How to Prevent and Detect Fraud in Your Organization
1. How To Prevent &
Detect Fraud In
Your Organization
Ernie Paszkiewicz, CPA
2. Fraud in audit and accounting jargon
• COSO is the acronym for the Committee
of Sponsoring Organizations of the
Treadway Commission
• They issued the report called “Internal
Control-Integrated Framework” in 1992
and expect to issue update in 1st quarter of
2013
3. COSO report
• States that the objectives of an internal
control system are to ensure:
– Efficient and effective operations
– Accurate financial reporting
– Compliance with laws and regulations
4. Other A&A jargon
• Sarbanes-Oxley AKA SOX and SAR-BOX
(can tell you good stories about Sen.
Sarbanes and some of his comments)
• SAS 99
• Inherent risk
• Control risk
• Combined risk
5. The good news is that we
are not talking about any of
the jargon today.
6. Real world fraud discussion
• Basically there are two or three types of
frauds depending on who you listen to
– Misappropriation of assets (theft)
– Financial statement fraud (mostly big guys)
– Bribery and corruption
7. Most should be concerned about
misappropriation or theft
• Financial audits are designed to detect fraud
= FALLACY
• Commonly referred to as the “expectation gap”
• Seems to have been around a long time, just like
frauds have been around forever
• Opt for review or compilation with some agreed
upon procedures instead of audit if possible
8. Extent of fraud / theft
• U.S. Chamber of Commerce estimates
theft by employees costs American
companies $20-$40 billion each year
• Employee theft 15 times more likely than
nonemployee theft
• 75% of thefts go unnoticed and unreported
9. Extent of fraud / theft
• Another chamber survey says:
– Rule of thumb is a company loses 1-2% of its
sales to crime, mostly committed by or in
collusion with employees
– 78% of 126 “prosecuted” cases of employee
fraud involved simple theft of cash, checks
inventory or other property
10. Extent of fraud / theft
– 60% of prosecuted cases and 97% of frauds
reported by CPAs involved cash
– Frauds involving noncash assets, while less
frequent, often produced larger losses
11. Extent of fraud / theft
– Cash frauds by responsibility area
• Accounting / finance 70%
• Teller / customer service 9%
• Marketing / sales 6%
• Purchasing 3%
• DP 2%
• Manufacturing / production 2%
• Shipping / receiving 1%
• Other 7%
12. Extent of fraud / theft
• Cash fraud by level of responsibility
– Part owner 3%
– Management 19%
– Supervisor 22%
– Clerk / bookkeeper 56%
13. Extent of fraud / theft
• Average fraud scheme runs less than two
years
• Left unchecked it grows in amount and
frequency
• It often involves a trusted employee
14. What should you do?
• Don’t go back and think everyone is stealing;
be aware that not everyone is dishonest, but
neither is everyone completely honest
• Blame the accountant: “I trust you, but my
accountant says I have to do things this way.”
• Blame your insurance person: “If we do this we
will get a discount on our insurance.”
15. What should you do?
• Blame the lottery: “I trust you, but if you hit the
lottery tomorrow and retire I need good
procedures in place for the next person since I
won’t know them like I know you.”
• Brainstorm what could happen and figure out
how to plug the holes
17. Prevention vs. detection
• Cost benefit of prevention
– Prevention attacks the opportunity side of the
fraud triangle
– Sometimes it’s cheaper to let the little things
through, rather than hiring another person for
absolute segregation of duties
18. Examples of preventative controls
• Having security guards in lobbies
• Keeping high dollar inventory or
equipment in secured areas
• Keeping unissued and cancelled checks
under lock and key
19. Examples of preventative controls
• Removing excess cash from registers and
keeping in time lock controlled safes
• Checking account arrangements where
checks are preapproved or they don’t clear
• Use camera monitoring systems including
fake cameras
20. Examples of detection controls
• Reviewing cancelled checks and bank
statements for alterations or forgeries
• Periodic test counts of inventory and
comparing to perpetual systems
• Surprise cash counts
• Tagging inventory with theft alarm tags
21. Common theft schemes
• Dipping into cash registers / funds
• Fake employees on payroll
• Extra pays to real employees
• Issuing phony refunds
• Issuing phony receivable credits
23. Common theft schemes
• Inventory and supply thefts
• Equipment thefts (computers and
peripherals)
• Fictitious vendors
24. Cash controls
• Have bank statements sent to owner’s
house to review first before they are
opened at the office
• Implement segregation of incompatible
duties as much as you can
• Bond employees who handle cash
25. Cash controls
• Do background checks when hiring
(not only a cash control area)
• Limit check signing authority
• Review supporting documents when
signing checks, then give to someone
other than the person who prepared them
to mail
26. Cash controls
• Never pre-sign checks even if they need
two signatures
• Check sequencing of pre-numbered
checks
27. Cash controls
• Avoid signature stamps or signing
machines if possible; implement controls
over stamp / machine key if you have to
use them
• Control and deposit receipts daily
28. Cash controls
• Have independent reviews of payrolls for
reasonableness
• Review accounts receivable charge offs
• Review credit card adjustments
• Review all adjustments to bank
reconciliation
29. Cash controls
• Set check limits with bank to get a call re:
any check over a certain dollar limit
Any other ideas?
30. Some REAL LIFE stories
• Trusted employee forging checks and
paying her husband’s business
• Bookkeeper steals from elderly and retired
nuns
• Man gets out of jail for embezzlement and
friend hires him. He then steals from the
“friend.”
31. Some REAL LIFE stories
• Bookkeeper steals from company, gets
fired but not prosecuted, goes to another
company and starts all over
• New CFO gets hired and writes payments
to bank that look like payroll tax payments,
but are really deposits into his own
account
32. Some REAL LIFE stories
• Company made all payroll tax payments,
but still on the hook when payroll company
steals the tax money
• Employees take inventory and toss in
dumpster during day and come back and
get it at night
33. Some REAL LIFE stories
• Petty cash limit is low but reimbursed
frequently and portion is due to theft of a
lot of small amounts
• Credit / debit card skimmers used to get
I.D. off cards (gas stations, restaurants,
etc.)
34. Some REAL LIFE stories
• Credit card switches – your card for
someone else’s card
• RFID scanning without touching your card
35. Other considerations
• Consider internal audit if larger company;
if smaller company, maybe hire someone
part time for limited testing
• Set up a finance committee
• Put an accountant on your board
• Have a board member review bank
statements
36. CAAT – computer assisted audit
techniques
• IDEA
• Active Data
• Excel
• ACL
• Many others
37. CAAT uses
• Search for duplicate addresses
• Search for breaks in sequences
• Search for duplicate vendors
• Stratify $ range of payments and sort by vendor
• Check invoice to shipping dates
• Benford’s Law
• Any data extraction and comparison you can
think of