29
BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. What a Steal: Putting internal controls in place to prevent fraud and protect your organization Bob McAdams, CPA Eddie Guerra, CPA .

21st Annual Legal & Accounting Institute: Putting Internal Controls in Place

  • Upload
    saafdn

  • View
    275

  • Download
    1

Embed Size (px)

DESCRIPTION

 

Citation preview

  • 1. What a Steal: Putting internal .controls in place to prevent fraud and protect your organization Bob McAdams, CPA Eddie Guerra, CPA BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.

2. An Introduction to Fraud What is fraud? An intentional act that results in material misstatement of the financial statements.Who commits fraud? Usually older than other criminals. Often married with stable family situations. Above average education. Typically, the person earns less than $50,000 a year and has worked for the nonprofit for at least three years. However the most costly fraud is perpetrated by managers and executives earning between $100,000 and $150,000 a year. Perpetrators that have been with organizations more than 10 years generated median losses of $230,000Information from the Association of Fraud Examiners Client name - Event - Presentation title Page 2 3. Fraud is difficult to predict but Predictive characteristics include employees: with high debt, live beyond their means, refuse to take vacations, work in organizations that dont enforce clear lines of authority and have weak internal controls Fraud in nonprofits occurs most by accounting and upper management and sales personnel (skimming, billing schemes and cash larceny)Client name - Event - Presentation title Page 3 4. The Fraud Triangle Incentive Opportunity Rationalization Client name - Event - Presentation title Page 4 5. Excerpted from the BDO Acsense 2009 self-study course Focus on Fraud: Fraud and Misconduct in the Corporate World accessible at http:// www.bdo.com/acsense/events/Focus-on-FraudSept09%20.aspx. Client name - Event - Presentation title Page 5 6. Client name - Event - Presentation title Page 6 7. Types of Misstatements Types of misstatements caused by fraud: Misstatements resulting from fraudulent financial reporting. Misstatements resulting from misappropriation of assets.Client name - Event - Presentation title Page 7 8. Fraudulent Financial Reporting Stages: Misstatement. Concealment. Financial statements misstated as a result of: Misapplication of accounting principles involving measurement and resulting in misstatement of amounts. Omission or misrepresentation about transactions or events. Recording fictitious transactions. Recording sham transactions. Client name - Event - Presentation title Page 8 9. Misappropriation of AssetsStages: Misstatement. Concealment. Conversion. Opportunity to commit and conceal exist only when: Assets are susceptible to misappropriation. There is a lack of antifraud programs and controls to prevent or detect it.Client name - Event - Presentation title Page 9 10. Other Fraud Considerations Off-the-books versus on-the-books fraud. Off-the-books schemes, such as kickbacks or skimming cash sales, do not involve a documentary trail or manipulation of the companys books. On-the-books schemes may relate to either misappropriation of assets or fraudulent financial reporting. Information technology and fraud. Automated systems are used to generate false documents or manipulate accounting records to affect or conceal the fraud.Client name - Event - Presentation title Page 10 11. Other Fraud Considerations (continued) Fraud conditions: Incentives/pressures to commit fraud. Opportunities to commit fraud. Attitudes/rationalizations. Other characteristics of fraud: Management override of controls. Concealment. Collusion. Falsifying documents or records.Client name - Event - Presentation title Page 11 12. Responsibility for Fraud Detection Managements responsibility for fraud detection. Management is responsible for designing and implementing agency programs and controls to prevent, deter, and detect fraud. Auditors responsibility for fraud detection. To obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud Immaterial misstatements caused by fraud. The expectation gap.Exercising professional skepticism.Client name - Event - Presentation title Page 12 13. Board and Management Responsibilities Board and management should set the proper tone, create and maintain a culture of honesty and high ethical standards and establish controls to prevent, deter and detect fraud. When management and those responsible for oversight of the financial reporting process fulfill those responsibilities, the opportunities to commit fraud can be reduced significantly Financial questions you should ask Systems that protect NPOs Internal controls Accounting policies and procedures Board committees External audits Understand the financial statementsClient name - Event - Presentation title Page 13 14. What Are Auditors Required to Do? Access Fraud Risk The fraud risk assessment process Hold a discussion among engagement team members to consider the susceptibility of the clients financial statements to material misstatement due to fraud. Obtain other information needed to identify risks of material misstatement due to fraud. Identify risks that may result in material misstatement of the financial statements due to fraud. Assess the identified risks after taking into account the companys antifraud programs and internal controls. Respond to the results of the risk assessment.Evaluate internal controls Report material fraud and material and significant weaknesses in internal control Client name - Event - Presentation title Page 14 15. Professional SkepticismWe tend to overemphasize information that supports our assumptions and ignore what doesnt We take shortcuts to knowledge based on categories of information Healthy skepticism neither completely trusts nor completely distrusts it is NEUTRALClient name - Event - Presentation title Page 15 16. Tone at the Top Communicating a code of conduct -Adopt a code of conduct policy or an ethics policy Give examples of ethical challenges Management and Board live the code Conflicts of interest Whistleblowers policy Outside internal control review Actual agency culture should supportClient name - Event - Presentation title Page 16 17. Ten Key Financial Questions You Should Ask 1. Is our organization being run in a business-like fashion? 2. Are our key sources of income rising or falling? 3. Are our key expenses, especially salary and benefits, under control? 4. Do we have sufficient reserves? 5. Is our board truly supportive of our fundraising needs? 6. Where are we compared with budget? 7. Is our financial plan consistent with our strategic plan? 8. Is our staff satisfied and productive? 9. Are we filing on a timely basis all the reporting documents we are supposed to be filing? 10. Are we fulfilling our tax-exempt purpose as granted by the IRS?Client name - Event - Presentation title Page 17 18. What are Internal Controls? Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to: conduct its business in an orderly and efficient manner Safeguard its assets and resources Deter and detect errors, fraud and theft Ensure accuracy and completeness of its accounting data Produce reliable and timely financial and management information Ensure adherence to its policies and plansClient name - Event - Presentation title Page 18 19. What are Internal Controls? Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to: Conduct its business in an orderly and efficient manner Safeguard its assets and resources Deter and detect errors, fraud and theft Ensure accuracy and completeness of its accounting data Produce reliable and timely financial and management information Ensure adherence to its policies and plansClient name - Event - Presentation title Page 19 20. Some common internal control procedures (see outline) General & cash controls Investments Payrollhttp:// www.bdo.com/acsense/events/Focus-onFraudSept09%20.aspx. Allocating expenses Stewardship & accountability Budgeting & financial planning Grant funding Staff training Client name - Event - Presentation title Page 20 21. Types of Controls Activity Level Controls Entity Level ControlsClient name - Event - Presentation title Page 21 22. Basic Internal Controls Basic Internal Controls for the prevention of fraud can be grouped into 3 categories: Physical Access Job Description Accounting Reconciliation and AnalysisClient name - Event - Presentation title Page 22 23. Physical Access The need to control access to your organizations tangible and intangible assets. Tangible assets FF&E, inventory, supplies Intangible assets donor records, financial records, bank records, credit card information Locks, Supervision, employee IDs, computer passwords, access keys, surveillance systems Limit access by job functionClient name - Event - Presentation title Page 23 24. Job Description Detail an employees job responsibilities and expectations. Generally, employees should not perform duties outside of their job description without authorization. Include division or segregation of duties.Client name - Event - Presentation title Page 24 25. Account Reconciliation and Analysis Regular, documented and reviewed reconciliations and analysis makes concealment difficult. Should be prepared for: Bank Accounts Investment accounts Accounts Receivable Accounts Payable Significant other assets and liabilities Variance Analysis Actual to budget Current year vs. prior year Vertical analysis of revenue and expenditures as a percentage of total Strong Supervision Fraud awareness Approval, review, recalculationClient name - Event - Presentation title Page 25 26. Mitigating External Fraud Restricting access to the organizations network system to designated IT personnel Implementing virus protection on the organizations network Disallowing the downloading of programs from internet Educating employees about malicious email scams Requiring employees to change passwords every 90 days Setting policy that passwords are not shared Checking bank transactions on a daily basis to detect any outside intervention Avoiding promotional scams, it something sounds too good to be true it probably isnt trueClient name - Event - Presentation title Page 26 27. Fraud Risk Assessments Process aimed at proactively identifying and addressing an organizations vulnerabilities to internal and external fraud Ongoing, continuous process Identifier and prioritizing fraud risk in an organizationClient name - Event - Presentation title Page 27 28. COSO Internal Control Integrated Framework See Executive Summary in outline Components of Internal Control Control environment Risk assessment Control activities Information & communication Monitoring activitiesClient name - Event - Presentation title Page 28 29. Questions and CommentsClient name - Event - Presentation title Page 29


Just a Little Thing: At the Heart of 21st Century Learning ...researcharchive.canadianschoollibraries.ca/wp-content/uploads/2017… · Putting new life into a dreary library space

Just a Little Thing: At the Heart of 21st Century Learning ...researcharchive.canadianschoollibraries.ca/wp-content/uploads/2017… · Putting new life into a dreary library space

Documents
Continuous Controls Monitoring: Putting Controls in Place is Not Enough

Continuous Controls Monitoring: Putting Controls in Place is Not Enough

Economy & Finance
TOSHIBA AI R CONDITIONING Putting you in control… Interactive Intelligence Putting you in Control… Controls V 1.08 Sebastien Desmottes - Controls Development

TOSHIBA AI R CONDITIONING Putting you in control… Interactive Intelligence Putting you in Control… Controls V 1.08 Sebastien Desmottes - Controls Development

Documents
EMEA lighting and controls catalogue 2017 - Philipsimages.philips.com/is/content/PhilipsConsumer/PDF...EMEA lighting and controls catalogue 2017 Connected solutions putting you in

EMEA lighting and controls catalogue 2017 - Philipsimages.philips.com/is/content/PhilipsConsumer/PDF...EMEA lighting and controls catalogue 2017 Connected solutions putting you in

Documents
*PREVIEW* Fieldbook - Wealth, Innovation & Diversity by ... innovatio… · Wealth, Innovation & Diversity: Putting Our Differences to Work in the 21st Century is the result of more

*PREVIEW* Fieldbook - Wealth, Innovation & Diversity by ... innovatio… · Wealth, Innovation & Diversity: Putting Our Differences to Work in the 21st Century is the result of more

Documents
Developing Effective Controls for the 21st Century

Developing Effective Controls for the 21st Century

Documents
Lab Data Semantic Interoperability: Advancing Value-Based 21 … · 2018-10-24 · Lab Data Semantic Interoperability: Advancing Value-Based 21st Century Cures SHIELD x - putting

Lab Data Semantic Interoperability: Advancing Value-Based 21 … · 2018-10-24 · Lab Data Semantic Interoperability: Advancing Value-Based 21st Century Cures SHIELD x - putting

Documents
Cleaning and Disinfecting Your Facility · Electronics For electronics, such as tablets, touch screens, keyboards, remote controls, and ATM machines Consider putting a wipeable cover

Cleaning and Disinfecting Your Facility · Electronics For electronics, such as tablets, touch screens, keyboards, remote controls, and ATM machines Consider putting a wipeable cover

Documents
Joyce Controls for Joyce Jacks...Joyce Systems + Controls Putting it all Together Every system that is powered by an electric motor requires some type of control system. Joyce offers

Joyce Controls for Joyce Jacks...Joyce Systems + Controls Putting it all Together Every system that is powered by an electric motor requires some type of control system. Joyce offers

Documents
Ch05 Accounting Systems and Internal Controls, intro accounting, 21st edition warren reeve fess eng

Ch05 Accounting Systems and Internal Controls, intro accounting, 21st edition warren reeve fess eng

Education
Project Graduation 2014 $5,000 Putting Contest - Early Putting

Project Graduation 2014 $5,000 Putting Contest - Early Putting

Education
Putting History in its Place: Historic Landscapes and ... · Putting History in its Place: Historic Landscapes and Environments University of Chester, 20th-21st April 2017 Following

Putting History in its Place: Historic Landscapes and ... · Putting History in its Place: Historic Landscapes and Environments University of Chester, 20th-21st April 2017 Following

Documents
A Federal-Provincial-Territorial Initiative Putting Canada First Agricultural Policy for the 21st Century Putting Canada First Agricultural Policy For

A Federal-Provincial-Territorial Initiative Putting Canada First Agricultural Policy for the 21st Century Putting Canada First Agricultural Policy For

Documents
Putting Realistic Numbers into Wine’s Story...WEA NZ CONFERENCE Blenheim, 21st July 2016 Putting Realistic Numbers into Wine’s Story Andrew Barber Agrilink New Zealand The AgriBusiness

Putting Realistic Numbers into Wine’s Story...WEA NZ CONFERENCE Blenheim, 21st July 2016 Putting Realistic Numbers into Wine’s Story Andrew Barber Agrilink New Zealand The AgriBusiness

Documents
Putting the Cart Before the Horse? Capital Account ... · domestic economic agents take advantage of investment opportunities abroad. We argue that with existing capital controls

Putting the Cart Before the Horse? Capital Account ... · domestic economic agents take advantage of investment opportunities abroad. We argue that with existing capital controls

Documents
Lecture 13: Putting together the pieces - Christopher B. Barrettbarrett.dyson.cornell.edu/MIFIRA/course/13 Putting... · Web viewLecture 13: Putting together the pieces Putting together

Lecture 13: Putting together the pieces - Christopher B. Barrettbarrett.dyson.cornell.edu/MIFIRA/course/13 Putting... · Web viewLecture 13: Putting together the pieces Putting together

Documents
Putting People First update January 2011 Putting People First

Putting People First update January 2011 Putting People First

Documents
Hydraulic Log Splitter - Lumag Distribution LtdSpecific safety instructions for log splitters Further risks at operation Symbols Controls Content of equipment Putting into operation

Hydraulic Log Splitter - Lumag Distribution LtdSpecific safety instructions for log splitters Further risks at operation Symbols Controls Content of equipment Putting into operation

Documents
21st century regulation putting innovation at the heart of payments

21st century regulation putting innovation at the heart of payments

Documents
Putting the World Into World Class Education Global Awareness: Preparing West Virginia Students for the 21st Century

Putting the World Into World Class Education Global Awareness: Preparing West Virginia Students for the 21st Century

Documents
Andreas Teuchert, Arrow Central Europe GmbH Munich, 21st January, 2014 Encryption Export Controls

Andreas Teuchert, Arrow Central Europe GmbH Munich, 21st January, 2014 Encryption Export Controls

Documents
Developing Effective Controls for the 21st Century › wp-content › uploads › 2018 › 08 › ... · Statement Audit” required auditors to assess internal controls for outsourced

Developing Effective Controls for the 21st Century › wp-content › uploads › 2018 › 08 › ... · Statement Audit” required auditors to assess internal controls for outsourced

Documents
Tips and Tricks for Optimizing Storage Management · VM sprawl using VM lifecycle management technology. Putting automated policy controls and governance in place delivers visibility

Tips and Tricks for Optimizing Storage Management · VM sprawl using VM lifecycle management technology. Putting automated policy controls and governance in place delivers visibility

Documents
21st Century Leadership for a 21st Century Workforceconvention.jamaicaemployers.com/pdfs/2010/saturday/21st century... · 21st Century Leadership for a 21st Century Workforce Presented

21st Century Leadership for a 21st Century Workforceconvention.jamaicaemployers.com/pdfs/2010/saturday/21st century... · 21st Century Leadership for a 21st Century Workforce Presented

Documents
PUTTING PATIENTS FIRST PUTTING PATIENTS FIRST ...- Be able to ensure complete physical and psychological return to activity for the athlete PUTTING PATIENTS FIRST PUTTING PATIENTS

PUTTING PATIENTS FIRST PUTTING PATIENTS FIRST ...- Be able to ensure complete physical and psychological return to activity for the athlete PUTTING PATIENTS FIRST PUTTING PATIENTS

Documents
“Putting the Patient First, by Putting Employees First” · “Putting the Patient First, by Putting Employees First” Quint Studer CEO & Founder, Studer Group. ... Leader Development

“Putting the Patient First, by Putting Employees First” · “Putting the Patient First, by Putting Employees First” Quint Studer CEO & Founder, Studer Group. ... Leader Development

Documents
AP Labs – General Experimental Design Identify variables –Independent –Dependent Isolate Variable –Controls CONTROLS CONTROLS CONTROLS CONTROLS (controls)

AP Labs – General Experimental Design Identify variables –Independent –Dependent Isolate Variable –Controls CONTROLS CONTROLS CONTROLS CONTROLS (controls)

Documents
Putting your business on the front foot - PwC · • Treasury • Internal audit • Process controls & compliance • Tax accounting & compliance As finance functions seek to keep

Putting your business on the front foot - PwC · • Treasury • Internal audit • Process controls & compliance • Tax accounting & compliance As finance functions seek to keep

Documents
A NEW BUSINESS CONTROLS FRAMEWORK FOR THE 21 CENTURY · 2013-02-27 · A NEW BUSINESS CONTROLS FRAMEWORK FOR THE 21ST CENTURY By John Kyriazoglou (jkyriazoglou@hotmail.com) John Kyriazoglou,

A NEW BUSINESS CONTROLS FRAMEWORK FOR THE 21 CENTURY · 2013-02-27 · A NEW BUSINESS CONTROLS FRAMEWORK FOR THE 21ST CENTURY By John Kyriazoglou ([email protected]) John Kyriazoglou,

Documents
Data Privacy and Protection Statement · 2.15 Putting principles into practice Synopsys maintains internal policies, protocols, controls and practices that ensure we act consistent

Data Privacy and Protection Statement · 2.15 Putting principles into practice Synopsys maintains internal policies, protocols, controls and practices that ensure we act consistent

Documents