Reducing Fraud With Improved Internal Controls
Download
Report
Transcript Reducing Fraud With Improved Internal Controls
Reducing Fraud With
Improved Internal Controls
Dr. Raymond S. Kulzick, CPA
St. Thomas University
Miami, Florida
Copyright 2004 R. S. Kulzick
Internal Control
Definition and Purpose of
Internal Control
Process designed to provide
reasonable assurance that the entity
objectives are met
Primary goal of internal control is to
provide assurance that errors and
fraud may be prevented and if not,
discovered
SAS 78 - Elements of
Internal Control (CRIME)
C = Control Activities
R = Risk Assessment
I = Information & Communication
M = Monitoring
E = Control Environment
Who is responsible for
internal control?
Management is primarily responsible
for internal control
The board is ultimately responsible for
internal control
Auditors can assist others to meet
their responsibilities, but they cannot
assume those responsibilities
themselves
Types of Internal Controls
Preventive controls
Detective controls
Corrective controls
It is much more costly to discover errors
and frauds with detective and corrective
controls than it is to discourage them with
preventive controls
Internal Control Activities
Independent Verification
Access Control
Segregation of Duties
Accounting Records
Supervision
Transaction Authorization
Independent Verification
Reconciliations performed by third
parties
Regular inventories of physical assets
Confirmations of receivables and
payables
Segregation of Duties
Authorization separate from processing
Custody of assets separate from the
record keeping
Successful fraud should require
collusion between two or more
individuals with incompatible
responsibilities.
Alternatives to
Segregation of Duties
Mandatory rotation of duties
Mandatory vacation
Analytical review
Properly Designed
Records
Sequential numbering of documents
Spoiled documents voided and
retained
Automatic duplicates of documents
sent outside the originating dept.
Effective Authorization
Written policies and procedures
governing who may authorize
transactions
“Authorization” must be obtained
before, not after the fact
Internal Control
Inherent Limitations
Only reasonable assurance
Inadvertent errors can occur due to
carelessness or misunderstandings
Fraud or intentional misstatements can
occur due to collusion or management
override
Internal Control
Cost-Benefit Constraints
The cost of an entity’s internal control
should not exceed the benefits derived
from the control.
Common Schemes &
Prevention Approaches
Cash
Accounts Receivable
Inventory
Purchasing
Fixed assets
Payroll
Expense Reimbursements
Cash Schemes
Voids & under-rings
Alteration of cash receipts documents
Fictitious refunds & discounts
Theft from deposits
Kiting
Cash Schemes
Methods of Concealing
Out of balance
False debits – example paid outs
False debit to asset - inventory
Forced balance – incorrect credit
Omitted credit – don’t count sale
Cash Schemes
Prevention
Segregation of duties
– Receipts, deposits, reconciliations &
disbursements
Job rotation & mandatory vacations
Surprise cash counts
Accounts Receivable
Schemes
Lapping
Fictitious Accounts Receivable
Old or written off A/Receivable
Borrowing against A/Receivable
Accounts Receivable
Schemes - Concealing
Destroyed records
Lapping
False statements to customers
Write-offs
Shift to inflated inventory
Accounts Receivable
Schemes Prevention
Segregation of duties
– Cash collection, posting A/R, writing off
Lock-box
Eliminate sales-based compensation
Inventory Schemes
Appropriating for personal use
Theft of scrap or proceeds
Charging embezzlements to inventory
Inventory Schemes
Prevention
Proper documentation
Segregation of duties
– Requisition, disbursement, conversion to
scrap, receipt of scrap proceeds
Independent checks
Physical safeguards
Purchasing Schemes
Fictitious invoices
Over-billing
Checks payable to employees,
including duplicate payments
Conflicts of interest
Payment of personal expenses
Purchasing Schemes
Prevention
Training within purchasing
Proper documentation
Proper approvals
Segregation of duties
Job rotation & enforced vacations
Written policies
Hotlines
Competitive bidding
Investments & Fixed
Asset Schemes
Use as collateral
Borrowing to earn interest
Theft of assets
Personal use of assets
Fixed Asset Schemes
Prevention
Segregation of duties
– Custody, approval to sell, control of
physical disposition, receipt of proceeds
Periodic physical counts
Payroll Schemes
Ghost employees
Commission schemes
Overtime abuses & falsified wages
Workers compensation schemes
Withholding tax schemes
Payroll Schemes
Prevention
Segregation of duties
– Payroll preparation, disbursement,
distribution, bank account reconciliation
Periodic payroll review & analysis
Expense Reimbursement
Schemes
Overstatement of expenses
Duplication of expenses
Fictitious expenses
Personal expenses charged to
organization
Expense Reimbursement
Schemes Prevention
A strong ethics policy
Require detailed expense reports with
original receipts
Use per diems
Expense approval process
Importance of Maintaining
Adequate Internal Controls
Management is responsible for maintaining
adequate internal controls not the
independent auditor.
Fraud detected with preventive controls is
less expensive. Don’t wait for fraud to
happen before taking action.
Sufficiently designed, implemented, and
monitored internal controls can reduce the
risk of loss by limiting opportunities and
requiring collusion between two or more
individuals.
Some Common
Red Flags for Fraud
Lifestyle changes
Significant personal debt and credit problems
Behavioral changes
– Drug or alcohol related
– Gambling
– Fear of losing job
High employee turnover
Refusal to take vacation or sick leave
Lack of segregation of duties or other internal
control weaknesses
Some Simple Things For
a Small Business 1
Pre-number & reconcile forms
Screen prospective employees
Segregate cash-related functions as
much as possible
Implement controls over checks
Limit computer access
Some Simple Things For
a Small Business 2
Match invoices with checks
Periodically review Accounts
Receivable and Accounts Payable
Receive unopened bank and credit
card statements
Be a good example
Be aware for red flags
Questions?
Thanks for your attention.
Ray Kulzick – 305.235.2154
[email protected] or
[email protected]