GOLDSRD Fraud Auditing Basics Feb 2015 4 Hours · Fraud Auditing Basics Danny M. Goldberg, Founder Course Objectives ... – Understand the fraud risks – Recognize red flags –

Fraud Audi)ng Basics [email protected]

(C) GoldCal LLC 2015 1

Fraud Auditing Basics

Danny M. Goldberg, Founder

Course Objectives

•  Detailed analysis of controls and processes

•  Understanding of key fraud risks

•  Understanding of best practices and segregation of duties

•  Understanding of key audit risks

•  Inter-linkage between manual, IT and spreadsheet controls



FRAUD OVERVIEW

Fraud Quiz

1.  What % of its revenue does the typical organization loose to fraud each year?

2.  How many months does a fraud usually last before being reported?

3.  What is the most common type of occupational fraud? 4.  Three industries most common victimized by fraud are: 5.  How many prior offenses have occupational fraudsters

often committed? 6.  Do the higher fraud losses tend to be committed by

fraudsters with low or high tenure with an organization? 7.  What departments do most fraudster’s work in?



Fraud Quiz Answers – Page 1 of 2

•  What % of its revenue does the typical organization loose to fraud each year? –  (Answer – 5%)

•  How many months does a fraud usually last before being reported? –  (Answer – 18 months)

•  What is the most common type of occupational fraud? –  (Answer – asset misappropriation)

•  Source – Report to the Nations on Occupational Fraud and Abuse – 2012 Global Fraud Study, Association of Certified Fraud Examiners

Fraud Quiz Answers – Page 2 of 2

•  Three industries most common victimized by fraud are: –  (Answer – banking & financial services, government & public administration,

and manufacturing)

•  How many prior offenses have occupational fraudsters often committed? –  (Answer – None! Most are first offenders with clean histories)

•  Do the higher fraud losses tend to be committed by fraudsters with low or high tenure with an organization? –  (Answer – the higher the fraud loss – median of $229,000 are committed

by fraudsters with more than 10 years. Those during the first year on the job committed a median of $25,000)

•  What departments do most fraudster’s work in? –  (Answer – accounting, operations, sales, executive/upper mgmt., customer

service, and purchasing)



Kroll Survey – Types of Fraud

Type of Fraud – Kroll Survey 2012 2011 2010

Theft of Physical Assets 24% 25% 27%

Information Theft 21% 23% 27%

Management Conflict of Interest 14% 21% 19%

Vendor, Supplier or procurement fraud 12% 20% 15%

Internal Financial Fraud 12% 19% 13%

Corruption and Bribery 11% 19% 10%

Financial Mismanagement Not reported 16% 13%

Regulatory or Compliance Breech 11% 11% 12%

Intellectual Property Theft 8% 10% 10%

Market Collusion 3% 9% 7%

Money Laundering 1% 4% 7%

ACFE Report to the Nations 2012

•  Organization loses: 5% of its revenue to fraud annually

•  Median loss: $140,000

•  Average length: 18 months

•  Most common: Asset misappropriation (87%)

•  Greatest risk: Corruption and billing schemes

•  Likely perpetrator: Senior management & long-time employees with clean histories



Truth – White Collar Criminal

•  Older (30+ years) •  55% male, 45% female •  An appearance of a stable family situation •  Above average (postgraduate) education. •  Less likely to have a criminal record. •  Good psychological health. •  Position of trust. •  Detailed knowledge of accounting systems

and their weaknesses. •  Prior accounting experience.

The Definition of Fraud

“… any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”



Fraud Auditing Overview

•  Audits are not designed to detect fraud –  Goal: Determine whether the financial statement is free

from material misstatements.

•  Auditors test only a small fraction of transactions

•  Auditors must: –  Be aware of the potential of fraud

–  Discuss how fraud could occur

–  Delve into suspicious observations and report them

Discussion



Myth - Responsibility

•  Auditors job to prevent and detect fraud

•  Internal auditors are the first line of defense against fraud

Auditor Responsibility

•  All auditors should have at least: –  Some semblance of fraud training/experience

–  Creation/Involvement of the anti-fraud assessment

–  Solid understanding of measures intended to prevent and detect fraud

–  Awareness of financial fraud schemes and scenarios and knowledge of forensic investigations

–  Ability to detect financial statement fraud, which requires a firm understanding of financial reporting standards



Truth - Responsibility

•  According to Statements on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, management is responsible for

– Designing and implementing systems and procedures for the prevention and detection of fraud

– Along with the board of directors, for ensuring a culture and environment that promotes honesty and ethical behavior

Truth - Responsibility

Standard 1210.A2: The internal auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. •  According to IIA’s IPPF, Internal Auditors must:

–  Understand the fraud risks –  Recognize red flags –  Design and conduct tests –  Report known or suspected fraud



IIA Standards on Fraud

•  1220.A1 – Exercise due professional care (skepticism) by considering the probability of significant errors, fraud or non- compliance

•  1220.A2 – Evaluate the potential for the occurrence of fraud and how the organization monitors fraud risk

•  2210.A2 – When establishing audit objectives, consider the probability of significant errors, fraud or non- compliance

Internal Auditing and Fraud

•  Fraud awareness (reasons and examples for fraud and potential fraud indicators)

•  Fraud roles and responsibilities •  Internal audit responsibilities during audit

engagements (execution & communication) •  Fraud risk assessment (identifying relevant fraud

risk factors and mapping existing controls to potential fraud schemes and identifying gaps)

•  Forming an opinion on internal controls related to fraud



Knowledge & Skills For Audit Success

•  Big Picture - Vision •  Interviewing •  Project management •  Time management •  Planning skills •  Auditing standards •  Risk management •  Business analysis •  Finance and Accounting •  Strategic planning •  Organizational structures

•  Detail oriented •  Control focus •  Presentation skills •  Critical thinking •  Process mapping •  Working paper

documentation •  Industry specific knowledge •  Information technology •  Laws •  Fraud awareness

Knowledge

Myth •  Internal Auditors are fraud

experts

•  Internal Auditors know what to look for

•  Internal Auditors can spot a fraudster

Truth •  Most rarely know more

than the fraud triangle and how to define fraud

•  Most don’t know what to look for because they haven’t seen it before

•  Most don’t know the general characteristics of a fraudster



Truth – Fraud Learning

•  Learn the Business •  Learn what should happen to be able to

recognize problems (Get to know the red flags)

•  Learn to ask the Right questions ... inside internal audit and outside

•  Put aside the apprehension against asking for help

•  Then reinforce with classroom training

Testing

Myth •  Internal Auditors review of

documentation is thorough enough to detect fraud

•  Internal Auditors will know it when they see it.

•  Internal Auditors know how to test for fraud

Truth •  Internal Auditors only

sample –Sampling risk

•  There is always Audit Risk & non-sampling risk

•  Most auditor’s don’t know that analytics is the best test for fraud



The Fraud Triangle

Opportunity •  Must gain access to assets/

records •  Can be controlled/prevented

by organization

Rationalization •  Follow through and commit the

fraud •  Can be controlled/prevented

by organization

Pressure •  The more incentive, the easier it is to justify •  Financial or personal problems, financial

pressure, mental instability

The Fraud Triangle What to look for… •  Consistent inventory adjustments for defective items or

shrinkage •  Compensation tied to operating results •  Consistently meet/exceed analyst expectations •  Operations in countries with history of bribery •  Related party transactions •  Material or frequent adjusting entries •  Missing, altered, late documents •  Lackadaisical oversight combined with friendly employee

relations •  Change in personal habits or behavior



How is Fraud Discovered?

How is Fraud Discovered?



Detection of Fraud Schemes

Factors Contributing to Fraud

Contributing Factor Percentage

Poor Controls 59%

Management Override 36%

High Risk Industry 34%

Third Party Collusion 33%

No Ethics Policy 7%

No Board of Directors Control 6%

Other 2%



What is a Trusted Employee?

•  Independent •  Almost all work alone •  Never take vacation •  Knows everything •  Work long hours

– To work early/leave late

Ø We trust employees too much (blind trust) Ø Must use trust but verify concept (monitoring)

What is an “At Risk” Employee?

•  Employee work habits (1) Come to work early or leave late (2) Works nights and weekends (3) Seldom missing for leave or vacation (4) Reports to office during brief absences (5) Ask others to hold work while gone (6) Knows too much (7) Too helpful or too involved

The Issue is Control



Management’s Role in Fraud

•  Establish, maintain and evaluate antifraud programs and controls: – Perform fraud risk assessment (FRA) – Create strong control environment – Design and implement antifraud programs and

controls – Communicate information related to antifraud

programs – Monitor the effectiveness of antifraud programs

and controls

FRAUD RED FLAGS



Red Flags Are Indicators, Not Proof

•  Living beyond means (36%) •  Financial difficulties (27%) •  Close association with vendors/customers

(19%) •  Poor internal controls (18%) •  Employee morale changes •  Employee turnover •  Pressure to meet targets •  Management infighting •  Addiction problems

Employee Red Flags •  Significant change in lifestyle, such as new wealth •  Financial difficulties may create need

–  Gambling or drug addiction –  Infidelity is an expensive habit

•  Criminal background •  Chronic legal problems

•  Dishonest behavior in other parts of life •  Beat the system

–  Break rules commonly

•  Chronic dissatisfaction with job



Organizational Red Flags

•  Lack of communication of expectations

•  Too much trust in key employees

•  Lack of proper authorization procedures

•  Lack of attention to detail

•  Changes in organizational structure

•  Tendency towards crisis management

Financial Document Red Flags •  Missing/Altered

documents

•  Excessive number of voided documents

•  Documents not numerically controlled

•  Questionable handwriting or authorization

•  Numerous duplicate payments

•  Unusual billing addresses

•  Address of employee same as vendor

•  Duplicate or photocopied invoices

•  Invoices not folded for envelope



Accountability and Control Red Flags

•  Lack of segregation of duties

•  Lack of physical security and/or key control

•  Weak links in chain of controls and accountability

•  Missing independent checks on performance

•  Weak management style

•  Poor system design

•  Inadequate training

How to Minimize Fraud Risk

•  Adhere to policies/procedures (especially documentation and authorization)

•  Identify and understand of key controls and fraud areas

•  Ensure physical security over assets •  Provide proper training to employees •  Independently review and monitor tasks •  Review segregation of duties •  Ensure clear lines of authority



How to Minimize Fraud Risk •  Rotate duties in positions susceptible to fraud •  Ensure employees take regular vacations •  Schedule regular independent audits of areas susceptible to

fraud •  Ensure background checks including criminal and credit for

all employees •  Make sure internal controls are followed •  Ask for documentation •  Ensure that one person does not have total responsibility for

a process •  Evaluate performance regularly •  Report suspicious activity

FRAUD DETECTION



Fraud Detection Controls

•  Hotlines

•  Customer complaints

•  Internal audit/fraud audits

•  Data mining/analysis

•  Process-specific internal controls

FRAUD INTERVIEWS



Why Interview for Fraud?

•  People actually admit they have committed fraud, abuse, or other illegal acts when confronted

•  People who have knowledge of wrongdoing but are not involved in fraud often will not come forward (in most cases) with information unless asked

•  Quickly identifies control weaknesses

Interview versus Interrogation

Interview •  Purpose is to gather

information •  Non-accusatory •  Free-flowing •  Interviewer speaks 5% •  Stay within social zone •  Note taking O.K. •  No Miranda warning

required

Interrogation •  Purpose is to get a

confession •  Accusatory •  Structured •  Interrogator speaks 95% •  Start at personal zone,

move to intimate zone •  No notes (until after

confession) •  No time limit



Communication Analysis

•  What did the subject say?

•  What did the subject NOT say?

•  Vocabulary, parts of speech, syntax, and structure form the basis for analyzing communication.

Key Words / Phrases

•  Adverbs – – “I usually [but not always] unlock the safe.”

– “I normally [but not always] reconcile the accounts.”

– “Basically [but not completely], that’s what happened.”

– “Mostly [but not always], I get a second signature.”



Key Words / Phrases

•  Adverbs – – “I rarely [but not exclusively] speak with him

anymore.”

– “I hardly knew him [but I did know him].”

Adjectives

•  Dishonest subjects often omit adjectives altogether or qualify their remarks – “I think…”



Questioning the Subject

•  Confronting the Subject – Avoid confrontation until later in the interview – Handle and manage confrontation to your

advantage - better to focus on clarification “I am confused. You told me that you always got a

second signature on checks over $5,000. However, you told me you signed the check to Jeff Hardware, Inc. and mailed it. Am I missing something?”

Questioning the Subject

•  Go from broad to the specific.

•  Move from the indirect to the direct to elicit information.

•  Allow the subject to speak. The role of the interviewer is to observe, to guide, to steer, to collect, and most importantly, to listen.



Note Taking

•  Note taking tips: – Do not record the interviews

– Take accurate and complete notes, but do not distract the interviewee

– Try to avoid taking notes when the interviewee is talking about a sensitive subject

– Begin each interview on a clean page.

– Try to have a a separate person take notes while the interviewer asks the questions.

Note Taking

•  Identify the date, time, and place of the interview and all individuals present during the interview.

•  Obtain biographical data for the subject, including telephone numbers, position, title, etc.

•  Initial and date the notes.



Grade Your BS Detector

•  Defensive gestures

•  Shakiness

•  Unnatural gestures

•  Excessive swallowing

•  Adam’s apple movement

•  Increased eye contact

•  Reduced eye contact

•  Speech hesitations

•  Increases in vocal pitch

•  Speech errors

•  Longer response time

•  Postural shifts

•  Pupil dilation

•  Blinking

•  Less smiling

•  More smiling

•  Head movements

•  Hand shrugs

•  Self-touching

•  Fidgeting

Detecting a Liar

•  Lack emotion

•  Lack detail

•  Lack consistency

•  Lack cooperation

•  Lack / fewer hand movements

•  Look for changes in normal behavior

•  Listen for pauses

•  Look for micro-expressions



Controls Applicable to All

•  EXERCISE – Based on your view of internal controls, what controls apply to all processes regardless of type?

The foundation of our controls

home!

ANSWER

•  Segregation of Duties •  Physical and IT Access •  Review and Reconciliation Controls

(Management Oversight) – Balance Sheet Reconciliations –  JE Reviews

•  Tiered Approvals •  Pre-numbered documents •  Policies and Procedures



Other Controls

•  Code of Conduct

•  Hotline

•  Whistle-blower policy

•  Conflict of interest policy

•  Fiscal Policy

IDENTIFYING FRAUD SCHEMES



Categories of Fraud Risk

•  Misappropriation of Assets –  involve the theft or misuse of an organization’s assets. (Common

examples include skimming revenues, stealing inventory, and payroll fraud.)

•  Corruption –  fraudsters wrongfully use their influence in a business transaction in

order to procure some benefit for themselves or another person, contrary to their duty to their employer or the rights of another. (Common examples include accepting kickbacks and engaging in conflicts of interest.)

•  Fraudulent Financial Statements –  falsification of an organization’s financial statements. (Common

examples include overstating revenues and understating liabilities or expenses.)

Asset Misappropriation Scheme Scenario

• Payment to fictitious employees• Payment to terminated employees• Overpayment to existing employees• Theft of inventory items• Consistent shrinkage of items• Increased defective/warranty claims• Reimbursement for personal expenses• Use of card to circumvent competitive bid requirements

Larceny • Theft of materials, supplies, cashPurchasing • Using purchasing authority to purchase raw materials for

personal use.Procurement • Using procurement card for personal, exorbitant

purchases• Reimbursement for undocumented expenses• Reimbursement for luxury accommodations• Reimbursement for travel expenses of family members

Improper Payments • Payments to phantom vendors, shell companies

Reimbursement

Credit Cards

Inventory

Payroll



Corruption/FCPA Scheme Scenario

• Improper or early revenue recognition• Falsifying revenue• Earnings manipulation through reserves• Recording pending transactions as completed transactions

Overstating Assets Improper valuation of securities, inventory, fixed assets• Hiding losses in future reporting periods• Understating expense account balances• Reclassifying (capitalizing) expenses as assets• Improper valuation or manipulation of intercompany accounts

Improper Note Disclosure • Omission of contingencies or subsequent events

• Falsifying external documents to suppliers• Internal memorandums give misleading information• Publicly announced unsubstantiated information

Management Estimates • Manipulation of management estimates for receivables, goodwill or depreciation

Fictitious Revenue

Understating Liabilities and Expenses

Non-financial

Financial Statement Fraud Scheme Scenario

Fictitious Revenue • Improper or early revenue recognition

• Falsifying revenue

• Earnings manipulation through reserves

• Recording pending transactions as completed transactions

Overstating Assets • Improper valuation of securities, inventory, fixed assets

Understating Liabilities and Expenses

• Hiding losses in future reporting periods

• Understating expense account balances

• Reclassifying (capitalizing) expenses as assets

• Improper valuation or manipulation of intercompany accounts

Improper Note Disclosure • Omission of material contingencies or subsequent events

Non-financial

• Falsifying external documents to suppliers

• Internal memorandums give misleading information

• Publicly announced unsubstantiated information

Management Estimates

• Manipulation of management estimates for receivables, goodwill or depreciation



SPECIFIC AREAS AND FRAUD RISKS

ACCOUNTS PAYABLE/DISBURSEMENTS



Accounts Payable: Fraud Risks

•  Debit Balances

•  Large/Old balances

•  New Suppliers (review of process)

•  No payment date

•  Unrecorded liabilities

Purchasing Fraud

•  Duplicate : – Disbursement Amounts

–  Invoice numbers/dates

•  Fake Vendor in Vendor Database (Test for duplicate names and addresses, vendor & EE names/addresses same, PO Boxes)

•  Right at thresholds (refunds)



Disbursement Fraud Concepts

•  Most cash disbursement frauds employ common and simple methods

•  Cash disbursements fraud is recorded in the accounting system. –  Fraud is concealed in accounts with high volumes and high dollar

activity

•  Fraud perpetrators are unpredictable as to position and background and change over time with the internal control system (the chameleon effect)

•  It’s difficult to distinguish original documents from false original documents. The difference is that no goods or services were received for the false transactions.

Disbursement Fraud Concepts

•  The accounts payable function should never pay an invoice that has not been approved by the recipient of the goods and services

•  Pay from original source documents only •  Question vendor invoices that do not have a street

address or a vendor who is not listed in the telephone book

•  Make sure that all supporting documents are valid and represent actual purchases of good and services. Watch out for: –  Cut-and-paste documents (no detail shown for purchases

made), and –  Numerical sequencing of receipts or invoices used for

reimbursement purposes •  Identify documents that serve the same purpose as blank

checks (petty cash, travel vouchers, and time cards)



Fraud Risk - Other Disbursement Areas

•  Collusion between employee and vendor (difficult to detect)

•  Implement a policy on employee/vendor contacts (conflicts of interest) and use a “Holiday” letter as a reminder

•  Picking up assets versus a central delivery destination •  Review position of employee to see if purchases are an

act out of character (not the normal job) •  Invoices must include a description of the item

purchases (not just a part number) •  Obtain original receipts for purchases

ACCOUNTS PAYABLE/DISBURSEMENTS LEADING CONTROL PRACTICES



P-Cards

•  Number of authorized individuals need to be limited

•  Types of purchases needs to be limited

•  Authorization limits need to conform with Delegation of Authority (DOA) policy requirements

•  Purchase $ limits need to be set relatively low and/or combined with the Purchase Order (PO) process

•  Receipts and related documentation need to be monitored and maintained

•  Card statements must be regularly reconciled and reviewed

Cash Disbursements

•  Accounts payable clerks review vendor statements for old/unpaid invoices

•  Disbursements greater than specified amounts require additional approval

•  System matches purchase order, receiving report, and invoice (3-way match)

•  Vendor statements are reconciled to accounts payable detail



Cash Disbursement Controls •  Change/Create applications for purchase orders, as well as access to

blank purchase order stock, are limited to purchasing personnel. •  The purchasing manager must sign all purchase orders. •  The purchasing managers reviews the reporting of invoices processed

without purchase orders to ensure that only approved exceptions to the Company’s purchase order requirements are processed by A/P.

•  Correspondence with vendors during the vendor qualification process clearly identifies company policy stating the company will not be responsible for goods shipped and received without a valid purchase order approved by the purchasing manager.

•  Written procurement procedures identify competitive bidding requirements for various purchase thresholds.

•  Prior to approving purchase orders, the purchasing manager reviews vendor selection and pricing for reasonableness and review vendor selection support as considered necessary to ensure that required vendor selection procedures were appropriately followed.

Cash Disbursements - Controls

•  Responsibilities relating to Change/Create responsibilities for purchase orders, goods receipt notes, inventory, and accounts payable are segregated.

•  Goods are centrally received and timely recorded in the system.

•  System controls are in place to ensure that vendor invoices required to be supported by purchase orders may only be cleared to accounts payable by goods receipt notes entered on the system by authorized receiving personnel.

•  Access to Change/Create authorizations for goods receipt notes is limited to appropriate receiving department personnel.



Cash Disbursements - Controls

•  System controls are in place to ensure that vendor invoices required to be supported by purchase orders may only be cleared to accounts payable by goods receipt notes entered on the system by authorized receiving personnel.

•  Access to Change/Create authorizations for goods receipt notes is limited to appropriate receiving department personnel.

•  Physical inventory controls and controls over inventory adjustments are handled by individuals independent of the receiving function to ensure that potential inappropriate acknowledgement of goods receipt is timely detected and investigated.

Cash Disbursements Controls

•  Entry of invoices into the A/P ledger are supported by system three-way match controls that require invoices to be matched to purchase authorizations created by the purchasing department (ordered quantities and unit pricing) and receiving authorizations (received quantities) established by the receiving department. Exceptions to system match requirements (i.e.- for entry of utility bills etc.) are reported to the controller and purchasing manager for review.

•  Physical access to accounts payable files, receiving files, and purchase order files used in managing the A/P and procurement processes are restricted. Physical documentation where used evidences signature approval to support authenticity of such documents.



Cash Disbursements Controls

•  Entry of invoices into the A/P ledger are supported by system three-way match controls that require invoices to be matched to purchase authorizations created by the purchasing department (ordered quantities and unit pricing) and receiving authorizations (received quantities) established by the receiving department. Exceptions to system match requirements (i.e.- for entry of utility bills etc.) are reported to the controller and purchasing manager for review.

•  Physical access to accounts payable files, receiving files, and purchase order files used in managing the A/P and procurement processes are restricted. Physical documentation where used evidences signature approval to support authenticity of such documents.

Disbursements (SoD)

•  Separate: – Purchasing (vendor set up)

– Preparation of checks

– Approval of payment

– Recording

– Signatures

– Vendor inquiries



Payroll

Fraud Risk Factors - Payroll Concepts to Remember

•  Payroll = 50-80% of all expenditures

•  Every employee can falsify own payroll

•  Know that employee time cards are blank checks and can be falsified (after approval) – look for a straight line from source to approval to payroll

•  No one should approve their own time sheet



Payroll Fraud Schemes

•  Individuals receive more pay than authorized – fraud of choice - most common

•  Employees issue checks to themselves: –  For too much money –  For work not performed –  For unauthorized vacation buy-outs

•  The fraud can involve: –  Normal payroll –  Overtime –  Vacation and sick leave

•  Primary suspects: –  Payroll employees –  Department timekeeper

Fraud Risk - Payroll Concepts to Remember

•  Ensure employees are not paid more than authorized

•  Monitor mid-month payroll draws for compliance with the law and for end-of-month deductions

•  Monitor overtime, stand-by and call-back time for employees (who are the big winners?)



Fraud Risk - Payroll Concepts to Remember

•  Ensure sick and annual leave accruals agree with organizational policy (even if use it or lose it)

•  Determine if a comp time system is in place and used, ensuring maximum balances are not exceeded and buy-outs are appropriate

•  Ensure the payroll clerk is not paid more than authorized (high risk employee)

FRF - The Five Most Common Payroll Fraud Schemes

•  Ghost employees

•  Mid-month payroll draws not deducted from end-of-month payroll

•  Unauthorized employee pay

•  COBRA program abuses

•  Advance release of withheld funds



Payroll Leading Control Practices

Payroll

•  Commissions are reviewed by both supervisors and HR department

•  Monthly payroll activity is compared to previous periods

•  Paid time off is managed and reviewed by HR department

•  Supervisors review rate changes to the payroll master file (and access to the master is restricted)



Payroll – Hire/Termination

•  The hiring of new employees is authorized by management. •  Additions to the personnel and payroll master files represent valid

employees. •  All new employees are added to the personnel and payroll master

files. •  Terminated employees are removed from the personnel and

payroll master files. •  Deletions from the personnel and payroll master files represent

valid employee terminations. •  All additions and/or deletions from the personnel and payroll

master files are accurate. •  All additions and/or deletions from the personnel and payroll

master files are performed timely.

Payroll - Authorization

•  Establishment and/or modification of payroll rates, deductions, etc. are authorized by management.

•  Changes to payroll rates, deductions, etc. are input accurately and timely.

•  Only valid changes to payroll rates, deductions, etc. are input and processed.

•  All valid changes to payroll rates, deductions, etc. are input and processed.



Payroll – Preparation/Payment

•  Payroll (including compensation and withholdings) is accurately calculated and recorded.

•  Payroll is recorded in the appropriate period.

•  Payroll is disbursed to appropriate employees.

•  Unused payroll checks are secured and accounted for.

Payroll – Taxes

•  Payroll taxes are paid in accordance with statutory requirements.

•  Payroll tax returns are prepared accurately and completely in accordance with statutory requirements.

•  Payroll tax returns are prepared and filed timely. •  Payroll taxes are accurately calculated and

recorded. •  Payroll taxes are recorded in the appropriate

accounting period.



Payroll - SoD

•  Separate: – Time sheet & salary approval

– Check preparation

– Check distribution

– Recording

– Reconciliation

– Payroll & personnel functions

Summary

•  Use logic in fraud detection

•  Fraud detection/red flags should be integrated as part of every audit conducted

•  Be cognizant of your auditee’s behavior

•  Good controls -> Lack of opportunity



READING A POKER FACE: NON-VERBAL COMMUNICATION

•  55% of communication is non-verbal

•  Is it possible to communicate without words?

•  Studies show that over half of your message is carried through nonverbal elements: – Appearance

– Body language

– Tone of Voice

– Pace of Voice

Non-Verbal Communication



Language of Gestures

•  Body language and nonverbal communication are transmitted through the eyes, face, hands, arms, legs and posture (sitting and walking)

•  Each individual, isolated gesture is like a word in sentence; it is difficult and isolated dangerous to interpret in and of itself.

•  Therefore consider the gesture in the light of everything else that is going on around you.

The Eyes

•  Windows to the soul, excellent indicators of feelings •  Shifty eyes, beady eyes and look of steel demonstrate

awareness •  Honest person has a tendency to look you straight in the eye

when speaking •  People avoid eye contact with other person when an

uncomfortable question asked •  The raising of one eyebrow shows disbelief and two shows

surprise •  People are classified as right lookers and left lookers.

–  Right lookers are more influenced by logic and precision –  Left lookers are found to be more emotional, subjective

and suggestible



The Face

•  The face is one of the most reliable indicators of a persons attitudes, emotions & feelings

•  By analyzing facial expressions, interpersonal attitudes can be discerned and feedback obtained.

•  Some people try to hide their true emotions. The term Poker Face describes them.

•  Common facial gestures are: –  Frowns: unhappiness, anger –  Smiles: happiness –  Sneers: dislike, disgust –  Clenched jaws: tension, anger –  Pouting lips: sadness

The Hands

•  Tightly clenched hands usually indicate that the person is experiencing undue pressure –  It may be difficult to relate to this person because of his tension and

disagreement

•  Superiority and authority are usually indicated when you are standing and joining your hands behind your back

•  Rubbing gently behind or beside the ear with the index finger or rubbing the eye usually means the other person is uncertain about what you are saying

•  Cupping one or both hands over the mouth, especially when talking, may well indicate that the person is trying to hide something

•  Putting your hand to your cheek or stroking your chin generally portrays thinking, interest or consideration



•  Crossed arms tend to signal defensiveness. They seemingly act as a protective guard against an anticipated attack or a fixed position which the other person would rather not move

•  Conversely, arms open and extended toward you generally indicate openness and acceptance

•  Crossed legs tend to show disagreement •  People who tightly cross their legs seem to be saying that

they disagree with what you are saying or doing •  If people have tightly crossed legs and tightly crossed arms,

their inner attitude is usually one of extreme negativity toward what is going on around them – difficult to gain agreement

Arms & Legs

•  Certain combinations of gestures are especially reliable indicators of a persons true feelings. These combinations are called “clusters”

•  Each gesture is dependent on others, so analysis of a person’s body language is based on a series of signals to ensure that the body language clearly and accurately understood

•  All the individual gestures fit together to project a common, unified message

•  When they do not, this means a incongruity •  For example: A nervous laugh •  A laugh generally signal of relaxation. But if there are nervous

signals in body language that means the person is trying to escape from an unpleasent situation

Interpreting Gesture Clusters (GC)



Several gestures indicate openness and sincerity:

•  Open hands

•  Unbuttoned coat or collar

•  Leaning slightly forward in the chair

•  Removing coat or jacket

•  Uncrossing arms and legs

•  Moving closer

GC - Openness

People who are defensive usually have:

•  Rigidity

•  Arms or legs tightly crossed

•  Eyes glancing sideways or darting occasionally

•  Minimal eye contact

•  Lips pursed, fists clenched and downcast head

GC - Defensiveness



•  Evaluation gestures say that the other person is being thoughtful or is considering what you are saying - sometimes in a friendly way sometimes in an unfriendly way

•  Typical evaluation gestures include: – Tilted head

– Hand to cheek

– Leaning forward and

– Chin stroking

GC - Evaluation

•  Clearing throat

•  Covering the mouth with hand

•  Tapping fingers

•  Whistling

•  Jingling pocket change

•  Fidgeting

•  Twitching lips or face

•  Chain smoking

GC - Nervousness



GC - Boredom/Impatience These unproductive feelings are usually conveyed by:

•  Drumming of fingers

•  Cupping the head in the palm of the hand

•  Foot swinging

•  Looking at your watch or the exit

•  So can the direction a person's eyes reveal whether or not they are making a truthful statement? Short answer: sort of. –  It is not as simple as some recent television

shows or movies make it seem.

–  In these shows a detective will deduce a person is being untruthful simply because they looked to the left or right while making a statement.

Neuro Linguistic Eye Cues



Neuro Linguistic Eye Cues

Vc

Ac

F

Vr

Ar

Ai

Visually Constructed Up and to Their Right

Vc



Visually Remembered Up and to the Left

Vr

Ac

Auditory Constructed To Their Right



Auditory Remembered To Their Left

Ar

112

Feeling/Kinesthetic Down and to Their Right

F



Auditory Digital/Internal Dialog Down and to Their Left

Ai