goldsrd fraud auditing basics feb 2015 4 hours · fraud auditing basics danny m. goldberg, founder...
TRANSCRIPT
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 1
Fraud Auditing Basics
Danny M. Goldberg, Founder
Course Objectives
• Detailed analysis of controls and processes
• Understanding of key fraud risks
• Understanding of best practices and segregation of duties
• Understanding of key audit risks
• Inter-linkage between manual, IT and spreadsheet controls
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 2
FRAUD OVERVIEW
Fraud Quiz
1. What % of its revenue does the typical organization loose to fraud each year?
2. How many months does a fraud usually last before being reported?
3. What is the most common type of occupational fraud? 4. Three industries most common victimized by fraud are: 5. How many prior offenses have occupational fraudsters
often committed? 6. Do the higher fraud losses tend to be committed by
fraudsters with low or high tenure with an organization? 7. What departments do most fraudster’s work in?
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 3
Fraud Quiz Answers – Page 1 of 2
• What % of its revenue does the typical organization loose to fraud each year? – (Answer – 5%)
• How many months does a fraud usually last before being reported? – (Answer – 18 months)
• What is the most common type of occupational fraud? – (Answer – asset misappropriation)
• Source – Report to the Nations on Occupational Fraud and Abuse – 2012 Global Fraud Study, Association of Certified Fraud Examiners
Fraud Quiz Answers – Page 2 of 2
• Three industries most common victimized by fraud are: – (Answer – banking & financial services, government & public administration,
and manufacturing)
• How many prior offenses have occupational fraudsters often committed? – (Answer – None! Most are first offenders with clean histories)
• Do the higher fraud losses tend to be committed by fraudsters with low or high tenure with an organization? – (Answer – the higher the fraud loss – median of $229,000 are committed
by fraudsters with more than 10 years. Those during the first year on the job committed a median of $25,000)
• What departments do most fraudster’s work in? – (Answer – accounting, operations, sales, executive/upper mgmt., customer
service, and purchasing)
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 4
Kroll Survey – Types of Fraud
Type of Fraud – Kroll Survey 2012 2011 2010
Theft of Physical Assets 24% 25% 27%
Information Theft 21% 23% 27%
Management Conflict of Interest 14% 21% 19%
Vendor, Supplier or procurement fraud 12% 20% 15%
Internal Financial Fraud 12% 19% 13%
Corruption and Bribery 11% 19% 10%
Financial Mismanagement Not reported 16% 13%
Regulatory or Compliance Breech 11% 11% 12%
Intellectual Property Theft 8% 10% 10%
Market Collusion 3% 9% 7%
Money Laundering 1% 4% 7%
ACFE Report to the Nations 2012
• Organization loses: 5% of its revenue to fraud annually
• Median loss: $140,000
• Average length: 18 months
• Most common: Asset misappropriation (87%)
• Greatest risk: Corruption and billing schemes
• Likely perpetrator: Senior management & long-time employees with clean histories
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 5
Truth – White Collar Criminal
• Older (30+ years) • 55% male, 45% female • An appearance of a stable family situation • Above average (postgraduate) education. • Less likely to have a criminal record. • Good psychological health. • Position of trust. • Detailed knowledge of accounting systems
and their weaknesses. • Prior accounting experience.
The Definition of Fraud
“… any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 6
Fraud Auditing Overview
• Audits are not designed to detect fraud – Goal: Determine whether the financial statement is free
from material misstatements.
• Auditors test only a small fraction of transactions
• Auditors must: – Be aware of the potential of fraud
– Discuss how fraud could occur
– Delve into suspicious observations and report them
Discussion
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 7
Myth - Responsibility
• Auditors job to prevent and detect fraud
• Internal auditors are the first line of defense against fraud
Auditor Responsibility
• All auditors should have at least: – Some semblance of fraud training/experience
– Creation/Involvement of the anti-fraud assessment
– Solid understanding of measures intended to prevent and detect fraud
– Awareness of financial fraud schemes and scenarios and knowledge of forensic investigations
– Ability to detect financial statement fraud, which requires a firm understanding of financial reporting standards
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 8
Truth - Responsibility
• According to Statements on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, management is responsible for
– Designing and implementing systems and procedures for the prevention and detection of fraud
– Along with the board of directors, for ensuring a culture and environment that promotes honesty and ethical behavior
Truth - Responsibility
Standard 1210.A2: The internal auditor must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. • According to IIA’s IPPF, Internal Auditors must:
– Understand the fraud risks – Recognize red flags – Design and conduct tests – Report known or suspected fraud
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 9
IIA Standards on Fraud
• 1220.A1 – Exercise due professional care (skepticism) by considering the probability of significant errors, fraud or non- compliance
• 1220.A2 – Evaluate the potential for the occurrence of fraud and how the organization monitors fraud risk
• 2210.A2 – When establishing audit objectives, consider the probability of significant errors, fraud or non- compliance
Internal Auditing and Fraud
• Fraud awareness (reasons and examples for fraud and potential fraud indicators)
• Fraud roles and responsibilities • Internal audit responsibilities during audit
engagements (execution & communication) • Fraud risk assessment (identifying relevant fraud
risk factors and mapping existing controls to potential fraud schemes and identifying gaps)
• Forming an opinion on internal controls related to fraud
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 10
Knowledge & Skills For Audit Success
• Big Picture - Vision • Interviewing • Project management • Time management • Planning skills • Auditing standards • Risk management • Business analysis • Finance and Accounting • Strategic planning • Organizational structures
• Detail oriented • Control focus • Presentation skills • Critical thinking • Process mapping • Working paper
documentation • Industry specific knowledge • Information technology • Laws • Fraud awareness
Knowledge
Myth • Internal Auditors are fraud
experts
• Internal Auditors know what to look for
• Internal Auditors can spot a fraudster
Truth • Most rarely know more
than the fraud triangle and how to define fraud
• Most don’t know what to look for because they haven’t seen it before
• Most don’t know the general characteristics of a fraudster
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 11
Truth – Fraud Learning
• Learn the Business • Learn what should happen to be able to
recognize problems (Get to know the red flags)
• Learn to ask the Right questions ... inside internal audit and outside
• Put aside the apprehension against asking for help
• Then reinforce with classroom training
Testing
Myth • Internal Auditors review of
documentation is thorough enough to detect fraud
• Internal Auditors will know it when they see it.
• Internal Auditors know how to test for fraud
Truth • Internal Auditors only
sample –Sampling risk
• There is always Audit Risk & non-sampling risk
• Most auditor’s don’t know that analytics is the best test for fraud
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 12
The Fraud Triangle
Opportunity • Must gain access to assets/
records • Can be controlled/prevented
by organization
Rationalization • Follow through and commit the
fraud • Can be controlled/prevented
by organization
Pressure • The more incentive, the easier it is to justify • Financial or personal problems, financial
pressure, mental instability
The Fraud Triangle What to look for… • Consistent inventory adjustments for defective items or
shrinkage • Compensation tied to operating results • Consistently meet/exceed analyst expectations • Operations in countries with history of bribery • Related party transactions • Material or frequent adjusting entries • Missing, altered, late documents • Lackadaisical oversight combined with friendly employee
relations • Change in personal habits or behavior
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 13
How is Fraud Discovered?
How is Fraud Discovered?
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 14
Detection of Fraud Schemes
Factors Contributing to Fraud
Contributing Factor Percentage
Poor Controls 59%
Management Override 36%
High Risk Industry 34%
Third Party Collusion 33%
No Ethics Policy 7%
No Board of Directors Control 6%
Other 2%
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 15
What is a Trusted Employee?
• Independent • Almost all work alone • Never take vacation • Knows everything • Work long hours
– To work early/leave late
Ø We trust employees too much (blind trust) Ø Must use trust but verify concept (monitoring)
What is an “At Risk” Employee?
• Employee work habits (1) Come to work early or leave late (2) Works nights and weekends (3) Seldom missing for leave or vacation (4) Reports to office during brief absences (5) Ask others to hold work while gone (6) Knows too much (7) Too helpful or too involved
The Issue is Control
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 16
Management’s Role in Fraud
• Establish, maintain and evaluate antifraud programs and controls: – Perform fraud risk assessment (FRA) – Create strong control environment – Design and implement antifraud programs and
controls – Communicate information related to antifraud
programs – Monitor the effectiveness of antifraud programs
and controls
FRAUD RED FLAGS
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 17
Red Flags Are Indicators, Not Proof
• Living beyond means (36%) • Financial difficulties (27%) • Close association with vendors/customers
(19%) • Poor internal controls (18%) • Employee morale changes • Employee turnover • Pressure to meet targets • Management infighting • Addiction problems
Employee Red Flags • Significant change in lifestyle, such as new wealth • Financial difficulties may create need
– Gambling or drug addiction – Infidelity is an expensive habit
• Criminal background • Chronic legal problems
• Dishonest behavior in other parts of life • Beat the system
– Break rules commonly
• Chronic dissatisfaction with job
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 18
Organizational Red Flags
• Lack of communication of expectations
• Too much trust in key employees
• Lack of proper authorization procedures
• Lack of attention to detail
• Changes in organizational structure
• Tendency towards crisis management
Financial Document Red Flags • Missing/Altered
documents
• Excessive number of voided documents
• Documents not numerically controlled
• Questionable handwriting or authorization
• Numerous duplicate payments
• Unusual billing addresses
• Address of employee same as vendor
• Duplicate or photocopied invoices
• Invoices not folded for envelope
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 19
Accountability and Control Red Flags
• Lack of segregation of duties
• Lack of physical security and/or key control
• Weak links in chain of controls and accountability
• Missing independent checks on performance
• Weak management style
• Poor system design
• Inadequate training
How to Minimize Fraud Risk
• Adhere to policies/procedures (especially documentation and authorization)
• Identify and understand of key controls and fraud areas
• Ensure physical security over assets • Provide proper training to employees • Independently review and monitor tasks • Review segregation of duties • Ensure clear lines of authority
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 20
How to Minimize Fraud Risk • Rotate duties in positions susceptible to fraud • Ensure employees take regular vacations • Schedule regular independent audits of areas susceptible to
fraud • Ensure background checks including criminal and credit for
all employees • Make sure internal controls are followed • Ask for documentation • Ensure that one person does not have total responsibility for
a process • Evaluate performance regularly • Report suspicious activity
FRAUD DETECTION
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 21
Fraud Detection Controls
• Hotlines
• Customer complaints
• Internal audit/fraud audits
• Data mining/analysis
• Process-specific internal controls
FRAUD INTERVIEWS
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 22
Why Interview for Fraud?
• People actually admit they have committed fraud, abuse, or other illegal acts when confronted
• People who have knowledge of wrongdoing but are not involved in fraud often will not come forward (in most cases) with information unless asked
• Quickly identifies control weaknesses
Interview versus Interrogation
Interview • Purpose is to gather
information • Non-accusatory • Free-flowing • Interviewer speaks 5% • Stay within social zone • Note taking O.K. • No Miranda warning
required
Interrogation • Purpose is to get a
confession • Accusatory • Structured • Interrogator speaks 95% • Start at personal zone,
move to intimate zone • No notes (until after
confession) • No time limit
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 23
Communication Analysis
• What did the subject say?
• What did the subject NOT say?
• Vocabulary, parts of speech, syntax, and structure form the basis for analyzing communication.
Key Words / Phrases
• Adverbs – – “I usually [but not always] unlock the safe.”
– “I normally [but not always] reconcile the accounts.”
– “Basically [but not completely], that’s what happened.”
– “Mostly [but not always], I get a second signature.”
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 24
Key Words / Phrases
• Adverbs – – “I rarely [but not exclusively] speak with him
anymore.”
– “I hardly knew him [but I did know him].”
Adjectives
• Dishonest subjects often omit adjectives altogether or qualify their remarks – “I think…”
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 25
Questioning the Subject
• Confronting the Subject – Avoid confrontation until later in the interview – Handle and manage confrontation to your
advantage - better to focus on clarification “I am confused. You told me that you always got a
second signature on checks over $5,000. However, you told me you signed the check to Jeff Hardware, Inc. and mailed it. Am I missing something?”
Questioning the Subject
• Go from broad to the specific.
• Move from the indirect to the direct to elicit information.
• Allow the subject to speak. The role of the interviewer is to observe, to guide, to steer, to collect, and most importantly, to listen.
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 26
Note Taking
• Note taking tips: – Do not record the interviews
– Take accurate and complete notes, but do not distract the interviewee
– Try to avoid taking notes when the interviewee is talking about a sensitive subject
– Begin each interview on a clean page.
– Try to have a a separate person take notes while the interviewer asks the questions.
Note Taking
• Identify the date, time, and place of the interview and all individuals present during the interview.
• Obtain biographical data for the subject, including telephone numbers, position, title, etc.
• Initial and date the notes.
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 27
Grade Your BS Detector
• Defensive gestures
• Shakiness
• Unnatural gestures
• Excessive swallowing
• Adam’s apple movement
• Increased eye contact
• Reduced eye contact
• Speech hesitations
• Increases in vocal pitch
• Speech errors
• Longer response time
• Postural shifts
• Pupil dilation
• Blinking
• Less smiling
• More smiling
• Head movements
• Hand shrugs
• Self-touching
• Fidgeting
Detecting a Liar
• Lack emotion
• Lack detail
• Lack consistency
• Lack cooperation
• Lack / fewer hand movements
• Look for changes in normal behavior
• Listen for pauses
• Look for micro-expressions
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 28
Controls Applicable to All
• EXERCISE – Based on your view of internal controls, what controls apply to all processes regardless of type?
The foundation of our controls
home!
ANSWER
• Segregation of Duties • Physical and IT Access • Review and Reconciliation Controls
(Management Oversight) – Balance Sheet Reconciliations – JE Reviews
• Tiered Approvals • Pre-numbered documents • Policies and Procedures
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 29
Other Controls
• Code of Conduct
• Hotline
• Whistle-blower policy
• Conflict of interest policy
• Fiscal Policy
IDENTIFYING FRAUD SCHEMES
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 30
Categories of Fraud Risk
• Misappropriation of Assets – involve the theft or misuse of an organization’s assets. (Common
examples include skimming revenues, stealing inventory, and payroll fraud.)
• Corruption – fraudsters wrongfully use their influence in a business transaction in
order to procure some benefit for themselves or another person, contrary to their duty to their employer or the rights of another. (Common examples include accepting kickbacks and engaging in conflicts of interest.)
• Fraudulent Financial Statements – falsification of an organization’s financial statements. (Common
examples include overstating revenues and understating liabilities or expenses.)
Asset Misappropriation Scheme Scenario
• Payment to fictitious employees• Payment to terminated employees• Overpayment to existing employees• Theft of inventory items• Consistent shrinkage of items• Increased defective/warranty claims• Reimbursement for personal expenses• Use of card to circumvent competitive bid requirements
Larceny • Theft of materials, supplies, cashPurchasing • Using purchasing authority to purchase raw materials for
personal use.Procurement • Using procurement card for personal, exorbitant
purchases• Reimbursement for undocumented expenses• Reimbursement for luxury accommodations• Reimbursement for travel expenses of family members
Improper Payments • Payments to phantom vendors, shell companies
Reimbursement
Credit Cards
Inventory
Payroll
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 31
Corruption/FCPA Scheme Scenario
• Improper or early revenue recognition• Falsifying revenue• Earnings manipulation through reserves• Recording pending transactions as completed transactions
Overstating Assets Improper valuation of securities, inventory, fixed assets• Hiding losses in future reporting periods• Understating expense account balances• Reclassifying (capitalizing) expenses as assets• Improper valuation or manipulation of intercompany accounts
Improper Note Disclosure • Omission of contingencies or subsequent events
• Falsifying external documents to suppliers• Internal memorandums give misleading information• Publicly announced unsubstantiated information
Management Estimates • Manipulation of management estimates for receivables, goodwill or depreciation
Fictitious Revenue
Understating Liabilities and Expenses
Non-financial
Financial Statement Fraud Scheme Scenario
Fictitious Revenue • Improper or early revenue recognition
• Falsifying revenue
• Earnings manipulation through reserves
• Recording pending transactions as completed transactions
Overstating Assets • Improper valuation of securities, inventory, fixed assets
Understating Liabilities and Expenses
• Hiding losses in future reporting periods
• Understating expense account balances
• Reclassifying (capitalizing) expenses as assets
• Improper valuation or manipulation of intercompany accounts
Improper Note Disclosure • Omission of material contingencies or subsequent events
Non-financial
• Falsifying external documents to suppliers
• Internal memorandums give misleading information
• Publicly announced unsubstantiated information
Management Estimates
• Manipulation of management estimates for receivables, goodwill or depreciation
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 32
SPECIFIC AREAS AND FRAUD RISKS
ACCOUNTS PAYABLE/DISBURSEMENTS
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 33
Accounts Payable: Fraud Risks
• Debit Balances
• Large/Old balances
• New Suppliers (review of process)
• No payment date
• Unrecorded liabilities
Purchasing Fraud
• Duplicate : – Disbursement Amounts
– Invoice numbers/dates
• Fake Vendor in Vendor Database (Test for duplicate names and addresses, vendor & EE names/addresses same, PO Boxes)
• Right at thresholds (refunds)
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 34
Disbursement Fraud Concepts
• Most cash disbursement frauds employ common and simple methods
• Cash disbursements fraud is recorded in the accounting system. – Fraud is concealed in accounts with high volumes and high dollar
activity
• Fraud perpetrators are unpredictable as to position and background and change over time with the internal control system (the chameleon effect)
• It’s difficult to distinguish original documents from false original documents. The difference is that no goods or services were received for the false transactions.
Disbursement Fraud Concepts
• The accounts payable function should never pay an invoice that has not been approved by the recipient of the goods and services
• Pay from original source documents only • Question vendor invoices that do not have a street
address or a vendor who is not listed in the telephone book
• Make sure that all supporting documents are valid and represent actual purchases of good and services. Watch out for: – Cut-and-paste documents (no detail shown for purchases
made), and – Numerical sequencing of receipts or invoices used for
reimbursement purposes • Identify documents that serve the same purpose as blank
checks (petty cash, travel vouchers, and time cards)
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 35
Fraud Risk - Other Disbursement Areas
• Collusion between employee and vendor (difficult to detect)
• Implement a policy on employee/vendor contacts (conflicts of interest) and use a “Holiday” letter as a reminder
• Picking up assets versus a central delivery destination • Review position of employee to see if purchases are an
act out of character (not the normal job) • Invoices must include a description of the item
purchases (not just a part number) • Obtain original receipts for purchases
ACCOUNTS PAYABLE/DISBURSEMENTS LEADING CONTROL PRACTICES
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 36
P-Cards
• Number of authorized individuals need to be limited
• Types of purchases needs to be limited
• Authorization limits need to conform with Delegation of Authority (DOA) policy requirements
• Purchase $ limits need to be set relatively low and/or combined with the Purchase Order (PO) process
• Receipts and related documentation need to be monitored and maintained
• Card statements must be regularly reconciled and reviewed
Cash Disbursements
• Accounts payable clerks review vendor statements for old/unpaid invoices
• Disbursements greater than specified amounts require additional approval
• System matches purchase order, receiving report, and invoice (3-way match)
• Vendor statements are reconciled to accounts payable detail
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 37
Cash Disbursement Controls • Change/Create applications for purchase orders, as well as access to
blank purchase order stock, are limited to purchasing personnel. • The purchasing manager must sign all purchase orders. • The purchasing managers reviews the reporting of invoices processed
without purchase orders to ensure that only approved exceptions to the Company’s purchase order requirements are processed by A/P.
• Correspondence with vendors during the vendor qualification process clearly identifies company policy stating the company will not be responsible for goods shipped and received without a valid purchase order approved by the purchasing manager.
• Written procurement procedures identify competitive bidding requirements for various purchase thresholds.
• Prior to approving purchase orders, the purchasing manager reviews vendor selection and pricing for reasonableness and review vendor selection support as considered necessary to ensure that required vendor selection procedures were appropriately followed.
Cash Disbursements - Controls
• Responsibilities relating to Change/Create responsibilities for purchase orders, goods receipt notes, inventory, and accounts payable are segregated.
• Goods are centrally received and timely recorded in the system.
• System controls are in place to ensure that vendor invoices required to be supported by purchase orders may only be cleared to accounts payable by goods receipt notes entered on the system by authorized receiving personnel.
• Access to Change/Create authorizations for goods receipt notes is limited to appropriate receiving department personnel.
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 38
Cash Disbursements - Controls
• System controls are in place to ensure that vendor invoices required to be supported by purchase orders may only be cleared to accounts payable by goods receipt notes entered on the system by authorized receiving personnel.
• Access to Change/Create authorizations for goods receipt notes is limited to appropriate receiving department personnel.
• Physical inventory controls and controls over inventory adjustments are handled by individuals independent of the receiving function to ensure that potential inappropriate acknowledgement of goods receipt is timely detected and investigated.
Cash Disbursements Controls
• Entry of invoices into the A/P ledger are supported by system three-way match controls that require invoices to be matched to purchase authorizations created by the purchasing department (ordered quantities and unit pricing) and receiving authorizations (received quantities) established by the receiving department. Exceptions to system match requirements (i.e.- for entry of utility bills etc.) are reported to the controller and purchasing manager for review.
• Physical access to accounts payable files, receiving files, and purchase order files used in managing the A/P and procurement processes are restricted. Physical documentation where used evidences signature approval to support authenticity of such documents.
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 39
Cash Disbursements Controls
• Entry of invoices into the A/P ledger are supported by system three-way match controls that require invoices to be matched to purchase authorizations created by the purchasing department (ordered quantities and unit pricing) and receiving authorizations (received quantities) established by the receiving department. Exceptions to system match requirements (i.e.- for entry of utility bills etc.) are reported to the controller and purchasing manager for review.
• Physical access to accounts payable files, receiving files, and purchase order files used in managing the A/P and procurement processes are restricted. Physical documentation where used evidences signature approval to support authenticity of such documents.
Disbursements (SoD)
• Separate: – Purchasing (vendor set up)
– Preparation of checks
– Approval of payment
– Recording
– Signatures
– Vendor inquiries
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 40
Payroll
Fraud Risk Factors - Payroll Concepts to Remember
• Payroll = 50-80% of all expenditures
• Every employee can falsify own payroll
• Know that employee time cards are blank checks and can be falsified (after approval) – look for a straight line from source to approval to payroll
• No one should approve their own time sheet
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 41
Payroll Fraud Schemes
• Individuals receive more pay than authorized – fraud of choice - most common
• Employees issue checks to themselves: – For too much money – For work not performed – For unauthorized vacation buy-outs
• The fraud can involve: – Normal payroll – Overtime – Vacation and sick leave
• Primary suspects: – Payroll employees – Department timekeeper
Fraud Risk - Payroll Concepts to Remember
• Ensure employees are not paid more than authorized
• Monitor mid-month payroll draws for compliance with the law and for end-of-month deductions
• Monitor overtime, stand-by and call-back time for employees (who are the big winners?)
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 42
Fraud Risk - Payroll Concepts to Remember
• Ensure sick and annual leave accruals agree with organizational policy (even if use it or lose it)
• Determine if a comp time system is in place and used, ensuring maximum balances are not exceeded and buy-outs are appropriate
• Ensure the payroll clerk is not paid more than authorized (high risk employee)
FRF - The Five Most Common Payroll Fraud Schemes
• Ghost employees
• Mid-month payroll draws not deducted from end-of-month payroll
• Unauthorized employee pay
• COBRA program abuses
• Advance release of withheld funds
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 43
Payroll Leading Control Practices
Payroll
• Commissions are reviewed by both supervisors and HR department
• Monthly payroll activity is compared to previous periods
• Paid time off is managed and reviewed by HR department
• Supervisors review rate changes to the payroll master file (and access to the master is restricted)
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 44
Payroll – Hire/Termination
• The hiring of new employees is authorized by management. • Additions to the personnel and payroll master files represent valid
employees. • All new employees are added to the personnel and payroll master
files. • Terminated employees are removed from the personnel and
payroll master files. • Deletions from the personnel and payroll master files represent
valid employee terminations. • All additions and/or deletions from the personnel and payroll
master files are accurate. • All additions and/or deletions from the personnel and payroll
master files are performed timely.
Payroll - Authorization
• Establishment and/or modification of payroll rates, deductions, etc. are authorized by management.
• Changes to payroll rates, deductions, etc. are input accurately and timely.
• Only valid changes to payroll rates, deductions, etc. are input and processed.
• All valid changes to payroll rates, deductions, etc. are input and processed.
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 45
Payroll – Preparation/Payment
• Payroll (including compensation and withholdings) is accurately calculated and recorded.
• Payroll is recorded in the appropriate period.
• Payroll is disbursed to appropriate employees.
• Unused payroll checks are secured and accounted for.
Payroll – Taxes
• Payroll taxes are paid in accordance with statutory requirements.
• Payroll tax returns are prepared accurately and completely in accordance with statutory requirements.
• Payroll tax returns are prepared and filed timely. • Payroll taxes are accurately calculated and
recorded. • Payroll taxes are recorded in the appropriate
accounting period.
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 46
Payroll - SoD
• Separate: – Time sheet & salary approval
– Check preparation
– Check distribution
– Recording
– Reconciliation
– Payroll & personnel functions
Summary
• Use logic in fraud detection
• Fraud detection/red flags should be integrated as part of every audit conducted
• Be cognizant of your auditee’s behavior
• Good controls -> Lack of opportunity
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 47
READING A POKER FACE: NON-VERBAL COMMUNICATION
• 55% of communication is non-verbal
• Is it possible to communicate without words?
• Studies show that over half of your message is carried through nonverbal elements: – Appearance
– Body language
– Tone of Voice
– Pace of Voice
Non-Verbal Communication
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 48
Language of Gestures
• Body language and nonverbal communication are transmitted through the eyes, face, hands, arms, legs and posture (sitting and walking)
• Each individual, isolated gesture is like a word in sentence; it is difficult and isolated dangerous to interpret in and of itself.
• Therefore consider the gesture in the light of everything else that is going on around you.
The Eyes
• Windows to the soul, excellent indicators of feelings • Shifty eyes, beady eyes and look of steel demonstrate
awareness • Honest person has a tendency to look you straight in the eye
when speaking • People avoid eye contact with other person when an
uncomfortable question asked • The raising of one eyebrow shows disbelief and two shows
surprise • People are classified as right lookers and left lookers.
– Right lookers are more influenced by logic and precision – Left lookers are found to be more emotional, subjective
and suggestible
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 49
The Face
• The face is one of the most reliable indicators of a persons attitudes, emotions & feelings
• By analyzing facial expressions, interpersonal attitudes can be discerned and feedback obtained.
• Some people try to hide their true emotions. The term Poker Face describes them.
• Common facial gestures are: – Frowns: unhappiness, anger – Smiles: happiness – Sneers: dislike, disgust – Clenched jaws: tension, anger – Pouting lips: sadness
The Hands
• Tightly clenched hands usually indicate that the person is experiencing undue pressure – It may be difficult to relate to this person because of his tension and
disagreement
• Superiority and authority are usually indicated when you are standing and joining your hands behind your back
• Rubbing gently behind or beside the ear with the index finger or rubbing the eye usually means the other person is uncertain about what you are saying
• Cupping one or both hands over the mouth, especially when talking, may well indicate that the person is trying to hide something
• Putting your hand to your cheek or stroking your chin generally portrays thinking, interest or consideration
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 50
• Crossed arms tend to signal defensiveness. They seemingly act as a protective guard against an anticipated attack or a fixed position which the other person would rather not move
• Conversely, arms open and extended toward you generally indicate openness and acceptance
• Crossed legs tend to show disagreement • People who tightly cross their legs seem to be saying that
they disagree with what you are saying or doing • If people have tightly crossed legs and tightly crossed arms,
their inner attitude is usually one of extreme negativity toward what is going on around them – difficult to gain agreement
Arms & Legs
• Certain combinations of gestures are especially reliable indicators of a persons true feelings. These combinations are called “clusters”
• Each gesture is dependent on others, so analysis of a person’s body language is based on a series of signals to ensure that the body language clearly and accurately understood
• All the individual gestures fit together to project a common, unified message
• When they do not, this means a incongruity • For example: A nervous laugh • A laugh generally signal of relaxation. But if there are nervous
signals in body language that means the person is trying to escape from an unpleasent situation
Interpreting Gesture Clusters (GC)
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 51
Several gestures indicate openness and sincerity:
• Open hands
• Unbuttoned coat or collar
• Leaning slightly forward in the chair
• Removing coat or jacket
• Uncrossing arms and legs
• Moving closer
GC - Openness
People who are defensive usually have:
• Rigidity
• Arms or legs tightly crossed
• Eyes glancing sideways or darting occasionally
• Minimal eye contact
• Lips pursed, fists clenched and downcast head
GC - Defensiveness
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 52
• Evaluation gestures say that the other person is being thoughtful or is considering what you are saying - sometimes in a friendly way sometimes in an unfriendly way
• Typical evaluation gestures include: – Tilted head
– Hand to cheek
– Leaning forward and
– Chin stroking
GC - Evaluation
• Clearing throat
• Covering the mouth with hand
• Tapping fingers
• Whistling
• Jingling pocket change
• Fidgeting
• Twitching lips or face
• Chain smoking
GC - Nervousness
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 53
GC - Boredom/Impatience These unproductive feelings are usually conveyed by:
• Drumming of fingers
• Cupping the head in the palm of the hand
• Foot swinging
• Looking at your watch or the exit
• So can the direction a person's eyes reveal whether or not they are making a truthful statement? Short answer: sort of. – It is not as simple as some recent television
shows or movies make it seem.
– In these shows a detective will deduce a person is being untruthful simply because they looked to the left or right while making a statement.
Neuro Linguistic Eye Cues
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 54
Neuro Linguistic Eye Cues
Vc
Ac
F
Vr
Ar
Ai
Visually Constructed Up and to Their Right
Vc
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 55
Visually Remembered Up and to the Left
Vr
Ac
Auditory Constructed To Their Right
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 56
Auditory Remembered To Their Left
Ar
112
Feeling/Kinesthetic Down and to Their Right
F
Fraud Audi)ng Basics [email protected]
(C) GoldCal LLC 2015 57
Auditory Digital/Internal Dialog Down and to Their Left
Ai