RED FLAGS OF FRAUD JOSEPH CHIANESE IAN HAIMOFF JOHN MCSWAIN MELISSA WISEMAN
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Red flags of fraud Joseph Chianese Ian Haimoff John McSwain Melissa Wiseman
Agenda Introduction and Background Common red flags and symptoms Role of the internal auditor - leading practices Conclusion Questions & answers Some resources to consider 1 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Introduction & background
Fraud: Defined Any illegal acts characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetuated by individuals and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. Source: The Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing --www.theiia.org “Deception brought about by misrepresentation of material facts, or silence when good faith requires expression, resulting in material damage to one who relies on it and has the right to rely on it.” I.R.S. Fraud Handbook (http://www.irs.gov/irm/part25/irm_25-001-001.html#d0e122) 3 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Fraud Basics: Types of fraud
Misappropriation of
Assets
Fraud
Fraudulent
Financial Reporting
Disclosure Corrupt Business
Practices
4 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Why does fraud occur?
The Fraud Triangle helps encapsulate the events or conditions that influence the
commission of a fraud.
• Incentives and pressures:
Management or employees
have an incentive or are under
pressure, real or perceived, • Where could the fraud occur?
which may provide a reason to
commit the fraud. • What would the fraud look like?
• Opportunity: Circumstances • What type of fraud is the area
exist that provide an opportunity susceptible to?
for fraud to be perpetrated.
• What are the effects on the books
• Attitudes and rationalizations: and records?
Those involved in the fraud
are able to rationalize committing • When could the fraud occur?
a fraudulent act.
5 Copyright © 2012 Deloitte Development LLC. All rights reserved.Moral – People Lie If you don’t acknowledge that fraud happens, you are not going to find it.
General Spheres that investigators work in
• Informational interviews
• Third parties
• Former employees
• Informants
Interviewing • Witnesses
• Admission seeking
• Public records
• Media
• E-mail
Audit Other • Analyze computer images
Research • Surveillance
• Phone records
• Document analysis
• Analytical reviews
• Trending
• Assessment of controls
7 Copyright © 2012 Deloitte Development LLC. All rights reserved.Valuable soft skills • Think like a fraudster • Pay attention to the details • Use information gathering techniques • Communicate and build rapport • All segments of an audit are connected • Use an unpredictable and flexible audit approach • Facilitate a control self assessment • Perform and understand data analytics 8 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Common red flags and symptoms
Categories of fraud symptoms • Behavioral symptoms • Lifestyle symptoms • Accounting anomalies • Internal control symptoms • Analytical anomalies • Tips and complaints ─Source: Internal Auditor Magazine, October 1996, “Employee Fraud” by W. Steve Albrecht ─www.theiia.org 10 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Potential Behavioral red flags & symptoms:
Common characteristics
On the surface:
• Long-time employee
Can you tell who is…
• In a position of trust who appears to be
extremely dedicated
In Debt?
• Hard-working employee who never takes
vacations
Stealing?
• Has unexplained cash or other wealth
Incompetent?
Beneath the surface:
• Lifestyle (house, cars, boats) beyond Corrupt?
known income sources
• Drug, gambling, alcohol or other vice
Desperate?
addiction
• Behavior indicating displeasure or
dissatisfaction with the organization
• Secretiveness towards accounting
documents or policies
11 Copyright © 2012 Deloitte Development LLC. All rights reserved.Behavioral red flags of perpetrators
Living beyond means 35.6%
Financial difficulties 27.1%
Unusually close association with vendor/customer 19.2%
Control issues, unwillingness to share duties 18.2%
Wheeler-dealer attitude 14.8%
Divorce/family problems 14.8%
Irritability, suspiciousness or defensiveness 12.6%
Addiction Problems 8.4%
Past employment-related problems 8.1%
Complained about inadequate pay 7.9%
Refusal to take vacations 6.5%
Excessive pressure from within organization 6.5%
Past legal problems 5.3%
Complained about lack of authority 4.8%
Excessive family/peer pressure for success 4.7%
Instability in life circumstances 4.1%
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0%
Source: ACFE’s Report to the Nation on Occupational Fraud and Abuse 2012
12 Copyright © 2012 Deloitte Development LLC. All rights reserved.Potential Symptoms and red flags: Accounts
receivable/cash receipts
• Customer complaints
• Unexplained change in uncollectable accounts and aging
• Customer statements are not sent or are not sent timely
• Timing differences between collections and posting to
accounts
• Staff not taking vacations
• Credits to a customer account followed by an identical debit
• Changes to customer accounts or new customers with
unusual names/addresses
• Shipping to customers without proper credit approval
• Unusual “ship to” address is different from company
address
13 Copyright © 2012 Deloitte Development LLC. All rights reserved.Potential Symptoms and red flags : Accounts receivable/cash receipts, continued • Inventory discrepancies • Unusual collection agency activity (low recovery/high utilization) • Changes in sales (increase or decrease) not consistent with changes in cash receipts • Unusual number of reverse transactions/voids • Unusual number of pricing overrides • Unusual number of credit overrides • Credit level increases not consistent with sales volume 14 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags: Accounts payable/cash disbursements • Actual costs over budget • Original documents are not available for inspection • Missing documentation • Changes to vendor master file are not approved • Payment not properly authorized or typical controls are overridden • Vendor names appear to be unusual • Vendors with multiple addresses or addresses that change frequently • Common name, address, bank account number between vendor and employee master files • Vendor address is a P. O. box • Frequent changes to vendor master file • Unexplained fluctuations in payments to vendors 15 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags: Accounts
payable/cash disbursements, continued
• Changes in employee habits and lifestyle
• Invoices are hand delivered
• Check sequences, anomalies, or gaps
• Endorsement anomalies
• Strange or unusual payees
• Lack of physical security protocol over check stock and signature
stamps or plates
• Bank reconciliations with long-term outstanding checks
• Differences between the payee per the check register and the cancelled
check
• Cancelled checks cannot be located
• Vendors not being paid timely or being paid sooner than other vendors
16 Copyright © 2012 Deloitte Development LLC. All rights reserved.Potential Symptoms and red flags: Purchasing • Frequency of purchases and amount of vendor spend sharply increase (particularly with new vendors) • Vendor used consistently in the past suddenly is no longer used • Vague descriptions provided on invoices (e.g., materials purchased or services rendered) • Unusual number of purchases below approval threshold level – purchases broken into smaller pieces • One payment applies discount, another pays full invoice (invoices amounts with 2% difference, etc.) • Volume of purchases not supported by a rational need • P-Cards - Unusually high spend activity at the end of the year • P-Cards - Weekend purchases and holiday purchases • P-Cards - Purchases from vendors not in the normal course of business (jewelry stores, casinos, furniture stores, gentlemen’s clubs, etc.) 17 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags: Purchasing, continued • Excessive sole source justifications • Unusual restrictions or time limits to exclude or reduce competition • Prequalification procedures that restrict robust competition • Vague bid specifications • Specifications developed by a vendor who then submits a bid • One party represents a number of potential bidders • Unknown or unusual vendors • Acceptance of late or incomplete bids • Permitting changes after receipt of bids • Bids submitted in editable electronic formats • Selecting vendors with records of poor performance history. • Qualified vendors stop submitting bids. 18 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags: Revenues • Sales trends out of line with industry • Sales exactly meet budget or analysts’ expectations • Bonuses tied to sales • Excessive returns after period end • Side agreements identified in confirmations • Recurring negative cash flows from operations • Sales on tax return differs from sales reported in financial statements. • Missing documentation • Commissions not paid to sales rep. when otherwise would be expected • Unusual increase in the number of days sales in receivables • Customer invoice shows extended payment terms or unusual return allowances • Credit limits exceeded 19 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Potential Symptoms and red flags: Corporate corruption • Operating in countries or industries notorious for fraud or corruption • Expenses over budget • Excessive consulting fees • Unauthorized payments for goods and services • Complaints from suppliers regarding bidding or relationships • Fluctuations in vendor volumes 20 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Leading practices
Proactive fraud risk management strategies: Investigations Some purposes: • Determine if laws, regulations or company policy have been violated • Quantify any losses and identify parties involved • Determine financial and regulatory reporting impacts • Provide support to recover funds from perpetrator or insurance • Provide factual basis for employee/business partner discipline/ termination/prosecution • Learn fraud schemes in use and aid risk assessment updates • Identify vulnerabilities in business processes and controls and develop recommendations for improvements • Demonstrate to regulators/shareholders due care by management • Deter future frauds by showing action is taken • Restore company’s credibility and authority • Remove uncertainty and help rebuild market capitalization 22 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Proactive fraud risk management strategies:
Fraud risk assessment & investigations
2 1 1. Intentionally recording
7 sales prematurely
2. Bribery/corruption
3
3. Creating fictitious sales
4. Fraudulent claims by retail
customers
6
8 5 5. Intentional overcharges by
4 vendors
6. Intentional overstatement of
assets used to secure
finance
7. Unauthorized trades in
Significance
financial markets
8. Unsupportable product
performance statements
10 9. False employee expense
report claims
9
10. Employee embezzlements
Likelihood
Sample fraud & corruption risk heat map only. Ratings will vary by company.
23 Copyright © 2012 Deloitte Development LLC. All rights reserved.Proactive fraud risk management strategies:
Advance preparation/ process in place
• Allegation system
• Allegation triage
• Case investigation
– Protocols, e.g., privacy/data protection/interviewing methods
– Resources, e.g., location/language/financial/computer forensics
• Case management
• Reporting
• Resolution
The worst time to plan for a crisis? When you are in one.
24 Copyright © 2012 Deloitte Development LLC. All rights reserved.Conclusion
• Death, taxes, fraud
• Companies would be wise to prepare
• Understand, prioritize and manage your company's fraud risks
• Have a detailed program to prevent, deter, detect, and respond to fraud
• Proactive tools and data analytics may help you identify
frauds earlier
• People will lie to you
• If you suspect a problem, demand an explanation
• Do not be intimidated into ignoring what you know to be questionable
activity
• If something does not make sense to you, it will
make less sense to law enforcement
…
25 Copyright © 2012 Deloitte Development LLC. All rights reserved.Questions
Resources
IIA Resources
• Managing the Business Risk of Fraud – A Practical Guide (July 2008)
– Includes performance metrics
– How do your organization’s practices compare to those recommended?
– Free download at
www.theiia.org/guidance/additional-resources/managing-the-business-risk-of-
fraud/
• Practice Guide – Internal Auditing and Fraud (Dec 2009)
– Includes a fraud investigations framework and a fraud risk assessment
template
• Global Technology Audit Guide (GTAG) – Fraud Prevention and
Detection in an Automated World (Dec 2009)
• Knowledge Alert – Emerging Trends in Fraud Risks (Jan 2010)
28 Copyright © 2012 Deloitte Development LLC. All rights reserved.ACFE Resources 2012 ACFE Report to the Nations on Occupation Fraud and Abuse • Includes fraud prevention checklist • Free download at www.acfe.com • ACFE fraud prevention check-up • Free download at ww.acfe.com/documents/fraud_prev_checkup_ia.pdf 29 Copyright © 2012 Deloitte Development LLC. All rights reserved.
IPPF Practice Guide – Fraud Prevention and Detection in an Automated World Selected Topics Include… • Analytical techniques for fraud detection • Typical types of fraud tests • Analyzing full data populations • Fraud prevention and detection program strategies • Analyzing data using internal and external data sources 30 Copyright © 2012 Deloitte Development LLC. All rights reserved.
IPPF Practice Guide – Internal Auditing and Fraud Selected topics Include… Fraud awareness Typical roles and responsibilities for fraud Fraud risk assessment Fraud prevention and detection Fraud investigation – Internal Audit’s role 31 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Deloitte Forensic Center resources • Book: Corporate Resiliency: Managing the Growing Risk of Fraud and Corruption (Wiley, 2009) • Monthly For Thoughts topical e-newsletter • Videos on a variety of fraud and corruption subjects • More information at www.deloitte.com/ forensiccenter 32 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Visit the Deloitte Forensic Center www.deloitte.com/forensiccenter 33 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Contact information John McSwain Director Deloitte Financial Advisory Services LLP +1 214 840 1715 jmcswain@deloitte.com 34 Copyright © 2012 Deloitte Development LLC. All rights reserved.
Disclaimer These materials and the information contained herein are provided by Deloitte Financial Advisory Services LLP (“Deloitte FAS”) and are intended to provide general information on a particular subject or subjects and are not an exhaustive treatment of such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal, investment, consulting, or other professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. These materials and the information contained therein are provided as is, and Deloitte FAS makes no express or implied representations or warranties regarding these materials or the information contained therein. Without limiting the foregoing, Deloitte FAS does not warrant that the materials or information contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte FAS expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, non-infringement, compatibility, security, and accuracy. Your use of these materials and information contained therein is at your own risk, and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte FAS will not be liable for any special, indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of these materials or the information contained therein. If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to apply. 35 Copyright © 2012 Deloitte Development LLC. All rights reserved.
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
You can also read
