, but used another name

– 41% had lost, stolen or counterfeit employee pay checks

35

AFP’s 2007 Payment Fraud

Survey

ACH Fraud

– The second most common payment fraud

– 35% of the organizations surveyed reported

ACH debit fraud

– 24% of the fraudulent checks returned by

positive pay were then presented as ACH

debits

36

AFP’s 2007 Payment Fraud

Survey

Organization losses due to:

– Internal fraud (i.e., employees)

– Accounts NOT reconciled timely or

fraudulent items not returned timely

– Positive pay NOT implemented (positive,

reverse or payee)

– The largest percentage of reported fraud was

carried out by third parties – not employees

37

AFP’s 2007 Payment Fraud

Survey

Checks are now being imaged and the images

are be exchanged and settled instead of the actual

paper checks. Of those organizations that

experienced check fraud, only 15% reported

check image fraud.

On the other hand, although over 1/3 of

respondents use remote deposit, there were no

reported incidents of fraud associated with this

service.

38

Positive Pay = Single Best Tool

for Check Fraud Prevention

Positive Pay

– Traditional positive pay

– Reverse positive pay

– Teller positive pay

– Payee positive pay

Positive pay implementation – what’s involved?

39

ACH Transactions

Overall volume of ACH transactions is rising.

Businesses still rely heavily on paper checks.

Why use ACH instead of checks?

– Bank fees less expensive

– Less human time than printing, sorting, matching,

mailing, etc.

– Supply cost less – check cost, MICR toner,

envelopes, postage

– Decrease in fraud opportunities

40

ACH Transactions

Fraud Controls

– ACH blocks or filters on accounts

– Separate accounts for checks versus ACH transaction

– Separate accounts for ACH debits vs. ACH credits

– ACH pre-notes

– Due diligence when setting up the vendor on ACH

41

ACH Future

ACH volume predicted to increase

More fraud controls expected at the bank level (i.e. payee ACH positive pay)

Universal Payment Identification Code (UPIC)

– Pay Pal concept for business to business transactions

– Looks and acts like a bank account without providing sensitive banking information

– Can be printed on invoices and displayed on internet

STP 820 - Establishes standards for remittance information with payment enabling invoices to be reconciled without manual intervention

42

Uniform Commercial Code

UCC Regulations 3 & 4

– Ordinary Care

– Comparative Negligence

Ordinary care = adequate internal controls for disbursements process, check stock storage, check stock security, timely reporting and timely bank reconciliations

See list of check stock security features

43

Vendor Verification

Google for address, phone number and other

verification

Use www.irs.gov e-services TIN lookup

Process should have the form being submitted by

one person and verified by another.

www.411.com to make sure not a residence

Have a “No TIN, No Payment” Policy

44

Vendor Verification

Minimize Vendor Record access to keep

from changing the address then changing

it back.

Review all changes via report weekly or

monthly

Review formally inactivated vendor files

for no recent activity

45

Top 10 Payment Fraud

Protections

1. Payee Positive Pay

2. ACH Protections

3. Payroll direct deposit and/or payroll card programs

4. Dual security administrators for electronic payments

5. Daily reconciliation of bank accounts (electronic and check)

46

Top 10 Payment Fraud

Protections

6. Security features on checks

7. Vendor Verification

8. Segregation of disbursement and reconciliation duties

9. Controlled access to payments processing areas

10. Strict policy of employees NOT sharing passwords

47

Duplicate Payments

Duplicate Payment Errors and Fraud

Consider outsourcing the disbursement

process

Consider cheap software for verifying

against database

Eliminate rush checks

Use data analysis products

48

Travel & Entertainment

Usually one of the easiest places for an employee to commit fraud

Fraud sometimes starts with T&E then spreads to other areas

Have a written T&E policy

Verify Expenses – mathematically, against the policy, against original receipts and against other documentation

49

Travel & Entertainment

Consider performing annual check by

reviewing reports for an entire year for a

few employees. Look for duplicates and

patterns

Consider eliminating cash advances

Consider verifying mileage with

mapquest, etc.

50

Identity Theft

Protect or eliminate paper information

Shred everything

Keep files from the public and accessible only to

employees on a need-to-know basis

Gramm-Leach-Bliley Act does not apply to non-

financial institutions

– http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshor

t.shtm

51

Purchasing Cards

GFO recommends that municipalities explore the

use of purchasing cards to improve the efficiency

of their purchasing procedures.

P-cards, T&E cards, One Cards

Benefits to Vendor

– Expedited payments

– Reduced paperwork

– Lowered risk of nonpayment (or late payment)

52

Purchasing Cards

Benefits to municipality:

– Simplified purchasing process

– Lower transaction processing costs

– Ability to set and control dollar limits

– Earn cash rebates for municipality

– Import file into AP system with GL codes

– 1099 reporting assistance

– Earn float on funds for 30 days

53

Purchasing Cards

Other Benefits

– Some have employee fraud protection

– Municipality logo printed on card

– Identify vendors for you that accept card

payment

– Department cards versus individual

– Built in approval hierarchy

– Ghost accounts

54

Purchasing Cards

3 Levels of Data

– Level 1 - basic level – same as personal cc

– Level 2 – includes sales tax

– Level 3 – includes line item detail – all information

above plus, product code, item description, item

quantity, units and price

Not all vendors send level 2 and 3, but this can be

negotiated with the vendors

55

15 Other Payment Fraud

Protections

1. Financial institution should provide multi-factor identification when using on-line banking services

2. Leverage ACH and on-line banking security (approval process, etc.)

3. Use Purchasing cards

4. Document policies and procedures including flow charts

5. Use blank check stock

56

15 Other Payment Fraud

Protections6. Perform audits of payment process

7. When designing controls use the old auditor trick “where are the weaknesses?

– If someone was to steal from you, how would they do it?

– Let them tell you the areas that need to be strengthened

8. Do not return check to the person who requested

9. Don’t automatically deposit every small dollar check that is received

57

15 Other Payment Fraud

Protections

10. Separate accounts for checks and electronic

payments

11. Further separate ACH debit and credits.

12. “Post No Checks” restrictions on electronic

payment accounts

13. Do not give out bank account numbers without

verifying that it is an active vendor and that it’s

a legitimate call

58

15 Other Payment Fraud

Protections

14. Create a master account listing of all

– Accounts

– Signers

– Account controls

– Review for updates

– Keep secure

15. Close any inactive accounts and shred remaining check stock

59

Resources

Association for Certified Fraud Examiners (ACFE) www.acfe.com

American Institute of Certified Public Accountants (AICPA) http://antifraud.aicpa.org

Association for Financial Professionals (AFP) www.afponline.org

Governmental Financial Officer Association (GFOA) www.gfoa.org

Fraud 101: Techniques and Strategies for Detection by Silverstone and Davia © 2005

60

Resources

Mary S. Schaeffer

– multiple books, articles, newsletters with practical

suggestions

– Accounts Payable and Sarbanes-Oxley: Strengthening

Your Internal Controls © 2006

– New Payment World: A Manager’s Guide to Creating

an Efficient Payment Process © 2007

– www.ap-now.com

– mary@maryschaeffer.com

61

Key Messages

Fraud can, and most likely will, happen to your municipality at some point.

Analyze your municipality for fraud potentials

Implement 3 prevention tools upon returning to your office

62

Top 10 Fraud Warning Signs

Questions and Answers

– Can we address any questions for you today?

E-Mail contact information:

– socain@masc.sc

– jfbreland@mindspring.com