Fraud Internal Control Implications and Case Studies Presented

Fraud Internal Control Implications and Case Studies Presented by: Casey Good, CPA Heinfeld. Meech

Why talk about fraud? § Total losses in 2016 estimated at $6. 3 billion • Only reported fraud § Estimate organizations lose 5% of revenues annually • Most occur for 18 months before discovery • $3. 5 trillion annually § Median loss - $150, 000 per incident § 95% of fraudsters are first time offenders 2

Types of Fraud 3

Median Loss by Type 4

Detection 5

Control Weaknesses

Red Flags

The Fraud Triangle su liz es na at Pr tio re Ra io n Opportunity

Pressure/Incentive Living beyond their means Overwhelming desire for personal gain High personal debt Close association with customers Feeling pay not commensurate with responsibility Wheeler-dealer attitude Strong challenge to beat the system Excessive gambling habits Undue family or peer pressure No recognition for job performance

Rationalization Not about justifying theft that has already occurred Necessary component of crime before it takes place After criminal act has taken place, rationalization will often be abandoned Part of the motivation for the crime Once line is crossed, illegal acts become more or less continuous

Opportunity Placing too much trust in key employees Lack of proper procedures for authorization of transactions Inadequate disclosures of personal investments and incomes No separation of authorization of transactions from custody of related assets Lack of independent checks on performance Inadequate attention to details No separation of custody of assets from the accounting for those assets No separation of duties between accounting functions Lack of clear lines of authority and responsibility Department that is not frequently reviewed by internal auditors Perception of detection is biggest deterrent to fraud

What can we do? § Establish Internal Controls! • Just any controls? • Reasonable Assurance/Absolute Assurance • Efficiency? § Fraud Risk Assessments • Vulnerabilities in the entity • Transaction cycles • Others? 12

CASE STUDIES 13

Ohio Department of Transportation § ODOT empowered District 12 Facilities Manager and Equipment Superintendent with direct purchasing authority § Treated their personal subsidiary companies as unrelated enterprises as long as they had unique TINs § Circumvented competitive procurement practices and received kick back from vendors • Doctored ODOT quotes, fictitious letterheads, forged signatures § Spanned more than a decade costing the state at least $11 M 14

ODOT ‘Benefits’ § Thousands worth of stolen ODOT tools and equipment § Yacht trip to Lake Erie with vendors and strippers § Bar tabs at strip clubs throughout NE Ohio § Hunting trips to game ranches in TX with imported exotics § Golf outings at country clubs § Hotel and meals in Vegas § Foreign ‘adult’ excursions 15

ODOT Resolution § 6 ODOT officials convicted, 12 vendors convicted • Sentences ranged from 6 months to 7 years § $600 k in restitution § Filed nearly 500 counts, 150 witness statements 16

What would you do? § Segregation of duties § Limited authority granted to individuals § Internal audits § Conflict of interest statements § Budget to Actual reporting § Question strange expenses 17

Roslyn School District, New York § District employees used at least $11. 2 million of school funds for personal benefit over 8 years § Clean audit opinions issued by external auditors § Home Depot employee eventually blew the whistle 18

What went wrong in Roslyn? § Complete breakdown in internal controls • Superintendent and asst superintendent could override system and process payments outside of normal flow of transactions § Two employees in charge of reconciliations did not do their job, failed to identify issues § Board failed to oversee and monitor financial activities § Independent auditor had conflicts of interest and performed work so flawed and so below professional standards it failed to identify the millions stolen 19

The costs… § Private mortgages and loans – $1. 1 million of district funds used to make payments on private mortgages and loans to superintendent, business manager, and district account clerk § Businesses established by district officials – payments of over $1 million made to businesses created by district officials, family members, and friends § Supers were withdrawing cash at the rate of $700/day and had 24 different credit cards 20

The costs… § Unauthorized salaries – $549 K in excessive salaries paid to certain district officials § Financing of private automobiles – $207 K used to purchase or lease automobiles for superintendent, asst superintendent and family, including BMW and Jaguar • In addition to their vehicle allowance of $8, 000 a year, later increased to $17, 200 § Home Depot purchases – $609 K for goods not used at the district 21

The costs… § Payments for personal insurance policies – $160 K paid for various personal life, homeowners, car, and boat policies § Unauthorized travel – $133 K paid for travel not related to school business for various officials and non-school district employees, including travel to Las Vegas, San Francisco, Bermuda, and London on the supersonic Concorde § Superintendent’s parking – $42 K was paid for parking in Manhattan 22

What would you do? § Segregation of duties § Review of management expenditures § Reconciliation of receipts § Controls over cash outlays § Conflict of interest statements § Budget to Actual reporting § Question strange expenses 23

Tips for Avoiding Fraud – Internal Controls § Separate duties of receiving, disbursements, writing checks, signing checks, and reconciling accounts § Look forgery, missing checks, payee information not disbursements ledger § Monthly bank statement should be delivered unopened to individual without banking authority for review • Unusual transactions • Trend analysis (declining deposits) • Unfamiliar payees for large amounts 24

Tips for Avoiding Fraud – System Controls § Have an accounting program expert do initial set-up § Access to personnel and vendor master file records should be password protected and restricted by job function § System should create an audit trail of all changes made to vendor master file records and personnel records § Changes to either should require supporting documentation, supervisory approval, and review 25

Tips for Avoiding Fraud - Education § Employees who receive regular and recurring training about fraud are more likely to help control it § Cross train individuals and have mandatory vacation and/or rotation of duties § Have avenues for whistleblowers and anonymous tips – both internal and external § Conduct internal audits randomly, can be a powerful deterrent 26

Questions? Casey Good, CPA Heinfeld. Meech Casey. good@heinfeldmeech. com 27