Fraud Detection and Internal Controls - Vermont · • Identify the components of the fraud triangle • Define the types of fraud, the profile of a fraudster, and common red flags

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTINGInvestment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor

©20

19 C

lifto

nLar

sonA

llen

LLP

Presented to State of VermontSeptember 5, 2019

Fraud Detection and Internal Controls

©20

19 C

lifto

nLar

sonA

llen

LLP

Create Opportunities

Presentation Objectives• Define fraud• Recognize how frauds are detected• Identify the components of the fraud triangle • Define the types of fraud, the profile of a fraudster, and common red flags• Relate fraud risks to internal controls• Identify examples of why internal controls fail• Apply internal control best practices within their organization or

department

2

Presenter

Presentation Notes

Trust is NOT an Internal Control!!!!!!

©20

19 C

lifto

nLar

sonA

llen

LLP


Fraud Defined

3

©20

19 C

lifto

nLar

sonA

llen

LLP


Fraud Defined

"Fraud is any intentional act or omission designed to deceive others and resulting in the victim suffering a loss and/or the perpetrator achieving a gain.“Source: "Managing the Business Risk of Fraud: A Practical Guide

“Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.”Source: IIA’s International Professional Practices Framework (IPPF)

4

Presenter

Presentation Notes

Intentional Act Violation of Trust

©20

19 C

lifto

nLar

sonA

llen

LLP


Fraud or Error

• What is the difference?

INTENT5

©20

19 C

lifto

nLar

sonA

llen

LLP


Two Types of Intentional Misstatements

• Fraudulent Financial Reporting

• Misappropriations of Assets

6

©20

19 C

lifto

nLar

sonA

llen

LLP


ACFE Report to the Nations 2018• Report to the Nations on

Occupational Fraud and Abuse, 2018 Global Fraud Study

• Bi-Annual Report

• Analysis of 2,690 cases of occupational fraud across 125 countries

7

http://www.acfe.com/report-to-the-nations/2018/

https://www.acfe.com/report-to-the-nations/2018/

©20

19 C

lifto

nLar

sonA

llen

LLP


Seven Key Facts from the Report to the Nations and Our Experience

I. Loss To Organizations

• Typical organizations lose 5% of revenue in a given year as a result of fraud

• Occupational Fraud:

o The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets

o The key to occupational fraud is that the activity:

Is clandestine Violates the employee's fiduciary duties to the

organization Is committed for the purpose of direct or

indirect financial benefit to the employee

8

©20

19 C

lifto

nLar

sonA

llen

LLP


Key Facts from the Report to the Nations and Our Experience

II. Fraud Exists in Every Industry and Organization Type

9

©20

19 C

lifto

nLar

sonA

llen

LLP



II. Fraud Exists in Every Industry and Organization Type

10

©20

19 C

lifto

nLar

sonA

llen

LLP



III. Prominent Organizational Weakness – Lack of Internal Controls

11

©20

19 C

lifto

nLar

sonA

llen

LLP



IV. Misappropriation of Assets Most common form of occupational fraud

12

©20

19 C

lifto

nLar

sonA

llen

LLP

Create Opportunities 13

©20

19 C

lifto

nLar

sonA

llen

LLP



IV. Misappropriation of AssetsBilling schemes and check tampering present the greatest risk to organizations

14

©20

19 C

lifto

nLar

sonA

llen

LLP



V. First Time Offenders

15

©20

19 C

lifto

nLar

sonA

llen

LLP



VI. Origin – Accounting Department

16

©20

19 C

lifto

nLar

sonA

llen

LLP


Profile of a Fraudster

17

©20

19 C

lifto

nLar

sonA

llen

LLP


What does a fraudster look like?

18

©20

19 C

lifto

nLar

sonA

llen

LLP


Who Can Commit Fraud?

Report to The Nations – Some Statistics on Perpetrators• Perpetrator’s level of authority has been strongly correlated

with the size of the fraud– Employees and managers were much more likely to commit occupational

fraud, but, the losses in these schemes were much lower—though still substantial

• Correlation between the fraudster’s level of authority and the duration of the occupational fraud scheme

– The typical fraud committed by an employee lasted 12 months before it was detected, whereas the typical fraud committed by an owner/executive lasted 24 months. Frauds committed by managers had a median duration of 18 months.

19

ANYBODYis capable of committing

FRAUD

©20

19 C

lifto

nLar

sonA

llen

LLP


The Fraud Triangle

Understanding the Fraud Triangle is critical to: Minimize the risk of abuse Minimize the risk of fraud Develop strong internal controls

20

©20

19 C

lifto

nLar

sonA

llen

LLP


The Impact of Collusion

Presenter

Presentation Notes

Nearly half of the cases in our study involved multiple perpetrators colluding with one another to commit fraud, and the greater the number of fraudsters involved, the higher losses tended to be (see Figure 87). One possible reason for the increase in losses associated with multiple perpetrators is that many anti-fraud controls work on the basis of separation of duties and independent checks. When multiple fraudsters work together, they might be able to undermine the process of independently verifying transactions or other mechanisms designed to uncover fraud. However, when we looked at the duration of frauds (see Figure 88), we found that schemes with multiple perpetrators did not last significantly longer than single-perpetrator frauds, which was also true in our 2014 study. That would indicate that collusion schemes, while more costly, were not necessarily more difficult to detect. Another explanation for the larger losses in schemes with multiple perpetrators could simply be that with more fraudsters involved, the perpetrators needed to steal more because their proceeds were being split more ways. In other words, with more perpetrators expecting a payout, the conspirators needed to steal more to satisfy everyone involved in the crime.

©20

19 C

lifto

nLar

sonA

llen

LLP


Behavioral Red Flags Observed

22

©20

19 C

lifto

nLar

sonA

llen

LLP


Non-Fraud-Related Misconduct

Presenter

Presentation Notes

To determine if there was a relationship between occupational fraud and other forms of workplace misconduct, we presented survey participants with a list of common workplace violations and asked them to identify any that the perpetrator had engaged in prior to or during the time of the fraud. As Figure 98 shows, nearly 40% of fraudsters had engaged in some form of non-fraud workplace violation. Among the cases where a violation was identified, bullying or intimidation was the most common, followed by excessive absenteeism and excessive tardiness.

©20

19 C

lifto

nLar

sonA

llen

LLP


How are Frauds Detected

24

©20

19 C

lifto

nLar

sonA

llen

LLP


Maintaining Professional Skepticism• Acknowledge that fraud risk exists• Encourage open and candid discussion – Know your

employees• If I were to try to commit fraud, how would I do it?• Continuously assess the risk of management and control

override (think about collusion)• Openly display your skepticism to set the tone at the top and

spread awareness• Take swift action when fraud event occur and make the

response action (not the details) known internally

25

Presenter

Presentation Notes

We do not believe everything we are told, We don’t believe everything we see! We Trust but verify Trust is not an internal control FBI Indianapolis example!!!

©20

19 C

lifto

nLar

sonA

llen

LLP


Presenter

Presentation Notes

Tip because someone is aware something is going on or Tip because someone sees something suspicious or unusual. Hotlines become an important component of fraud detection. Hotline in AF CSB found by tip and by accident

©20

19 C

lifto

nLar

sonA

llen

LLP


Sources of Tips

27

Presenter

Presentation Notes

Employees are no surprise the most frequent source. Remember that more than 40% of all tips came from non-employees. Customers (17.8%), vendors (9.9%), and other parties were significant sources of tips. Thus, some organizations might cultivate more tips by promoting fraud reporting mechanisms to multiple audiences. Additionally, 14% of tips came from anonymous sources. Some jurisdictions restrict organizations from promoting anonymous reporting mechanisms, but organizations who choose not to have them risk losing sources who are not comfortable revealing their identity. Know your employees!!!

©20

19 C

lifto

nLar

sonA

llen

LLP


Responsibilities of the Auditor

28

©20

19 C

lifto

nLar

sonA

llen

LLP


Consideration of Fraud

• AU-C Section 240: Consideration of fraud in a financial state audit

• Auditor is not responsible for detecting fraud but is responsible for the Consideration of Fraud

• Expansion of:– Section 315: Understanding the Entity and Its Environment and

Assessing the Risks of Material Misstatement– Section 330: Performing Audit Procedures in Response to Assessed

Risks and Evaluating the Audit Evidence Obtained

29

Presenter

Presentation Notes

Primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity (BoD) and Management Management must place a strong emphasis on: fraud prevention, which may reduce the opportunities for fraud to take place Fraud deterrence, which may persuade individuals not to commit fraud because of the likelihood of detection and punishment Management must commit to creating a culture of honesty and ethical behavior, which can be reinforced by active oversight by those charged with governance. Oversight much includes considering the potential for override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of financial statement users regarding the entities' performance and profitability

©20

19 C

lifto

nLar

sonA

llen

LLP


Responsibilities of the Auditor

“Responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error.”

30

Presenter

Presentation Notes

Because of inherent audit limitations, unavoidable risk exists that some material misstatements in the financial statements may not be detected, even though the audit is properly planned and performed in accordance with GAAS (Generally Accepted Auditing Standards). The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting from error. This is because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Such attempts at concealment may be even more difficult to detect when accompanied by collusion. Collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false. The auditor's ability to detect a fraud depends on factors such as the skillfulness of the perpetrator, the frequency and extent of manipulation, the degree of collusion involved, the relative size of individual amounts manipulated, and the seniority of those individuals involved.

©20

19 C

lifto

nLar

sonA

llen

LLP


Objectives of the Auditor

• Identify and asses the risk of material misstatement due to fraud

• Obtain sufficient appropriate audit evidence regarding the assessed risk due to fraud, through designing and implementing appropriate responses

• Respond appropriately to fraud or suspected fraud identified during the audit

31

Presenter

Presentation Notes

©20

19 C

lifto

nLar

sonA

llen

LLP


Requirement for the Auditor

• Maintain professional skepticism• Discussion among the engagement team (assessing risk)

– Known external and internal factors– Risk of management override of controls– Consideration of circumstances indicative of earnings

management– Importance of maintaining professional skepticism– How to respond to the susceptibility of the FS to material

misstatement due to fraud32

Presenter

Presentation Notes

Maintain professional Skepticism: the auditor should maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, regardless of prior experience of the honesty and integrity of the client’s management and governance Discussion among the Engagement Team: the discussion should include an exchange of ideas or brainstorming among the engagement team about how and where the entity’s financial statement might be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity may be misappropriated. Acknowledge that fraud risk exists Encourage open and candid discussion from members of the team If I were to try to commit fraud with what I know of this organization’s controls, how would I do it? Continuously assess the risk of management and control override (think about collusion)

©20

19 C

lifto

nLar

sonA

llen

LLP


Requirement for the Auditor

• Inquire of management about risk – Most effective when performed in person– Useful for identifying risks of employee fraud or other managers– Make inquiries of others: non-management; non-accounting– Corroborate management’s responses with other information– Listen and respond accordingly

• Plan audit to detect material misstatements• Document auditors assessments of risks and responses

33

Presenter

Presentation Notes

Inquire of management about risk: The auditor's inquiries of management may provide useful information concerning the risks of material misstatements in the financial statements resulting from employee fraud. However, such inquiries are unlikely to provide useful information regarding the risks of material misstatement in the financial statements resulting from management fraud. Making inquiries of others within the entity, in addition to management, may provide individuals with an opportunity to convey information to the auditor that may not otherwise be communicated. It may be useful in providing the auditor with a perspective that is different from that of individuals in the financial reporting process. The responses to these other inquiries might serve to corroborate responses received from management or, alternatively, might provide information regarding the possibility of management override of controls. The auditor may also obtain information about how effectively management has communicated standards of ethical behavior throughout the organization. Operating personnel not directly involved in the financial reporting process • Employees with different levels of authority • Employees involved in initiating, processing, or recording complex or unusual transactions and those who supervise or monitor such employees • In-house legal counsel • Chief ethics officer or equivalent person • The person or persons charged with dealing with allegations of fraud Plan audit to detect material misstatements: Document auditors assessments of risks and responses:

©20

19 C

lifto

nLar

sonA

llen

LLP


Internal Controls – Your Best Defense

34

©20

19 C

lifto

nLar

sonA

llen

LLP


Preventive ControlsDesigned to prevent misstatements / fraud before it has occurred• Provide employees fraud awareness training• Implement policies and procedures• Segregate Duties• Establish passwords and physical safeguards to restrict unauthorized

access• Ensure alignment of responsibilities, authority and incentives

35

©20

19 C

lifto

nLar

sonA

llen

LLP


Designed to detect misstatements / fraud after it has occurred• Establish a fraud reporting system (i.e. whistleblower hotline)• Use reconciliations, independent reviews, physical

inspections/counts and analysis• Review exception reports and ensure that they are cleared by

persons with appropriate authority• Utilize technology to perform data analysis and comparison and

continuous auditing techniques• Perform surprise audits

Detective Controls

36

©20

19 C

lifto

nLar

sonA

llen

LLP


Control Types

• Authorization• Management review• Reconciliations• Segregations of Duties• System access• Exception and edit reports• Key performance indicators

37

©20

19 C

lifto

nLar

sonA

llen

LLP


Controls – Segregation of DutiesSmaller organizations or departments with limited resources can still have effective segregation of duties controls.• Focus on preventive controls rather than detective controls.• Alternate sequential tasks, so that no one person has complete responsibility for the

entire transaction.• Functions to separate:

– Authorization, – Payment, – Custody, and – Recording.

• Consider outsourcing if there simply are not enough people to separate the necessary functions.

38

©20

19 C

lifto

nLar

sonA

llen

LLP


Segregation of Duties Illustration

39

©20

19 C

lifto

nLar

sonA

llen

LLP


Best Practices

40

©20

19 C

lifto

nLar

sonA

llen

LLP


F R A U D P R O G R A M B E S T P R A C T I C E S

41

Management ethical commitment.

Fraud Hotlines, reporting procedure and protection.

Fraud awareness training.

Zero tolerance policy and Code of Conduct (recommend a specific senior management code of conduct).

Completion of a fraud risk assessment.

Conflict disclosure process.

Key Human Resources policies and procedures (e.g. background checks).

Key Policies and

Procedures

Investigation Process.

Presenter

Presentation Notes

tone at top ethical commitment—code conduct, conflict disclosure process Have a hotline—make sure all know Training, training, training, Key HR process—background checks, Testing of your internal controls Why is it important to have an investigation process??

©20

19 C

lifto

nLar

sonA

llen

LLP


Why Controls Fail

• Management override• Lack of management or governance involvement

– No conceptual understanding of control– Reliance on others (auditors, service providers, etc.)

• Tone at the top is not set appropriately• Resources needed are not provided• Collusion

42

©20

19 C

lifto

nLar

sonA

llen

LLP


Questions To Consider

• You and your team should consider the following questions:– What could go wrong? (WGCW)– If I was to commit fraud how would I do it?– Do risks exist that encourage fraud?

• Individuals involved in the day to day operations and processes should be involved as well as management

43

©20

19 C

lifto

nLar

sonA

llen

LLP


Entity Wide Fraud Risk Considerations

• Financial stability (budget crisis, declining revenue)• Excessive pressure exists for management to meet

requirements or expectations of third parties• Ineffective monitoring of management• Complex or unstable organizational structure• Deficient internal controls• Lack of formalized policies and procedures

44

©20

19 C

lifto

nLar

sonA

llen

LLP


Consideration of Opportunities

• Large amount of cash on hand• Government-issued credit cards• Assets that can be easily converted to cash• Inadequate record keeping• Lack of reconciliations or timely preparation• Inadequate oversight of employees

45

©20

19 C

lifto

nLar

sonA

llen

LLP


Attitude Matters

• Lack of ramifications in the past• Lack of promotion of ethical standards• History of audit findings• Failure to correct issues timely• Low morale• Hiring of unqualified employees or changing

qualifications to hire specific individuals

46

©20

19 C

lifto

nLar

sonA

llen

LLP


F R A U D D E T E C T I O N P R O C E S SR E D F L A G S

47

•An organization paying more than the best price available. •Very specific requirements that tend to favor one bidder. •Projects that are broken into two contracts to circumvent review limits or approval authority. •A too-successful bidder who is consistently winning bids. •Social contact between the bid solicitors and bidders. •A procurement officer living beyond their means.

Red Flags for Corruption

•Employee lifestyle changes: expensive cars, jewelry, homes, clothes, etc. •Significant personal debt and credit problems. •Behavioral changes indicating possible drug, alcohol, gambling addiction, or fear of losing job. •High employee turnover, especially in areas vulnerable to fraud. •Refusal to take vacation or leave. •Lack of segregation of duties.

Employee Red Flags

•Executive management does not appear to care about or reward good behavior. •Negative feedback and lack of recognition for job performance. •Perceived inequities in the organization. •Low organizational loyalty or feelings of ownership. •Poor training and promotional opportunities. •Lack of clear organizational responsibilities. •Poor communication practices or methods within the organization.

Work Environment

Presenter

Presentation Notes

Management personnel should be aware of these While some of the detective process and controls may be shared with employees and third parties much of the information should be kept confidential. -In fact, the Board should approve a list of individuals who are permitted access to applicable inform A review ( via a key questionnaire, observations, ) of the level and sufficiency of detective controls in place should be performed on a periodic basis. Some of the key areas to focus on would include; Level of fraud detection responsibility defined If continuous auditing techniques are in place How the fraud hotline is set-up and results evaluated What is done to monitor the sufficiency and results of detective controls

©20

19 C

lifto

nLar

sonA

llen

LLP


Team Approach

• Work with your teams• Hold a team discussion of WCGW

– Ask the team how could someone commit fraud or circumvent the control process

• Consider rotating duties• Look at back-up/vacation procedures• Involve those that oversee the IT operations/controls

48

©20

19 C

lifto

nLar

sonA

llen

LLP


Evolution and Change

• Processes and technology are evolving• Efficiency is a driving force• Are your internal controls evolving?

– How often are your meeting to review the controls?– Are your people evolving?– Do they understand the new process and/or technology?

49

©20

19 C

lifto

nLar

sonA

llen

LLP


How Data Analytics Can Be Useful Tools

50

©20

19 C

lifto

nLar

sonA

llen

LLP


Cash disbursement analytics• Understand vendor relationships

– Identify key vendors (top 10 or 20 paid)– Identify new/unapproved vendors– Identify related party vendors (comparison of vendor list to employee list)– Identify vendors receiving suspicious recurring or one-time payments

• Identify duplicate payment• Identify multiple payments just below approval threshold• Identify out of sequence payments• Analyze and trend disbursements by name, vendor type, etc.

©20

19 C

lifto

nLar

sonA

llen

LLP


Payroll Analytics• Trend and analyze payments over time (total, department,

geographic location, job function, employee)• Compare HR employee listing to actual paid employees• Compare approved pay rate per HR to pay rate in payroll system• Identify payments made before hire date or after term date• Identify large or unusual payments (bonuses, extra pay)• Analyze overtime payments• Identify manual adjustments to payroll

©20

19 C

lifto

nLar

sonA

llen

LLP


Travel and Expense Reimbursement Analytics• Group payments by meaningful classifications, such as hotel,

airfare, meals, mileage, transportation, etc. • Group payments by meaningful classifications, such as department,

location, function, etc.• Group payments by employee• Identify duplicate submissions. This can be run on invoice number,

amount, employee, month, or description. • Identify payments made outside of understood business hours

©20

19 C

lifto

nLar

sonA

llen

LLP


Current Trends in State & Local Governments

54

©20

19 C

lifto

nLar

sonA

llen

LLP


Frauds in State & Local Government

• It’s happening!!!• ACFE has identified government and public

administration as one of the top three industries for fraud

55

©20

19 C

lifto

nLar

sonA

llen

LLP


Fraud in State & Local Government:Most Common Fraud Schemes

56

1. Fictitious & Dormant Vendor Fraud2. Employee Expense Reports Fraud3. P-Cards Fraud4. Disbursement Fraud5. Cash Receipts Fraud6. Payroll/Time Card Fraud7. Conflicts of Interest8. Procurement

©20

19 C

lifto

nLar

sonA

llen

LLP


1. Fictitious & Dormant Vendor Fraud

57

Red Flags & Risk Areas:• Poor controls over vendor master list

– AP personnel can add/revise vendors– Employees can request/submit changes to vendor information– Vendor master list not cleaned up regularly– Dormant vendors not made inactive

• One-time (temporary vendor) number• Employees can request that checks be routed back to themselves• Employees can pick-up checks from accounting• Payments to individuals (consultants), new vendors, unknown vendors• Round dollar payments, payments just below approval thresholds

©20

19 C

lifto

nLar

sonA

llen

LLP


FICTITIOUS & DORMANT VENDOR FRAUDOrg. Size Annual Budget = $300 million

Perpetrator Director; male; no known personal of family issues

Scheme • Submitted to purchasing a name and address change for an existing vendor (via a forwarded email that appeared to be from the vendor)

• Approved a new contract be executed with the vendor, and he made changes to vendor information on the draft contract

• He approved and submitted invoices from the vendor for payment• Payments were mailed to new address (mail center)• Wife created a DBA in the revised vendor name, opened a bank account, and deposited check• Bank put a hold on the check and called the district

Results of Investigation

• Employee resigned when he was notified of administrative leave (declined to be interviewed)• Through background checks, original vendor appeared to be related to employee (conflict of interest)• Payments totaled over $480,000 (31 payments) from FY2011/12 to FY2017/18• No current employees in department were familiar with vendor• Initial 2 years – invoices based on specific services provided ($112,000 – believed to be legitimate)• Last 5 years – changed contract to fixed fee, no detailed invoices ($369,000 – believed to be fictitious invoices)

PossibleDetection Methods

• Review vendor change reports for unusual changes (name change, tax ID change, etc.) and who made changes• Inquire with personnel (particularly staff) about most frequent or common vendors used• Use of data analytics

58

Victim | School District

©20

19 C

lifto

nLar

sonA

llen

LLP


2. Employee Expense Reports Fraud

59

Scheme:• Employee submits fictitious, duplicate, or personal expenses on expense

report

Red Flags & Risk Areas:• Executive level expense reports not reviewed at the appropriate level (higher

level executive; Board)• Frequent missing receipts• Lack of detailed receipts• High frequency/dollar amount of expenses compared to others• Employee with p-card also has high frequency/dollar amount of expenses

©20

19 C

lifto

nLar

sonA

llen

LLP


2. Employee Expense Reports Fraud

60

Possible Audit Detection Methods:• Summarize expenses by employee and department and identify

employees that have significantly more expenses than people at similar level

• Compare P-card purchase detail with expense report detail (by employee)• Inquire about the approval process for executive level employees

©20

19 C

lifto

nLar

sonA

llen

LLP


3. P-Cards FraudScheme:• Employee uses P-Card for personal purchases

Red Flags & Risk Areas:• Executive level P-Card expenditures are not reviewed at the appropriate

level (higher level executive; Board)• Frequent missing receipts or lack of detailed receipts• High frequency/dollar amount of expenses compared to others• Does not complete monthly P-Card reconciliation

61

Presenter

Presentation Notes

internal audit department was asked to investigate several p-card misuses in the past year. In each of these situations, the p-card holder had purchased personal items — most commonly gas for a personal car, household items, beauty services, gift cards and groceries. Losses from p-card misuse ranged from less than $2,500 to almost $30,000.

©20

19 C

lifto

nLar

sonA

llen

LLP


P-CARD / CREDIT CARDOrg. Size $38 Million in annual revenues and $21 million in assets

Perpetrator Founder and CEO; female, mid-50s; no known financial or personal issues

Scheme CEO used school P-card (credit card) for personal purchases


• Missing supports for multiple expenses• Gasoline charges while having an auto allowance• No approval or incorrect approval of credit card statements• Extravagant purchases (high-end clothing and accessories, luxury hotel stays, first class international flights)


• Analytics on P-card expenditures• Review of P-Card limits and assess for reasonableness• Identify unusual Merchant Classification Codes (MCC)• Review process for review of expenditures made by high-level individuals (is the board reviewing the CEO’s

expenditures?)

62

Victim | Charter School

Presenter

Presentation Notes

The founder of Los Angeles-based charter school network Celerity Educational Group was sentenced to 30 months in federal prison for misspending $3.2 million in public funds. Sentences to 30 months in federal prison for spending taxpayer money on expensive clothing, luxury hotel stays, and first class flights.

©20

19 C

lifto

nLar

sonA

llen

LLP


4. Disbursement FraudScheme:• Employee prepares fictitious A/P check requests

– Fictitious vendor payments– Fictitious refunds to customers

• Employee knowingly processes or approves payment on inflated invoices• Employee steals outgoing checks and deposits them into a personal

account• Employee issues checks to self or for personal expenses and forges

authorized signature• Employee requests and has approved vendor payments for personal

services (small construction, supplies, credit cards, fuel cards, etc.)63

©20

19 C

lifto

nLar

sonA

llen

LLP


4. Disbursement FraudRed Flags & Risk Areas:• Route back requests (not directly mailed to vendors)• One-time vendor accounts or temporary vendor accounts• Complaints by vendors of late payments• Expenses exceed budget or are increasing over time• Multiple payments to vendors that should be paid only monthly (utilities,

credit cards, office/home supplies, construction)• Excessive use of one account type by a single employee• Vendor used by only one employee

64

©20

19 C

lifto

nLar

sonA

llen

LLP


DISBURSEMENT FRAUDOrg. Size $1.5 million department budget

Perpetrator Long-term, trusted employee; female; late 40s; divorced; family medical issues; drug addiction

Scheme • Department accountant handled deposits, payment requests, journal entries, account reconciliations• Employee created and approved fictitious refunds to “customers” (8 accomplices)• Created falsified supporting documentation• Payments mailed to accomplices for deposit into bank accounts• More recent years, issued refunds to a local non-profit for which she was the Treasurer• Marked the checks for pick-up from Accounting (used supervisors log-in to approve)• Deposited checks into account in non-profit name


• Prepared and approved fictitious refunds totaling $1.8 million (240 checks over 8 years)• Approved disbursements to a fictitious vendor totaling $290,000 (42 checks/ACH over 3 years)• Used 16 different payee names/addresses• Processed using a temporary vendor number that allowed manual entry of payee name and address• Checks to accomplices were mailed; checks to non-profit were processed for pick-up• Funded the theft by misapplying operational revenue deposits to agency funds (where customer deposits were

originally recorded)


• Analytics on payments made via temporary vendor number• Identification of round dollar payments• Trending analytics by department (operational revenue continued to decline despite increased workload)

65

Victim | County

Presenter

Presentation Notes

DISBURSEMENT FRAUD SLIDE FOR ANA

©20

19 C

lifto

nLar

sonA

llen

LLP


Other Red Flags of Possible Check Tampering• Missing, out-of-sequence, out-of-range, or duplicate check numbers• Excessive or unexpected voided checks• Unexpected, unexplained, or unusual number of checks payable to “cash.”• Check recorded for zero dollars• Voided checks that are not documented and destroyed• Non-payroll checks made payable to or endorsed by an employee• Unusual, altered, or dual endorsements on canceled checks• Canceled checks that appear to have been prepared, signed, and endorsed in the

same handwriting• Signature on a canceled check by an authorized signer who was out of the office

on the date of the check• Checks lacking supporting documentation

66

Presenter

Presentation Notes

According to the ACFE Report to the Nations, check tampering presents the greatest dollar risk to an organization. What would be some other red flags of possible check tampering? Couple other examples: Signature on a canceled check that does not match other signatures by the same individual. Adjusting entries to the cash accounts. Excessive use of a temporary or one-time vendor number Different spellings of same vendor name on checks (slightly altered spellings) Case Examples: Employee was forging approval on manual check requests; signed checks were routed back to her; forged endorsement signature on back or used an endorsement stamp that said “Patient Reimbursement – Pay to the Order of” Employee submitted a name and address change for a vendor that routed checks to a mail box center; submitted fictitious invoices with the revised name and a DIFFERENT tax ID number (AP didn’t notice); wife obtained check from the mail center and deposited into a new bank account

©20

19 C

lifto

nLar

sonA

llen

LLP


5. Cash Receipts

67

Scheme:• Employee or volunteer takes incoming cash or checks for personal use• Checks made out to any payee can be deposited into a bank account

without suspicion or question• Unexpected receipts are particularly susceptible to theft (donations,

fundraising activity, refunds, facility use contracts/fees, etc.)• Use of an “unknown” bank account in organization name

Presenter

Presentation Notes

A lot of state and local government entities are at risk for fraud related to cash receipts either because they are large, decentralized organizations or they are small and do not have proper segregation of duties. “Unknown” bank account – several investigations we have performed involved an employee taking incoming money and depositing it into a bank account in the name of the organization that no one knew about or they forgot about it. The employee then used the funds (or a majority of the funds) for personal use. Facility use contracts: We have several clients that receive a large amount of revenue from use of their facilities for events (parking lots) and filming (movies/TV) Often there are very little controls in place and one person negotiates and approves the agreements and collects payment

©20

19 C

lifto

nLar

sonA

llen

LLP


5. Cash Receipts

68

Red Flags & Risk Areas:• Poor controls over cash collection processes

– Insufficient or no segregation of duties– No reconciliation of sales

• Decentralized collections of cash/checks (organization does not know what is being collected and where)

• Insufficient training of employees• Poor controls over bank account management

– Process for opening a new bank account– Are unused accounts closed when no longer in use?

• Old A/R aging• Complaints by customers of delayed application of payments

©20

19 C

lifto

nLar

sonA

llen

LLP


CASH RECEIPTS FRAUDOrg. Size Annual budget of $135 million

Perpetrator Chief Business Official; male; mid-50s; married

Scheme • Used a dormant bank account on which he was the only signer to deposit incoming checks made payable to the district (state refunds, donations, fundraising, proceeds from vending machine vendor)

• Bank account was originally opened (with permission of the Superintendent) to deposit and track funds related to a summer international field trip

• Used funds for mostly personal use (paid federal income taxes, local hotels, local restaurants, gift cards, hot tub)• Bank statements were mailed to him at the district (no one was allowed to open his mail)


• Deposited almost $700,000 into the “dormant” bank account over approximately 5 years• Largest deposit was a check for approximately $56,000• Upon discovery, only approximately $70,000 was left in the account• Discovered when new Controller went to bank to add his name to the district accounts and bank rep inquired about

the account• Always giving gift cards to employees and parent volunteers (sign of guilt)• Some potentially legitimate district purchases; however, they were included in the loss because they did not go

through the proper procurement process


• Inquire about all accounts with organization tax ID at banks on a periodic basis• Segregation of duties or rotation of duties• Trend miscellaneous revenue activity

69


Presenter

Presentation Notes

Let’s play – Think like a fraudster - identify the scheme! The company was fairly small, it has about 40+ employees and average annual revenue of $35Million Perpetrator: Wore many hats including: Accounts receivable and accounts payable He is a Male, and was in a relationship with the Office Manager (she had begun the scheme) – this was a small company that grew quite quickly over time. Together they had an autistic child. Which we understood provided a level of financial pressure (which is one leg of the fraud triangle) He performed other work for owner of company and felt that no one would ever find out (that was his Rationalization) Before I tell you about the scheme let me describe the company. It is a produce wholesale store located in a large produce market along side many other stores. It purchases its produce directly from the growers, then it sells wholesale to major grocery stores and restaurants that have an account with the company and receive weekly invoices for their purchase. However, they also sell to smaller grocery stores and mom and pop type restaurants. The produce market is open from about 2:00 in the morning and a cashier rings up the purchase and from the smaller grocery stores/mom and pop restaurants who do not have an account with the company because of poor or unestablished credit, she collected payment for their purchases with check or cash, but more often than not they paid with cash – they called these holdover sales. The hold over sales in comparison to the regular sales were very small but amounted to about 5 to 20K daily. The cashier collected all that cash and reconciled it to the receipts then she would turn in this cash with the total tally over to the perpetrator. He took the cash and prepared the daily deposits that as I said could be anywhere from 5 to 40K just from the hold over sales Perpetrator also received, opened and deposited incoming checks Not only that but he also was responsible for submitting to a sister/corporate office in a different city the vendor invoices that had been received and he requested that checks be prepared. the sister/corporate office prepared the checks – no questions asked, and mailed him a packet with all of the requested checks that the perpetrator was then responsible for mailing out to the vendors

©20

19 C

lifto

nLar

sonA

llen

LLP


6. Payroll/Timesheet FraudSchemes:• Reporting inflated or fictitious hours• Not reporting vacation, sick, PTO• Inappropriate bonus/extra pay• Inappropriate or excessive vacation payout• Ghost employees• Unauthorized pay rate changes

70

©20

19 C

lifto

nLar

sonA

llen

LLP


6. Payroll/Timesheet FraudRed Flags & Risk Areas:• Poor processes related to input and approval of time entry• Manual tracking of vacation, sick, PTO (or separate system that does not interface

with time entry/payroll system)• High level and/or salary employees that are never around• Full administrative rights of payroll personnel• No segregation between HR and payroll functions• Employees that never report vacation, sick, PTO (ghost employee; failure to

accurately report time off)• Employees paid that are not on HR’s employee list, organization director,

departmental listings

71

©20

19 C

lifto

nLar

sonA

llen

LLP


PAYROLL FRAUDOrg. Size Annual budget of $300 million

Perpetrator Superintendent; male; late 60s; financial difficulties

Scheme • District allowed employees to cash out vacation time as long as it did not go below 40 hours (no written policy)• Employee often failed to report vacation time taken; accumulated a high balance of vacation time• Submitted several vacation payout requests over the course of two years (largest payout was approx. $70k)• Payroll used manual process to track vacation time; payroll failed to record 3 of his vacation payouts• Employee never notified payroll of the oversight


• Overpayments on vacation payout totaled over $100,000• Review and approval relied on employee to report available vacation time• Subordinate employee approved vacation payout and did not independently verify balance• Board was unaware of unwritten vacation payout policy or requests made by Superintendent• No process in payroll to track when vacation adjustments were entered/recorded• In one instance, used Revolving Cash Funds (petty cash) to pay a vacation payout


• Trending payroll data by employee or department (regular pay, vacation/sick/PTO pay, extra or other pay)• Trending vacation data• Mandatory vacation

72


©20

19 C

lifto

nLar

sonA

llen

LLP


7. Conflicts of InterestScheme:• Employee has undisclosed personal interest in a transaction or contract and

uses position to influence a decision which results in personal financial gain– Direct relationship and/or financial interest– Indirect relationship and/or financial interest (e.g., family member works for vendor)

Red Flags & Risk Areas:• Unusual delays in providing requested information• Undue time pressures imposed by management to resolve complex issues• Tips of complaints about fraud, including whistleblowers inside the

organization• Prior complaints or civil actions

73

Presenter

Presentation Notes

conflicts of interest involve several aspects and occur in situations where an individual could prioritize his/her private interests over official obligations. Conflict of interest is a complex concept. Because all public officials have rightful interests that stem from their private lives, conflicts of interest cannot be easily prevented or banned.

©20

19 C

lifto

nLar

sonA

llen

LLP


7. Conflicts of InterestRed Flags & Risk Areas (cont.):• Frequent use of exceptions to policy• Frequent failure to follow required processes/policies• Unusually close relationship between employee and vendor• Significant volume of work going to one vendor• Excessive change orders on a construction job• Projects with one vendor consistently coming in over budget• Little detail on invoices

74

Presenter

Presentation Notes

conflicts of interest involve several aspects and occur in situations where an individual could prioritize his/her private interests over official obligations. Conflict of interest is a complex concept. Because all public officials have rightful interests that stem from their private lives, conflicts of interest cannot be easily prevented or banned.

©20

19 C

lifto

nLar

sonA

llen

LLP


CONFLICTS OF INTERESTOrg. Size Annual department budget of approximately $50 million

Perpetrator Director; male; mid-50s; no known financial or personal issues

Scheme • Director’s son worked for one of the vendors that submitted bids on 2 RFPs• Director attempted to influence the RFP processes

– Instructed staff to combine the two RFPs into one even though different specialties– Initial round of RFPs son’s company failed to submit a bid on time; Director asked Purchasing if they could

accept the late proposal then instructed staff to reject bids received and re-open RFPs• Did not disclose relationship to anyone in his department or at the City until after the winning vendor was selected

and one of the other bidders submitted a protest letter


• Son lived at home with Director• Upon receiving bid protest, Purchasing initiated an internal investigation and consulted with the City Attorney’s

Office• City Attorney concluded that a conflict existed because son was living at home• CLA investigation (retained by Internal Audit department) ran concurrently with Purchasing’s investigation (there

were other matters being investigated by CLA)• Purchasing rejected all bids and implemented procedures to keep Director out of process


• Conflicts of interest are almost impossible to identify/prove without an admission and/or via background checks• Inquire with employees information reported on conflict of interest/ethics reporting forms• Analysis to identify payments just below approval thresholds

75

Victim | City

©20

19 C

lifto

nLar

sonA

llen

LLP


8. Procurement FraudScheme:• Bid rigging (leaking information from bidders, accepting late bids, and re-

bidding)• Purchasing thresholds are exceeded (bid splitting)Red Flags & Risk Areas:• No public opening of bids• Deadlines are not enforced, or are extended unnecessarily• The late bidder happens to be the lower bidder• Qualified bidders are disqualified for unclear reasons• Contracts that should have gone out to bid did not

76

Presenter

Presentation Notes

In a typical procurement fraud scenario, the vendor is awarded the contract, typically well above market prices; the procurement manager receives cash, material goods or other benefits in exchange for awarding the contract, but it is not always the procurement manager, others may be involved as well Procurement fraud is common at the beginning of the procurement process (vendor selection stage) then the later stages like vendor performance and delivery.

©20

19 C

lifto

nLar

sonA

llen

LLP


PROCUREMENT FRAUDOrg. Size Annual budget of approximately $62 million

Perpetrator Collusion: Superintendent & Assistant Superintendent

Scheme • Superintendent and Assistant Superintendent hired a construction company to complete a project over summer• Did not include the Facilities Department, which is responsible for handling all non-bond construction projects• Did not put the project out for a public bid (in California, required for all construction projects over $15,000)• Project was completed over approximately two months and cost over $100,000• Vendor submitted 6 invoices that broke down total amount in smaller increments and over a longer period of time

than the project lasted


• No contract was signed related to the construction job• No inspections as required by state law• No verification with ADA compliance• A separate PO was issued for each invoice• Payments were questioned by County Treasury, but they allowed payment to occur because work was done• No indication of personal benefit to Superintendent or Assistant Superintendent• Email review showed that employees were aware of California bidding requirements• Currently being reviewed by the District Attorney’s Office


• Analyze purchase orders or payments by vendor and amount (identify multiple POs just under bidding/approval requirements)

• Calculate change orders as a percentage of original contract amounts (separate case where new construction jobs were given to the same vendor as change orders)

77


©20

19 C

lifto

nLar

sonA

llen

LLP


What Went Wrong – Recent Example

• County Government:– P-cards used for personal expenses– Bonuses were given to key members of management– Life insurance policies issued to members of management– Fraudulent wire transfers to over-pay policies– Inappropriate budget amendments/transfers– Kickback scheme– Violation of procurement policies– Fraudulent expense reimbursement– Fraudulent time reporting– Disbursement of capital and economic development funds to unproved projects

78

©20

19 C

lifto

nLar

sonA

llen

LLP


What Allowed These to Happen

• Management override of controls• Key members of management were long term

trusted employees• Lack of oversight by governance• Employees failed to report the circumventing of

controls due to a fear of retribution• Tone at the top was not set

79

©20

19 C

lifto

nLar

sonA

llen

LLP


Summary – Key Take Aways

80

©20

19 C

lifto

nLar

sonA

llen

LLP


• Fraud continues to grow in today’s environment and there is anincreased focus on addressing fraud.

• A successful fraud program has many aspects, especially acommitment by Governance and Management to the process.

• Completion and updating of a formal Fraud Risk Assessmentanalysis is an important part of having a successful fraud program.

• Internal controls are key and need to be reviewed and updatedfrequently.

• Technology is a powerful tool that can be used as a control and todetect and investigate frauds.

• How you respond to a fraud is an important component of fraudprogram.

• Tone should be set at the top.

81

S U M M A R Y - K E Y T A K E A W A Y S

©20

19 C

lifto

nLar

sonA

llen

LLP

CLAconnect.com

Bill Early, [email protected]

Open Discussionand Q&A

mailto:[email protected]

Documents

Fraud Detection and Internal Controls - Vermont · • Identify the components of the fraud triangle • Define the types of fraud, the profile of a fraudster, and common red flags