Fraud Prevention & Detection Eric Conforti, CPA, CFE April 17, 2018 1
Recent Trends Prevention and Detection Methods Common Schemes Case Studies Throughout 2
ACFE Report to the Nations 3
ACFE Report to the Nations Issue Auditing Fraud Examination Timing Scope Objective Relationship Methodology Standard Recurring Audits are conducted on a regular, recurring basis. General Examination of financial data. Opinion Generally conducted for the purpose of expressing an opinion on the financial statements or related information. Nonadversarial The audit process is nonadversarial in nature. Audit Techniques Examination of financial data and obtaining corroborating evidence. Professional Skepticism Auditors are required to approach audits with professional skepticism. Nonrecurring Fraud examinations are nonrecurring, conducted only with sufficient predication. Specific Conducted to resolve specific allegations. Affix Blame Determine whether fraud has occurred or is occurring, to determine who is responsible. Adversarial Fraud examinations, because they involve efforts to affix blame, are adversarial in nature. Fraud Examination Techniques 1.) Document examination; 2.) Review of outside data such as public records; and 3.) Interviews. Proof Fraud examiners approach the resolution of a fraud by attempting to establish sufficient proof to support or refute a fraud allegation. 4
ACFE Report to the Nations Every two years the Association of Certified Fraud Examiners publishes a study on occupational fraud and abuse. The report is available for free at www.acfe.com 5
ACFE Report to the Nations Summary of Trends 2010 2012 2014 2016 Annual Revenues Lost to Fraud 5% Median Loss per Incident $160,000 $140,000 $145,000 $150,000 Primary Factor of Loss Typical Scheme Time Duration Clean Employment Histories Typical Occurrences of Fraud Percentage of Asset Misappropriation Lack of internal controls 18 months 85% 87% 87% 95% Asset misappropriation 90% 87% 85% 83% 6
ACFE Report to the Nations Primary Internal Control Weakness 7
ACFE Report to the Nations The Fraud Triangle 8
ACFE Report to the Nations Fraud Schemes by Industry 9
ACFE Report to the Nations Fraud Schemes by Industry Most common fraud schemes in the education industry. 1) Billing 2) Corruption 3) Skimming 6) Expense reimbursement 10
ACFE Report to the Nations Discovery What is the most common method of discovery? A) Tip B) Surveillance/Monitoring C) External Audit D) Account Reconciliation 11
ACFE Report to the Nations Discovery 12
ACFE Report to the Nations Discovery 13
General Prevention Measures 14
ACFE Report to the Nations General Prevention Measures Typical Fraudster Be familiar with the typical fraudster. 1. Employment traits 2. Personality traits 3. Lifestyle traits 15
ACFE Report to the Nations General Prevention Measures Typical Fraudster Median loss: Male - $187,000 Female - $100,000 (previously $83,000) Between 35 and 41 years old 55 percent Long-term employees = larger frauds May not take vacation/pto 16
ACFE Report to the Nations General Prevention Measures Typical Fraudster What was the most common behavioral red flag displayed by fraudsters? A) Addiction Problems B) Living Beyond Their Means/Financial Difficulties C) Complained About Inadequate Pay D) Marital Problems 17
ACFE Report to the Nations General Prevention Measures Typical Fraudster 18
ACFE Report to the Nations General Prevention Measures Typical Fraudster 19
ACFE Report to the Nations General Prevention Measures Periodic background checks Changes in motivating factors Tone at the Top Rationalization Employee Support Programs Motive Mandatory vacations and/or job rotation Who doesn t like vacation?! 20
ACFE Report to the Nations General Prevention Measures Don t provide the fraudster excuses. Effective and consistently enforced employee code of conduct Signed employee handbook requirement Anti-Fraud Training 21
Detection Methods 22
ACFE Report to the Nations Detection Methods Anonymous hotline and/or cameras Surprise procedures Ask questions and get answers Forensic accountants Periodic Data Monitoring 23
ACFE Report to the Nations Detection Methods What is the most effective method of reducing fraud loss? A) Tip B) Surveillance/Monitoring C) External Audit D) Account Reconciliation 24
ACFE Report to the Nations Detection Methods 7 25
ACFE Report to the Nations Discovery 26
Billing Schemes 27
Schemes Top Fraud Schemes Education Billing Schemes. Person causes employer, via submission of an invoice, to issue a payment for fictitious goods or services Shell companies Inflated invoices Personal purchases 28
Schemes Top Fraud Schemes Education Billing Schemes Concealment. In 94.5% of the cases in our study, the perpetrator took some efforts to conceal the fraud. The most common concealment methods were creating and altering physical documents. 29
Schemes Top Fraud Schemes - Billing What do you look for? Missing information: Addresses Invoice numbers Logos Inconsistent information: Fonts Formats Addresses What is the business purpose? Ask ownership Confirm the legitimacy, not the existence Think outside the box! 30
Corruption Schemes 31
Schemes Top Fraud Schemes - Education Corruption Schemes A vicious and fraudulent intention to use one s position for personal benefit, contrary to the rights of others. Involves multiple parties. Kickbacks Conflicts of interest Bribery 32
Billing and Corruption Common Formats of Fictitious Invoices 33
Billing & Corruption 34
Schemes Top Fraud Schemes Billing & Corruption Corruption can be VERY difficult to detect and even more difficult to prove. We needed to: Utilize our background research tools Perform social media research Perform an exhaustive review of email activity using key-word searches Even surveillance was performed to supplement our findings However, a simple Google search by internal audit was all it took to start unraveling the scheme Follow-up if you see something that doesn t make sense. Identifying that the quote from one vendor to another vendor seemed unusual and digging in further was key to piecing together the mark-up scheme 35
Fraud Analytics 36
Fraud Analytics Address Testing Geocoding: The process of transforming a postal address description to a location on the earth s surface (spatial representation in numerical coordinates) Forensic Data Analytics: Geocoding is a precise method for performing address matches (such as vendor-employee matches) or finding addresses within a close proximity https://en.wikipedia.org/wiki/geocoding 37
Fraud Analytics Address Testing Excel Fuzzy Lookup Add-In Add-in for Excel available on Microsoft s website Useful for comparing data from two sources Address matching Name matching Simple to use 38
Fraud Analytics Address Testing 39
Fraud Analytics Duplicates Conditional Formatting Highlight your data One column at a time Leave out employee at this point Go to conditional formatting Highlight cells rules Duplicate values Click ok 40
Fraud Analytics Duplicates Conditional Formatting All the duplicates will now be highlighted in the default color. Sort your data by color. 41
Fraud Analytics Duplicates Conditional Formatting Manual Review More highlights = more risk 42
Fraud Analytics Sequence Testing Out of Sequence Checks: =IF(B4-B3>=0,"","OutSeq") 1) Sort the data by Check Number then Check Date 43
Fraud Analytics Sequence Testing Out of Sequence Checks: =IF(B4-B3>=0,"","OutSeq") 2) Insert a column next to the Check Date column. The column should be formatted as General. 3) Start at the second row of data in your set. Insert the following formula: (=IF(B4-B3>=0,"","OutSeq"). The B is replaced with whichever column the Check Date is in. The 4 and 3 is replaced with whichever rows your second and first rows are in your data set. 4) Highlight your new column with the calculated formulas. Copy and Paste-Special Values so they don t change if you sort the file. 44
Fraud Analytics Non Business Days Checks Cut on Non-Business Days: =Weekday 1) Insert the formula =Weekday in the column to the right of the Check Date column. 2) The formula should select the Check Date column as the cell to test, as follows: =Weekday(Check Date column). 3) The column must be formatted as accounting or number, without decimal points. 4) Sort the data by this new column. 5) Checks with the value 1 were cut on Sunday and checks with the value 7 were cut on Saturday. 45
Fraud Analytics Other Potential Fraud Tests Payments just below approval limits (sort) Inconsistent invoice numbers (=Len) Payments for duplicate amounts on the same date (Conditional Formatting) Payments for round dollar amounts (=round and compare the rounded amounts to the original amounts) Expenses incurred and/or invoices dated on non-business days 46
Skimming 47
Schemes Top Fraud Schemes - Education Skimming Schemes Cash is removed from an entity before it enters the accounting system Sales Unrecorded sales Understated sales Accounts receivable Write-off Lapping Refund and other schemes 48
Case Study Skimming Food Service Are deposits delinquent? Is the Point of Sale system reconciled with deposits? Is the cash to checks ratio consistent? Are surprise audits performed? Is the process well documented? 49
Schemes Top Fraud Schemes Skimming A skimming can be difficult to detect since it is an off the books scheme (i.e., cash is taken before it is recorded) What else can you do? Data analytics to identify unusual amounts Video monitoring of areas where employees handle cash Follow-up on complaints or inquires from customers Segregation of duties 50
Reimbursement Schemes 51
Reimbursement Scheme Top Fraud Schemes Education Expense Reimbursement Schemes Employee makes a claim for reimbursement of fictitious or inflated business expenses Fraudulent expense report Claims for personal travel Non-existent meals 52
Reimbursement Scheme Top Fraud Schemes Education Prevention Methods Ensure duties are segregated for approval Ensure reviewers would actually be knowledgeable on expenses Only accept original itemized receipts Detection Methods Duplicate transactions (amount, location, date, people, etc.) Transactions just under documentation threshold 53
Case Study Reimbursement Scheme Numerous fake receipt websites exist Look beyond documentation/amounts than those provided by the person seeking reimbursement/payment Organization credit card statements Third party travel agency Online banking activity Random calls to third parties 54
Schemes Top Fraud Schemes Reimbursement Preventative Measures Properly segregate duties Ensure reviewing/approving expenses process is appropriate Subordinate should not be reviewing supervisor s expenses Reviewer should be able to differentiate a legitimate expense from an improper expense Pay attention to statement balances, not just individual transactions Detective Measures (Data Analytics Testing) Search for duplicate transactions (amount, location, date, people, etc.) Search for transactions just below documentation requirement threshold 55
Back to the Basics: The Bank Statements 56
Back to the Basics: The Bank Statements Club Scheme Who is providing oversight? Is reporting being provided to District? Does the Club have its own EIN? Has the District provided guidance to the Club? 57
Back to the Basics: The Bank Statements The situation: Allegations that the CFO was embezzling Analyzed the bank statements to identify unusual outflows of cash 58
Back to the Basics: The Bank Statements In theory, activity received and disbursed should be visible within the bank statements Bank statements should be mailed directly to someone who is not involved in the cash disbursement and/or receiving process Multiple sections provide useful information Cleared check numbers ATM or direct cash withdrawals Electronic payments 59
Check Tampering 60
Schemes Top Fraud Schemes Check Tampering Controls Who has access to check stock? Who has access to auto-signatures? (e.g., printed with signatures, signature stamps, etc.) Is Positive Pay used? Data Analytics Testing Evaluate sequence of cleared check numbers Compare cancelled checks to check registers Search for duplicate check numbers Search for multiple checks to the same vendor on the same day 61
Dixon, IL 62
Dixon, IL The Background 2013 Population 15,333 2012 Median household income $38,719 2012 Median house/condo value $83,601 2012 Total Expenses $15.6 M 63
Dixon, IL The Background Long-term employee Started as an intern in high school in 1970 Named Treasurer and Comptroller in 1983 Lack of internal controls Reconciled accounts Made deposits Requested funds Controlled the mail (PO Box) 64
Dixon, IL How Much Did She Take? 65
Dixon, IL How Was She Caught? 66
Dixon, IL Results Rita Crundwell, at 60 years old, sentenced to 19 years and 7 months in federal prison Recovery: $35.15 million to be paid by CliftonLarsonAllen $3.5 million to be paid by Fifth Third Bank $1.0 million to be paid by Janis Card and Associates of Sterling $9.0 million (approximately) paid by U.S. Marshall s auction after expenses (Less): $10.35 million in legal fees 67
Questions? Eric Conforti, CPA, CFE 248.223.3621 Eric.Conforti@PlanteMoran.com Eric is a senior manager with our Forensic Accounting Services group, specializing in providing forensic investigations (the team conducts more than 100 each year), data analytics, and internal control analyses. Professionally trained in a variety of interviewing and interrogation methods, he has identified millions in losses due to asset misappropriation across a variety of industries. Eric has helped organizations prepare economic loss claims that are filed with insurance companies and provided referrals to law enforcement at the federal, state, and local levels, resulting in dozens of criminal convictions. Prior to joining this practice, Eric gained valuable experience serving as an auditor on Plante Moran s governmental team. Eric is a Certified Fraud Examiner and a Certified Public Accountant in the states of Ohio and Michigan. He is a member of the Association of Certified Fraud Examiners and the American Institute of Certified Public Accountants. 68