Male or female No prior criminal history (<8%) Well liked by co-workers Likes to give gifts/compulsive shopper Gambling problems not unusual Long-term employee Rationalizes: Starts small or “borrows” Lifestyle clues
Stealing cash funds processed or on hand Not recording & stealing the cash receipts Under ringing & stealing the difference in cash receipts Altering bank deposits
Lapping Forging checks received Altering credit card receipts Granting bogus credits Bogus bad debt write-offs or account adjustments
Ghost employees Manipulated time records Unclaimed payroll checks Writing extra payroll or bonus checks Leave time manipulation Withholding fraud W-2 fraud
September, 1997: Top city official convinces City Council to allow him to sell (cash out) unused leave time back to the City he worked for Added an amendment to his existing employment contract City Council approves
Sample Leave Fraud Activity: Leave time: June 11, 2002 contract442 days Leave sold back in next 8 weeks107 days 335 days So the pattern was to…… Get City Council to approve a new contract Pass it off as a “minor” change After approval: Sell batches of leave time A few months (or weeks) later - another contract
7 year period: over 2,000 days of leave sold Equivalent to 60 years worth of leave Final tally: $675,000 in leave time cashed out He became bolder: other benefits added Convicted Sentenced to 51 months in federal prison
Top Ten Reasons Frauds Beat Internal Controls in Government
Process mentality Just doing the steps in the process Not thinking about what one is doing Example: Two signatures required on checks. Both check signers fail to notice the check has no payee and still sign the check. Remedy: Reinforce the need to pay attention and the consequences for failure.
Blind trust Failure to acknowledge warning signals Example: Failure to follow up on a customer complaint of an incorrect bill for service and relying on the experienced and valued billing clerk’s response that it was just an error. Remedy: Realize that anyone can commit fraud. Assume discrepancies are fraud and prove to yourself it is only an error.
Positional immunity Rationalizing that controls don’t apply to me because I am in upper management. Often referred to as management override. Example: Executive director doesn’t report leave used, but still gets paid for unused leave annually. Remedy: Identify someone within or outside the entity that you can report these circumstances to and not jeopardize your job.
Situational incompetence New employee not in a position to question why Example: New accounts payable clerk questions why purchases from a certain vendor do not require bids, and is told that such purchases are exempt. Remedy: If you are the supervisor, don’t assume new employee just doesn’t understand. Take their questions seriously and ask your self why. If you are the employee, ask more than one person.
Workload overload Not enough time to perform control procedures Example: Knowing that the supervisor is too busy to reconcile accounts receivable, a billing clerk steals cash and posts unauthorized adjustments. Remedy: Reevaluate assignment of duties, and when needed, demand more resources by focusing on the consequences of fraud.
Conflict avoidance Responsible employees not comfortable in confronting other employees Example: A supervisor recognizes that the cash drawer is always short at the end of the day, but is uncomfortable in confronting the employee. Remedy: Reinforce supervisory responsibilities. Provide employee management training. Don’t tolerate poor performance.
Informational restraint Responsible employees lack the information they need to identify an improper transaction Example: An accounts payable clerk is not provided a contract that includes a not-to- exceed price limit and vendor takes advantage by over-billing. Remedy: Reinforce with employees the openness and availability of records and information.
Behavioral ignorance Responsible employees ignore behavioral signs or indicators of possible fraud Example: Management and other employees fail to investigate or question an employee that is living well above their means or salary level. Remedy: Create an environment within the government that fosters ethical and responsible behavior. Create an anonymous hotline.
Informational ignorance Officials ignore fraud warning signs in reports because they don’t understand the reports Example: Highway patrol fine revenue was embezzled and monthly budget report shows a potential problem, but the report is too complicated for management and governing board to understand. Remedy: When it comes to reports, use the KISS principle and train the users.
Ethically challenged Employees responsible for controls are just not ethical and morally responsible individuals Example: Purchasing supervisor is dishonest and convinces an accounts payable employee to process fake invoices for payment and split the money between them. Remedy: Don’t hire crooks.
Fraud risk assessment Internal controls Proper environment External review Reporting mechanism Hire right Fidelity bonding Establish “Perception of Detection” Forensic data mining
Segregation of duties Effective bidding processes Vendor approval controls Policies ◦ Code conduct, fraud policies ◦ Conflict of interest, gifts, gratuities ◦ Etc. Fraud awareness training Internal audit
Managing the Business Risk of Fraud: A Practical Guide (AICPA & IIA) – REQUIRED READING Management Anti-Fraud Programs & Controls (exhibit to SAS 99) ACFE Fraud Prevention Check-Up ACFE Best Practices in Ethics Hotlines ACFE Sample Code of Conduct ACFE Sample Ethics Policy
Creating a Culture of Honesty & High Ethics Evaluating Antifraud Processes & Controls Developing an Appropriate Oversight Process
Setting the tone at the top Creating a positive workplace environment Hiring and promoting appropriate employees Providing sufficient training Confirming accountability for code of conduct Implementing effective discipline
Identifying and measuring fraud risks Mitigating fraud risks Designing and implementing appropriate internal controls Monitoring compliance with internal controls Don’t miss the obvious…
Oversight by the audit committee or equivalent Oversight by management Use of an effective internal audit function Open and candid dialogue with independent auditors Take advantage of the COSO internal control element “Risk Assessment” by taking some time to “aim”…