Fraud Detection and Prevention for Governmental Organizations Michael A. Swafford, CIA, CFE
Presenter Michael A. Swafford, CIA, CFE Mike is a Consulting Manager in our Forensic Valuation Services Practice based in the Chicago Office. He has 14 years of experience providing risk and control services, internal audit, forensic accounting and fraud consulting. He has experience performing operation reviews, interviews and forensic accounting. He has extensive experience using data mining software for use in internal control reviews as well as forensic investigations. His experience has been in the Financial Institutions, Manufacturing, Scrap Metal, Real Estate Industries and Healthcare. Mike has experience facilitating the Internal Audit/SOX activities for multi-billon dollar asset companies. Including spending several months in various international cities. Mike is a Certified Internal Auditor, a Certified Fraud Examiner, has a Certificate in Control Self- Assessment and an Accreditation in Internal Quality Assessment/Validation. Prior to joining Plante Moran, Mike worked for a large Detroit-based bank. Mike received his Bachelor of Business Administration from Western Michigan University in 1999. 1
Preventing and Detecting Fraud There is no absolute and cost-effective way to prevent or detect all fraud Mitigation of fraud risk is the best method to reducing fraud exposure Prevention is achieved through removing the drivers of the three reasons fraud is committed Pressure Opportunity Rationalization 2
Fraud Triangle OPPORTUNITY PRESSURE RATIONALIZATION Source: Occupational Fraud and Abuse by Joseph T. Wells, CPA, CFE 3
Fraud Drivers Pressure NEED FOR ADDITIONAL RESOURCES PRESSURES/MOTIVES Addictions Drugs, gambling Debt Credit cards, medical bills, mortgage Investment losses Living beyond economic means Relationships Divorce, extramarital RETALIATION Passed over for promotion Feels that he/she does not have respect Underpayment of services OPPORTUNITY RATIONALIZATION 4
Fraud Drivers Opportunity LACK OF INTERNAL CONTROLS Poor segregation of duties PRESSURES/MOTIVES Inadequate/non-existent user access controls and reviews Lack of audit trail Lack of management oversight and security OPPORTUNITY RATIONALIZATION BREAKDOWN IN INTERNAL CONTROLS Manual overrides and work around to avoid controls ( ok this one time ) 5
Fraud Drivers Rationalization Most fraudsters do not consider themselves criminals PRESSURES/MOTIVES Most fraudsters are first time offenders The fraudster tells himself/herself: I was borrowing the money OPPORTUNITY RATIONALIZATION The company won t miss this money My employer wasn t paying me what I deserve to make I am entitled to that because I did not get the raise 6
Types of Audits EXTERNAL AUDIT: General fraud detection steps in audit plan Gather information needed to identify risk factors that fraud may result in a material misstatement INTERNAL AUDIT Fraud detection steps in audit plan Investigates allegations of fraud Reviews current fraud prevention and detection controls FRAUD AUDIT (FORENSIC AUDIT) Investigate specific instances of known or suspected fraud Focused, deep dive audit plan 7
Creating Anti-Fraud Measures: Removing the Drivers Fraud Risk Assessment Internal Control Environment Whistleblower Hotline Code of Conduct 8
Fraud Risk Assessment PURPOSE: Essential component to an anti-fraud program (compliments whistleblower and code of conduct creation) Demonstrates a culture of anti-fraud Helps in early detection of fraud Assists the external auditors in assessing risk FRAUD CATEGORIES: Management Characteristics Industry Characteristics Operating Characteristics 9
Fraud Risk Assessment: Management Characteristics MANAGEMENT CHARACTERISTICS The actions and attitudes of management that result in an increase of the risk of fraud RISK FACTORS Potential override of internal controls Motivation to maximize or minimize earnings Adverse consequences of financial results Deteriorating financial condition Personal guarantees on debts Need to raise additional debt or capital Threat of bankruptcy or foreclosure Commitments to creditors to achieve results 10
Fraud Risk Assessment: Management Characteristics RISK FACTORS (CONTINUED) Management compensation tied to performance Pressure to maintain/increase stock price Excessively aggressive accounting policies Disregard for regulatory agencies Disregard for internal controls Domination by a person or persons without mitigating controls Known history of claims against entity Strained relationship with current/previous auditor 11
Fraud Risk Assessment: Industry Characteristics INDUSTRY CHARACTERISTICS The factors of the business environment that result in an increase of the risk of fraud RISK FACTORS New accounting, statutory, or regulatory requirements that could impair financial stability or profitability Declining industry with increasing business failures and declines in customer demand Rapid changes in industry High degree of competition or market saturation 12
Fraud Risk Assessment: Operating Characteristics OPERATING CHARACTERISTICS The inherent factors that result in increased fraud risk RISK FACTORS Significant related-party activity not in the ordinary course of business or with related entities not audited or audited by another firm Concentration of substantial loans and other transactions with officers, shareholders, affiliates or other related parties Significant purchases of assets by officers and shareholders Unusual, complex transactions at year-end Pressure to add capital Overly complex organization structure Unusually aggressive sales/incentive programs 13
Fraud Risk Assessment: Operating Characteristics RISK FACTORS (CONTINUED) High dependence on a few customers Marginal ability to meet debt covenants/capital ratios Investment in high-risk financial instruments or high-risk ventures Accounting estimates that are unusually aggressive, complex or subjective Unusually rapid growth or profitability High vulnerability to interest rates 14
Anti-Fraud Measures: Internal Controls and Fraud Removing drivers through internal controls can be effective: PREVENT/DETECT FRAUD PRESSURE Background/credit checks to high access employees Benchmark compensation to industry standards Develop a culture of respect and integrity Employee programs to seek help (Employee Assistance Programs) PREVENT/DETECT FRAUD OPPORTUNITIES Assess, test and adjust your internal control environment to meet the growth of your organization User access to IT systems, physical access to assets and segregation of duties reviews 15
Anti-Fraud Measures: Internal Controls and Fraud Prevent/detect fraud rationalization Communicate the fraud policy and detection measures to employees Implement a tip-line (whistleblower hotline) so others can report fraud Perform regular and at times unannounced internal audit procedures Note: employees rationalize that they will not be caught and are not criminals so the threat of sanctions or legal action levied against them is not a deterrent 16
Anti-Fraud Measures: Internal Controls and Fraud INTERNAL CONTROLS Defined by the Institute of Internal Auditors as a process, effected by an entity s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in: 1) Effectiveness and efficiency of operations, 2) Reliability of financial reporting and 3) Compliance with applicable laws and regulations. An internal control framework, like COSO, would help an entity prevent or detect potential fraud 17
Anti-Fraud Measures: Internal Controls ENTITY LEVEL CONTROLS Tone at the top Helps to remove the drivers: pressure and rationalization Hotline, gambling and family pressure resources for pressure Code of Conduct and culture will help remove rationalization so they understand that fraud is wrong, even in their case PROCESS LEVEL CONTROLS Helps remove opportunity Segregation of Duties System User Access review Ongoing reviews and approvals (financial and non-financial) 18
Anti-Fraud Measures: Establishing an Environment of Internal Controls PERFORM A RISK ASSESSMENT Identify high risk areas/transactions/locations DOCUMENT AS-IS PROCESSES Identify internal controls and potential gaps DETERMINE THE ENTITY S RISK RESPONSE Identify how the entity will address the risks Ignore, mitigate, accept, discontinue activity CONFIRM THE CONTROLS ARE OPERATING Periodically test and review internal controls MONITOR THE CONTROL ENVIRONMENT Ongoing and periodic reviews of the oversight function 19
Anti-Fraud Measures: Whistleblower Hotline Would your employees blow the whistle? HOTLINES PROVIDE: Anonymous submission of perceived or actual fraud Legal support to whistleblowers 24/7 Access Open to others outside the organization including vendors and customers MANAGEMENT SHOULD: Communicate the WB hotline availability to all employees Develop an independent method for receiving and addressing reported events 20
Anti-Fraud Measures: Code of Conduct PURPOSE: Provide employees with the basic principles adopted by company management that outlines the expectations of everyone at the organization LEADING CODE OF CONDUCT (CODE) PRACTICES: Obtain approval from oversight committee (Board or outside advisors) Each employee must review and approve the Code by signing the form Annual review and re-confirmation that the employee has read and understands the Code 21
Fraud Attributes: Red Flags Considered by Auditors Understanding the indicators of fraud behavior is sometimes the best way to prevent and detect fraud. SAMPLE RED FLAGS Unreconciled and unreconcilable accounts Reconciliations provided at the last minute Reconciling items that don t make sense Reconciling items that seem too large to be reasonable Commingled account reconciliations Large journal entries made at year-end or quarter-end 22
Fraud Attributes: Red Flags Considered by Auditors SAMPLE RED FLAGS (CONTINUED) Bank statements/canceled checks missing in action Key documents missing in action Board/committee minutes unavailable Certain accounts/loans off limits to confirmation Loans/purchases being made to/from third parties with same addresses, phones, etc. Loans to different borrowers having the same collateral 23
Fraud Attributes: Red Flags Considered by Auditors SAMPLE RED FLAGS (CONTINUED) Unsigned documents Old documents in place of current documents Internal documents instead of third party documents Illegible documents Incomplete documents Inconsistent photocopies Watermarks Missing appraisals Unknown appraisers 24
References and Credits AICPA Fraud Resource Center http://www.aicpa.org/antifraud/homepage.htm Association of Certified Fraud Examiners http://www.cfenet.com/home.asp Questions: Michael A. Swafford, CIA, CFE Manager, Forensic & Valuation Services 312-602-3529 Michael.Swafford@plantemoran.com