Transcript Capabilities Document

Government Risk Briefings
Internal Controls & Fraud Prevention in Local
Government
November 16, 2012
Ron Steinkamp, CPA, CIA, CFE, CRMA
314.983.1238 | [email protected]
1050 N. Lindbergh Blvd. │ St. Louis, Missouri 63132 │ 314.983.1200
1520 S. Fifth St., Suite 309 │ St. Charles, Missouri 63303 │ 636.255.3000
2220 S. State Route 157, Ste. 300 │ Glen Carbon, Illinois 62034 │ 618.654.3100
1.888.279.2792 │ www.bswllc.com
Agenda
• Internal Control Defined
• Key Controls
• Control Examples
• Fraud Defined
• Fraud Survey Results
• Common Areas of Control Abuse
• Fraud Prevention
• Fraud Protection Tools
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
1
INTERNAL CONTROL DEFINED
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
2
COSO
The Committee of Sponsoring Organizations of the Treadway
Commission (COSO) - Internal Control Integrated Framework
The Report:
• Established a common definition of internal control
• Provided a standard (criteria) to assess the effectiveness of
internal controls
• Became the standard for internal control recognized by the U.S.
accounting profession
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
3
Definition of Internal Control
COSO defines internal control “as a process, effected by an entity’s board of directors,
management and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the following categories:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
Internal Controls can help…
• An organization ensure the quality of financial reporting
• An organization achieve its performance and profitability targets and prevent a loss
of resources
• An organization comply with laws and regulations, avoiding damage to its reputation
and other consequences
• An organization prevent the theft or inappropriate use of assets
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
4
COSO Control Categories
COSO defines five categories of Internal Control:
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
5
COSO Control Categories
1. Control Environment - Sets the tone of an organization and influences the control
consciousness of its people.
• Is the foundation for all other components of internal control, and
• Provides discipline and structure
• Factors include…
 Integrity, ethical values and competence of the entity’s people
 Management’s philosophy and operating style
 The way management assigns authority and responsibility, and organizes and
develops its people, and
 The attention and direction provided by the board of directors
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
6
COSO Control Categories
2. Risk Assessment - Every entity faces a variety of risks from external and internal sources that
must be assessed both at the entity and the activity level
• The identification and analysis of relevant risks to the achievement of objectives
• Forming a basis for determining how the risks should be managed
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
7
COSO Control Categories
3. Control Activities - Are the policies and procedures that help ensure management directives
are carried out
• Help ensure that necessary actions are taken to address risks to the achievement of the
entity’s objectives
• Occur throughout the organization, at all levels and in all functions
• Include activities such as approvals, authorizations, verifications, reconciliations
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
8
COSO Control Categories
4. Information and Communication – Pertinent information must be identified, captured and
communicated in a form and timeframe that supports all other control components
• Produces reports containing operational, financial and compliance related information
• Also deals with information concerning external events, activities and conditions
necessary to enable informed business decision-making and external reporting
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
9
COSO Control Categories
5. Monitoring - Internal control systems need to be monitored – a process that assesses the
quality of the system’s performance over time
• Occurs in the course of operations
• Includes reviews of operating performance, security of assets and segregation of duties
• Internal control deficiencies should be reported upstream, with significant deficiencies
and material weaknesses reported to top management, the audit committee, and the
external auditor
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
10
Control Roles and Responsibilities
• Management
• Board of Directors
• Internal Audit
• Other Personnel
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
11
KEY CONTROLS
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
12
Types of Controls
• Preventative controls
• Detective controls
• Manual controls
• Computer controls
• Management controls
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
13
General Controls
• Code of conduct
• Policies and procedures manual
• Segregation of duties
• Records retention
• Documentation of transactions
• Budgetary
• Fraud Policy and reporting
• Access to systems
© 2012 All Rights Reserved Brown Smith Wallace LLC
14
Cash Management Controls
• Policies and procedures.
• All bank accounts opened and maintained in organizations
name with proper approval.
• Segregate access to cash from accounting for cash.
• Monthly reconciliation of recorded balances to bank
account detail by employees not involved in cash activities.
• Control credit cards and reconcile to receipts on a timely
basis.
© 2012 All Rights Reserved Brown Smith Wallace LLC
15
Revenue Cycle Common Controls
• Policies and procedures.
• All orders received are processed and recorded.
• All orders processed are invoiced.
• All invoices are posted to customer accounts.
• Billings are accurate.
Procurement Cycle Common Controls
• Policies and procedures.
• All purchase orders are authorized.
• All vendors are authorized.
• Individuals have authorization limits.
• Check stock is controlled.
• EDI/ACH transactions require authorization.
• Credit card purchases are controlled and statements are
reconciled to detailed receipts.
Payroll Common Controls
• Procedures for adding, changing, removing employees and
related pay and benefits.
• Payroll personnel can not add/change/delete employees
and related pay and benefits.
• All changes are authorized by management.
• Payroll preparation segregated from payroll authorization,
check signing and distribution.
• Access to payroll is restricted.
• Safeguard checks.
• Reconciliations.
© 2012 All Rights Reserved Brown Smith Wallace LLC
18
Fixed Assets Common Controls
• Procedures for adding and removing fixed assets.
• Detailed records of all fixed assets.
• Tracking of fixed assets.
• Inventory fixed assets and reconcile to records periodically.
© 2012 All Rights Reserved Brown Smith Wallace LLC
19
Management Reporting Common Controls
• Accurate, Timely, and Consistent Reporting.
• Recorded balances should be periodically substantiated and
evaluated.
© 2012 All Rights Reserved Brown Smith Wallace LLC
20
Inventory Monitoring Common Controls
• Exception reporting
• Shipping/Receiving
• Physical Inventory Monitoring
• Perpetual Records
• Controlling slow-moving and obsolete inventories
• Scrap
• Adjustments are controlled
• Cycle counting
• Disposal
© 2012 All Rights Reserved Brown Smith Wallace LLC
21
IT Common Controls
• Back-ups
• Disaster Recovery
• Security (Physical & logical)
• Virus Protection
• Administrative
- Change control
- Trouble reporting
- Helpdesk
- Systems Development Life Cycle
© 2012 All Rights Reserved Brown Smith Wallace LLC
22
CONTROL EXAMPLES
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
23
Authorization Controls
Authorization – Authorization controls require that a transaction be “authorized” or approved
prior to executing the transaction.
Examples:
• Legal department approves a contract prior to execution.
• Controller signs Accounts Payable checks greater than a set amount.
• Accounting Supervisor approves journal entries prepared by the Clerk prior to entry into
the system.
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
24
Segregation of Duties
Segregation of Duties – These controls split responsibilities for a process so that it requires more
than one person to execute a transaction or complete a process.
Examples:
• Personnel accepting/processing cash receipts do not deposit, record or reconcile receipts.
• Personnel that edit the vendor master files do not process invoices.
• A person separate from the approval process sets up users on the system.
© 2012 All Rights Reserved Brown Smith Wallace LLC
25
Reconciliations
Reconciliations – This involves comparing to items, from different sources, to determine if
transactions were executed accurately and completely.
Examples:
• Reconciling the accounts receivable sub-ledger to the general ledger.
• Reconciling the bank statements to the general ledger.
• Reconciling credit card statements to the related detail.
• Physically inventorying fixed assets and comparing them to the fixed asset system.
Management Review
Management Review – This involves a review, by a manager/supervisor, of executed
transactions/activities for appropriateness.
Examples:
• The Finance Director review the bank and credit card reconciliations for reasonableness.
• The Payroll Manager reviews a report of the payroll run to ensure that the total run is
consistent with past periods.
• The owner of a process reviews a listing of personnel that have access to the system that
supports the process.
System Access Controls
System Access – System Access controls prevent a person from executing a transaction because
they cannot log on to the system or have not been granted the specific transaction authority.
Examples:
• AP personnel are not given user accounts on the payroll system.
• Only accounting personnel can post journal entries in the system.
• Only the Finance Director and/or City Administrator can authorize payments out of the
system.
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
28
Configuration/Account Mapping
Configuration/Account Mapping – This is a control that is performed by the system/application
and prevents the execution of a transaction unless certain parameters are met.
Examples:
• The AP system automatically populates the payee field of a check from the vendor master
file.
• The Revenue system automatically calculates the invoice amount based on contract data
and payroll data.
•
System functionality prevents the posting of journal entries to a prior period.
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
29
Exception/Edit Reports
Exception/Edit Reports – These controls alert you to changes/issues in the system via an online
or paper report.
Examples:
• An edit report that lists all changes to the vendor master file.
• An exception report that identifies all AP checks over a certain amount.
• A report that identifies payroll exceptions/adjustments.
© 2012 All Rights Reserved Brown Smith Wallace LLC
30
Key Performance Indicators
Key Performance Indicators – These are analytical indicators of performance metrics that help to
identify incorrect transactions or breakdowns in the control system.
Examples:
• Variance Reports (Budget to Actual, Prior to Current Period, Etc.)
• Production Reports (Rate per Hour, Utilization, Etc.)
FRAUD DEFINED
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
32
What is Fraud?
The use of one’s occupation for personal enrichment through the deliberate
misuse or application of the employing organization’s resources or assets.
Three general categories:

Asset misappropriation

Corruption

Financial statement fraud
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
33
Asset Misappropriation
Perpetrator steals or misuses an organizations resources.
- Examples:
•
•
•
•
•
Clerk stealing cash receipts.
Payroll Clerk creating a ghost employee.
Purchasing Clerk creating a fictitious vendor and false invoice.
Street Department personnel “borrowing” equipment.
City Manager purchasing personal items on the City credit card.
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
34
Corruption
Employee’s use of his/her influence in business transactions in a way
that violates his/her duty to the employer for the purpose of obtaining
benefit for him/herself or someone else.
- Examples:
•
•
•
City Council member trading votes for personal favors.
Purchasing Department Manager awarding a City contract to a
vendor for a kickback.
Human Resources Director hiring unqualified “friends” to fill
positions.
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
35
Financial Statement Fraud
Intentional misstatement or omission of material information in the
organization’s financial reports.
- Examples:
•
•
•
Inflating City revenues on the Consolidated Annual Financial
Report.
Forcing actual expenditures to match budget by moving
expenses between accounts.
Improperly accounting for grant receipts and expenditures.
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
36
FRAUD SURVEY RESULTS
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
37
2012 ACFE Global Fraud Study
2012 Report to the Nations on Occupational Fraud and Abuse
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
38
Summary of Findings
1. Typical fraud losses equal 5% of revenue
2. Asset misappropriation - the most common
3. Financial statement fraud - the least common
4. Frauds are most likely to be detected by tips
5. Small organizations are disproportionately victimized by occupational fraud
6. Fraud perpetrators often display warning signs
7. Government/public administration is one of the most victimized industries
8. Anti-fraud controls help reduce the cost and duration of occupational fraud
9. High-level perpetrators cause the greatest damage to their organizations
10. Nearly 50% of all victim organizations do not recover any losses
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
39
Conclusions & Recommendations
• Implement hotlines to receive tips from internal/external
sources
• Organizations over-rely on audits
• Most frauds are detected by tips
• Anti-fraud training among employees and managers result in
fewer fraud losses
• Surprise audits are an effective fraud prevention tool
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
40
Conclusions & Recommendations
• Using internal controls as your sole fraud prevention strategy is
insufficient
• Employees exhibit behavior warning signs
• Employees should be trained to recognize common signs of fraud
• Effective fraud prevention measures are critical
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
41
Common Characteristic/Red Flags
Pressure or Incentive (NEED)
Rationalization
High personal debts
Substance or gambling abuse
Job frustration
Resentment of superiors
•
•
•
•
Unfairly compensated
Everyone else does it
Intension of repayment
Financial need
Opportunity
•
•
•
•
Inadequate internal controls
Weak management
Excessive turnover
Large amounts of cash on hand or processed
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
42
COMMON AREAS OF CONTROL ABUSE
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
43
Internal Control Abuse by Management
 Failure to establish:
• Policies & procedures
• Segregation of duties
• Third-party oversight (boards)
 Failure to oversee/supervise/review
 Overworking/underpaying staff to make budget
 Inappropriate use of cell phone, company credit cards, autos,
and expense reports
 Inadequate IT Access Controls
 Not allowing Internal Audit to look at a department
 Non-responsive to management inquiries
© 2012 All Rights Reserved Brown Smith Wallace LLC
44
Why Management?
Three major reasons these events occur:
1. It pays to do it
2. It is easy to do
3. It is unlikely you will get caught
Indicators of possible management fraud
1. A week control environment
2. Management facing extreme competitive pressure
3. Management known or suspected of having questionable
character
© 2012 All Rights Reserved Brown Smith Wallace LLC
45
Internal Control Abuses by Employees
•
•
•
•
•
•
•
•
Accounts payable fabrication
Accounts receivable manipulation
Bank fraud
Bid rigging
Check forgery and counterfeiting
Credit card fraud
Embezzlement
Expense account abuse
© 2012 All Rights Reserved Brown Smith Wallace LLC
• Fictitious vendors, customers,
employees
• Kickbacks
• Material misstatement
• Medical/insurance claims
overstatement
• Unnecessary purchases or
purchases for own use
46
Example – Check Tampering
Check tampering occurs when an employee:
• Prepares a fraudulent check for his/her own benefit
• Intercepts a check intended for a third party and converts
the check to benefit his/herself.
© 2012 All Rights Reserved Brown Smith Wallace LLC
47
Example – Check Tampering
How can check tampering be prevented?
• Check stock should be locked in a secure location to ensure
blank checks are not accessible to potential fraudsters.
• Checks should be mailed immediately after signing to
reduce the risk of legitimate checks being stolen.
© 2012 All Rights Reserved Brown Smith Wallace LLC
48
Example – Check Tampering
How can check tampering potentially be detected through data
analysis?
• Perhaps better identified through other ways.
- Bank reconciliations
- Communication with vendors
© 2012 All Rights Reserved Brown Smith Wallace LLC
49
Example – Billing Schemes
Billing schemes occur when an employee submits a false invoice
or alters an existing one, thus causing the company to willingly
(but unknowingly) issue a check for false expenses.
© 2012 All Rights Reserved Brown Smith Wallace LLC
50
Example – Billing Schemes
How can billing schemes be prevented?
• Prior to authorizing payment, invoices should be checked for validity of
the vendor, validity of the goods or services invoiced, accuracy, and
authenticity.
• Prior to processing payment, invoices should be checked for proper
authorization, accuracy and authenticity. This will prevent
overpayment, as well as payments being made to fictitious vendors.
• Strictly control access to vendor master data.
© 2012 All Rights Reserved Brown Smith Wallace LLC
51
Example – Billing Schemes
How can billing schemes be potentially be detected through data analysis?
• Vendor-level expenditures analysis
• Benford analysis
• Duplicates analysis
• Vendor master data analysis
© 2012 All Rights Reserved Brown Smith Wallace LLC
52
Example – Fraudulent Expense Reimbursements
Expense reimbursement schemes occur when an employee
submits false expenses in the hope of being reimbursed by the
company.
© 2012 All Rights Reserved Brown Smith Wallace LLC
53
Example – Fraudulent Expense Reimbursements
How can fraudulent expense reimbursements be prevented?
• Require original itemized receipts.
• Receipts should be scrutinized to detect alterations or forgeries.
• Other means of proving incurred expenses, such as airline itineraries,
credit card statements, etc. should not be accepted unless approved by
a supervisor.
• All expense reimbursements should be reviewed and immediately
processed upon approval.
• Use a specific credit card for all business expenses. Receive this
information electronically from credit card company and require
electronic filing of expense reports by employees. This will minimize
the possibility of fraud, and if fraud is occurring, will provide an easier
means to identify it.
© 2012 All Rights Reserved Brown Smith Wallace LLC
54
Example – Fraudulent Expense Reimbursements
How can fraudulent expense reimbursements potentially be detected through
data analysis?
• Use a specific credit card for all business expenses. Receive this
information electronically from credit card company and require
electronic filing of expense reports by employees. Reconcile the two
data sets.
• Duplicates analysis.
• Benford analysis.
© 2012 All Rights Reserved Brown Smith Wallace LLC
55
Example - Payroll Fraud
Payroll fraud occurs when an employee submits false documentation (i.e.
timecards) in an effort to inflate his/her wages/salary. Such documentation
prompts the organization to unknowingly disburse funds to the perpetrator.
Possible ways in which Payroll Fraud can occur:
• Falsified hours and salary
• Ghost employees
© 2012 All Rights Reserved Brown Smith Wallace LLC
56
Example - Payroll Fraud
How can payroll fraud be prevented?
• All timecards should be reviewed for validity and accuracy.
• Once submitted for approval, employees should never see their
timecard again.
• Overtime hours must be authorized by a supervisor.
• If employees use a time clock to “punch in” and “punch out”, they
must do so when they arrive for work, take breaks, go to lunch, leave
for the day, etc.
• Monitor employees to assure one employee is not punching out for
another.
• Strictly control access to payroll master data.
© 2012 All Rights Reserved Brown Smith Wallace LLC
57
Example - Payroll Fraud
How can payroll fraud be detected through data analysis?
• Review personnel files for duplicate addresses, P.O. boxes, or social
security numbers. Duplicate information may suggest “ghost”
employees are on the payroll.
• Perform an employee-level hours analysis, comparing employees’
hours with peers in their departments.
© 2012 All Rights Reserved Brown Smith Wallace LLC
58
Example – Receipts Interception
Receipts interception occurs when an employee:
• Has access to customer payments
• Directs intercepted receipts to personal accounts
Receipts interception can be difficult to detect if the fraudster also has access
to manipulate accounts receivable records or customer credit memos.
© 2012 All Rights Reserved Brown Smith Wallace LLC
59
Example – Receipts Interception
How can receipts interception be prevented?
• Segregate cash receipts and accounting responsibility.
• Issue receipts.
• Track receipts in system and reconcile daily.
• Surprise cash counts.
• Cameras.
© 2012 All Rights Reserved Brown Smith Wallace LLC
60
Example – Receipts Interception
How can receipts interception be detected through data analysis?
• Identify gap or sequence errors in accounts receivable records.
• Perform a customer level analysis of credit memos.
© 2012 All Rights Reserved Brown Smith Wallace LLC
61
FRAUD PREVENTION
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
62
How to Prevent Fraud
• Create an anti-fraud environment
• Know your fraud risks
• Develop an oversight process
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
63
Create an Anti-Fraud Environment
Set the Tone at the Top
• Hold elected officials and management responsible
• Lead by example
• Behave ethically
• Openly communicate expectations to employees
• Maintain a zero tolerance policy
• Treat all employees equally, regardless of position
• Enforce a code of conduct founded on integrity
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
64
Create an Anti-Fraud Environment
Create a Positive Workplace Environment
• Poor employee morale can affect attitudes about committing
fraud
• HR is instrumental in helping to build a positive work
environment
• Employees should be empowered to help create a positive
workplace
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
65
Create an Anti-Fraud Environment
Hire and Promote Appropriate Employees
• Conduct background investigations; verifying education,
employment history and references
• Give regular performance reviews
• Perform an objective compliance review of your code of conduct
and ethic policies at consistent intervals Address violations
immediately
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
66
Create an Anti-Fraud Environment
Fraud Awareness / Training
• All new employees should be trained upon hiring on values and
code of conduct
• Offer periodic refresher training for all employees
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
67
Create an Anti-Fraud Environment
Confirmation
• Clearly articulate that all employees are held accountable to act
within the code of conduct
• Have a written Code of Conduct statement
Discipline
• Actions should be taken in response to any alleged incident of fraud
• Expectations about the consequences of committing fraud must be
clearly communicated throughout the entity
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
68
Know Your Fraud Risks
• Identify and measure fraud risks
• Mitigate fraud risks
• Implement and monitor appropriate internal
controls
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
69
Develop An Oversight Process
To effectively prevent or deter fraud, an entity should have an
appropriate oversight function in place that includes the following:
• Audit committee
• Management
• Internal auditors
• Independent auditors
• Certified fraud examiners
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
70
FRAUD PROTECTION TOOLS
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
71
Code of Conduct (AKA – Antifraud Policy)
• Should be based on the organization’s core values
• Established by executive management and a board with input from
employees
• Written documentation consisting of:
 Clear guidance on what behaviors and actions are/are not permitted
 Detailed documentation of employee responsibilities in the prevention
and detection of fraud
 Procedures on how employees should seek additional advice when
faced with uncertain ethical decisions
 Process for communicating concerns about known or potential
wrongdoing
• All employees should be trained on the code of conduct when hired, and
annual refresher training with affirmation should be provided
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
72
Anti – Fraud Hotline
Communication system that enables employees, vendors,
customers and others to communicate concerns about known
or potential/suspected wrongdoing.
Telephone, email, web site
Anonymous
Adequately publicized
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
73
Fraud Prevention Checkup
• ACFE tool
• High level assessment of an organization’s fraud health
• Identifies major gaps in fraud prevention processes and fixes them before it is
too late
• Focus of a Fraud Prevention Checkup is:
 Fraud risk oversight
 Fraud risk ownership
 Fraud risk assessment
 Fraud risk tolerance and risk management policy
 Anti-fraud controls
 Proactive fraud detection
• Should be completed by a Certified Fraud Examiner (CFE)
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
74
Fraud Risk Assessment
• Assists management in systematically identifying where and how
fraud may occur and who may be in a position to commit fraud
• Focuses on fraud schemes and scenarios to determine whether or
not the current internal controls can be circumvented
• Five general steps:
 Identify relevant fraud risk factors
 Identify potential fraud schemes and prioritize based on risk
 Map existing controls to potential fraud schemes and
identify gaps
 Test operating effectiveness of fraud prevention and
detection controls
 Document and report the fraud risk assessment
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
75
Data Analysis
Data Analysis is great for analyzing trends and identifying unusual items
and changes to operations
• A systemic and efficient way of verifying 100% of transactions and
reducing risks
• Highlights red flags and identifies errors, fraud, inefficient
operations and audit targets
• Identifies control weaknesses/breakdowns before they cause too
much damage
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
76
Fraud Review / Investigation
• Results from a concern or suspicion of wrongdoing
• Consists of gathering sufficient information about specific
details and performing procedures necessary to determine:
 Whether fraud has occurred
 The loss or exposure associated with the fraud
 Who was involved, and how it happened
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
77
Fraud Review / Investigation
• Must prepare, document and preserve evidence sufficient for
potential legal proceedings
• Must carefully manage in accordance with laws
• Include legal counsel
• Include internal audit
• Include expertise – Certified Fraud Examiner (CFE)
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
78
Question/Discussion
Have you identified your key processes and control?
Have you tested the key controls?
Have you identified your fraud risks?
What are your fraud risks?
How are you mitigating these risks?
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
79
Contact Information
Ron Steinkamp, CPA, CIA, CFE, CRMA
Principal, Risk Advisory Services
Brown Smith Wallace LLC
314.983.1238 (Direct)
[email protected]
© 2011-2012 All Rights Reserved Brown Smith Wallace LLC
80