AFOA Canada National Conference

1
AFOA Canada National Conference

• In Control
• Fraud and Internal Controls
• February 27, 2004

pwc
2
Presenters

• Shannon Ryhorchuk
• Calgary Audit Partner with extensive experience
  servicing the First Nation, Municipal Government
  and Not-For-Profit sectors.
• Chad Cretney
• Calgary Financial Advisory Services Senior
  Manager with extensive experience conducting
  forensic investigations. These assignments have
  been completed in a wide range of areas,
  including First Nations.

3
Introduction

• In this presentation we will discuss
• Discuss how changes in a current environment
  create opportunities for fraud.
• Introduce and explain some of the most commonly
  perpetrated internal frauds.
• Identify the key controls that should be in place
  to complement the activities of First Nations.
• Discuss the importance of having a strong system
  of Internal Controls to prevent and detect fraud.

4
Current Environment

• Changes in the business and economic environment
  create opportunity for fraud.
• Increased use of technology
• Technology advances ahead of security devices
• Increased complexity of banking arrangements
• Increased complexity of economic transactions
• Impact on economic development from world events
• Management, auditors and those responsible for
  governance, such as Chief and Council, have
  increased responsibility for assessing risk of
  fraud.

5
Internal control Key Concepts

• Control comprises those elements of an
  organization that, taken together, support people
  in the achievement of the organizations
  objectives.
• Internal control is effective to the extent that
  it provides reasonable assurance that the
  organization will achieve its objectives
  reliably.
• Control can only provide reasonable, not
  absolute, assurance.
• Internal controls must adapt to any changes in
  the external and internal factors

6
The control environment

• The control environment comprises management's
• Philosophy
• Attitude and
• Demonstrated commitment
• to control and sets the tone by which the
  business operates.

7
Types of internal controls

• Management Controls
• Accounting Controls

8
Key Management Controls

• Budgets preparation, approval and monitoring
• Regular financial reporting
• Preparation and review of monthly financial
  information
• Monitoring and review of key transactions
• Policies and procedures
• Tone at the Top

9
Key Accounting Controls

• Record Keeping
• Reconciliations
• Approval/Authorization limits
• Supporting documentation
• Verification

10
Fraud prevention

• Where does fraud occur?
• Why does fraud occur?
• Major types of fraud
• Fraud prevention What can you do?

11
Crime Facts

• The Bigger You Are, the Harder You Fall
• No Industry is safe
• Asset misappropriation is the most widely
  reported crime
• Asset misappropriation and Cybercrime are the
  biggest concerns for the future
• The impact on reputation, image and staff morale
  can be more important than financial loss
• 75 of victims recover less than 20 of losses
• Less than 50 of victims have economic crime
  insurance

2003 PwC Global Economic Crime Survey
12
Where does Fraud Occur?
Organization
13
Where does Fraud Occur?
Organization
- Short Shipments - Double Billing - False
Invoices - Employee Bribery
Suppliers
14
Where does Fraud Occur?
Competitors
- Employee Bribery
Organization
Suppliers
15
Where does Fraud Occur?

• Shoplifting
• False Returns
• False Credit Cards
• Fraudulent Cheques

Customers
Competitors
Organization
Suppliers
16
Where does Fraud Occur?
Customers
Competitors
Government

• Tax Evasion
• Contract Cost Padding

Organization
Suppliers
17
Where does Fraud Occur?
Customers
Competitors
Government
Organization
Insurers
Suppliers

• False Loss Claims

18
Where does Fraud Occur?
Customers
Competitors
Government
Organization
Insurers
Suppliers
Employees (Internal Fraud)
19
Most Common Types of Economic Crime Experienced
2003 PwC Global Economic Crime Survey
20
Why does fraud occur?
OPPORTUNITY
THE FRAUD TRIANGLE
PRESSURE
RATIONALIZATION
21
Major types of internal fraud

• Expense Account Schemes
• Purchasing and Billing Schemes
• Bribery and Conflicts of Interest
• Inventory and Other Assets Frauds
• Payroll Fraud
• Cheque Tampering
• Skimming Schemes

22
Expense account schemes

• Main Risk Over reimbursement to employees.
  Prevalent issue when employees travel regularly
  to or from a major centre.
• Mischaracterized expenses
• Overstated expenses
• Fictitious expenses
• Multiple reimbursements

23
Key Controls Expense claims

• Key controls include
• Formal written policies
• Pre-approval of all travel costs.
• Approval of expense claims by a properly
  authorized senior person prior to payment
• Original receipts or other supporting
  documentation required
• Matching of expenses to receipts
• No expense advances, reimbursement only.

• Main Risk Over reimbursement to employees.
  Prevalent issue when employees travel regularly
  to or from a major centre.
• Mischaracterized expenses
• Overstated expenses
• Fictitious expenses
• Multiple reimbursements

24
Accounts Payable - Purchasing and billing schemes

• Main risks Invoices will be paid more than once
  or in error and/or not all liabilities will be
  recorded.
• Phantom vendors/Shell companies
• Accomplice vendors
• Personal purchases

25
Key Controls Purchasing Billing Schemes

• Key controls in this area include
• Proper authorization to setup vendor accounts
  periodic review of vendors
• Supporting documentation for payments
• Proper authorization for disbursements
• Cheque signing controls
• Scheduled A/P payment dates
• Purchase orders
• Corporate credit cards
• Conflict of interest policy
• Budgets

• Main risks Invoices will be paid more than once
  or in error and/or not all liabilities will be
  recorded.
• Phantom vendors/Shell companies
• Accomplice vendors
• Personal purchases

26
Conflicts of interest
Conflict of interest arises when an employee,
department manager, or executive officer has an
undisclosed economic or personal interest in a
transaction that affects the organization
27
Bribery and conflicts of interest

• Bribery
• Invoice kickbacks
• Bid rigging
• Conflict of interest
• Purchases schemes
• Sales schemes

28
Key Controls - Bribery and conflicts of interest

• Bribery
• Invoice kickbacks
• Bid rigging
• Conflict of interest
• Purchases schemes
• Sales schemes

• Key controls in this area include
• Conflict of interest policy including annual
  declarations of compliance
• Monitoring/control of vendor information
• Review/approval of significant transactions by
  senior management and/or Chief and Council
• Formal bid/tendering policy
• Budgets
• Monitoring of customer/staff complaints
• Tone at the Top

29
Inventory and fixed asset frauds

• Main risk Safeguarding assets from
  misappropriation and the reliability of the
  reported values.
• Theft
• Asset requests and transfers
• False sales and shipping
• Purchasing and receiving
• Misuse of common assets
• Computers
• Illegal activities or hacking
• Telephones
• Company Vehicles equipment
• Use of company car and equipment for a side
  business

30
Key Controls - Inventory and fixed assets

• Main risk Safeguarding assets from
  misappropriation and the reliability of the
  reported values.
• Theft
• Asset requests and transfers
• False sales and shipping
• Purchasing and receiving
• Misuse of common assets
• Computers
• Illegal activities or hacking
• Telephones
• Company Vehicles equipment
• Use of company car and equipment for a side
  business

• Key controls in this area include
• Detailed fixed asset listing.
• Physical verification/counts of assets
• Physical protection of assets
• Policies regarding use of assets
• Approvals/accounting for asset requests and
  transfers
• Separation of purchasing receiving
• Purchase approval levels
• Review of A/R ageing/collection

31
Payroll fraud

• Main Risks Overpayment of employees and
  improper recording of payroll costs.
• Ghost employees or dead horses on the payroll
• Falsified wages
• Commission schemes
• Workers compensation

32
Key Controls - Payroll

• Key controls in this area include
• Review of the payroll register
• Review and update of employee personnel files
• Separation of Personnel functions from Payroll
  functions.
• Budget
• Validation checks on payroll input
• Direct Deposit vs. cheque distribution

• Main Risks Overpayment of employees and
  improper recording of payroll costs.
• Ghost employees or dead horses on the payroll
• Falsified wages
• Commission schemes
• Workers compensation

33
Cash - Cheque tampering

• Main risk Cash is the easiest asset to
  misappropriate.
• Stealing blank cheques
• Forging signatures.
• Intercepting legitimate cheques
• Submitting fraudulent cheques with legitimate
  ones to be approved by an inattentive signer.
• Authorized cheque signatory prepares and signs
  fraudulent cheques for their personal benefit.

34
Key Controls - Cash

• Key controls in this area include
• Physical safeguard of blank cheques
• Control of physical cheques after signing
• 2 signatories required over thresholds
• Scheduled cheque runs
• Controls over vendor masterdata
• Approval of all cheques and bank transactions by
  senior and appropriate personnel.
• Bank reconciliations

• Main risk Cash is the easiest asset to
  misappropriate.
• Stealing blank cheques
• Forging signatures.
• Intercepting legitimate cheques
• Submitting fraudulent cheques with legitimate
  ones to be approved by an inattentive signer.
• Authorized cheque signatory prepares and signs
  fraudulent cheques for their personal benefit.

35
Accounts Receivable - Skimming schemes
Main risks Amounts are not recorded or not
recorded in a timely manner, and amounts are not
collectible.

• Skimming is the removal of cash from a victim
  entity prior to its entry in the accounting system

• Types of skimming
• Unrecorded sales and receivables
• Receivables skimming

36
Key Controls - Accounts Receivable
Main risks Amounts are not recorded or not
recorded in a timely manner, and amounts are not
collectible.

• Key controls in this area include
• Review of the aged accounts receivable listing.
• A/R ageing
• Review of unapplied cash
• Customer complaints
• Use of cash registers/customer receipts
• Budgets

• Skimming is the removal of cash from a victim
  entity prior to its entry in the accounting system

• Types of skimming
• Unrecorded sales and receivables
• Receivables skimming

37
Fraud prevention What can you do?

• Poorly designed internal controls or a breakdown
  in existing controls are the number one reasons
  fraud and abuse are allowed to occur.
• All organizations are vulnerable no one is
  immune.

38
Fraud prevention What can you do?

• Fraud can be extremely costly to any
  organization, therefore fraud prevention is
  critical
• Control culture integrity and accountability in
  leadership
• Risk management accounting and management tools
• Adopt controls that work for you

39
Conclusion Effective internal control and fraud
prevention

• Set the tone at the top
• Management must lead the way
• Sound internal control
• The weapon to combat fraud
• The high costs of fraud
• Misappropriated assets
• Investigation
• Recovery
• External assistance is available
• Fraud vulnerability assessments
• Fraud-awareness training for management and
  employees

40
Pwc
111 - 5th Avenue SW, Suite 3100 Calgary, Alberta,
T2P 5L3 Fax (403) 781-1825 Shannon Ryhorchuk
(403) 509-7506 shannon.g.ryhorchuk_at_ca.pwc.com Cha
d Cretney (403) 509-7335 chad.j.cretney_at_ca.pwc.co
m