Category Archives for "Fraud"

Fraud Prevention for Small Governments
Feb 06

Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

Fraud Prevention for Small Governments

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

  • Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
  • Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
  • Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
  • Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
  • Provide monthly budget to actual reports to mayor and council
  • Provide monthly overtime summaries to mayor and council
  • Do not allow Dale to sign checks
  • Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
  • Require Mayor Chester and Dale to authorize any wire transfers
  • Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
  • Don’t provide Dale with a credit card
  • If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
  • Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

  • Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
  • Have an outside CPA or CFE map your internal control system and make system-design recommendations
  • Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
  • Install a security camera to record all of Dale’s collection and receipting activity
  • Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

Statement on Standards for Forensic Services No. 1
Jan 14

Statement on Standards for Forensic Services No. 1: An Exposure Draft

By Charles Hall | Fraud

The AICPA has issued an exposure draft titled Statement of Standards for Forensic Services No. 1 (SSFS 1), Forensic Services: Definitions and Standards. If approved, the standard will be effective for new engagements accepted on or after May 1, 2019. 

Statement on Standards for Forensic Services No. 1

Who Created SSFS 1?

Why SSFS 1?

The purpose of the standard is to improve the consistency and quality of forensic services provided by CPAs. 

It appears the AICPA is being responsive to a growing demand for forensic services. A report created by IBISWorld (a market research firm) showed that employment in forensic accounting grew at an annualized rate of 18% from 2012 to 2017.  

Services Covered by SSFS 1

Prohibitions

SSFS 1 includes two prohibitions:

  • A legal opinion can not be provided regarding the occurrence of fraud, and
  • Forensic services can't be provided on a contingent fee basis

Why can't a member provide a legal opinion regarding fraud? The final determination of whether fraud exists is determined by the "trier-of-fact," according to paragraph .08 of the standard. 

Applicability

The standard would apply to all AICPA members, AICPA members firms, and employees of AICPA member firms.

Paragraph .03 of the standard states "the key consideration of this Statement's applicability is the purpose  (e.g., Litigation or Investigation) for which the member was engaged." The applicability is not based on a particular service provided such as data analysis. But if data analysis, for example, is performed in relation to litigation or investigative services, then the statement would apply.

Understanding with Client

The understanding with the client regarding the nature, scope, and limitations of the services can be written or oral

white collar crime
Sep 04

How to Prevent White-Collar Crime

By Charles Hall | Fraud

Chances are, theft is occurring in your business as you read this–or at least within the last thirty days. Those you trust may be taking you for a ride. That’s usually how fraud occurs. Therefore, you need to know how to prevent white-collar crime. Below I provide you with plenty of free understandable resources to help you stop fraud. Take a look. 

prevent white-collar crime

White Collar Crime Happens!

For most organizations, it’s not a matter of if fraud will occur, it’s a question of how much will be taken. The Association of Certified Fraud Examiners’ biennial survey shows that the average business loses 5% of its revenues to fraud. Imagine adding that amount to your bottom line, because when theft occurs, your net income is reduced by the amount taken.

Learn About Fraud Prevention

Subscribe to get our latest weekly newsletter by email.

Powered by ConvertKit

No One Steals from My Business

Most business owners, board members, governments, and nonprofits think “fraud may happen in other organizations, but not in our place. Our people are honest.” Well, let me say I’ve seen plenty of “honest” people steal.

In almost every fraud I’ve seen, the business owners and fellow employees are greatly surprised by the theft–usually by a trusted employee

And these trusted people steal because they can. You may be thinking, “What?” Let me repeat, the reason people steal is because they can. In fraud prevention parlance, we call it “opportunity.”

Fraud Cycle

And, how do trusted employees steal? Here’s the typical cycle:

  • We hire a likable, trustworthy person
  • The employee serves the organization well
  • He moves to higher positions (where he has greater opportunity to steal)
  • No one monitors the employee because he is honest–or at least, he appears that way
  • The employee believes he can steal without detection
  • Small amounts of money are taken to test the water
  • Larger amounts are taken when he is sure no one is watching

So, the employee goes from trusted employee to fraudster. The transformation occurs gradually. Then when the discovery of fraud occurs, everyone is shocked.

Examples of People Who Steal

And what kinds of trusted people steal?

I have seen the following individuals take money:

  • Chief executive officer
  • Board member
  • Pastor
  • Church secretary
  • Healthcare executive
  • A lady who was dying
  • Doctor
  • College president
  • Swim club volunteer
  • Seminary Foundation employee
  • School principal

I could go on, but you get my point. People who we think would never steal, do.

So, how can we prevent–or at least lessen–the threat of fraud? Transparency is a key.

Transparency Lessens Fraud

If transparency is important, why don’t businesses create it?

Small businesses often lack the ability to segregate accounting duties, and this lack of segregation creates opportunities for theft. Why? One employee controls several critical accounting processes, resulting in the ability to steal without detection.

To lessen the possibility of fraud, we must create transparency in accounting processes. Employees are less likely to steal when their actions are visible to others. That’s why segregation of duties is necessary–more eyes see the accounting activity, making it more difficult for theft to occur without detection. Even if an organization has few employees, it’s possible to create transparency and lessen the threat of theft. 

How CPA Hall Talk Helps

CPA Hall Talk is designed to provide you with fraud prevention information.

While I can’t visit everyone that needs fraud prevention assistance, I can provide (free) information about how theft occurs and how you can lessen the threat of fraud.

Here are some of my fraud prevention posts (each with a clickable link):

I hope you find these articles helpful in fighting fraud in your organization. 

Finally, I hope you’ll join us here at CPA Hall Talk for more information about fraud prevention, accounting, and auditing. See the subscription box below.

The Auditor's Responsibility for Fraud
Jul 30

The Auditor’s Responsibility for Fraud: The Why and How

By Charles Hall | Auditing , Fraud

What is an auditor’s responsibility for fraud in a financial statement audit? Today, I’ll answer that question. Let’s take a look at the following:

  • Auditor’s responsibility for fraud
  • Turning a blind eye to fraud
  • Signs of auditor disregard for fraud
  • Incentives for fraud
  • Discovering fraud opportunities
  • Inquiries required by audit standards
  • The accounting story and big bad wolves
  • Documenting control weaknesses
  • Brainstorming and planning your response to fraud risk 

The Auditor's Responsibility for Fraud

Auditor’s Responsibility for Fraud

I still hear auditors say, “We are not responsible for fraud.” But are we not? We know that the detection of material misstatements—whether caused by error or fraud—is the heart and soul of an audit. So writing off our responsibility for fraud is not an option. But auditors often turn a blind eye to it.

Turning a Blind Eye to Fraud

Why do auditors not perceive fraud risks? 

Here are a few reasons:

  • We don’t understand fraud, so we avoid it
  • We don’t know how to look for control weaknesses
  • We believe that auditing the balance sheet is enough

Think of these reasons as an attitudea poor one—regarding fraud. This disposition manifests itself—in the audit file—with signs of disregard for fraud.

Signs of Auditor Disregard for Fraud

A disregard for fraud appears in the following ways:

  • Asking just one or two questions about fraud
  • Limiting our inquiries to as few people as possible (maybe even just one)
  • Discounting the potential effects of fraud (after known theft occurs)
  • Not performing walkthroughs
  • We don’t conduct brainstorming sessions and window-dress related documentation
  • Our files reflect no responses to brainstorming and risk assessment procedures
  • Our files contain vague responses to the brainstorming and risk assessment (e.g., “no means for fraud to occur; see standard audit program” or “company employees are ethical; extended procedures are not needed”)
  • The audit program doesn’t change though control weaknesses are noted

In effect, auditors—at least some—dismiss the possibility of fraud, relying on a balance sheet approach.

So how can we understand fraud risks and respond to them? First, let’s look at fraud incentives.

Incentives for Fraud

The reasons for theft vary by each organization, depending on the dynamics of the business and people who work there. Fraudsters can enrich themselves indirectly (by cooking the books) or directly (by stealing).

Fraud comes in two flavors:

  1. Cooking the books (intentionally altering numbers)
  2. Theft

Two forms of fraud: Auditor's Responsibility for Fraud

Cooking the Books

Start your fraud risk assessment process by asking, “Are there any incentives to manipulate the financial statement numbers.” For example, does the company provide bonuses or promote employees based on profit or other metrics? If yes, an employee can indirectly steal by playing with the numbers. Think about it. The chief financial officer can inflate profits with just one journal entry—not hard to do. While false financial statements is a threat, the more common fraud is theft.

Theft

If employees don’t receive compensation for reaching specific financial targets, they may enrich themselves directly through theft. But employees can only steal if the opportunity is present. And where does opportunity come from? Weak internal controls. So, it’s imperative that auditors understand the accounting system and—more importantly—related controls. 

Discovering Fraud Opportunities

My go-to procedure in gaining an understanding of the accounting system and controls is walkthroughs.  Since accounting systems are varied, and there are no “forms” (practice aids) that capture all processes, walkthroughs can be challenging. So, we may have to “roll up our sleeves,” and “get in the trenches”—but the level of the challenge depends on the complexity of the business.

For most small businesses, performing a walkthrough is not that hard. Pick a transaction cycle; start at the beginning and follow the transaction to the end. Ask questions and note who does what. Inspect the related documents. As you do, ask yourself two questions:

  1. What can go wrong?
  2. Will existing control weakness allow material misstatements?

In more complex companies, break the transaction cycle into pieces. You know the old question, “How do you eat an elephant?” And the answer, “One bite at a time.” So, the process for understanding a smaller company works for a larger one. You just have to break it down—and allow more time.

Discovering fraud opportunities requires the use of risk assessment procedures such as observations of controls, inspections of documents and inquiries. Of the three, the more commonly used is inquiries.

Inquiries Required by Audit Standards

Audit Standards (AU-C 240) state that we should inquire of management regarding:

  • Management’s assessment of the risk that the financial statements may be materially misstated due to fraud, including the nature, extent, and frequency of such assessments
  • Management’s process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist
  • Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity
  • Management’s communication, if any, to employees regarding its views on business practices and ethical behavior
  • The auditor should make inquiries of management, and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected, or alleged fraud affecting the entity
  • For those entities that have an internal audit function, the auditor should make inquiries of appropriate individuals within the internal audit function to obtain their views about the risks of fraud; determine whether they have knowledge of any actual, suspected, or alleged fraud affecting the entity; whether they have performed any procedures to identify or detect fraud during the year; and whether management has satisfactorily responded to any findings resulting from these procedures

Notice that AU-C 240 requires the auditor to ask management about its procedures for identifying and responding to the risk of fraud. If management has no method of detecting fraud, might this be an indicator of a control weakness? Yes. What are the roles of management and auditors regarding fraud?

  • Management develops control systems to lessen the risk of fraud. 
  • Auditors review the accounting system to see if fraud-prevention procedures are designed and operating appropriately.

So, the company creates the accounting system, and the auditor gains an understanding of the same. As auditors gain an understanding of the accounting system and controls, we are putting together the pieces of a story.

The Accounting Story and Big Bad Wolves

Think of the accounting system as a story. Our job is to understand the narrative of that story. As we (attempt to) describe the accounting system, we may find missing pieces. When we do, we’ll go back and ask more questions to make the story complete.

The purpose of writing the storyline is to identify any “big, bad wolves.”

The Auditor's Responsibility for Fraud - The Big Bad Wolves

The threats in our childhood stories were easy to recognize—the wolves were hard to miss. Not so in the walkthroughs. It is only in connecting the dots—the workflow and controls—that the wolves materialize. So, how long is the story? That depends on the size of the organization.

Scale your documentation. If the transaction cycle is simple, the documentation should be simple. If the cycle is complex, provide more details. By focusing on control weaknesses that allow material misstatements, you’ll avoid unneeded—and distracting—details.

Documenting Control Weaknesses

I summarize the internal control strengths and weaknesses within the description of the system and controls and highlight the wording “Control weakness.” For example:

Control weakness: The accounts payable clerk (Judy Jones) can add new vendors and can print checks with digital signatures. If effect, she can create a new vendor and have a check sent to that provider without anyone else’s involvement.

Highlighting weaknesses makes them more prominent. Then I can use the identified fraud opportunities to brainstorm about how theft might occur and to develop my responses to the threats.

Brainstorming and Planning Your Responses 

Now, you are ready to brainstorm about how fraud might occur and to plan your audit responses.

The risk assessment procedures—discussed above and in my prior postprovide the fodder for the brainstorming session. 

Armed with knowledge about the company, the industry, fraud incentives, and the control weaknesses, we are ready to be creative. 

In what way are we to be creative? We think like a thief. By thinking like a fraudster, we unearth ways that stealing might occur. And why? So we can audit those possibilities. And this is the reason for the fraud risk assessment procedures in the first place.

What we discover in the risk assessment stage informs the audit plan—in other words, it has bearing upon the audit programs.

The Auditor’s Responsibility for Fraud

In conclusion, I started this post saying I’d answer the question, “What is an auditor’s responsibility for fraud?” Hopefully, you now have a better understanding of the fraud-related procedures we are to perform. But to understand the purpose of these procedures, look at the language in a standard audit opinion:

The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. Accordingly, we express no such opinion.

The purpose of fraud risk assessments is not to opine on internal control systems or to discover every fraud. It is to assist the auditor in determining where material misstatements—due to fraud—might occur.

The What and Why of Auditing: A Blog Series About Basics

Have you been following my series of posts: The What and Why of Auditing? If not, you may want to review the prior posts:

Also subscribe (below) to my blog to receive future installments in this series (we have several more coming). This series is a great way for seasoned auditors to refresh their overall audit knowledge and for new auditors to gain a better understanding of the audit process. 

Steal Like a Boss
Jun 18

Steal Like a Boss (and Feel Good About It)

By Charles Hall | Fraud

Can you steal like a boss? White collar crime takes special skills and thoughts. Do you have what it takes? Here’s my tongue-in-cheek look at how I would steal.

Steal Like a Boss

 

Six Steps to Steal Like a Boss

To steal, I need to:

  1. Be Believable
  2. Have a Cause
  3. Calm My Conscience
  4. Develop My Plan
  5. Execute My Plan
  6. If Caught, Settle Out of Court

1. Be Believable

Look trustworthy. The more age, experience, and education I have, the better. The longer I work for the organization, the more I am trusted.

And while I’m at it, I’ll do what I can to move to positions of higher authority which will provide me with greater opportunities. Being in authority enables me to steal like a boss.

If possible, I will gain the ability to authorize or initiate purchases. Kickbacks (paid to those who authorize payments) are difficult to detect, even by professional fraud examiners, and the dollars can be significant. Like taking candy from a baby.

But before I steal, I need motivation. 

2. Have a Cause

Any financial pressure will do–a gambling or drug habit, an affair, medical bills, or maybe I just want to appear more successful than I am. If I don’t have a need, I will create one. I am my own cause.

My unshareable need (cause) must not be known by others lest they suspect my need for cash. 

One problem I must take care of before I steal is my conscience.

3. Calm My Conscience

I hate when that little voice starts talking: “Charles, you can’t do this. You’ll embarrass your wife.” It takes skill and fortitude, but I must calm my conscience. All the more reason to have a cause (see point 2.). The nobler I can make my reasons, the better. Something like, “I’ve earned this. The company should realize my greatness and provide me with appropriate compensation. I have three kids in college, and they need my support. You know I want to be a good provider for my family.”

I may need to start stealing borrowing or compensating myself in small amounts and then build up. Such wise reasoning will make it easier to calm my conscience.

Thinking correctly is important. When that little voice speaks, I will rephrase the words. I know I can. After all, I’ve done so for years.

Now I need to develop a plan.

4. Develop My Plan

I will pay attention to control weaknesses.

Our auditors have told us for years that we lack appropriate segregation of duties in regard to purchasing. Opportunity awaits.

If I am going to steal be compensated appropriately, I need to make it worth my while. Be bold. Think big. I have noticed that one of our key vendors has been very kind to me, a free week-long trip to Vegas for the last three years.

A key contract renewal is coming up. The vendor should be more generous to me. Besides, last year the CFO received a nicer trip than I did (two weeks in Austria). And bribes gifts don’t hurt anyone; the vendor pays for them (though I have noticed the vendor’s pricing seems to be increasing…actually, exploding).

It’s game time. I need to “just do it.” But how?

5. Execute My Plan

Take I must compensate myself in a steady under-the-radar kind of way. Most folks get greedy. I must be diligent to work in a measured way, not taking receiving noticeable amounts. Greed is my enemy. Excess might land me on the front page of the paper.

Also, I think I can steal borrow money from the receipts cycle since I am in charge of daily deposits and all related accounting duties. This might cost me my vacation though. I need to be on the job to continue to hide perform my duties. But if the funds taken compensation is enough, it might be worth it.

But what if my actions become known to others?

6. If I Get Caught, Settle Out of Court

If I am discovered someone notices that I have borrowed funds, then I may have to beg for forgiveness and promise to pay it back. And, of course, I need to make sure the company understands my concern for its reputation. News like this does not support the company’s mission statement: Honesty and Compassion for Those We Serve.

I don’t need a criminal record, especially if I need to steal borrow funds from my next employer. It is comforting to know that in many cases companies don’t prosecute for fear of public embarrassment. 

More Fraud Information

You’ll find more information about fraud prevention in my book: The Little Book of Local Government Fraud Prevention.

See my series of fraud articles at White Collar Crime is Knocking at Your Door.

1 2 3 11
>