internal control & fraud risks for entities with limited segregation of duties presented by ken...
TRANSCRIPT
![Page 1: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/1.jpg)
Internal Control & Fraud Risks for Entities with Limited Segregation of
DutiesPresented by Ken Al-Imam, C.P.A.
MAYER HOFFMAN MCCANN P.C.
CONRAD GOVERNMENT SERVICES DIVISION(formerly Conrad and Associates, L.L.P.)
2301 Dupont Drive, Suite 200Irvine, California 92612(949) 474-2020 Ext. 273
![Page 2: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/2.jpg)
2
Problem
Integrity is difficult to measure
![Page 3: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/3.jpg)
3
Identifying Persons Capable of Fraud • We expect people to be like ourselves• Honest and responsible• Usually fraudsters are persons least expect• Great actors
![Page 4: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/4.jpg)
4
Classic Fraudster
• Employed for many years• Loyal dependable employee• Never complains• Never asks for help• Works long hours (comes in early, stays late,
works weekends)• Never takes vacation
![Page 5: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/5.jpg)
5
Fraud
• $600 billion per year• 6% of revenue lost to fraud• Average scheme lasts 18 months before
detected• Average loss is $127,500 per entity
![Page 6: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/6.jpg)
6
The Perpetrators
• The higher the education, the higher the loss
• The higher the age, the higher the loss• 68% done by one perpetrator, 32%
involved collusion• 53.5% male, 46.5% female
![Page 7: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/7.jpg)
7
Methods of Detection
• External Audit 10.9%• Internal Audit 23.8%• Internal Controls 18.4%• By Accident 21.3%• Tip 39.6%• Notified by Police 39.6%
![Page 8: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/8.jpg)
8
Factors present in all Frauds
• Motive• Opportunity• Rationalization• Concealment
![Page 9: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/9.jpg)
9
Ethics Policy
• Important • Tone from top• Emphasize policy and enforce violations
![Page 10: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/10.jpg)
10
Cross-training/Mandatory Vacations• Important • Helpful when have turnover• Some frauds are difficult to conceal if
someone else is doing their job
![Page 11: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/11.jpg)
11
Collusion
• Internal controls not designed to prevent• Has own built-in control• “No honor among thieves”• Segregation between departments
![Page 12: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/12.jpg)
12
Segregation Between Departments
• Not a focal point of standards• Different persons in one department still
requires collusion for fraud to occur• Segregation between individuals is the
focus
![Page 13: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/13.jpg)
13
Internal Control
• Focus of internal control is on internal fraud
• Difficult to control external fraud
![Page 14: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/14.jpg)
14
Segregation of duties
• Goal is to make it difficult to both commit the fraud and to conceal the fraud
• Usually segregate access to assets from recordkeeping
![Page 15: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/15.jpg)
15
Understanding Fraud Scenarios
• Best way to develop alternative controls is to understand in detail how a fraud scenario for that transaction cycle would take place.
• Smoke out alternative control opportunities
![Page 16: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/16.jpg)
16
Use of auditor
• Consult with your auditors• Challenge your auditors with a detailed
discussion of the fraud scenario
![Page 17: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/17.jpg)
17
Revenue Fraud
• Checks (not just cash) are subject to theft• Take money and destroy evidence of
transaction• Need system to ensure all money collected
ends up in bank account
![Page 18: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/18.jpg)
18
Revenue Fraud
• Establish control as early as possible in process
• Document totality of receipts immediately upon receipt
• This creates controlled documentation that can be matched to bank deposit
![Page 19: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/19.jpg)
19
Revenue Fraud
• Cash register is best control• Or uninterrupted sequence of receipt forms• Watch for receipt substitutes (license
certificates, permits, etc.) • List of checks received in the mail (and
what do with list)
![Page 20: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/20.jpg)
20
Checks Received in Mail
• Controlled at opening• List or copy amounts received• Give copy to those maintaining records• Minimize number of persons handling
checks received prior to deposit
![Page 21: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/21.jpg)
21
Revenue Controls
• Immediate restrictive endorsement • Timely deposits
![Page 22: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/22.jpg)
22
Controls Over Person Preparing Bank Deposit• Often funds stolen at that point are not
detected • Support for bank deposit can be reviewed
by independent person• This can be done after the fact using the
deposit confirmation notice
![Page 23: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/23.jpg)
23
Revenues—Alternative Controls
• Independent review of support for deposit• Can be done at the department level
![Page 24: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/24.jpg)
24
Accounts Receivable
• Those posting payments to customer records should not have access to cash/checks
• Only give list or copies of checks • Or list created by mail opener agreed to deposit • Or independent agreement of system posting
report to funds deposited
![Page 25: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/25.jpg)
25
Control Over Adjustments
• Persons posting adjustments should not be handling cash/checks
• Independent approval of adjustments• System produces report of adjustments
that are reviewed
![Page 26: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/26.jpg)
26
Voided transactions
• Should be independently approved • Best for approval at time of void (in
presence of paying party)
![Page 27: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/27.jpg)
27
Cash Disbursement Frauds
• Fictitious Vendor• Payment to “vendor” with same or similar
name as real vendor• Unauthorized disbursement• Unsupported disbursement
![Page 28: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/28.jpg)
28
Alternative Controls
• Positive Pay • Vendor set up• More than one knowledgeable person
involved in every transaction (usually the knowledgeable approver will be in the same department as the initiator)
![Page 29: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/29.jpg)
29
Duplicate Payment Schemes
• Multiple payments of invoices to legitimate vendors
![Page 30: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/30.jpg)
30
Cash Disbursement Controls
• Canceling invoices (“entered”, etc.)• Cancellation of invoice (not just check
copy) • No payments from copies or statements• No return to initiator (or to person with
access to vendor master file)
![Page 31: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/31.jpg)
31
Bank Reconciliation
• Such a key control that it should always be segregated from access to assets
![Page 32: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/32.jpg)
32
Review of Bank Reconciliation
• Not as effective as separate preparation• Must be done in conjunction with
examination of original bank statement
![Page 33: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/33.jpg)
33
Review of Unopened Bank Statement• Spot check debit memo charges• Out of sequence checks• Duplicate checks• Trace transfers to authorizing document
(with different initiator and approver)
![Page 34: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/34.jpg)
34
Cancelled checks
• Obvious forgeries• Evidence of check alteration• Multiple endorsements
![Page 35: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/35.jpg)
35
Review of Supporting Documentation• “Fraud can’t happen because approval is
required”• But review often done before checks are printed• This can’t detect unsupported checks created
after this review• Printed checks compared to support by someone
not involved in data entry to create check
![Page 36: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/36.jpg)
36
Review of Supporting Documentation• Traditionally performed at time of check
signing • Some one other than accounts payable
personnel can do after checks are printed• Printed checks compared to support by
someone not involved in data entry to create check
![Page 37: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/37.jpg)
37
Review of Supporting Documentation• Can be done on a spot check basis (with
check register to make sure received all checks)
• Checks should not be returned to persons that initiated them
![Page 38: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/38.jpg)
38
Review of Supporting Documentation• Or A/P clerks switch (don’t match support
for those checks they created)• Or payroll clerk print, match, and mail
A/P checks and A/P clerk print and distribute payroll checks/check stubs
![Page 39: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/39.jpg)
39
Procurement Fraud• Difficult to prevent and detect (collusion) • Bid rigging• Employee aids a vendor to obtain a kickback• Splitting purchases to avoid threshold for
competitive quotes• Drafting specs so that favored vendor is advantaged• Only receiving quote from favored vendor and
comparing to fictitious quotes
![Page 40: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/40.jpg)
40
Procurement Fraud
• Providing advance notice to vendor and then issuing request for proposals with unrealistically short time frame
• Allowing favored vendor to propose late or with knowledge of other quotes
![Page 41: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/41.jpg)
41
Procurement Controls
• Emphasize in ethics policy the unacceptability of these specific employee behaviors
• No purchase controlled by one person
![Page 42: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/42.jpg)
42
Refund Schemes
• Controls are typically weaker than for standard vendor payments
![Page 43: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/43.jpg)
43
Refund Schemes
• Cancellation of conference or travel• Cancellation of memberships or
subscriptions• Returns of goods purchased
![Page 44: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/44.jpg)
44
Expense Reimbursement
• Focus should be on payments prior to event
• Reimbursed but then not go and get refund• Follow-up to received evidence trip
actually taken
![Page 45: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/45.jpg)
45
Payroll Fraud
• Focus is on fictitious employees• Classic control is segregate:
– Access to payroll master file– Payroll processing
![Page 46: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/46.jpg)
46
Payroll Fraud
• Often overlooked• Keeping an existing employee on the
system
![Page 47: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/47.jpg)
47
Alternative Controls
• Review of payroll register• Review of direct deposit report from bank• Periodic spot-checking of a payroll
register by HR
![Page 48: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/48.jpg)
48
Alternative controls• Comparing list of terminated employees to
payroll register• Department review of payroll register (labor
distribution run) for their department• Department monitoring of budget• Reviewing cancelled checks for multiple
endorsements
![Page 49: Internal Control & Fraud Risks for Entities with Limited Segregation of Duties Presented by Ken Al-Imam, C.P.A. M AYER H OFFMAN M C C ANN P.C. CONRAD GOVERNMENT](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ee65503460f94bf609d/html5/thumbnails/49.jpg)
Questions or comments?
Thank you for your attention!