Fraud Risk in Governmental and Not-for-Profit Organizations - Lynda Dennis - ebook

Fraud Risk in Governmental and Not-for-Profit Organizations ebook

Lynda Dennis

0,0
299,99 zł

Opis

This book uses a combination of explanations and examples to help you understand the frauds most common in governments and nonprofits, as well as what prevention and detection procedures are most effective in responding to these fraud risks. It also discusses how auditors might address their responsibilities with respect to fraud in a financial statement audit of governmental and not-for-profit organizations.

Ebooka przeczytasz w aplikacjach Legimi na:

Androidzie
iOS
czytnikach certyfikowanych
przez Legimi
Windows
10
Windows
Phone

Liczba stron: 181




Notice to Readers

Recognizing and Responding to Fraud Risk in Governmental and Not-for-Profit Organizations is intended solely for use in continuing professional education and not as a reference. It does not represent an official position of the American Institute of Certified Public Accountants, and it is distributed with the understanding that the author and publisher are not rendering legal, accounting, or other professional services in the publication. This course is intended to be an overview of the topics discussed within, and the author has made every attempt to verify the completeness and accuracy of the information herein. However, neither the author nor publisher can guarantee the applicability of the information found herein. If legal advice or other expert assistance is required, the services of a competent professional should be sought.

You can qualify to earn free CPE through our pilot testing program. If interested, please visit aicpa.org at http://apps.aicpa.org/secure/CPESurvey.aspx.

© 2016–2017 American Institute of Certified Public Accountants, Inc. All rights reserved.

For information about the procedure for requesting permission to make copies of any part of this work, please email [email protected] with your request. Otherwise, requests should be written and mailed to Permissions Department, 220 Leigh Farm Road, Durham, NC 27707-8110 USA.

Course Code: 746460CL4FRGNP GS-0416-0A Revised: February 2016

TABLE OF CONTENTS

Chapter 1 Introduction

Overview

Introduction

General Warning Signs of Fraud

Ways to Prevent, Detect, or Deter Fraud

Summary

Practice Questions

Chapter 2 The Governmental and Not-for-Profit Environments

Unique Characteristics of the Governmental Environment

Governmental Organizations

Unique Characteristics of the Not-for-Profit Environment

Governmental Financial Reporting Objectives and Users

Not-for-Profit Financial Reporting Objectives and Users

Summary

Practice Questions

Chapter 3 The Auditor's Consideration of Fraud in a Financial Statement Audit

Auditor Responsibilities and Marketplace Expectations

Fraud Risk Factors in Governmental and Not-for-Profit Entities

Fraud and the Auditor: An Overview

The Auditor's Responsibilities Related to Fraud

Application of AU-C Section 240 to Audits of Governmental and Not-for-Profit Entities

Summary

Practice Questions

Chapter 4 Where Fraud Occurs in Governmental and Not-for-Profit Organizations

Where Fraud Occurs

Where Fraud Occurs in Governmental Organizations

Where Fraud Occurs in Not-for-Profit Entities

Fraud Risks in Governmental and Not-for-Profit Entities

Management Override

Planning Considerations in Audits of Governmental and Not-for-Profit Entities

Summary

Practice Questions

Chapter 5 Fraud Schemes Found in Governmental and Not-for-Profit Organizations

Fraudulent Financial Reporting Schemes

Fraudulent Financial Reporting Revenue Recognition

Fraudulent Financial Reporting Functional and Fund Classifications

Misappropriation of Assets Overview

Misappropriation of Assets Common Fraud Schemes

Misappropriation of Assets Common Fraud Schemes Procurement and Contracting

Misappropriation of Assets Common Fraud Schemes Cash Receipts and Fraudulent Disbursements

Misappropriation of Assets Common Fraud Schemes Personnel Costs

Misappropriation of Assets Common Fraud Schemes Property, Plant, and Equipment

Misappropriation of Assets Common Fraud Schemes Diversion of Program Benefits and Assets

Summary

Practice Questions

Glossary

Solutions

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

EULA

Guide

Cover

Table of Contents

Chapter

Pages

i

iv

1-1

1-2

1-3

1-4

1-5

1-6

1-7

1-8

1-9

1-10

2-1

2-2

2-3

2-4

2-5

2-6

2-7

2-8

2-9

2-10

2-11

2-12

2-13

2-14

2-15

3-1

3-2

3-3

3-4

3-5

3-6

3-7

3-8

3-9

3-10

3-11

3-12

3-13

3-14

3-15

3-16

3-17

4-1

4-2

4-3

4-4

4-5

4-6

4-7

4-8

4-9

4-10

4-11

4-12

4-13

4-14

4-15

4-16

4-17

4-18

5-1

5-2

5-3

5-4

5-5

5-6

5-7

5-8

5-9

5-10

5-11

5-12

5-13

5-14

5-15

5-16

5-17

5-18

5-19

5-20

5-21

5-22

5-23

5-24

5-25

5-26

5-27

5-28

5-29

5-30

5-31

5-32

5-33

5-34

5-35

5-36

5-37

1

2

3

4

5

6

7

8

1

2

1

2

3

4

5

6

7

8

9

10

1

2

3

4

5

Users of this course material are encouraged to visit the AICPA website at www.aicpa.org/CPESupplements to access supplemental learning material reflecting recent developments that may be applicable to this course. The AICPA anticipates that supplemental materials will be made available on a quarterly basis.

Chapter 1INTRODUCTION

LEARNING OBJECTIVES

After completing this chapter, you should be able to do the following:

Determine the general warning signs of fraud.

Identify characteristics of individuals that perpetrate financial statement fraud.

Identify general techniques to prevent, detect, or deter fraud.

Overview

This course is designed to give auditors and accounting and finance professionals an understanding of where in the government and not-for-profit environments fraud typically occurs and how to recognize and respond to these risks. With this knowledge, management of governmental or not-for-profit entities is in a better position to develop fraud programs and controls that will be effective in responding to fraud risks. Likewise, such understanding improves the likelihood the auditor of governmental and not-for-profit entities will identify and properly respond to the risk of material misstatement due to fraud.

In short, the purpose of this course is to address how management of governmental and not-for-profit entities and their auditors can recognize and respond to fraud risks that are unique to these entities.

Key Point

Throughout this course, the terms

he

and

she

are used alternately and no discrimination or implications related to either gender is intended. Additionally, this course and its appendixes have been developed using the professional and industry standards, practices, and procedures in effect at the time of the writing. Management, auditors, and other professionals should consult current authoritative guidance in addition to these materials

Introduction

In the early years of the twenty-first century, the accounting profession experienced some of its darkest days since the 1938 McKesson-Robbins corporate accounting scandal. Massive scandals in the early 2000s at Enron, WorldCom, and Global Crossing put all CPAs in the spotlight whether they were auditors of publicly traded companies or small, closely held family corporations. To protect the American public against such spectacular failures in the future, President George W. Bush signed the Sarbanes-Oxley Act (SOX) into law in the summer of 2002.

It is interesting to note that whereas Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit (AICPA, Professional Standards}, which is now clarified and codified as AU-C section 240, Consideration of Fraud in a Financial Statement Audit (AICPA, Professional Standards), was released after the passage of SOX, it was not issued in response to the failures giving rise to its passage. SAS No. 99 was the result of a four-year process that began with five academic research studies conducted as part of the AICPA Fraud Research Steering Task Force. In addition to these studies, the Public Oversight Board, at the request of the Securities and Exchange Commission, appointed a Panel on Audit Effectiveness in 1998. This Panel conducted its own research primarily related to audit effectiveness and issued a report in August of 2000.

Using these studies and other information, the AICPA Fraud Task Force, established in September of 2000, reviewed the previous guidance in SAS No. 82, Consideration of Fraud in a Financial Statement Audit, and concluded it was fundamentally sound. The recommendations of this task force to enhance professional auditing standards related to fraud were incorporated in the exposure draft issued February 28, 2002, which was adopted as SAS No. 99 in October of 2002 and later clarified and codified in AU-C section 240.

Fraud has become a major focus among not only financial statement users but also among many Americans in their roles as investors, watchdogs, philanthropists, or private citizens. In the last several decades, news reports have often revealed fraud and abuse at all levels of governmental and not-for-profit organizations. The national-level United Way scandal of the early 1990s had a significant negative impact on many local United Way agencies. Americans were outraged to learn the federal government had spent thousands of dollars for items that could have been found at the local building supply store for less than $100. Citizens of Dixon, Illinois were shocked to learn of the massive fraud perpetrated by a long-term high-level employee whose family had been a member of the community for generations.

Individuals and businesses contributing to not-for-profit organizations have a legitimate expectation that their donations will be used to further the mission of the not-for-profit organization. When such funds are diverted for other uses, or worse, appropriated for personal gain, the reputation of the not-for-profit organization is jeopardized. In such cases, the lack of trust potential individual and corporate donors have in the not-for-profit organization can seriously affect its revenues and, correspondingly, its continued existence.

For citizens, fraud in governmental organizations is a misuse of the public funds they provided to the government without choice and in good faith. Such breaches of trust further erode their tenuous faith in the “American Way” and needlessly increase the cost of providing public goods and services. Simply put, everyone loses when fraud occurs in governmental organizations.

General Warning Signs of Fraud

Being aware of situations that have the potential to create fraud risks is the first step in designing effective programs and controls to prevent, detect, and deter fraud. The following general situations may be warning signs indicating fraudulent financial reporting or fraud due to misappropriation of assets:

Warning Signs

An organizational culture of arrogance and management entitlement

Accounting policies that rely too heavily on management's judgment

Accounting policies that seem too aggressive, especially in light of accounting and finance staff expertise

Overly centralized control over financial reporting, especially in organizations with larger or more adequate staff in the areas of accounting and finance

Departure of key senior management personnel

Failure to listen to key accounting or finance personnel within the organization

Receivables growing at a faster rate than the related revenues

Periods of prolonged success especially when economic, industry, or organizational conditions indicate otherwise

Difficulty in paying bills on a timely basis or less timely than in prior years

Transactions lack economic purpose (may be indicative of kickbacks as well as misappropriation of assets or financial statement fraud)

KNOWLEDGE CHECK

1.     Which is NOT a general warning sign of fraud?

a.     Organizational culture of arrogance and management entitlement.

b.     Overly centralized control over financial reporting.

c.     Open and honest communication between key accounting or finance personnel and top management of the organization.

d.     The entity engages in transactions that lack economic purpose.

Ways to Prevent, Detect, or Deter Fraud

A number of low-cost, high-impact policies and procedures can be implemented to help prevent, detect, and deter fraud in most governmental and not-for-profit organizations. A highly effective and almost no-cost control that can be implemented by any governmental or not-for-profit organization is to take a hard line with respect to fraud. If the “tone at the top” is one of zero tolerance and fraudsters are promptly disciplined, employees may be less likely to commit fraud. A positive and open work environment, at all levels of the organization, also helps in preventing, detecting, and deterring fraud.

To design effective fraud prevention programs and controls, it is necessary to understand what type of individual typically perpetrates fraud. Fraud research consistently indicates the common characteristics of individuals that perpetrate financial statement fraud are

a trusted employee,

dedicated and often works long hours,

dislikes mandatory vacation policies,

resents cross-training,

seen as likeable and generous, and is

deceptive and usually an adept liar.

GENERAL TECHNIQUES TO PREVENT, DETECT, OR DETER FRAUD

Other general techniques to prevent, detect, or deter fraud include the following:

General

Periodic review of control accounts for adjustments when fully integrated subsidiary systems are in place

Establishment of a “fraud hotline” (as simple as a board member with a cell phone or as sophisticated as a separate phone line allowing anonymous calls on any day and at any time)

Cash

Timely reconciliation of and review of bank statements for

unusual activity,

dual endorsements on back of checks,

changes to items on front of checks, and

individuals endorsing checks issued to a business

Purchasing/accounts payable

Extensive paperwork and procedures related to setting up new vendors (especially effective if purchasing is extremely decentralized)

When controls and programs related to cash disbursements or purchasing are inadequate, use of a simple software program (internally developed or purchased off the shelf) to

cross-reference vendor names to all permutations of employee names;

cross-reference vendor payment addresses to all employee addresses;

cross-reference all delivery locations on vendor statements to all physical addresses of the organization;

cross-reference phone numbers on vendor statements to employee phone numbers;

cross-reference all delivery locations on vendor statements to all employee addresses;

identify vendors with higher than expected purchase volume either for the month or for the year (or some other meaningful period);

identify transactions (purchases, purchase orders, and checks) falling just below established threshold amounts listed by vendor, purchaser, department/agency, employee, etc.;

list vendors with incomplete master file information; and

list vendors added and deleted within an established time frame.

Payroll/personnel

Mandatory background checks prior to starting work

Printing accrued and unused leave hours on employee pay check stubs (deters theft of hours when payroll/personnel controls are inadequate)

Surprise visits to offsite locations

COMPUTER FRAUD

In today's business environment, technology plays a major role in almost all aspects of an organization's operations. The auditor or chief financial officer may be unable to keep up with technological changes. In many of these cases, the establishment of programs and controls to prevent, detect, or deter computer-related fraud is left to the technology function. By understanding the factors that encourage fraud, effective programs and controls that discourage fraud can be developed.

Factors influencing computer crime are either motivational or personal. Motivational and personal factors relate to both rationalization/attitude and incentive/pressure in the fraud triangle. The following motivational and personal factors tend to encourage computer fraud:

Inadequate pay and benefits, including promotional opportunities

Poor communication of expectations (job performance, behavior, and the like) by management

Lack of performance feedback mechanisms

Mediocre performance as an acceptable performance standard

Inadequate support and lack of resources to meet standards

Not enough review and follow-up to assure compliance with organizational programs and controls

Inadequate standards of recruitment and selection

Deficient or missing orientation and training programs

Preventing computer fraud is not necessarily a highly technical or expensive proposition. The primary factors that discourage computer crime are

internal accounting controls,

access controls, and

Internet firewalls.

Preventing, Detecting, and Deterring Computer Fraud

Separation and rotation of duties both within and external to the technology function

Timely update of accessible computer applications when personnel change jobs or when the requirements of their current position change

Periodic and surprise inspections and security reviews

All control policies and procedures required to be written (zero tolerance for deviations from this policy)

Offline controls and limits such as batch controls and hash totals where indicated and cost-effective

Access controls to prevent, detect, and deter computer fraud include the following:

Authentication/identification controls, such as

keys,

smartcards,

passwords,

biometrics,

callback systems,

one-time passwords,

constrained access by time and day, and

periodic code and password changes

Compartmentalization of information

Encryption of data while stored or in transit

KNOWLEDGE CHECK

2.     Which is NOT a general technique to prevent, detect, or deter personnel fraud?

a.     Mandatory background checks prior to starting work.

b.     Routine visits to offsite locations.

c.     Printing accrued and unused leave hours on employee pay check stubs.

d.     Performance feedback mechanisms.

Summary

This chapter provided an introduction to fraud including general warning signs of fraud. Additionally, this chapter identified the characteristics of the “typical fraudster” and provided general ways to prevent, detect, and deter fraud. Also discussed in this chapter were general controls that can be implemented to address computer fraud risks.

Practice Questions

List three ways to prevent, detect, or deter computer fraud.

List three characteristics common to individuals that perpetrate financial statement fraud.

Chapter 2THE GOVERNMENTAL AND NOT-FOR-PROFIT ENVIRONMENTS

LEARNING OBJECTIVES

After completing this chapter, you should be able to do the following:

Identify the characteristics and situations that exist in governmental and not-for-profit entities that differentiate them from entities in the private sector.

Determine how objectives of financial reporting and the users of financial statements of governments and not-for-profit entities differ from those in the private sector.

Determine how to incorporate the unique financial reporting objectives of governmental and not-for-profit entities in planning and performing audits of these organizations.

Unique Characteristics of the Governmental Environment

Public sector governmental organizations are very different from their private sector counterparts in a number of ways, despite current rhetoric to run government like a business. Similarly, not-for-profit entities differ from private sector entities for various reasons; most notably, they do not operate for purposes of generating a profit. Both governmental and not-for-profit entities primarily operate to provide services to the public; however, they are quite different from each other.

Governmental Organizations

The unique characteristics of governmental organizations are generally as illustrated here.

Unique Characteristics of Governmental Organizations

Government in the SunshinePublic Goods and ServicesPolitical ProcessLack of a Profit MotiveThey are public organizations.They provide goods and services to the general public using funds typically secured from involuntary resource providers.Decisions are made in a political environment.Goods and services are generally provided without a profit motive.

GOVERNMENT IN THE SUNSHINE

The primary characteristic distinguishing governmental organizations from private sector business entities and not-for-profit entities is that they are public organizations. Their very nature requires that business be conducted in view of the public. It is this very simple aspect on which the financial reporting objectives of governmental financial statements rest. Public governmental organizations differ fundamentally from public business entities1 that are publicly traded. Even though publicly traded companies are subject to a high level of regulation and public scrutiny, they are not often required to conduct their business in view of the public.

State and local governments are required to operate “in the sunshine” for all meetings in which decisions are to be made that do or may impact the public. This requirement to conduct business in a public forum is often a significant impediment to timely responses to sensitive issues. Though billions of shares of Apple stock are traded annually, the audit committee is allowed to meet behind closed doors. In contrast, the city council of a small rural town in North Florida, serving as an audit committee, must meet in a public forum. Not only is the city council of this small Florida town required to meet in full view of the public but also to adequately and timely publish notice of such meeting and to provide minutes of the meeting to the public.

PUBLIC GOODSAND SERVICES

The second characteristic distinguishing governmental organizations from private sector business entities relates to their being public organizations. As such, governmental organizations provide goods and services that benefit the public at large. Such public goods and services are provided, in most cases, without regard to how much is paid by those receiving the goods or services. As such, there is no quid pro quo, meaning that nonexchange transactions comprise a significant amount of activity for many governments. Even in cases where the governmental organization intends to recover its costs with user fees, not all costs may be included in determining the fee structure. Often high cost, limited use, and limited or non-revenue producing capital assets (for example police stations, schools, and roads) are needed to provide public goods and services.

To fund the provision of public goods and services, governmental organizations (in most states) are authorized to impose taxes at a number of levels and on a variety of income, goods, or services. This places individuals and businesses in the position of involuntary resource providers.

A variety of legal constraints and controls exist at all levels of government to ensure the resources involuntarily provided by individuals and businesses are expended for the public good. Typically, the budget process in governmental organizations is the most public manifestation of accountability from a fiscal, operational, and planning perspective. Governmental organizations are directly accountable to citizens, taxpayers, and business owners as well as society at large. The annual audit of a governmental organization's financial statements is the most visible evidence of its fiscal accountability.

There is tremendous