Internal Controls
description
Transcript of Internal Controls
Internal Controls
““There is no kind of There is no kind of dishonesty into which dishonesty into which otherwise good people otherwise good people more easily and more easily and frequently fall than that frequently fall than that of defrauding the of defrauding the government.”government.”
Benjamin FranklinBenjamin Franklin
How Does Fraud Occur?
Poor internal controls– Lack of proper authorizations– No separation of authorization, custody, and record keeping– No independent checks on performance– Lack of clear lines of authority– Inadequate documentation
Management override of internal controls Collusion between employees and 3rd parties Collusion between employees and management Limited, unclear, or no policies and procedures Poor or non-existent ethics and/or policy
“We all can learn from audit standards”
Statement on Auditing Standards No. 99
Exercise professional skepticism
Conduct brainstorming
Identify and assess risks
Communicate
Challenges We Face
74% of us believe our ethics are higher than those of our peers
83% of us say that at least one-half of the people we know would list us as one of the most ethical people they know
92% of us are satisfied with our ethics and character
Would you commit a felony to pay for needed surgery for your child?
Yes – 97 percent
Would you commit a felony to pay for needed surgery for your spouse?
Yes – 42 percent
“In the real world, successful people do what they have to
do to win, even if others consider it cheating.”
We do what we must to win
200 Olympians
1. Performance enhancing drug, no one will find out, no side affects, and win all races next 5 years
195
2. Performance enhancing drug, win all races next 5 years, then die from side affects, but no one will find out
100
Future Work Force (College)
11% reported cheating in 1963
49% reported cheating in 1993
75% reported cheating in 2003, 2005, 2006, 2007
50% in graduate school in 2006
Trust Is Not A Control
Former Director, Federal Emergency Management Agency
Assistant City Manager, Emergency Services Division
Assistant to the City Manager
Trust Is Not A Control
Former Deputy Chief Information Officer, U.S. Department of Homeland Security
Bachelor’s Degree (1993), Master’s Degree (1995), and Doctorate (2000)
Hamilton University
Unaccredited fee-for-degree “distance learning” center (“Diploma Mill”)
Bachelor’s Degree (2000), Master’s Degree (2000), and Doctorate (2001)
Reasons We Miss Fraud
Reasons We Miss Fraud
Personalities
Face Value
Avoid Conflict
Checklists
Education
Pressure
Auditor v. Investigator
Business Operations
The “Right” People
Warning Signs
Personalities
Clients’ strong personalities create difficulties
Taken in by friendly personalities
Need to be liked by the client
Personalities
Auditors requested to see a sampling of 400 invoices for ZZZZ Best work. Of those 400, the auditors would select 20.
ZZZZ Best provided 20 fake invoices.
Auditors asked to see 400 original invoices – CFO protested and auditors backed down.
Face Value
Accept answers on face value
Lack of skepticism – never taught and not in personality
Face Value
Crazy Eddie’s – one of the 20th century’s most infamous financial statement frauds
Employees helped auditors with inventory counts
10 equals 25
Watch What They Say
“The balance sheet is strong.”
“The third quarter is looking great.”
“Our stock is an incredible bargain at current prices.”
-- CEO Ken Lay, Enron
Watch What They Say
“We are confident in our marks and the reasonableness of our valuation methods.”
“We have a high degree of certainty in what we have booked to date.”
-- CEO Martin Sullivan, AIG
Watch What They Say
“Our liquidity and balance sheet are strong.”
“We don’t see any pressure on our liquidity, let alone a liquidity crisis.”
-- CEO Alan Schwartz, Bear Stearns
Watch What They Say
“We are on the right track to put these last two quarters behind us.”
-- CEO Richard Fuld, Lehman Brothers
“Our liquidity pool also remains strong at $42 billion.”
-- CFO Ian Lowitt, Lehman Brothers
Watch What They Say
“In today’s regulatory environment, it’s
virtually impossible to violate rules.”
-- Bernard Madoff Oct. 20, 2007
Avoid Conflict
“People are just too damn lazy.”
-- ZZZZ Best’s former CFO
Rather than drive out to confirm an address where ZZZZ Best was supposedly doing $45 million in business, the
auditors would make a phone call and were satisfied.
Checklists
Use too many checklists – try to get them done versus understanding the questions
Too narrow focused – don’t look to see if things make sense from a broader perspective
Budget & task oriented
Fraudsters Stay One Step Ahead
Electric wheelchair
$5,000
Billed at least 1,000 times ($5 million) for same wheelchair
Checklists
• Do you?
• Have you?
• Can you?
• Are you?
• How?
• Describe?
• What?
• Explain?
Education
Fraud and stupid can look just a like
More of a mind-set
Focus on exceptions, oddities, accounting irregularities, and patterns of conduct
Education
“No one ever asked.”
-- Mark Morze, ZZZZ Best’s former CFO
Education
Does the company possess all of the licenses it needs to conduct the business it does?
How does the company generate the 30%, 40%, 50%, and 60% profit margins that appear on its books?
Why do the company’s bids for complicated, million-dollar projects fit on a single page?
Education
Why is the company constantly in need of additional cash?
Why did the company waste $2 million on equipment it could have rented for 90% less?
Can we (the auditors) speak to at least one satisfied customer?
Education
Why is business conducted only with cashier’s checks?
How can the company’s revenues grow by 400% in 6 months, while the company’s general & administrative costs barely grow at all?
Why aren’t any of the company’s vendors in the Yellow Pages?
Education
Why do the company’s estimates for project costs always equal—to the penny—the supply sheets from the vendors?
Why are there no addresses on the work invoices?
Where are all the government forms regarding permits, licenses, etc.?
Education
Where is all the paperwork on vendor deliveries?
Could the auditors have a tour of one or two of the company’s warehouses or other facilities?
Can the auditors speak with a few of the company’s vendors or subcontractors? If not, why not?
The “Right” People
Too much time on prior year testing & tick marks
Spend too little time talking to the “right” people
The “Right” People
Chairman
Chief Executive Officer
Chief Operating Officer
Chief Financial Officer
Chief Accounting Officer
Chief Compliance Officer
Chief Audit Executive
Chief Legal Officer
The “Right” People
Accounting Manager
A/P Manager
Warehouse Foreman
Billing Manager
Payroll Manager
H/R Manager
Q/A Manager
Contracting Officer
Why Warning Signs are Important?
“The average fraud scheme lasted 24 months
before it was detected.”
-- ACFE 2008 Report to the Nation
Professional Services Contract
Effective Date Amount Contract Price
Contract 09/12/04 $ 85,850 $ 85,850
Mod #1 11/22/04 $ 30,800 $116,650
Mod #2 04/08/05 $ 78,400 $195,050
Mod #3 09/12/05 $ 1,400 $196,450
Mod #4 09/30/05 $148,600 $345,050
Warning Signs
Unexplained employee absences
Refusal to produce records, files or documents
Excessive overtime
Missing documentation
Warning Signs
Payments to a vendor post office box
No original source documents
Lack of competitive bidding
No exceptions or errors
Warning Signs
Significant life-style changes
Refusal to take vacation
Excessive movement of funds between accounts
Single vendor
Warning Signs
Excessive or unjustified changes in accounting personnel
Premature or excessive destruction of controlled documents
Excessive cash transactions
High rate of employee turnover
Warning Signs
Customer complaints
Can’t talk to people (protection)
Turning down promotions or transfers
Improperly trained employees
Warning Signs
Delivery location not the office, plant or job site
Invoices with minimal information
Increase in purchasing inventory but no increase in sales
Lack of physical security over assets / inventory
Warning Signs
Increase in scrap materials and reorders for same items
Inventory that is slow to turnover
Vendors that pick up payments
Consistent cash flow problems
Warning Signs
Significantly outpace other companies in same industry
Frequently change auditors, banks, and attorneys
Dramatic changes in key ratios or ratios too good
Excessive number of checking accounts
Warning Signs
Failure to reconcile bank statements or a conflict of duties on the part of performing reconciliations
Accounts receivable grows substantially faster than sales
Growth in accounts payable substantially exceeds revenue growth
Warning Signs
Majority of net income comes from one-time gains
Operating expenses decline sharply relative to sales
Company cash flows come primarily from assets sales, borrowings or equity offerings
Change in accounting principles and estimates
Warning Signs
Numerous adjustments
Key personnel going to work for vendors
Lack of segregation of duties
Inappropriate shipping costs
Warning Signs (Accounts Payable)
Recurring identical amounts from same vendor
Multiple vendors with similar names in accounting system
Multiple remittance addresses for same vendor
Vendor addresses don’t agree with application
Warning Signs (Accounts Payable)
Sequential invoice numbers from same vendor
Lack of segregation of duties:
Process invoices & updates to vendor master file
Check preparation & posting to vendor account
Check preparation & mailing signed checks
Warning Signs (Accounts Payable)
Excessive credit adjustments to specific vendor
Systematic pattern of adjustments for goods returned
Paid invoices not properly canceled
Unrestricted access to blank checks, signature plates, and check-signing equipment
Warning Signs (Inventory/Production)
Fluctuations in inventory accounts between months (e.g. debit balance one month, credit balance the next)
Excessive inventory write-offs without documentation or approvals
Unrestricted access to inventory storage areas
Warning Signs (Inventory/Production)
No segregation of duties:
Receipt of inventory & issuing of materials
Recording of inventory accounts & ordering materials
Identification of obsolete & surplus materials and sale/disposal of such materials
Warning Signs (Inventory/Production)
No policy on identification, sale, and disposal of obsolete and surplus materials
No policy on inventory levels to be maintained (i.e., minimums, maximums, reorder points)
Lack of regular physical inventories by independent personnel
Warning Signs (Inventory/Production)
Consistent production overruns beyond sales demand and backlog orders
Excessive production waste, spoilage, or other loss of raw materials
Extended delay of good marked “for shipment” maintained within shipping area
Warning Signs (Accounts Receivable)
Lack of policies regarding write-offs
No supervision or review of write-offs
Duties of posting to accounts & receiving cash not segregated
Warning Signs (Accounts Receivable)
Frequent undocumented or unapproved adjustments, credits, and write-offs
Dramatic increase in allowance for doubtful accounts
Reluctance to reserve for or write off accounts receivable
Warning Signs (Accounts Receivable)
Accounts receivable increasing or decreasing in a way not in accord with changing sales figures
Unexplained deterioration in collection cycle
Warning Signs (Construction Projects)
One company repeatedly wins contracts
Competitors continually submit bids that are unreasonably high, late, or are disqualified
An exclusive, consistent group of contractors bids on projects, and winning bidders appear to be on rotation basis or follow a particular pattern
Warning Signs (Construction Projects)
Bids submitted by contractors are vastly higher than on similar jobs by the same vendor
Successful bidders subcontract work to competitors that submitted excessive, unreasonable bids for the same job
Bid paperwork submitted by various vendors contains similarities or even identical items
Warning Signs (Construction Projects)
Bidders who are qualified and capable of bidding do not bid
Winning vendor is always the last to bid
Numerous or large dollar change orders
Change Orders
Estimate Low Bidder Actual Cost Claims
$1,500,000 $860,000 $5,200,000 $15,000,000
Contractor tried to recover cost overruns by using inflated change orders:
134 change orders:
Average contractor proposal: $50,000 Average negotiated amount: $15,000
Warning Signs (Construction Projects)
Certain contractors always bid against each other or never bid against each other
New vendors receive disproportionate number of winning bids
Refusal to produce records, files or documents
SEC Report of Investigation (“Madoff”)
The SEC focused its investigation too narrowly.
The SEC did not seek records from an independent third-party, but sought copies of such records from Madoff himself.
The teams assembled were relatively inexperienced.
There was insufficient planning for the examinations.
No significant attempts made to analyze the numerous red flags.
SEC Report of Investigation (“Madoff”)
Even when Madoff’s answers were seemingly implausible, the SEC examiners accepted them at face value.
The relatively inexperienced staff failed to appreciate the significance of the analysis in the complaint, and almost immediately expressed skepticism and disbelief.
When Madoff provided evasive or contradictory answers to important questions in testimony, they simply accepted as plausible his explanations.
They conducted their examination by simply asking Madoff about their concerns and accepting his answers.
SEC Report of Investigation (“Madoff”)
Madoff was the examiners primary contact and he carefully controlled to whom they spoke at the firm.
Examiners had a real difficult time dealing with Madoff as he was described as growing increasingly agitated during the examination, and attempting to dictate to the examiners what to focus on in the examination and what documents they could review.
Never verified Madoff’s purported trading with any independent third parties.
• Madoff records indicated $2.5 billion in 100 equities – third party records showed less than $18 million worth of equities.
SEC Report of Investigation (“Madoff”)
Shortly after the Madoff Enforcement investigation was
effectively concluded, the staff attorney of the
investigation received the highest performance rating
available at the SEC, in part, for her “ability to
understand and analyze the complex issues of the
Madoff investigation.”
Fight Fraud – Who’s Responsible?
Strong controls against fraud are the responsibility of everyone in the organization.
All levels of staff, including management, should have a basic understanding of fraud and be aware of the red flags.
Source: Managing the Business Risk of Fraud: A Practical Guide (sponsored by IIA, AICPA, and ACFE)
Leverage Technology
Vendors and employees with the same address (34 instances)
Checks issued before invoice dates (45 instances)
Vendors with no activity for a 2-year period (1,800 instances)
Leverage Technology
Checks with no payee addresses (130 instances)
Sequential invoice numbers from the same vendors (1,000 instances)
Multiple invoices from the same vendor on the same date (4,500 instances)
Leverage Technology
Missing check numbers (8,300 instances)
Recurring identical amounts for the same vendors (630 instances, ranging from 2 to 78 instances)
Checks processed on Saturdays or Sundays (2,100 instances)
Contact Information
Don Mullinax
Shareholder
Forensic/Strategic Solutions, PC
2272 Colorado Blvd., Suite 1347
Los Angeles, CA 90041
213-617-1301 (office)
626-372-3657 (cell)