Internal Controls

““There is no kind of There is no kind of dishonesty into which dishonesty into which otherwise good people otherwise good people more easily and more easily and frequently fall than that frequently fall than that of defrauding the of defrauding the government.”government.”

Benjamin FranklinBenjamin Franklin

How Does Fraud Occur?

Poor internal controls– Lack of proper authorizations– No separation of authorization, custody, and record keeping– No independent checks on performance– Lack of clear lines of authority– Inadequate documentation

Management override of internal controls Collusion between employees and 3rd parties Collusion between employees and management Limited, unclear, or no policies and procedures Poor or non-existent ethics and/or policy

“We all can learn from audit standards”

Statement on Auditing Standards No. 99

Exercise professional skepticism

Conduct brainstorming

Identify and assess risks

Communicate

Challenges We Face

74% of us believe our ethics are higher than those of our peers

83% of us say that at least one-half of the people we know would list us as one of the most ethical people they know

92% of us are satisfied with our ethics and character

Would you commit a felony to pay for needed surgery for your child?

Yes – 97 percent

Would you commit a felony to pay for needed surgery for your spouse?

Yes – 42 percent

“In the real world, successful people do what they have to

do to win, even if others consider it cheating.”

We do what we must to win

200 Olympians

1. Performance enhancing drug, no one will find out, no side affects, and win all races next 5 years

195

2. Performance enhancing drug, win all races next 5 years, then die from side affects, but no one will find out

100

Future Work Force (College)

11% reported cheating in 1963

49% reported cheating in 1993

75% reported cheating in 2003, 2005, 2006, 2007

50% in graduate school in 2006

Trust Is Not A Control

Former Director, Federal Emergency Management Agency

Assistant City Manager, Emergency Services Division

Assistant to the City Manager

Trust Is Not A Control

Former Deputy Chief Information Officer, U.S. Department of Homeland Security

Bachelor’s Degree (1993), Master’s Degree (1995), and Doctorate (2000)

Hamilton University

Unaccredited fee-for-degree “distance learning” center (“Diploma Mill”)

Bachelor’s Degree (2000), Master’s Degree (2000), and Doctorate (2001)

Reasons We Miss Fraud

Reasons We Miss Fraud

Personalities

Face Value

Avoid Conflict

Checklists

Education

Pressure

Auditor v. Investigator

Business Operations

The “Right” People

Warning Signs

Personalities

Clients’ strong personalities create difficulties

Taken in by friendly personalities

Need to be liked by the client

Personalities

Auditors requested to see a sampling of 400 invoices for ZZZZ Best work. Of those 400, the auditors would select 20.

ZZZZ Best provided 20 fake invoices.

Auditors asked to see 400 original invoices – CFO protested and auditors backed down.

Face Value

Accept answers on face value

Lack of skepticism – never taught and not in personality

Face Value

Crazy Eddie’s – one of the 20th century’s most infamous financial statement frauds

Employees helped auditors with inventory counts

10 equals 25

Watch What They Say

“The balance sheet is strong.”

“The third quarter is looking great.”

“Our stock is an incredible bargain at current prices.”

-- CEO Ken Lay, Enron

Watch What They Say

“We are confident in our marks and the reasonableness of our valuation methods.”

“We have a high degree of certainty in what we have booked to date.”

-- CEO Martin Sullivan, AIG

Watch What They Say

“Our liquidity and balance sheet are strong.”

“We don’t see any pressure on our liquidity, let alone a liquidity crisis.”

-- CEO Alan Schwartz, Bear Stearns

Watch What They Say

“We are on the right track to put these last two quarters behind us.”

-- CEO Richard Fuld, Lehman Brothers

“Our liquidity pool also remains strong at $42 billion.”

-- CFO Ian Lowitt, Lehman Brothers

Watch What They Say

“In today’s regulatory environment, it’s

virtually impossible to violate rules.”

-- Bernard Madoff Oct. 20, 2007

Avoid Conflict

“People are just too damn lazy.”

-- ZZZZ Best’s former CFO

Rather than drive out to confirm an address where ZZZZ Best was supposedly doing $45 million in business, the

auditors would make a phone call and were satisfied.

Checklists

Use too many checklists – try to get them done versus understanding the questions

Too narrow focused – don’t look to see if things make sense from a broader perspective

Budget & task oriented

Fraudsters Stay One Step Ahead

Electric wheelchair

$5,000

Billed at least 1,000 times ($5 million) for same wheelchair

Checklists

• Do you?

• Have you?

• Can you?

• Are you?

• How?

• Describe?

• What?

• Explain?

Education

Fraud and stupid can look just a like

More of a mind-set

Focus on exceptions, oddities, accounting irregularities, and patterns of conduct

Education

“No one ever asked.”

-- Mark Morze, ZZZZ Best’s former CFO

Education

Does the company possess all of the licenses it needs to conduct the business it does?

How does the company generate the 30%, 40%, 50%, and 60% profit margins that appear on its books?

Why do the company’s bids for complicated, million-dollar projects fit on a single page?

Education

Why is the company constantly in need of additional cash?

Why did the company waste $2 million on equipment it could have rented for 90% less?

Can we (the auditors) speak to at least one satisfied customer?

Education

Why is business conducted only with cashier’s checks?

How can the company’s revenues grow by 400% in 6 months, while the company’s general & administrative costs barely grow at all?

Why aren’t any of the company’s vendors in the Yellow Pages?

Education

Why do the company’s estimates for project costs always equal—to the penny—the supply sheets from the vendors?

Why are there no addresses on the work invoices?

Where are all the government forms regarding permits, licenses, etc.?

Education

Where is all the paperwork on vendor deliveries?

Could the auditors have a tour of one or two of the company’s warehouses or other facilities?

Can the auditors speak with a few of the company’s vendors or subcontractors? If not, why not?


Too much time on prior year testing & tick marks

Spend too little time talking to the “right” people


Chairman

Chief Executive Officer

Chief Operating Officer

Chief Financial Officer

Chief Accounting Officer

Chief Compliance Officer

Chief Audit Executive

Chief Legal Officer


Accounting Manager

A/P Manager

Warehouse Foreman

Billing Manager

Payroll Manager

H/R Manager

Q/A Manager

Contracting Officer

Why Warning Signs are Important?

“The average fraud scheme lasted 24 months

before it was detected.”

-- ACFE 2008 Report to the Nation

Professional Services Contract

Effective Date Amount Contract Price

Contract 09/12/04 $ 85,850 $ 85,850

Mod #1 11/22/04 $ 30,800 $116,650

Mod #2 04/08/05 $ 78,400 $195,050

Mod #3 09/12/05 $ 1,400 $196,450

Mod #4 09/30/05 $148,600 $345,050

Warning Signs

Unexplained employee absences

Refusal to produce records, files or documents

Excessive overtime

Missing documentation

Warning Signs

Payments to a vendor post office box

No original source documents

Lack of competitive bidding

No exceptions or errors

Warning Signs

Significant life-style changes

Refusal to take vacation

Excessive movement of funds between accounts

Single vendor

Warning Signs

Excessive or unjustified changes in accounting personnel

Premature or excessive destruction of controlled documents

Excessive cash transactions

High rate of employee turnover

Warning Signs

Customer complaints

Can’t talk to people (protection)

Turning down promotions or transfers

Improperly trained employees

Warning Signs

Delivery location not the office, plant or job site

Invoices with minimal information

Increase in purchasing inventory but no increase in sales

Lack of physical security over assets / inventory

Warning Signs

Increase in scrap materials and reorders for same items

Inventory that is slow to turnover

Vendors that pick up payments

Consistent cash flow problems

Warning Signs

Significantly outpace other companies in same industry

Frequently change auditors, banks, and attorneys

Dramatic changes in key ratios or ratios too good

Excessive number of checking accounts

Warning Signs

Failure to reconcile bank statements or a conflict of duties on the part of performing reconciliations

Accounts receivable grows substantially faster than sales

Growth in accounts payable substantially exceeds revenue growth

Warning Signs

Majority of net income comes from one-time gains

Operating expenses decline sharply relative to sales

Company cash flows come primarily from assets sales, borrowings or equity offerings

Change in accounting principles and estimates

Warning Signs

Numerous adjustments

Key personnel going to work for vendors

Lack of segregation of duties

Inappropriate shipping costs

Warning Signs (Accounts Payable)

Recurring identical amounts from same vendor

Multiple vendors with similar names in accounting system

Multiple remittance addresses for same vendor

Vendor addresses don’t agree with application


Sequential invoice numbers from same vendor

Lack of segregation of duties:

Process invoices & updates to vendor master file

Check preparation & posting to vendor account

Check preparation & mailing signed checks


Excessive credit adjustments to specific vendor

Systematic pattern of adjustments for goods returned

Paid invoices not properly canceled

Unrestricted access to blank checks, signature plates, and check-signing equipment

Warning Signs (Inventory/Production)

Fluctuations in inventory accounts between months (e.g. debit balance one month, credit balance the next)

Excessive inventory write-offs without documentation or approvals

Unrestricted access to inventory storage areas


No segregation of duties:

Receipt of inventory & issuing of materials

Recording of inventory accounts & ordering materials

Identification of obsolete & surplus materials and sale/disposal of such materials


No policy on identification, sale, and disposal of obsolete and surplus materials

No policy on inventory levels to be maintained (i.e., minimums, maximums, reorder points)

Lack of regular physical inventories by independent personnel


Consistent production overruns beyond sales demand and backlog orders

Excessive production waste, spoilage, or other loss of raw materials

Extended delay of good marked “for shipment” maintained within shipping area

Warning Signs (Accounts Receivable)

Lack of policies regarding write-offs

No supervision or review of write-offs

Duties of posting to accounts & receiving cash not segregated


Frequent undocumented or unapproved adjustments, credits, and write-offs

Dramatic increase in allowance for doubtful accounts

Reluctance to reserve for or write off accounts receivable


Accounts receivable increasing or decreasing in a way not in accord with changing sales figures

Unexplained deterioration in collection cycle

Warning Signs (Construction Projects)

One company repeatedly wins contracts

Competitors continually submit bids that are unreasonably high, late, or are disqualified

An exclusive, consistent group of contractors bids on projects, and winning bidders appear to be on rotation basis or follow a particular pattern


Bids submitted by contractors are vastly higher than on similar jobs by the same vendor

Successful bidders subcontract work to competitors that submitted excessive, unreasonable bids for the same job

Bid paperwork submitted by various vendors contains similarities or even identical items


Bidders who are qualified and capable of bidding do not bid

Winning vendor is always the last to bid

Numerous or large dollar change orders

Change Orders

Estimate Low Bidder Actual Cost Claims

$1,500,000 $860,000 $5,200,000 $15,000,000

Contractor tried to recover cost overruns by using inflated change orders:

134 change orders:

Average contractor proposal: $50,000 Average negotiated amount: $15,000


Certain contractors always bid against each other or never bid against each other

New vendors receive disproportionate number of winning bids

Refusal to produce records, files or documents

SEC Report of Investigation (“Madoff”)

The SEC focused its investigation too narrowly.

The SEC did not seek records from an independent third-party, but sought copies of such records from Madoff himself.

The teams assembled were relatively inexperienced.

There was insufficient planning for the examinations.

No significant attempts made to analyze the numerous red flags.


Even when Madoff’s answers were seemingly implausible, the SEC examiners accepted them at face value.

The relatively inexperienced staff failed to appreciate the significance of the analysis in the complaint, and almost immediately expressed skepticism and disbelief.

When Madoff provided evasive or contradictory answers to important questions in testimony, they simply accepted as plausible his explanations.

They conducted their examination by simply asking Madoff about their concerns and accepting his answers.


Madoff was the examiners primary contact and he carefully controlled to whom they spoke at the firm.

Examiners had a real difficult time dealing with Madoff as he was described as growing increasingly agitated during the examination, and attempting to dictate to the examiners what to focus on in the examination and what documents they could review.

Never verified Madoff’s purported trading with any independent third parties.

• Madoff records indicated $2.5 billion in 100 equities – third party records showed less than $18 million worth of equities.


Shortly after the Madoff Enforcement investigation was

effectively concluded, the staff attorney of the

investigation received the highest performance rating

available at the SEC, in part, for her “ability to

understand and analyze the complex issues of the

Madoff investigation.”

Fight Fraud – Who’s Responsible?

Strong controls against fraud are the responsibility of everyone in the organization.

All levels of staff, including management, should have a basic understanding of fraud and be aware of the red flags.

Source: Managing the Business Risk of Fraud: A Practical Guide (sponsored by IIA, AICPA, and ACFE)

Leverage Technology

Vendors and employees with the same address (34 instances)

Checks issued before invoice dates (45 instances)

Vendors with no activity for a 2-year period (1,800 instances)

Leverage Technology

Checks with no payee addresses (130 instances)

Sequential invoice numbers from the same vendors (1,000 instances)

Multiple invoices from the same vendor on the same date (4,500 instances)

Leverage Technology

Missing check numbers (8,300 instances)

Recurring identical amounts for the same vendors (630 instances, ranging from 2 to 78 instances)

Checks processed on Saturdays or Sundays (2,100 instances)

Contact Information

Don Mullinax

Shareholder

Forensic/Strategic Solutions, PC

2272 Colorado Blvd., Suite 1347

Los Angeles, CA 90041

213-617-1301 (office)

626-372-3657 (cell)

[email protected]

Internal Controls

Documents

Transcript of Internal Controls