MMTCTA Fraud – Internal Controls Presented By Ron Smith & Greg Chabot, RHR Smith & Co. May 14, 2015 About RHR Smith & Company: RHR does approx 130 of Maine’s 500 Municipalities In the past year RHR has Investigated 23+ (18%)cases of Fraud or Abuse Ron & Greg have over 50 years collectively of this specialty area as it pertains to you
Definition of Fraud Fraud is an intentional deception made for personal gain
Fraud Triangle
Types of Fraud Misstatements arising from fraudulent financial reporting. Misstatements arising from misappropriation of assets.
Fraudster Statistics Most fraudsters are middle class, white males with a social status. Behavior is learned. Social Status is important to fraudsters About 1 in 5 receive prison time.
Having Said That Out of 23 investigations 1 of the suspects was male (4%) Most of these cases pertaining to Municipalities included, Tax Collector, Treasurer, or Deputy in each instance. 3 Cases involved Federal Funds leading to Questioned Costs.
Internal Controls & Fraud - Defined An accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error etc. In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. A coordinated system of procedures and techniques designed to safeguard a company’s assets, to ensure the accuracy of its accounting records, and to promote efficiency and adherence to prescribed policies.
Level of Responsibility - Auditor Auditors Assurances: 3) Auditor’s Procedures— General (Taken from a standard engagement letter) “An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements; therefore, our audit will involve judgment about the number of transactions to be examined and the areas to be tested. We will plan and perform the audit to obtain reasonable rather than absolute assurance about whether the financial statements are free of material misstatement, whether from (1) errors, (2) fraudulent financial reporting, (3) misappropriation of assets, or (4) violations of laws or governmental regulations that are attributable to the entity or to acts by management or employees acting on behalf of the entity.”
COSO Committee of Sponsoring Organizations Internal Control Framework Image Source: www.journalofaccountancy.com
Internal Controls & Fraud 5 Components of Internal Controls 1) Control Environment 2) Risk Assessment 3) Control Activities 4) Information & Communication 5) Monitoring “Your Government is Responsible”
Internal Controls – Control Environment It means the overall attitude, awareness and actions of directors and management (i.e. "those charged with governance") regarding the internal control system and its importance to the entity. They express it in management style, government culture, values, philosophy and operating style, the organizational structure, and human resources policies and procedures. IE: System of Integrity, hire competent people, get them trained, reasonable organizational structure.
Internal Controls – Risk Assessment Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk (R) :, the magnitude of the potential loss (L) , and the probability (p) that the loss will occur.
Internal Controls - Control Activities Control activities. Control activities are the specific policies and procedures management uses to achieve its objectives. The most important control activities involve segregation of duties, proper authorization of transactions and activities, adequate documents and records, physical control over assets and records, and independent checks on performance. A short description of each of these control activities appears below. Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. For example, the same person who is responsible for an asset's recordkeeping should not be responsible for physical control of that asset Having different individuals perform these functions creates a system of checks and balances. Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action. For example, a fixed price list may serve as an official authorization of price for a large sales staff. In addition, there may be a control to allow a sales manager to authorize reason able deviations from the price list.
Internal Controls - Control Activities (Cont) Adequate documents and records provide evidence that financial statements are accurate. Controls designed to ensure adequate recordkeeping include the creation of invoices and other documents that are easy to use and sufficiently informative; the use of pre-numbered, consecutive documents; and the timely preparation of documents. Physical control over assets and records helps protect the company's assets. These control activities may include electronic or mechanical controls (such as a safe, employee ID cards, fences, cash registers, fireproof files, and locks) or computer- related controls dealing with access privileges or established backup and recovery procedures.
Internal Controls – Information & Communication Information should be recorded and communicated to management and others within the entity who need it and in a form and within a time frame that enables them to carry out their internal control and other responsibilities.
Internal Controls – Monitoring Monitoring occurs in the course of normal operations. It is performed continually and is ingrained in the agency’s operations. It includes regular management and supervisory activities, comparisons, reconciliations, and other actions people take in performing their duties. Monitoring should assess the quality of performance over time and ensure that the findings of audits and other reviews are promptly resolved.
Levels of Responsibility - That percentage represents 20% up front of RHR client population - Apply that to all Maine Municipalities annually, it approximates 100 Communities with a poor choice being committed currently Auditors Assurances: 3) Auditor’s Procedures— General (Taken from a standard engagement letter) “An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements; therefore, our audit will involve judgment about the number of transactions to be examined and the areas to be tested. We will plan and perform the audit to obtain reasonable rather than absolute assurance about whether the financial statements are free of material misstatement, whether from (1) errors, (2) fraudulent financial reporting, (3) misappropriation of assets, or (4) violations of laws or governmental regulations that are attributable to the entity or to acts by management or employees acting on behalf of the entity.”
Types of Fraud or Mismanagement: • Monetary Theft (Town Office, Recreation, Transfer Station, Rescue, Library) • Travel Abuse • Use of Postage Meter For Personal Use • Cell Phone Abuse for Personal Use • Use of Inventoried Gasoline • Personal Use of Government Credit Accounts Such as Sams, Walmart, Staples • Awarding of Contracts Creating Personal Gain • Payroll Fraud • Misuse of Federal & State Funds. • Non filing of Liens (Collector & Liens)
Recommend
More recommend