Enhancing Risk Identification in Internal Audits

In the years since the American Institute of Certified Public Accounts (AICPA) issued its Risk Assessment Standards in 2006, accounting professionals have been both effusive about and frustrated by their experience following the guidelines those standards put forth.

CPAs who like the standards appreciate that they direct auditors to understand the company, its environment, and its industry before they attempt to clarify the parameters of the audit plan and the risks that the company might face.

On the other hand, CPAs, especially those with smaller firms and larger caseloads, found that the added effort to discern company particulars often wasted their time and was a deviation from their preferred methodology.

Why assess for risks

The purpose of the Risk Assessment Standards is to assist the auditor in identifying material misstatements in financial statement audits and to design performance procedures that are responsive to assessed risks. The standards were designed specifically to catch those nuanced errors or omissions that slide under the radar of the “typical” audit, which uses standardized methodology regardless of the type of business or the industry in which it exists.

In his 2012 whitepaper, Charles E. Landis, CPA, AICPA Vice President of Professional Standards and Services, presented the standards as a response to the “80/20” rule. He suggests that traditional audit plans respond to 80 percent of the general audit risks and that the rules were designed to respond to “the other 20 percent, the significant risks that contain the highest risks of error or fraud.”

Technology offers options for internal audits

In the decade since the issuance of those standards, digital technology for the purpose of forensic accounting has transformed those processes, just as it has transformed every other industry. Through the use of analytical software, today’s CPAs have reams of data that can be measured against every aspect of the enterprise, clarifying mistakes, balancing accounts and, most importantly, assessing for risks that had previously been hidden deep inside “the other 20 percent.”

For you, the CTO, the arrival of the new tools couldn’t have come at a better time. Technology has impacted the entire global industrial complex, creating astonishing gains but also possibly posing even greater threats. There are few days anymore when there isn’t a report of a major theft or massive breach of data security somewhere in the world. And, in a significant number of those cases, the perpetrators of the crime are revealed to be insiders of the victimized company. Today’s forensic accounting tools are designed specifically for assessing and identifying both the risk and the actuality of insider fraud within your organization.

The question for you to answer, then, is not if but when to embrace the auditing tools that will enhance your company’s assurance that all risks have been identified and accounted for and that your enterprise is safe from both external and internal breaches. At DFND Analytics, our proprietary system of deterrence provides you with greater oversight of internal operations, so you know you are protected from employee fraud.

Sources:

https://www.aicpa.org/InterestAreas/FRC/AuditAttest/DownloadableDocuments/Risk_Assessment/Risk_Assessment_WP.pdf
https://acfeinsights.squarespace.com/acfe-insights/2016/8/4/uncovering-the-true-cost-of-fraud

Guilty Plea in Wire Fraud, Money Laundering, and Conspiracy Case

A former Deere & Co. employee admitted Thursday he defrauded the company out of at least $250,000 over a nine-year period.

Harvey Ulfers, 63, of Cedar Falls, pleaded guilty in U.S. District Court, Rock Island, to three counts of wire fraud, three counts of concealment money laundering, and one count each of money laundering in criminally deprived property and money laundering conspiracy.

He faces up to 150 years in prison when he is sentenced March 23, U.S. District Court Judge Sara Darrow said during a short change of plea hearing.

However, he more likely could receive a sentence of between 21 to 27 months in prison based on federal sentencing guidelines, according to an estimate provided to Darrow by Ulfers’ defense attorney, Donovan Robertson.

Read More

SOX Compliance Screw-Up Leads to Losses and Lawsuit

SOX compliance missteps are alleged in a recently filed lawsuit against National Beverage Corp. (NASDAQ: FIZZ). The plaintiff claims the defendants made false and/or misleading statements and/or failed to disclose the company lacked effective internal controls over financial reporting due, in part, to undisclosed channeling of expenses through off book entities and undisclosed material related parties transactions.

As a result, defendants’ statements about National Beverage Corp’s business, operations and prospects were materially false and misleading and/or lacked a reasonable basis at all relevant times.

SOX Compliance Challenges

Sarbanes-Oxley rules (SOX compliance) require public companies to provide adequate internal control over their financial reporting process.

Read More

Shock and Dismay Over CFO’s Embezzlement

A former executive at a San Diego-based Department of Defense contracting firm pleaded guilty this week to embezzling more than $825,000 from the company, the U.S. Attorney’s Office said.

Out of Control Personal Spending

Stuart Teshima, the former chief financial officer of Epsilon Systems Solutions, used the funds for travel, jewelry, fine dining, gifts for family members and furniture.

One expense was a bill from the University Club in downtown San Diego for more than $5,000, according to his plea agreement. He also used the credit card to pay for his own personal federal tax bill, prosecutors said.

Teshima, 50, who oversaw the company’s credit card program, admitted changing his account statements, replacing the personal expenses with fake business costs, such as advertising or small business credit monitoring.

Scheme Lasted 7 Years

The thefts began in 2008 and continued until his departure in August 2015. During that time he served as a company vice president and senior vice president before becoming CFO.

Epsilon Systems Solutions, with offices across the country, contracts with the military for services that include ship building, nuclear operations support, engineering and information technology.

Shock and Dismay

“Over the entire history of Epsilon the company has operated at the highest standard of ethics and integrity, and this of course comes as a shock and dismay to find out of this internal theft,” said Dwayne Junker, a company senior adviser.

“When Epsilon finished its investigation of the theft, it presented all of its evidence and conclusions to the federal prosecuting authorities,” Junker added. “Epsilon has concluded that none of its customers have been negatively impacted by Teshima’s theft.”

Teshima will be sentenced in San Diego federal court in December.

Internal Fraud is an Epidemic

Internal fraud has reached epidemic proportions. Over $600 billion are lost in the United States alone each year to insider fraud; an amount representing at least 5% of annual U.S. company revenues.

Technology has made it easier than ever for fraudsters to steal money from companies. It is simple to modify accounting statements, move funds from one account to another, and create fake invoices.

Small businesses are vulnerable to internal frauds and are disproportionately affected by them.

Common Suggestions to Fight Internal Fraud Are Not Workable

Aside from hiring a new CFO, Epsilon’s managers are faced with the assignment of preventing future internal frauds from happening again.

Changing auditors is one common outcome of dealing with an internal fraud. However, tax accountants are often not trained, and are usually not responsible for finding fraud in their clients’ data.

Another common suggestion is to implement segregation of duties so two people sign off on financial transactions. Unfortunately, this step rarely works either in small organizations. Small businesses are not usually profitable enough to provide the manpower required for this task.

Epsilon managers’ learned too late they did not know a trusted employee as well as they thought they did. Studies show trusted employees who have never encountered legal trouble commit internal frauds, not new hires. Pre-employment screens for potential embezzlers are useless.

Hire a Computer + Human Watchdog Instead

What Epsilon needs to do is add an affordable and efficient watchdog to their internal audit process.

DFND Analytics’ computer + human internal audit tools are designed for this job.

DFND looks at an organization’s enterprise and accounting data and runs more than 30 standard and proprietary forensic checks to search for anomalies and suspicious transactions. A DFND financial professional reviews every report before it is sent to company management.

Learn how DFND can provide your organization with greater internal audit insight.

Ways to Improve the Internal Audit Process

As a leader in an active enterprise, you know that performing an accurate and effective internal audit doesn’t happen by accident. For you, having a strategic audit plan to follow from the beginning of the endeavor ensures that your process accomplishes its goals and that your enterprise improves as a result.

Many of today’s corporations, however, exclusively rely on traditional internal auditing tools and practices to provide full assurance of corporate wellness. While those tools do work well for their defined purposes, they do not accomplish the full scope of forensic investigation that is available through the use of today’s advanced financial internal auditing software.

The scope of the audit plan

A comprehensive financial audit plan will define the scope, timing and direction of the work to be done. Depending on the characteristics of the business, the audit should initially address these elements of the company’s operations:

  • Its existing financial systems. Ultimately, a primary purpose of the review is to determine how the company creates, manages and records its financial transactions. This information is used to report to board members, determine tax liabilities and plan for future investments.
  • The extent of the corporate footprint. Many companies today operate at multiple sites, sometimes across borders. At the same time, they also work with partners, suppliers, contractors and other industry-related entities. Those interactions impact how the company functions and must be included in the audit to ensure a complete review is accomplished.
  • The core competencies of the business. How the company manages its proprietary products, information and practices is also a critical element for corporate success. Review of these processes within the context of the larger entity is essential to capturing an accurate representation of their importance to the company.
  • The standards that must be met. Many companies are subject to national and international standards. The inability to prove compliance or a failure to comply can result in fines or worse.

Audits should include risk assessment

Secondly, but no less significantly, a complete financial internal audit should also identify the risks that the company faces from any one of many threats, including the threat of internal fraud. Enterprises that rely on traditional financial auditing practices to detect these threats will not achieve the comprehensive review that they seek as most traditional financial auditing methods are designed only to provide reasonable assurance that the financial statements are clear of misstatements. They are not intended also to identify risks like employee fraud or embezzlement.

The person who performs the audit can also pose a risk. Internal auditors pose risks because sometimes they are the risk. And independent auditors can also be hoodwinked when they are compelled to rely on the declaration of the business regarding its financial position. For them, it is virtually impossible to find evidence of malfeasance in the company’s books and accounts using traditional auditing techniques.

State-of-the-art internal audit tools can now detect frauds

Today’s technological developments have added these forensic tools to enhance the depth and scope of the financial audit. Digital analysis of the entire enterprise, including partners, supply chains, and satellite offices, finds misstatements, errors, and omissions that might reveal malfeasance, embezzlement or other fraudulent activities. DFND Analytics, LLC offers these forensic tools to small, mid- and large businesses so that they can further assure their enterprise is running clean and clear of internal and external risks.

Learn how DFND provides your organization with greater internal audit insight.

Reckless Spending Cited in CEO Embezzlement Charge

The former CEO of Hendricks Power Cooperative was recently charged with defrauding the utility of more than $500,000 over six years.

Donnis Mizelle, 55, of Avon, Indiana, has agreed to plead guilty to the charge against him. He’s accused of using his position as CEO to embezzle nearly half a million dollars, which federal prosecutors say he used to buy jewelry, iPads and pay for personal vacations.

Read More

Embezzlement Investigation Report Causes $160 Million Stock Loss

Parexel International Corp., one of the world’s biggest contract research organizations, suffered a loss of about $160 million in market value Wednesday after disclosing that it’s looking into a possible misappropriation of corporate money by an employee.

Parexel (NYSE: PRXL), which boasts 18,600 employees in 51 countries around the world, said in a federal filing late Tuesday that on Monday, Aug. 29, it received the report of “an incident of misappropriation of corporate funds by an employee in one of the Company’s international operations.”

Read More

Small Business Owners – Are You the Victim of Employee Theft? – 9 Essential Steps

The most damaging employee theft cases occur as a result of a key strokes and pens, not stolen merchandise or guns.

Crimes committed by trusted employees, who have access to the “keys to the kingdom,” are devastating both emotionally and financially.

Embezzlement committed by long-time bookkeepers, or other close confidants, usually results in direct loses of over $150,000.  These crimes occur over the course of several years.  Fake invoices and vendors are almost always involved in the former employee’s attempted cover-up.

What do you do when you find your company is out thousands of dollars or more?

Read More

How Common is Embezzlement in U.S. Businesses?

The escalation of embezzlement crimes is alarming. Many companies cannot afford to sit back and hope their employees and management are ethical. But fraud does not discriminate and firms need to stop believing their employees will not perpetrate internal frauds.

According to the latest Annual Global Fraud Survey commissioned by Kroll Inc., 81 percent of firms were victims of frauds perpetrated by insiders. The costs are too high for firms of any size to ignore the threat and not invest in more means of defending the business from the inside.

Historically, companies have had to rely on forensic accountants to provide protection against internal fraud. Now, DFND Analytics has made it possible for organizations of any size to have their financial records regularly monitored to protect them against fraud, embezzlement, and costly errors.

Read More