How to Prevent It, How to Detect It?
This is written for both the layman and the fraud examiner. It will cover various areas of operations. Beware of the opening of secret bank accounts that are not on the books. Beware of only 1 authorised signatory. Look out for fictitious invoices. Catch fraud before it becomes large-scale in nature.
An Overview. Who steals? Most frauds are committed by middle age males. Those committed by management results in a large loss. The fraudster is usually someone who is good at work and have been with the company for a long period of time and given high responsibility. Opportunity is a key element of fraud. To prove fraud, you must prove intent. Errors are different from fraud. Abuse of company’s assets is possible. There are 3 main fraud categories: asset misappropriation, corruption, financial statement fraud. There is fraud detection and prevention. Prevention is the more effective measure. Theft is the most common type of fraud in the government (cash or non-cash). FS fraud is very rare for public entities as they do not have incentive to cook the books. This book focuses on asset misappropriation and corruption. Frauds usually last for 18 months before detection. Corruption is very serious and leads to large losses. Government is fraud is serious as you are ultimately stealing from the taxpayers. Money is tempting, even to the best of people. The Fraud Triangle (Rationalization, Incentive, Opportunity). There must be all 3 for the audit to occur. SOD is important as it gets rid of the opportunity. People in financial distress have greater incentive to steal. Be wary of round-dollar vendor cheques. It is alarming when records go missing.
Fraud prevention. It is the responsibility of management to develop a good internal control structure. External auditors do not give an opinion on internal controls. Their definition of materiality is different from IA. Audit is not a cure-all as it is more detective in nature. SOD is very effective. 1 person should not be allowed to perform more than 1 function: 1) custody of assets; 2) reconciliation; 3) authorization; 4) book keeping (CRAB). If can’t have SOD, institute a level of review. Write down the names of people performing each of the tasks. Use it for any other transaction cycle. It is possible to use a checklist to assess IC. A sound whistle-blower programme is important. It is more effective than hiring auditors for fraud detection. Use a whistleblowing program that happens all the time. Look out for red flags. Decrease in revenue is a potential red flag. Hire a fraud specialist before fraud occurs. Addressing Fraud is the responsibility of the management. Perform periodic surprise audits on areas with control weaknesses.
Transaction Level Fraud Prevention. Theft can occur in the cash receipting process (Decentralised Cash Collections, Cash Drawers, Elected Officials and Collections, Check-for-cash substitution). Do not have so many cash collection points. It is important to document, immediately, any receipt of cash. A cash drawer should be assigned to a single person. All payments in a day must be reconciled to the receipts issued. All receipts must be accounted for. Understand the normal cash drawer activity. The supervisor must review the entries if one person handles cash and then keys in the transaction. This must happen daily. Cash must be deposited in the bank on a frequent basis. Employees sometimes steal rebates or refund cheques and convert them to cash. It is a must to record on each receipt the amount of cash or check payment received. End of the day – reconcile the daily amount of cash and cheques from the cash drawer to the daily receipts summary for each type of receipt (cash, cheque etc). For disbursement fraud, money is stolen from cheques, electronic payments etc. Bribes are one way. Bribes harm organizations indirectly. The vendor is usually the one who bribes government officials. The aim is to get the purchaser to buy something he doesn’t need and get him hooked. All gifts must be declared. Look at trends of payment to vendors over the years. Beware of fictitious vendors. You need to know how vendors are created and the review process. For example, you can send the cheques to your own home. However, the fraudster must be able to create a signed cheque or wire funds. A forged cheque is also possible. The payment must also be posted and it goes unnoticed. You cannot add vendors and authorize payments. This is a conflict of interest. One should ascertain the new vendor by calling them. If you can edit old vendor’s address, it is possible too. Access rights must be properly assigned. Altering cheque payees is one way of fraud. For cheques that are altered, it usually doesn’t have a corresponding invoice. Invoices should be stamped paid so that there will not be duplicate payments. The accounting clerk can trick the check signer to sign the cheque for a second time. Make sure there is stamped paid. Wire Transfer fraud is also possible. For wire transfer fraud, if you can wire funds yourself and then make entries without review, this is a recipe for fraud. Establish call-back procedure and at least 2 signatories for wire transfers to external parties. Payroll fraud is an area that needs scrutiny too. Look out for the payroll cheque review process. Detect ghost employees. Another way is to inflate pay rates and hours worked. Look at overtime trends etc. Most external auditors perform analytical procedures and not detailed control testing. Jet engine parts can be stolen. Conduct periodic inventories of capital assets. Audit existing, additions and removals of capital assets. Nip it in the bud. Accountability is critical to prevent theft. Assets must be inventorised and there must be a capitalisation threshold. Construction fraud is possible: 1) Kickbacks from the contractor to awarding officials; 2) over-billing; 3) deficient materials and cutting corners. The SO should be hired by the government to act for them and perform quality checks. This SO should be given access to the sites and records. The work should be performed in the government’s interest. The cost of the monitoring agent is a good investment.
Detect Fraud. How do you detect it? There are a large variety of fraud schemes. A leave of absence is good as another employee can perform the work and suspect any wrongdoings. If you have money, hire a fraud specialist. All receivable adjustments must be authorised. Confirm cheques received and keep a log. Search off-the-book theft of receipts. Investigate revenue differences. Do a walkthrough of the documents. There are 6 disbursement fraud tests. 1) Test for duplicate payments; 2) Review the AP Vendor File; 3) Check for fictitious vendors; 4) Compare vendor and payroll addresses; 5) Scan all cheques for proper signatures and payees; 6) Review checks falling just below the approval limit.
Procure Fraud-Related Audit Services. What is an audit about? Is fraud occurring? What is the damage? You can prepare an RFP for fraud-related services. You can pay to get a GAAS audit, forensic audit or internal control review. Some smaller governments are not audited.
Audit and CPA. Audit using the balance sheet approach. Fraud can sting auditors. Balance sheet approach is the examination of period ending balances, just as using confirmations to confirm balances. However, the weakness to this is that the income statement may be mis-classified. Auditors can save time using a risk-based audit approach. You need to explain what a fraud is and that it is not auditor’s responsibility to detect fraud. Any fraud tests must be performed. An IC weakness can be classified as 1) material weakness; 2) significant deficiency; 3) other deficiencies. Be careful of material weaknesses. Auditors can use checklists when performing their audit.