Reduce Your Risk: Understanding Internal Controls and Fraud Risks and Prevention Michigan Municipal Treasurers Association June 16, 2017 Scott Sternhagen, CPA Manager Ryan Ritchay, CPA, CFE Senior Accountant
About Schenck A full service CPA and business consulting firm Specialized Technical Resources Local, Personalized Service 2
About Schenck Helping organizations find success for 85 years 10 offices throughout Wisconsin and the Upper Peninsula of Michigan A top regional firm one of top 50 CPA firms in the nation 600+ employees, 63 shareholders Global reach through The Leading Edge Alliance 220 member firms in 100+ countries; more than 100 U.S. cities Client-centered: relevant expertise and experience High continuity of staff (turnover rates below national averages) 3
Schenck s Government Team Your trusted advisor for more than 100 years Exclusively committed to meeting the specific financial needs of public entities Work closely with hundreds of organizations throughout Wisconsin and the Upper Peninsula of Michigan Including counties, municipalities, school districts, utilities and sanitary districts Some of which we ve been serving for nearly 50 years We know the challenges you face. We fully understand your complex financial reporting needs. And we have the experience and team you can trust to help your organization succeed. 4
Additional Resources Risk services Internal control reviews Accounts payable testing Internal audit support Human resources consulting Payroll services (dedicated representative, no impounding) Technology services(software selection, implementation, training and support) Succession/Transition planning Process improvement Investment management and retirement plan administration M&A assistance (advisory services, due diligence, valuations) Management consulting (costing analysis, profit enhancement, financing) 5
Today s Agenda Fraud characteristics How to implement controls Practices to reduce the likelihood of fraudulent activities What is internal control? Types of internal control Framework of internal control Case studies 6
The Fraud Triangle Dr. Donald Cressey Opportunity No Separation of Duties Close relationships with third parties Understanding of accounting functions/generalist Unshareable Need Personal financial problems Addictions Unrealistic business goals Rationalization I will pay it back I deserve this They won t miss it 7
Fraud Characteristics Fraud typically starts small There are typically fraud warning signals Collection agency calling Lack of information Living above one s means You can t be too trusting fraud always involves confidence Tone at the top is most important 8
Fraud Examples EMPLOYEE Fictitious Employees Expense Reimbursement Schemes Personal expenses False Hours/Wage Rates P-Cards/Credit Card Abuse VENDOR/THIRD PARTY Fictitious Vendors/Suppliers Vendor name matches a name of an employee Vendors are unapproved Fraudulent Invoices Duplicate invoices to vendors Payments without invoices Kickbacks, Bribes and Bid Rigging COMPUTER Hacking/Unauthorized Access to Assets Improper Access Granted to Employees MISAPPROPRIATION OF ASSETS Cash/Checks Cash Skimming: Removing cash before the District records the receipts Check Tampering: Phony checks or phony recipients are created Unauthorized withdrawals Accounts Receivables Unauthorized write-off of accounts receivable balances and subsequent collection kept Physical Assets Stealing cash, other inventory and supplies for personal use 9
Profile of an Embezzler People who commit fraud are exactly like us Parents, grandparents, good citizens 83% of cases involve employees who were never punished or terminated for fraud in prior employment* Majority of fraud perpetrators are college-educated* Generally, long-term employees (trusted employees) Red flags often overlooked Can be controlling, sometimes never ask for time off or do not allow others to do their job when off on vacation * ACFE s 2016 Report to the Nations 10
Initial Detection of Occupational Fraud 2016 Association of Certified Fraud Examiners, Inc. 11
Fraud Schemes Methods of Committing Fraud have Changed 30 Years Ago: Stealing cash receipts Stealing supplies and equipment Checks for cash 12
Fraud Schemes Methods of Committing Fraud have Changed Now: Electronic transfers to personal accounts Unauthorized payments fake vendors Payroll schemes fake employees, unauthorized payments Credit card purchases for personal use 13
Why are Governments Susceptible? Management and governing boards are more trusting Lack of owner role Cost restrictions and size limitations Segregation of duties (budget constraints) Limited anti-fraud programs or controls Limited ratio analysis 14
What is Internal Control? The ACFE defines internal control as: A process effected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. 15
Internal Control Framework Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities 16
Control Environment Tone at the Top Overall goal is to create an environment where integrity and ethical standards are valued entity-wide Requires participation from employees at all levels 17
Risk Assessment Where will errors occur? Need to evaluate the level of acceptable risk for each identified area Generally recommend performing a risk assessment at least once per year 18
Control Activities Developing processes and procedures designed to address the risk identified in the previous stage Segregation of duties Should be evaluated on an annual basis 19
Information and Communication Information used to make decisions is relevant, timely, and accurate Management communicates the importance of the internal control procedures in place Management communicates with external parties regarding matters concerning internal control 20
Monitoring Activities Assesses whether the five components are present and functioning Involves training and monitoring performance Needs to be done on an ongoing basis 21
Detective Internal Controls Designed to detect errors Generally involves reviewing the end results of a function or process Proper detective internal controls will reveal errors soon after they occur 22
Preventative Internal Controls Designed to prevent errors Involves reviewing data input as well as data output Proper preventative internal controls will reduce the number of errors, both intentional and unintentional 23
Corrective Internal Controls Controls designed to correct errors discovered with detective controls Focus is on correcting the cause of the errors Can involve maintaining backup copies and master files 24
Basic Internal Control over Receipts Timely deposits of collections Timely recorded in the general ledger Cash drawer is balanced by employee A, while bank deposits are made by employee B Timely reconciliations of collections to general ledger Timely reconciliation of bank deposits to general ledger Through on-line inquiry Cash receipts are stored in a secure location until deposited Who has ability to void receipts 25
Basic Internal Control Over Disbursements Invoices are authorized by appropriate individuals Individual who processes checks does not print or sign New vendor set up or changes Pre-numbered checks Proper authorization for wire transfers and EFT payments Proper credit card procedures Assigned to individuals, not departments Individual who reconciles and approves does not have access to one Appropriate credit limits 26
Basic Internal Control Over Payroll Who enters pay rate information Appropriate approval of time cards For hours & overtime For vacation & sick leave Direct deposit vs. checks Review of payroll reports for reasonableness and fake employees Review of general ledger to budget Rotation of duties 27
Common Barriers to Internal Control Heavily reliant on people Going through the motions Process driven versus understanding role See no evil, hear no evil Conflict avoidance; not my job, not my business Management override Employee turnover Lack of documentation (who, why, how) Where s all the time gone? Tight budgets, no money to hire enough people Board members don t understand the importance Takes too much time 28
Case Study #1 The City has a population around 15,000 Hired the perpetrator as the comptroller in 1983 In 1990, the comptroller opened an bank account in the City s name, with herself as the owner of the account 29
Case Study #1 The Comptroller normally had 4 weeks of vacation, but was approved for 12 weeks unpaid leave in the fall of 2011 The City Clerk filled in as her replacement Bank statement for the account owned by the comptroller was received in the mail The replacement notified the Mayor, who didn t know the account existed 30
Case Study #1 The Comptroller moved money from the City s bank accounts several times, until she deposited the money into her account From 2006 to 2012, approximately $34 million was stolen from the City 31
Case Study #1 Segregation of duties failure The Comptroller could authorize and open accounts, make payments, move money between accounts Would provide explanations for why account balances were negative The Comptroller received the mail, giving her the opportunity to intercept her bank statement The comptroller reconciled the bank statements Over reliance on trust as internal control 32
Case Study #1 The Comptroller pled guilty to wire fraud and was sentenced to over 19 years in prison Prosecutors discovered a total of $53 million missing from 1988 to 2012 Dixon saw a $3 million increase to fund balance one month after the Comptroller s termination 33
Case Study #2 Both the Treasurer and Deputy Treasurer were long time employees of a County each had been employed more than 30 years Authorities identified approximately $1.4 million in missing money 34
Case Study #2 A clerk would receipt a tax payment (both checks and cash) The Deputy Treasurer would void the check in the accounting system, but include in the daily deposit In order to balance, the equivalent amount in cash was withdrawn from the deposit to the bank Eventually, the taxpayer s account was credited and on those days a daily report was not run by either the Treasurer or Deputy Treasurer Many of these activities took place when the Treasurer s office was closed 35
Case Study #2 Both employees retired at the same time The new treasurer discovered discrepancies when trying to reconcile delinquent taxes The Treasurer and Deputy Treasurer were charged with embezzling more than $600k The Treasurer received a sentence over nine years in prison The Deputy Treasurer received a sentence of thirteen years in prison 36
Case Study #3 Employee started working for the City in 1994 Became the finance director in 2001 The City hired a new finance director in 2006 The new finance director began reconciling cash starting with September 2004 During this process, a check written to the former finance director was discovered total amount was $36,885 37
Case Study #3 The City hadn t had an external audit for five years Finance Director wrote monthly checks to herself, averaging around $30k Finance Director would take checks that hadn t been voided home to write checks in her name, or a fake consulting business Finance Director would then show reconciling items on the bank reconciliation Finance Director would alter bank statements, hiding fraudulent checks with White Out 38
Case Study #3 Total loss to the City was approximately $1.4 million Finance Director received eight years in prison Poor financial records allowed the opportunity for fraud Virtually no segregation of duties nothing prevented the Finance Director from writing checks to herself 39
Case Study #4 City has a population around 3,000 Hired Treasurer in 2000, where she remained until 2012 During this time, over $80k went missing Treasurer used a variety of schemes Billing misappropriation Cash larceny Manipulation of computer records 40
Case Study #4 Treasurer seldom submitted financial reports to the City Council Did not have sequential receipts External auditor gave a disclaimer opinion on the 2011 financial statements City Council and the City Manager ignored the audit report Eventually, the state came in and performed an audit Could not determine the total missing, due to incomplete financial records 41
Case Study #4 Treasurer was sentenced to one year in jail Total missing was approximately 7.5% of total cash available to the City Lack of segregation of duties Over reliance on trust as internal control 42
Case Study #5 Employee worked as the financial manager of a human services department Stole approximately $185k from her employer between 2013 and 2016 Submitted falsified invoices for work not performed Used the money for personal expenses 43
Case Study #5 Little oversite on who entered new vendors Check writers should 44
General Red Flags Someone protective over their work/works unusual hours Takes few vacations Known financial problems Lifestyle out of line with compensation Reconciliations always off 45
Behavioral Red Flags Displayed by Perpetrators 2016 Association of Certified Fraud Examiners, Inc. 46
THANK YOU! Any questions? Scott Sternhagen, CPA Manager scott.sternhagen@schencksc.com Ryan Ritchay, CPA, CFE Senior Accountant ryan.ritchay@schencksc.com