1. Mastering Internal Controls and Fraud Prevention American Institute of Professional Bookkeepers © American Institute of Professional Bookkeepers, 2010

2. Mastering Internal Controls and Fraud Prevention Helpful definitions  Bribery—money or favors offered or given to influence the conduct or views of a person in a position of trust  Consent decree—an agreement between two parties sanctioned by the court Example: A company or individual consents (agrees) to stop questionable practices without admitting guilt Terminology

3. Mastering Internal Controls and Fraud Prevention Terminology  Counterfeit—a copy of a valid license, written authorization or legal tender (money) intended to defraud  Embezzling—misappropriation of another’s property (almost always money) for personal use in violation of trust  Forgery—A false document, or a valid one altered, with the intent to deceive—such as an altered check or credit card

4. Mastering Internal Controls and Fraud Prevention Terminology  Fraud—intentional deception perpetrated to secure unfair or unlawful gain  Larceny—unlawfully taking something— i.e., stealing. If the stolen item(s) are of great value, such as a large amount of money, it is grand larceny  Prima facie evidence—evidence that appears to be sufficient to establish facts unless rebutted, such as a person found at a murder scene holding a weapon

5. Mastering Internal Controls and Fraud Prevention Terminology  Subrogation—substitution of one entity or person for another. Example: Under subrogation, when an employer discovers that a bonded employee has embezzled funds, the insurance company takes the place of the employer to obtain return of the funds

6. Mastering Internal Controls and Fraud Prevention Four Types of Noncash Theft 1.Unconcealed larceny (theft of physical assets) 2.Falsified shipping or receiving reports 3.Fraudulent shipments 4.Fraudulent write-offs

7. Mastering Internal Controls and Fraud Prevention Unconcealed Larceny Review: Larceny is unlawfully taking something from another entity or person  Why is unconcealed larceny not reported?  People assume that co-workers are honest  Loyalty to friends  Seeing the world as management vs. labor  Poor channels of communication  Personal involvement in the theft  Fear of job loss if the thief is a superior

8. Mastering Internal Controls and Fraud Prevention Falsified Receiving/Shipping Reports The most common kinds of theft:  Receiving reports—normal goods are reported as defective to cover up theft  Shipping reports—goods are shipped to a cohort’s home or business address Example: The thief puts an accomplice’s address on the shipping report Retailer example: Same scheme—the goods are then “returned” for cash

9. Mastering Internal Controls and Fraud Prevention Fraudulent Write-offs Fraudulent write-offs can take many forms:  Forcing the reconciliation of accounts Example: Stealing goods, then covering up the theft with a journal entry, such as: COGS XXX Inventory XXX  Altering inventory records Example: The thief overstates the physical count of goods on hand to match the altered records, thus covering up the theft

10. Mastering Internal Controls and Fraud Prevention Fraudulent Write-offs  Creating a fictitious sales order Example: The thief records a fictitious sale, then covers up the unpaid order by debiting the amount to:  an overdue A/R, or  Discounts and Allowances  Bad Debt  Inventory Shortage Expense  Writing off good inventory as scrap, then taking it home, or selling it and keeping the cash, or giving it to an accomplice

11. Mastering Internal Controls and Fraud Prevention When there is no centralized department to receive and store merchandise

12. Mastering Internal Controls and Fraud Prevention Red Flags of Inventory Theft These include (see workbook pages 3-4):  High levels of inventory shrinkage  Frequent customer complaints about shipment shortages  Unsupported adjustments to perpetual inventory records  Excessive purchases of materials or merchandise  An unexplained increase in COGS as a percentage of sales

13. Mastering Internal Controls and Fraud Prevention 1.Proper documentation, properly monitored  Purchase orders, receiving reports, sales orders, and shipping documents should be pre-numbered and the numerical sequence monitored  Shipping documents should require a sales order  Paying an invoice should require supporting documents—a purchase order and receiving report Five Inventory Internal Controls

14. Mastering Internal Controls and Fraud Prevention Five Inventory Internal Controls 2.A system for storing and counting inventory:  Periodic physical counts of all inventory  Instructions on how to account for missing, unused and voided tags  A practical system for describing/identifying inventory

15. Mastering Internal Controls and Fraud Prevention 3.Segregation of duties  Different employees should be responsible for authorization v. recordkeeping v. custody of assets Examples: An employee authorized to initiate a purchase order cannot record the purchase and cannot receive the goods or pay the invoice An employee working in the warehouse cannot have authority to initiate a sales order and cannot record incoming or outgoing inventory Five Inventory Internal Controls

16. Mastering Internal Controls and Fraud Prevention 3.Segregation of duties Five Inventory Internal Controls

17. Mastering Internal Controls and Fraud Prevention 4.Physical safeguards  Lock up valuable inventory  Restrict access to only authorized parties  Consider adding cameras, guards and electronic access logs Five Inventory Internal Controls

18. Mastering Internal Controls and Fraud Prevention 5.Analytical reviews—periodic checks of:  COGS as a percentage of Sales (is it higher?)   Percentage gross margin [Sales – COGS]  Sales (how does it compare to last period?)   Inventory turnover rate [COGS  Avg. Inv.] (how does it compare to last period?)  Cost per unit (how does it compare to previous periods?) Five Inventory Internal Controls

19. Mastering Internal Controls and Fraud Prevention Which Employees May Steal? Experience shows that the employees likely to steal often:  Express deep-seated resentment  Have an inexplicably lavish lifestyle  Have addictions (gambling, drugs, alcohol)  Are overextended (indicated by frequent phone calls from creditors)

20. Mastering Internal Controls and Fraud Prevention Which Employees May Steal? Pressure OpportunityJustification Poor internal controls AddictionsOverextended Perceived mistreatment

21. Mastering Internal Controls and Fraud Prevention How to Prevent Employee Theft To prevent employee theft:  Do not hire high-risk applicants  Verify past employment Ask whether the person is eligible to be rehired Obtain a candidate’s written consent before checking  Check for criminal convictions If Nexis or ChoicePoint does not have information, go to the county courthouse and check the criminal records in the criminal courts division

22. Mastering Internal Controls and Fraud Prevention  Require drug screening of applicants—and possibly current employees Consult a labor lawyer before implementing  Check references—actually call each one  Verify degrees, certifications and licenses How to Prevent Employee Theft

23. Mastering Internal Controls and Fraud Prevention  Perform internal audits and always include:  Expense reports  Purchasing records  Sales records  Cash accounts  Customer complaints  Have the audit performed by someone who does not handle the records audited How to Prevent Employee Theft

24. Mastering Internal Controls and Fraud Prevention Theft insurance, fidelity bonds, covers:  Routine theft and embezzlement  Commercial bribery and stock fraud  Lost earnings from theft of lists Optional riders may cover losses from:  Counterfeit paper currency/money orders  Forgery (deposits, credit cards, computer) Your company must prove that:  Fraud was the cause of the losses claimed  There is an identified suspect Protection Against Employee Theft

25. Mastering Internal Controls and Fraud Prevention The policy’s subrogation provision guarantees the insurer:  The right to sue the wrongdoer  No interference with the right to sue  No settlement without the insurer’s consent Funds collected in excess of the policy amount are paid to the insured (your firm) Protection Against Employee Theft

26. Mastering Internal Controls and Fraud Prevention Signs of Employee Theft Typical signs of theft  An A/R balance does not equal the sum of the subsidiary A/R balances  Slow collections or unusually high bad debt write-offs  Checking accounts do not reconcile  Hard-copy files include copies, not originals For a complete list, see workbook page 18

27. Mastering Internal Controls and Fraud Prevention Fraud Controls in Very Small Firms Controls for firms with 1 or 2 employees:  Have tax and bank statements mailed to the owner’s home  Shuffle bank statement pages (to give the impression that bank statements are reviewed)  Involve the owner’s spouse  Spouses are less trusting of employees  Spouses are more curious about fraud  Spouse should attend the first internal controls meeting  If a spouse is replaced by an employee, beef up controls

28. Check Fraud The most common types:  Checks written on insufficient funds  Checks written on a closed account  Counterfeit checks  Forged checks from the employee’s company  Employee theft of vendor’s checks Mastering Internal Controls and Fraud Prevention

29. Check Theft The most common types:  Checks or statements stolen (to order more with the company image/logo)  Check washing (payee and amount are erased and new data inserted)  Check stock with imprinted account data is stolen Mastering Internal Controls and Fraud Prevention

30. Check Fraud Schemes The most common types:  Check kiting  Nonexistent funds are deposited, a check is written on the account depositing the “funds” in another bank, etc.  Paperhangers  Pass phony checks to distracted employees requesting cash back  Women with crying baby distracts employee  Stop-payment orders  Forged travelers’ checks—$100 common

31. Mastering Internal Controls and Fraud Prevention Spotting Counterfeits Signs that a check is counterfeit:  A slick feel—because on color copies the print is not raised as on genuine checks  Lack of texture  No watermark or micro printing or hologram —even high-quality offset lithography may lack one

32. Mastering Internal Controls and Fraud Prevention New Check-Printing Technologies New methods of printing help prevent fraud:  Prismatic lithography—uses color patterns that are difficult to separate (and hard to imitate)  Scrambled indicia—uses a pattern of colored dots that becomes a word when seen through a colored filter  Micro-line—uses a microscopic line of tiny letters

33. Mastering Internal Controls and Fraud Prevention New Check-Printing Technologies  Hologram—when a hologram on a check is viewed from different angles, it changes appearance and color  Security seal on back—the seal becomes visible when held up to the light

34. Mastering Internal Controls and Fraud Prevention What to Look for When reviewing cancelled company checks:  Fan the checks to spot slightly different colors  Investigate gaps in check numbering  Investigate long-outstanding checks  Investigate too many second endorsements

35. Mastering Internal Controls and Fraud Prevention Employee Check Fraud Employment taxes are a favorite target  Ask the owner/spouse/outside bookkeeper to check endorsements  Be aware that an outside payroll service may have a dishonest employee with access to company financial data For a complete list, see workbook pages 32

36. Mastering Internal Controls and Fraud Prevention Customer Check Fraud To prevent customer check fraud:  Have a policy—e.g., employees must examine each piece of customer ID, such as:  Valid, signed driver’s license with recent photo  A second photo ID (do not accept Social Security cards, business cards, birth certificates, unsigned credit cards)  Use deterrents, such as  The company check acceptance policy in plain view  An electronic security system in plain view

37. Mastering Internal Controls and Fraud Prevention Customer Check Fraud Have a strict check acceptance policy  Train employees on what to look for  Have employees ask for additional ID or consult supervisor if a customer is:  Overly polite  Especially nervous  Aggressive  Hurried  Overly careful in signing a check  Tries to distract employee while writing check

38. Mastering Internal Controls and Fraud Prevention Customer Check Fraud Systems that help prevent fraud include:  Bank verification, e.g., 900 numbers to call  Shared information networks  Check guarantors—typical charge, 1.5% –2.25%

39. Mastering Internal Controls and Fraud Prevention

40. Credit Card Fraud To prevent fraud:  Show employees  How fraud schemes work  How to spot counterfeit and forged credit cards  Establish a liaison with local law enforcement

41. Mastering Internal Controls and Fraud Prevention Schemes Using Lost or Stolen Cards The most common schemes are:  Fraudulent advances or overpayments  Using bad checks for advance payments on stolen cards—then running up charges before the bad check is discovered  Shave and paste  Shaving off the old letters/numbers on the card and pasting on new ones  De-emboss/re-emboss  Flattening raised characters using heat and pressure, then raising new characters with an embosser

42. Mastering Internal Controls and Fraud Prevention Schemes Using Lost or Stolen Cards  Counterfeit cards  Cause the greatest losses  Can be sophisticated  Use a phony hologram Telltale sign: The hologram does not change color when viewed from different angles

43. Mastering Internal Controls and Fraud Prevention Schemes Using Lost or Stolen Cards  Credit card numbers—obtained through fraudulent phone calls or mail order:  “You have won a free trip—we must verify your card number before sending it to you”  “This is Visa. We have a report that your card was stolen—please verify your card number”

44. Mastering Internal Controls and Fraud Prevention Schemes Using Lost or Stolen Cards Other credit card fraud schemes:  Sending out a false application for a credit card to obtain personal data  Intercepting a new card on route  Obtaining a merchant number (by reading the magnetic strip on a stolen card), then using this number to obtain the balance on the card and charging purchases to it (“skimming”). For a complete list, see page 47 of your workbook.

45. Mastering Internal Controls and Fraud Prevention Spotting Scams Employees can be trained to:  Spot customer behavior that may indicate fraud (workbook page 48)  Spot bad cards (page 49)

46. Checking a Visa Card Ultraviolet-sensitive dove is visible on the face of the card when placed under an ultraviolet light. A four-digit number must be printed directly below the account number and match exactly the first 4 digits of the account number. Both must begin with “4.” Embossed or printed account number must begin with “4.” All digits must be clear, even and of the same size/shape. But on a re-embossed card, the numbers may be fuzzy. Always check the hologram where it’s easier to spot a re-embossed number. The hologram, a flying dove, should look three- dimensional and seem to move when the card is tilted back and forth. “Good thru” (or “valid thru”). This date, below the account number, is the card’s expiration date. If today’s date is later than this date, the card has expired. The flying “V” embossed security character next to the “Good Thru” date is not a required security feature and therefore may not be on all cards. Visa logo should have micro-printing around its border. This printing is barely readable without a magnifying glass.

47. Checking a MasterCard 1.The first four digits of the account number must match the preprinted four-digit BIN (bank identification number). All MasterCard account numbers must start with “5.” 2.The last four digits of the account number must match the four digits that appear on the cardholder’s receipt. 3.The hologram, two globes with “MasterCard” in the background, should look three- dimensional. When rotated, the hologram should reflect light and seem to move. 4.The stylized “MC” security feature has been discontinued, but may continue to appear on cards through June 01, 2010.

48. Checking a MasterCard 5.The signature panel has “MasterCard” printed at a 45 angle in various colors. Any tampering will smudge or erase some of the letters. For swiped transactions, compare the signature on the card with the cardholder’s signature on the receipt. 6.On the signature panel, there are seven digits—the first four must match the last four of the account number. Slightly to the right is a printed three-digit CVC2 (verification) number.

49. 2.All AMEX account numbers start with “3” in clear, uniform, embossed numbers with the same size and spacing. This number should match the account number on the back of the card—and the one on the printed receipt. Checking an AMEX 1.The preprinted Identification Number (CID) (verification number) is not embossed. It should always appear above the account number, on the right or left edge of the card. 4.Do not accept a card after its expiration date. 3.The centurion should be printed in the kind of fine detail you see on U.S. currency When viewed under ultraviolet light, the centurion should be phosphorescent and you should see the word “AMEX.” 5.Only the person whose name is embossed on the card may use it—no one else.

50. 6.This statement gives American Express the right to take possession of the card at any time. Checking an Amex Card 7.Some cards have a hologram of the American Express image embedded in the magnetic strip. 8.The signature panel should not be taped, mutilated, erased or painted over. Check the signature on the back of the card against the one on the transaction receipt. If a customer gives you an unsigned card, request a photo ID with signature—then ask the customer to sign the card and transaction receipt while you hold the ID. (Check with management before implementing this policy.)

51. Mastering Internal Controls and Fraud Prevention Company Credit Cards Certain policies can greatly reduce losses:  No personal use unless authorized by company  Employees must reimburse company for personal charges promptly  Unsubstantiated charges are deducted from pay (consult a lawyer before implementing)  Normal documentation must be submitted (not just the charge slip)  Stolen/lost cards must be reported within 3 days

52. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You Vendors cheat companies in many ways:  Bribery  Paying an employee to influence a purchase decision  Inducing employees to act as vendor’s agent Employees have a legal obligation to act in the employer’s best interests Employees must refrain from self-dealing or using their position to further personal interests at the employer’s expense

53. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You  Telemarketing fraud  To prevent being scammed on advertising materials Check vendors with Better Business Bureau (BBB) Get customer references—ask for samples Do not be pressured into a purchase Get a contract with a small or no down payment  To prevent being scammed on internet services: Shop around for access services and others Be suspicious of incredibly cheap offers Check terms Ask for free trials and samples of past work Consider local vendors (they rely on referrals)

54. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You  Paper and toner scams  Do not remit payment until you know that your company has received the items  Designate one employee to be in charge of ordering office supplies  Beware of “last chance” offers  Ask for a phone number and call it—if it is a company, it should also have a switchboard number with zeros—e.g., 555-5100  If there is a dispute—put it in writing

55. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You  Loan scams  Ask your company’s bank first—if it refuses, find out what is needed to reverse the decision  Be cautious of unsolicited offers—do not believe loan ads regardless of credit problems  Get all loan terms in writing before signing, including payment schedule and interest rates  Watch for red flags of a scam, such as: Upfront processing fees Application fees First-payment fees

56. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You  Buyers’ club scams  Get details—be wary of upfront costs, such as a welcome package for which you “just pay shipping and handling”  Comparison shop  Be skeptical—just because the buyers’ club gives you some financial data does not make it legitimate  Watch for unauthorized charges—if you see one, contact your credit card issuer immediately

57. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You Telemarketing scams law enforcement  FTC laws enacted in 1995 require that:  Salespeople must clearly identify themselves and company by name and provide a phone number  Vendors must provide certain services and information before demanding payment  Vendors may call only between 8 a.m. and 9 p.m.  Vendors must provide details of the offer in “clear and conspicuous” writing that is easy to understand —before closing the sale

58. Mastering Internal Controls and Fraud Prevention How Vendors Cheat You Resources for checking out vendors:  FBI lists of “Common Fraud Scams”  Better Business Bureau (BBB) lists of companies with customer complaints—and whether they were resolved  National Fraud Information Center (NFIC) rankings of telemarketing, internet and other frauds by frequency  Federal Trade Commission (FTC)