Q1-2016 PUBLIC SECTOR ADVISORY BRIEFING FRAUD PREVENTION, DETECTION AND RISK MANAGEMENT March 2016 Ron Steinkamp Partner, Advisory Services Brown Smith Wallace LLC 314.983.1238 [email protected]6 City Place Drive, Suite 900 St. Louis, Missouri 63141
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Q1-2016 PUBLIC SECTOR ADVISORY BRIEFING
FRAUD PREVENTION, DETECTION AND RISK MANAGEMENT
March 2016
Ron SteinkampPartner, Advisory ServicesBrown Smith Wallace [email protected] City Place Drive, Suite 900St. Louis, Missouri 63141
• Typical organization loses 5% of annual revenue to fraud – applied to 2013 Gross World Product translates to potential fraud loss of more than $3.7 trillion annually
• Median loss in the study was $145,000 with more than 22% of the cases involving losses over $1 million
• Fraud lasted a median of 18 months
• Asset misappropriation schemes (fraudulent disbursements, theft of cash receipts, other asset misappropriations) were the most common form of fraud, representing 85% of the cases and least costly at a median loss of $130,000
• Financial statement fraud schemes were the least common form of fraud, representing 9% of the cases and most costly at a median loss at $1 million
• 77% of frauds were committed by individuals in one of six departments:• Accounting/Finance• Operations• Sales• Executive/upper management• Customer service• Purchasing
• More than 85% of fraudsters had never been previously charged or convicted for a fraud-related offense
• Fraud perpetrators often display warning signs – most common behavioral red flag reported in the survey were perpetrators living beyond their means (36%) and experiencing financial difficulty (27%)
• Nearly half of victim organizations do not recover any losses that they suffer due to fraud
Employee’s use of influence in business transactions in a way that violates duty to the employer for the purpose of obtaining benefit for self or someone else.
• 37% of cases reported
• Median loss of $200,000
• Median duration – 18 months
• Most common area – Purchasing
• Employees acting alone or in collusion with vendors/contractors
• Kickbacks Bribery - Improper, undisclosed payments made to obtain favorable treatment. Diverting Business - Employee receives kickback for directing business to a
vendor. Overbilling - Vendor submits false invoices that either overstate the cost of
goods/services or reflect fictitious sales. Employee approves and receives kickback.
Other - External party seeks fraudulent assistance from employees of victim organization.
• Economic Extortion - Employee, through the wrongful use of actual or threatened force or fear, demands money or other form of consideration to make a particular business decision.
• Illegal Gratuities - Giving or receiving something of value to reward a business decision.
• Conflicts of Interest - Employee/agent has an undisclosed personal or economic interest in a matter that influences decisions and undermines their responsibility to their organization.
• Conduct an annual fraud risk assessment.– Assists management in identifying where and how fraud may
occur and who may be in a position to commit fraud.
– Focus on fraud schemes and scenarios to determine the presence of internal controls and whether or not the controls can be circumvented.
– General steps:• Identify areas and processes to assess• Identify potential fraud schemes in each area/process• Assess likelihood and significance of each scheme• Map existing anti-fraud controls to potential fraud schemes• Test operating effectiveness of antifraud controls• Identify any control gaps and/or deficiencies = Residual risks• Document and report on the fraud risk assessment
OCCUPATIONAL FRAUD RISK Potential Occupational Fraud Schemes DEPT A DEPT B DEPT C DEPT E DEPT F DEPT G DEPT H DEPT IAsset Misappropriation - Theft of Cash on Hand. High High Low Low Low High Moderate Low
Asset Misappropriation - Skimming (Receipts stolen before recording in books - sales, receivables, refunds/credits).
High High Low Low Low High Low Low
Asset Misappropriation - Cash Larceny (Receipts stolen after recording in books). High High Low Low Low High Low Low
Asset Misappropriation - Check Tampering (Intercept, forge or alter a check drawn on the organization's bank account.).
Low Low Low Low Low Low Low Low
Asset Misappropriation - Cash Register Disbursements (False entries on cash register to conceal the fraudulent removal of cash).
High High Low Low Low High Low Low
Asset Misappropriation - Purchasing/Billing (Invoices for fictitious goods or services, inflated invoices or invoices for personal purchases).
• Utilize electronic payments• Properly secure unused checks and equipment• Utilize security features on checks• Prohibit hand written checks• Require two signatures on checks over a certain amount• Segregate check preparation from signing• Immediately mail checks after signing• Establish positive pay controls with the bank• Complete independent bank reconciliations timely• Review checks issued to employees for irregularities• Segregate vendor approval from disbursement responsibilities• Perform periodic vendor master file maintenance and review for
• Segregate purchasing from accounting and receiving departments• Require management approval of purchase requisitions/orders• Maintain a master vendor file• Require competitive bids• 3 way match by accounting of vendor invoice, receiving report and purchase
order• Periodically review master vendor file for unusual vendors and addresses• Implement automated controls to check for duplicate invoices and purchase
orders• Verify vendors with post office boxes• Review voucher payments for proper documentation
• Asset policy and procedure manual• Tag assets• Maintain asset, supply and inventory records• Conduct independent periodic inventories of assets, supplies and
inventories• Reconcile the physical inventory to asset, supply and inventory records• Properly secure and safeguard assets, supplies and inventories• Implement an asset, supply and inventory removal policy• Store high value items in secure and continuously monitored areas• Secure organization, employee and customer data• Maintain secure information systems• Protect intellectual property, trade secrets, etc.
• Maintain personnel records independent of payroll and timekeeping• Utilize electronic payroll deposit• Periodically review employee payroll list• Review paid time off for compliance with policy• Periodically compare payroll with personnel records• Issue pre-numbered payroll checks in sequential order• Payroll bank account reconciled by employee not involved in preparing,
signing or distributing checks• Restrict access to payroll check stock and signature stamp• Periodically review payroll withholdings• Periodically review automatic payroll deposits for duplicates• Require salary changes require more than one level of approval• Require supervisor authorization of overtime• Require supervisors review and approve time
• Periodic analytical review of revenue• Periodic review of accounts receivable for write-offs• Periodic review of cash accounts for irregular entries• Segregate receipt of cash and checks from deposit and recording functions• Restrict cashier from accounts receivable and customer records• Immediately restrictively endorse all checks when received• Utilize a lockbox service for cash receipts• Maintain a safe with restricted access• Utilize cameras in cashier areas• Deposit cash and checks daily• Issue receipts for all transactions• Bond employees who handle cash
• Expense reimbursement policy• Require detailed expense reports• Supervisory review and approval of expense reimbursement claims• Place limits on expenses• Require original and detailed receipts• Detailed review of expense reimbursement claims• Credit/Procurement card policy with limits• Safeguards credit/procurement cards• Receive and review monthly automated statements from credit/procurement
card companies• Require and review monthly detailed credit/procurement card reports from
employees• Reconcile credit card statement to employee report
• Management approval for refunds, voids, discounts• Review refunds, voids and discounts on a periodic basis• Require receipts to customers – post sign• Record disbursements out of the register and independently reconcile• Investigate missing or altered register tapes• Daily reconciliation of cash register drawer by independent person• Investigate over and short incidents
• Conflict of interest policy• Policy addressing employee receipt of gifts, discounts, and services offered
by suppliers and customers• Established procurement/bidding process• Pre-Bid solicitation documents reviewed for restrictions on competition• Bid solicitation packages numbered and controlled• All bids kept confidential• Bidder qualifications verified• Contracts awarded based on predetermined criteria and documentation of
criteria assessment and award decision maintained• Periodic review of purchases for:
• Proper segregation of duties in purchasing and accounts payable as well as sales and accounts receivable
• Purchasing account assignments rotated• Periodic comparison of vendor information with employee information• Vendors who employ former employees under increased scrutiny• Reporting procedure for personnel and other vendors to report concerns
about vendors receiving favored treatment• All employees required to complete annual disclosure document that
includes potential conflicts resulting from business ownership and investment
• Audit clause in each contract allowing Internal Audit access to audit contract records and documentation related to contract compliance and performance
• Periodic contract audits conducted by Internal Audit