11

DEVELOPING INTERNAL DEVELOPING INTERNAL CONTROLS TO PREVENT CONTROLS TO PREVENT

FRAUDFRAUD

Neal CrowleyNeal CrowleyOffice of University AuditsOffice of University Audits

22

ObjectivesObjectives

What is fraud.What is fraud.Reasons to commit fraud.Reasons to commit fraud.Elements necessary for fraud to occur.Elements necessary for fraud to occur.Behavior of fraudsters.Behavior of fraudsters.Red flag fraud indicators.Red flag fraud indicators.Internal control and its types.Internal control and its types.Walkthrough an example of internal control Walkthrough an example of internal control design. (Audience participation).design. (Audience participation).Internal Control limitations.Internal Control limitations.Interactive - ask questionsInteractive - ask questions

33

Our Office assists UI Management Our Office assists UI Management and the UIC Police in fraud and the UIC Police in fraud

investigationsinvestigations

It is after the fact. It is after the fact.

It consumes a lot of resources.It consumes a lot of resources.

It never seems to end.It never seems to end.

44

What is Fraud?What is Fraud?

Honestly, there is Honestly, there is

no right definition for the no right definition for the

many unique instancesmany unique instances

that are difficult to detect.that are difficult to detect.

55

Fraud defined by Black’s Law Fraud defined by Black’s Law Dictionary is:Dictionary is:

“…“…all multifarious means which human ingenuity all multifarious means which human ingenuity can devise, and which are resorted to by one can devise, and which are resorted to by one

individual to get an advantage over another by false individual to get an advantage over another by false suggestions or suppression of the truth. It includes suggestions or suppression of the truth. It includes all surprise, trick, cunning, or dissembling, and any all surprise, trick, cunning, or dissembling, and any

unfair way by which another is cheated.”unfair way by which another is cheated.”

66

Why commit fraud?Why commit fraud?

2 common justifications fraudsters give as 2 common justifications fraudsters give as reasons for their actionsreasons for their actions– For the fraudster’s personal enrichment For the fraudster’s personal enrichment

(against the organization).(against the organization).– For the betterment of the company (for the For the betterment of the company (for the

organization).organization).

Either way its wrong.Either way its wrong.

77

Circumstances necessary for fraud Circumstances necessary for fraud and white-collar crime to be and white-collar crime to be

perpetrated and provedperpetrated and proved

IntentIntent

Disguise of purposeDisguise of purpose

RelianceReliance

Voluntary victim Voluntary victim actionaction

ConcealmentConcealment

88

Intent is to knowingly to commit a Intent is to knowingly to commit a wrongful act or to achieve a purpose wrongful act or to achieve a purpose inconsistent with law or public policy.inconsistent with law or public policy.

Common ways to show intent are proof that the Common ways to show intent are proof that the accused: accused: – Make conflicting statements.Make conflicting statements.– Had no legitimacy for the wrongful actions.Had no legitimacy for the wrongful actions.– Repeatingly engaged in wrongful acts.Repeatingly engaged in wrongful acts.– Act to impede the investigation.Act to impede the investigation.– Make blatantly false statements.Make blatantly false statements.– Make an admission.Make an admission.

99

Disguise of purpose is falsities or Disguise of purpose is falsities or misrepresentations employed to misrepresentations employed to

accomplish the scheme.accomplish the scheme.

This is shown by the facts that the representation This is shown by the facts that the representation was made and it was false, either by omission or was made and it was false, either by omission or commission. commission.

This means the fraudster gets trapped in their This means the fraudster gets trapped in their lies or complexity of trying to hide their lies or complexity of trying to hide their wrongdoing. wrongdoing.

A confession is when this element is discovered.A confession is when this element is discovered.

1010

RelianceReliance

By the offender on the ignorance or By the offender on the ignorance or carelessness of the victim. Unwittingly, the unit carelessness of the victim. Unwittingly, the unit being victimized assists the fraudster. An being victimized assists the fraudster. An example would be a P-Cardholder using their example would be a P-Cardholder using their assigned card for personal use. The cardholder assigned card for personal use. The cardholder is their own reconciler and reconciles the unit’s is their own reconciler and reconciles the unit’s financial statements. The unit’s Director does financial statements. The unit’s Director does not review the statements or expenditure not review the statements or expenditure supporting documentation and relies on supporting documentation and relies on information provided by the cardholder.information provided by the cardholder.

1111

Voluntary victim actionVoluntary victim action

The unit being ripped off provides The unit being ripped off provides assistance to the offender. assistance to the offender.

This assistance is usually in the form of This assistance is usually in the form of fiduciary capacity. fiduciary capacity. – The unit gave the offender the authority to The unit gave the offender the authority to

perform a business transaction did so trusting perform a business transaction did so trusting he/she would act in the best interests of the he/she would act in the best interests of the unit, however it does not review or verify unit, however it does not review or verify transactions appropriate University business. transactions appropriate University business.

1212

ConcealmentConcealment

All frauds have concealment of the All frauds have concealment of the offense. This is what differentiates fraud offense. This is what differentiates fraud from other crimes. Armed robbery is not from other crimes. Armed robbery is not concealed. concealed.

The extent that fraudsters go to conceal The extent that fraudsters go to conceal their crime is quite extensive. They may their crime is quite extensive. They may create false invoices, vendors, or create false invoices, vendors, or employees, to cover their tracks.employees, to cover their tracks.

1313

General Characteristics of Fraud General Characteristics of Fraud PerpetratorPerpetrator

Individual is trusted.Individual is trusted.Usually start small and Usually start small and then get greedy.then get greedy.Act is intentionally Act is intentionally concealed.concealed.Employee doesn’t take Employee doesn’t take vacation.vacation.Never gives a definitive Never gives a definitive answer to direct answer to direct questions.questions.Never let others review Never let others review their work. their work.

1414

General Characteristics of Fraud General Characteristics of Fraud PerpetratorPerpetrator

Works long hours; first in/last out.Works long hours; first in/last out.Always want to control their work with no Always want to control their work with no supervision. supervision. Opposes cross training.Opposes cross training.Likeable and generous.Likeable and generous.Personality may change, moodiness may set in, Personality may change, moodiness may set in, when stress of the fraud catches up to them, or when stress of the fraud catches up to them, or when they are about to be caught.when they are about to be caught.Secretive, evasive and usually good at lying.Secretive, evasive and usually good at lying.

1515

Fraud Fraud RedRed Flags Flags

Not separating functional responsibilities of Not separating functional responsibilities of authorization, custodianship, and record authorization, custodianship, and record keeping. No one should be responsible for all keeping. No one should be responsible for all aspects of a function from the beginning to the aspects of a function from the beginning to the end of the process.end of the process.Unrestricted Unrestricted access to assets or sensitive data access to assets or sensitive data (e.g., cash, personnel records, etc.).(e.g., cash, personnel records, etc.). Not recording transactions resulting in lack of Not recording transactions resulting in lack of accountability.accountability. Not reconciling assets with the appropriate Not reconciling assets with the appropriate records. records.

1616

More More RedRed Flags Flags

Unauthorized transactionsUnauthorized transactions

Controls not implemented due to lack of Controls not implemented due to lack of personnel or adequate trainingpersonnel or adequate training

““Walk through” approvalsWalk through” approvals

Unimplemented ControlsUnimplemented Controls

Living beyond one’s meansLiving beyond one’s means

1717

What can you do about What can you do about fraud?fraud?

1818

Fraud deterrence starts with Fraud deterrence starts with ManagementManagement

Management sets the tone of the Management sets the tone of the organization.organization.

Strong internal control environment-review Strong internal control environment-review and monitoring of transactions.and monitoring of transactions.

Communicating expectations.Communicating expectations.

Analyzing variances.Analyzing variances.

Balancing resources.Balancing resources.

1919

Types of Internal ControlsTypes of Internal Controls

Detective (rear view mirror)Detective (rear view mirror)– Designed to detect errors or irregularities that Designed to detect errors or irregularities that

may have occurred.may have occurred.

Preventive (thru the windshield)Preventive (thru the windshield)– Designed to keep errors or irregularities from Designed to keep errors or irregularities from

occurring in the first place. occurring in the first place.

Corrective (ticket and fine)Corrective (ticket and fine)– Designed to correct errors or irregularities that Designed to correct errors or irregularities that

have been detected. have been detected.

2020

Detective Control ExamplesDetective Control Examples

Account reviews and reconciliations. Account reviews and reconciliations.

Periodic physical inventory counts. Periodic physical inventory counts.

Transaction edits. Transaction edits.

Internal auditors. Internal auditors.

2121

Preventive Control ExamplesPreventive Control Examples

Restricted access.Restricted access.

Credit checks. Credit checks.

Job descriptions Job descriptions

Required authorization signatures. Required authorization signatures.

Data entry checks. Data entry checks.

Physical control over assets to prevent Physical control over assets to prevent their improper use. their improper use.

2222

Corrective Control ExamplesCorrective Control Examples

Budget variance reports. Budget variance reports.

Formal Controlled Self-assessment Formal Controlled Self-assessment programs.programs.

Quality circle teams. Quality circle teams.

2323

Internal control design Internal control design considerationsconsiderations

Any control needs to fit Any control needs to fit your resources.your resources.

Build in segregation of Build in segregation of duties. duties.

Communicate to all Communicate to all employees how the employees how the particular business particular business process is suppose to process is suppose to work. work.

Management oversight. Management oversight.

2424

Walkthrough the design of an Walkthrough the design of an internal controlinternal control

(Audience Participation)(Audience Participation)

Need criteria for an exampleNeed criteria for an example– Business processBusiness process– Number of people involvedNumber of people involved– Type of control wantedType of control wanted

2525

Internal Control LimitationsInternal Control Limitations

They can only provide reasonable They can only provide reasonable assurance that objectives have been assurance that objectives have been achieved. Inherent limitations include:achieved. Inherent limitations include:– JudgmentJudgment– BreakdownsBreakdowns– Management overrideManagement override– CollusionCollusion

2626

Our office will provide training Our office will provide training to Colleges and Schools that to Colleges and Schools that

request it. request it.

Please contact me at 6-2748 Please contact me at 6-2748 or at or at ncrowley@uic.eduncrowley@uic.edu for for

further information.further information.

2727

Reference Links Reference Links

FraudFraud– http://www.acfe.com/http://www.acfe.com/– http://www.fbi.gov/majhttp://www.fbi.gov/maj

cases/fraud/fraudschecases/fraud/fraudschemes.htmmes.htm

– http://www.pueblo.gsa.http://www.pueblo.gsa.gov/scamsdesc.htmgov/scamsdesc.htm

– http://www.finaid.org/shttp://www.finaid.org/scholarships/fraudact.pcholarships/fraudact.phtmlhtml

Internal ControlInternal Control– http://www.obfs.uillinoihttp://www.obfs.uillinoi

s.edu/manual/index.hts.edu/manual/index.htmlml

– http://www.audits.uillinhttp://www.audits.uillinois.edu/ois.edu/

– http://www.theiia.org/http://www.theiia.org/– http://www.pcaobus.orhttp://www.pcaobus.or

g/g/– http://www.coso.org/http://www.coso.org/– http://www.sarbanes-ohttp://www.sarbanes-o

xley.com/xley.com/

2828

QuestionsQuestions

??????

There is no wrong question.