RYAN SCHNOBRICH, C.P.A., C.I.A. IRREGULARITIES BY RYAN SCHNOBRICH, C.P.A., C.I.A. INTERNAL AUDITOR x28297 schnobrir@sou.edu inside.sou.edu/ia

Irregularities can be financial or non-financial. Irregularities may be as simple as errors or as complex as fraud. Irregularities are something that appears unusual simply not the way you expect it to be.

Sometimes irregularities jump out at you, sometimes you trip over them, but generally, you have to be aware of what they are and l k for them if you want to see them. Irregularities are generally internal to our operations, or someone external to SOU trying to manipulate us internally to their benefit.

Non-Financial Irregularities: Misstatements Omissions Favoritism Nepotism Navigating Policies or Procedures False Information to Gain Employment Using SOU Relationships for Personal Gain Socially Engineering Access to Restricted Information or Physical Spaces

Intentional Misstatements: Purposefully Poor Accounting Estimations Inaccurate Time Keeping False Reimbursements Inappropriate Disbursement Misleading Results Conflict of Interest Omissions cause you to arrive at a different decision/conclusion.

FAD.001 - Financial Irregularities “Irregularities are intentional misstatements or omissions of information related to financial transactions that are detrimental to the interests of the university. This may include violations of laws, rules, policies or procedures.”

Environmental Risk Factors: Lack of transparency; Exploitation of power differences; Insufficient or ineffective supervisory or internal control functions; Lack of training, communication, resources or expertise; Inadequate consequences; and Unwillingness to get involved.

Exposures to Irregularities that may lead to fraud: Internal control failures Procedures that are ineffective, not documented, trained on, or irregularly followed Bypassing Management override Policy violations

Detect irregularities: Be focused, look, listen and use professional skepticism Guidelines and process documentation that clearly communicate what control activities are expected; supported by regular training. Healthy communication Internal Audit External Audit

Look for discrepancies that look like what may potentially be misappropriation or corruption: embezzlement forgery Fabrication, falsification or false representation lapping skimming theft 

Signs of collusion that may be: Conflict of interest Bribery Improper Discounts Extortion Kickbacks Bid Rigging Split Purchasing 

Deter irregularities: Be focused, look, listen and use professional skepticism Risk assessment Vulnerability analysis Healthy communication Training An ethical tone at the top A personal commitment to ethics Whistleblower protection Process evaluation Automation/digital processing Response plans

Internal controls that prevent irregularities: Inspection Re-performance Reconciliations Approval process Check & balances Segregation of duties with clear roles and responsibilities Management oversight Data analytics Mandatory colleague-covered absences Physical or technical security

Prevent External Intrusion: Phishing blanket emails malware impersonation spear-phishing whale-phishing Social Engineering Manipulation of Support Documentation

Designated Administrator: Greg Perkinson, VP Finance & Administration perkinsog@sou.edu x26319 (Susan) Unit Administrators: Steve Larvick, Director of Business Services larvick@sou.edu x26594 Brian Kinsey, Director of Service Center kinseyb@sou.edu x26413 sou.ethicspoint.com 1-855-375-6776