Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and - - PowerPoint PPT Presentation

Nonp

• npro

rofi fit Symposium posium

Fraud Risk Mitigation and Prevention in Nonprofit Organizations

Thomas G. Claassen CPA, ABV, CFE, CFF July 16, 2009

2

Fr Fraud ud De Defi fine ned

Fraud is: 1) any intentional act or omission 2) designed to deceive others, 3) resulting in the victim suffering a loss and/or the perpetrator achieving an ill-gotten gain.

3

Fr Fraud ud Thre hreshold shold

“Intentional act or omission with intent to DE DECEIVE VE”

• Key difference between an error and fraud is the

intent of the individual that causes a given loss.

• Identify honest individuals and attempt to minimize

situational pressures within the organization.

4

Fr Fraud ud Type pes

1) Asset misappropriation - The theft or misuse of an

• rganization’s assets

– Billing – Diversion of funds – Expense reimbursements – Check tampering – Payroll – Wire transfers – Information – Securities

5

Fr Fraud ud Type pes

2) Corruption – Person uses his or her influence in a business transaction to obtain an unauthorized benefit contrary to that person’s duty to his or her employer

– Conflict of interest – Bribery – Illegal gratuities

6

Fr Fraud ud Type pes

3) Fraudulent statements - Falsification of an

• rganization’s financial statements or filings to

make it appear more or less profitable

– Misuse of restricted funds – Misrepresentations relating to program results – Tax reporting issues (Form 990) – Concealed liabilities – Fictitious revenues – Improper asset valuations – Improper disclosures – Timing differences

7

Fr Fraud ud Tri riangle le

Rationalization

(People Factor)

Opportunity

(Control Environment)

Incentive/Pressure

(External Influences)

8

Fraud Damage & Non

• nprofit
• fit Organization
• ns
• Direct Financial Damages
• Indirect Damages
• Financial impact can be a multiplier of any direct financial

damages incurred

• Inherent lack of trust that an organization has the ability

to fulfill its mission

• Donors less likely to contribute if funds are being diverted
• r misused

9

Fraud Sta tati tisti tics by Organizati tion

• n Type *

* Information obtained from the 2008 ACFE Report to the Nation.

$109,000 Nonprofit $100,000 Government $142,000 Public Company $278,000 Private Company Medi edian Loss ss Organization Type pe

10

Com

• mmon
• n Types

es of

• f Fraud *

2.8% Register Disbursements 10.3% Fraudulent Statements 9.3% Payroll 16.3% Non-Cash 22.9% Cash Larceny 16.6% Skimming 14.7% Check Tampering 13.2% Expense Reimbursements 23.9% Billing 26.9% Corruption

Cases Scheme

* Information obtained from the 2008 ACFE Report to the Nation and is based on

results of 959 fraud cases compiled by the ACFE

11

Fraud Det etec ection

• n Method

thods *

* Information obtained from the 2008 ACFE Report to the Nation

12% Internal Audit 52% Tip 3% Notified by Police 16% External Audit 15% Internal Controls 17% Accident

Percentage

• f Case

ses Det Detec ection Met ethod

12

Th Three ree-Legged Sto Stool

• l
• Governance - Culture of

Accountability and Ethics

• Fraud Risk Assessment

Current Status Address Gaps

• Prevention, Detection and Corrective

Action - Implement Best Practices

13

Gov Governa rnanc nce

Tone at the Top

Formal Code of Ethics – Regular Periodic Updates Management Example Vested Interest – Visibility Teach and Instruct

14

Gov Governa rnanc nce

Positive Workplace Environment

• Honest and constructive feedback and recognition for job

performance

• Eliminate fear of delivering “bad news”
• Treat employees with fairness throughout the organization
• Organizational responsibilities clearly defined
• Strong communication practices and methods

Direct communication vs. innuendo

• Competitive compensation

15

Gov Governa rnanc nce

Hiring and Promotions

Smart, Honest and Tough

• ugh – do not compromise

Background investigations for job candidates or those being considered for promotion to position

• f trust

Thorough check of candidates’ education, employment history and personal references

16

Ris Risk Ass ssess ssment nt Proc rocess

• Management buy-in and communication
• Assemble team
• Brainstorm and identify fraud risks by area
• Categorize risks according to potential exposure
• Identify controls in place that mitigate fraud risks

and/or fraud risks for which adequate controls do not exist

• Prioritize fraud control gaps according to exposure
• Develop remediation plans
• Perform cost/benefit analyses
• Implement controls to close gaps
• Perform risk assessment updates

17

Risk As Asse sess ssmen ent Tea eam

• Finance and Accounting
• Business Unit and Operations
• Internal Audit
• Legal and Compliance
• External Consultants with Fraud Expertise

18

Fr Fraud ud Risk sk Ide Ident ntif ificat icatio ion

• What could go wrong? (Fraud Universe)
• What are the internal control weaknesses?
• Can controls be overridden or

circumvented?

• How could a fraud be concealed?

19

Fr Fraud ud Risk sk Ide Ident ntif ificat icatio ion

Identification of Fraud Risks should not be performed in a vacuum. Need to consider across the organization (horizontally and vertically) by:

• Functional Area
• Position
• Relationship

20

Fr Fraud ud Risk sk As Asses sessm sment Example ple

GOVERNANCE

21

Fr Fraud ud Risk sk As Asses sessm sment Example ple

DISBURSEMENTS

22

Impl Implement nt Best Practi tices

• Effective Governance and Oversight
• Employee Hiring and Retention

Integrity Competence Attention

• Perform Fraud Risk Assessment
• Documented Fraud Policy
• Anonymous Fraud Hotline
• Appropriate Responses to Suspected Fraud Activity
• Culture of Healthy Skepticism

23

An Anti ti-F

• Fraud Mea

easu sures es in Pl Place at Time of

• f Fraud *

* Information obtained from 2008 ACFE Report to the Nation.

70% External Audit 5% Whistleblower Rewards 44% Hotline 53% Employee Support Programs 56% Internal Audit Percent Control

24

Organizati tion

• nal Res

espon

• nse

se to Fraud

PREPARATION TO RESPOND BEFORE FRAUD OCCURS

• Identify skills needed to pursue allegations (legal, financial,

etc.).

• Determine persons authorized to investigate, handle requests

for information, interface with outside authorities and engage

• utside consultants, if necessary.
• Consider use of counsel to be the point person for

investigations with the ASS SSUMPTION that ALL LL fraud incidents will result in prosecution and/or litigation.

• Be prepared to communicate messages to be delivered to

employees, donors, the press and others in a timely and forthright manner. Engage counsel to review such communications prior to delivery.

25

Fr Fraud ud Response sponse – Key Points

• ints
• Construct Fraud Response Apparatus
• Quickly Summarize Facts and Circumstances
• Immediate Actions to CONSIDER to “Close the Door”
• Terminate access to accounts and/or systems
• Place individual on administrative leave
• BE CAREFUL not to jeopardize the investigation or fall

victim to legal pitfalls

• Perform Investigation
• Awareness of Legal Issues

– Civil – Criminal

26

Fr Fraud ud Response sponse – Key Points

• ints
• Involvement of External Authorities
• Loss Recovery

– Insurance policies – Civil Action

• Publicity Issues
• Address Impact on Employee Morale and HR

Concerns

• Remediation of Control Weaknesses

27

Re Resource sources

AICPA Anti-Fraud and Corporate Responsibility Center http://antifraud.aicpa.org/ IIA Fraud Resource Repository http://www.theiia.org/guidance/standards- and-practices/additional-resources/fraud- repository/ ACFE Site and Resource Repository http://www.acfe.com/home.asp http://www.acfe.com/fraud/fraud.asp

28

Re Resource sources

White Collar Crime Fighter http://www.wccfighter.com/ Open Compliance and Ethics Group (OCEG) http://www.oceg.org/landing/IAG.aspx Evaluation of Compliance & Ethics Program http://www.oceg.org/view/HHG Hotline and Helpline Guide

29

Fraud Risk sk Mitigati tion

• n and Prev

even ention

• n in

Non

• nprofit
• fit Organization
• ns

Questions ??