1 developing internal controls to prevent fraud neal crowley office of university audits
TRANSCRIPT
11
DEVELOPING INTERNAL DEVELOPING INTERNAL CONTROLS TO PREVENT CONTROLS TO PREVENT
FRAUDFRAUD
Neal CrowleyNeal CrowleyOffice of University AuditsOffice of University Audits
22
ObjectivesObjectives
What is fraud.What is fraud.Reasons to commit fraud.Reasons to commit fraud.Elements necessary for fraud to occur.Elements necessary for fraud to occur.Behavior of fraudsters.Behavior of fraudsters.Red flag fraud indicators.Red flag fraud indicators.Internal control and its types.Internal control and its types.Walkthrough an example of internal control Walkthrough an example of internal control design. (Audience participation).design. (Audience participation).Internal Control limitations.Internal Control limitations.Interactive - ask questionsInteractive - ask questions
33
Our Office assists UI Management Our Office assists UI Management and the UIC Police in fraud and the UIC Police in fraud
investigationsinvestigations
It is after the fact. It is after the fact.
It consumes a lot of resources.It consumes a lot of resources.
It never seems to end.It never seems to end.
44
What is Fraud?What is Fraud?
Honestly, there is Honestly, there is
no right definition for the no right definition for the
many unique instancesmany unique instances
that are difficult to detect.that are difficult to detect.
55
Fraud defined by Black’s Law Fraud defined by Black’s Law Dictionary is:Dictionary is:
“…“…all multifarious means which human ingenuity all multifarious means which human ingenuity can devise, and which are resorted to by one can devise, and which are resorted to by one
individual to get an advantage over another by false individual to get an advantage over another by false suggestions or suppression of the truth. It includes suggestions or suppression of the truth. It includes all surprise, trick, cunning, or dissembling, and any all surprise, trick, cunning, or dissembling, and any
unfair way by which another is cheated.”unfair way by which another is cheated.”
66
Why commit fraud?Why commit fraud?
2 common justifications fraudsters give as 2 common justifications fraudsters give as reasons for their actionsreasons for their actions– For the fraudster’s personal enrichment For the fraudster’s personal enrichment
(against the organization).(against the organization).– For the betterment of the company (for the For the betterment of the company (for the
organization).organization).
Either way its wrong.Either way its wrong.
77
Circumstances necessary for fraud Circumstances necessary for fraud and white-collar crime to be and white-collar crime to be
perpetrated and provedperpetrated and proved
IntentIntent
Disguise of purposeDisguise of purpose
RelianceReliance
Voluntary victim Voluntary victim actionaction
ConcealmentConcealment
88
Intent is to knowingly to commit a Intent is to knowingly to commit a wrongful act or to achieve a purpose wrongful act or to achieve a purpose inconsistent with law or public policy.inconsistent with law or public policy.
Common ways to show intent are proof that the Common ways to show intent are proof that the accused: accused: – Make conflicting statements.Make conflicting statements.– Had no legitimacy for the wrongful actions.Had no legitimacy for the wrongful actions.– Repeatingly engaged in wrongful acts.Repeatingly engaged in wrongful acts.– Act to impede the investigation.Act to impede the investigation.– Make blatantly false statements.Make blatantly false statements.– Make an admission.Make an admission.
99
Disguise of purpose is falsities or Disguise of purpose is falsities or misrepresentations employed to misrepresentations employed to
accomplish the scheme.accomplish the scheme.
This is shown by the facts that the representation This is shown by the facts that the representation was made and it was false, either by omission or was made and it was false, either by omission or commission. commission.
This means the fraudster gets trapped in their This means the fraudster gets trapped in their lies or complexity of trying to hide their lies or complexity of trying to hide their wrongdoing. wrongdoing.
A confession is when this element is discovered.A confession is when this element is discovered.
1010
RelianceReliance
By the offender on the ignorance or By the offender on the ignorance or carelessness of the victim. Unwittingly, the unit carelessness of the victim. Unwittingly, the unit being victimized assists the fraudster. An being victimized assists the fraudster. An example would be a P-Cardholder using their example would be a P-Cardholder using their assigned card for personal use. The cardholder assigned card for personal use. The cardholder is their own reconciler and reconciles the unit’s is their own reconciler and reconciles the unit’s financial statements. The unit’s Director does financial statements. The unit’s Director does not review the statements or expenditure not review the statements or expenditure supporting documentation and relies on supporting documentation and relies on information provided by the cardholder.information provided by the cardholder.
1111
Voluntary victim actionVoluntary victim action
The unit being ripped off provides The unit being ripped off provides assistance to the offender. assistance to the offender.
This assistance is usually in the form of This assistance is usually in the form of fiduciary capacity. fiduciary capacity. – The unit gave the offender the authority to The unit gave the offender the authority to
perform a business transaction did so trusting perform a business transaction did so trusting he/she would act in the best interests of the he/she would act in the best interests of the unit, however it does not review or verify unit, however it does not review or verify transactions appropriate University business. transactions appropriate University business.
1212
ConcealmentConcealment
All frauds have concealment of the All frauds have concealment of the offense. This is what differentiates fraud offense. This is what differentiates fraud from other crimes. Armed robbery is not from other crimes. Armed robbery is not concealed. concealed.
The extent that fraudsters go to conceal The extent that fraudsters go to conceal their crime is quite extensive. They may their crime is quite extensive. They may create false invoices, vendors, or create false invoices, vendors, or employees, to cover their tracks.employees, to cover their tracks.
1313
General Characteristics of Fraud General Characteristics of Fraud PerpetratorPerpetrator
Individual is trusted.Individual is trusted.Usually start small and Usually start small and then get greedy.then get greedy.Act is intentionally Act is intentionally concealed.concealed.Employee doesn’t take Employee doesn’t take vacation.vacation.Never gives a definitive Never gives a definitive answer to direct answer to direct questions.questions.Never let others review Never let others review their work. their work.
1414
General Characteristics of Fraud General Characteristics of Fraud PerpetratorPerpetrator
Works long hours; first in/last out.Works long hours; first in/last out.Always want to control their work with no Always want to control their work with no supervision. supervision. Opposes cross training.Opposes cross training.Likeable and generous.Likeable and generous.Personality may change, moodiness may set in, Personality may change, moodiness may set in, when stress of the fraud catches up to them, or when stress of the fraud catches up to them, or when they are about to be caught.when they are about to be caught.Secretive, evasive and usually good at lying.Secretive, evasive and usually good at lying.
1515
Fraud Fraud RedRed Flags Flags
Not separating functional responsibilities of Not separating functional responsibilities of authorization, custodianship, and record authorization, custodianship, and record keeping. No one should be responsible for all keeping. No one should be responsible for all aspects of a function from the beginning to the aspects of a function from the beginning to the end of the process.end of the process.Unrestricted Unrestricted access to assets or sensitive data access to assets or sensitive data (e.g., cash, personnel records, etc.).(e.g., cash, personnel records, etc.). Not recording transactions resulting in lack of Not recording transactions resulting in lack of accountability.accountability. Not reconciling assets with the appropriate Not reconciling assets with the appropriate records. records.
1616
More More RedRed Flags Flags
Unauthorized transactionsUnauthorized transactions
Controls not implemented due to lack of Controls not implemented due to lack of personnel or adequate trainingpersonnel or adequate training
““Walk through” approvalsWalk through” approvals
Unimplemented ControlsUnimplemented Controls
Living beyond one’s meansLiving beyond one’s means
1818
Fraud deterrence starts with Fraud deterrence starts with ManagementManagement
Management sets the tone of the Management sets the tone of the organization.organization.
Strong internal control environment-review Strong internal control environment-review and monitoring of transactions.and monitoring of transactions.
Communicating expectations.Communicating expectations.
Analyzing variances.Analyzing variances.
Balancing resources.Balancing resources.
1919
Types of Internal ControlsTypes of Internal Controls
Detective (rear view mirror)Detective (rear view mirror)– Designed to detect errors or irregularities that Designed to detect errors or irregularities that
may have occurred.may have occurred.
Preventive (thru the windshield)Preventive (thru the windshield)– Designed to keep errors or irregularities from Designed to keep errors or irregularities from
occurring in the first place. occurring in the first place.
Corrective (ticket and fine)Corrective (ticket and fine)– Designed to correct errors or irregularities that Designed to correct errors or irregularities that
have been detected. have been detected.
2020
Detective Control ExamplesDetective Control Examples
Account reviews and reconciliations. Account reviews and reconciliations.
Periodic physical inventory counts. Periodic physical inventory counts.
Transaction edits. Transaction edits.
Internal auditors. Internal auditors.
2121
Preventive Control ExamplesPreventive Control Examples
Restricted access.Restricted access.
Credit checks. Credit checks.
Job descriptions Job descriptions
Required authorization signatures. Required authorization signatures.
Data entry checks. Data entry checks.
Physical control over assets to prevent Physical control over assets to prevent their improper use. their improper use.
2222
Corrective Control ExamplesCorrective Control Examples
Budget variance reports. Budget variance reports.
Formal Controlled Self-assessment Formal Controlled Self-assessment programs.programs.
Quality circle teams. Quality circle teams.
2323
Internal control design Internal control design considerationsconsiderations
Any control needs to fit Any control needs to fit your resources.your resources.
Build in segregation of Build in segregation of duties. duties.
Communicate to all Communicate to all employees how the employees how the particular business particular business process is suppose to process is suppose to work. work.
Management oversight. Management oversight.
2424
Walkthrough the design of an Walkthrough the design of an internal controlinternal control
(Audience Participation)(Audience Participation)
Need criteria for an exampleNeed criteria for an example– Business processBusiness process– Number of people involvedNumber of people involved– Type of control wantedType of control wanted
2525
Internal Control LimitationsInternal Control Limitations
They can only provide reasonable They can only provide reasonable assurance that objectives have been assurance that objectives have been achieved. Inherent limitations include:achieved. Inherent limitations include:– JudgmentJudgment– BreakdownsBreakdowns– Management overrideManagement override– CollusionCollusion
2626
Our office will provide training Our office will provide training to Colleges and Schools that to Colleges and Schools that
request it. request it.
Please contact me at 6-2748 Please contact me at 6-2748 or at or at [email protected]@uic.edu for for
further information.further information.
2727
Reference Links Reference Links
FraudFraud– http://www.acfe.com/http://www.acfe.com/– http://www.fbi.gov/majhttp://www.fbi.gov/maj
cases/fraud/fraudschecases/fraud/fraudschemes.htmmes.htm
– http://www.pueblo.gsa.http://www.pueblo.gsa.gov/scamsdesc.htmgov/scamsdesc.htm
– http://www.finaid.org/shttp://www.finaid.org/scholarships/fraudact.pcholarships/fraudact.phtmlhtml
Internal ControlInternal Control– http://www.obfs.uillinoihttp://www.obfs.uillinoi
s.edu/manual/index.hts.edu/manual/index.htmlml
– http://www.audits.uillinhttp://www.audits.uillinois.edu/ois.edu/
– http://www.theiia.org/http://www.theiia.org/– http://www.pcaobus.orhttp://www.pcaobus.or
g/g/– http://www.coso.org/http://www.coso.org/– http://www.sarbanes-ohttp://www.sarbanes-o
xley.com/xley.com/