Fraud Audi)ng Basics [email protected](C) GoldCal LLC 2015 1 Fraud Auditing Basics Danny M. Goldberg, Founder Course Objectives • Detailed analysis of controls and processes • Understanding of key fraud risks • Understanding of best practices and segregation of duties • Understanding of key audit risks • Inter-linkage between manual, IT and spreadsheet controls
57
Embed
GOLDSRD Fraud Auditing Basics Feb 2015 4 Hours · Fraud Auditing Basics Danny M. Goldberg, Founder Course Objectives ... – Understand the fraud risks – Recognize red flags –
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
1. What % of its revenue does the typical organization loose to fraud each year?
2. How many months does a fraud usually last before being reported?
3. What is the most common type of occupational fraud? 4. Three industries most common victimized by fraud are: 5. How many prior offenses have occupational fraudsters
often committed? 6. Do the higher fraud losses tend to be committed by
fraudsters with low or high tenure with an organization? 7. What departments do most fraudster’s work in?
• What % of its revenue does the typical organization loose to fraud each year? – (Answer – 5%)
• How many months does a fraud usually last before being reported? – (Answer – 18 months)
• What is the most common type of occupational fraud? – (Answer – asset misappropriation)
• Source – Report to the Nations on Occupational Fraud and Abuse – 2012 Global Fraud Study, Association of Certified Fraud Examiners
Fraud Quiz Answers – Page 2 of 2
• Three industries most common victimized by fraud are: – (Answer – banking & financial services, government & public administration,
and manufacturing)
• How many prior offenses have occupational fraudsters often committed? – (Answer – None! Most are first offenders with clean histories)
• Do the higher fraud losses tend to be committed by fraudsters with low or high tenure with an organization? – (Answer – the higher the fraud loss – median of $229,000 are committed
by fraudsters with more than 10 years. Those during the first year on the job committed a median of $25,000)
• What departments do most fraudster’s work in? – (Answer – accounting, operations, sales, executive/upper mgmt., customer
• Older (30+ years) • 55% male, 45% female • An appearance of a stable family situation • Above average (postgraduate) education. • Less likely to have a criminal record. • Good psychological health. • Position of trust. • Detailed knowledge of accounting systems
and their weaknesses. • Prior accounting experience.
The Definition of Fraud
“… any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”
• According to Statements on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, management is responsible for
– Designing and implementing systems and procedures for the prevention and detection of fraud
– Along with the board of directors, for ensuring a culture and environment that promotes honesty and ethical behavior
Truth - Responsibility
Standard 1210.A2: The internal auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. • According to IIA’s IPPF, Internal Auditors must:
– Understand the fraud risks – Recognize red flags – Design and conduct tests – Report known or suspected fraud
Pressure • The more incentive, the easier it is to justify • Financial or personal problems, financial
pressure, mental instability
The Fraud Triangle What to look for… • Consistent inventory adjustments for defective items or
shrinkage • Compensation tied to operating results • Consistently meet/exceed analyst expectations • Operations in countries with history of bribery • Related party transactions • Material or frequent adjusting entries • Missing, altered, late documents • Lackadaisical oversight combined with friendly employee
• Independent • Almost all work alone • Never take vacation • Knows everything • Work long hours
– To work early/leave late
Ø We trust employees too much (blind trust) Ø Must use trust but verify concept (monitoring)
What is an “At Risk” Employee?
• Employee work habits (1) Come to work early or leave late (2) Works nights and weekends (3) Seldom missing for leave or vacation (4) Reports to office during brief absences (5) Ask others to hold work while gone (6) Knows too much (7) Too helpful or too involved
• Weak links in chain of controls and accountability
• Missing independent checks on performance
• Weak management style
• Poor system design
• Inadequate training
How to Minimize Fraud Risk
• Adhere to policies/procedures (especially documentation and authorization)
• Identify and understand of key controls and fraud areas
• Ensure physical security over assets • Provide proper training to employees • Independently review and monitor tasks • Review segregation of duties • Ensure clear lines of authority
How to Minimize Fraud Risk • Rotate duties in positions susceptible to fraud • Ensure employees take regular vacations • Schedule regular independent audits of areas susceptible to
fraud • Ensure background checks including criminal and credit for
all employees • Make sure internal controls are followed • Ask for documentation • Ensure that one person does not have total responsibility for
a process • Evaluate performance regularly • Report suspicious activity
• Misappropriation of Assets – involve the theft or misuse of an organization’s assets. (Common
examples include skimming revenues, stealing inventory, and payroll fraud.)
• Corruption – fraudsters wrongfully use their influence in a business transaction in
order to procure some benefit for themselves or another person, contrary to their duty to their employer or the rights of another. (Common examples include accepting kickbacks and engaging in conflicts of interest.)
• Fraudulent Financial Statements – falsification of an organization’s financial statements. (Common
examples include overstating revenues and understating liabilities or expenses.)
Asset Misappropriation Scheme Scenario
• Payment to fictitious employees• Payment to terminated employees• Overpayment to existing employees• Theft of inventory items• Consistent shrinkage of items• Increased defective/warranty claims• Reimbursement for personal expenses• Use of card to circumvent competitive bid requirements
Larceny • Theft of materials, supplies, cashPurchasing • Using purchasing authority to purchase raw materials for
personal use.Procurement • Using procurement card for personal, exorbitant
purchases• Reimbursement for undocumented expenses• Reimbursement for luxury accommodations• Reimbursement for travel expenses of family members
Improper Payments • Payments to phantom vendors, shell companies
• Improper or early revenue recognition• Falsifying revenue• Earnings manipulation through reserves• Recording pending transactions as completed transactions
Overstating Assets Improper valuation of securities, inventory, fixed assets• Hiding losses in future reporting periods• Understating expense account balances• Reclassifying (capitalizing) expenses as assets• Improper valuation or manipulation of intercompany accounts
Improper Note Disclosure • Omission of contingencies or subsequent events
• Falsifying external documents to suppliers• Internal memorandums give misleading information• Publicly announced unsubstantiated information
Management Estimates • Manipulation of management estimates for receivables, goodwill or depreciation
Fictitious Revenue
Understating Liabilities and Expenses
Non-financial
Financial Statement Fraud Scheme Scenario
Fictitious Revenue • Improper or early revenue recognition
• Falsifying revenue
• Earnings manipulation through reserves
• Recording pending transactions as completed transactions
Overstating Assets • Improper valuation of securities, inventory, fixed assets
Understating Liabilities and Expenses
• Hiding losses in future reporting periods
• Understating expense account balances
• Reclassifying (capitalizing) expenses as assets
• Improper valuation or manipulation of intercompany accounts
Improper Note Disclosure • Omission of material contingencies or subsequent events
Non-financial
• Falsifying external documents to suppliers
• Internal memorandums give misleading information
• Publicly announced unsubstantiated information
Management Estimates
• Manipulation of management estimates for receivables, goodwill or depreciation
• Most cash disbursement frauds employ common and simple methods
• Cash disbursements fraud is recorded in the accounting system. – Fraud is concealed in accounts with high volumes and high dollar
activity
• Fraud perpetrators are unpredictable as to position and background and change over time with the internal control system (the chameleon effect)
• It’s difficult to distinguish original documents from false original documents. The difference is that no goods or services were received for the false transactions.
Disbursement Fraud Concepts
• The accounts payable function should never pay an invoice that has not been approved by the recipient of the goods and services
• Pay from original source documents only • Question vendor invoices that do not have a street
address or a vendor who is not listed in the telephone book
• Make sure that all supporting documents are valid and represent actual purchases of good and services. Watch out for: – Cut-and-paste documents (no detail shown for purchases
made), and – Numerical sequencing of receipts or invoices used for
reimbursement purposes • Identify documents that serve the same purpose as blank
checks (petty cash, travel vouchers, and time cards)
Cash Disbursement Controls • Change/Create applications for purchase orders, as well as access to
blank purchase order stock, are limited to purchasing personnel. • The purchasing manager must sign all purchase orders. • The purchasing managers reviews the reporting of invoices processed
without purchase orders to ensure that only approved exceptions to the Company’s purchase order requirements are processed by A/P.
• Correspondence with vendors during the vendor qualification process clearly identifies company policy stating the company will not be responsible for goods shipped and received without a valid purchase order approved by the purchasing manager.
• Written procurement procedures identify competitive bidding requirements for various purchase thresholds.
• Prior to approving purchase orders, the purchasing manager reviews vendor selection and pricing for reasonableness and review vendor selection support as considered necessary to ensure that required vendor selection procedures were appropriately followed.
Cash Disbursements - Controls
• Responsibilities relating to Change/Create responsibilities for purchase orders, goods receipt notes, inventory, and accounts payable are segregated.
• Goods are centrally received and timely recorded in the system.
• System controls are in place to ensure that vendor invoices required to be supported by purchase orders may only be cleared to accounts payable by goods receipt notes entered on the system by authorized receiving personnel.
• Access to Change/Create authorizations for goods receipt notes is limited to appropriate receiving department personnel.
• System controls are in place to ensure that vendor invoices required to be supported by purchase orders may only be cleared to accounts payable by goods receipt notes entered on the system by authorized receiving personnel.
• Access to Change/Create authorizations for goods receipt notes is limited to appropriate receiving department personnel.
• Physical inventory controls and controls over inventory adjustments are handled by individuals independent of the receiving function to ensure that potential inappropriate acknowledgement of goods receipt is timely detected and investigated.
Cash Disbursements Controls
• Entry of invoices into the A/P ledger are supported by system three-way match controls that require invoices to be matched to purchase authorizations created by the purchasing department (ordered quantities and unit pricing) and receiving authorizations (received quantities) established by the receiving department. Exceptions to system match requirements (i.e.- for entry of utility bills etc.) are reported to the controller and purchasing manager for review.
• Physical access to accounts payable files, receiving files, and purchase order files used in managing the A/P and procurement processes are restricted. Physical documentation where used evidences signature approval to support authenticity of such documents.
• Entry of invoices into the A/P ledger are supported by system three-way match controls that require invoices to be matched to purchase authorizations created by the purchasing department (ordered quantities and unit pricing) and receiving authorizations (received quantities) established by the receiving department. Exceptions to system match requirements (i.e.- for entry of utility bills etc.) are reported to the controller and purchasing manager for review.
• Physical access to accounts payable files, receiving files, and purchase order files used in managing the A/P and procurement processes are restricted. Physical documentation where used evidences signature approval to support authenticity of such documents.
• Tightly clenched hands usually indicate that the person is experiencing undue pressure – It may be difficult to relate to this person because of his tension and
disagreement
• Superiority and authority are usually indicated when you are standing and joining your hands behind your back
• Rubbing gently behind or beside the ear with the index finger or rubbing the eye usually means the other person is uncertain about what you are saying
• Cupping one or both hands over the mouth, especially when talking, may well indicate that the person is trying to hide something
• Putting your hand to your cheek or stroking your chin generally portrays thinking, interest or consideration
• Crossed arms tend to signal defensiveness. They seemingly act as a protective guard against an anticipated attack or a fixed position which the other person would rather not move
• Conversely, arms open and extended toward you generally indicate openness and acceptance
• Crossed legs tend to show disagreement • People who tightly cross their legs seem to be saying that
they disagree with what you are saying or doing • If people have tightly crossed legs and tightly crossed arms,
their inner attitude is usually one of extreme negativity toward what is going on around them – difficult to gain agreement
Arms & Legs
• Certain combinations of gestures are especially reliable indicators of a persons true feelings. These combinations are called “clusters”
• Each gesture is dependent on others, so analysis of a person’s body language is based on a series of signals to ensure that the body language clearly and accurately understood
• All the individual gestures fit together to project a common, unified message
• When they do not, this means a incongruity • For example: A nervous laugh • A laugh generally signal of relaxation. But if there are nervous
signals in body language that means the person is trying to escape from an unpleasent situation
• Evaluation gestures say that the other person is being thoughtful or is considering what you are saying - sometimes in a friendly way sometimes in an unfriendly way
• Typical evaluation gestures include: – Tilted head
GC - Boredom/Impatience These unproductive feelings are usually conveyed by:
• Drumming of fingers
• Cupping the head in the palm of the hand
• Foot swinging
• Looking at your watch or the exit
• So can the direction a person's eyes reveal whether or not they are making a truthful statement? Short answer: sort of. – It is not as simple as some recent television
shows or movies make it seem.
– In these shows a detective will deduce a person is being untruthful simply because they looked to the left or right while making a statement.