Managing Reputational Risk for Nonprofit Organizations Best Practices for Fraud Prevention July 14, 2014 CLAconnect.com Presenters Christopher W. Truman, CPA, Manager 2 July 14, 2014 1
Things to Think About Nonprofit Organizations Frequently Victims of Fraud Newspaper reports of insider fraud are almost daily events Trust environment prevalent in volunteer organizations can enable fraudsters Dollars lost to fraud are significant, but the most important damage is done to an Organization s good name in the community Donors and supports ask, Where was the leadership? Why were they asleep at the wheel? How will donors react to your appeals for support after a fraud event occurs? 3 Things to Think About As Nonprofit Organization Leaders We need to maintain an attitude of Professional Skepticism It is OK to ask questions to determine responses that do not make sense. Follow up and seek documentation and/or other supporting information Rule of Two always a good idea to run questionable events/transactions by someone We need to avoid the Ostrich attitude Lack of communication and ignorance can hurt the Organization s reputation, sustainability and economic vitality We Need to Make Finance Transparent in the Organization Issue regular financial reports to the membership Make underlying bank and investment statements available for inspection More eyes on the numbers will enhance the control consciousness of all involved 4 July 14, 2014 2
Preventive Measures and Some Quick Tips Start with the Tone at the Top And pay attention to the tone from the bottom! Management override creates an environment where others feel free to follow suit; likewise, if governance or management are too busy to insist on controls, that attitude will spread throughout the Organization Code of Conduct regular review by all members, governance, and employees with signature/date Hot Line Do members and employees know who to call if they suspect something is amiss? Conflict of Interest Certification at least annually, in writing by all members of governance and officers (management) Use of Budgets to Establish Expectations for Financial Results Regular Financial Reporting (v Budget and Prior Year Period) Reports of New Vendors Added for approval by governance Reports of Cash Disbursed and Received for approval by governance Control over Physical Assets - regular inventories and inspections 5 Preventive Measures and Some Quick Tips Cash Receipts and Disbursements The person doing the accounting should NOT be a check signer! Bank statements should be sent to CEO, accounts reconciled on regular basis, reviewed and signed by the CEO [Payees altered and ATM withdrawals not authorized at strange times in the late evening] Look at cancelled checks (or check images) (front and back) [Checks endorsed to subsequent payee] Petty Cash Who keeps track of this? Documentation necessary and lock-up the petty cash. Often Petty Cash is viewed as an easy wide to side step an approval process. [This is an Organization resource and should be adequately guarded. Consider voucher approval for estimated amount for specific transactions keeps management aware of the use of petty cash and the potential improper use. After item bought, follow up with receipt, initials, etc.] Cash receipts for fund raising events Rule of Two. [Cash should NEVER be in the care and custody of only one person. Cash received should be counted and the count verified with two signatures then deposited intact to the Bank ASAP!] 6 July 14, 2014 3
Preventive Measures and Some Quick Tips Credit Cards DON T ISSUE CREDIT CARDS IN THE NAME OF THE ORGANIZATION! [This is by far the best way of avoiding credit card abuse] Credit Card Abuse Look at the transactions and the purpose of the charges, and determine who has authorization to use the credit cards. Personal expenses NEVER should be charged on a corporate credit card. Document authority. Reimbursement request from an employee why not add a statement to the request form that The requested reimbursement is pursuant to our Organization s reimbursement policy and is true and complete. Seek advice from counsel before changing reimbursement forms. [Senior executive used company credit card for personal use, travel for relatives, payment to consultants with less than arm s length relationship, additional credit cards paid by firm, among others] ATM Cards Don t use them! 7 Preventive Measures and Some Quick Tips Authorization and Process Controls Authorization dollar thresholds; approval limits; govrnanceapproval of major transactions/contracts; monitoring to detect unusual transactions Vendor Fraud Prevention Vendors phantom or real? Or, related parties? Do employees have second jobs? Document and look at the possibility of organization funds used for purposes other than the allowed business purpose. [Classic examples include staff as well as management feeling they can rationalize the theft of firm assets for their off duty jobs, among other reasons]. Mandatory Rotation of Duties Employee NEVER takes time off? Does this mean an exceptional employee? Or someone who needs to be ever-vigilant to cover their tracks?[not always a good sign] 8 July 14, 2014 4
Reminder - The Fraud Triangle Pressure/ Incentive Opportunity Rationalization/ Concealment 9 Reminder - The Fraud Triangle Incentives and Pressures What are the incentives and pressures that drive financial performance? Opportunities How strong are internal controls, internal audit department and anonymous reporting programs? Rationalization/Concealment Character, ethical values, integrity and how management may justify their actions 10 July 14, 2014 5
Reminder - Fraud is defined as: any intentional act or omission designed to deceive others and resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Source: Managing the Business Risk of Fraud: A Practical Guide 11 Reminder - Three Fraud Categories 12 July 14, 2014 6
Uniform Occupational Fraud Classification System Source: ACFE 2012 Report to the Nations 13 ASSET MISSAPPROPRIATION Asset Misappropriation Cash Non-Cash Assets Theft of Cash on Hand Theft of Cash Receipts Fraudulent Disbursements Misuse Larceny Skimming Cash Larceny Billing Schemes Register Disbursements Payroll Schemes Expense Reimbursement Schemes Check Tampering 14 July 14, 2014 7
CORRUPTION Corruption Conflicts of Interest Bribery Illegal Gratuities Economic Extortion Purchasing Schemes Invoice Kickbacks Sales Schemes Bid Rigging 15 FINANCIAL STATEMENT FRAUD Financial Statement Fraud Asset/Revenue Overstatements Timing Differences Fictitious Revenues Concealed Liabilities & Expenses Improper Asset Valuations Asset/Revenue Understatements Timing Differences Understated Revenues Overstated Liabilities & Expenses Improper Asset Valuations Improper Disclosures 16 July 14, 2014 8
Categories of Fraud Frequency of Fraud by Type 2012 Median Loss: $120,000 2012 Median Loss: $250,000 2012 Median Loss: $1,000,000 17 How fraud affects our clients According to the ACFE s 2012 Report to the Nations on Occupational Fraud and Abuse: The typical organization loses an estimated 5% of its annual revenues to occupational fraud. Median loss: $140,000 Median duration: 18 mo. 18 July 14, 2014 9
Prevalence by Industry Top 10 Industries of Victim Organizations 19 Report for Embezzlements Slightly Different Major Findings: Financial services industry -greatest losses due to embezzlements, followed by healthcare and non-profit organizations Gambling issues were the motivating factor for 22% of the cases 40 to 49 year old perpetrators incurred the highest overall losses Source: The 2011 Marquet Report on Embezzlement by Marquet International, Ltd., dated January 17, 2012 20 July 14, 2014 10
Victim Organizations Prevalence by Size of Victim Organization 2012 Median Loss: $147,000 2012 Median Loss: $150,000 2012 Median Loss: $100,000 2012 Median Loss: $140,000 21 Gestation Period for Frauds to Be Detected Source: ACFE 2012 Report to the Nations 22 July 14, 2014 11
Who Commits Fraud Approximately 87% of fraudsters have never been charged or convicted of a fraud-related offense Approximately 42% have between one and five years of tenure at their organizations 23 Who Commits Fraud The six most common departments in which fraud perpetrators worked: Accounting (22%) Operations (17%) Sales (13%) Executive/upper management (12%) Customer Services (7%) Purchasing (6%) 24 July 14, 2014 12
Position Position Frequency Median Loss Employee 41.6% $60,000 Manager 37.5% $182,000 Owner/Exec 17.6% $573,000 Source: ACFE 2012 Report to the Nations 25 Tenure Tenure Frequency Median Loss <1 Year 5.9% $25,000 1-5 Years 41.5% $100,000 6-10 Years 27.2% $200,000 > 10 Years 25.3% $229,000 Source: ACFE 2012 Report to the Nations 26 July 14, 2014 13
Embezzlement Study Motivating Factors* Motivation Cases % Lifestyle 80 58.4% Gambling 30 21.9% Support personal business 10 7.3% Substance abuse 8 5.8% Shopping addiction 4 2.9% Support a significant other 3 2.2% Entitlement belief 2 1.5% *2011 Marquet Report on Embezzlement based on analysis of 473 specific cases in which the motivating Total factor could be guessed in 137 cases 137 100.0% 27 Report for Embezzlements Embezzlement Methods by Amount Involved: Method Total Amount % of Total Forged/unauthorized checks $106,408,000 30.9% Unauthorized electronic transfers $90,442,000 26.3% Theft/conversion of cash receipts $56,296,000 16.4% Vendor fraud scheme $44,306,000 12.9% Payroll shenanigans $17,578,000 5.1% Source: The 2011 Marquet Report on Embezzlement by Marquet International, Ltd., dated January 17, 2012 28 July 14, 2014 14
Common Control Weaknesses/Breakdowns Primary Internal Control Weakness Observed by CFEs 29 Common Control Weaknesses/Breakdowns Lack of segregation of duties Management override of controls Lack of management review 30 July 14, 2014 15
Behavioral Red Flags Living beyond one s means Vehicles, jewelry, homes, clothes Credit or debt problems Borrowing money Excessive use of drugs and/or alcohol Easily annoyed at reasonable questioning Unwilling to share duties Gambling or other addiction problems Refusing vacations or promotions Divorce/Family Problems Abnormally close relationship to vendor/customer 31 How is Fraud Detected? Tips (43%) Management Review (15%) Internal audit (14%) By Accident (7%) Account Reconciliation (5%) Document Examination (4%) External Audit (3%) Notified by Police (3%) Surveillance/Monitoring (2%) Confession (2%) IT Controls (1%) Other (1%) Source: ACFE 2012 Report to the Nations 32 July 14, 2014 16
Forensic Data Analysis Forensic Data Analysisis the process of gathering, summarizing, comparing and aggregating existing disparate sets of data that organizations routinely collect in the normal course of business with the goal of detecting anomalies that are traditionally indicative of fraud or other misconduct. Can be used in the Prevention, Detection or Response of fraud or other misconduct Provides additional comfort to C-Level Executives, Audit Committees, Internal Audit Departments & Management 33 Types of Frauds and Areas of Analysis Accounts Payable Purchase Cards Payroll Travel and Entertainment Expense Journal Entries Fictitious vendors Fictitious, inflated and / or duplicate invoices Structured payments Conflicts of interest Kickbacks Bid-rigging Duplicate purchasing and reimbursement schemes Unauthorized and/or improper purchases Unauthorized users Unauthorized SIC codes Ghost employees Improper supplemental payments Improper bonus or incentive compensation payments Inflated salaries Inflated hours False or inflated reimbursement submissions Improper use of corporate credit card Purchase for personal use Duplicate purchasing and reimbursement schemes Foreign Corrupt Practices Act Unbalanced journal entries Improper management override Improper expense capitalization Improper revenue recognition Entries to unusual or seldom used accounts Improper or unauthorized user activity Entries during nonbusiness hours 34 July 14, 2014 17
Types of Frauds and Areas of Analysis Accounts Receivable Inventory Revenue Non- Financial Fictitious customers Lapping Fictitious, inflated, duplicate or unnecessary purchases False or inflated sales Fictitious customers Weblog analysis Building access logs Credit balance fraud Offsets with unauthorized or improper expenses Improper AR aging Theft through improper write-off Excessive shrinkage Improper commission or bonus payments Revenue recognition abuses including channel stuffing, liberal return policies or bill and hold schemes Computer print reports Client proprietary database analysis 35 QUESTIONS Please do not hesitate to contact CLA. All inquiries accepted and confidentiality maintained. We are experienced with reactivematters, forensic and litigation matters, and proactiveways to help keep your organization sustainable and accountable. Christopher W. Truman, CPA,Manager Public Sector Group CliftonLarsonAllen LLP Direct 267-419-1160 christopher.truman@claconnect.com Main 215-643-3900, Fax 215-643-4030 610 W Germantown Pike, Suite 400, Plymouth Meeting, PA 19462 CLAconnect.com Paul J Kelly III, CPA, MBA, CGMA, Principal Public Sector Group CliftonLarsonAllen LLP Direct 267-419-1173, Mobile 215-740-1102 paul.kelly@claconnect.com Marion A. Hecht, CPA, CFF, CFE, CIRA, MBA, Principal Fraud & Forensic Investigations, Receivership and Litigation CliftonLarsonAllen LLP Direct 571-227-9613, Mobile 202-701-3921 marion.hecht@claconnect.com Main 571-227-9500, Fax 571-227-9552 4250 N. Fairfax Drive, Suite 1020, Arlington, VA 22203 CLAconnect.com Main 215-643-3900, Fax 215-643-4030 610 W Germantown Pike, Suite 400, Plymouth Meeting, PA 19462 CLAconnect.com 36 July 14, 2014 18