Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA 2011 Internal Controls for Business. How.

Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA 2011 Internal Controls for Business. How To Recognize and Mitigate Fraud and Loss

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. What about Randy? Top rated speaker for over 25 years 2004, 2005, 2006, 2007, 2008, 2009, 2010 Accounting Today 100 Most Influential in Accounting for seven years 30+ years of technology experience Author of articles on Technology including a monthly column in CPATechnology Advisor Published author of five books From Hutchinson, KS randy@k2e.com or randyj@nmgi.com randy@k2e.comrandyj@nmgi.com 620-664-6000 x 112

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. What about NMGI? CRN top 100 emerging technology company nationally – MSPMentor top 100 company NetStore – Internet backup and off-site data storage NetRescue – Business continuity appliance for servers, desktops and virtual machines NetCare - Remote Managed services - (Maintenance, Remediation & Alerting) NetSecure – Firewall management and Content Filtering Technology and Business Continuity consulting – CPA Firm Technology Assessments – Paperless – Accounting Software Selection Cloud Services – Server and desktop hosting – Private label hosted Exchange and SharePoint Services – Hosted VOIP phone installation Traditional and virtual server installation Microsoft Gold / Hewlett Packard Elite/ SonicWALL Gold (vendor certified)

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. What about NMGI? CRN top 100 technology company MSPMentor top 100 company Announced June 7, 2010 the general availability of national CPA support services NetCare and NetHosting – Managed and Cloud services NetRescue and NetStore – Backup Appliances and web-based backup nPEN – Secure email, HR – Business and personal goal achievement and management track training, BC/DR – Full documentation and backup services

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Robert H. Spencer, PhD bob@bobspencer.com bob@bobspencer.com Managing Partner, Twenty Seconds In the Future, www.tsif.com, a Business and Technology Consultancywww.tsif.com Internationally recognized consultant with over 40 years of governmental, finance, and industry experience. Author of several books on Technology & Business, and well has hundreds of articles. 5

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Session Highlights Discuss why internal controls are necessary for business success and give examples of common controls. Understand how everyday fraud affects you and your business. Understand typical business control deficiencies and their impact Discuss how to – Design effective internal control systems – Implement and monitor internal control systems – the importance of owner/manager controls – Develop effective computer system controls

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Supplemental Materials Fraud Schemes Fraud Schemes Practical Approaches to Relevant Professional and Statutory Requirements Practical Approaches to Relevant Professional and Statutory Requirements Analytical Procedures as a Fraud Detection and Loss Tool Analytical Procedures as a Fraud Detection and Loss Tool Benford’s Law Benford’s Law

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Course Highlights Discuss why internal controls are necessary for business success and give examples of common controls. Understand how everyday fraud affects you and your business. Understand typical business control deficiencies and their impact Discuss how to – Design effective internal control systems – Implement and monitor internal control systems – the importance of owner/manager controls – Develop effective computer system controls Discuss what to do when controls fail Discuss what controls your business needs and how to create your written Internal Controls.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. What to Expect Today How poor Internal Controls Impact Your Business. Recognizing Common Fraud Schemes and Warning Signs. Practical Approaches to Relevant Professional and Statutory Requirements. Analytical Procedures For Fraud Detection. Desktop Tools for Preventing and Detecting Fraud and Loss.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. The Ugly Truth Most Small (SMB) to Medium (SME) Businesses do not have written Internal Control Procedures and Policy Guidelines. Those that have written Policy and Procedures, don’t follow them. Those that have them – don’t periodically review the policy, or monitor its effectiveness.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. What Are Internal Controls? Define the Objective Create controls to help you reach your objective. Some objectives will require multiple controls. Some controls will satisfy more than one objective. The Policy and Procedures MUST be in writing!

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited If its not in writing it does not exist, if it has not been tested, it has no value! A Simple Mantra

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Ten Simple to Implement Controls 1.Approve (sign where appropriate) all expenditures yourself. If your travel schedule and work processes permit, this single step will saves you thousands. Don’t make excuses! 2.If you can't always personally approve expenditures, authorize ONE other person in addition to yourself. You can be the backup signer if he or she is unavailable. If someone else must have signature authority, make sure that person is someone different from the person who writes the checks and has access to the check stock. In this scenario, you should always have after-the-fact review and final sign-off. 3.Keep check stock under lock and key where applicable. Where electronic banking is done, protect passwords and account access to limit theft.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Ten Simple to Implement Controls 4.Approve Invoices yourself. This is a quick and easy process. Again, if someone else must approve invoices, make sure that person is different from the person writing or signing checks, and institute an after-the-fact review. 5.Have ALL financial statements (bank, credit card, broker statements, etc.) mailed to your home if possible, instead of the office. If you do not want mailed to your home – the policy should state they go to you unopened, and you open! This one is big. Open the envelope and review items, vendors and signatures. Initial next to the final total, indicating your review. Even if you only spend 10 seconds on this process you are sending a valuable message. 6.Where possible, divide up processes for handling receipts and payments. For example, different people should approve invoices, prepare checks, sign checks and reconcile the checking account. Likewise, different people should be handling incoming cash and checks, posting payments, making deposits and reconciling the checking account. We will discuss segregation of duties later in more detail.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Ten Simple to Implement Controls 7.If you take credit cards, the easiest fraud opportunity is for a person with access to the merchant account to give small credits to a card of their own or an accomplice's. Have your detailed merchant account statements reviewed by someone other than the person who enters the transactions, and watch for credits. 8.Do background checks on all new employees. People with credit problems will be a problem for you, as financial pressures drive desperate behavior. If they can't manage their own money, do you want them managing yours? 9.As a minimum review a few key reports at least monthly for irregularities; Credit Memo Report New Vendor and Customer Report Change of Address Report Inventory On Hand, Back Order Report, Inventory Write Off Audit Trail Report 10.Create a Whistleblower Policy. Encourage employees to be more aware of illegal, or inappropriate actions. Help them to understand that the activities of other employees directly affects their compensation as well.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. It Can’t Happen to Me! Common small business owner statement. “I only hire honest people.” Half of all theft occurs inside your business! Thousands of dollars are lost annually due to simple negligence, poor employee training, lack of specific written guidelines. Fraud happens to the other guy. What is Fraud in America like today?

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud In America Today KPMG International: …the prevalence of misconduct remains high, driven by pressures, inadequate resources and job uncertainty in a volatile economic climate. …roughly half of respondents report that what they are observing could cause “a significant loss of public trust if discovered.” “2008-2009 Integrity Survey”, KPMG, http://us.kpmg.com/RutUS_prod/Documents/8/IntegritySuvey08_09.pdf http://us.kpmg.com/RutUS_prod/Documents/8/IntegritySuvey08_09.pdf

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Happens To Everyone! KPMG International: Organizations are reporting a rise in fraud, responding with expanded fraud measures both reactive and preemptive, and planning further actions for the future.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Happens To Everyone! Several studies over the years show that more than 50% of all fraud and theft occur inside your business by employees or those working beside you.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Happens To Everyone! Many are surprised to find out that most fraud is perpetrated by well-educated males in senior executive positions (61%), and is affected by conditions within the organization, beginning at the top, and filtering down. Joel B. Charkatz, CPA, CVA, CFE Employment and Labor Update

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud In America Today 2010 Report to the Nation, published by the Association of Certified Fraud Examiners. This Report is based on data compiled from a study of 1,843 cases of occupational fraud that occurred worldwide between January 2008 and December 2009. Available on-line, www.acfe.orgwww.acfe.org

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2009 Gross World Product, this figure translates to a potential total fraud loss of more than $2.9 trillion.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report The median loss caused by the occupational fraud cases was $160,000 for 2009. Nearly one-quarter of the frauds involved losses of at least $1 million. For 2009, there were more very large frauds, which may eschew the number slightly upward.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report The frauds lasted a median of 18 months before being detected. This finding has remained unchanged for several years. * Where there is collusion the fraud scheme does not last as long, but the losses are much higher.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report Asset misappropriation schemes were the most common form of fraud by a wide margin, representing 90% of cases. Asset misappropriation was also, according to the study, the least costly with a median loss of $135,000.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report Financial Statement Fraud schemes were on the opposite end of the spectrum in both regards: These cases made up less than 5% of the frauds, but caused a median loss of more than $4 million — by far the most costly category. Corruption schemes fell in the middle, comprising just under one-third of cases and causing a median loss of $250,000.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report Occupational frauds are much more likely to be detected by tip than by any other means. This finding has been consistent since 2002. This may also be the reason that more fraud advisors recommend a whistleblower line or similar procedures to encourage employees to tip off others where they see fraud or theft occurring.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report Small organizations fall victim to occupational fraud much more often. These organizations are typically lacking in internal controls compared to their larger counterparts, which makes them particularly vulnerable to fraud. Most small businesses lack even basic Internal Control procedures or the willingness to implement and enforce them. Naivety runs rampant in small business when it comes to the possibility of employees stealing from the business.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report The industries most commonly victimized, according to the study, were: – Banking/Financial services, – Manufacturing, – and Government/Public Administration sectors. Includes Not for Profit Groups.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Summary Findings of This Report Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes. One of the principal recommendations from this year’s report was the need to focus on specific Anti-fraud Controls within the overall Internal Controls process.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Correlation between length of employment and amount of fraud loss Study shows that employees with longer tenure at an organization commit more expensive frauds than employees with shorter tenure. Cause attributed to higher degree of trust implicitly placed on employees with longer tenure by most organizations. Also, with longer tenure comes greater opportunity and a higher level of access.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Defining Occupational Fraud ACFE: The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Four Characteristics Of Occupational Fraud 1.The activities are clandestine. – When committing occupational fraud, the perpetrators make attempts to conceal their actions. As examples, these attempts might involve the altering of or destroying documents, failing to record transactions, or deleting information from computer systems.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Four Characteristics Of Occupational Fraud 2.The activities violate the perpetrator’s fiduciary responsibilities and positions of trust within the employing organization. – All employees have been entrusted to some degree with a level of fiduciary responsibility by their employers. When committing fraud against an employer, an employee breaches that trust. Employees in whom greater degrees of trust have been placed are in often in position to commit frauds of greater magnitudes.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Four Characteristics Of Occupational Fraud 3.Activities Are Committed For Personal Enrichment – Frauds are not committed for sport; rather, there is some financial gain to be derived from the fraud. – This gain can accrue directly to the perpetrator, or it can benefit a third party of the perpetrator’s choosing – for example, a family member.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Four Characteristics Of Occupational Fraud 4.The activities exact a cost on the employing organization. – Because frauds enrich their perpetrators, there has to be an offsetting cost to the employing organization. – This might result in the direct loss of assets, or it might result in less obvious losses such as the reputation of the entity being tarnished and loss of investor confidence.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Three Types of Occupational Fraud * 1.Misappropriation of assets 2.Corruption 3.Financial Statement Fraud * These are what you want to develop good Internal Controls to mitigate risk where possible.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Relative Frequency of Fraud and Associated Loss (Percentages do not total to 100% because some instances of fraud involve more than one fraudulent activity.)

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Types of Cash Fraud Schemes: 1.Those involving cash receipts (skimming and cash larceny), 2.Those involving cash disbursements (billing, check tampering, expense reimbursement, payroll, and register disbursements), and 3.Those involving cash on hand.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Types Of Fraud And Losses Type of Fraud Percentage of Asset Misappropriation CasesMedian Loss Billing Schemes28.30%$ 130,000 Expense Reimbursements19.50%$ 25,000 Check Tampering17.10%$ 120,000 Payroll13.20%$ 50,000 Wire Transfers6.50%$ 500,000 Register Disbursements1.70%$ 26,000 47

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. How Is Fraud Detected * * My favorite, considering how we stress the importance of Internal Controls and Auditors! Why are these numbers the way they are today?

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. So, What Should We Do? What should businesses do to mitigate risk and reduce fraud loss according to the ACFE 2010 study’s conclusions and recommendations?

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Implement Hotlines to Report Possible Fraud, Theft, or Loss Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system. Organizations should implement hotlines to receive tips from both internal and external sources. Such reporting mechanisms should allow anonymity and confidentiality, and employees should be encouraged to report suspicious activity without fear of reprisal.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. You Cannot Over-rely on Audits Organizations tend to over-rely on audits. External audits were the control mechanism most widely used by the victims in the survey, but they ranked poorly in both detecting fraud and limiting losses due to fraud. Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but audits alone should not be relied upon exclusively for fraud detection.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Employee Education is the Foundation of Detecting and Preventing Fraud. Staff members are an organization’s top fraud detection method; employees must be trained in what constitutes fraud, how it hurts everyone in the company and how to report any questionable activity. Data shows not only that most frauds are detected by tips, but also that organizations that have anti-fraud training for employees and managers experience lower fraud losses.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. An Audit Should be a Surprise! Surprise audits are an effective, yet underutilized, tool in the fight against fraud. Less than 30% of victim organizations conducted surprise audits; however, those organizations tended to have lower fraud losses and to detect frauds more quickly. While surprise audits can be useful in detecting fraud, their most important benefit is in preventing fraud by creating a perception of detection. Generally speaking, occupational fraud perpetrators only commit fraud if they believe they will not be caught!

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraudsters exhibit behavioral warning signs of their misdeeds. These red flags — such as living beyond one’s means or exhibiting control issues — will most likely not be identified by traditional controls. Auditors and employees alike should be trained to recognize the common behavioral signs that a fraud is occurring and encouraged not to ignore such red flags, as they might be the key to detecting or deterring a fraud.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Small Businesses Are Particularly Vulnerable to Fraud. In general, these organizations have far fewer controls in place to protect their resources from fraud and abuse. Managers and owners of small businesses should focus their control investments on the most cost- effective mechanisms, such as hotlines and setting an ethical tone for their employees. These steps are shown to have the greatest results.

TOOLS FOR PREVENTING AND DETECTING FRAUD

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Desktop Tools For Preventing And Detecting Fraud ODBC Queries Excel As A Fraud Detection Tool Access As An Audit Tool ActiveData for Excel and Office

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Open DataBase Connectivity Open DataBase Connectivity, a standard database access method developed by the SQL Access group in 1992.standarddatabase accessSQL The goal of ODBC is to make it possible to access any data from any application, regardless of which database management system (DBMS) is handling the data. dataapplication database management system (DBMS) ODBC manages this by inserting a middle layer, called a database driver, between an application and the DBMS. The purpose of this layer is to translate the application's data queries into commands that the DBMS understands.driver applicationqueriescommands

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Desktop Tools For Preventing And Detecting Fraud ODBC Queries – Benefits Allows Window Applications To Access Multiple Data Sources Through A Single Method Overcomes The Problem Of Different Databases Having Different Means Of Providing Access To Information Simplifies Access Requirements So That Users No Longer Require Advanced Database Management Skills

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Desktop Tools For Preventing And Detecting Fraud Auditors currently utilize Excel to assist with some or all of the following functions. – Amortization schedules – Trial balances – Journal entries – Financial statements – Supporting schedules – Working papers

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Desktop Tools For Preventing And Detecting Fraud Virtually all of the current uses of Excel relate to documentation; rarely is Excel used as a tool for conducting audits or fraud examinations. Excel As A Fraud Detection Tool – Beyond Workpapers And Schedules – Use Excel For- Horizontal And Vertical Analysis Trend Analysis Statistical Measures And Summarizations Stratifications Regression Analysis Reporting tools like Biznet, http://www.biznetsoftware.com/

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Desktop Tools For Preventing And Detecting Fraud Excel Add-Ins As Fraud Detection Tools – ActiveData - http://www.informationactive.com/http://www.informationactive.com/ – @Risk - http://www.palisade.com/http://www.palisade.com/

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Desktop Tools For Preventing And Detecting Fraud Access As An Audit Tool – Using Access To- Detect Duplicate Transactions/Entries Store Data That Is Queried By Excel – Save Queries For Future Use

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. COSO INTERNAL CONTROL PROCESS Committee of Sponsoring Organizations of the Treadway Commission (1992)

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Internal Control – AICPA 1995 Internal control is a process. It is a means to an end, not an end in itself. People affect internal control. It is not merely policy manuals and forms; it is people at every level of an organization. Internal control provides only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. SAS 78 Five Interrelated Components of Internal Control Control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Risk assessment is the entity’s identification and analysis of relevant risks to achievement of its objectives, forming a basis for determining how risks should be managed. Control activities are those policies and procedures that help ensure that management directives are carried out. Information and communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities. Monitoring is a process that assesses the quality of internal control performance over time.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. SAS 78 defines control activities as those policies and procedures that help ensure that management directives are carried out Preventive controls, Detective controls, Deterrent controls, and Compensating controls.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Why Small Business Don’t Have Written Controls “We know we need written documentation, but we just don’t have the time.” “We don’t know where to start.” Or, “I am not a good writer!” There are a number of examples of good Internal Controls available via the Internet, your State Society, and the AICPA.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. For The Best Controls First, follow the KISS method. Keep It Simple. Second, never implement a control for the sake of doing so! Make sure that the control is necessary and has value. Third, never ever implement an Internal Control that you do not follow and will not enforce. – Remember, the documentation is for your people, to guide them, not for the court. – The court will judge you based on what you actually do (at least what people testify that you do), not specifically what you have in writing.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. How Many Controls Should You Have? Actual question at one of our seminars. – “I am a $150 million manufacturing company, how many Internal Control Policies should I have?” What do you think? There is no specific number of controls, or a set of specific controls you must have. Remember that Internal Controls are created to help you meet specific objectives of your company. A single objective may require one or more controls to achieve, and some controls may help satisfy one or more objectives.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. What Does and Internal Control Look Like? Keep the actual format of an Internal Control policy as simple as possible. First, use the least amount of words to get the job done. If a control document is too verbose, people will not read it, much less follow it. Use bullet points or list items where appropriate to get the message across and keep the process simple.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. A Simple Format Name of the Policy – Objective Define briefly the objective which the control will help meet. Define why the objective is important. Improve quality, improve production, limit risk, mitigate fraud, and so forth. If you have more than a few paragraphs, the control may be too complex. Consider breaking it down into multiple controls or rewording.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Following the Objective Statement Control The control is the procedures that are to be applied to meet the objective. Give a brief description of the control. This is the heart of the policy statement. Procedures Then itemize the procedures. Again, bullet or list format is perfect if you want the control procedure to be effective.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. And Last But Not Least Monitoring This is the section this is most often missing, and where most Internal Control Policies fail. You cannot have a policy that is not monitored. It has no value. There has to be some reasonable procedure to ensure the control is being complied with and is effective in achieving the objective for which it was created.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Monitoring If the Control if valid, and is not being complied with, then there must be repercussions. That does not mean public beatings! What is reasonable, first offense, second offense, etc. You define the proper actions based on the liability and risk associated with the Control Objective.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Basic Internal Control So the three components are the – Objective Description, – The Control Statement – and the Monitoring Action. Will all your controls be this simple, perhaps not, but most can be, and with a little practice you may end up with simple Internal Control Procedures that help you meet your business objectives.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Unique Internal Controls There are a number of Internal Controls that businesses need today that we did not cover, but samples are available for you to download from our web site – Sample Password Policy – Sample Social Networking Policy – Sample Disaster Recovery Plan – Sample Records Retention Guideline

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Request our Document on Internal Controls to use with Your Clients 26 pages Written in straight-forward English Hand me a business card – OR Send and email to – RandyJ@nmgi.com RandyJ@nmgi.com

Fraud Schemes Fraud Schemes Practical Approaches to Relevant Professional and Statutory Requirements Practical Approaches to Relevant Professional and Statutory Requirements Analytical Procedures as a Fraud Detection and Loss Tool Analytical Procedures as a Fraud Detection and Loss Tool Benford’s Law Benford’s Law Supplemental Materials

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Payments To Fictitious Vendors – Form Of Billing Scheme – Invoices Are Submitted From Fictitious Vendors – Payments Are Made And Perpetrator Intercepts Payments

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Payments To Fictitious Vendors – Warning Signs- An Employee’s Home Address Matching A Vendor’s Address An Employee’s Initials Matching A Vendor’s Name Checks Written To “Cash” Using P O Boxes For Vendor Addresses Vendor Data Is Missing Vendor Data Is Improperly Formatted

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Payroll Schemes – False Payments For Payroll Ghost Employees Falsified Hours Worked And Salary Rates Commission Schemes

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Payroll Schemes – Early Warning Signs Multiple Changes To Default Employee Pay Rates, Aging Of Accounts Receivable By Salesperson Indicates Large Number Of Past-due Accounts For A Given Salesperson May Be Indicative Of False Sales Used To Generate Commission Payments

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Payroll Schemes – Early Warning Signs Employees Records Indicate An Invalid Or Duplicate Social Security Number Payments To Employees After The Termination Date Of The Employee Adjustments Or Journal Entries To Individual Employee Earnings Records

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Payroll Schemes – Early Warning Signs Unusually/Unexpectedly High Amounts Of Reported Overtime Hours Sales Posted To Dormant Customer Accounts May Indicate Commission Fraud Sales Which Place Customers Over Their Credit Limit Or Sales To Customers On Credit Hold May Be Indicative Of Commission Fraud

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Expense Reimbursement Schemes – Inappropriate Reimbursements For Submitted Expenses Mischaracterized Expenses – The Employee Fraudulently Requests Reimbursement For Expenses That Are Not Considered To Be Business Expenses, But Rather Personal Expenses

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Expense Reimbursement Schemes – Inappropriate Reimbursements For Submitted Expenses Overstated Expenses – The Employee Overstates The Amount Of Otherwise Legitimate Business Expenses Requested For Reimbursement And Retains The Overage

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Expense Reimbursement Schemes – Inappropriate Reimbursements For Submitted Expenses Fictitious Expenses – The Employee Submits For Reimbursement Expenses That Were Never Actually Incurred. Oftentimes, The Amounts Of These Expenses Are Immediately Below Some Established Threshold For Requiring Receipts

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Expense Reimbursement Schemes – Inappropriate Reimbursements For Submitted Expenses Multiple Reimbursements – The Employee Submits For Reimbursement Expenses That Have Already Been Paid By The Employer

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Expense Reimbursement Schemes – Early Warning Signs- Employees Maintaining Lifestyles That Are Seemingly Beyond Their Means Employees Submitting For Reimbursement A Large Number Of Expenses Without Appropriate Or Required Receipts

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Expense Reimbursement Schemes – Early Warning Signs- Employees Submitting For Reimbursement A Large Number Of Expenses That Are In Round Dollars Employees Submitting For Reimbursement Expenses That Were Dated During Periods Of Vacations

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Check Tampering – Forged Maker The Perpetrator Forges the Signature of the Maker on the check. – Intercepted Checks Situations Where Checks are Intercepted in the Mail and Negotiated by the Perpetrator. – Forged Endorsements Perpetrator Intercepts Checks and Forges the Payee’s Endorsement.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Check Tampering – Concealed Checks Frauds whereby the Perpetrator Deceives Someone into Unknowingly Preparing, Approving, or Signing a Check. – Authorized Maker Situations where the Perpetrator is Actually the Person Designated by the Company to Prepare, Approve, and/or Sign Checks.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Check Tampering – Early Warning Signs Vendor Statements Or Confirmations Not Agreeing With Amounts Due According To Company Records Abnormally Large Number Of Vendor Complaints On Timeliness Of Payments

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Check Tampering – Early Warning Signs Abnormally Large Number Of Checks Made Payable To “Cash” Abnormally Large Number Of Purchases Made Without A Purchase Order Sequence Gaps In Checks Large Number of Journal Entries to the Checking Account(s) Significant Variations in Budgeted to Actual Results.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Register Disbursements – In register disbursement frauds, the perpetrator takes money from the company and conceals the theft through the entry of a false transaction such as a customer refund. – Register disbursement frauds differ from skimming frauds in that in a register disbursement fraud, no sale actually occurs whereas in a skimming fraud, a sale does take place. – Register Disbursements Fictitious/Overstated Refunds Credit Card Frauds False Voids

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Register Disbursements – Early Warning Signs Significant Discrepancies In Inventory Actually On Hand And That Reported By The Accounting Application One Employee Having A Substantially Higher Percentage Of Voided Transactions Or Refund Transactions When Compared To Other Employees

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Register Disbursements – Early Warning Signs Refunds Issued To A Different Credit Card Than The One Used On The Original Sale Transaction An Abnormally Large Number Of Refunds Issued On The Same Day As The Sale Transaction

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Kiting – Disbursement Scheme To Profit From “Float” – Usually Involves Writing A “Bad” Check And Covering It With A Deposit Of Another “Bad” Check – 1988 NYC Scheme Involving Two People, 15,000 Checks, $2 Billion!

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Kiting – Early Warning Signs - Signature And Payee On Kited Checks Are Often The Same Area Abnormalities (Many Out-of-area Checks) Frequent Deposits, Check Writing, And Balance Inquiries

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Kiting – Early Warning Signs - Escalating Balances Bank Abnormalities (Deposited Checks Are Usually Drawn On The Same Banks)

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Kiting – Early Warning Signs - Average Length Of Time Money Remains In Account Is Short NSF (Frequent NSF Problems)

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Skimming, Unrecorded Sales – Selling Legitimate Products Or Services, But Keeping The Money – Often Involves Cash Sales

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Skimming, Unrecorded Sales – Early Warning Signs Decline In Sales Recorded Decline In Cash Collected Decline In Gross Margin Percentages Missing Or Voided Documents Such As Sales Orders And Invoices

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Lapping – Moving Money From One Account To Cover A Shortage In Another Account – Often Associated With Incoming Payments…

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Lapping – Money Is Taken From Customer A’s Account. – Perpetrator Subsequently Posts A Payment On Customer B’s Account To Customer A’s Account – Perpetrator Subsequently Posts A Payment On Customer C’s Account To Customer B’s Account – The Process Continues To Repeat Until The Lapping Scheme Is Discovered

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Lapping – Early Warning Signs- Excessive Billing Errors An Increase In The Accounts Receivable Collection Period Increasing Write-offs Of Bad Debts Delays In Posting Customer Payments

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Lapping – Early Warning Signs- An Increase In Customer Complaints About The Status Of Their Accounts A Trend Of Decreasing Payments Received Accounts Receivable Ledger Not In Agreement With General Ledger

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Financial Statement Fraud – Overstating Assets – Fictitious Revenues – Understating Liabilities And Expenses

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Overstating Assets – Journal Entries Initiated Or Recorded By Members Of Senior Management Team, Particularly At Year-end. – Large Number Of Journal Entries In Round Dollar Amounts. – A Significant Amount Of Slow-moving Inventory Items. – A Significant Percentage Of Accounts Receivable Being Past Due, With Relatively Little Bad Debt Expense.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Recording Fictitious Revenues – Relatively Large Amounts Of Customer Refunds Or Adjustments Immediately After Year-end – New Customers Existing On The Customer Master file With Missing Key Information – Average Sale Per Customer Increasing Significantly In The Month/Quarter Which Includes Year-end

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Common Fraud Schemes And Warning Signs Understating Liabilities & Expenses – Journal Entries Initiated Or Recorded By Members Of Senior Management Team, Particularly At Year-end – Average Purchase Per Vendor Decreasing Significantly In The Month/Quarter Which Includes Year-end – Relatively High Amount Of Expense Recorded In Month After Year-end – Relatively Large Number Of Open Purchase Orders At Year-end Where The “Required By” Date Has Been Exceeded

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Confirmation Frauds One form of fraud that would result in overstated assets is that of confirmation fraud. When a confirmation fraud occurs, the person(s) committing the fraud deceptively causes overstated asset balances to be confirmed at their inflated balances…

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Example of Confirmation Fraud Management could cause inflated bank account balances to be confirmed at an inflated amount, thereby leading an auditor to express an opinion on financial statements that are likely materially misleading.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Recording Fictitious Revenues Relatively large amounts of customer refunds or adjustments immediately after year-end New customers existing on the customer master file with missing information Average sales per customer increasing significantly in the month/quarter which includes year-end

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understating Liabilities and Expenses Journal entries initiated or recorded by members of senior management team, particularly at year- end Average purchase per vendor decreasing significantly in the month/quarter which includes year-end Relatively high amount of expense recorded in month after year-end Relatively large number of open purchase orders at year-end where the “required by” date has been exceeded

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Practical Approaches To Professional Requirements SAS 99 Overview – Reinforces- Auditors Have “A Responsibility To Plan And Perform The Audit To Obtain Reasonable Assurance About Whether The Financial Statements Are Free Of Material Misstatement, Whether Caused By Error Or Fraud.”

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Practical Approaches To Professional Requirements SAS 99 Overview – Financial Statements Includes Five Assertions Existence Completeness Valuation Rights And Obligations Presentation And Disclosure

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Practical Approaches To Professional Requirements SAS 99 Overview – Auditor Must Plan And Conduct Audit To Provide Reasonable Assurance That Assertions Are Free Of Material Misstatement

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Practical Approaches To Professional Requirements SAS 99 Overview – Description And Characteristics Of Fraud – Identifying Risks – Responding To Risks

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Incentive/Pressure For Financial Statement Fraud May Result From- – Financial Stability Or Profitability Is Threatened By Economic, Industry, Or Entity Operating Conditions – Excessive Pressure Exists For Management To Meet The Requirements Or Expectations Of Third Parties

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Incentive/Pressure For Financial Statement Fraud May Result From- – Management Or The Board Of Directors’ Personal Financial Situation Is Threatened By The Entity’s Financial Performance – Excessive Pressure On Management Or Operating Personnel To Meet Financial Targets Set Up By The Board Of Directors Or Management

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Incentive/Pressure For Asset Misappropriation May Result From- – Personal Financial Obligations May Create Pressure On Management Or Employees With Access To Cash Or Other Assets Susceptible To Theft To Misappropriate Those Assets

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Incentive/Pressure For Asset Misappropriation May Result From- – Adverse Relationships Between The Entity And Employees With Access To Cash Or Other Assets Susceptible To Theft May Motivate Those Employees To Misappropriate Those Assets.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Opportunity For Fraud May Result From- – Poor Internal Controls – Management Override Of Internal Controls Journal of Accountancy - Internal Control Guidance

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Rationalization For Asset Misappropriation May Result From- – “It’s Not Stealing” – “Company Owes Me The Money” – “Everyone Else Got A Raise”

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Fraud Triangle Rationalization For Financial Statement Fraud – There Is Still Personal Benefit Accruing To The Perpetrator “After all, it’s just a journal entry; as long as the line of credit gets repaid, does anyone really get hurt?”

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Responding To Risks Responses Will Vary Based On – Perceived Risk – Industry – Volume Of Business/Transactions

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Responding To Risks Changing Overall Approach To Audit Responding Directly To Identified Risks Considering Impact Of Potential Management Override Of Internal Controls

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Discuss Risks From Fraud and Loss – Cash – Accounts Receivable and Sales – Inventory – Accounts Payable and Purchases – Revenues and Expenses – Payroll

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. 141 Discuss – Warning Signs Numerous adjustments Key personnel going to work for vendors Lack of segregation of duties Failure to reconcile bank statements or a conflict of duties on the part of performing reconciliations Accounts receivable grows substantially faster than sales Growth in accounts payable substantially exceeds revenue growth Significantly outpace other companies in same industry

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. 142 Discuss – Warning Signs Frequently change auditors, banks, and attorneys Dramatic changes in key ratios or ratios too good Excessive number of checking accounts Increase in scrap materials and reorders for same items Inventory that is slow to turnover Vendors that pick up payments Consistent cash flow problems

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. 143 Discuss – Warning Signs Delivery location not the office, plant or job site Invoices with minimal information Increase in purchasing inventory but no increase in sales Lack of physical security over assets / inventory Customer complaints Vendor complaints Can’t talk to people (protection) Turning down promotions or transfers Improperly trained employees

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. 144 Excessive or unjustified changes in accounting personnel Premature or excessive destruction of controlled documents Excessive cash transactions High rate of employee turnover Significant life-style changes Refusal to take vacation Discuss – Warning Signs

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. 145 Excessive movement of funds between accounts Single vendor Payments to a vendor post office box No original source documents Lack of competitive bidding No exceptions or errors Unexplained employee absences Refusal to produce records, files or documents Discuss – Warning Signs

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. 146 Excessive overtime Missing documentation Falsified documentation Excessive involvement by management over routine tasks Reconciliations are ‘plugged’ or require involvement by management to reconcile Lack of due diligence over significant transactions Excessive changes of reporting structure or organizational structure Numerous changes to general ledger accounts or accounting systems Discuss – Warning Signs

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool Nature of Analytical Procedures (APs) Requirements To Use APs Useful Tools For Applying APs

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool Nature of Analytical Procedures (AP) – SAS 56 “Analytical Procedures Involve Comparisons Of Recorded Amounts, Or Ratios Developed From Recorded Amounts, To Expectations Developed By The Auditor” – APs Are Required By SAS 56 And By SSARS 10

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool Examples Of APs – Account Balance Fluctuation Analysis (“Flux Test”) – Budgeted Versus Actual Account Balance Comparisons – Ratio Analysis (Discussed In The Following Section) – Comparing Aging, Write-offs, And Collection Days Trends

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool Examples Of APs – Analyzing Sales Volume To Past Results, Industry Norms, And Forecasted Results – Reviewing Sales Discounts And Returns And Allowances Trends – Comparing Raw Materials, Work-in-process, And Finished Goods Inventory Balances – Performing A Trend Analysis On Gross Profit And Inventory Turnover

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool When Planning, Consider – Nature Of The Assertion Being Tested – Plausibility And Predictability Of The Relationships Of Data – Availability Of Reliable Data Used To Develop Expectations – Precision Of The Expectation

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool As Substantive Tests, Consider – Expectation And Factors Considered In Its Development – Results Of The Comparison Of The Expectation To The Recorded Amounts – Any Additional Auditing Procedures Performed In Response To Unexpected Differences Between The Expected Results And Those Obtained By Applying The Analytical Procedures

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Analytical Procedures As A Fraud Detection Tool Ratio Analysis Is A Common Form Of AP Spreadsheets (Excel) Used Extensively To Perform Ratio Analysis Useful Applications For Applying Analytical Procedures – ProfitCents – Profit Driver

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Using Benford's Law for Data Analysis Benford’s Law In Detail- – Numbers Do Not Follow A “Random Walk” In Nature. – Smaller Digits – “1” And “2” – Occur More Frequently Than Larger Ones – “8” And “9”

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Benford’s Law Benford’s Law In Detail- – Discovered In 1881 By Astronomer Simon Newcomb – “Rediscovered” In 1938 By Scientist Frank Benford Of GE Research Laboratories

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understanding And Implementing Benford’s Law Benford’s Law In Detail- – Powerful Fraud Detection Tool – Allows Tests Against Expected Norms – Facilitates Searches For Fraudulent Transactions And Transactions Manipulated To Avoid Authorization And Approval

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understanding And Implementing Benford’s Law Benford’s Law In Detail- – Based On Formula-

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understanding And Implementing Benford’s Law Applying Benford’s Law – State Of Arizona vs. Wayne James Nelson Of Twenty-Three Checks, Only One Began With “1”; Expected Value Of Seven Of Twenty-Three Checks, Only One Began With “2”; Expected Value Of Four Twenty-One Of Twenty-Three Checks Began With “7”, “8”, Or “9”

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understanding And Implementing Benford’s Law Applying Benford’s Law In Excel – Use Of Commands Such As LEFT( ), MID( ), And COUNTIF( ) Facilitate Benford’s Law Tests In Excel

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understanding And Implementing Benford’s Law Applying Benford’s Law Using ACL To run a Benford’s Law test in the popular audit package ACL, select Analyze from the menu. On the Main tab of this dialog box, indicate on which field the test should be performed, how many digits should be included, and what selection criteria should be utilized.

Copyright © 2011. Reproduction or reuse for purposes other than a K2 Enterprises’ training event is prohibited. Understanding And Implementing Benford’s Law Applying Benford’s Law Using Idea To perform a first digit, first two digits, first three digits, and second digit Benford’s Law test in IDEA, select Analysis from the menu and choose Benford’s Law. Output will be available in both text and graphic format.

Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA 2011 Internal Controls for Business. How.

Similar presentations

Presentation on theme: "Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA 2011 Internal Controls for Business. How."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA 2011 Internal Controls for Business. How.

Similar presentations

Presentation on theme: "Network Management Group, Inc. Randy Johnston, Exec VP With contributions from Robert H. Spencer, PhD, CCP, CSA 2011 Internal Controls for Business. How."— Presentation transcript:

Similar presentations

About project

Feedback