Fraud Risk Responsibilities Deterrence Detection and Prevention Presented by Ryan Schnobrich, Internal Auditor A considerable amount of information in this presentation was provided by: The Association of Certified Fraud Examiners, 2016 Report to the Nations on Occupational Fraud and Abuse.

What are the primary types of fraud? What motivates people to commit fraud? What are our fraud-related responsibilities? How can we deter people from committing fraud? How can we detect and prevent fraud?

Primary Types of Fraud (Internal Schemes – 80%) Misappropriation (88%) 1.Payment diversion (skimming, lapping, larceny) 2.Physical objects (theft) 3.Fraudulent disbursement 4.Fraudulent reimbursement 5.Fraudulent time-keeping Fraudulent Statements (10.2%) 1.Financial 2.Non-Financial Corruption (13.8%) 1.Conflict of interest 2.Bribery 3.Illegal gratuities 4.Extortion 5.Kickbacks 6.Bid rigging 7.Split purchases 8.Unnecessary purchases 3

What motivates people to commit fraud? 5 Opportunity PressureOpportunityRationalization personal financial problemweak internal controls “I’ll return it.” “I can’t share my problems.” “They’ll never miss such a small amount.” vices or desired statustrusted employee“I’m not appropriately compensated.” The Fraud Triangle Pressure Rationalization By reducing opportunity, greater pressure and rationalization is needed to commit fraud.

The Typical Fraudster: is years of age and has a college degree (60.5%); has been a coworker for five years or less; has never been punished/terminated (82.5%) and is a first-time offender (88.3%); is living beyond their means (45.8%) or having financial difficulties (30%) ; not as likely to exhibit other signs of misconduct (60%); was able to commit fraud due to lack of or override of internal controls; misused University property/funds/services for means other than their original intent, for the benefit of those outside of the University or its mission, or especially for personal benefit. was detected by a coworker and a tip (39%) was provided to the fraud hotline (+8%); and got away with an average $80,000 (regional government entity).

What are our fraud-related responsibilities? SOU has an internal management directive that requires you to report known and suspected fraud, waste and abuse. Let management, the Internal Auditor or EthicsPoint know! Employees who identify themselves and make a good faith report of suspected fraud, waste, or abuse (“whistleblowers”) are protected from retaliation, in accordance with ORS 659A.199. SOU will maintain confidentiality for employees reporting suspected irregularities, misconduct, safety issues, or other concerns to the extent possible under the law. What not to do when you suspect fraud: 1.Fail to act; 2.Make accusations; 3.Do your own investigation; 4.Jeopardize insurance coverage; 5.Rely on external auditors;

How can we deter people from committing fraud (address rationalization & reduce opportunity)? Perform risk-mitigating hiring practices such as: 1.Background checks 2.Reference checks 3.Thorough interviews Promote a culture that encourages ethical conduct and compliance with policies and procedures. 1.Mission statement 2.Code of conduct 3.Management sets the example Minimize opportunity with documented internal controls. 1.Detective internal controls 2.Transparency 3.Checks and balances 4.Segregation and rotation of duties Regularly review internal controls, perform risk assessments and discover fraud. Have adverse consequences such as fraud = dismissal + reporting to authorities.

How can we detect fraud (identify & stop existing fraud)? 9 Active supervision by managers: 1.Review and confirm that reconciliations and supporting documentation match transactions. 2.Double-check work, i.e. “Inspect what you expect.” 3.Re-perform work and confirm that you get the same results. 4.“Follow the money.” 5.Have everyone take at least a one week-long vacation per year and have others cover their duties. 6.Use data analytics to look for anomalous activity worthy of closer scrutiny. Have a watchful eye: 1.Notice frequent and/or suspicious discrepancies/irregularities. 2.Listen to your gut instincts such as that warm feeling you may get when you sense something is not right. 3.Support documentation is commonly manipulated to conceal fraud. 4.Do not enable bypassing or overriding of internal controls such as “rush requests”. 5.Gifts, entertainment, meals and travel are common sources of misappropriation. Listen to stakeholder complaints and investigate for root cause issues.

Detection of Fraud

How do we prevent fraud (reduce pressure/address temptation)? Foster a positive work environment combined with accountability and constructive performance feedback. Encourage awareness of the employee assistance program. Lock doors, drawers and cabinets. On your screensaver settings, set a wait time for 10 minutes. Never share passwords. Watch those purchase cards. Look for fraud and report it when you see it. Encourage attendance of fraud awareness training. Invite audits – both surprise and scheduled. Support fraud investigation & prosecution.

Ryan Schnobrich, Internal Auditor x28297 Churchill 149 inside.sou.edu/ia Fraud Reporting by EthicsPoint Toll-Free Hotline: Website: sou.ethicspoint.com In addition to fraud, you can report academic affairs, athletics, human resources, information technology, medical, research and risk & safety matters through EthicsPoint.