Presentation is loading. Please wait.

Presentation is loading. Please wait.


Similar presentations



2 2 Session Outline Public Expectations for Public Officials Internal Control and Risk The Elements of Internal Control Weaknesses in Internal Control can Result in Fraud and Illegal Acts Case Studies Reviewing Internal Control and Identifying Fraud, Illegal Acts, and Abuse Summary and Wrap Up

3 3 Public Expectations for Public Officials High ethical and moral behaviors Public employees will conduct business within policy and procedures Public resources will not be wasted, abused, lost or stolen Yellow Book – management should conduct operations Economically Efficiently Effectively Ethically Equitably

4 4 Terms of Importance Misfeasance Malfeasance Nonfeasance Abuse Fraud Internal controls

5 5 What Is Misfeasance? A misdeed or trespass The improper or wrongful performance of some act that a person may lawfully do

6 6 What Is Malfeasance? Ill conduct, evil doing The commission of an act that is unlawful Comprehensive term including any wrongful conduct that interferes with the performance of official duties The doing of an act that a person should not do at all

7 7 What is Nonfeasance? Nonperformance of an act that a person is obligated or has a responsibility to perform Not doing what you should do Total neglect of duty

8 8 What Is Abuse? Improper or inappropriate program management Misuse of authority or position Everything that is contrary to good order Can be intentional or unintentional Does not have to violate a law, regulation, or contract provision

9 9 What Is Fraud? A false representation of a matter of fact Concealing that which should be disclosed – deceiving to cause legal injury Intentional perversion of the truth To deceive another such that they rely on the false representation and surrender a valuable thing or a legal right

10 10 Components of Internal Control Control Environment Risk Assessment Control Activities Information & Communication Monitoring

11 11

12 12

13 Who is Responsible for Internal Control? Management!! Not the Auditor!! 13

14 14 Components of Internal Control – Control Environment The building block for all other components: Integrity & ethical values Commitment to competence Independent audit committee Management philosophy & operating style Organizational structure Assignment of authority & responsibility Human resource policy & practices

15 15 Components of Internal Control – Risk Assessment Segmenting department into organizational components Analyze general control environment Analyze inherent risk Develop appropriate control activities

16 16 Annual Audit Plan Risk Assessment Criteria Program Fiscal Impact20 Strength of Management20 Sensitivity and Public Relations15 Risk of Loss, Noncompliance, Corruption or Fraud10 Complexity of Activity20 Risk to Public Welfare

17 17 Risk Risk are essentially the opposite of control objectives If the objective is to safeguard assets, the risk is that assets will be lost or stolen. Therefore, without knowing the risk, one cannot decide on the appropriate control activities Conduct brainstorming sessions to identify risk and potential areas for fraud

18 18 Risk – Questions to Consider Chance of Occurrence - How likely is it to go wrong? (High, Medium, Low) Impact of Occurrence - What will happen if it goes wrong (assets lost, clients not served, noncompliance with law, damage to the reputation of the government, etc.) (High, Medium, Low) Assessment of Risk (High, Medium, Low)

19 19 Components of Internal Control – Control Activities Link to objectives Accountability for resources Direct activity management Top level reviews Segregation of duties Physical controls Execution & recording of transactions & events

20 20 Components of Internal Control – Information and Communication Information – Reports Communication – Dissemination of Reports

21 21 Components of Internal Control - Monitoring Ongoing monitoring Separate evaluations Reporting deficiencies

22 Internal control The plan of organization and policies and procedures established by management to accomplish organization goals and objectives No individual person should have access to assets and also maintain summary accounting records relating to those assets – no one should control all phases of a transaction There should be periodic comparison of assets of record (recorded accountability) to physical existence In instances where cost of control exceeds resources, there should be mitigating controls 22

23 23 Who Commits Fraud? Married Between 18 and 36 Has 2 children Owns a home Does not have a drug or alcohol problem Does not recognize harm to victims Bright Strong sense of challenge and game playing Versed in technology and skillful Has a position of trust

24 24 Reporting Fraud – Employees Do It Best Tip from employee Accidental discovery Internal Audit Internal controls External audit Tip from customer Anonymous tip Tip from Vendor Notification from law enforcement

25 25 Who Has the Responsibility for Detecting/Reporting Fraud? Management Employees External Auditors Internal Auditors Government Vendors Public

26 26 Management Responsibilities Adopt and implement internal control policies Establish a control environment Assess and analyze risks Establish control activities to address risks Develop information and reporting systems Monitoring activities Understand and communicate your organizations ethics policies

27 27 Management Responsibilities Relating to Audits Help in the identification of areas susceptible to fraud and abuse Address audit findings & recommendations and maintain a process to track their status Follow sound procurement processes when contracting for audits or attestation engagements

28 28 Employee Responsibilities Be aware of where fraud can occur Look for irregularities Report suspicious activities (dont assume others know) Conduct work in an ethical manner and perform work in accordance with policies and procedures

29 29 External Auditors - Responsibilities Examine the governments financial statements and express an overall opinion Design the audit to detect fraud that is material to the financial statements Conduct fraud brainstorming sessions and be alert to possible fraud as it relates to the financial statements Review internal controls over financial reporting

30 30 Government Internal Auditor Responsibilities Review department, division, unit and/or program internal controls Review transactions for possible waste, fraud and abuse Design the audit such that fraud significant to the audit objectives will be detected If abuse come to the auditors attention, follow up on that abuse to determine if its presence is significant to the audit objectives

31 31 Vendors Responsibilities Be aware of how and where fraud can occur in their operations Look for irregularities Report suspicious activities (dont assume others know)

32 32 Public Responsibilities Report suspicious transactions or behaviors

33 33 Approach to Detecting Fraud Exercise professional judgment Exercise professional skepticism Balance between a questioning mind and doubting everyone Critical assessment of evidence

34 34 Management Red Flags Reluctance to provide information when requested High employee turnover in high risk areas Lack of segregation of duties in a high risk area Excessive number of checking accounts Increase in purchase of inventory but no increase in productivity Abnormal inventory shrinkage Lack of physical security over assets Payments to vendors not on approved vendor list

35 35 Employee Red Flags Employee lifestyle changes (expensive cars, jewelry, homes, etc.) Behavior changes (drug, alcohol, gambling) Reluctance to provide information when requested Refusal to take vacation or sick leave Excessive purchasing of supplies Inappropriate overtime hours

36 36 How to Improve Your Chance of Detecting Fraud? Assume anyone can commit fraud Good documentation does not mean something happened – only that someone said it happened Pay attention to detail (numbers, dates, amounts, alterations, reasonableness, etc.) Pay attention to hints or rumors of wrong doing Look for patterns or unusual transactions

37 37 Potential Red Flags Erased or crossed out figures Inconsistent inks and typefaces Unusual dates, amounts, notes, phone numbers and calculations Consecutively numbered invoices Excessive voids or refunds Invoices in large even sums Multiple invoices to the same vendor just under $10,000

38 38 Potential Red Flags (Continued) Invoices printed on other than prepared forms Vendor address change Unusual number of payments to one payee Inadequate description of item purchased Delay in responding to request for documentation Stale invoice dates

39 39 What Conditions Make Fraud Easier Weaknesses in Internal Controls relating to: Control Environment Risk Assessment Control Activities Information and Communication Monitoring The Fraud Triangle Incentive (Pressure) Opportunity Rationalization

40 40

41 41 Fraud Triangle Pressure such as a financial need, is the motive for committing the fraud. Pressure includes living beyond ones means or family and relationship situations. Rationalization The person committing the fraud frequently rationalizes the fraud. Rationalizations may include, Ill pay the money back, They will never miss the funds, or, I will just do this just one time or They dont pay me enough. Opportunity The person committing the fraud sees an internal control weakness and, believing no one will notice if funds are taken, begins the fraud with a small amount of money. If no one notices, the amount will usually grow larger. In any organization, the risk of fraud can be reduced. Internal control procedures can particularly diminish the opportunity point of the Fraud Triangle. * Of the above three, the one that management can control is _________


43 Weaknesses in Internal Controls Organizational Oversight Fraud Controls and Control Risk Assessments Procurement of Goods and Services Travel Special Events Grants and Sponsorships Allowable Use of Restricted Resources Motor Vehicles Accounting Controls Electronic Funds Transfers Information Technology Controls Public Records 43

44 Background In May 2012, the Auditor General received a request to conduct and audit of the Tourist Development Council and the Board of County Commissioners use of tourist development taxes and funds received from BP. For the two year period to , revenues totaled $36.4 million. 44

45 Organizational Oversight and Budget Monitoring The BCC, TDC, and CCC did not exercise sufficient control over funds received and invoices processed did not demonstrate or document the public purpose served Budgets were not adopted at the level of their restriction Spreadsheets prepared were not used to reject invoices when sufficient funds were not available at the ordinance restricted level. 45

46 Monitoring The TDC acted in an action oriented manner rather than in an advisory role. As a result they authorized expenditures without BCC approval. The TDC did not continuously review expenditures or regularly receive summary or detailed reports of expenditures. Conflicts of interest were present as purchases were made with companies that had ties with BCC members, a TDC member, and a TDC subcommittee member. Risk assessments were not performed by the BCC to identify the potential for fraud 46

47 Support for Invoices Purchases were made without obtaining written quotations There was failure to document the selection process for two advertising and marketing firms Contracts with marketing firms did not required them to competitively procure goods and services. Contracted marketing firms were not required to submit invoices, including invoices from third parties in sufficient detail to allow for adequate preaudit to ensure goods were actually received and the correct amounts charged. The firms were paid $12.1 million without adequate review or oversight 47

48 Support for Invoices A payment for promotion and advertising services had been misappropriated for the purchase of a house by the TDC Executive director. The county paid $747,000 from the BP grant on an advertising and marketing invoice as Boast the Coast National Television Campaign and Promotion. After payment was made to the firm, the TDC Director instructed the firm to wire the monies to a designated bank account. The monies were then used to by the ED for the purchase of the house titled to a revocable trust for him and his wife. 48

49 Example Purchases $155,400 paid to vendors and invoices inadequately described the goods or services purchased $48,000 described as prize for Internet/viral video contest. Actually purchased a Porsche titled to the former TDC Executive Director $47,000 described as convention center marketing expenses included $19,620 for a County Christmas Party, A TDC holiday party, and a harbor cruise for employees and $5000 donated to a charity. $31,400 identified as Harbor Walk/Destin Advertising was actually for furniture for the TDC office including $6,250 in furniture located at the former TDC Executive Directors home Had the BCC or CCC required adequate documentation, the payments may have been denied. 49

50 Competitive Procurement The County purchased a yacht for $710,000 without evidence of formal bids. Three vehicles were purchased for a total amount of $129,808 without evidence of written quotes 508 beach towels purchased for $8,832 without written quotes Over $12 million was expended through outside firms and those firms were not required to competitively procure goods and services or follow County purchasing policies and procedures. Results in limited assurance that costs were reasonable. 50

51 Advance Payments Payments were made in advance and there was evidence that in many instances services paid for were not received. 187 days of drivers services paid for and 43 days provided 32 day of spokesman services paid for and 23 days provided $25,000 paid for a musical group and no concerts were performed Advance payments increase the risk that goods and services may not be provided 51

52 P-Card and Travel Expenditures There was no evidence that the former TDC Executive Directors p- card expenditures were approved by another employee. $14,680, 20 of 60 purchases tested, did not document the public purpose of expenditures made. $41,225 in travel-related expenditures were not supported by travel vouchers The TDC Director directed travel be paid for a candidate for a position and was denied. The TDC Director then had an advertising firm pay the travel and the cost was then billed back to the TDC 52

53 Special Events and Sponsorships Special events and sponsorships totaled over $800,000 Policies and procedures had not been developed for these type services Written agreements were not entered into to guide the terms and conditions and provision of services 53

54 Compliance $1,912,095 in TD taxes were used to fund lifeguarding and beach patrol and were not allowable from this source $564,000 in TD taxes were used to fund beach shuttle services and these expenditures are not expressly authorized from this source County records supporting funds paid to two advertising and marketing firms were inadequate and a portion resulted in questioned cost $207,304 in debit card purchases and use were questioned 54

55 Accounting Controls and Minutes Transactions were recorded to the wrong accounts $97,766 in vehicles were recorded as contracted services – public relations rather than as capital outlay – machinery and equipment $81,237 for a marquee was recorded as contracted services – advertising rather than as capital outlay – infrastructure $2,208 for televisions were recorded as motor vehicles rather than as machinery and equipment. Inaccurate records can lead to incorrect management conclusions Minutes were not recorded for TDC and TDC Subcommittee meetings 55

56 Summary In general, the BCC and CCC agreed with the findings and recommendations New policies were written and implemented There was significant reputational risk for this type operation and as a result of the above, there has been significant reputational damage. It is up to the governing body to address these issues in an accountable and transparent manner in order to restore the public trust. 56

57 Case Study One Any weaknesses in: Control environment Control risk Control activities Information and communication Monitoring 57

58 58 Case Study Two City of Tallahassee Fleet Department Parts supervisor could order, receive, and issue parts. Could also open closed work orders and adjust the inventory Suspicious transactions with three vendors identified Collusion with one vendor Losses totaled almost $3 million over five years. City employees and vendors prosecuted Theft was not material to each years internal service fund financial statements

59 59 See Page 2 for Invoices

60 60 Number of large dollar invoices all for the same amount

61 61 Notice instructions Valid Invoice

62 62 Notice instructions Improper

63 63 Same Amounts and Consecutive Invoice #

64 64 Same Amounts No Description Consecutive #

65 65 High Dollar Items

66 66 Invoice Altered with Whiteout

67 67

68 68 ZZ4 / 350 Engine 355 horsepower out of a small block aluminum head engine! The evolution of the ZZ series, this engine powers thousands of street rods, drag racers, and show cars. With 405 ft/lbs of torque, the ZZ4 is the best way to put a high performance small block engine under your hood!

69 69

70 70

71 71

72 72

73 73

74 74

75 75

76 76

77 77

78 Summary for Case Study Two Any weaknesses in: Control environment Control Risk Control Activities Information and Communication Monitoring 78

79 Where do you Place Responsibility With the City? With the vendors? With Both? 79

80 Case Study Three - Leon County Research and Development Authority Organizational Background Board Composition – Nine Members Staff – An Executive Director and an Office Manager External Auditors – Same for several years Financial Statements – Clean opinions Monthly budget to actual statements - prepared by the office manager Treasurer reports – prepared by the office manager Audit Committee – well-intentioned but absent strong financial members 80

81 Discovery of a $650,000 Fraud A change in auditors in 2010 led to the discovery of a $650,000 fraud that spanned 5 years The previous auditors focused on the revenue side of the audit believing the expenditure side was not a significant risk and therefore doing minimal testing of expenditures. 81

82 Fiscal Year Number of Fraudulent Checks Written Total Amount of Checks Total Operating Expenses – Salaries, Depreciation & Other Percent Fraud of Total Operating Expenses Total Other Expenses Percent of Fraud of Other Expenses (Not Including Salaries and Depreciation 2005 – $41,075$1,014, %$402, % 2006 – $80,947$1,159, %$468, % 2007 – $172,948 $1,387,237 (1) Note: Salaries and Depr. Were $758, %$628, % 2008 – $239,684 Approxim ately 25% $481, % $112,797 Audit year in progress Total113$

83 Internal Controls - The Office Manager Received and opened the mail to include receiving tenant rental payments, vendor invoices for services provided, and monthly bank statements to include cancelled checks Had custody of check stock Had signature stamps Prepared invoices for payment to include preparing checks for dual signature by someone other than herself Maintained the accounting records and prepared and presented monthly financial and budget reports for Board meetings Reconciled the check book to the bank statement for review by the Executive Director. Cancelled checks were not provided to the Executive Director 83

84 What Was Not Known by the Previous Auditors or the Board The Office Manager was fired by her former employer and found guilty of a felony for embezzlement of over $100,000 During the time the Office Manager worked for the Board (during the day), she also performed community service at night at the County jail as part of her previous sentence No background check was performed by the Board upon employment of the Office Manager – the previous auditors were aware of no background check through inquiry, noted this in the working papers, but took no further action 84

85 The Office Manager Drove an expensive vehicle Lived in an expensive home Was married with children and was a devoted parent Was well liked Was praised by the previous auditors in their audit report for being helpful to them 85

86 Discovery of the Fraud by the New Auditors The Office Manager failed to timely respond to records request The new auditors observed the Managers lifestyle The auditors checked and verified through the county records a criminal history The auditors noticed a check that appeared unusual The auditors made a direct request to the bank for copies of cancelled checks The auditors notified the Audit Committee Chair of their concern as well as the Board Chair 86

87 The Office Manager Asked to Explain Herself at a Board Meeting The Office Manager admitted that she did not tell the Board when she was hired that she was previously fired by her former employer for embezzlement – she said she was not asked The Office Manager denied any wrongdoing while with the Board The Office Manager accused one of the Board Members of sexual harassment The Office Manager was subsequently convicted and sentenced to prison To date the Board has received little monies back from the former employee. It recovered $100,000 from its insurance company and additional monies from the external auditors 87

88 88

89 89

90 90

91 91

92 92

93 93

94 94

95 95

96 96

97 97

98 98

99 99

100 100

101 101

102 102

103 The City Auditor was Appointed by the Mayor to Represent the City on the Board Officially joined the Board October 1 The Board had a new Chairperson and several new Board members Named to the Audit Committee upon joining the Board Worked on and received Board approval of an Audit Committee Charter Was elected to become Treasurer in mid- November to replace the current Treasurer Asked the question - Is there any liability of the previous auditors for not detecting the fraud? Was requested to pursue the issue with the Board Attorney and to represent the Board 103

104 What Was the Boards (and /or Audit Committee)Responsibility To establish an adequate system of internal control The control environment Control risk Control activities Information and communication Monitoring Other specific responsibilities Have policies and procedures Meet with the auditors to discuss the planned audit, and any concerns about risk and the system of internal control To follow up on audit findings and recommendation and to take corrective actions 104

105 What was the Auditors Responsibility To conduct the financial statement audit in accordance with Generally Accepted Government Auditing Standards. To plan the audit to obtain reasonable assurance To use professional judgment To consider fraud in a financial statement audit and to provide reasonable assurance on whether the f/s are free of material misstatement, whether caused by error or fraud To brainstorm about fraud risk Specific GAGAS Follow up on previous significant findings Exercise professional skepticism Use professional judgment Consider lower materiality levels for government entities Report on significant deficiencies and material weaknesses in internal control over financial reporting 105

106 Opportunities to Detect Fraud Confirm vendor payments or year-end payables Obtain copies of cancelled checks directly from the bank or review checks on-line. Instead, cancelled checks on hand were traced to vendor invoices and accounting records Review the organization process for performing background checks Request were made to the accountant to review specific checks. Bank statements were not reviewed (when I reviewed bank statements, all fraudulent checks had been removed - the review took approximately one hour). The auditors stated in the W/Ps there was no need to review bank statements W/Ps indicate no conditions susceptible to fraud in amounts material to the financial statements Audit procedures did not vary from year to year This was not a complicated fraud 106

107 The Subsequent Auditors Report for 2009 (Two audits have subsequently been issued) 5 material weaknesses 6 significant deficiencies 4 additional weaknesses in internal control Weaknesses reported were not new 107

108 Reputational Risk This fraud made the front page of the local paper on numerous occasions Previous Board members were embarrassed The name of the Board (Park) was linked to the fraud as opposed to its mission for many months Subsequent clean audits - for the last two years – have helped For the most recent audit, there were no material weaknesses, significant deficiencies, or management comments. This was also reported in the newspaper 108

109 Comment from Office Manager to previous auditors inquiry about any knowledge of fraud: I can honestly say that I know of none, nor do I know of any allegations of fraud. 109

110 Where Do you Place Responsibility? With the Board? With the Auditors? With both? 110

111 Case Study Three Was there a weakness in Control environment Control risk Control activities Information and communication Monitoring 111

112 What are Some Suggestions Be aware that fraud and abuse can exist Exercise professional judgment and professional skepticism Ask about background checks Discuss risk and fraud with organizations management and determine whether there are mitigating controls Brainstorm with staff and supervisor on risk, controls, and testing to be done. Document discussions Look for persuasive fact- based evidence Document adequacy of responses to questions 112

113 113 High Risk Areas Susceptible to Fraud Travel reimbursements Time & attendance Overtime Cash collections Petty cash purchases Use of vehicles and equipment P-card transactions

114 114 What to Do When You Suspect or Discover Fraud? Do not pursue so as not to interfere with potential future investigations or legal proceedings Secure documentation Notify your supervisor Notify upper management (department directors) if you do not feel that your concerns have been investigated satisfactorily, or Call the Auditor

115 Potential Red Flags One person opening the mail that contains money Individuals collecting money in the field Using only certain vendors when quotes would be more logical Lack of dual check signatures over a certain amount The person having check stock and check writing authority also reconciling the bank statement Receipt of bank statements by the check writer 115

116 Tips on How to Deter Fraud in Your Organization 1. Integrity at the Top 2. Positive Reputation 3. New-hire Screening Process 4. Ethics Programs 5. Written Fraud Program with Expectation of Consequences

117 Tips on How to Deter Fraud in Your Organization (Continued) 6. Communicate Policies to Vendors 7. Proper Handling of Investigations 8. Independent Internal Audit Function 9. Effective Internal Controls and Auditing 10. Open Internal Reporting

118 118 Questions?

119 Comments/Questions Thank you!!! Sam McCall


Similar presentations

Ads by Google