Fraud Update April 27, 2016 Duane Reyhl, Partner

Summary 2016 Report to the Nations Risk of Fraud Establishing the Right Culture Preventive Measures

2016 ACFE Report to the Nations The 2016 ACFE Report to the Nations on Occupational Fraud and Abuse provides an analysis of 2,410 cases of occupational fraud that occurred in 114 countries throughout the world.

Costs

Who and Why?

Of the cases involving a government victim, those that occurred at the federal level reported the highest median loss ($194,000), compared to state or provincial ($100,000) and local entities ($80,000).

Conflicts of interest - Purchasing schemes - Sales schemes Bribery - Invoice kickbacks - Bid rigging Illegal gratuities Economic extortion

Conflicts of interest - Purchasing schemes - Sales schemes Bribery - Invoice kickbacks - Bid rigging Illegal gratuities Economic extortion

Asset misappropriation was by far the most common form of occupational fraud, occurring in more than 83% of cases, but causing the smallest median loss of $125,000. Financial statement fraud was on the other end of the spectrum, occurring in less than 10% of cases but causing a median loss of $975,000. Corruption cases fell in the middle, with 35.4% of cases and a median loss of $200,000.

Type of Victim Organization

Type of Victim Organization

Type of Government Victim

Schemes

Scheme Comparison Blue = All Green = Government and Public Administration Pink = Services (Professional)

Overlap of Fraud Schemes

Detection Who sounds the alarm?

Fraud Duration The longer a fraud lasted, the greater the financial damage it caused. While the median duration of the frauds in our study was 18 months, the losses rose as the duration increased. At the extreme end, those schemes that lasted more than five years caused a median loss of $850,000.

Fraud Concealment Fraudulent or altered documents Fraudulent or altered transactions Destroyed or deleted records In 94.5% of the cases in our study, the perpetrator took some efforts to conceal the fraud. The most common concealment methods were creating and altering physical documents. Page 19 of RTTN Created Fraudulent Physical Documents Altered Physical Documents Altered Transactions in the Accounting System Created Fraudulent Transactions in the Accounting System Destroyed Physical Documents Altered Electronic Documents or Files Created Fraudulent Electronic Documents or Files Created Fraudulent Journal Entries Altered Account Balances in the Accounting System Altered Account Reconciliations Deleted Electronic Documents or Files Deleted Transactions in the Accounting System Altered Journal Entries Deleted Journal Entries Other No Concealment Method

The most common detection method in our study was tips (39 The most common detection method in our study was tips (39.1% of cases), but organizations that had reporting hotlines were much more likely to detect fraud through tips than organizations without hotlines (47.3% compared to 28.2%, respectively).

Source of Tips

Source of Tips

Whistleblower Stats Percentage of Tips Received by Methods Top to bottom: Telephone hotline (40%) Email (34%) Web-based/Online Form (24%) Mailed Letter/Form (17%) Other (10%) Fax (2%)

Whistleblower E-methods Percentage of Tips Received by Methods Top to bottom: Telephone hotline (40%) Email (34%) Web-based/Online Form (24%) Mailed Letter/Form (17%) Other (10%) Fax (2%)

Whistleblower Recipient Percentage of Tips Received by Methods Top to bottom: Telephone hotline (40%) Email (34%) Web-based/Online Form (24%) Mailed Letter/Form (17%) Other (10%) Fax (2%)

Control

Control Weakness Contributors

Internal Control Weaknesses

Effective Controls

Prevention

Weigh Risks COSO - Risk Assessment – Principle 8 – The organization considers the potential for fraud in assessing risks to the achievement of objectives. Points of Focus The following points of focus highlight important characteristics relating to this principle: Considers Various Types of Fraud-The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various ways that fraud and misconduct can occur. Assesses Incentive and Pressures-The assessment of fraud risk considers incentives and pressures. Assesses Opportunities-The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity's reporting records, or committing other inappropriate acts. Assesses Attitudes and Rationalizations-The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions.

Internal Control Control Environment - Principle 1 - The organization demonstrates a commitment to integrity and ethical values. Risk Assessment – Principle 8 – The organization considers the potential for fraud in assessing risks to the achievement of objectives. Control Activities – Principle 10 - The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Information and Communication – Principle 13 – The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.

Internal Control – Fraud Risk COSO - Risk Assessment – Principle 8 – The organization considers the potential for fraud in assessing risks to the achievement of objectives. Principle 8 has 4 points of focus that highlight important characteristics of how an organization adopts this principle: Considers Various Types of Fraud-The assessment of fraud considers fraudulent reporting, possible loss of assets, and corruption resulting from the various ways that fraud and misconduct can occur. Assesses Incentive and Pressures-The assessment of fraud risk considers incentives and pressures. Assesses Opportunities-The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity's reporting records, or committing other inappropriate acts. Assesses Attitudes and Rationalizations-The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions.

Internal Control – Culture Control Environment - Principle 1 - The organization demonstrates a commitment to integrity and ethical values. Risk Assessment – Principle 8 – The organization considers the potential for fraud in assessing risks to the achievement of objectives. Control Activities – Principle 10 - The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Information and Communication – Principle 13 – The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.

Internal Control – Detection Control Environment - Principle 1 - The organization demonstrates a commitment to integrity and ethical values. Risk Assessment – Principle 8 – The organization considers the potential for fraud in assessing risks to the achievement of objectives. Control Activities – Principle 10 - The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. Information and Communication – Principle 13 – The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.

COSO – Control Environment 5 Principles Principle 1 - The organization demonstrates a commitment to integrity and ethical values. 4 points of focus The next slide shows the 4 points of focus: Tone at the top Establish standards of conduct Evaluate adherence Address deviations

Commitment to Integrity / Ethics Tone at the top Establish standards of conduct Evaluate adherence Address deviations COSO Principle 1 – the 4 points of focus One element of a code of conduct might be an anti-fraud policy

Risk Considerations What can happen? What is the potential loss? Likelihood of occurrence? How do you mitigate?

Risk Mitigation Noncontrollable Controllable Internal control Insurance Acceptance

Anti-Fraud Controls - Frequency

Anti-Fraud Controls – Govt

Hotline Effect Hotline challenges: Cost Trust Reliability Vetting Feedback

Resources

Fraud-Related Information 2016 Report to the Nations www.acfe.com GFOA Best Practices www.gfoa.org The Accounting Procedures Manual for Local Units of Government in Michigan references the Federal Green Book, COSO, and GFOA Best Practices

Questions and Discussion