Category Archives for "Fraud"

Three Receipt Fraud Tests

By Charles Hall | Asset Misappropriation

25 Ways Fraud Happens: Audit Brainstorming

By Charles Hall | Fraud

As auditors perform their fraud brainstorming, it helps to have ideas to consider. So today I provide you with 25 ways fraud happens. 

25 Ways Fraud Happens

Here’s a list of common company thefts:

1. Collection clerk steals cash prior to recording it
2. Collection clerk steals cash after recording a customer receipt; he voids the receipt and adjusts (writes down) the customer’s account
3. Collection clerk places a personal check (for $5,000) in the cash drawer and takes an equivalent amount of cash; the clerk leaves the check in the drawer for months—in effect the clerk has an unauthorized loan
4. The cash collections supervisor steals cash after receiving funds from collection clerks but before the money is deposited; she adjusts the related bank reconciliation by the amount stolen
5. The person opening the mail steals checks before they are receipted; these amounts had not previously been recorded as a receivable
6. Employees steal capital assets (knowing that no one performs periodic inventories)
7. Employees use company credit cards for personal purchases but code the transactions as company expenses
8. Accounts payable clerks cut checks to themselves (or to an accomplice) but record the check as company expenses; the check signatures are forged
9. Accounts payable clerks establish fictitious vendors using their own addresses, a P.O. Box, or that of an accomplice; payments are made to the fictitious vendor and covered up with fictitious invoices; the checks are signed electronically as they are printed
10. Accounts payable employee intentionally double-pays an invoice, then requests that the vendor refund the extra payment (with the refund going directly to the payable clerk)—check is converted to personal use
11. Payroll personnel increase the pay rate—in the master pay rate file—for themselves or for friends working in the company
12. Payroll personnel pay themselves (or friends) twice for each payroll
13. Payroll personnel purposefully overpay withholding taxes and inflate the withholding amount on their own W-2, resulting a tax refund that includes the excess payments
14. Purchasing department personnel are bribed by a vendor; the vendor recoups the bribe costs by inflating its subsequent invoices
15. State, city, county elected officials are bribed; the vendor recoups the bribe costs by inflating its subsequent invoices
16. Vendors give favors (e.g., free vacations) to those with the power to buy—commonly called a gratuity; vendor recoups the cost of the favors by inflating its subsequent invoices
17. CEO orders accounts payable staff to make payments to himself (with an implied threat); payments are coded in a manner that hides the payment
18. Money is wired by the CFO to the CFO but is recorded as a legitimate expense using a journal entry
19. Money is wired to the CFO who then leaves the country without trying to cover up the theft
20. The CEO or CFO makes payments to someone who is threatening their life or is blackmailing them; the expense is coded as legitimate
21. A secret bank account is opened in the name of the business by the CFO but the sole authorized check signer is the CFO; checks are made from a legitimate business bank account to the secret bank account; the CFO writes checks to himself from the secret account
22. A sales person steals rebate checks that belong to the company; she deposits the checks into her personal bank account by writing “pay to the order of…” on the back of the check
23. The payables clerk writes a manual check to himself and then records the check with a journal entry that reflects a legitimate vendor
24. The CFO inflates revenue at year-end with fictitious journal entries; stock prices go up; the CFO sells personally-owned company stock, then the CFO reverses the year-end accruals
25. The inventory clerk steals stock and covers the theft by altering the inventory records

Fraud Brainstorming for Auditors

In performing your fraud brainstorming, consider printing out this list and seeing if any of these thefts are relevant to your audit.

How to Prevent Payroll Fraud

By Charles Hall | Fraud

Do you know how to prevent payroll fraud? Today we take a look at how you can protect your business.

Direct deposit of payroll checks can open the door to theft. Also when one person is in control of payroll processes, danger lurks.

I was teaching a fraud prevention class this past Friday, and one of the participants, a school payroll clerk named Dawn, asked me to address how fraud might occur in her department. So I asked her a series of questions.

“Does your school use direct deposit?” She answered yes.

“Do you fully control the issuance of W-2s?” Dawn said yes.

“Who adds the direct deposit information to your payroll software?” She answered, “I do.”

“Can anyone else change the direct deposit file?” Her answer was no.

“Who controls the master pay rate file?” Here again, she was the only one who had rights to this payroll function.

Then I asked Dawn if she reconciles the bank statement. She said that Randy, a gentleman sitting in front of her, reconciles the account. I was also told that they have hundreds of employees.

How Can Dawn Steal?

I told the class that a person in Dawn’s position could steal in multiple ways. Here are a few:

• She can leave a terminated employee on the payroll and change that person’s bank account number to her own, allowing her to receive all payroll payments for the discontinued staff member. Then, she can also alter the related W-2s to cover her tracks.
• She can change the master pay rate of any employee, including herself.
• She can inflate the hours worked for any employee.

Prevent Payroll Fraud

After pointing out the flaws in internal control, I asked the class how they would reduce these threats. Angela (another student) sang out: “Create transparency by allowing another person to review or see what the payroll clerk is doing.” (This made me smile since I had been preaching this idea all morning.)

To lessen the threat of fraud, always ask, “how can I create transparency?” The answer will almost always involve allowing another individual to monitor the work of the primary persons in the process. And I am not proposing that this observing person be present 24/7—just that she periodically review the activity of the primary person (e.g., payroll clerk). 

The monitoring person can be someone that works with the entity or someone from the outside (e.g., external CPA). Here are sample fraud prevention measures for the above-described threats:

• Download all the payroll records, including each employee and direct deposit bank account number; sort for identical bank account numbers (a same bank account number may mean that a terminated employee was left on the payroll, and their deposits are being routed to another person such as the payroll clerk)
• Have someone (other than the payroll clerk) pull the payroll personnel files for twenty employees and then compare the authorized pay rates (in the personnel file) to the payroll master file (in the software); tell the payroll clerk that this procedure will occur with some frequency and will happen without notice
• For hourly employees, have someone (other than the payroll clerk) pull the reported hours for two departments and review for appropriateness; inquire of the department head regarding any higher-than-normal hours
• Examine the W-2s of the payroll personnel
• Print a budget to actual salary report or a current year/prior year comparison of wages; provide the same to the governing body
• Report findings from these procedures to the governing body; do this at least once per year (regularity makes the payroll personnel think twice about theft)

Take Away

By the way, the payroll clerk was the only person with access to the payroll master file. This is not necessarily a bad thing. You want to limit the number of persons with access to payroll master file, but a second person should monitor the payroll clerk’s inputs into the payroll software.

So how can you prevent payroll fraud? Think about your own payroll system. Are there any potential threats to your payroll system? Also, be aware of ghost employees.

If you’ve seen payroll fraud, please share a comment about how it happened.

If you are interested in more information about white-collar crime, check out my other fraud prevention articles.

Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

• Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
• Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
• Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
• Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
• Provide monthly budget to actual reports to mayor and council
• Provide monthly overtime summaries to mayor and council
• Do not allow Dale to sign checks
• Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
• Require Mayor Chester and Dale to authorize any wire transfers
• Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
• Don’t provide Dale with a credit card
• If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
• Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

• Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
• Have an outside CPA or CFE map your internal control system and make system-design recommendations
• Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
• Install a security camera to record all of Dale’s collection and receipting activity
• Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

Statement on Standards for Forensic Services

By Charles Hall | Fraud

The AICPA has issued an exposure draft titled Statement of Standards for Forensic Services No. 1 (SSFS 1), Forensic Services: Definitions and Standards. If approved, the standard will be effective for new engagements accepted on or after May 1, 2019.

Who Created SSFS 1?

SSFS 1 was created by the AICPA’s Forensic and Valuation Services Executive Committee.

Why SSFS 1?

The purpose of the standard is to improve the consistency and quality of forensic services provided by CPAs.

It appears the AICPA is being responsive to a growing demand for forensic services. A report created by IBISWorld (a market research firm) showed that employment in forensic accounting grew at an annualized rate of 18% from 2012 to 2017.

Services Covered by SSFS 1

SSFS 1 covers the following types of forensic services (per paragraph .01 of the proposed standard):

• Litigation – an actual or potential legal or regulatory proceeding before a trier of fact or a regulatory body as an expert, consultant, neutral, mediator or arbitrator in connection with the resolution of disputes between parties.  Litigation used herein is not limited to formal litigation, but is inclusive of other alternative dispute resolution forums; 

• Investigation – a matter that is not a litigation but which may involve using the same skills and the services are performed in response to specific concern(s) of wrong doing in which the member is engaged to perform procedures to collect, analyze, evaluate or interpret certain evidential matter to assist the stakeholder (e.g. client, board of directors, independent auditor or regulator) in reaching a conclusion on the merits of the concern(s).

Prohibitions

SSFS 1 includes two prohibitions:

• A legal opinion can not be provided regarding the occurrence of fraud, and
• Forensic services can’t be provided on a contingent fee basis

Why can’t a member provide a legal opinion regarding fraud? The final determination of whether fraud exists is determined by the “trier-of-fact,” according to paragraph .08 of the standard.

Applicability

The standard would apply to all AICPA members, AICPA members firms, and employees of AICPA member firms.

Paragraph .03 of the standard states “the key consideration of this Statement’s applicability is the purpose  (e.g., Litigation or Investigation) for which the member was engaged.” The applicability is not based on a particular service provided such as data analysis. But if data analysis, for example, is performed in relation to litigation or investigative services, then the statement would apply.

Understanding with Client

The understanding with the client regarding the nature, scope, and limitations of the services can be written or oral.