Category Archives for "Fraud"

receipt fraud test for auditors
May 08

Three Receipt Fraud Tests

By Charles Hall | Asset Misappropriation

Today I provide three receipt-fraud tests for auditors. 

The audit standards require that we introduce elements of unpredictability. Additionally, it’s wise to perform fraud tests. But I find that auditors struggle with brainstorming (required by AU-C 240, Consideration of Fraud in a Financial Statement Audit) and developing fraud tests. That’s why I wrote Five Disbursement Fraud TestsIt’s also why I am providing this post.

So, let’s jump in. Here are three receipt-fraud tests.

receipt-fraud tests for auditors

Three Receipt-Fraud Tests

1. Test adjustments made to receivables

Why test?

Receipt clerks sometimes steal collected monies and write off (or write down) the related receivable. Why does the clerk adjust the receivable? So the customer doesn’t receive a second bill for the funds stolen. 

How to test?

Obtain a download of receivable adjustments for a period (e.g., two weeks) and see if they were duly authorized. Review the activity with someone outside the receivables area (e.g., CFO) who is familiar with procedures but who has no access to cash collections.

If there are multiple persons with the ability to adjust receivable accounts (quite common in hospitals), compare weekly or monthly adjustments made by each employee.

Agree receipts with bank deposits.

2. Confirm rebate (or similar type) checks

Why test?

When rebate checks are not sent to a central location (e.g., receipting department), the risk of theft increases. Rebate checks are often not recorded as a receivable, so the company may not be aware of the amounts to be received. Stealing unaccrued receivable checks is easy.

How to test?

Determine which vendors provide rebate checks (or similar non-sales payments). Send confirmations to the vendors and compare the confirmed amounts with activity in the general ledger.

Theft of rebate checks is more common in larger organizations (e.g., hospitals) where checks are sometimes received by various executives. The executive receives a check in the mail and keeps it for a while (in his desk drawer – in case someone asks for it). Once he sees that no one is paying attention, he steals and converts the check to cash.

3. Search for off-the-book thefts of receipts

Why test?

The fraudster may bill for services through the company accounting system or an alternative set of accounting records and personally collect the payments.

How to test?

Compare revenues with prior years and investigate significant variances. Alternatively, start with source documents and walk a sample of transactions to revenue recognition, billing, and collection.

Here are a few examples of actual off-the-book thefts:

Police Chief Steals Cash

An auditor detected a decrease in police-fine revenue in a small city while performing audit planning analytics. Upon digging deeper, he discovered the police chief had two receipt books, one for checks that were appropriately deposited and a second for cash going into his pocket. Sometimes, even Andy Griffith steals.

Hospital CFO Steals Cash

hospital CFO, while performing reorganization procedures, set up a new bank account specifically for deposit of electronic Medicaid remittances. He established himself as the authorized bank account check-signer.

The CFO never set up the bank account in the general ledger. As the Medicaid money was electronically deposited, the CFO transferred the funds to himself.  What was the money used for? A beautiful home on Mobile Bay, new cars, and gambling trips.

Another Receipt Fraud to Consider

Sometimes it’s not the front-desk receipt clerk that steals. Surprisingly, your receipt supervisor can be on the take. So, consider that receipt theft takes place up-front and in the back-office.

Ways Fraud Happens
Jul 13

25 Ways Fraud Happens: Audit Brainstorming

By Charles Hall | Fraud

As auditors perform their fraud brainstorming, it helps to have ideas to consider. So today I provide you with 25 ways fraud happens. 

Ways Fraud Happens

25 Ways Fraud Happens

Here’s a list of common company thefts:

  1. Collection clerk steals cash prior to recording it
  2. Collection clerk steals cash after recording a customer receipt; he voids the receipt and adjusts (writes down) the customer’s account
  3. Collection clerk places a personal check (for $5,000) in the cash drawer and takes an equivalent amount of cash; the clerk leaves the check in the drawer for months—in effect the clerk has an unauthorized loan
  4. The cash collections supervisor steals cash after receiving funds from collection clerks but before the money is deposited; she adjusts the related bank reconciliation by the amount stolen
  5. The person opening the mail steals checks before they are receipted; these amounts had not previously been recorded as a receivable
  6. Employees steal capital assets (knowing that no one performs periodic inventories)
  7. Employees use company credit cards for personal purchases but code the transactions as company expenses
  8. Accounts payable clerks cut checks to themselves (or to an accomplice) but record the check as company expenses; the check signatures are forged
  9. Accounts payable clerks establish fictitious vendors using their own addresses, a P.O. Box, or that of an accomplice; payments are made to the fictitious vendor and covered up with fictitious invoices; the checks are signed electronically as they are printed
  10. Accounts payable employee intentionally double-pays an invoice, then requests that the vendor refund the extra payment (with the refund going directly to the payable clerk)—check is converted to personal use
  11. Payroll personnel increase the pay rate—in the master pay rate file—for themselves or for friends working in the company
  12. Payroll personnel pay themselves (or friends) twice for each payroll
  13. Payroll personnel purposefully overpay withholding taxes and inflate the withholding amount on their own W-2, resulting a tax refund that includes the excess payments
  14. Purchasing department personnel are bribed by a vendor; the vendor recoups the bribe costs by inflating its subsequent invoices
  15. State, city, county elected officials are bribed; the vendor recoups the bribe costs by inflating its subsequent invoices
  16. Vendors give favors (e.g., free vacations) to those with the power to buy—commonly called a gratuity; vendor recoups the cost of the favors by inflating its subsequent invoices
  17. CEO orders accounts payable staff to make payments to himself (with an implied threat); payments are coded in a manner that hides the payment
  18. Money is wired by the CFO to the CFO but is recorded as a legitimate expense using a journal entry
  19. Money is wired to the CFO who then leaves the country without trying to cover up the theft
  20. The CEO or CFO makes payments to someone who is threatening their life or is blackmailing them; the expense is coded as legitimate
  21. A secret bank account is opened in the name of the business by the CFO but the sole authorized check signer is the CFO; checks are made from a legitimate business bank account to the secret bank account; the CFO writes checks to himself from the secret account
  22. A sales person steals rebate checks that belong to the company; she deposits the checks into her personal bank account by writing “pay to the order of…” on the back of the check
  23. The payables clerk writes a manual check to himself and then records the check with a journal entry that reflects a legitimate vendor
  24. The CFO inflates revenue at year-end with fictitious journal entries; stock prices go up; the CFO sells personally-owned company stock, then the CFO reverses the year-end accruals
  25. The inventory clerk steals stock and covers the theft by altering the inventory records

Fraud Brainstorming for Auditors

In performing your fraud brainstorming, consider printing out this list and seeing if any of these thefts are relevant to your audit.

How to prevent payroll fraud
Jul 06

How to Prevent Payroll Fraud

By Charles Hall | Fraud

Do you know how to prevent payroll fraud? Today we take a look at how you can protect your business.

Direct deposit of payroll checks can open the door to theft. Also when one person is in control of payroll processes, danger lurks.

prevent payroll fraud

Picture is courtesy of DollarPhotoClub.com

I was teaching a fraud prevention class this past Friday, and one of the participants, a school payroll clerk named Dawn, asked me to address how fraud might occur in her department. So I asked her a series of questions.

“Does your school use direct deposit?” She answered yes.

“Do you fully control the issuance of W-2s?” Dawn said yes.

“Who adds the direct deposit information to your payroll software?” She answered, “I do.”

“Can anyone else change the direct deposit file?” Her answer was no.

“Who controls the master pay rate file?” Here again, she was the only one who had rights to this payroll function.

Then I asked Dawn if she reconciles the bank statement. She said that Randy, a gentleman sitting in front of her, reconciles the account. I was also told that they have hundreds of employees.

How Can Dawn Steal?

I told the class that a person in Dawn’s position could steal in multiple ways. Here are a few:

  • She can leave a terminated employee on the payroll and change that person’s bank account number to her own, allowing her to receive all payroll payments for the discontinued staff member. Then, she can also alter the related W-2s to cover her tracks.
  • She can change the master pay rate of any employee, including herself.
  • She can inflate the hours worked for any employee.

Prevent Payroll Fraud

After pointing out the flaws in internal control, I asked the class how they would reduce these threats. Angela (another student) sang out: “Create transparency by allowing another person to review or see what the payroll clerk is doing.” (This made me smile since I had been preaching this idea all morning.)

To lessen the threat of fraud, always ask, “how can I create transparency?” The answer will almost always involve allowing another individual to monitor the work of the primary persons in the process. And I am not proposing that this observing person be present 24/7—just that she periodically review the activity of the primary person (e.g., payroll clerk). 

The monitoring person can be someone that works with the entity or someone from the outside (e.g., external CPA). Here are sample fraud prevention measures for the above-described threats:

  • Download all the payroll records, including each employee and direct deposit bank account number; sort for identical bank account numbers (a same bank account number may mean that a terminated employee was left on the payroll, and their deposits are being routed to another person such as the payroll clerk)
  • Have someone (other than the payroll clerk) pull the payroll personnel files for twenty employees and then compare the authorized pay rates (in the personnel file) to the payroll master file (in the software); tell the payroll clerk that this procedure will occur with some frequency and will happen without notice
  • For hourly employees, have someone (other than the payroll clerk) pull the reported hours for two departments and review for appropriateness; inquire of the department head regarding any higher-than-normal hours
  • Examine the W-2s of the payroll personnel
  • Print a budget to actual salary report or a current year/prior year comparison of wages; provide the same to the governing body
  • Report findings from these procedures to the governing body; do this at least once per year (regularity makes the payroll personnel think twice about theft)

Take Away

By the way, the payroll clerk was the only person with access to the payroll master file. This is not necessarily a bad thing. You want to limit the number of persons with access to payroll master file, but a second person should monitor the payroll clerk’s inputs into the payroll software.

So how can you prevent payroll fraud? Think about your own payroll system. Are there any potential threats to your payroll system? Also, be aware of ghost employees.

If you’ve seen payroll fraud, please share a comment about how it happened.

If you are interested in more information about white-collar crime, check out my other fraud prevention articles.

Fraud Prevention for Small Governments
Feb 06

Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

Fraud Prevention for Small Governments

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

  • Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
  • Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
  • Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
  • Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
  • Provide monthly budget to actual reports to mayor and council
  • Provide monthly overtime summaries to mayor and council
  • Do not allow Dale to sign checks
  • Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
  • Require Mayor Chester and Dale to authorize any wire transfers
  • Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
  • Don’t provide Dale with a credit card
  • If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
  • Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

  • Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
  • Have an outside CPA or CFE map your internal control system and make system-design recommendations
  • Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
  • Install a security camera to record all of Dale’s collection and receipting activity
  • Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

Statement on Standards for Forensic Services No. 1
Jan 14

Statement on Standards for Forensic Services

By Charles Hall | Fraud

The AICPA has issued an exposure draft titled Statement of Standards for Forensic Services No. 1 (SSFS 1), Forensic Services: Definitions and Standards. If approved, the standard will be effective for new engagements accepted on or after May 1, 2019.

Statement on Standards for Forensic Services No. 1

Who Created SSFS 1?

SSFS 1 was created by the AICPA’s Forensic and Valuation Services Executive Committee.

Why SSFS 1?

The purpose of the standard is to improve the consistency and quality of forensic services provided by CPAs.

It appears the AICPA is being responsive to a growing demand for forensic services. A report created by IBISWorld (a market research firm) showed that employment in forensic accounting grew at an annualized rate of 18% from 2012 to 2017.

Services Covered by SSFS 1

SSFS 1 covers the following types of forensic services (per paragraph .01 of the proposed standard):

  • Litigation – an actual or potential legal or regulatory proceeding before a trier of fact or a regulatory body as an expert, consultant, neutral, mediator or arbitrator in connection with the resolution of disputes between parties.  Litigation used herein is not limited to formal litigation, but is inclusive of other alternative dispute resolution forums; 

  • Investigation – a matter that is not a litigation but which may involve using the same skills and the services are performed in response to specific concern(s) of wrong doing in which the member is engaged to perform procedures to collect, analyze, evaluate or interpret certain evidential matter to assist the stakeholder (e.g. client, board of directors, independent auditor or regulator) in reaching a conclusion on the merits of the concern(s).

Prohibitions

SSFS 1 includes two prohibitions:

  • A legal opinion can not be provided regarding the occurrence of fraud, and
  • Forensic services can’t be provided on a contingent fee basis

Why can’t a member provide a legal opinion regarding fraud? The final determination of whether fraud exists is determined by the “trier-of-fact,” according to paragraph .08 of the standard.

Applicability

The standard would apply to all AICPA members, AICPA members firms, and employees of AICPA member firms.

Paragraph .03 of the standard states “the key consideration of this Statement’s applicability is the purpose  (e.g., Litigation or Investigation) for which the member was engaged.” The applicability is not based on a particular service provided such as data analysis. But if data analysis, for example, is performed in relation to litigation or investigative services, then the statement would apply.

Understanding with Client

The understanding with the client regarding the nature, scope, and limitations of the services can be written or oral.

>