Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S.
Download ReportTranscript Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S.
Where’s the Money Going? 10 Things You Should Know about Internal Controls and Fraud Donna S. Brown, CPA Bob Powell, CPA November 12, 2010 Statistics….. - Association of Certified Fraud Examiners 2010 Report to the Nation: - Compiled from a Study of 1,843 cases of occupational fraud between January 2008 and December 2009 - http://www.acfe.com/rttn/2010-rttn.asp 2010 Report to the Nation • Summary of Findings – Estimated 5% of annual revenue lost to fraud – The fraud lasted a median of 18 months before being detected – Occupational frauds are much more likely to be detected by tip than by any other means – Median loss: $160,000! – Asset misappropriation schemes were most common form with a median loss of $135,000 – Nearly ¼ of frauds involved losses of at least $1 million Type of Organizations • 2010 Report to the Nation – Private Companies 42.0% – Public Companies 32.1 – Government 16.3 – Not-For-Profit 9.6 • Not-For-Profit Median Loss - $90,000 2010 Report to the Nation Detection by Not-For-Profits • • • • • • • • • • • Tip Management Review Internal Audit Account Reconciliation By Accident Document Examination External Audit Notified by Police Surveillance/Monitoring Confession IT Controls 43.1% 13.0 10.7 8.9 6.5 6.5 6.5 1.8 1.2 1.2 0.6 2010 Report to the Nation • Control Weaknesses that Contributed to Fraud: – – – – – – – – – Lack of Internal Controls Override of Existing Internal Controls Lack of Management Review Poor Tone at the Top Lack of Competent Personnel in Oversight Roles Lack of Independent Audits/Checks Lack of Employee Fraud Education Lack of Clear Lines of Authority Lack of Reporting Mechanism 37.8% 19.2 17.9 8.4 6.9 5.6 1.9 1.8 0.6 So What Can We Do? C.O.S.O. (Committee of Sponsoring Organizations) created a Fraud Control Model Fraud controls should PREVENT and DETER fraud as well as DETECT IT one it has occurred. No one internal control system will FIT every business and circumstance! 1. Management Is KEY! • Management Style – Does Management take undue business risk? – Does Management attempt to manipulate performance measures? – Does Management pressure employees to achieve results regardless of methods? Tone At The Top! 2. Develop a Great Board! • Board’s are typically charged with Policy Setting - not day to day management • Provide Orientation for new Board Members • Is your newest Member someone’s neighbor? • Ongoing training is needed – new programs, policies, etc. • Limited terms prohibit complacency 3. Create and Follow Employee Policies • Hiring – Background checks – Reference checks – Interview process, and again! • Firing – Remove from sensitive areas immediately – Terminate email, remote logins, etc. • Training – Include security measures, fraud awareness and ethics • Controlling – “the perception of detection” 4. Implement Solid Internal Controls • Proper authorization processes – Signoffs on all transactions and reviews – Who can do what! • Segregation of duties – Four basic parts to any transaction • Authorizing the transaction • Recording the transaction • Receiving or sending the goods • Making or receiving payments – The fewer people involved in the transaction, the greater the opportunity for fraud! 4. Implement Solid Internal Controls (cont.) • Adequate documentation of transactions – Need a paper/electronic trail with documentation of everyone involved in the transaction – Should be complete • Physical controls over Assets and Records – – – – Maintain an asset listing of all physical assets Separate recording and handling duties Restrict access to physical assets Inventory assets and reconcile discrepancies immediately 5. Perform Risk Assessments • Identify Possible Threats – How do you get paid – cash; direct deposit etc – How do you make payments – positive pay etc. • Estimate Risk and Exposure – What is the likelihood of a loss and how much? • Identify Controls – Prevention controls are better than detection controls • Perform cost/benefit analysis – is it worth it? 6. Monitor Internal Controls • Supervise employees – Training should include fraud controls – Monitor performance (increases or decreases in performance may indicate a fraud risk) – Protect access to assets • Accountability and Responsibility – Utilize budgets for maintaining cost controls – Analyze performance reports 7. Don’t Overlook IT (information technology) • Safeguard assets (information and equipment) • Set passwords appropriate for personnel – restrict access • Inventory fixed assets (laptops, etc) • Monitor activities • Create plan for terminated employees 8. Implement a Whistleblower Policy • Recommended for nonprofits under SarbanesOxley • Protects employees from retaliation • Remember most frauds are uncovered from a TIP! • See sample policy 9. Don’t Ever, Ever, Ever Assume! • My employee would never steal! – They are my best “friend”, “buddy”, “compadre” etc. etc. Well of course they are! • Understand their lifestyle – look for signs! • Don’t put them at risk – make sure they are protected. 10. Get Help! • Other Charter Schools • Publications on fraud – online articles – AICPA, FICPA, Nonprofit Associations • Associations • Your CPA Thanks! • Contact info: – Bob Powell – [email protected] • 850-386-6184 or 800-386-6184 – Donna Brown – [email protected] • 352-378-1331 or 888-805-2172