© 2012 Financial Operations Networks LLC
Safeguarding Your Organization From Employee Theft,
Embezzlement & AP Fraud
Chris Doxey,CAPP, CCSA, CICA
• Has extensive experience in accounts payable, procurement, internal auditing, internal controls, Sarbanes-Oxley compliance, payroll, logistics, financial systems strategy, and financial integration at Digital, Compaq, Hewlett Packard, and MCI. She was recruited to assist MCI (formally WorldCom) recover from their internal control challenges. Chris has a bachelor's degree in English, a bachelor's in accounting, a master's in business administration, and a graduate certificate in project management.
• Chris has published two handbooks: AP Leadership Skills and Implementing a Controls Self Assessment Program for Your Account Payable Process
Agenda
About Fraud Types of Fraud that Impact AP
– External Fraud– Internal Fraud
Fraud Prevention Models– Control Self Assessments– Fraud Risk Assessments– Hotlines
Discussion/Q&A
The Fraud Problem
“Few people begin their careers with the goal of becoming liars, cheats, and thieves. Yet that turns out to be the destiny of all too many.”
– Joseph T. Wells, Founder and Chairman, Association of Certified Fraud Examiners
60% of all fraud is committed by insiders
– PricewaterhouseCoopers
Fraud: The Big Picture
According to major accounting firms, professional fraud examiners and law enforcement: Fraud costs the WORLD $1 TRILLION per year.
(5%) (ACFE) Business losses due to fraud increased 20% in
last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. (2010/2011 Global Fraud Report)
75% of the companies surveyed experienced at least one incident of fraud in the last 12 months (KPMG)
Fraud: The Big Picture (Cont’d.)
Average cost for each incident of fraud is $160K (ACFE)
Approximately 60% of corporate fraud committed by insiders (PwC)
What is Fraud?
ASSOCIATION OF CERTIFIED FRAUD EXAMINERS:“Any illegal acts characterized by deceit, concealment, or violation of trust.. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by individuals and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”
What is Fraud? (Cont’d.)
AICPA SAS NO. 99:“A broad legal concept that is distinguished from error depending on whether the action is intentional or unintentional.”
External Fraud
Main Types of External Fraud:1. Vendor/Supplier
– Billing schemes – double billing– Delivery of sub-standard goods at
full price– Phony vendors
2. Check and ACH Fraud3. Theft of confidential
information
Vendor Fraud
Vendor fraud occurs when:– Payments are made to “phony
vendors,” scam vendors, or shell companies
– Even current or prior employees can “act” as vendors
Introduction to Check Fraud
Causes $20 billion in losses every year (Nilson Report)
1.2 million fraudulent checks enter the financial systems every day (Abagnale Associates)
Check fraud is growing at 25% a year—much faster then ACH fraud (ABA)
Introduction to Check Fraud (Cont’d.)
New legal standards put extra risk on checking account holders
Moving target—new forms all the time
Check and ACH Fraud
Check Fraud occurs when checks are stolen, altered, or counterfeited
ACH Fraud occurs when an account is accessed for unauthorized ACH payments or debits
Information Based Threats
Main Threats: Theft of confidential information
(employee info; trade secrets, intellectual property)
System sabotage by hackers Account takeover Phishing
Information Based Threats (Cont’d.)
Phishing:To obtain confidential data about individuals—customers, clients, employees or vendors—that can be used to commit various types of identity fraud such as…
– Opening bank accounts in your name– Applying for loans in your name– Applying for credit cards in your name
Pressure
Excessive credit card debt
Uninsured medical expenses
Substance abuse or gambling addiction
Sudden life crisis--divorce, death of a spouse
Opportunity
Access to blank checks
Access to financial records
Ability to manipulate accounting records
Opportunity (Cont’d.)
Approached by a co-worker with access to company funds/assets/payroll systems, A/P, etc.
Rationalization
“I’m only borrowing the money”
“I’m entitled to the money”
“I had to do it to provide for my family”
Rationalization (Cont’d.)
“I’m underpaid/my employer cheated me”
“My bosses are dishonest so why shouldn’t I do what they’re doing?”
Common Types of Internal Fraud
Embezzlement Accounts Payable (A/P) Fraud P-Card Collusion with Vendors Accounts Receivable (A/R)
Fraud Cash theft/Skimming Billing schemes and kickbacks Check theft/forgery/tampering
Common Types of Internal Fraud (Cont’d.)
T&E Fraud Payroll schemes Theft of confidential information
T&E Fraud
What it is:Employees with authority to charge business-related expenses to the organization abuse the privilege by: Submitting expense reimbursement
claims twice Falsifying travel/entertainment-related
receipts for actual or fictitious expenses
T&E Fraud (Cont’d.)
“Over-purchasing” expenses: Booking business-class air travel, traveling coach and pocketing the reimbursed difference
T&E Fraud (Cont’d.)
What it is: Expense misclassification: Claiming
reimbursement for personal expenses while traveling
Fraudulent/unauthorized use of organization credit card for personal expenses
T&E Fraud (Cont’d.)
T&E Fraud Example:Book a trip, don’t take it but claim for it anyway Scenario: Jeff tells staff will be on business trip for one week, but is spotted by colleague walking his child to school
P-Card Fraud
How it works: Most frauds are committed by
outsiders according to AFP Insider P-Card fraud: Basic abuse by
making personal or other unauthorized purchases in a company with inadequate controls
Check Fraud/Tampering: Varieties
Check-Forging Schemes Check Theft/Interception and
Forged Endorsement Altered Payees Check Counterfeiting
Billing Schemes/Shell Companies
What it is: Manager or accounting/purchasing employee creates “shell company” – bogus entity and bank account in name and paper only. Fraudster generates bogus invoices from phony company, forges approval and has invoice submitted for payment. Checks go to phony company P.O. box which fraudster controls
Conflict of Interest
What it is:Situations where senior managers/executives abuse their authority by using their direct or indirect financial relationships with outside entities to award those contracts from their employer or similar benefits in conflict with the organization’s procurement policies.
Conflict of Interest: Case Study
Brenda Belton, used her position as Executive Director of the District of Columbia School's Office of Charter School Oversight to divert money belonging to the District of Columbia to numerous bank accounts that she controlled…and to friends. How: 1) Submitted $200K in invoices from school services company controlled by friends of hers, indicating that the funds were for monitoring the quality of DC schools. Payments were deposited in her own “business” bank account AND personal accounts.2) Awarded seven no-bid school service contracts worth over $400,000 to her own friends who in return paid Belton over $180,000 in kickbacks.
Kickback Schemes
What it is: Similar to billing/AP fraud: Accounting or purchasing
employeecolludes with dishonest vendor: Allows vendor to... Submit inflated invoices Bill full price for low-quality goods Get orders without competitive bidding In all cases, vendor “kicks back” portion of ill-gotten
gains THIS CRIME IS EXTREMELYWIDESPREAD IN HEALTHCARE
Hotlines: Statistical Overview
Source: 2010 Report to the Nations on Occupational Fraud and Abuse, Association of Certified Fraud
Examiners
Hotlines: Statistical Overview (Cont’d.)
In 67% of the cases where there was an anonymous tip, that tip
was reported through an organization’s fraud hotline.
Lesson: Hotlines are an effective way to encourage tips from
employees who might otherwise report misconduct
Source: 2010 Report to the Nations on Occupational Fraud and Abuse, Association of Certified Fraud Examiners
What Can Go Wrong?
SignificantAccounts
SignificantAccounts
ManagementAssertions
ManagementAssertions
??
What CanGo Wrong?
ControlsControlsSignificantProcessesSignificantProcesses
Evaluate/Monitor
Inherent andKey Business
Risks
2003
Balance
Sheet
2003
Balance
Sheet
2003
Balance
Sheet
FinancialStatements
Sarbanes-Oxley Act Section 404 Internal Controls Evaluation
Management
Report on
Internal
Control
Management
Report on
Internal
Control
Report
Financial
Implications
Process
Implications
Accounts Selected Based Upon:• Errors of importance*• Size and composition• Susceptibility to manipulation or loss• High transaction volume• Transaction complexity• Subjectivity in determining account balance• Nature of the account
Financial Statement Assertions:
• Existence (B/S) or Occurrence (I/S)
• Completeness• Valuation (B/S) or
Measurement (I/S)• Rights and Obligations (B/S)
Types:
• Flows of transactions• Routine• Non-Routine• Estimation
• IT processes• Business processes• Financial Statement Close
Process (Presentation and Disclosure assertion)
For Each Assertion Ask:
• Where are the points in the flow of transactions where errors can occur?
• Example: Accounts: Cash or PayablesProcess: DisbursementsAssertion: ValuationWhat are the manual and programmed procedures to ensure that the amount of a check or transfer agrees with the amount approved for payment?
Factors in Evaluation:
• Competence, integrity of personnel performing control; degree of supervision; extent of employee turnover
• Potential for mgmt override• Lack of segregation of duties,
including within computer applications
• Effect of changes in controls• Other specific risks
Detect: Monitors for errors
Prevent: Prevents an error
Who Performs?
Programmed Control?
• Identify processing system
Disclosure
Overview of Fraud Risk Assessment Steps
1.Identify key high-level business processes
2.Fraud team brainstorming3.Group the fraud risks, scenarios
and schemes4.Choose the high level fraud risks
in key processes to further analyze
5.Conduct the detailed fraud risk assessment
Internal Controls – Do’s
Update internal control programs if there has been a:– Management Change– Significant Process Change– Implementation of a Shared Service Center– Offshoring or Outsourcing a Process– Merger or Acquisition– System Implementation– Identification of a Risk– Audit Finding– Fraudulent Activity
Internal Controls – Don’ts
Don’t just go through the motions Don’t sign off on results without asking
questions Don’t start a controls initiative without
a sponsor Don’t use a controls initiative to assign
blame – focus on results Don’t let controls become stagnant Don’t get bogged down by the number
of controls – focus on key controls
Top Ten Generic Controls to Detect and Prevent Fraud
Establish segregation of duties Reconcile bank accounts every month Restrict credit card usage Provide Board with oversight of operations
and management Prepare written fiscal policies and procedures Ensure that assets such as vehicles, cell
phones, equipment, and other agency resources are used only for official business
Protect petty cash funds and other cash funds
Top Ten Generic Controls to Detect and Prevent Fraud (Cont’d.)
Protect checks against fraudulent use
Protect cash and check collections Avoid or discourage related party
transactions
If You Uncover or Suspect Fraud…
1. Do not take action yourself
2. Speak with your manager and/or the next highest level of authority
3. Involve Internal Audit and/or Corporate Security
4. Do not tell anyone else about your suspicions
5. Do not confront the employee
© 2012 Financial Operations Networks LLC
Thank You!
The Accounts Payable Network2100 RiverEdge Parkway, Suite 1010Atlanta, GA 30328Contact: [email protected] 770-984-1184www.TheAPNetwork.com
For further information on this topic, contact