Mastering Internal Controls and Fraud Prevention American Institute of Professional Bookkeepers © American Institute of Professional Bookkeepers, 2010.
Post on 15-Jan-2016
239 Views
Preview:
Transcript
Mastering Internal Controls and Fraud Prevention
Mastering Internal Controls and Fraud
PreventionAmerican Institute of
Professional Bookkeepers
© American Institute of Professional Bookkeepers, 2010
Mastering Internal Controls and Fraud Prevention
Helpful definitions Bribery—money or favors offered or
given to influence the conduct or views of a person in a position of trust
Consent decree—an agreement between two parties sanctioned by the court
Example: A company or individual consents (agrees) to stop questionable practices without admitting guilt
Terminology
Mastering Internal Controls and Fraud Prevention
Terminology Counterfeit—a copy of a valid license,
written authorization or legal tender (money) intended to defraud
Embezzling—misappropriation of another’s property (almost always money) for personal use in violation of trust
Forgery—A false document, or a valid one altered, with the intent to deceive—such as an altered check or credit card
Mastering Internal Controls and Fraud Prevention
Terminology Fraud—intentional deception perpetrated
to secure unfair or unlawful gain Larceny—unlawfully taking something—
i.e., stealing. If the stolen item(s) are of great value, such as a large amount of money, it is grand larceny
Prima facie evidence—evidence that appears to be sufficient to establish facts unless rebutted, such as a person found at a murder scene holding a weapon
Mastering Internal Controls and Fraud Prevention
Terminology Subrogation—substitution of one
entity or person for another.
Example: Under subrogation, when an employer discovers that a bonded employee has embezzled funds, the insurance company takes the place of the employer to obtain return of the funds
Mastering Internal Controls and Fraud Prevention
Four Types of Noncash Theft
1. Unconcealed larceny (theft of physical assets)
2. Falsified shipping or receiving reports
3. Fraudulent shipments
4. Fraudulent write-offs
Mastering Internal Controls and Fraud Prevention
Unconcealed Larceny Review: Larceny is unlawfully taking something from another entity or personWhy is unconcealed larceny not reported?
People assume that co-workers are honest Loyalty to friends Seeing the world as management vs. labor Poor channels of communication Personal involvement in the theft Fear of job loss if the thief is a superior
Mastering Internal Controls and Fraud Prevention
Falsified Receiving/Shipping Reports
The most common kinds of theft:Receiving reports—normal goods are reported as defective to cover up theftShipping reports—goods are shipped to a cohort’s home or business address
Example: The thief puts an accomplice’s address on the shipping report
Retailer example: Same scheme—the goods are then “returned” for cash
Mastering Internal Controls and Fraud Prevention
Fraudulent Write-offsFraudulent write-offs can take many forms: Forcing the reconciliation of accountsExample: Stealing goods, then covering up
the theft with a journal entry, such as: COGS XXX Inventory XXX
Altering inventory recordsExample: The thief overstates the physical count of goods on hand to match the altered records, thus covering up the theft
Mastering Internal Controls and Fraud Prevention
Fraudulent Write-offs Creating a fictitious sales order Example: The thief records a fictitious sale, then
covers up the unpaid order by debiting the amount to: an overdue A/R, or Discounts and Allowances Bad Debt Inventory Shortage Expense
Writing off good inventory as scrap, then taking it home, or selling it and keeping the cash, or giving it to an accomplice
Mastering Internal Controls and Fraud Prevention
When there is no centralized department When there is no centralized department to receive and store merchandiseto receive and store merchandise
Mastering Internal Controls and Fraud Prevention
Red Flags of Inventory Theft These include (see workbook pages 3-4): High levels of inventory shrinkage Frequent customer complaints about
shipment shortages Unsupported adjustments to perpetual
inventory records Excessive purchases of materials or
merchandise An unexplained increase in COGS as a
percentage of sales
Mastering Internal Controls and Fraud Prevention
1. Proper documentation, properly monitored Purchase orders, receiving reports, sales
orders, and shipping documents should be pre-numbered and the numerical sequence monitored
Shipping documents should require a sales order
Paying an invoice should require supporting documents—a purchase order and receiving report
Five Inventory Internal Controls
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
2. A system for storing and counting inventory: Periodic physical counts of all inventory Instructions on how to account for
missing, unused and voided tags A practical system for
describing/identifying inventory
Mastering Internal Controls and Fraud Prevention
3. Segregation of duties Different employees should be
responsible for authorization v. recordkeeping v. custody of assets
Examples:• An employee authorized to initiate a purchase
order cannot record the purchase and cannot receive the goods or pay the invoice
• An employee working in the warehouse cannot have authority to initiate a sales order and cannot record incoming or outgoing inventory
Five Inventory Internal Controls
Mastering Internal Controls and Fraud Prevention
3. Segregation of duties
Five Inventory Internal Controls
Mastering Internal Controls and Fraud Prevention
4. Physical safeguards Lock up valuable inventory Restrict access to only authorized
parties Consider adding cameras, guards and
electronic access logs
Five Inventory Internal Controls
Mastering Internal Controls and Fraud Prevention
5. Analytical reviews—periodic checks of: COGS as a percentage of Sales (is it higher?)
Percentage gross margin [Sales – COGS] Sales (how does it compare to last period?)
Inventory turnover rate [COGS Avg. Inv.] (how does it compare to last period?)
Cost per unit (how does it compare to previous periods?)
Five Inventory Internal Controls
Mastering Internal Controls and Fraud Prevention
Which Employees May Steal?
Experience shows that the employees likely to steal often: Express deep-seated resentment
Have an inexplicably lavish lifestyle
Have addictions (gambling, drugs, alcohol)
Are overextended (indicated by frequent phone calls from creditors)
Mastering Internal Controls and Fraud Prevention
Which Employees May Steal?Pressure
Opportunity Justification
Poor internalcontrols
Addictions Overextended
Perceivedmistreatment
Mastering Internal Controls and Fraud Prevention
How to Prevent Employee Theft
To prevent employee theft: Do not hire high-risk applicants
Verify past employment • Ask whether the person is eligible to be rehiredObtain a candidate’s written consent before
checking
Check for criminal convictions• If Nexis or ChoicePoint does not have
information, go to the county courthouse and check the criminal records in the criminal courts division
Mastering Internal Controls and Fraud Prevention
Require drug screening of applicants—and possibly current employees
Consult a labor lawyer before implementing
Check references—actually call each one Verify degrees, certifications and licenses
How to Prevent Employee Theft
Mastering Internal Controls and Fraud Prevention
Perform internal audits and always include: Expense reports Purchasing records Sales records Cash accounts Customer complaints
Have the audit performed by someone who does not handle the records audited
How to Prevent Employee Theft
Mastering Internal Controls and Fraud Prevention
Theft insurance, fidelity bonds, covers: Routine theft and embezzlement Commercial bribery and stock fraud Lost earnings from theft of lists
Optional riders may cover losses from: Counterfeit paper currency/money orders Forgery (deposits, credit cards, computer)
Your company must prove that: Fraud was the cause of the losses claimed There is an identified suspect
Protection Against Employee Theft
Mastering Internal Controls and Fraud Prevention
The policy’s subrogation provision guarantees the insurer: The right to sue the wrongdoer No interference with the right to sue No settlement without the insurer’s
consent
Funds collected in excess of the policy amount are paid to the insured (your firm)
Protection Against Employee Theft
Mastering Internal Controls and Fraud Prevention
Signs of Employee TheftTypical signs of theft
An A/R balance does not equal the sum of the subsidiary A/R balances
Slow collections or unusually high bad debt write-offs
Checking accounts do not reconcile
Hard-copy files include copies, not originals
For a complete list, see workbook page 18
Mastering Internal Controls and Fraud Prevention
Fraud Controls in Very Small Firms
Controls for firms with 1 or 2 employees: Have tax and bank statements mailed to the
owner’s home Shuffle bank statement pages (to give the impression
that bank statements are reviewed)
Involve the owner’s spouse Spouses are less trusting of employees Spouses are more curious about fraud Spouse should attend the first internal controls
meeting If a spouse is replaced by an employee, beef up
controls
Check FraudThe most common types: Checks written on insufficient funds Checks written on a closed account Counterfeit checks Forged checks from the employee’s
company Employee theft of vendor’s checks
Mastering Internal Controls and Fraud Prevention
Check TheftThe most common types: Checks or statements stolen (to order
more with the company image/logo)
Check washing (payee and amount are erased and new data inserted)
Check stock with imprinted account data is stolen
Mastering Internal Controls and Fraud Prevention
Mastering Internal Controls and Fraud Prevention
Check Fraud SchemesThe most common types: Check kiting
Nonexistent funds are deposited, a check is written on the account depositing the “funds” in another bank, etc.
Paperhangers Pass phony checks to distracted employees
requesting cash back Women with crying baby distracts employee
Stop-payment orders Forged travelers’ checks—$100 common
Mastering Internal Controls and Fraud Prevention
Spotting CounterfeitsSigns that a check is counterfeit: A slick feel—because on color copies the
print is not raised as on genuine checks
Lack of texture
No watermark or micro printing or hologram —even high-quality offset lithography may lack one
Mastering Internal Controls and Fraud Prevention
New Check-Printing Technologies
New methods of printing help prevent fraud:
Prismatic lithography—uses color patterns that are difficult to separate (and hard to imitate)
Scrambled indicia—uses a pattern of colored dots that becomes a word when seen through a colored filter
Micro-line—uses a microscopic line of tiny letters
Mastering Internal Controls and Fraud Prevention
New Check-Printing Technologies
Hologram—when a hologram on a check is viewed from different angles, it changes appearance and color
Security seal on back—the seal becomes visible when held up to the light
Mastering Internal Controls and Fraud Prevention
What to Look forWhen reviewing cancelled company
checks: Fan the checks to spot slightly different
colors
Investigate gaps in check numbering
Investigate long-outstanding checks
Investigate too many second endorsements
Mastering Internal Controls and Fraud Prevention
Employee Check FraudEmployment taxes are a favorite target Ask the owner/spouse/outside bookkeeper
to check endorsements
Be aware that an outside payroll service may have a dishonest employee with access to company financial data
For a complete list, see workbook pages 32
Mastering Internal Controls and Fraud Prevention
Customer Check FraudTo prevent customer check fraud: Have a policy—e.g., employees must
examine each piece of customer ID, such as: Valid, signed driver’s license with recent photo A second photo ID (do not accept Social Security
cards, business cards, birth certificates, unsigned credit cards)
Use deterrents, such as The company check acceptance policy in plain view An electronic security system in plain view
Mastering Internal Controls and Fraud Prevention
Customer Check FraudHave a strict check acceptance policy Train employees on what to look for
Have employees ask for additional ID or consult supervisor if a customer is: Overly polite
Especially nervous Aggressive Hurried Overly careful in signing a check Tries to distract employee while writing check
Mastering Internal Controls and Fraud Prevention
Customer Check FraudSystems that help prevent fraud
include: Bank verification, e.g., 900 numbers to call
Shared information networks
Check guarantors—typical charge, 1.5% –2.25%
Mastering Internal Controls and Fraud Prevention
Mastering Internal Controls and Fraud Prevention
Credit Card FraudTo prevent fraud: Show employees
How fraud schemes work
How to spot counterfeit and forged credit cards
Establish a liaison with local law enforcement
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
The most common schemes are: Fraudulent advances or overpayments
Using bad checks for advance payments on stolen cards—then running up charges before the bad check is discovered
Shave and paste Shaving off the old letters/numbers on the card
and pasting on new ones
De-emboss/re-emboss Flattening raised characters using heat and
pressure, then raising new characters with an embosser
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
Counterfeit cards Cause the greatest losses Can be sophisticated Use a phony hologram• Telltale sign: The hologram does not
change color when viewed from different angles
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
Credit card numbers—obtained through fraudulent phone calls or mail order: “You have won a free trip—we must
verify your card number before sending it to you”
“This is Visa. We have a report that your card was stolen—please verify your card number”
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
Other credit card fraud schemes: Sending out a false application for a credit
card to obtain personal data Intercepting a new card on route Obtaining a merchant number (by reading
the magnetic strip on a stolen card), then using this number to obtain the balance on the card and charging purchases to it (“skimming”).
For a complete list, see page 47 of your workbook.
Mastering Internal Controls and Fraud Prevention
Spotting ScamsEmployees can be trained to: Spot customer behavior that may
indicate fraud (workbook page 48) Spot bad cards (page 49)
Checking a Visa CardUltraviolet-sensitive dove is visible on the face of the card when placed under an ultraviolet light.
A four-digit number must be printed directly below the account number and match exactly the first 4 digits of the account number. Both must begin with “4.”
Embossed or printed account number must begin with “4.” All digits must be clear, even and of the same size/shape. But on a re-embossed card, the numbers may be fuzzy. Always check the hologram where it’s easier to spot a re-embossed number.
The hologram , a flying dove, should look three-dimensional and seem to move when the card is tilted back and forth.
“Good thru” (or “valid thru”). This date, below the account number, is the card’s expiration date. If today’s date is later than this date, the card has expired.
The flying “V” embossed security character next to the “Good Thru” date is not a required security feature and therefore may not be on all cards.
Visa logo should have micro-printing around its border. This printing is barely readable without a magnifying glass.
Checking a MasterCard1. The first four digits of the account
number must match the preprinted four-digit BIN (bank identification number). All MasterCard account numbers must start with “5.”
2. The last four digits of the account number must match the four digits that appear on the cardholder’s receipt.
3. The hologram, two globes with “MasterCard” in the background, should look three-dimensional. When rotated, the hologram should reflect light and seem to move.
4. The stylized “MC” security feature has been discontinued, but may continue to appear on cards through June 01, 2010.
Checking a MasterCard
5. The signature panel has “MasterCard” printed at a 45 angle in various colors. Any tampering will smudge or erase some of the letters. For swiped transactions, compare the signature on the card with the cardholder’s signature on the receipt.
6. On the signature panel, there are seven digits—the first four must match the last four of the account number. Slightly to the right is a printed three-digit CVC2 (verification) number.
2. All AMEX account numbers start with “3” in clear, uniform, embossed numbers with the same size and spacing. This number should match the account number on the back of the card—and the one on the printed receipt.
Checking an AMEX1. The preprinted Identification Number
(CID) (verification number) is not embossed. It should always appear above the account number, on the right or left edge of the card.
4. Do not accept a card after its expiration date.
3. The centurion should be printed in the kind of fine detail you see on U.S. currency When viewed under ultraviolet light, the centurion should be phosphorescent and you should see the word “AMEX.”
5. Only the person whose name is embossed on the card may use it—no one else.
6. This statement gives American Express the right to take possession of the card at any time.
Checking an Amex Card
7. Some cards have a hologram of the American Express image embedded in the magnetic strip.
8. The signature panel should not be taped, mutilated, erased or painted over. Check the signature on the back of the card against the one on the transaction receipt. If a customer gives you an unsigned card, request a photo ID with signature—then ask the customer to sign the card and transaction receipt while you hold the ID. (Check with management before implementing this policy.)
Mastering Internal Controls and Fraud Prevention
Company Credit CardsCertain policies can greatly reduce losses: No personal use unless authorized by company
Employees must reimburse company for personal charges promptly
Unsubstantiated charges are deducted from pay (consult a lawyer before implementing)
Normal documentation must be submitted (not just the charge slip)
Stolen/lost cards must be reported within 3 days
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You Vendors cheat companies in many
ways: Bribery
Paying an employee to influence a purchase decision
Inducing employees to act as vendor’s agent• Employees have a legal obligation to act in
the employer’s best interests• Employees must refrain from self-dealing
or using their position to further personal interests at the employer’s expense
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You Telemarketing fraud
To prevent being scammed on advertising materials • Check vendors with Better Business Bureau (BBB) • Get customer references—ask for samples• Do not be pressured into a purchase• Get a contract with a small or no down payment
To prevent being scammed on internet services:• Shop around for access services and others• Be suspicious of incredibly cheap offers• Check terms • Ask for free trials and samples of past work• Consider local vendors (they rely on referrals)
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You Paper and toner scams
Do not remit payment until you know that your company has received the items
Designate one employee to be in charge of ordering office supplies
Beware of “last chance” offers Ask for a phone number and call it—if it is a
company, it should also have a switchboard number with zeros—e.g., 555-5100
If there is a dispute—put it in writing
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You Loan scams
Ask your company’s bank first—if it refuses, find out what is needed to reverse the decision
Be cautious of unsolicited offers—do not believe loan ads regardless of credit problems
Get all loan terms in writing before signing, including payment schedule and interest rates
Watch for red flags of a scam, such as:• Upfront processing fees• Application fees• First-payment fees
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You Buyers’ club scams
Get details—be wary of upfront costs, such as a welcome package for which you “just pay shipping and handling”
Comparison shop Be skeptical—just because the buyers’ club
gives you some financial data does not make it legitimate
Watch for unauthorized charges—if you see one, contact your credit card issuer immediately
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat YouTelemarketing scams law enforcement FTC laws enacted in 1995 require that:
Salespeople must clearly identify themselves and company by name and provide a phone number
Vendors must provide certain services and information before demanding payment
Vendors may call only between 8 a.m. and 9 p.m.
Vendors must provide details of the offer in “clear and conspicuous” writing that is easy to understand —before closing the sale
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat YouResources for checking out vendors: FBI lists of “Common Fraud Scams”
Better Business Bureau (BBB) lists of companies with customer complaints—and whether they were resolved
National Fraud Information Center (NFIC) rankings of telemarketing, internet and other frauds by frequency
Federal Trade Commission (FTC)
top related