2017: ca water strong - home - association of … · transaction . authorization ... payment from...

2017: CA WATER STRONG

SAFEGUARDING RATEPAYER FUNDS:

FRAUD PREVENTION AND DETECTION FOR UTILITIES

ACWA 2017 Fall Conference November 30, 2017

SAFEGUARDING RATEPAYER

ASSETS

• INTERNAL CONTROLS

• ENTERPRISE RISK ASSESSMENT

• UTILITY FRAUD PREVENTION, DETECTION AND MITIGATION

OUR SPEAKERS

• MARK COUSINEAU, DIRECTOR, MGO (MACIAS, GINI & O’CONNELL LLP)

• MCOUSINEAU@MGOCPA.COM

• SHARI M. THOMAS, ASSISTANT GENERAL MANAGER FINANCE & ADMINISTRATION, PASADENA WATER AND POWER

• STHOMAS@CITYOFPASADENA.NET

• JENNIFER FARR, PARTNER, DAVIS FARR LLP

• JFARR@DAVISFARR.COM

COSO INTERNAL CONTROL –INTEGRATED FRAMEWORK

COSO CUBE

COSO INTERNAL CONTROL –INTEGRATED FRAMEWORK

•Efficiency •Effectiveness •Economy

Operations

•Assets (misappropriation) •Citizen expectations Safeguarding

• Financial •Non-financial Reporting

• Laws, judgments •Agreements Compliance

COSO CUBE – CONTROL OBJECTIVE CATEGORIES SUMMARY

COSO INTERNAL CONTROL –INTEGRATED FRAMEWORK

COSO CUBE – ENTITY STRUCTURE

COSO INTERNAL CONTROL –INTEGRATED FRAMEWORK

HUB & SPOKE MODEL Risk Assessment

Information & Communication

Control Activities

Monitoring

CONTROL ENVIRONMENT

PREVENTION

INFORMATION TECHNOLOGY GENERAL CONTROLS

IT Governance

Access to Places, Programs, & Data

Computer Operations

Program Changes

System Development & Implementation

Data

DBMS

Application

Operating System

Infrastructure Increasing Risk

PREVENTION

CONTROL ENVIRONMENT

Tone at the Top

Decision Rights

Separation of Duties

Escalation Policy Accountability

PREVENTION

INSTITUTIONAL

ORGANIZATIONAL

INDIVIDUAL

TRANSACTION

SEPARATION OF DUTIES – METHODS

PREVENTION

TRANSACTION

Authorization Transaction Processing

Authorization Custody Recording

Authorization Custody Journal Subsidiary Ledger General Ledger

1

2

3

SEPARATION OF DUTIES

FRAUD AND RISK ASSESSMENT PASADENA WATER AND POWER

ASSOCIATION OF CALIFORNIA WATER AGENCIES

FALL CONFERENCE

NOVEMBER 30, 2017

CITY OF PASADENA

• INCORPORATED IN 1886 – FULL SERVICE, CHARTER CITY

• 23 SQUARE MILES, ABOUT 140,000 RESIDENTS

• HOME OF THE ROSE BOWL AND THE NEW YEAR’S DAY ROSE PARADE

• WATER UTILITY SERVES ABOUT 165,000 PEOPLE

• 38,000 METERS

• ALSO A FULL SERVICE ELECTRIC PROVIDER

• IN-CITY POWER PLANTS AND DISTRIBUTION SYSTEM

REAL-WORLD INCIDENT

• NOVEMBER-DECEMBER 2014 – EMPLOYEE EMBEZZLEMENT DISCOVERED BY AUDIT

• ONE EMPLOYEE

• ALMOST 300 FRAUDULENT INVOICES PROCESSED

• OVER MORE THAN 10 YEARS

• OVER $6 MILLION

• COMPLACENCY, INTERNAL CONTROLS, ADHERENCE TO POLICY, ACCOUNTABILITY

• “TONE AT THE TOP…”

• IT WON’T HAPPEN HERE!

FRAUD AND RISK ASSESSMENT PURPOSE AND SCOPE

• DIRECTED BY GOVERNING BODY – CITY COUNCIL

• DIFFERENT FROM FINANCIAL OR INTERNAL CONTROLS AUDIT

• PURPOSE AND SCOPE: • ASSESSMENT OF RISKS ACROSS THE WATER AND POWER DEPARTMENT

• ORGANIZATIONAL/PEOPLE • RETIREMENTS, SINGLE POINT OF FAILURE, DISGRUNTLED, TRAINING

• FINANCIAL/BUSINESS STRATEGY • CASH HANDLING, FINANCIAL PLANNING, RATE SETTING, LEVERAGE, CREDIT RATINGS

• OPERATIONS/BUSINESS PROCESSES • EMPLOYEE SAFETY, SERVICE RELIABILITY, AGING INFRASTRUCTURE, EFFICIENCY, CUSTOMER INTERACTION

• AUTOMATION/TECHNOLOGY • CYBERSECURITY, AGING SYSTEMS, BEST PRACTICES

• BASIS FOR DISCUSSION ABOUT RISK TOLERANCE AND MITIGATION

THE PASADENA PROCESS

• EACH MAJOR BUSINESS UNIT SEPARATELY • POWER DELIVERY, POWER SUPPLY, WATER DELIVERY, FINANCE & ADMIN, GENERAL MANAGER

• COOPERATIVE AND OPEN ENVIRONMENT FOR DISCUSSION • WHAT ARE GOALS AND OBJECTIVES OF PASADENA WATER & POWER?

• HOW DO PROGRAMS SUPPORT OR HINDER ACHIEVING GOALS AND OBJECTIVES? • ARE WE DOING THE RIGHT THINGS IN THE RIGHT PRIORITY?

• HOW DO PRACTICES SUPPORT OR HINDER ACHIEVING GOALS AND OBJECTIVES? • ARE WE TRAINED, EQUIPPED, SUPERVISED PROPERLY?

• WHERE ARE THE OPPORTUNITIES FOR FRAUD, LACK OF PRODUCTIVITY, ACCOUNTABILITY?

• USE ON-LINE, ANONYMOUS EMPLOYEE SURVEYS AS NEEDED

• NOT A “GOTCHA” EXERCISE – MITIGATE OR MANAGE THE RISKS WHEN DISCOVERED

• EMPLOYEES AT EVERY LEVEL INVOLVED IN IDENTIFYING THE LIKELIHOOD AND IMPACT OF RISKS

EXPECTED RESULTS AND NEXT STEPS • STILL IN THE PROCESS…ABOUT HALFWAY THROUGH

• CERTAINLY LEARNING A LOT ABOUT OURSELVES

• IDENTIFYING RISKS AND OPPORTUNITIES FOR FRAUD

• HOW LIKELY ARE THEY TO HAPPEN OR ARE THEY HAPPENING NOW?

• IS THE IMPACT LOW, MODERATE, HIGH OR CATASTROPHIC?

• ENGAGE EMPLOYEES IN IDENTIFYING AND RANKING THE ASSESSMENTS

• DEPLOY MITIGATION STRATEGIES IMMEDIATELY WHENEVER POSSIBLE

• ESPECIALLY FOR HIGH OR CATASTROPHIC RISKS

• DEPARTMENT SENIOR MANAGEMENT REVIEWING PRELIMINARY REPORTS

• NOT NECESSARY TO AGREE WITH EVERY FINDING

• FINAL REPORT, FINDINGS AND RECOMMENDATIONS TO CITY AUDIT COMMITTEE & CITY COUNCIL

SOME RANDOM TAKEAWAYS… • DON’T BE AFRAID OF THE PROCESS…EMBRACE IT

• VIRTUALLY IMPOSSIBLE TO PREVENT/AVOID ALL RISK • WOULD BE PROHIBITIVELY EXPENSIVE

• PASADENA IS STILL FINDING THE RIGHT BALANCE

• ENGAGE ALL LEVELS OF EMPLOYEES IN THE PROCESS • IF THEY ARE NOT PART OF THE SOLUTION, THEY WILL BE PART OF THE PROBLEM

• “TONE AT THE TOP” IS A REAL THING • ACCOUNTABILITY MEANS CRUCIAL CONVERSATIONS

• BE SUPPORTIVE • …OF THE PROCESS AND THE PEOPLE

• ROME WASN’T BUILT IN A DAY – CHANGE TAKES TIME (BUT NOT TOO MUCH!)

SAFEGUARDING RATEPAYER FUNDS: FRAUD PREVENTION &

DETECTION FOR UTILITIES ACWA 2017 FALL CONFERENCE

NOVEMBER 30, 2017

UTILITY FRAUD CASE STUDIES

SANTA CLARA VALLEY WATER DISTRICT FRAUD OR NOT FRAUD?

• Allegation: • Fraudulent Charges and Conflicts of Interest with an Engineering Firm

• Conflicts of Interest: • Deputy Operating Officer of Procurement is married to the firm’s co-owner

• Lack of Board Approval: • CEO executed $1.3M contract to firm without board approval

• The Board previously approved the CEO to execute contracts up to $10M to jump start the recycled water program

• One project task was originally $375,000 but change orders increased the amount to $1.7M • Used allocations from other project tasks to increase the amount on this task

• Because total contract was not exceeded, the District was not required to get Board approval

SANTA CLARA VALLEY WATER DISTRICT • Red Flags with the Engineering Firm:

• Weeks before the SCWD CEO received authorization to enter into contracts without bidding, an ex-County Water Board Member pled no contest to a criminal charge for accepting $160,000 in illegal payments from the Engineering Firm

• How was it detected: • Employee Engineering Manager raised concerns internally

• Alleged that the Firm had billed $512,000 for work that was never done

• For one project, the firm billed $350,000 for zero hours of work – contract does not allow for advance billing

• District staff had to complete the task that the firm was paid for but did not work on (estimated 2,400 hours of staff time)

• Media shed light on the contract

• Santa Clara County District Attorney’s Office performed an investigation after receiving complaints

SANTA CLARA VALLEY WATER DISTRICT • Resolution:

• District agreed to make changes to contract negotiations

• CEO eventually stepped down

PROCUREMENT FRAUD CASES • Mojave Water Agency

• Director of Engineering, Operations and Maintenance was accused by a grand jury in Los Angeles of working with two Inland Empire businessmen to funnel contracts to his own surveying firm

• Contracts were awarded to one company who, in turn, subcontracted the work back to the Director of Engineering’s firm

• Las Vegas Valley Water District

• $6.7M purchasing fraud

• 15 year employee who started as an office assistant and moved up to a purchasing analyst

• Purchased ink cartridges from Staples (from 2007-2015), relabeled and then shipped them to New Jersey, and then resold them

UTILITY BILLING/CASH RECEIPTING FRAUDS • Lapping scheme

• Applying payment from Customer 1 to Customer 2’s account

• Should eventually be detected unless perpetrator can find a way to adjust cash (possibly through a journal entry)

• Skimming scheme

• Taking a portion of the cash receipt prior to deposit

• A reconciliation of cash received vs. deposited should catch this unless the perpetrator is the individual making the deposit

• Adjusting customer accounts

• Applying credits or adjustments to customer accounts and misappropriating the payment

• System controls restricting ability to post adjustments would prevent this type of fraud

LAPPING FRAUD CASE • Customer service employee misappropriated funds from walk in customers

• Employee used manual cash receipt book instead of processing the payment through the billing system

• Employee used a lapping scheme to hide the fraud (using payments from Customer A to pay Customer B’s bill) but eventually couldn’t keep up

• Was detected when a customer called to inquire about a payment made that did not show up as paid on their bill

• District’s controls were strong over normal cash receipting, but there was no periodic reconciliation of the manual cash receipt books (only intended to be used when the system is down)

• Controls were later changed to reconcile manual cash receipt via verification of the prenumbered cash receipt sequence and vouching to evidence that the customer payment was applied to their account

SKIMMING FRAUD CASE: SANTA FE WATER • Manager allegedly skimming cash receipts

• Internal investigation of 138 utility water accounts (over a 3 year period) uncovered 46 instances in which cash deposits of $100 each were likely diverted

• Fraud was detected when the employee was out for an extended period of time and customers began coming in asking for refunds

• Internal investigation concluded that there was proper segregation of duties for the individuals normally performing the cash receipting functions but when the manager stepped in to help during busy times to help with cash handling, the segregation of duties controls were impaired

THANK YOU

ACWA 2017 Fall Conference November 30, 2017