1 / 170

Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA

2011 Internal Controls for Business. How To Recognize and Mitigate Fraud and Loss. Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA. What about Randy?. Top rated speaker for over 25 years

ferris
Download Presentation

Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2011 Internal Controls for Business. How To Recognize and Mitigate Fraud and Loss Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA

  2. What about Randy? • Top rated speaker for over 25 years • 2004, 2005, 2006, 2007, 2008, 2009, 2010 Accounting Today 100 Most Influential in Accounting for seven years • 30+ years of technology experience • Author of articles on Technology including a monthly column in CPATechnology Advisor • Published author of five books • From Hutchinson, KS • randy@k2e.com or randyj@nmgi.com • 620-664-6000 x 112

  3. What about NMGI? • CRN top 100 emerging technology company nationally – MSPMentor top 100 company • NetStore – Internet backup and off-site data storage • NetRescue – Business continuity appliance for servers, desktops and virtual machines • NetCare -  Remote Managed services - (Maintenance, Remediation & Alerting) • NetSecure – Firewall management and Content Filtering • Technology and Business Continuity consulting • CPA Firm Technology Assessments • Paperless • Accounting Software Selection • Cloud Services • Server and desktop hosting • Private label hosted Exchange and SharePoint Services • Hosted VOIP phone installation • Traditional and virtual server installation • Microsoft Gold / Hewlett Packard Elite/ SonicWALL Gold (vendor certified)

  4. What about NMGI? • CRN top 100 technology company • MSPMentor top 100 company • Announced June 7, 2010 the general availability of national CPA support services • NetCare and NetHosting – Managed and Cloud services • NetRescue and NetStore – Backup Appliances and web-based backup • nPEN – Secure email, HR– Business and personal goal achievement and management track training, BC/DR – Full documentation and backup services

  5. Session Highlights • Discuss why internal controls are necessary for business success and give examples of common controls. • Understand how everyday fraud affects you and your business. • Understand typical business control deficiencies and their impact • Discuss how to • Design effective internal control systems • Implement and monitor internal control systems • the importance of owner/manager controls • Develop effective computer system controls

  6. Supplemental Materials • Fraud Schemes • Practical Approaches to Relevant Professional and Statutory Requirements • Analytical Procedures as a Fraud Detection and Loss Tool • Benford’sLaw

  7. How poor Internal Controls Impact Your Business

  8. The Ugly Truth • Most Small (SMB) to Medium (SME) Businesses do not have written Internal Control Procedures and Policy Guidelines. • Those that have written Policy and Procedures, don’t follow them. • Those that have them – don’t periodically review the policy, or monitor its effectiveness.

  9. What Are Internal Controls? • Define the Objective • Create controls to help you reach your objective. • Some objectives will require multiple controls. • Some controls will satisfy more than one objective. • The Policy and Procedures MUST be in writing!

  10. If its not in writing it does not exist, if it has not been tested, it has no value!A Simple Mantra

  11. Ten Simple to Implement Controls • Approve (sign where appropriate) all expenditures yourself. If your travel schedule and work processes permit, this single step will saves you thousands. Don’t make excuses! • If you can't always personally approve expenditures, authorize ONE other person in addition to yourself. You can be the backup signer if he or she is unavailable. If someone else must have signature authority, make sure that person is someone different from the person who writes the checks and has access to the check stock. In this scenario, you should always have after-the-fact review and final sign-off. • Keep check stock under lock and key where applicable. Where electronic banking is done, protect passwords and account access to limit theft.

  12. Ten Simple to Implement Controls • Approve Invoices yourself. This is a quick and easy process. Again, if someone else must approve invoices, make sure that person is different from the person writing or signing checks, and institute an after-the-fact review. • Have ALL financial statements (bank, credit card, broker statements, etc.) mailed to your home if possible, instead of the office. If you do not want mailed to your home – the policy should state they go to you unopened, and you open! This one is big. Open the envelope and review items, vendors and signatures. Initial next to the final total, indicating your review. Even if you only spend 10 seconds on this process you are sending a valuable message. • Where possible, divide up processes for handling receipts and payments. For example, different people should approve invoices, prepare checks, sign checks and reconcile the checking account. Likewise, different people should be handling incoming cash and checks, posting payments, making deposits and reconciling the checking account. We will discuss segregation of duties later in more detail.

  13. Ten Simple to Implement Controls • If you take credit cards, the easiest fraud opportunity is for a person with access to the merchant account to give small credits to a card of their own or an accomplice's. Have your detailed merchant account statements reviewed by someone other than the person who enters the transactions, and watch for credits. • Do background checks on all new employees. People with credit problems will be a problem for you, as financial pressures drive desperate behavior. If they can't manage their own money, do you want them managing yours? • As a minimum review a few key reports at least monthly for irregularities; Credit Memo Report New Vendor and Customer Report Change of Address Report Inventory On Hand, Back Order Report, Inventory Write Off Audit Trail Report • Create a Whistleblower Policy. Encourage employees to be more aware of illegal, or inappropriate actions. Help them to understand that the activities of other employees directly affects their compensation as well.

  14. It Can’t Happen to Me!Common small business owner statement. • “I only hire honest people.” • Half of all theft occurs inside your business! • Thousands of dollars are lost annually due to simple negligence, poor employee training, lack of specific written guidelines. • Fraud happens to the other guy. • What is Fraud in America like today?

  15. Fraud In America Today • KPMG International:…the prevalence of misconduct remains high, driven by pressures, inadequate resources and job uncertainty in a volatile economic climate. …roughly half of respondents report that what they are observing could cause “a significant loss of public trust if discovered.” “2008-2009 Integrity Survey”, KPMG, http://us.kpmg.com/RutUS_prod/Documents/8/IntegritySuvey08_09.pdf

  16. Fraud Happens To Everyone! • KPMG International:Organizations are reporting a rise in fraud, responding with expanded fraud measures both reactive and preemptive, and planning further actions for the future.

  17. Fraud Happens To Everyone! • Several studies over the years show that more than 50% of all fraud and theft occur inside your business by employees or those working beside you.

  18. Fraud Happens To Everyone! • Many are surprised to find out that most fraud is perpetrated by well-educated males in senior executive positions (61%), and is affected by conditions within the organization, beginning at the top, and filtering down. Joel B. Charkatz, CPA, CVA, CFE Employment and Labor Update

  19. Fraud In America Today • 2010 Report to the Nation, published by the Association of Certified Fraud Examiners. This Report is based on data compiled from a study of 1,843 cases of occupational fraud that occurred worldwide between January 2008 and December 2009. • Available on-line, www.acfe.org

  20. Summary Findings of This Report Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this figure translates to a potential total fraud loss of more than $2.9 trillion.

  21. Summary Findings of This Report • The median loss caused by the occupational fraud cases was $160,000 for 2009. • Nearly one-quarter of the frauds involved losses of at least $1 million. • For 2009, there were more very large frauds, which may eschew the number slightly upward.

  22. Summary Findings of This Report The frauds lasted a median of 18 months before being detected. This finding has remained unchanged for several years. * Where there is collusion the fraud scheme does not last as long, but the losses are much higher.

  23. Summary Findings of This Report • Asset misappropriation schemes were the most common form of fraud by a wide margin, representing 90% of cases. • Asset misappropriation was also, according to the study, the least costly with a median loss of $135,000.

  24. Summary Findings of This Report Financial Statement Fraud schemes were on the opposite end of the spectrum in both regards: • These cases made up less than 5% of the frauds, but caused a median loss of more than $4 million — by far the most costly category. • Corruption schemes fell in the middle, comprising just under one-third of cases and causing a median loss of $250,000.

  25. Summary Findings of This Report • Occupational frauds are much more likely to be detected by tip than by any other means. This finding has been consistent since 2002. • This may also be the reason that more fraud advisors recommend a whistleblower line or similar procedures to encourage employees to tip off others where they see fraud or theft occurring.

  26. Summary Findings of This Report Small organizations fall victim to occupational fraud much more often. • These organizations are typically lacking in internal controls compared to their larger counterparts, which makes them particularly vulnerable to fraud. • Most small businesses lack even basic Internal Control procedures or the willingness to implement and enforce them. • Naivety runs rampant in small business when it comes to the possibility of employees stealing from the business.

  27. Summary Findings of This Report The industries most commonly victimized, according to the study, were: • Banking/Financial services, • Manufacturing, • and Government/Public Administration sectors. • Includes Not for Profit Groups.

  28. Summary Findings of This Report • Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. • One of the principal recommendations from this year’s report was the need to focus on specific Anti-fraud Controls within the overall Internal Controls process.

  29. Who Is Committing Fraud?

  30. Who Is Committing Fraud?

  31. Correlation between length of employment and amount of fraud loss • Study shows that employees with longer tenure at an organization commit more expensive frauds than employees with shorter tenure. • Cause attributed to higher degree of trust implicitly placed on employees with longer tenure by most organizations. • Also, with longer tenure comes greater opportunity and a higher level of access.

  32. Who Is Committing Fraud?

  33. Who Is Committing Fraud?

  34. Who Is Committing Fraud?

  35. Defining Occupational Fraud • ACFE:The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.

  36. Four Characteristics Of Occupational Fraud • The activities are clandestine. • When committing occupational fraud, the perpetrators make attempts to conceal their actions. As examples, these attempts might involve the altering of or destroying documents, failing to record transactions, or deleting information from computer systems.

  37. Four Characteristics Of Occupational Fraud • The activities violate the perpetrator’s fiduciary responsibilities and positions of trust within the employing organization. • All employees have been entrusted to some degree with a level of fiduciary responsibility by their employers. When committing fraud against an employer, an employee breaches that trust. Employees in whom greater degrees of trust have been placed are in often in position to commit frauds of greater magnitudes.

  38. Four Characteristics Of Occupational Fraud • Activities Are Committed For Personal Enrichment • Frauds are not committed for sport; rather, there is some financial gain to be derived from the fraud. • This gain can accrue directly to the perpetrator, or it can benefit a third party of the perpetrator’s choosing – for example, a family member.

  39. Four Characteristics Of Occupational Fraud • The activities exact a cost on the employing organization. • Because frauds enrich their perpetrators, there has to be an offsetting cost to the employing organization. • This might result in the direct loss of assets, or it might result in less obvious losses such as the reputation of the entity being tarnished and loss of investor confidence.

  40. Three Types of Occupational Fraud * • Misappropriation of assets • Corruption • Financial Statement Fraud * These are what you want to develop good Internal Controls to mitigate risk where possible.

  41. Relative Frequency of Fraud and Associated Loss (Percentages do not total to 100% because some instances of fraud involve more than one fraudulent activity.)

  42. Types of Cash Fraud Schemes: • Those involving cash receipts (skimming and cash larceny), • Those involving cash disbursements (billing, check tampering, expense reimbursement, payroll, and register disbursements), and • Those involving cash on hand.

  43. Breakdown of Cash Misappropriations

  44. Types Of Fraud And Losses

  45. Median Fraud Loss by Number of Employees

  46. How Is Fraud Detected * * My favorite, considering how we stress the importance of Internal Controls and Auditors! Why are these numbers the way they are today?

  47. How Senior Manager Frauds Are Detected

  48. So, What Should We Do? • What should businesses do to mitigate risk and reduce fraud loss according to the ACFE 2010 study’s conclusions and recommendations?

  49. Implement Hotlines to Report Possible Fraud, Theft, or Loss • Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system. • Organizations should implement hotlines to receive tips from both internal and external sources. • Such reporting mechanisms should allow anonymity and confidentiality, and employees should be encouraged to report suspicious activity without fear of reprisal.

  50. You Cannot Over-rely on Audits • Organizations tend to over-rely on audits. • External audits were the control mechanism most widely used by the victims in the survey, but they ranked poorly in both detecting fraud and limiting losses due to fraud. • Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but audits alone should not be relied upon exclusively for fraud detection.

More Related