Upload
others
View
4
Download
3
Embed Size (px)
Citation preview
9/15/2016
1
Fraud Prevention Techniques
NMARC/ASMCRA4th Annual Joint Conference
Plante & Moran, PLLC Proprietary & Confidential
Plante Moran Forensics
Professionally trained in both interviewing and interrogation
2
A One-Firm Firm:
Over 2,000 industry experts to partner with when specific industry knowledge is needed during investigations
FVS team member’s credentials include:
• Certified Public Accountant (CPA)
• Certified Fraud Examiner (CFE)
• Certified in Financial Forensics (CFF)
• Certified Management Accountant (CMA)
• Juris Doctor (JD)
9/15/2016
2
Plante & Moran, PLLC Proprietary & Confidential
3
Why Should You Care?
Plante & Moran, PLLC Proprietary & Confidential
4
2016 Statistics (Report to the Nations)
General Prevention Measures
Back to the Basics – Bank Statements
Most Common Schemes
Agenda
9/15/2016
3
Plante & Moran, PLLC Proprietary & Confidential
5
Association of Certified Fraud Examiners
ACFE.com
FREE
ACFE
Plante & Moran, PLLC Proprietary & Confidential
ACFE Report to the Nations
2010 2012 2014 2016
Annual Revenues lost to Fraud
5%
Median Loss per incident
$160,000 $140,000 $145,000 $150,000
Primary factor of loss
Lack of internal controls
Typical scheme time duration
18 months
Clean employment histories
85% 87% 87% 95%
Typical occurrences of fraud
Asset misappropriation
Percentage of AssetMisappropriation
90% 87% 85% 83%
6
9/15/2016
4
Plante & Moran, PLLC Proprietary & Confidential
Occupational Fraud by Industry (2014)
Plante & Moran, PLLC Proprietary & Confidential
Occupational Fraud by Industry (2016)
9/15/2016
5
Plante & Moran, PLLC Proprietary & Confidential
Loss by Industry (2014)
Plante & Moran, PLLC Proprietary & Confidential
Loss by Industry (2016)
9/15/2016
6
Plante & Moran, PLLC Proprietary & Confidential
11
Plante & Moran, PLLC Proprietary & Confidential
How is Occupational Fraud Discovered?
9/15/2016
7
Plante & Moran, PLLC Proprietary & Confidential
How is Occupational Fraud Discovered?
Plante & Moran, PLLC Proprietary & Confidential
How is Occupational Fraud Discovered?
9/15/2016
8
Plante & Moran, PLLC Proprietary & Confidential
Collusion
Plante & Moran, PLLC Proprietary & Confidential
SAS 99
Misstatement arising from fraudulent financial reporting
Misstatement arising from misappropriation of assets
Fraud triangle
Fraud Brainstorming – Focus on direct and material impact on financial
statements
Valid A/R and revenue
Adequate reserves for uncollectible accounts
Adequate settlement estimates
Risk for misappropriation due to:
Lack of segregation of duties
Lack of required approvals
Inappropriate access/authorization to bank accounts
Professional Skepticism
Fraud Standards in an Audit
9/15/2016
9
Plante & Moran, PLLC Proprietary & Confidential
Issue Auditing Fraud Examination
Timing RecurringAudits are conducted on a regular, recurring basis.
NonrecurringFraud examinations are nonrecurring, conducted only with sufficient predication.
Scope GeneralExamination of financial data.
SpecificConducted to resolve specific allegations.
Objective OpinionGenerally conducted for the purpose of expressing an opinion on the financial statements or related information.
Affix BlameDetermine whether fraud has occurred or is occurring, to determine who is responsible.
Relationship NonadversarialThe audit process is nonadversarial in nature.
AdversarialFraud examinations, because they involve efforts to affix blame, are adversarial in nature.
Methodology Audit Techniques Examination of financial data and obtaining corroborating evidence.
Fraud Examination Techniques1.) Document examination; 2.) Review of outside data such as public records; and 3.) Interviews.
Standard Professional Skepticism Auditors are required to approach audits with professional skepticism.
ProofFraud examiners approach the resolution of a fraud by attempting to establish sufficient proof to support or refute a fraud allegation.
Audits v. Fraud Examinations
Plante & Moran, PLLC Proprietary & Confidential
General Prevention Measures
9/15/2016
10
Plante & Moran, PLLC Proprietary & Confidential
Be familiar with the “typical” fraudster
Employment traits
Personality traits
Lifestyle traits
19
General Prevention Measures
Plante & Moran, PLLC Proprietary & Confidential
Male – 56% of reported US occurrences
Median loss: Male - $187,000 Female - $100,000 (previously $83,000)
Between 31 and 45 years old 55%
First time offender
Long-term employees = larger frauds
20
Anatomy of a “Fraudster”
9/15/2016
11
Plante & Moran, PLLC Proprietary & Confidential
Motivating Factors
Plante & Moran, PLLC Proprietary & Confidential
Periodic background checks
Changes in motivating factors
Tone at the Top
Rationalization
Employee Support Programs
Motive
Mandatory vacations and/or job rotation
Who doesn’t like vacation?!
22
General Prevention Measures
9/15/2016
12
Plante & Moran, PLLC Proprietary & Confidential
Effective and consistently enforced employee code of conduct
No excuses
Signed employee handbook requirement
No excuses
Anti-Fraud Training
No excuses
23
General Prevention Measures
Plante & Moran, PLLC Proprietary & Confidential
Back to the Basics – The Bank Statements
9/15/2016
13
Plante & Moran, PLLC Proprietary & Confidential
In theory, activity received and disbursed should be “visible” within the bank statements
Bank statements should be mailed directly to someone who is not involved in the cash disbursement and/or receiving processes
Multiple sections provide useful information
Cleared check numbers
ATM or other direct cash withdrawals
Electronic payments
25
Back to the Basics – The Bank Statements
Plante & Moran, PLLC Proprietary & Confidential
Most Common Schemes
9/15/2016
14
Plante & Moran, PLLC Proprietary & Confidential
27
Plante & Moran, PLLC Proprietary & Confidential
(#2) Billing
(#3) Expense Reimbursement
(#4) Non Cash
28
Most Common Schemes
9/15/2016
15
Plante & Moran, PLLC Proprietary & Confidential
Billing
Person causes employer, via submission of an invoice, to issue a payment for fictitious goods or services
Shell companies
Inflated invoices
Personal purchases
29
Billing Schemes
Plante & Moran, PLLC Proprietary & Confidential
Prevention Methods
Evaluate process to add new vendors—are duties segregated?
Is there a process in place to periodically review approved vendor list?
Detection Methods – Data Analytics
Invoice numbers out of sequence
Inconsistent invoice numbers
Duplicate invoice numbers
Subtle changes in invoice numbers
30
Billing Schemes
9/15/2016
16
Plante & Moran, PLLC Proprietary & Confidential
http://www.census.gov/quickfacts/table/PST045214/2606553140/embed
“Small” Budget Doesn’t = “Small” Fraud
2013 Population – 15,333
2012 Median household income - $38,719
2012 Median house/condo value - $83,601
2012 Total expenses $15.6M
31
Plante & Moran, PLLC Proprietary & Confidential
Long-term employee
Started as in intern in high-school in 1970
Named Treasurer and Comptroller in 1983
Lack of internal controls
Reconciled accounts
Made deposits
Requested funds
Controlled the mail (PO Box)
http://www.chicagomag.com/Chicago-Magazine/December-2012/Rita-Crundwell-and-the-Dixon-Embezzlement/index.php?cparticle=3&siarticle=2#artanc
32
“Small” Budget Doesn’t = “Small” Fraud
9/15/2016
17
Plante & Moran, PLLC Proprietary & Confidential33
December 1990 – “secret” account opened at Fifth Third Bank of Ohio
What is wrong?
33
The Scheme
Plante & Moran, PLLC Proprietary & Confidential
34
The Scheme
9/15/2016
18
Plante & Moran, PLLC Proprietary & Confidential
What is wrong?
35
What is wrong?
Plante & Moran, PLLC Proprietary & Confidential36
What is wrong?
9/15/2016
19
Plante & Moran, PLLC Proprietary & Confidential37
What is wrong?
Plante & Moran, PLLC Proprietary & Confidential
TEST
38
MISSING LOGO
What is wrong?
9/15/2016
20
Plante & Moran, PLLC Proprietary & Confidential
TESTWhat is wrong?
INCORRECT ADDRESS
Plante & Moran, PLLC Proprietary & Confidential
TESTWhat is wrong?
LARGE, ROUND DOLLAR AMOUNT
9/15/2016
21
Plante & Moran, PLLC Proprietary & Confidential
REAL INVOICE TEST
Plante & Moran, PLLC Proprietary & Confidential
Checks were written to “Treasurer” so the bank would not be suspicious
42
The Scheme
9/15/2016
22
Plante & Moran, PLLC Proprietary & Confidential
43
How much do you think she stole?
Plante & Moran, PLLC Proprietary & Confidential
Check Scheme
$53,740,394.81 Total Loss
9/15/2016
23
Plante & Moran, PLLC Proprietary & Confidential
How Much?
How much do you think she stole?
Loss by Year
Plante & Moran, PLLC Proprietary & Confidential
46
Discovery – How was she caught?
9/15/2016
24
Plante & Moran, PLLC Proprietary & Confidential
Rita Crundwell, at 60 years old, sentenced to 19 years and 7 months in federal prison
Recovery:
$35.15 million to be paid by CliftonLarsonAllen
$3.5 million to be paid by Fifth Third Bank
$1.0 million to be paid by Janis Card and Associates of Sterling
$9.0 million (approximately) paid by U.S. Marshall’s auction after expenses
(Less): $10.35 million in legal fees
http://articles.chicagotribune.com/2014-05-19/news/chi-dixon-rita-crundwell-20140519_1_jason-wojdylo-small-northwestern-illinois-town-rita-crundwell
http://chicago.cbslocal.com/2013/10/16/dixon-oks-40m-settlement-with-auditors-who-missed-massive-embezzlement/
47
Results
Plante & Moran, PLLC Proprietary & Confidential
Expense Reimbursement
Employee makes a claim for reimbursement of fictitious or inflated business expenses
Fraudulent expense report
Claims for personal travel
Non-existent meals
Fraud Methods
9/15/2016
25
Plante & Moran, PLLC Proprietary & Confidential
Prevention Methods
Ensure duties are segregated for approval
Ensure reviewers would actually be knowledgeable on expenses
Only accept original itemized receipts
Detection Methods – Data analytics
Duplicate transactions (amount, location, date, people, etc.)
Transactions just under documentation threshold
49
Expense Reimbursements
Plante & Moran, PLLC Proprietary & Confidential
Expense Reimbursements50
9/15/2016
26
Plante & Moran, PLLC Proprietary & Confidential
Numerous fake receipt websites exist
Look “beyond” documentation/amounts than those provided by the person seeking reimbursement/payment
Organization credit card statements
Third party travel agency
Online banking activity
Random calls to third parties
51
Expense Reimbursements
Plante & Moran, PLLC Proprietary & Confidential52
Recommendations (what you can do)
Require receipts with credit card support (vs. only statements)
Communication between AP and FA
Asset tags with real-time monitoring
Doesn’t have to be expensive RFID system (although preferred)
Could be as simple as a master Excel sheet with critical information (serial number, tag number, location, employee)
The key is to keep the listing updated when assets change hands/locations
Employee policy change holding employees accountable for assets assigned to them
Inventory Situation
9/15/2016
27
Plante & Moran, PLLC Proprietary & Confidential53
Heavily reliant upon inventory controls
If you don’t know what assets you have, how do you know when they’re sold?
Formal process for asset disposals MUST be put in place (RFD?). It’s very easy to someone to sell something on Ebay or craigslist.
What are you cash collection procedures when a department head sells something at auction?
Documentation is needed (name of auction, assets (and tags) sold, receipt, to be provided with monies). Consider confirming sales amount with auctioneer.
Sale of Fixed Assets
Plante & Moran, PLLC Proprietary & Confidential
Other Current Risks
9/15/2016
28
Plante & Moran, PLLC Proprietary & Confidential
Random invitation…
Unknown Risks
Plante & Moran, PLLC Proprietary & Confidential
Harmless message from a connection…
Click the link?
Unknown Risks
9/15/2016
29
Plante & Moran, PLLC Proprietary & Confidential
Harmless message from a connection…
Hit Reply?
Unknown Risks
Plante & Moran, PLLC Proprietary & Confidential
Email links are risky
Go to site directly and reply from there
Unknown Risks – Phishing
9/15/2016
30
Plante & Moran, PLLC Proprietary & Confidential
Reference: https://www.yahoo.com/tech/how-hackers-are-using-fake-1312602721615926.html
Unknown Risks
Harmless recruiter
You accepted directly through the site… so you’re safe?
Plante & Moran, PLLC Proprietary & Confidential
Unknown Risks
What’s on your profile?
Co-workers?
Job duties?
9/15/2016
31
Plante & Moran, PLLC Proprietary & Confidential
They know you handle wire transfers
They know who you work with
Unknown Risks – Spoofing
Plante & Moran, PLLC Proprietary & Confidential
This only shows up because I used the “free” version of spoofing.
Unknown Risks – Spoofing
9/15/2016
32
Plante & Moran, PLLC Proprietary & Confidential
Reference: https://www.yahoo.com/tech/how-hackers-are-using-fake-1312602721615926.html
These aren’t amateurs
Unknown Risks – Spoofing
Plante & Moran, PLLC Proprietary & Confidential
http://www.bbc.com/news/technology‐34994858
Unknown Risks – Spoofing & Phishing
Controls regarding fake social media profiles
Do a reverse image search by dragging and dropping the profile picture into Google Images
Copy and paste the person’s job information into Google as it might reveal other profiles with the exact same information
Simply do not accept invitations from people you don’t know
9/15/2016
33
Plante & Moran, PLLC Proprietary & Confidential
Unknown Risks – Spoofing
The internet has a wealth of “useful” information
The scammers don’t “need” social media…
Plante & Moran, PLLC Proprietary & Confidential
Unknown Risks – Spoofing
9/15/2016
34
Plante & Moran, PLLC Proprietary & Confidential
Key Control – Cash Management
Do not approve wire requests via email
Pick up the phone and TALK to the requestor
This one control reduces the majority, if not all, of the risk of spoofing
Key Control – Information Technology
Avoid links in emails
Go to the actual websites in order to reply to messages/invites
Reference: https://www.yahoo.com/tech/how‐hackers‐are‐using‐fake‐1312602721615926.html
Unknown Risks – Spoofing & Phishing
Plante & Moran, PLLC Proprietary & Confidential
Plante Moran Forensics68
Voted top 3 forensic accounting provider in Chicago in 2014 & 2015