Embed Size (px)
Citation preview
Presented by: Spencer Olson, Tim Koster and Mark Bergsma | BHS Insurance
Kirk Balcom and Jeromy Butts | Rehmann Aileen Leipprandt and Ben Hammond | Hilger Hammond
Welcome
John Skukalek, CPA
Rehmann
The Affordable Care Act: Three Years Later
Spencer Olson
BHS Insurance
Agenda
• Audience Participation
• Strategies for Cost Savings
• Navigating your Company
% of Employees Who Don’t Understand
Benefits
% of Employer Who Offer 1 Health Plan
% of Employers Who Evaluate Employees
50% fail to measure employees’ engagement
55% have employee engagement strategy
42% believe positive change will happen
Strategies for Cost Savings How are you evaluating employees?
Multicultural Organizations
Culture Change – Engage Employees
Boomer
Gen X
Millennial
Culture Change – Engage Employees
Met
Life
’s 1
4th
An
nu
al U
.S. E
mp
loye
e B
enef
it T
ren
ds
Stu
dy
3rd Party
Not a Cookie Cutter Plan
Formulate health plan unique to
your organization
Share Plan Design with Employees
They had a part in
developing plan design
to meet their needs
Case Study
Non-Profit Survey Focused on: • Plan utilization • RX usage • Total cost • Voluntary products • $ tolerance • ER
Results: 3 different plan designs
based on employee feedback
Strategies for Navigating
Your Company Plan Design, Technology Solutions & Tools
Plan Design
Alternate Funding
Self-Funding
Defined Contribution
Employer Cost Containment Strategies
• Pre-Authorization for certain procedures
• 2nd opinion requirement for certain procedures
• Spousal exclusion
• Step Therapy for Hepatitis C Drugs
• Step Therapy for Super Statins
• Wellness Programs/ Biometric Screenings / Health Risk Assessments
• Onsite and/or Shared Clinics
Ongoing Focus Groups & Benefit
Committees
Quarterly Meetings
Future Surveys • Culture • Wellness
Benchmarking
Internal Controls
Kirk Balcom, CIA, CISA, CFE Rehmann
Course Overview
• Definition of Internal Control
• Construction Contractor Risks and Internal Controls That Help
• Review the Report to the Nations on Occupational Fraud and Abuse – a 2016 Global Fraud Study by the Association of Certified Fraud Examiners (ACFE)
• Types of Construction Frauds
• Fraud Prevention and Detection Controls
• Cyber Security Threats
Definition of Internal Controls
• Since the very beginning of time, and probably the very first time someone convinced someone else to do something for him or her, mankind has struggled with the question, “How do I let someone else do it and still get it done my way?”
• This one question and natural desire gave birth to internal control.
Definition of Internal Controls (Cont.)
• Internal control is what we do to see that the things we want to happen will happen. And the things we don’t want to happen won’t happen.
• COSO- Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Operations - Reporting - Compliance
Preventive Controls
• Least Expensive
• Prevent mistakes from being made and the cost of correcting mistakes
• Usually automated and once implemented tend to be in place all of the time
• Access controls
• Edit controls
Detective Controls
• More expensive
• Although they detect errors in time, the errors must still be fixed
• Some detective controls are still very critical controls such as performing bank reconciliations and taking inventories.
Quotes
• “Trust in God. Audit everyone else.” Anonymous
• “Controls don’t slow you down; they make you go faster.”
Tony Thompson
• “There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction.”
John F. Kennedy
Study of Contractor Failure Cases by the
Surety & Fidelity Association of America
INDICATOR PERCENT OF CASES WITH INDICATOR
Unrealistic Growth 37
Performance Issues 36
Changes in Leadership Issues 29
Accounting Issues 29
Management Issues 29
Source: October 2007 Article by Surety Information Office
Unrealistic Growth Risk
• Change in type of work performed
• Expansion into a new geographic area
• Significant increase in the size of individual projects
• Rapid or over-expansion
Source: October 2007 Article by Surety Information Office
Operational Controls for Unrealistic Growth
Risks
• Have an Advisory Board, with members experienced in the construction industry, that challenges actions taken by management
• Have an independent team internal to the organization or a contracted third party, who have no financial or political interest in the outcome of new projects, provide due diligence on new opportunities
Performance Issues Risks
• Inexperienced with new scope or certain types of work
• Personnel do not have adequate training or experience
• Insufficient personnel
Operational Controls for Performance Issues
Risks
• Hire experts in new areas being pursued
• Provide technical training
• Hire new employees or subcontractors to help meet labor demands
• Complete background checks
Changes in Leadership Issues Risks
• Contractor retires, dies, or sells company
• Changes in leadership or focus brings changes to company culture that employees do not respond to
• No ownership or management plan to ensure continuity in the event of retirement or death
Operational Controls for Changes in
Leadership Issues Risks
• Have a Contingency Plan so a death or retirement is a controlled temporary setback
• Develop a Succession Plan for identifying and developing internal people with the potential to fill key business positions in the company
• Clearly communicate to employees the business reasons for changes in direction
Accounting Issues Risks
• Inadequate cost and project-management systems
• Estimating problems
• Procurement problems
• Improper accounting practices
Operational Controls for Inadequate
Estimating & Bidding Risks
• Bid estimates are reviewed by management against contract specifications, plans, and drawings.
• Clerical accuracy of calculations are reviewed prior to being submitted
• Proper lead times for preparing bid estimates
• Obtain two independent estimates and analyze variances between the two
• Properly administered change order process
Estimating Project Schedules
Sagrada Familia Cathedral-Barcelona
• Construction began in 1883.
• Capable of holding 14,000 worshipers and is a 560 foot tall structure.
• Architect struck and killed by a street car in 1926
• Spanish Civil War destroyed the room with Architect’s notes and designs.
• Project restarted in 1952.
• In 2011 the President of the Building Committee announced it might be completed in 2026 – or maybe two years later.
• No one will try to calculate the final total cost.
Operational Controls for Material Price &
Subcontractor Overruns • All purchases be supported by bids (preferably sealed bids) from at
least three qualified suppliers • All purchase orders are supported with management approval and
have material quantities, material price terms, delivery dates, and subcontractor pricing and delivery dates based on the least evaluated cost vendor bid
• Comparing estimated material costs and subcontractor costs against winning bids
• Strong material receiving and verification of subcontractor service delivery is in place
• For material purchases use Evaluated Receipt Settlement process to help ensure only the purchase order price is paid
• Subcontractor prior performance is evaluated
Cost Overruns
International Space Station
• If you think keeping on construction schedules and budgets is tough on Earth, try doing it in orbit.
• Orbital laboratory that is a joint effort of Russia, Europe, Japan, Canada , and the U.S.
• Began in 1988 with an original estimate of $17.4 billion.
• Finished in 2011 but grew to $160 billion with the U.S. kicking in $100 billion.
• Set to close in 2020 but may go to 2024 with congressional approval.
• Likely the most expensive structure ever built.
Financial Controls for Labor Overruns
• Comparing estimated labor rates to union contracts and other documentation supporting labor rates, payroll taxes, and fringe benefits
• Labor and burden rates are compared to actual costs
• Daily approval of timesheets by a supervisor
• Pre-approval of overtime
• Comparing approved time worked to time paid
Financial Controls for Equipment Overruns
• Estimated equipment costs are compared to rates charged by suppliers
• Allocated equipment costs are verified to actual costs when using contractor owned equipment
Financial Controls for Inaccurate &
Untimely Accounting for Job Costs • Job costing software that includes job phases and an
adequate number of cost codes and cost types • General ledger that is automatically updated by the job
costing subsidiary ledger • Tracking unexpended costs by cost code or cost type • Reconciling the job costs in the subsidiary ledger to the
general ledger • Reconciling the bank statement to the cash general ledger
account • After the reconciliations are completed timely submitting
job cost reports to the project managers such as Work In Progress Reports
Management Issues Risks
• Key staff leaves company • Staff inadequately trained on company policy and
operations • Insufficient or incapable personnel at upper
management or project level • Human Resources practices do not comply with laws
and regulations • Unsafe work practices drive insurance costs too high to
compete • Environmental laws are violated
Operational Controls for Management Issues
Risks
• Establish a good work life balance
• Hire personnel that meet job qualifications
• Have employees annually sign that they understand the code of conduct and key internal controls they are responsible for
• Provide industry specific training to all employees
• Establish backups for key personnel
Compliance Controls for Management Issues
Risks
• Safety Director is assigned
• Safety program is monitored and employees attend safety meetings
• Human Resources Director is assigned
• Employee handbook has been reviewed for compliance with laws
• Environmental Director is assigned
• Environmental compliance is monitored
Occupational Fraud as a Cause of
Contractor Failure The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.
U.S. Department of Commerce reported one-third of all business failures relate to some form of fraud, many times, employee theft (Enron though was financial fraud).
Occupational Fraud Statistics
• Analysis of 2,410 cases investigated by CFE’s January 2014 through October 2015 and in 114 countries.
• The typical organization loses 5% of annual revenue to fraud (based on estimates of CFEs who participated in the 2,410 cases).
• This translates to $3.7 trillion when applied to the 2014 Gross World Product ($3.7 trillion also in 2013).
• At least 23% of fraud cases involve sums of $1 million or more (22% in 2014).
• Median loss is $150,000 ($145,000 in 2014).
• Total loss was $6.3 billion.
Figures and subsequent charts obtained from the 2016 Report to the Nations on Occupational Fraud and Abuse. Copyright 2016 by the Association of Certified Fraud Examiners
Corruption
A scheme in which an employee misuses his or her influence in a business transaction in a way that violates their duty to the employer in order to gain a direct or indirect benefit.
• Bribery - invoice kickbacks, bid rigging
• Conflicts of interest – purchasing and sales schemes
• Illegal gratuities
Bribery Example
Venice Flood Barrier Project
• Announced in 1988 to prevent Venice from flooding and sinking.
• Italian Deputy Prime Minister Gianni De Michelis announced November 1988 the deadline is still 1995 but with the caveat it might have to be put back a bit.
• 78 hinged metal gates weighing up to 300 tons and rising 66 feet.
• In case of flood the panels rise and form a barrier against the waves.
• Cost ballooned from $1.7 billion to $8.1 billion.
• June 2014 Venice’s mayor Giorgio Orsoni and 34 other officials and businessmen were arrested on bribery and kickback charges.
• Expected completion in 2016 (but some say as late as 2020) while Venice continues to flood and sink.
Financial Statement Fraud
A scheme in which an employee intentionally causes a misstatement or omission of material information in the financial reports.
• Fictitious revenues (May 2002 Halliburton booked as revenue $100 million of cost overruns before customers agreed to pay for them)
• Understating expenses
• Inflating asset values
Asset Misappropriation
A scheme in which an employee steals or misuses the employing organization’s resources. • Billing – A fraudulent disbursement scheme in which a person causes their
employer to issue a payment by submitting invoices for fictitious goods or services, inflated invoices, or invoices for personal purchases.
• Cash larceny – A scheme in which an incoming payment is stolen after it has been recorded on the organization’s books (taking cash from a deposit before it is deposited in the bank).
• Cash-on-hand misappropriation – A scheme in which the perpetrator misappropriates cash kept on hand (steals cash from a vault).
• Check tampering – A fraudulent disbursement scheme in which the person steals their employer’s funds by intercepting, forging, or altering a check or electronic payment drawn on the organization’s bank accounts.
Asset Misappropriation (continued)
• Employee reimbursement – An employee makes a claim for reimbursement of fictitious or inflated business expenses
• Non-cash misappropriations – Any scheme in which an employee steals or misuses non-cash assets of the victim organization (steals inventory or misuses confidential information)
• Payroll – An employee causes their employer to issue a payment by making false claims for compensation (ghost employees or claiming overtime or other hours not worked)
• Register disbursement – Employee makes false entries on a cash register to conceal removal of cash (voids a sale and steals cash)
• Skimming – An incoming payment is stolen before it is recorded on the organization’s books ( accepts a customer payment but does not record the sale).
Median Loss (Thousands)
$- $200 $400 $600 $800 $1,000 $1,200
Asset Missappropriation
Corruption
Financial Statement Fraud
2012
2014
2016
Fraud Frequency
0% 20% 40% 60% 80% 100%
Asset Missappropriation
Corruption
Financial Statement Fraud
2012
2014
2016
Frequency of Asset Misappropriation
Sub- Schemes
Billing 22%
Non Cash 19%
Expense Reimburs 14%
Check Tampering 12%
Skimming 12%
Cash on Hand 12%
Payroll 9%
Cash Larceny 9%
Register Disbursements 3%
Detection of Fraud Schemes
0% 10% 20% 30% 40% 50%
Account Reconciliation
By Accident
Management Review
Internal Audit
Tip
2012
2014
2016
Source of Tips
Source %
Employee 52%
Customer 18%
Anonymous 14%
Other 12%
Vendor 10%
Owner/ Shareholder 3%
Competitor 2%
Behavioral Red Flags
0% 10% 20% 30% 40% 50% 60%
Excessive Pressure Within Org.
Unwillingness to Share Duties
Wheeler Dealer Attitute
Close Association to Vendor
Financial Difficulties
Living Beyond Means
Owner
Manager
Employee
Primary Weakness Observed
29%
20% 19%
11%
7%
4% 10%
Internal Control Weakness Lack of Internal Controls
Override of Controls
Lack of ManagementReview
Poor Tone at the Top
Lack of CompetentPeronnel
Lack of IndependentAudits
Other
Industry of Victim Organizations
4%
4%
5%
6%
7%
7%
9%
11%
17%
0% 2% 4% 6% 8% 10% 12% 14% 16% 18%
Insurance
Construction
Retail
Education
Health Care
Other
Manufacturing
Government and Public Administration
Banking and Financial Institutions
Industry
Industry
Common Types of Construction Fraud
• Falsifying payment applications
• Billing for unperformed work
• Subcontractor collusion
• Manipulating change orders
• Substituting or removing material
• Diverting lump-sum costs to time and material costs
• Diverting purchases and stealing equipment and tools
• False representations about employees and insurance
Prevention Controls
• Our organizational culture — tone at the top — is as strong as it can possibly be and establishes a zero-tolerance environment with respect to fraud.
• We have divested our organization of all unnecessary third-party and related-party relationships.
• We have assessed the alignment of authorities and responsibilities at all levels of organization management and are not aware of any misalignments that might represent vulnerabilities to fraud.
• Our audit committee has taken a very proactive posture with respect to fraud prevention.
• We have an effective whistleblower protection program and fraud hotline in place, and its existence and procedures are known to all employees, vendors, contractors, and business partners.
Detection Controls • Reconcile pay applications to underlying cost records
• Compare drawings and specified material volumes to claimed actual volumes
• Review subcontractor bid selection process and selection documentation
• Compare change order signature dates to actual time the work was completed
• Track changes in the Schedule of Values
• Conduct supplier confirmations of materials received
• Analyze time and materials costs for potential duplication in the lump-sum payment
• Inventory equipment and tools
• Maintain lien waivers and other subcontractor representations
Cyber Threats / Data Breaches
Jeromy Butts, Analyst
Technology Risk Management
Rehmann
Cyber crime is here to stay
• 400,000 to 1 Million pieces of Malware released Daily
• Cyber warrior ‘mercenaries’ for hire worldwide
• Cyber crime is a multi-billion dollar underground economy
• Cyber crime is an industry of suppliers, distributors and manufacturers
• Information is the commodity
60% of businesses FAIL within 6 months of
being hacked
• Loss of cash from bank accounts
• Cost of breach repair and recovery
• Cost of notification
• Cost of compliance
• Cost of lost clients
• Cost of reputation loss Source: www.greenskyproductions.co.uk
Ransomware
Ransom32 - 2016
Employees are the weakest link
• Negligent insiders are the top cause of data breaches
• Clicking on links in emails
• Sending work email to personal accounts
• Using company data on insecure lines
• Not following corporate policies
• Not securing mobile devices
Social Engineering
Where should you focus?
• Perimeter
• Access
• Vendor
• Mobile
• Human
Source: www.lifehack.org
Perimeter Management
• Do you have a
firewall?
• Do you have a
DMZ?
• Do you have an
IDS/IPS?
Source: www.linklogger.com
Access Management
Source: blog.lookout.com
• Access Control
• Restrict Administrative Access
• Perform Access Reviews
• Leverage Least Privilege
Software Patching
• How often do you patch?
• Best Practice = 30 Days
Source: www.gfi.com
Backups
–Daily Backups
–Rotated Offsite
– Testing
www.itservicesalbuquerquenm.com
Training
• Train users on:
– Information Security Program
– Incident Response Plans
– Business Continuity Plans
– Security Threats
afgenvac.org
Source: blog.zopim.com
In the end…
Break
Please stand by as we’ll begin our presentation shortly
Contract Provisions that Unfairly Shift
Financial Risk
Aileen Leipprandt & Ben Hammond
Hilger Hammond
The Agreement
Incorporation – what’s / what’s out?
Bids / Proposals
Geotechnical reports
Prime Contract / GCs
Force Majeure
Impact of narrowed definition
Unavailable material
Weather
Delegated Design
Design Spec vs Performance Spec
AIA provisions
Liability Exposure
Insurance Coverage?
Occupational Code?
Spearin Defense?
Time
Schedule control
Overtime
Inefficiency
More time = more $
Payment
Retention
Pay-if-paid
Work not in dispute
Warranty
Margin Fade
Duration
Special Terms
Fussy Owner
Who Has the First Question?
Presented by: Spencer Olson | BHS Insurance
Kirk Balcom and Jeromy Butts | Rehmann Aileen Leipprandt and Ben Hammond | Hilger Hammond
