Fraud & Embezzlement Presenters: Kirk B. Leoni, CPA (Principal) Kelli Boyle, CPA (Manager)

Why are we here? The median response indicated that the typical US organization loses 7% of its annual revenue to fraudulent activity. This percentage applied to the estimated 2008 GDP of $14.2 trillion would project that roughly $994 billion would be lost to fraud in Source: 2008 Report to the Nation on Occupational Fraud and Abuse by the Association of Certified Fraud Examiners

How is Fraud Detected?

Which Organizations Reported the Most Fraud?

Control Weaknesses that Contributed to Fraud (only selected weaknesses shown)

Occupational Fraud Schemes by Accounting Personnel

Fraud Triangle OPPORTUNITY PRESSURE / INCENTIVESRATIONALIZATION  10% of employees will never steal  10% of employees will always steal  80% of employees will steal if given the right opportunity, motivation or justification

Behavioral Red Flags # of cases % of cases Median Loss Living beyond means %$250k Financial difficulties %$111k Wheeler-dealer attitude % $405k Control issues (unwilling to share duties) %$250k Divorce / Family problems %$118k Unusually close association with vendor / customer %$410k Addiction problems %$225k Refusal to take vacations65 6.8%$250k Excessive pressure from within the organization62 6.5%$388k

What is the objective of an Audit? The expression of an opinion about whether your financial statements are fairly presented, in all material respects, in conformity with U.S. GAAP......not to detect fraud.  (According to the ACFE report to the nation, less than 10% of fraud is discovered by an External Audit)

Limitations of an Audit Designed to obtain reasonable assurance, not absolute assurance about whether the financial statements are free from material misstatement (caused by error or fraud) Not designed to detect immaterial errors or fraud. Not designed to provide assurance about IC or identify deficiencies  However, SAS 112 requires written communication of those deficiencies the auditor becomes aware of

Audit vs. Review vs. Compilation Compilation – lowest level of service – your account balances assembled into financial statement format Review – use of analysis as opposed to tracing to source documents  Reviews & Compilations do not contemplate obtaining an understanding of IC or the assessment of risk.  Reviews & Compilations cannot be relied upon to disclose errors, fraud or illegal acts that may exist.  No requirement to communicate IC deficiencies Agreed upon procedures – another option?

Audit Responsibilities (1 of 3) Auditors  Conduct the audit in accordance with GAAS (Generally Accepted Auditing Standards)  Ensure those charged with governance are aware of IC related matters required to be communicated  Ensure independence

Audit Responsibilities (2 of 3) Governing Body (Audit Committee)  Oversee the reliability of financial reporting including effectiveness of internal controls  Review financial statements and determine whether they are complete and consistent  Understand risks and exposures  Understand the scope of the audit

Audit Responsibilities (3 of 3) Management  Properly record transactions in the accounting records, establish and maintain internal controls  Make original accounting records and related information available  Allow access to personnel to whom we may direct inquiries  Provide written representations regarding the financial statements and the effectiveness of IC  Ensure compliance with laws & regulations

Recent Developments SAS “Risk Assessment Standards”  Designed to improve the effectiveness of audits  More rigorous assessment of risk  Linkage between risks and audit procedures SAS 114 “The Auditor’s Communication with those Charged with Governance”  Emphasizes our audit requirements and communicates significant findings to the appropriate level of governance

Recent Developments (continued) SAS 112 “Communicating Internal Control related Matters Identified in an Audit”  New definitions of significant deficiencies and material weaknesses (less room for auditor judgment)  Requires written communication of significant deficiencies and material weaknesses

SAS 112 – Definitions Control Deficiency  Exists when the design or operation of a control does not allow for prevention or detection of a misstatement on a timely basis Deficiency in design – a control is missing or not properly designed Deficiency in operation – when a properly designed control does not operate as designed or when the person performing the control doesn’t have the necessary authority or qualifications

SAS 112 – Definitions (continued) Significant Deficiency  A control deficiency (or combination of control deficiencies) which result in a more than remote likelihood that a misstatement that is more than inconsequential ( magnitude ) will not be prevented or detected Material Weakness  A significant deficiency (or combination of significant deficiencies) that results in a more than remote likelihood that a material misstatement ( magnitude ) will not be prevented or detected

SAS 112 Examples Management letter comment  Petty cash is not reconciled – likelihood of misstatement is more than remote; the magnitude would be inconsequential Significant Deficiency  Failure to perform monthly reconciliations of significant accounts in a timely manner (AR, AP) – likelihood is more than remote however other related procedures (bank statement review, budget vs. actual analysis etc.) would reduce the magnitude to less than material but more than inconsequential Material Weakness  Same individual receives the bank statement, prepares reconciliation and has check signing authority. There is no formal review of the bank reconciliations – likelihood is more than remote; magnitude could be material

Fraud Examples “in the News” Payroll & Compensation  Fictitious employees: San Jose, CA – employee embezzled $11m from her employer by providing false payroll data to a processing company and forging signatures  People behave the way you pay them to behave Dominos – Driver ran red light speeding to make 30-minute delivery. Woman received $750k in actual damages & $78m in punitive damages. Commissions based on gross sales only (billing schemes)

Fraud Examples “in the News” Lack of oversight  Portland, ME – partner in Verrill Dana, LLP was fired for stealing money from the firm and clients  Managed private trusts and bank accounts Over billed clients Stole money from private accounts Redirected funds to himself that should have gone to the firm Stole over $400k

Fraud Examples “in the News” White-Collar Crime: “ Honest Person Turned Felon” (embezzled over $250,000)  CPA at local accounting firm in North Carolina  Handled Trusts and Retirement accounts for corporate and individual clients  Felt the need to “keep up with the Joneses” by spending money they didn’t have  “Poster boy for the Fraud Triangle”

Action Steps Independent review of bank statements Conduct a “brainstorming session” with appropriate staff and board members to identify risk areas Review “Understanding Internal Control” document* Review “Audit Organizer” for proactive tips your organization can use to be prepared for an audit* Establish a whistleblower protection policy Conduct background checks on employees Utilize internal control checklists to help identify weaknesses Provide employee training Monitor internal controls! * available at nathanwechsler.com (under Resources > NW Insights)