1. How to prevent and detectfraud in your organizationBright ideas. Smart solutions. www.gma-cpa.com

2. Fraud in audit and accounting jargon COSO is the acronym for the Committeeof Sponsoring Organizations of theTreadway Commission They issued the report called InternalControl-Integrated Framework in 1992and expect to issue update in 1st quarter of2013 3. COSO report States that the objectives of an internalcontrol system are to ensure: Efficient and effective operations Accurate financial reporting Compliance with laws and regulations 4. Other A&A jargon Sarbanes-Oxley AKA SOX and SAR-BOX(can tell you good stories about Sen.Sarbanes and some of his comments) SAS 99 Inherent risk Control risk Combined risk 5. The good news is that weare not talking about any ofthe jargon today. 6. Real world fraud discussion Basically there are two or three types offrauds depending on who you listen to Misappropriation of assets (theft) Financial statement fraud (mostly big guys) Bribery and corruption 7. Most should be concerned aboutmisappropriation or theft Financial audits are designed to detect fraud= FALLACY Commonly referred to as the expectation gap Seems to have been around a long time, just likefrauds have been around forever Opt for review or compilation with some agreedupon procedures instead of audit if possible 8. Extent of fraud / theft U.S. Chamber of Commerce estimatestheft by employees costs Americancompanies $20-$40 billion each year Employee theft 15 times more likely thannonemployee theft 75% of thefts go unnoticed and unreported 9. Extent of fraud / theft Another chamber survey says: Rule of thumb is a company loses 1-2% of itssales to crime, mostly committed by or incollusion with employees 78% of 126 prosecuted cases of employeefraud involved simple theft of cash, checksinventory or other property 10. Extent of fraud / theft 60% of prosecuted cases and 97% of fraudsreported by CPAs involved cash Frauds involving noncash assets, while lessfrequent, often produced larger losses 11. Extent of fraud / theft Cash frauds by responsibility area Accounting / finance 70% Teller / customer service 9% Marketing / sales 6% Purchasing3% DP2% Manufacturing / production2% Shipping / receiving1% Other 7% 12. Extent of fraud / theft Cash fraud by level of responsibility Part owner 3% Management19% Supervisor22% Clerk / bookkeeper56% 13. Extent of fraud / theft Average fraud scheme runs less than twoyears Left unchecked it grows in amount andfrequency It often involves a trusted employee 14. What should you do? Dont go back and think everyone is stealing;be aware that not everyone is dishonest, butneither is everyone completely honest Blame the accountant: I trust you, but myaccountant says I have to do things this way. Blame your insurance person: If we do this wewill get a discount on our insurance. 15. What should you do? Blame the lottery: I trust you, but if you hit thelottery tomorrow and retire I need goodprocedures in place for the next person since Iwont know them like I know you. Brainstorm what could happen and figure outhow to plug the holes 16. The infamous fraud triangle 17. Prevention vs. detection Cost benefit of prevention Prevention attacks the opportunity side of thefraud triangle Sometimes its cheaper to let the little thingsthrough, rather than hiring another person forabsolute segregation of duties 18. Examples of preventative controls Having security guards in lobbies Keeping high dollar inventory orequipment in secured areas Keeping unissued and cancelled checksunder lock and key 19. Examples of preventative controls Removing excess cash from registers andkeeping in time lock controlled safes Checking account arrangements wherechecks are preapproved or they dont clear Use camera monitoring systems includingfake cameras 20. Examples of detection controls Reviewing cancelled checks and bankstatements for alterations or forgeries Periodic test counts of inventory andcomparing to perpetual systems Surprise cash counts Tagging inventory with theft alarm tags 21. Common theft schemes Dipping into cash registers / funds Fake employees on payroll Extra pays to real employees Issuing phony refunds Issuing phony receivable credits 22. Common theft schemes Kickbacks Forging checks / check washing / creatingfake checks Lapping Check kiting 23. Common theft schemes Inventory and supply thefts Equipment thefts (computers andperipherals) Fictitious vendors 24. Cash controls Have bank statements sent to ownershouse to review first before they areopened at the office Implement segregation of incompatibleduties as much as you can Bond employees who handle cash 25. Cash controls Do background checks when hiring(not only a cash control area) Limit check signing authority Review supporting documents whensigning checks, then give to someoneother than the person who prepared themto mail 26. Cash controls Never pre-sign checks even if they needtwo signatures Check sequencing of pre-numberedchecks 27. Cash controls Avoid signature stamps or signingmachines if possible; implement controlsover stamp / machine key if you have touse them Control and deposit receipts daily 28. Cash controls Have independent reviews of payrolls forreasonableness Review accounts receivable charge offs Review credit card adjustments Review all adjustments to bankreconciliation 29. Cash controls Set check limits with bank to get a call re:any check over a certain dollar limitAny other ideas? 30. Some REAL LIFE stories Trusted employee forging checks andpaying her husbands business Bookkeeper steals from elderly and retirednuns Man gets out of jail for embezzlement andfriend hires him. He then steals from thefriend. 31. Some REAL LIFE stories Bookkeeper steals from company, getsfired but not prosecuted, goes to anothercompany and starts all over New CFO gets hired and writes paymentsto bank that look like payroll tax payments,but are really deposits into his ownaccount 32. Some REAL LIFE stories Company made all payroll tax payments,but still on the hook when payroll companysteals the tax money Employees take inventory and toss indumpster during day and come back andget it at night 33. Some REAL LIFE stories Petty cash limit is low but reimbursedfrequently and portion is due to theft of alot of small amounts Credit / debit card skimmers used to getI.D. off cards (gas stations, restaurants,etc.) 34. Some REAL LIFE stories Credit card switches your card forsomeone elses card RFID scanning without touching your card 35. Other considerations Consider internal audit if larger company;if smaller company, maybe hire someonepart time for limited testing Set up a finance committee Put an accountant on your board Have a board member review bankstatements 36. CAAT computer assisted audittechniques IDEA Active Data Excel ACL Many others 37. CAAT uses Search for duplicate addresses Search for breaks in sequences Search for duplicate vendors Stratify $ range of payments and sort by vendor Check invoice to shipping dates Benfords Law Any data extraction and comparison you canthink of 38. Questions?Ernie Paszkiewicz, CPAepaszkiewicz@gma-cpa.com410.685.5512www.gma-cpa.com