Internal Controls and Fraud: Current Hot Topics and Fraud Risks In State Agencies NAST

1
Internal Controls and FraudCurrent Hot Topics
and Fraud Risks In State AgenciesNAST

• By Joseph R. Dervaes, CFE, ACFE Fellow, CIA
• Audit Manager for Special Investigations
• Washington State Auditors Office
• Vice-Chair, Board of Directors
• Association of Certified Fraud Examiners

2
Plan for Success

• Two major expectations of citizens
• (1) Safeguard money while in your control
• (2) Spend money wisely and for authorized
  purposes

3
Plan for Success

• Tone at the top
• Walking the talk
• Fraud is not a matter of if, but when
• Protect your employees
• Communicate why controls are important
• Trust by verify

4
Brief Checklist to Identify At Risk Employees

• Employee work habits
• (1) Come to work early or leave late
• (2) Works nights and weekends
• (3) Seldom missing for leave or vacation
• (4) Reports to office during brief absences
• (5) Ask others to hold work while gone

5
The System of Internal Control

• What fraud perpetrators do
• They dont play by the rules
• (1) Ignore internal controls
• (2) Compromise internal controls

6
Two Categories of Fraud Perpetrators

• Doers (first line employees)
• Reviewers (supervisors)
• Where are internal controls for each?
• (1) Doers (almost all)
• (2) Reviewers (practically none)
• Lack of monitoring by managers

7
The Circle/Square Concept

• Circle Internal control procedures
• Square What employees really do

8
Fraud StatisticsSate of Washington 1987-2004

• Number Amount
• Summary Statistics Of Cases Of Losses
• 18 Year Total 641 12,547,025
• 18 Year Average 36 697,057

9
Current Hot Topics and Fraud Risks Actual Audit
Experience

• Routine Fraud Risks
• No fixed responsibility
• Bogus check fraud risk
• Money laundering
• Accounts receivable
• Payroll
• Critical Fraud Risks
• Monitoring employee tasks
• Subtle compromise of accounts payable

10
No Fixed Responsibility

• Risk Inability to fix responsibility for losses
  to specific person
• Location Anywhere in organization
• Solution Employees sign for funds received from
  others
• The Rule Fix responsibility for money to a
  particular person, at a particular point in time,
  all the time
• Caution Dont segregate duties if fixed
  responsibility is destroyed

11
Bogus Check Fraud Risk

• Risk Bogus checks created by outsiders will not
  be identified promptly in bank reconciliation
  process, resulting in a loss
• Location Central treasurer
• Process Bank reconciliation
• (1) Main depository account (daily)
• Positive pay
• Reverse positive pay
• (2) Other checking accounts (monthly)
• Block all or filter certain electronic
  transactions

12
Money Laundering

• Risk Stolen revenue checks insiders
• Location Anywhere in organization
• Perpetrator Usually not the ones that received
  the funds first
• Solution Capture accountability for revenue
  checks immediately upon receipt in the
  organization

13
Money Laundering

• Inside the organization
• (1) Check for cash substitution in bank deposit
• (2) Irregular deposits in bank accounts with
  similar name as organization
• (3) Irregular deposits in authorized bank
  accounts in the organization
• (4) Making cash-back withdrawals from bank
  deposits
• (5) Altering checks by increasing the amount

14
Money Laundering

• Outside the organization
• (1) Deposits into bogus bank account for
  organization
• (2) Deposits into personal bank account
• (3) Cashing checks at bank or vendor

15
Accounts Receivable

• Risk Employee steals accounts receivable
  revenue
• Methods of concealment
• (1) Write-off the account
• (2) Let the account go delinquent (risky)
• Solution Obtain and review computer-generated
  exception reports listing all non-cash
  transactions
• Caution We often forget employees authorized to
  write-off transactions can do it 24/7/365,
  whether authorized or not
• Additional advice An independent party should
  receive and review all customer feedback about
  account irregularities

16
Accounts Receivable
Independent Party (Supervisor) Reconciliation
Clerk Position Billing/Posting/Adjustments No
Bills/Shut-Offs
Clerk Position Collecting Depositing
17
Payroll The Perpetrator

• All employees (everyone can do something)
• Department timekeepers (who add unauthorized
  hours of work)
• Department managers (who sign their own time
  sheets)
• Payroll Department employees/managers (who add
  unauthorized hours of work and delete their own
  leave)

18
The U-Turn Concept

• The Straight Line The U-Turn Concept

Source
Source
Approval (Supervisor)
Approval (Supervisor)
Payment (Payroll Processing)
Payment (Payroll Processing)
19
The Five Most Common Payroll Fraud Schemes

• Ghost employees
• Mid-month payroll draws not deducted from
  end-of-month payroll
• Unauthorized employee pay
• COBRA program abuses
• Advance release of withheld funds

20
Payroll Fraud Schemes

• Ghost employees (few)
• Attribute Employee never comes to work
• High risk employees Part-time, seasonal, or
  temporary employees
• Prevention Verify existence of employees by
  payroll payout list using non-payroll employees
  to validate

21
Payroll Fraud Schemes

• Mid-month payroll draws not deducted from
  end-of-month payroll (few)
• Attribute Occurs in small organizations
• High risk employee Payroll Department employee
  or manager
• Prevention Review payroll records of key
  managers

22
Payroll Fraud Schemes

• Unauthorized employee pay (many)
• Attribute Fraud not systemic specific
  employees only
• High risk employee Department manager or
  payroll timekeeper
• Prevention Monitor payroll records for key
  employees for unusual data

23
Payroll Fraud Schemes

• COBRA program abuses (few)
• Attribute Employee benefits provided without
  authorization, approval, or support
• High risk employee Payroll Department employee
  or manager or organization manager
• Prevention Reconcile suspense funds
  established to process program payments

24
Payroll Fraud Schemes

• Advance release of withheld funds (few none in
  Washington - yet)
• Attribute Tax withholding checks issued to
  bank and cashed before the payroll date
• High risk employee Payroll Department manager
  or Chief Financial Officer
• Prevention Review endorsements on tax
  withholding checks

25
Monitoring Employee Tasks

• Risk The last person making the bank deposit
  manipulates contents
• Location Decentralized or central treasurer
• Solution Independent party monitoring
• How Verify check and cash composition of bank
  deposits match mode of payment of cash receipting
  records

26
Monitoring Employee Tasks
Cash Receipting
Bank
Supervisory Cashier
Cashier
27
Check and Cash Composition Verification Methods

• Obtain bank-validated deposit slip
• Verify composition on-line
• Unannounced cash count before deposit
• Have bank return deposit to entity
• Have bank copy deposit contents

28
State Agency Fraud StatisticsState of
Washington 1995-2004

• Number Amount
• State Agency Summary Of Cases Of Losses
• Cash Receipts 16 118,466
• Cash Disbursements 29 2,450,840
• Other Assets 4 104,276
• Total State Agency Fraud Cases 49
  2,673,582
• 10 Years
• Percentage of Total Fraud Cases 10.8
  29.1
• 
  

29
State Agency Fraud StatisticsState of
Washington 1995-2004

• Number Amount
• Cash Receipts Summary Of Cases Of Losses
• Cash Receipting Irregularities 9
  48,447
• Missing or Short Bank Deposits 2
  36,051
• Missing Funds from Safes/Vaults 2
  5,299
• Missing Funds from Checking Accounts
  1 14,892
• Bogus Checks Clearing the Bank 1
  12,594
• Petty Cash Fund Irregularities 1
  1,183
• Total State Agency Cash Receipts Fraud Cases
  16 118,466
• 10 Years
• Percentage of Total State Agency Fraud Cases
  32.6 4.4

30
State Agency Fraud StatisticsState of
Washington 1995-2004

• Number Amount
• Cash Disbursements Summary Of Cases Of
  Losses
• False Cash Disbursements 10
  643,394
• False Contractor Reimbursements 1
  839,071
• False Payments for Service to Vendors
  1 839,707
• False Employee Travel Reimbursements
  5 87,348
• Unauthorized Use of Gift Coupons 1
  2,450
• Payroll 4 8,863
• Credit Card Abuse 4 18, 500
• Telephone Abuse 3 11,507

31
State Agency Fraud StatisticsState of
Washington 1995-2004

• Number
  Amount
• Other Assets Summary Of Cases Of Losses
• Theft of Assets 4
  104,276
• Total State Agency Other Assets Fraud Cases
  4 104,276
• 10 Years
• Percentage of Total State Agency Fraud Cases
  8.2 3.9

32
Subtle Compromise of the Accounts Payable System

• Risk Individual obtains a negotiable instrument
  and coverts it to cash for personal gain
• Location Accounts payable and check
  distribution
• Perpetrator Inside the organization or outsider
  with insider help

33
Subtle Compromise of the Accounts Payable System

• Problems
• (1) One person performs accounting and data
  processing functions
• (2) Input and output duties are the kiss of
  death in disbursement frauds
• (3) Post-it? notes
• (4) Look for a straight-line from source to
  accounts payable to check distribution

34
The U-Turn Concept

• The Straight Line The U-Turn Concept

Transaction Initiator
Transaction Initiator
Accounts Payable Function
Accounts Payable Function
Check Distribution Section
Check Distribution Section
35
Subtle Compromise of the Accounts Payable System

• Problems (Continued)
• (5) Prepare or obtain an exception report of
  all U-Turn transactions
• (6) Compromise of pseudo vendor codes

36
Subtle Compromise of the Accounts Payable System

• Solutions
• (1) Review access controls
• (2) Prohibit one person from performing
  accounting and data processing functions
• (3) Document all exceptions to system by use of
  Post-it? notes
• (4) Ensure accounts payable employees process
  transactions rather than initiate/create them
  (supervisor approval)

37
Subtle Compromise of the Accounts Payable System

• Solutions (Continued)
• (5) Accounts payable duties should not be
  performed outside the function
• (6) Obtain a computer-generated exception
  report and review all pseudo vendor code
  transactions for authorization, approval, and
  support
• (7) Ensure governing bodies closely monitor an
  individual who has total control of all
  transactions in a small organization (CFO/CEO)

38
Subtle Compromise of the Accounts Payable System

• Solutions (Continued)
• (8) Monitor all refund transactions (negative
  cash and high risk)
• (9) Examine vendor contracts if high,
  increasing, and unusual volumes exist

39
Key Learning Objective for Today

• Attribute of completeness is critical to
  understanding the risk for fraud

40
Key Learning Objectives for Today

• Always seek (or prepare) computer-generated
  exception reports to identify the universe of
  known high risk transactions, such as
• (1) Accounts receivable write-off transactions
• (2) Accounts payable
• (a) U-Turn transactions (Post-it? notes)
• (a1) Accounts payable function
• (a2) Check distribution section
• (b) Pseudo vendor codes (abuse, then fraud)
• (3) Payroll U-Turn transactions (at
  supervisory position)

41
Critical Fraud Risks

• Cash Receipts
• Monitor the last person who makes the bank
  deposit
• Cash Disbursements
• Employees with too much access and control
  (segregation of duties) are the kiss of death.
  Fraud will happen
• Monitor contractor billings for propriety