FRAUD:IT COULDN’T HAPPEN TO US, COULD IT?
February 8, 2011
Marc P. Brdar
Nicole P. Saldamarco
INTRODUCTIONS
Marc P. Brdar, CPA, CFF, CIA
Senior Manager – Business Advisory Services
412-697-5425
Nicole P. Saldamarco, CPA, CIA
Senior Manager – Internal Audit & Risk Advisory Services
412-697-5368
OVERVIEW
Fraud basics
Identifying the fraud universe
Assessing the strength of your organization’s controls
Bridging the fraud gap
3
DEFINITION OF FRAUD
Any intentional act or omission designed to deceive others,resulting in the victim suffering a loss and/or the perpetratorachieving an ill-gotten gain.
4
FRAUD BASICS
When an organization’s primary focus is on cost reduction and speed/convenienceof conducting business, an environment conducive for fraud arises due to thecombining of sensitive responsibilities and authorities within job functions.
Employee’s years of service
X
Number of key responsibilities
X
Organization’s complacency level related to controls
and monitoring activities validation
=
Fraud Potential
5
FRAUD BASICS
When fraud cases are uncovered, indicators that a fraud was occurring wereoften evident to others. However, human nature is to continue to trust thosearound us even when faced with evidence to the contrary.
Misplaced Trust is a GreatFacilitator of Fraud
6
FRAUD TRIANGLE
The fraud triangle is a common pictorial of the three factors that
drive fraud.
XXRationalization
(External Influences)
Need/Pressure/ Motivation
(External Influences)
Opportunity
(Process and Controls)
7
IDENTIFYING THE FRAUD UNIVERSE
NPO Fraud Statistics
Overview of Fraud in NPOs
Types of Frauds in Nonprofits
Case Study Examples
8
FRAUD BY ORGANIZATION TYPE
9
SOURCE: ACFE – REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE2010 GLOBAL FRAUD STUDY
NPOS AND FRAUD
MEDIAN LOSS
10
SOURCE: ACFE – REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE2010 GLOBAL FRAUD STUDY
FRAUD DETECTION METHODS
11
SOURCE: ACFE – REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE2010 GLOBAL FRAUD STUDY
OVERVIEW OF FRAUD IN NONPROFITS
CAUSES
Too much trust
Resources devoted to mission and not controls
Reliance on volunteers
Smaller organizations with limited resources may lack financial sophistication
12
OVERVIEW OF FRAUD IN NONPROFITS
WHY FRAUD IN NONPROFITS GOES UNREPORTED
Fear of negative publicity
Concern about involvement in criminal or civil lawsuits
Sympathy for the perpetrator
Fear of retaliation
13
OVERVIEW OF FRAUD IN NONPROFITS
CONSEQUENCES OF NOT REPORTING FRAUD
Could result in fraud perpetrators re-entering job market and inflicting harm on other organizations
Could undermine credibility of management and Board if scheme eventually becomes public knowledge
Sends the wrong message to employees
Sets precedent that could hinder recovery of insurance proceeds
14
TYPES OF FRAUD IN NONPROFITS
MISAPPROPRIATION OF ASSETS
Cash receipts
Cash disbursements
Payroll
Expense account abuse
Inventory
Other assets15
TYPES OF FRAUD IN NONPROFITS
CORRUPTION
Conflicts of interest
Bribery
Illegal gratuities (kickbacks)
16
TYPES OF FRAUD IN NONPROFITS
FRAUDULENT STATEMENTS
Improper asset valuations
Concealed liabilities
Timing differences
Improper disclosures and reporting to outside entities
Credentials
17
NATURAL GAS LEASE
Nonprofit owned a large parcel of land with natural gas reserves
Member of management approached natural gas company to negotiate a deal to lease the gas rights for a 5-year period for $500,000
Check deposited into “dormant” bank account of an affiliate legal entity that was set-up for other purposes
Management member wrote checks to himself and family
Discovery:Phone call from natural gas company was received and ultimately routed to the Executive Director, who was unaware of the transaction, and initiated an investigation.
18
CASH TAKEN
Accountant received cash, checks and reconciliation for fundraising events and put in safe.
Assistant Controller prepared deposit slip, listing only checks and deposited only checks.
Took cash.
Discovery:Fraud not caught until Assistant Controller left the organization. Miscellaneous revenues increased by over 20% after the individual left, prompting investigation into the variance.
19
VOLUNTEER SKIMMING
Fundraiser where organization sold coupon books
Organization would charge a set amount and was liable to coupon book vendor for $15 per unit for unreturned units
Discovery:Volunteer presented the Treasurer with an invoice for $9,000 (600 units). However, cash deposited for sale of books only indicated that 400 units were sold. Volunteer initially tried to make excuses, but ultimately admitted to taking the funds due to financial problems.
20
DIRECTOR OF DEVELOPMENT – PURCHASING CARD
Corporate purchasing card was made available to members of senior staff
Protocol was that a reconciliation sheet (with appropriate accountcoding) was to be prepared by p-card user, reviewed by applicablesupervisor and submitted monthly with a copy of the purchasing cardstatement and supporting invoices/receipts.
Discovery:
Controller noted that reconciliation sheet was delinquent the first month. Henotified the Executive Director, who overlooked it for two months because thecard holder was traveling extensively. In the third month, the Executive Directorapproached the individual and requested appropriate documentation. Uponfurther review, it was determined that there were $15,000 in personal charges onthe card.
21
CONFLICT OF INTEREST / ILLEGAL GRATUITY
Relative of a long-time board member provided undocumentedmarketing services to an entity
Marketing director summarized annual payments to the vendor overthe last year, noting that such charges amounted to $125,000
Solicited bids for same services on a prospective basis, receiving bidsranged from $40,000 to $65,000
Overpayments of over $350,000 were noted over a 3-year period
Discovery:The new marketing director was given an invoice for $15,000 and told toapprove it for payment. The new marketing director looked into the servicesthat were provided and thought that the entity was being charged too much forsuch services. Investigation ensued.
22
INTERIM FINANCIAL REPORTING
Small nonprofit that had struggled financially experienced significant turnoverwith respect to its accounting staff over a 3-year period
Board reviewed monthly financial statements and budget variances
Inexperienced accountant is hired and falls behind. Prepares “made-up”monthly financial statements that approximate budgeted amounts forpresentation to the board
Executive Director knows the monthly figures are not accurate but does notinform the Board in the hope that actual results will “catch-up”
Discovery:
Executive Director eventually “comes clean” when actual annual results varysignificantly from budget when books are caught-up in preparation for audit
23
CREDENTIALS
Nonprofit had a contract with a local government to provide certainservices to troubled youth
Contract stipulated that counselors needed to maintain certaineducational certifications
Government compliance auditor tested program compliance using asample including an unqualified employee
Charity was required to reimburse the government agency for allservices provided by the staff member with the falsified credentials
Sample size was expanded, and no other credential issues were noted
Discovery:Government auditor noted that the sample employee went to the same collegeas he did, but recalled that their college did not offer a masters program in theprogram claimed on the employee’s resume
24
ASSESSING THE STRENGTH OF YOUR ORGANIZATION’S CONTROLSOverview
Assemble the team
Identify opportunities to commit fraud
Quantify fraud risks
Identify and evaluate controls
Assess control gaps
Control remediation/risk acceptance
25
ASSESSING THE STRENGTH OF YOUR ORGANIZATION’S CONTROLSIdentify Opportunities to Commit Fraud
Gather information to obtain population of applicable fraud risks
Consider all types of schemes and scenarios within an organization
Don’t forget about information technology
Identifying fraud risks should not be performed in a vacuum
Initially identify without consideration of known controls
Need to consider across the organization (horizontally and vertically) by:- Functional Area
- Position
- Relationship
26
ASSESSING THE STRENGTH OF YOUR ORGANIZATION’S CONTROLSQuantify Fraud Risks
Probability– Prior instances, prevalence and other factors, including volume of
transactions, complexity and number of people involved in the process should be considered
1) Remote
2) Reasonably possible
3) Probable
Severity– Should include financial, monetary, operational, reputational, as well as criminal,
civil and regulatory liability considerations
27
ASSESSING THE STRENGTH OF YOUR ORGANIZATION’S CONTROLSIndentify and Evaluate Controls
Preventive
Detective
Persuasive
Competence
28
ASSESSING THE STRENGTH OF YOUR ORGANIZATION’S CONTROLSControl Evaluation - Cautionary Tale
Some reasons internal controls might not work ALL of the time:
Not designed and implemented properly at the outset
Designed and implemented properly, but the environment in which they operate changes (changes in risk, people, processes or technology)
Designed and implemented properly, but their operation changes in some way, rendering them ineffective in managing or mitigating applicable risks
29
PROCESS-LEVEL CONTROLSCash Receipts
Lockbox, cash receipts log
Handling, recording daily deposits (cut-off)
Cash account reconciliation
Reserve review
Write-off approval capabilities/authorities
30
PROCESS-LEVEL CONTROLSDisbursements
Purchase order/bidding/limits of authority
Vendor set-up and approval
Invoice matching
Securing check stock
Signature authorities
Don’t forget about wire transfer controls
Don’t forget about T&E (including P-cards) controls
Positive pay 31
PROCESS-LEVEL CONTROLSPayroll
Job description/roles/responsibilities
Offer/compensation approval
Bonus/merit increase
Employee set-up/modification/termination
Pay-rate tables, access restriction
Timekeeping, supervisory review and approval
Payroll register review and bank account reconciliation
Vacation tracking
Reference checking
Credit verification 32
PROCESS-LEVEL CONTROLSInformation Technology
Acceptable use policy/sign-off
Confidentiality of Information policy/sign-off
Super-user access restrictions
Security administration (including passwords)
Quality assurance in change management
Database administration
Interface checks and balances
33
PROCESS-LEVEL CONTROLSInformation Technology
Back-up monitoring
Firewall monitoring
Physical access to IT equipment
Usage exception reporting
34
BRIDGING THE FRAUD GAPSAssess Control Gaps
High risk with minimal or no controls
Management’s ability to override controls
Lack of segregation of duties
No formal policies or procedures
Poor control design
Lack of timely preparation and/or review of account reconciliations 35
BRIDGING THE FRAUD GAPSControl Remediation/Risk Acceptance
Prioritization – probability and severity
Evaluate costs/benefits to remediate
Institute new controls or improve/supplement existing controls
36
IN SUMMARY
Limit the opportunity and you limit exposure to fraud!
37
FRAUD:IT COULDN’T HAPPEN TO US.
COULD IT?
QUESTIONS
38
RESOURCESAICPA Anti-Fraud and Corporate Responsibility Center
http://antifraud.aicpa.org/IIA Fraud Resource Repository
http://www.theiia.org/guidance/standards-and-practices/additional-resources/fraud-repository/
ACFE Site and Resource Repositoryhttp://www.acfe.com/home.asphttp://www.acfe.com/fraud/fraud.asp
White-Collar Crime Fighterhttp://www.wccfighter.com/
Open Compliance and Ethics Group (OCEG)http://www.oceg.org/landing/IAG.aspx Evaluation of Compliance & Ethics Programhttp://www.oceg.org/view/HHG Hotline and Helpline Guide
39
APPENDIX AControl Types - Preventive
Human Resources procedures- Recruiting/hiring – smart, honest, ethical
- Background investigations – especially for those with access to fungible assets
- Anti-fraud training
- Exit interviews
Restricted Access
Segregation of duties (limit keys to the kingdom)
Authority limits – can minimize potential damage
Transaction-level controls – approvals, reviews, etc.
40
APPENDIX AControl Types - Detective
Necessary when preventive controls don’t make sense from a cost/benefit perspective
Operate in the background
Such techniques include:
- Variance analysis
- Comparison of internal date to external sources
- “Surprise” audits
- Communicate identified deficiencies or items outside of thresholds to appropriate mangers
- Whistleblower hotline
41
APPENDIX AControl Types - Detective
Account reconciliations
Independent reviews
Physical inspections and counts
Special audits – (i.e., expense reports, P-card activity)
Journal entry review
42
APPENDIX AControl Types - Persuasive
Tone at the Top- Formal code of ethics/conduct
- Management setting appropriate example
- Positive workplace environment1) Honest and constructive feedback and recognition
2) Eliminate fear of delivering “bad news”
3) Treat employees with fairness
4) Organizational responsibilities clearly defined
5) Strong communication practices and methods
6) Direct communication vs. innuendo
7) Competitive compensation
43
As one of the largest certified public accounting and business advisoryfirms in the region, Schneider Downs serves clients throughout thecountry and around the world. By integrating high-quality resources,systems and personnel, Schneider Downs has built a reputation ofdelivering individualized services built on insight, innovation andexperience to meet each client’s specific needs.
For more information, visit us at:
www.schneiderdowns.com
We Are Committed to Your SuccessSchneider Downs
44
Thank You
To obtain a copy of today’s presentations, please visit
us at www.schneiderdowns.com/nonprofit02082011
45