Dialing in on Fraud: Eliminating its Impact on the Bottom Line Presented By: Adam Hennen

The Global Impact of Fraud In 2010, the Association of Certified Fraud Examiners compiled a study of 1,843 fraud cases. It was estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2010 Gross World Product, this figure translates to a potential total fraud loss of more than $3.15 trillion ($733 billion dollars in the U.S. alone). The frauds lasted a median of 18 months before being detected.

Fraud in Telecommunications? Based on average operating revenues of telephone companies in 2010, the effect of fraud could result in the following losses:

Fraud in Telecommunications?...REALLY? Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Who’s Responsible? Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Occupational Frauds by Category (U.S. only) — Frequency4 How Did it Happen? Occupational Frauds by Category (U.S. only) — Frequency4 4The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category. Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

How Did it Happen? (Cont.) Occupational Frauds by Category (U.S. only) — Median Loss Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.

How Did it Happen? (Cont.) Schemes Committed by Perpetrators in the Accounting Department — 367 Cases23 23The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category. Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.

How Did it Happen? (Cont.) Schemes Committed by Perpetrators in the Purchasing Department — 103 Cases28 28The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category. Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.

How Did They Do it? Schemes Committed by Perpetrators in the Primary Operations of the Victim Organization— 299 Cases1 1The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category. Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.

Our Accountants Did What? CHECK TAMPERING: Any fraud scheme in which a person steals his employer’s funds by intercepting, forging or altering a check drawn on one of the organization’s bank accounts. EXAMPLE: Thomas Bell, a fiscal officer of “Let it Ring Phone Company”, had access to company checks but was not authorized to sign them. Tom’s company used an automated check signer (a.k.a. – a signature stamp), which was guarded by a custodian. Tom took some blank checks and made them payable to himself, then snuck into the custodian’s office and signed them with the check signer.

Check Tampering How many companies keep their signature stamp in a locked drawer. Does the accountant who prints checks have access to that drawer? Is the accountant who prints checks the custodian of the signature stamp?

Shifting Responsibilities Banks responsibility for check fraud: Under UCC Regulations, changes were made to articles 3 and 4, which shifted liability for check fraud back to the companies that wrote the checks in question. The bank’s obligation to provide “ordinary care” may not include signature verification.

Our Purchasing Department Did What? BILLING SCHEMES: Any scheme in which a person causes his employer to issue a payment by submitting invoices for fictitious goods or services, inflated invoices or invoices for personal purchases. EXAMPLE: Jon Bell (Tom’s Brother) is in charge of purchasing on behalf of “Let it Ring Phone Company”. Instead of buying merchandise directly from a vendor, Jon sets up a shell company and purchases the merchandise through that fictitious entity. He then resells the merchandise to his employer from the shell company at an inflated price, thereby making an unauthorized profit on the transaction.

Billing Segregation Purchase requisitions should be reviewed and approved by someone other than the employee initiating the request. Purchase orders should only be generated by employees in the purchasing department. These employees should not have access to generate or authorize purchase requests or receive goods. Vendor invoice approval should be restricted to the employee who initiated and authorized the purchase request or a person independent of the purchasing function. A report of all Pos issued to vendors should be reviewed by a supervisory-level employee not involved in initiating purchase orders with vendors.

Fraud by Credit Card James, the chief of a small fire district in the state of Washington, obtained an unauthorized credit card in the district’s name. He circumvented the district’s internal controls by intercepting the mail, removing the monthly credit card statement and making personal payments on the account to conceal the unauthorized purchases. The chief made personal charges in excess of $7,700, and was finally detected after retiring for personal reasons and the signatories were changed on all the bank accounts. The chief reimbursed the district for the personal charges and was not charged criminally.

Fraud by Credit Card (Cont.) To better prevent fraud by credit card, organizations should: Establish written policies and procedures for credit card use and train employees to ensure they use the cards only for official business. Always obtain purchase receipts from employees and never pay bills using only the monthly credit card statements. Properly train employees on the authorization and approval procedures for all disbursements. Appropriately segregate employee duties and periodically monitor the work of key employees to ensure its expectations are being met.

WE SUSPECT FRAUD…NOW WHAT? Perform an internal investigation. Make inquiries. Observe “Red Flag” activity. Hire a professional investigation (CFE, CPA, Lawyer, etc..)

Profile of a Fraudster Living the fraud life. According to the 2010 Report to the Nations, there are several behaviors that serve as red flags displayed by perpetrators. The two most common traits are a tendency to live beyond one’s means, and a struggle with financial difficulties. More than a third of those identified displayed at least one of the aforementioned behaviors, and about 20 percent had either a “wheeler-dealer attitude,” control issues (unwillingness to share duties), or personal problems, such as a divorce. Other red flags might include irritability or defensiveness, addiction problems, past legal problems, refusal to take vacation and complaining about inadequate pay.

Behavioral Red Flags of Perpetrators29 Red Flags of Fraud Behavioral Red Flags of Perpetrators29 29The sum of percentages in this chart exceeds 100% because in many cases perpetrators displayed more than one behavioral red flag. Data from the 2010 ACFR Report to the Nations on Occupational Fraud and Abuse.

Making Inquiries Suspects and witnesses often reveal more than they intend through their choices of words. Start by asking the question. Look for deviations that might suggest a person may be withholding, altering, or fabricating information.

10 Tell-Tale Signs of Deception Lack of Self-Reference Euphemisms Verb Tense Alluding to Actions Answering Questions with Questions Lack of Detail Narrative Balance Equivocation Mean Length of Utterance Oaths

Lack of Self Reference Truthful people make frequent use of the pronoun “I” to describe their actions: EXAMPLE: “I arrived home at 6:30. The phone was ringing as I unlocked the front door, so I walked straight to the kitchen to answer it. I talked to my mother for 10 minutes before noticing that my TV and computer were missing from the living room.”

Lack of Self Reference (Cont.) Deceptive people often use language that minimizes references to themselves, usually by describing events in the passive voice. EXAMPLES: “The safe was left unlocked” rather than “I left the safe unlocked.” or “The shipment was authorized” rather than “I authorized the shipment”.

Answering Questions with Questions Even liars prefer not to lie. Outright lies carry the risk of detection. Before answering a question with a lie, a deceptive person will usually try to avoid answering the question at all. A common method of dodging questions is to respond with a question of one’s own.

Answering Questions with Questions (Cont.) EXAMPLES: “Why would I steal from the company?” “Do I seem like the kind of person who would do something like that?” “Don’t you think somebody would have to be pretty stupid to remove cash from their own register drawer?”

Oaths Although deceptive people attempt to give as little useful information as possible, they try very hard to convince others that what they say is true. They do this by using oaths to try to make their statements sound more convincing. Deceptive people are more likely than truthful people to use statements such as: “I swear”, “on my honor,” “as God is my witness,” “cross my heart.” Truthful people are more confident that the facts will prove their statements and feel less need to back their statements with oaths.

Lack of Detail Truthful statements usually contain specific details, some of which may not even be relevant to the question asked. This happens because truthful subjects are retrieving events from long-term memory, and our memories store dozens of facts about each experience (the new shoes we were wearing, the song that was playing in the background, the woman at the next table, etc.). At least some of these details will show up in a truthful subject’s statement.

Lack of Detail (Cont.) Those who fabricate a story, however, tend to keep their statements simple and brief. Deceptive people will want to minimize the risk that an investigation will discover evidence that could contradict their story. (i.e., the fewer facts proven false, the better.)

Additional Investigation The endorsement on this check was made by a blind woman. The signature was forged…how do we know?

Additional Investigation (Cont.)

Fraud is Found…Now What? Do you know the extent of the losses? Can you get it back? Have you already been made whole? Do you intend to prosecute? Discuss the situation with legal counsel or a CPA/CFE.

Fraud Prevention Small organizations are disproportionately victimized by occupational fraud. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud. As part of the 2010 study of fraud cases, the examiners compared the presence of anti-fraud controls at companies with fewer than 100 employees to the controls at companies with more than 100 employees. Study results reveal that smaller companies have fewer fraud preventative controls in place than the larger companies.

Fraud Prevention (Cont.) Frequency of Anti-Fraud Controls by Size of Victim Organization Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.

Detection of Fraud Schemes Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Detection of Fraud Schemes (Cont.) Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Fraud Prevention While tips have consistently been the most common way to detect fraud, the impact of tips is, if anything, understated by the fact that so many organizations fail to implement fraud reporting systems (a.k.a Hotlines). Such systems enable employees to anonymously report fraud or misconduct by phone or through a web-based portal.

Fraud Prevention (Cont.) Formal codes of conduct and anti-fraud policies cost very little to implement, but serve as an effective way to make a clear and explicit statement against fraudulent and unethical conduct within an organization. Hotlines are consistently the most effective fraud detection method and would go a long way in helping small-business owners protect their assets from dishonest employees. The median loss for frauds at companies with hotlines was 59% smaller than the median loss for frauds at organizations without such a mechanism.

Fraud Prevention (Cont.) 17KEY: External Audit of F/S = Independent external audits of the organization’s financial statements Internal Audit / FE Department = Internal audit department or fraud examination department External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting Management Certification of F/S = Management certification of the organization’s financial statements Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse.

Fraud Prevention (Cont.) How Important is Segregation of Duties? In nearly two – thirds of the fraud schemes covered by the ACFE’s 2010 report to the nations, the person committing the fraud acted alone. However, when collusion of two or more employees existed in a fraud case, the damages were much more costly.

Fraud Prevention (Cont.) Primary Internal Control Weakness Observed by CFEs Data from the 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Creating the Perception of Detection The best way to prevent fraud is by creating a perception of detection. Generally speaking, occupational fraud perpetrators only commit fraud if they believe they will not be caught. The threat of surprise audits increases employees’ perception that fraud will be detected and thus has a strong deterrent effect on potential fraudsters. Surprise audits, fraud policies, hotlines, etc…are only effective if people KNOW THEY EXIST!

Creating the Perception of Detection (Cont.)

Creating the Perception of Detection (Cont.)

THANK YOU! Adam J. Hennen, CPA, CFE Olsen Thielen, CPAs ahennen@otcpas.com 651-483-4521 (main office) 651-621-8523 (direct)