1 / 77

Internal Controls

Internal Controls. THE ROLE OF INTERNAL CONTROLS IN THE PREVENTION AND DETECTION OF FRAUD Presented by Mark Dauberman, CPA, EMBA. “Fraud Is Committed by Desperate Individuals”. Joseph T Wells, CPA, CFE Founder & Chairman of ACFE. How Fraud is Committed – The Nature of Fraud.

jjanna
Download Presentation

Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Controls THE ROLE OF INTERNAL CONTROLS IN THE PREVENTION AND DETECTION OF FRAUD Presented by Mark Dauberman, CPA, EMBA

  2. “Fraud Is Committed by Desperate Individuals” Joseph T Wells, CPA, CFE Founder & Chairman of ACFE

  3. How Fraud is Committed – The Nature of Fraud • Misappropriation of assets • Financial statement fraud • Corruption schemes

  4. Misappropriation of Assets • Theft of cash • Theft of cash on hand • Theft of cash receipts • Fraudulent disbursements • Misappropriation of inventory and other assets • Larceny • Misuse

  5. Theft of Cash Receipts • Larceny • Skimming • Sales • Receivables • Refunds and other

  6. Fraudulent Disbursements • Billing schemes • Payroll schemes • Expense reimbursement schemes • Check tampering • Register disbursements

  7. Financial Statement Fraud • Overstatements of net income and net worth • Understatements of net income and net worth

  8. Overstatements of Net Income and Net Worth • Timing differences • Fictitious revenues • Concealed liabilities and expenses • Improper asset valuations • Improper disclosures

  9. Understatements of Net Income and Net Worth • Timing differences • Understated revenues • Overstated liabilities and expenses • Improper asset valuations • Improper disclosures

  10. Corruption Schemes • Conflicts of interest • Bribery • Illegal gratuities • Economic extortion

  11. Examples • A T & T – Misuse of Assets • Foster Foods – Expense reimbursement scheme • Agassiz – Check tampering • A Major National Superstore – Inventory theft

  12. A T & T – Misuse of Assets – The Headlines May 9, 2013 – AT&T Pays FCC $18.25 Million to Settle IP Relay Fraud Claims November 7, 2013 – AT & T Pays Another $3.5 Million to Settle IP Relay Fraud Claims

  13. The Fraud • Overbilled U.S. Government Fund intended to help hearing and speech impaired customers • - 80% of calls billed were ineligible • - “It was common knowledge among AT&T communication assistants that many callers were from Nigeria and other foreign countries and that these callers used the system to defraud U.S. merchants by ordering goods with stolen credit cards and counterfeit checks.”

  14. What Was (Were) the Fraud(s)? • Overbilling • Did AT & T know? • Should they have known? • If so, is ignorance fraud? • Allowing fraudulent use of service • Should employees have blown the whistle? • Should AT & T have known? • Is AT & T responsible?

  15. Detection • Who should be able to detect? • Management • Overbilled agency • How would it be detected? • Knowledge • Converted into expectations

  16. Prevention • Who committed the fraud? • Communication assistants • Knew of fraud • Should not have allowed • Management

  17. Prevention • How to prevent: • Take away the reason • Take away the opportunity • Take away the ability to rationalize

  18. Case 2Expense Reimbursement • “When Petty Cash Isn’t Petty” • Fraud Casebook – Lessons from the Bad Side of Business • Edited by Joseph T. Wells, ACFE, Published by Wiley • Chapter 21, Karen Frey, PhD, CPA

  19. The CompanyFoster Foods • Founded in 1953 by brothers Arthur & Louis • Very successful selling jam made from family farm’s unsold fruit • Changed strategy to research and development of dried fruit products • Grew and transformed too rapidly and filed for Chapter 11 protection • Used petty cash for expenditures as vendors were not accepting company checks or credit

  20. The PerpetratorJeri Hansen • Responsible for petty cash accounting and reconciliation and accounts payable • 15-year employee with positive reputation • Insisted on complete and accurate documentation • Anticipated and fulfilled officer’s information needs • Understood and provided types of documents and summaries needed by auditors • “It would be a lot easier if I just get that for you” • Rarely took time off

  21. System ExploitedPetty Cash Payments • Cash for estimated expenses given to drivers before trips • Receipts and remaining cash returned by drivers after trip • Voucher with receipts attached and remaining cash placed in petty cash drawer • Cash reimbursed when low or drawer full of vouchers • Jeri prepared reimbursement envelope with petty cash vouchers inside and summary on outside stating total reimbursement, payees, dates paid, and accounting distribution • Controller reviewed contents and approved reimbursement • Treasurer provided reimbursement check to Jeri to cash at the bank

  22. The FraudMethodology • Invoices paid both by check and through petty cash • Incorrect totals on vouchers • Incorrect amounts transferred from vouchers to summary • Receipts duplicated and submitted more than once • Photocopies of receipts submitted as originals • Amounts on receipts altered • Vouchers issued without supporting receipts • Payments made for credits or where invoice indicated that no amount was due • Original and “corrected” invoices submitted for payment

  23. Discovery • CFO seeking information during Jeri’s vacation • Not suspicious, but noticed petty cash disbursement to supplier normally paid by check • Initiated investigation • Repercussions • Losses of $100,000 uncovered • Jeri convicted • Restitution ordered and partially paid • Required to serve part of 24-month sentence in county jail

  24. Lessons Learned • Segregation of duties • Supervision • Control activities • Ensure that reimbursement procedures are followed • Review analysis of fuel consumption

  25. Case 3Check Tampering • “A Taxing Problem” • Fraud Casebook – Lessons from the Bad Side of Business • Edited by Joseph T. Wells, ACFE, Published by Wiley • Chapter 11, Andrew Kautz, CFE

  26. The CompanyAgassiz • Midsize construction company involved in road and commercial building construction • Family-type work environment with employees trusted and participating in success of company • Expanded over years without making investment in internal controls • Weak in accounting • Lack of segregation • Responsibility without oversight

  27. The PerpetratorAngela Bauer • No high school diploma but GED and a few community college bookkeeping and business courses • Willing to work, charming, and appeared to be capable and loyal employee • Worked for company for more than 10 years • Moved up from clerk to accounts payable • Responsible for payments to vendors • No check-signing authority • Also responsible for bank reconciliation

  28. The Fraud Tax Payments • Prepared check requests for tax payments • Altered payee to be negotiable to Angela Bauer or her husband • Some checks written to bank credited to Bauer’s benefit

  29. Discovery • After Angela had left company, government auditor performing normal review of books • Identified two checks to agency, knew agency had only received one • Found cancelled check written to bank instead of government • Initiated investigation • Repercussions • Losses of $570,000 uncovered • Angela liable for full amount of fraud and husband liable for portion

  30. Lessons Learned • Segregation of duties • Angela responsible for both issuing checks and reconciling bank account so she could perpetrate fraud and cover tracks • Control activities • Reassess controls on a regular basis • Trust employees, but create basic safeguards

  31. Case 4Inventory • “Price Check on Register One” • Fraud Casebook – Lessons from the Bad Side of Business • Edited by Joseph T. Wells, ACFE, Published by Wiley • Chapter 27, Dwight Taylor, CFE, DRE

  32. The CompanyMajor National Superstore • Very control conscious • State-of-the-art surveillance system

  33. The PerpetratorsHolly Harmon • Married woman unable to make ends meet living in small town in Iowa • Moved with husband to Des Moines for higher paying jobs • Lacked specialized skills and had criminal record • Obtained job as cashier at large national superstore

  34. The PerpetratorsFamily & Friends • Clifton Harmon, husband • Shelly North, Holly’s sister • Divorced with 3 children • Unable to work, dependent on government assistance • Cathy Lester, one of Holly’s best friends • Divorced with 2 children • Working as office assistant and unable to make ends meet • Amelia Leach, Holly’s friend • Arrested for forgery at age 20 • In and out of jail and marriage

  35. The FraudCash Register Receipt Theft • Placed UPC codes for inexpensive items on more expensive merchandise • Rang up merchandise at lower amounts on sales to accomplices • Refunded items without return of merchandise • Sold suitcases and other bags and containers full of merchandise

  36. Discovery • After Holly left company, manager performed routine review of activity of former employee • Video tapes showed sales of items that did not appear on cash register tapes • Video showed customer being allowed to retain merchandise after transaction was voided • Initiated investigation upon reviewing tapes • Clifton confessed upon interview • Holly and Amelia received 10-year prison sentences and were ordered to pay restitution • Approximately $12,000 in merchandise recovered

  37. Lessons Learned • Background checks • Should be routine for employees handling valuables such as cash or merchandise • Would prevent hiring of people like Holly who have criminal records • Control activities • Create system that flags unusual activity such as a large number of voided transactions • Perform regular, random reviews of cash register logs • Make employees aware of monitoring as a deterrent

  38. Identifying Control DeficienciesUnderstand Existing Core Systems • Initiation • Authorization • Execution • Recording • Verification

  39. Identifying Control DeficienciesDocument Understanding of Existing Core Systems • Documentation • Narrative • Flow of Transactions, Verified Throughout • Flow Charts • Documentation & Segregation of Duties

  40. Identifying Control DeficienciesIdentify Control Activities • Identify accounts affected by system • Evaluate actions within system • Determine control activity when action supports assertion • Indicate assertion supported

  41. Internal Control System Evaluation Matrix

  42. Identifying Control DeficienciesEvaluate Control Deficiencies • Review control activities by assertion • What could go wrong? • Type of issue • Component of process • Applicable assertion • Nature of issue • Error • Fraud

  43. Identifying Control DeficienciesDetermine Appropriate Risk Response • Basis for decision • Likelihood of loss • Magnitude of loss • Alternative responses • Acceptance • Rejection • Sharing • Mitigation

  44. Limitations of Internal Controls • Design • Implementation • Subject Matter

  45. Develop Preventive Internal ControlsCreate Management Reports • Create management reports that identify signs of possible fraud • Abnormal relationships among accounts • Sales & accounts receivable • Sales & cost of sales • Cost of sales & inventory • Inventory & accounts payable • Interest & average debt • Accrued or prepaid expenses & monthly “burn” • Anomalies or pattern changes • Customer performance • Employee behavior

  46. Develop Preventive Internal ControlsControls with Potential to Prevent Fraud • Conventional controls • Performance indicators • Information processing controls • Physical controls • Segregation of duties • “Holistic” controls • Acceptance of reality • Universal involvement • Rewards over punishment

  47. Understanding Internal Control • COSO Framework

  48. Internal Control Components, Principles, and Factors • Control Environment • Standards, processes, and structures providing basis for carrying out internal control • Established by board of directors and management • Importance of internal controls • Expected standards of conduct • Integrity and ethical values of organization • Organizational structure and assignment of authority and responsibility • Process for attracting, developing, and retaining competent individuals • Accountability for performance

  49. Principles Related to the Control Environment • - The organization demonstrates commitment to integrity and ethical values • - The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. • - Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. • - The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. • - The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

  50. Factors indicating that the organization demonstrates commitment to integrity and ethical values • - Sets the tone at the top – The board of directors and management at all levels of the entity demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control. • - Establishes Standards of Conduct—The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity's standards of conduct and understood at all levels of the organization and by outsourced service providers and business partners. • - Evaluates Adherence to Standards of Conduct—Processes are in place to evaluate the performance of individuals and teams against the entity's expected standards of conduct. competent individuals in alignment with objectives. • - Addresses Deviations in a Timely Manner—Deviations from the entity's expected standards of conduct are identified and remedied in a timely and consistent manner..

More Related