How to Prevent White-Collar Crime

By Charles Hall | Fraud

Chances are, theft is occurring in your business as you read this–or at least within the last thirty days. Those you trust may be taking you for a ride. That’s usually how fraud occurs. Therefore, you need to know how to prevent white-collar crime. Below I provide you with plenty of free understandable resources to help you stop fraud. Take a look. 

White Collar Crime Happens!

For most organizations, it’s not a matter of if fraud will occur, it’s a question of how much will be taken. The Association of Certified Fraud Examiners’ biennial survey shows that the average business loses 5% of its revenues to fraud. Imagine adding that amount to your bottom line, because when theft occurs, your net income is reduced by the amount taken.

No One Steals from My Business

Most business owners, board members, governments, and nonprofits think “fraud may happen in other organizations, but not in our place. Our people are honest.” Well, let me say I’ve seen plenty of “honest” people steal.

In almost every fraud I’ve seen, the business owners and fellow employees are greatly surprised by the theft–usually by a trusted employee. 

And these trusted people steal because they can. You may be thinking, “What?” Let me repeat, the reason people steal is because they can. In fraud prevention parlance, we call it “opportunity.”

Fraud Cycle

And, how do trusted employees steal? Here’s the typical cycle:

• We hire a likable, trustworthy person
• The employee serves the organization well
• He moves to higher positions (where he has greater opportunity to steal)
• No one monitors the employee because he is honest–or at least, he appears that way
• The employee believes he can steal without detection
• Small amounts of money are taken to test the water
• Larger amounts are taken when he is sure no one is watching

So, the employee goes from trusted employee to fraudster. The transformation occurs gradually. Then when the discovery of fraud occurs, everyone is shocked.

Examples of People Who Steal

And what kinds of trusted people steal?

I have seen the following individuals take money:

• Chief executive officer
• Board member
• Pastor
• Church secretary
• Healthcare executive
• A lady who was dying
• Doctor
• College president
• Swim club volunteer
• Seminary Foundation employee
• School principal

I could go on, but you get my point. People who we think would never steal, do.

So, how can we prevent–or at least lessen–the threat of fraud? Transparency is a key.

Transparency Lessens Fraud

If transparency is important, why don’t businesses create it?

Small businesses often lack the ability to segregate accounting duties, and this lack of segregation creates opportunities for theft. Why? One employee controls several critical accounting processes, resulting in the ability to steal without detection.

To lessen the possibility of fraud, we must create transparency in accounting processes. Employees are less likely to steal when their actions are visible to others. That’s why segregation of duties is necessary–more eyes see the accounting activity, making it more difficult for theft to occur without detection. Even if an organization has few employees, it’s possible to create transparency and lessen the threat of theft. 

How CPA Hall Talk Helps

CPA Hall Talk is designed to provide you with fraud prevention information.

While I can’t visit everyone that needs fraud prevention assistance, I can provide (free) information about how theft occurs and how you can lessen the threat of fraud.

Here are some of my fraud prevention posts (each with a clickable link):

• 25 Ways Fraud Happens
• City Manager Pockets Cash from the Sale of Excess Property
• How a Tax Commissioner Walks Away with $800,000
• Nonprofit Embezzlers Sell Donated Goods for Millions
• Do (Some) Librarians Actually Steal?
• Nonprofit Fraud: Bid-Rigging, Kickbacks and Faulty Payments
• Nonprofit Embezzlers Sell Donated Goods for Millions
• How $16 Million was Stolen from a Bakery
• Is Your Cash Receipts Supervisor on the Take?
• College Aid Official Funnels $4.1 to Herself
• Would Andy Griffith Steal?
• Why Stealing Unaccrued Receivable Checks is Easy
• Circumventing Approval Requirements by Splitting Payments
• Why Some Ranches Have a Bad Smell: The Rita Crundwell Story
• How Employees Steal with Company Credit Cards
• I Get By with a Little Help from my Friends: Payroll Fraud
• How Honest People Steal
• Why a Kind Person Steals While Dying
• How Bribes Assault Your Earnings
• How Fraudsters Steal with Inflated Invoices
• How to Steal by Double Paying a Vendor
• How Accounting Tricks Guarantee Increased Earnings
• A Fraudster’s Refuge: The Appalachian Trail
• How Can a Fraudster Write Checks to Himself?
• Stealing and Converting Company Checks
• Trains, Planes, and Automobiles: The Theft of Capital Assets
• How Employees Steal Using a Check-for-Cash Scheme
• Backdoor Payroll Theft of Withholdings
• Are Ghosts Lurking in Your Payroll?
• How to Prevent Wire Fraud
• Skimming Cash Payments
• Fictitious Vendor Fraud
• Key Fraud Statistics from The Association of Certified Fraud Examiners
• How to Steal Money with Altered Check Payees
• How to Use the Camera Effect to Kill Fraud
• How to Educate Children in the Art of Theft
• How to Prevent the Theft of Fixed Assets
• Bribery – Can You Stop It?
• How to Prevent Payroll Fraud
• Red Flags of Governmental Fraud
• Little Old Librarians (Do Sometimes) Steal
• Three Tips for Fraud Prevention
• 10 Powerful Steps to Reduce Theft
• How to Lessen Segregation of Duties Problems in Two Easy Steps
• The New COSO Framework
• Five Disbursement Fraud Audit Tests
• Fraud Prevention for Small Governments
• Steal Like a Boss
• Corporate Account Takeover
• Fake Bank Confirmation Responses
• Local Government Internal Controls – A List
• In Case of Fraud, Pull Here
• Three Minutes to Better Client Interviews
• Three Receipt-Fraud Tests
• Fraud Stings Auditor
• Theft of Cash From Local Governments (Cities and Counties)
• Fraudulent Payments Without Being on the Signature Card
• Splitting Payments to Circumvent Approval Requirements
• 2018 ACFE Report to the Nations (Key Findings)
• 10 Ways to Prevent Small Business Fraud (a video)

I hope you find these articles helpful in fighting fraud in your organization. 

Finally, I hope you’ll join us here at CPA Hall Talk for more information about fraud prevention, accounting, and auditing. See the subscription box below.

The Auditor’s Responsibility for Fraud: The Why and How

By Charles Hall | Auditing , Fraud

What is an auditor’s responsibility for fraud in a financial statement audit? Today, I’ll answer that question. Let’s take a look at the following:

• Auditor’s responsibility for fraud
• Turning a blind eye to fraud
• Signs of auditor disregard for fraud
• Incentives for fraud
• Discovering fraud opportunities
• Inquiries required by audit standards
• The accounting story and big bad wolves
• Documenting control weaknesses
• Brainstorming and planning your response to fraud risk 

Auditor’s Responsibility for Fraud

I still hear auditors say, “We are not responsible for fraud.” But are we not? The detection of material misstatements whether caused by error or fraud is the heart and soul of an audit. So writing off our responsibility for fraud is not an option. We must plan to look for material fraud.

Audits will not, however, detect every material misstatement—even if the audit is properly planned and conducted. Audits are designed to provide reasonable assurance, not perfect assurance. Some material frauds will not be detected. Why? First, an auditor’s time is limited. He can’t audit forever. Second, complex systems can make it extremely difficult to discover fraud. Third, the number of fraud schemes—there are thousands—makes it challenging to consider every single possibility. And, finally, some frauds are so well hidden that auditors won’t detect them.

Even so, auditors should not turn a blind eye to fraud.

Turning a Blind Eye to Fraud

Why do auditors not detect fraud?

• We don’t look for fraud because we don’t understand it
• We disregard the importance of walkthroughs
• We believe that auditing the balance sheet is enough

Think of these reasons as an attitude—a poor one—regarding fraud. This disposition manifests itself in the audit file with signs of disregard for fraud.

Signs of Auditor Disregard for Fraud

A disregard for fraud appears in the following ways:

• Asking just one or two questions about fraud
• Limiting our inquiries to as few people as possible (maybe even just one)
• Discounting the potential effects of fraud (after known theft occurs)
• Not performing walkthroughs
• We don’t conduct brainstorming sessions and window-dress related documentation
• Our files reflect no responses to brainstorming and risk assessment procedures
• Our files contain vague responses to the brainstorming and risk assessment (e.g., “no means for fraud to occur; see standard audit program” or “company employees are ethical; extended procedures are not needed”)
• The audit program doesn’t change though control weaknesses are noted

In effect, auditors—at least some—dismiss the possibility of fraud, relying on a balance sheet approach.

So how can we understand fraud risks and respond to them? First, let’s look at fraud incentives.

Incentives for Fraud

The reasons for theft vary by each organization, depending on the dynamics of the business and people who work there. Fraudsters can enrich themselves indirectly (by cooking the books) or directly (by stealing).

Fraud comes in two flavors:

1. Cooking the books (intentionally altering numbers)
2. Theft

Cooking the Books

Start your fraud risk assessment process by asking, “Are there any incentives to manipulate the financial statement numbers.” For example, does the company provide bonuses or promote employees based on profit or other metrics? If yes, an employee can indirectly steal by playing with the numbers. Think about it. The chief financial officer can inflate profits with just one journal entry—not hard to do. While false financial statements is a threat, the more common fraud is theft.

Theft

If employees don’t receive compensation for reaching specific financial targets, they may enrich themselves directly through theft. But employees can only steal if the opportunity is present. And where does opportunity come from? Weak internal controls. So, it’s imperative that auditors understand the accounting system and—more importantly—related controls. 

Discovering Fraud Opportunities

My go-to procedure in gaining an understanding of the accounting system and controls is walkthroughs.  Since accounting systems are varied, and there are no “forms” (practice aids) that capture all processes, walkthroughs can be challenging. So, we may have to “roll up our sleeves,” and “get in the trenches”—but the level of the challenge depends on the complexity of the business.

For most small businesses, performing a walkthrough is not that hard. Pick a transaction cycle; start at the beginning and follow the transaction to the end. Ask questions and note who does what. Inspect the related documents. As you do, ask yourself two questions:

1. What can go wrong?
2. Will existing control weakness allow material misstatements?

In more complex companies, break the transaction cycle into pieces. You know the old question, “How do you eat an elephant?” And the answer, “One bite at a time.” So, the process for understanding a smaller company works for a larger one. You just have to break it down—and allow more time.

Discovering fraud opportunities requires the use of risk assessment procedures such as observations of controls, inspections of documents and inquiries. Of the three, the more commonly used is inquiries.

Inquiries Required by Audit Standards

Audit Standards (AU-C 240) state that we should inquire of management regarding:

• Management’s assessment of the risk that the financial statements may be materially misstated due to fraud, including the nature, extent, and frequency of such assessments
• Management’s process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist
• Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity
• Management’s communication, if any, to employees regarding its views on business practices and ethical behavior
• The auditor should make inquiries of management, and others within the entity as appropriate, to determine whether they know of any actual, suspected, or alleged fraud affecting the entity
• For those entities that have an internal audit function, the auditor should make inquiries of appropriate individuals within the internal audit function to obtain their views about the risks of fraud; determine whether they have knowledge of any actual, suspected, or alleged fraud affecting the entity; whether they have performed any procedures to identify or detect fraud during the year; and whether management has satisfactorily responded to any findings resulting from these procedures

Notice that AU-C 240 requires the auditor to ask management about its procedures for identifying and responding to the risk of fraud. If management has no method of detecting fraud, might this be an indicator of a control weakness? Yes. What are the roles of management and auditors regarding fraud?

• Management develops control systems to lessen the risk of fraud. 
• Auditors review the accounting system to see if fraud-prevention procedures are designed and operating appropriately.

So, the company creates the accounting system, and the auditor gains an understanding of the same. As auditors gain an understanding of the accounting system and controls, we are putting together the pieces of a story.

The Accounting Story and Big Bad Wolves

Think of the accounting system as a story. Our job is to understand the narrative of that story. As we (attempt to) describe the accounting system, we may find missing pieces. When we do, we’ll go back and ask more questions to make the story complete.

The purpose of writing the storyline is to identify any “big, bad wolves.”

The threats in our childhood stories were easy to recognize—the wolves were hard to miss. Not so in the walkthroughs. It is only in connecting the dots—the workflow and controls—that the wolves materialize. So, how long is the story? That depends on the size of the organization.

Scale your documentation. If the transaction cycle is simple, the documentation should be simple. If the cycle is complex, provide more details. By focusing on control weaknesses that allow material misstatements, you’ll avoid unneeded—and distracting—details.

Documenting Control Weaknesses

I summarize the internal control strengths and weaknesses within the description of the system and controls and highlight the wording “Control weakness.” For example:

Control weakness: The accounts payable clerk (Judy Jones) can add new vendors and can print checks with digital signatures. In effect, she can create a new vendor and have a check sent to that provider without anyone else’s involvement.

Highlighting weaknesses makes them more prominent. Then I can use the identified fraud opportunities to brainstorm about how theft might occur and to develop my responses to the threats.

Brainstorming and Planning Your Responses 

Now, you are ready to brainstorm about how fraud might occur and to plan your audit responses.

The risk assessment procedures—discussed above and in my prior post—provide the fodder for the brainstorming session. 

Armed with knowledge about the company, the industry, fraud incentives, and the control weaknesses, we are ready to be creative. 

In what way are we to be creative? We think like a thief. By thinking like a fraudster, we unearth ways that stealing might occur. And why? So we can audit those possibilities. And this is the reason for the fraud risk assessment procedures in the first place.

What we discover in the risk assessment stage informs the audit plan—in other words, it has bearing upon the audit programs.

The Auditor’s Responsibility for Fraud

In conclusion, I started this post saying I’d answer the question, “What is an auditor’s responsibility for fraud?”

Hopefully, you now have a better understanding of the fraud-related procedures we are to perform. But to understand the purpose of these procedures, look at the language in a standard audit opinion:

The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. Accordingly, we express no such opinion.

The purpose of fraud risk assessments is not to opine on internal control systems or to discover every fraud. It is to assist the auditor in determining where material misstatements—due to fraud—might occur.

Additionally, even well-performed audits will not detect all material fraud. As we saw above, some frauds are extremely difficult to detect. Audits are designed to provide reasonable assurance, not perfect assurance. The standard audit opinion states:

The What and Why of Auditing: A Blog Series About Basics

Have you been following my series of posts: The What and Why of Auditing? If not, you may want to review the prior posts:

• The What and Why of Auditing: A Blog Series about Basics
• The What and Why of Audit Acceptance and Continuance
• The What and Why of Audit Risk Assessment

Also, subscribe (below) to my blog to receive future installments in this series (we have several more coming). This series is a great way for seasoned auditors to refresh their overall audit knowledge and for new auditors to gain a better understanding of the audit process. 

Steal Like a Boss (and Feel Good About It)

By Charles Hall | Fraud

2018 ACFE Fraud Report to the Nations (Key Findings)

By Charles Hall | Fraud

Here are key findings from the 2018 ACFE Fraud Report. The survey is titled the 2018 Report to the Nations.

Every two years the Association of Certified Fraud Examiners (ACFE) issues a fraud report based on hundreds of actual fraud cases. The report provides great insights into how fraud occurs (the method), the persons stealing (the fraudster), and the damage (the amount of losses). 

If you are an auditor (internal or external), then you need to be familiar with the findings in this report. Understanding how theft occurs will enable you to detect and prevent it in the future.

Here are key points from the report.

2018 ACFE Fraud Report Findings

0 shares

Share0

Tweet0

• Organizations lose 5% of their revenues to fraud
• The median duration of a fraud was 16 months
• The median loss per case was $130,000
• The median loss per case when owners or executives were involved was $850,000
• Businesses with a 100 or fewer employees suffered a median loss per case of $200,000
• Businesses with more than 100 employees suffered a median loss per case of $104,000
  
• In 40% of the cases, tips were the initial detection method (53% of the tips came from employees of the organization; 32% of the tips came from vendors, customers, and competitors)
  
• Fraud losses were 50% smaller for organizations with fraud hotlines
• Only 4% of the fraudsters had a prior fraud conviction
  
• Occupational fraud was committed in the following categories: (1) asset misappropriation (89%), (2) corruption (38%), and (3) financial statement fraud (10%) -- in some cases, the fraudster used multiple schemes
• The median losses were (1) $114,ooo for asset misappropriation, (2) $250,000 for corruption, and (3) $800,000 for financial statement fraud
  
• 70% of corruption cases were committed by someone in a position of authority
  
• 82% of corruption cases were committed by males
  
• 50% of corruption cases were detected by a tip
• Internal control weaknesses led to nearly half of the fraud
  
• Small businesses typically have fewer anti-fraud controls than larger organizations, leaving them more vulnerable
• Data monitoring/analysis and surprise audits were correlated with the largest reductions in fraud losses and duration (yet only 37% of victim organizations implemented these controls)
  
• A majority of the victim organizations recovered nothing
• Fraudsters that were with the company for more than five years stole an average of $200,000
  
• Fraudsters that were with a company for less than five years stole an average of $100,000
  
• The industries with the highest levels of fraud were (1) Banking and Financial, (2) Manufacturing, (3) Governments, and (4) Health Care
  
• The departments with the highest level of fraud were (1) Accounting (14%), (2) Operations (14%), (3) Sales (12%), and (4) Executive/upper management (11%)
  
• 69% of frauds were commented by males with a median loss of $156,000 (the median loss from female thefts was $89,000)
  
• 61% of the fraud cases involved someone with a university degree or postgraduate degree
  
• When one fraudster was involved, the median loss was $74,000
  
• When two fraudsters were involved, the median loss was $150,000
  
• When three or more fraudsters were involved, the median loss was $339,000
  
• Living beyond their means was the primary behavioral red flag (41% of cases) 

89%

of fraud from asset misappropriations

Get Your Free Copy of ACFE Report

You can download the full ACFE Report to the Nations here. It's free.

Join the ACFE 

I have been a member of the Association of Certified Fraud Examiners since 2004. Why? Because I want to be a better auditor. And I have found that the ACFE has given me a much greater understanding of how fraud happens and how to prevent it. The organization has made me a much better auditor. Consider joining this organization. (You can join without becoming a Certified Fraud Examiner (CFE), though I recommend doing that as well. Learn more about becoming a CFE.) You'll be glad you did.

CPA Hall Talk Fraud Articles

For more information about fraud, see White Collar Crime is Knocking at Your Door. There you will see a list of fraud-related articles that I have written.

Fraudulent Payments Without Being on the Signature Card

By Charles Hall | Asset Misappropriation

Today I show you how bookkeepers can make fraudulent payments without being on the signature card.

Auditors often focus on authorized check signers when considering who can fraudulently disburse funds. But might it be possible to make payments without being on the bank’s signature card? The answer is yes. 

Courtesy of a DollarPhoto.com

Fraudulent Payments without Being on the Signature Card

Here are a few ways to disburse funds without being on a signature card:

1. Forgery
2. Unsigned checks
3. Wire transfer 
4. Electronic bill pay 
5. Signing checks with accounting software 
6. Use of a signature stamp

1. Forgery

Since banks don’t usually inspect checks as they clear, a forged check will normally clear the bank.

2. Unsigned Checks

Again, since banks don’t normally inspect checks as they are processed, an unsigned check can clear the bank. (I saw one just last month.)

3. Wire Transfer

Many times–at the client’s direction–banks wire money with just one person’s approval. One nonprofit administrator stole $6.9 million in less than an hour because of this control weakness. 

I have also seen small-town business bookkeepers drop by a local bank and ask them to wire money. Banks, desiring to help their client, sometimes do.

Businesses should use the controls offered by banks. Otherwise, they might be on the hook for fraudulent wires.

4. Electronic Bill Pay

Anyone with the right passwords can make electronic bill payments to themselves or anyone else.

5. Signing Checks with Accounting Software

This one scares me the most.

Many businesses, in an effort to expedite the disbursement process, have authorized signatures embedded in the payables software, enabling the payables clerk to make a payment to anyone. If the payables clerk has access to check stock (and they usually do), watch out. Even if a second person is normally involved in processing checks with automatic signatures, how easy is it for the clerk to go by in the evenings and make fraudulent payments? This danger increases if the payables clerk also reconciles the bank account. Why? No second person is reviewing the cleared checks.

6. Use of a Signature Stamp

I cringe every time I see a signature stamp. Why not just ask the authorized signer to just sign plenty of blank checks? (Yes, I am being facetious.)

Just last year I worked on a case where the bookkeeper wrote manual checks to herself but entered payments in the general ledger to legitimate vendors for the same amounts. Why? To mask the payments.

Recipe for Disbursement Fraud

Give anyone (1) the ability to sign checks, (2) access to blank check stock, and (3) the ability to make the bookkeeping entry, and you have the recipe for theft–particularly if that same person reconciles the bank statement or if the person reconciling the bank statement does not examine the payee on cleared checks. If you can’t segregate duties (there are too few employees), here’s how to lessen segregation of duties problems in two easy steps. 

How to Audit Accounts Payable

Click here for detailed information about how to audit accounts payable and expenses.