Learn over a dozen unique accounting, HR, and managerial anti-fraud alternative considerations that businesses, governmental and not-for-profit organizations can implement to reduce the risk of internal embezzlement and asset misappropriation. In addition to discussing the fraud prevention measures, this course will incorporate some real-life examples of frauds perpetrated, what lead to their discovery and what steps could have been taken to prevent them from occurring.
5. 5
Scope
• Cost of employee theft – $40B
• Fraud discovery – 18 months
• Median fraud loss – $150,000
• 1/3 of bankruptcies are the result of fraud
committed by employees
• 75% of employees steal once, while 50%
steal frequently
• Employers lose 5% due to fraud
6. 6
Weaknesses Contribute to Fraud
• A lack of internal controls
• The perpetrator was able to override the internal
controls
• Lack of management review
• Poor tone at the top
8. 8
#1 - Background and Credit Checks
• Employers must perform adequate due diligence
• It all starts with the hiring gatekeeper
• Stop the problem before one starts!
• The higher the position the more in-depth
• “Most” embezzlers are first time offenders
• When to perform
9. 9
Background and Credit Checks
Must Do’s
• Secure written authorization from prospective employee
• Advise the candidate – on the front end – that you perform
background and criminal checks, as well as credit reviews
• Save time in the hiring process
10. 10
Background and Credit Checks
What Am I Looking For?
• Civil litigation
• Income tax related matters
• Criminal cases
• Valid certifications
• Driving, narcotics and signs of violence
• Bankruptcy
• Personal financial responsibility
11. 11
Background and Credit Checks
• Interim background and credit checks can alert management
of a “red flag”
• Workplace violence exposure
• What do YOU know about your temporary employees and
on-site independent contractors?
• Don’t forget social media
• Cost/benefit consideration
• Many resumes contain lies or omissions about prior
employment, education or qualifications
13. 13
#2 – Written Fraud Policy
• Issued by management
• Face-to-face meeting with employee (usually would be HR)
• Inquires of the employee if they have committed any
fraudulent acts the past year?
• Provides space for an employee to
communicate any observations on others’
misconduct
• Criminal/civil/termination/restitution
• Signed and dated by the employee
• An annual event (that reinforces the anti-fraud message)
14. 14
Written Fraud Policy
Includes:
• Reinforcement of management’s anti-fraud tone
• Who the policy applies to
• Definition of fraud
• Discussion of fraud prevention measures
• Recordkeeping
• What will happen to those who perpetrate a fraudulent act
• Reporting
• Training
• The company’s response to a fraudulent act
• Examples of fraud
15. 15
#3 - Whistle Blower
Incentive Program
• Getting employees to buy into an anti-fraud
program is important. Offering a financial incentive is a motivator.
• Similar to a fraud hotline, except that in order to pay an incentive,
the individual must be disclosed.
• Targets illegal activities, violations, corruption and fraudulent
misconduct.
• Amounts of incentive can vary and be determined by the amount
of information provided and money recovered.
• The whistle blower is protected from any retaliation.
• Some companies have written whistle blower protection policies.
• Key is identifying the independent “Compliance Officer”.
16. 16
#4 - Fraud Hotline
Outside of an “open door” policy…
• It is one of the most effective fraud
prevention and detection tools.
• It has proven to be cost effective.
• Internal tips are the number-one source for fraud detection.
• Anonymous tips can be extremely valuable.
• Analysis has determined a direct correlation between having
a fraud hotline and lower fraud losses, as well as quicker
detection.
• It must provide anonymity and confidentiality and provide no
fear of retaliation.
17. 17
Fraud Hotline – Misconduct
Reportable Misconduct Could Include:
• Fraudulent behavior and theft
• Regulatory negligence
• Violation of laws
• Falsifications of records
• Conflict of interest
• Ethical violations
• Violation of company policies/workplace safety
• Corruption
• Discrimination and harassment
• False financial statement representations
18. 18
Fraud Hotline – Internal PR
• Employee notification – posters
• Internal marketing awareness and
campaigns
• Management must encourage
use and reward behavior
• Reporting misdeeds is highly
valued and those who report
them will be protected
20. 20
Why Don’t Employees Report?
• No corrective action would be taken
• Lack of confidentiality
• Fear of retaliation
• Not sure who to inform
• Nothing is in it for them
• Don’t want to “make waves”
• Lazy
• Don’t care. Do not want to “get involved”
23. 23
#5 - Proper Tone at the Top
• Ethical atmosphere created by company leadership
• What employees see, employees emulate
• Management must communicate to employees what is
expected of them
• Management must lead by example
• Allow for the communication of concerns
• The company must reward integrity
• Employees want to meet expectations
• Compensation and incentive plans can encourage fraudulent
conduct (meet financial targets such as income and sales)
• Pressure to reach goals
25. 25
Proper Tone at the Top
• About 50% of employees will report misconduct.
• Fewer employees will report misconduct today than
15 years ago.
• Employees under age 30 are least likely to report.
26. 26
Setting the Proper Tone
• Talk about the importance of ethics
• Inform employees
• Keep promises
• Model ethical behavior
• Recognition and rewards
• Equal employment opportunities
• Team-oriented
• Compensation is professionally administered
• Don’t steal!
27. 27
Examples of
Poor Executive Conduct
• Remove cash (i.e., skim)
• Expense personal credit cards
• Expense cars and phones for family members
• Expense vacations
• Pay personal expenditures with business funds
• Expense your child’s tuition
• Expense your entertainment and family dinners
Employees emulate executive conduct.
29. 29
#6 – Regular Employee Education
• Fraud prevention and detection
• Should be mandatory for everyone
• Create a culture of “doing the right thing”
• Covers company’s stance
• Code of conduct or code of ethics
• Procedures and standards
• Roles and responsibilities on reporting
• Define and discuss various types of fraudulent acts
• Stresses the company’s values and expectations
• Reinforces the company’s fraud policy
• Ongoing
30. 30
#7 – Employee Bonding:
Transfer the Risk
Call It What You Want
• Employee bonding
• Employee theft insurance
• Dishonesty policy
• Fiduciary policy
• Crime policy
Consider insuring your business against a financial
loss committed by your employees.
31. 31
Employee Bonding
• Protects employers from financial loss caused by employee theft
• What valuables of yours (or your clients) can employees access
(and steal)?
• Cash, inventory, receivables, intellectual property
• Who do you insure?
• How much?
• Cost/benefit – ½ to 1% of the coverage
• Inquirer of your insurance agent/broker
• Don’t forget to make sure the legal and forensic costs are
covered in the policy!
32. 32
#8 – Management Involvement
We have avoided a direct discussion (thus far) with
regard to having adequate internal controls.
There must be management oversight.
Management cannot be hands-off.
34. 34
#9 – Mandatory
Vacation/Job Rotation
• At least a five-day annual vacation should be mandatory – no
matter the company size.
• Job rotation may be difficult based on the company size and
employee skill sets.
• This could reduce fraud by as much as 50%.
• Cross-training employees is valuable due to unexpected
vacancies.
• While on vacation, accounting records – including the checkbook
and bank statements – cannot be locked up.
• Fraudsters do not like to take any time off for fear that their
scheme will be detected by an innocent phone call or inquiry.
36. 36
#10 – Fraud Risk Assessment
Most business owners and executives believe that their
company is well protected from being a fraud victim. My
experience has taught me many have a false sense of
security. Be proactive and identify your vulnerabilities.
Objectives:
• Identifies the internal and external vulnerabilities and “at risk”
employees
• Potential fraud schemes specific to the organization
• Internal control weaknesses and suggestions for security
enhancement
• Red flags
37. 37
Fraud Risk Assessment
Factors that influence fraud risk:
• Type of business and/or industry
• Effectiveness of existing internal controls
• Ethics of the company
No System of Internal Control
Can Totally Eliminate Fraud.
38. 38
Fraud Risk Assessment
Do the Existing Internal Controls,
Policies and Procedures Adequately…
Prevent fraud
Detect fraud
Enable the company to respond to fraud in a timely manner
Monitor, Identify and Address!
39. 39
Fraud Risk Assessment
• Most effective for smaller companies
• Review of income tax returns and financial statements
• Crash course on the company
• Tour
• General ledger analysis
• Interview of targeted employees and management
• Optional deliverable – oral summary of findings and
enhancements or written report
• Engagement costs can be tailored based on estimated hours
“You Can Pay Me Now or Pay Me Later.”
40. 40
Fraud Risk Assessment
With proper employee notification, a fraud risk assessment
reinforces management’s tone at the top and commitment to
preventing fraud.
• What activities are the most vulnerable?
• Which employees put the company at the most risk?
• Who has financial incentives, pressures and the opportunity?
• Can management override any controls?
• You must consider IT risk and vulnerabilities.
• You must think like a criminal to determine how a fraudster
would exploit the existing controls.
41. 41
#11 – External “Internal” Auditors
Who looks over your
accounting department
shoulders?
Many smaller companies
cannot afford to have an
internal audit department.
Outsource the function to a
CPA firm that is independent!
42. 42
Benefits of Outsourcing
Internal Audit Function
• Some companies are too small to have an their own internal auditor
• Company better able to control internal audit costs
• Assist with corporate governance, risk and compliance initiatives
• May be better trained and have access to industry best audit
practices
• May possess applicable internal audit software not owned by the
company
• Unbiased assessment
• Independent
43. 43
#12 – Surprise Fraud Audits
• Includes assessment of internal controls
44. 44
Surprise Fraud Audits
• In no way similar to an annual financial statement audit.
• It is a consulting engagement with no formal report (unless one is
requested).
• Identify with management targeted accounts and certain types of
transactions.
• Focus on payment amounts.
• Deliverable – our workpaper and face-to-face meeting.
• Management sets the scope, time allotted and frequency of
surprises.
• Enables the client to control the overall engagement spend.
• Least used – one of the most effective.
45. 45
Surprise Fraud Audits
• Expense reports
• Credit card expenditures
• Payments to company personnel
• Payments to cash
• Examination of check source documents and selected
invoices such as credit cards and expense reports
• Electronic payments (EFTs)
• Disbursements sorts and analysis
• Bank reconciliations
• Journal entries
46. 46
#13 – Test the Internal Controls
• The fact that you believe that you have adequate internal
controls does not mean that they are effective or that
employees are actually following them.
• Oftentimes employees are not trained on all of the proper
internal controls (due to many reasons such as time).
• Request a disbursement without substantiation.
• Have someone’s pay increased without the proper detail.
• Submit an incomplete expense report with no receipts.
• Ask that an accounts receivable balance be written off.
Testing the system provides a “teaching moment.”
47. 47
Conclusion and Questions
Thank you for being an attentive audience.
I am happy to entertain any questions at this time,
and I’ll be in the hall afterward if any of you have
any specific questions.
If you should have the need for any preventive or
investigative forensic services, or any litigation
support assistance, please keep us in mind!