Mastering Internal Controls and Fraud Prevention

Mastering Internal Controls and Fraud Prevention


American Institute of Professional Bookkeepers

© American Institute of Professional Bookkeepers, 2010


Helpful definitions Bribery—money or favors offered or

given to influence the conduct or views of a person in a position of trust

Consent decree—an agreement between two parties sanctioned by the court

Example: A company or individual consents (agrees) to stop questionable practices without admitting guilt

Terminology


Terminology Counterfeit—a copy of a valid license,

written authorization or legal tender (money) intended to defraud

Embezzling—misappropriation of another’s property (almost always money) for personal use in violation of trust

Forgery—A false document, or a valid one altered, with the intent to deceive—such as an altered check or credit card


Terminology Fraud—intentional deception perpetrated

to secure unfair or unlawful gain Larceny—unlawfully taking something—

i.e., stealing. If the stolen item(s) are of great value, such as a large amount of money, it is grand larceny

Prima facie evidence—evidence that appears to be sufficient to establish facts unless rebutted, such as a person found at a murder scene holding a weapon


Terminology Subrogation—substitution of one entity or

person for another.Example: Under subrogation, when an

employer discovers that a bonded employee has embezzled funds, the insurance company takes the place of the employer to obtain return of the funds


Four Types of Noncash Theft

1. Unconcealed larceny (theft of physical assets)

2. Falsified shipping or receiving reports

3. Fraudulent shipments

4. Fraudulent write-offs


Unconcealed Larceny Review: Larceny is unlawfully taking something from another entity or personWhy is unconcealed larceny not reported?

People assume that co-workers are honest Loyalty to friends Seeing the world as management vs. labor Poor channels of communication Personal involvement in the theft Fear of job loss if the thief is a superior


Falsified Receiving/Shipping Reports

The most common kinds of theft:Receiving reports—normal goods are reported as defective to cover up theftShipping reports—goods are shipped to a cohort’s home or business address

Example: The thief puts an accomplice’s address on the shipping report Retailer example: Same scheme—the goods are then “returned” for cash


Fraudulent Write-offsFraudulent write-offs can take many forms: Forcing the reconciliation of accountsExample: Stealing goods, then covering up

the theft with a journal entry, such as: COGS XXX Inventory XXX

Altering inventory recordsExample: The thief overstates the physical count of goods on hand to match the altered records, thus covering up the theft


Fraudulent Write-offs Creating a fictitious sales order Example: The thief records a fictitious sale, then

covers up the unpaid order by debiting the amount to: an overdue A/R, or Discounts and Allowances Bad Debt Inventory Shortage Expense

Writing off good inventory as scrap, then taking it home, or selling it and keeping the cash, or giving it to an accomplice


When there is no centralized department When there is no centralized department to receive and store merchandiseto receive and store merchandise


Red Flags of Inventory Theft These include (see workbook pages 3-4): High levels of inventory shrinkage Frequent customer complaints about shipment

shortages Unsupported adjustments to perpetual

inventory records Excessive purchases of materials or

merchandise An unexplained increase in COGS as a

percentage of sales


1. Proper documentation, properly monitored Purchase orders, receiving reports, sales

orders, and shipping documents should be pre-numbered and the numerical sequence monitored

Shipping documents should require a sales order

Paying an invoice should require supporting documents—a purchase order and receiving report

Five Inventory Internal Controls


Five Inventory Internal Controls2. A system for storing and counting

inventory: Periodic physical counts of all inventory Instructions on how to account for missing,

unused and voided tags A practical system for describing/identifying

inventory


3. Segregation of duties Different employees should be responsible

for authorization v. recordkeeping v. custody of assets

Examples:• An employee authorized to initiate a purchase

order cannot record the purchase and cannot receive the goods or pay the invoice

• An employee working in the warehouse cannot have authority to initiate a sales order and cannot record incoming or outgoing inventory



3. Segregation of duties



4. Physical safeguards Lock up valuable inventory Restrict access to only authorized parties Consider adding cameras, guards and

electronic access logs



5. Analytical reviews—periodic checks of: COGS as a percentage of Sales (is it

higher?) Percentage gross margin [Sales – COGS] ÷÷

Sales (how does it compare to last period?) Inventory turnover rate [COGS ÷÷ Avg. Inv.]

(how does it compare to last period?) Cost per unit (how does it compare to

previous periods?)



Which Employees May Steal?Experience shows that the employees likely to steal often: Express deep-seated resentment Have an inexplicably lavish lifestyle Have addictions (gambling, drugs, alcohol) Are overextended (indicated by frequent phone

calls from creditors)


Which Employees May Steal?Pressure

Opportunity Justif icationPoor internal

controls

Addictions Overextended

Perceivedmistreatment


How to Prevent Employee Theft To prevent employee theft: Do not hire high-risk applicants

Verify past employment • Ask whether the person is eligible to be rehiredObtain a candidate’s written consent before

checking

Check for criminal convictions• If Nexis or ChoicePoint does not have

information, go to the county courthouse and check the criminal records in the criminal courts division


Require drug screening of applicants—and possibly current employees

Consult a labor lawyer before implementing Check references—actually call each one Verify degrees, certifications and licenses

How to Prevent Employee Theft


Perform internal audits and always include: Expense reports Purchasing records Sales records Cash accounts Customer complaints

Have the audit performed by someone who does not handle the records audited

How to Prevent Employee Theft


Theft insurance, fidelity bonds, covers: Routine theft and embezzlement Commercial bribery and stock fraud Lost earnings from theft of listsOptional riders may cover losses from: Counterfeit paper currency/money orders Forgery (deposits, credit cards, computer)Your company must prove that: Fraud was the cause of the losses claimed There is an identified suspect

Protection Against Employee Theft


The policy’s subrogation provision guarantees the insurer: The right to sue the wrongdoer No interference with the right to sue No settlement without the insurer’s consentFunds collected in excess of the policy amount are paid to the insured (your firm)

Protection Against Employee Theft


Signs of Employee TheftTypical signs of theft An A/R balance does not equal the sum of the

subsidiary A/R balances Slow collections or unusually high bad debt

write-offs Checking accounts do not reconcile Hard-copy files include copies, not originals

For a complete list, see workbook page 18


Fraud Controls in Very Small FirmsControls for firms with 1 or 2 employees: Have tax and bank statements mailed to the

owner’s home Shuffle bank statement pages (to give the impression

that bank statements are reviewed) Involve the owner’s spouse

Spouses are less trusting of employees Spouses are more curious about fraud Spouse should attend the first internal controls meeting If a spouse is replaced by an employee, beef up

controls

Check FraudThe most common types: Checks written on insufficient funds Checks written on a closed account Counterfeit checks Forged checks from the employee’s company Employee theft of vendor’s checks


Check TheftThe most common types: Checks or statements stolen (to order more

with the company image/logo) Check washing (payee and amount are erased

and new data inserted) Check stock with imprinted account data is

stolen



Check Fraud SchemesThe most common types: Check kiting

Nonexistent funds are deposited, a check is written on the account depositing the “funds” in another bank, etc.

Paperhangers Pass phony checks to distracted employees

requesting cash back Women with crying baby distracts employee

Stop-payment orders Forged travelers’ checks—$100 common


Spotting CounterfeitsSigns that a check is counterfeit: A slick feel—because on color copies the

print is not raised as on genuine checks Lack of texture No watermark or micro printing or hologram

—even high-quality offset lithography may lack one


New Check-Printing TechnologiesNew methods of printing help prevent fraud: Prismatic lithography—uses color patterns that

are difficult to separate (and hard to imitate) Scrambled indicia—uses a pattern of colored

dots that becomes a word when seen through a colored filter

Micro-line—uses a microscopic line of tiny letters


New Check-Printing Technologies Hologram—when a hologram on a check is

viewed from different angles, it changes appearance and color

Security seal on back—the seal becomes visible when held up to the light


What to Look forWhen reviewing cancelled company

checks: Fan the checks to spot slightly different colors Investigate gaps in check numbering Investigate long-outstanding checks Investigate too many second endorsements


Employee Check FraudEmployment taxes are a favorite target Ask the owner/spouse/outside bookkeeper to

check endorsements Be aware that an outside payroll service may

have a dishonest employee with access to company financial data

For a complete list, see workbook pages 32


Customer Check FraudTo prevent customer check fraud: Have a policy—e.g., employees must examine

each piece of customer ID, such as: Valid, signed driver’s license with recent photo A second photo ID (do not accept Social Security

cards, business cards, birth certificates, unsigned credit cards)

Use deterrents, such as The company check acceptance policy in plain view An electronic security system in plain view


Customer Check FraudHave a strict check acceptance policy Train employees on what to look for Have employees ask for additional ID or consult

supervisor if a customer is: Overly polite Especially nervous Aggressive Hurried Overly careful in signing a check Tries to distract employee while writing check


Customer Check FraudSystems that help prevent fraud include: Bank verification, e.g., 900 numbers to call Shared information networks Check guarantors—typical charge, 1.5% –2.25%



Credit Card FraudTo prevent fraud: Show employees How fraud schemes work How to spot counterfeit and forged credit cards Establish a liaison with local law enforcement


Schemes Using Lost or Stolen Cards

The most common schemes are: Fraudulent advances or overpayments

Using bad checks for advance payments on stolen cards—then running up charges before the bad check is discovered

Shave and paste Shaving off the old letters/numbers on the card and

pasting on new ones

De-emboss/re-emboss Flattening raised characters using heat and pressure,

then raising new characters with an embosser



Counterfeit cards Cause the greatest losses Can be sophisticated Use a phony hologram• Telltale sign: The hologram does not

change color when viewed from different angles



Credit card numbers—obtained through fraudulent phone calls or mail order: “You have won a free trip—we must verify

your card number before sending it to you” “This is Visa. We have a report that your

card was stolen—please verify your card number”



Other credit card fraud schemes: Sending out a false application for a credit card

to obtain personal data Intercepting a new card on route Obtaining a merchant number (by reading the

magnetic strip on a stolen card), then using this number to obtain the balance on the card and charging purchases to it (“skimming”).

For a complete list, see page 47 of your workbook.


Spotting ScamsEmployees can be trained to: Spot customer behavior that may indicate

fraud (workbook page 48) Spot bad cards (page 49)

Checking a Visa CardUltraviolet-sensitive dove is visible on the face of the card when placed under an ultraviolet light.

A four-digit number must be printed directly below the account number and match exactly the first 4 digits of the account number. Both must begin with “4.”

Embossed or printed account number must begin with “4.” All digits must be clear, even and of the same size/shape. But on a re-embossed card, the numbers may be fuzzy. Always check the hologram where it’s easier to spot a re-embossed number.

The hologram , a flying dove, should look three-dimensional and seem to move when the card is tilted back and forth.

“Good thru” (or “valid thru”). This date, below the account number, is the card’s expiration date. If today’s date is later than this date, the card has expired.

The flying “V” embossed security character next to the “Good Thru” date is not a required security feature and therefore may not be on all cards.

Visa logo should have micro-printing around its border. This printing is barely readable without a magnifying glass.

Checking a MasterCard1. The first four digits of the account number

must match the preprinted four-digit BIN (bank identification number). All MasterCard account numbers must start with “5.”

2. The last four digits of the account number must match the four digits that appear on the cardholder’s receipt.

3. The hologram, two globes with “MasterCard” in the background, should look three-dimensional. When rotated, the hologram should reflect light and seem to move.

4. The stylized “MC” security feature has been discontinued, but may continue to appear on cards through June 01, 2010.

Checking a MasterCard

5. The signature panel has “MasterCard” printed at a 45 angle in various colors. Any tampering will smudge or erase some of the letters. For swiped transactions, compare the signature on the card with the cardholder’s signature on the receipt.

6. On the signature panel, there are seven digits—the first four must match the last four of the account number. Slightly to the right is a printed three-digit CVC2 (verification) number.

2. All AMEX account numbers start with “3” in clear, uniform, embossed numbers with the same size and spacing. This number should match the account number on the back of the card—and the one on the printed receipt.

Checking an AMEX1. The preprinted Identification Number (CID)

(verification number) is not embossed. It should always appear above the account number, on the right or left edge of the card.

4. Do not accept a card after its expiration date.

3. The centurion should be printed in the kind of fine detail you see on U.S. currency When viewed under ultraviolet light, the centurion should be phosphorescent and you should see the word “AMEX.”

5. Only the person whose name is embossed on the card may use it—no one else.

6. This statement gives American Express the right to take possession of the card at any time.

Checking an Amex Card

7. Some cards have a hologram of the American Express image embedded in the magnetic strip.

8. The signature panel should not be taped, mutilated, erased or painted over. Check the signature on the back of the card against the one on the transaction receipt. If a customer gives you an unsigned card, request a photo ID with signature—then ask the customer to sign the card and transaction receipt while you hold the ID. (Check with management before implementing this policy.)


Company Credit CardsCertain policies can greatly reduce losses: No personal use unless authorized by company Employees must reimburse company for

personal charges promptly Unsubstantiated charges are deducted from pay

(consult a lawyer before implementing) Normal documentation must be submitted (not

just the charge slip) Stolen/lost cards must be reported within 3 days


How Vendors Cheat You Vendors cheat companies in many ways: Bribery

Paying an employee to influence a purchase decision

Inducing employees to act as vendor’s agent• Employees have a legal obligation to act in the

employer’s best interests• Employees must refrain from self-dealing or

using their position to further personal interests at the employer’s expense


How Vendors Cheat You Telemarketing fraud

To prevent being scammed on advertising materials • Check vendors with Better Business Bureau (BBB) • Get customer references—ask for samples• Do not be pressured into a purchase• Get a contract with a small or no down payment

To prevent being scammed on internet services:• Shop around for access services and others• Be suspicious of incredibly cheap offers• Check terms • Ask for free trials and samples of past work• Consider local vendors (they rely on referrals)


How Vendors Cheat You Paper and toner scams

Do not remit payment until you know that your company has received the items

Designate one employee to be in charge of ordering office supplies

Beware of “last chance” offers Ask for a phone number and call it—if it is a

company, it should also have a switchboard number with zeros—e.g., 555-5100

If there is a dispute—put it in writing


How Vendors Cheat You Loan scams

Ask your company’s bank first—if it refuses, find out what is needed to reverse the decision

Be cautious of unsolicited offers—do not believe loan ads regardless of credit problems

Get all loan terms in writing before signing, including payment schedule and interest rates

Watch for red flags of a scam, such as:• Upfront processing fees• Application fees• First-payment fees


How Vendors Cheat You Buyers’ club scams

Get details—be wary of upfront costs, such as a welcome package for which you “just pay shipping and handling”

Comparison shop Be skeptical—just because the buyers’ club gives

you some financial data does not make it legitimate Watch for unauthorized charges—if you see one,

contact your credit card issuer immediately


How Vendors Cheat YouTelemarketing scams law enforcement FTC laws enacted in 1995 require that:

Salespeople must clearly identify themselves and company by name and provide a phone number

Vendors must provide certain services and information before demanding payment

Vendors may call only between 8 a.m. and 9 p.m. Vendors must provide details of the offer in “clear

and conspicuous” writing that is easy to understand —before closing the sale


How Vendors Cheat YouResources for checking out vendors: FBI lists of “Common Fraud Scams” Better Business Bureau (BBB) lists of

companies with customer complaints—and whether they were resolved

National Fraud Information Center (NFIC) rankings of telemarketing, internet and other frauds by frequency

Federal Trade Commission (FTC)

Education

Mastering Internal Controls and Fraud Prevention