Fighting Fraud in Smaller Public Companies.pdf - Lord & Benoit

"FIGHTING FRAUD inSmaller Public Companies”What are the Top Fraud andFinancial Ethics Threats?Please turn on computer speakers to hear presenter© 2009 Lord & Benoit www.section404.org1

"FIGHTING FRAUD inSmaller Public Companies”Presenter is now speaking. Please turn on computerspeakers to hear presenterWhat are the Top Fraud andFinancial Ethics Threats?If you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-6072

Continuing Professional EducationPlease turn on computer speakers to hear presenterThere will be instructions at the end of this seminar on obtainingCPE credit* for this webinar.To qualify you must attend at least 50 minutes of this webinar.* Please note: State Boards of Accountancy have final authority on theacceptance of individual courses for CPE credit.• Lord & Benoit is not registered with NASBA.© 2009 Lord & Benoit www.section404.org3

DisclaimerThe literature contained herein is not intended tosubstitute authoritative literature published by therespective regulatory agencies. Professionals areadvised to consult with legal and accountingauthorities on all matters before implementingprofessional standards.If you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-6074

Biographies and IntroductionsBob BenoitPlease turn up your computer speakers to hear presenterIf you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-607© Copyright 2008 : Lord & Benoit, LLC www.Section404.org5

Lord & Benoit helps “Smaller Public Companies”Lord & Benoit releasesleading edge SOXeducation and research.For instance, “Impact ofSOX on the ManufacturingIndustry”.© 2009 Lord & Benoit, LLCwww.section404.org

Lord & Benoit helps “Smaller Public Companies”CCH “Financial Restatements” researchRIA Thomson “Investment Research” sectionRIA Thomson/Southwest Learning "Checks on Internal Controls Pay Off"BNA "Sarbanes-Oxley and Small Business"Counsel of Institutional Investors "Letter to Chairman SEC and Chairman PCAOB"ADP "HR's Role in Ensuring Compliance and Driving Cultural Change”Oracle “GRC Strategy”Oracle: Best Practices for World Class I/T GovernanceOracle: Helping You Compete and Win in a Flat WorldSAP "Governance, Risk and Compliance Management"Top 40 Accounting Firms "The SOX Act"If you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-6077

Lord & Benoit helps “Smaller Public Companies”• Do You Know the Facts? Latest Section 404(a) Requirements for Smaller Public Companies• SOX TV: Top Ten Compliance Threats TV interview discussing major areas of compliance forsmaller public companies• SOX TV: How Do You Conduct a Virtual SOX Assessment?• Delay-Detect 10A-Delist: Facts about Section 404(a) for Smaller Public Companies• Impact of Accounting for Income Taxes on SOX 404• ComplianceOnline: 10 Threats to SOX Compliance for Smaller Public Companies• Metric Stream Webinar: SOX Essentials for Small Public Companies• Leverage Entity-Level Controls and Virtual SOX• SME Capital Markets: SEC Guidance on Internal Controls over Financial Reporting (SOX 404)--Impacts CPA's Attorneys, Officers and Directors• ComplianceOnline: New SEC Guidance on Sarbanes-Oxley Section 404• Helping Foreign Based SB-2 Registrants and 10KSB Filers Achieve SOX Compliance• Small Filers Planning for the Transition to 404 Compliance• MSCPA Conference: A Sarbanes-Oxley Update• SME Capital Markets: Virtual SOX Compliance Frameworks for SB-2 and 10KSB Filers• AICPA Web Seminar: Virtual SOX• CBI Research: 2nd Annual Pharmaceutical/Biotech Conference on Sarbanes-Oxley and 404Compliance• ComplianceOnline: 10 Pre-SOX Tips for Smaller Public Companies• Sarbanes-Oxley Risk Assessment for Pharma/Bio/Life Science Industries• ComplianceOnline: Virtual SOX Compliance• State Society of CPA’s: Arizona, Nevada, New Jersey, Ohio: Cincinnati, Cleveland, Columbus,Texas: Dallas, Houston, WisconsinIf you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-6078

Lord & Benoit helps “PCAOB CPAs”o All Big 4 CPA firms and most second-tier firms’ havereferenced Lord & Benoit’s research.o Almost all PCAOB-registered CPA firms worldwide,use the Lord & Benoit e-newsletter as a source forSOX research information.If you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-6079

Webinar Course Outline1. Regulatory Environment, Guidance1. SEC2. PCAOB3. AICPA4. COSO5. SOX Sections 404(a) and (b)2. Top Fraud and Financial Ethics Risks3. Questions and AnswersIf you cannot hear from yourcomputer speakers please call:(312) 878-0211Access Code: 671-626-122Webinar ID: 787-396-60710

Regulatory Environment• SEC• PCAOB• AICPA• The times (bankruptcies, tight funding, changes inCongress, new President, bank failures, fraud, overallneed for governance)• COSO© 2009 Lord & Benoit www.section404.org11

COSO (Committee Of Sponsoring Organizationsof the Treadway Commission)www.COSO.ORG© 2009 Lord & Benoit www.section404.org12

Guidance, Guidance and More GuidanceCOSOSEC GuidancePCAOB GuidanceAICPA Standards© 2009 Lord & Benoit www.section404.org13

SOX Section 404(a) Requirements?The Sarbanes-Oxley Act of 2002, Section 404(a)requires smaller public companies (non-acceleratedfilers) with fiscal years ending after December 15,2007 to document a Management Assessment of theirInternal Controls over Financial Reporting (ICFR).Non-accelerated filers are companies with public floatunder $75 million.IPO’s© 2009 Lord & Benoit www.section404.org14

SOX Section 404(b) Requirements?Section 404(b) for non-accelerated filers(the auditor attestation) was extendeduntil years beginning after December 15,2008© 2009 Lord & Benoit www.section404.org15

SEC Interpretive Guidance“Management’s evaluation of the risk ofmisstatement should includeconsideration of the vulnerability of theentity to fraudulent activity.”© 2009 Lord & Benoit www.section404.org16

Top Fraud Risks© 2009 Lord & Benoit www.section404.org17

Check Signing• The number one fraud risk was the abilityto sign checks and enter accountingtransactions.• This opens the door to ongoing, perpetualfraud without being caught.• For example, a bookkeeper who has thefreedom to write checks to himself andcover it up by booking a transaction or inthe bank reconciliation.© 2009 Lord & Benoit www.section404.org18

Wire Transfers• A similar fraud risk is lack of segregationof duties with electronic fund transfers.• People who do not even have checksigningauthority have EFT or ACHauthority.• EFT and ACH is an even quicker way toembezzle funds than checks.© 2009 Lord & Benoit www.section404.org19

Accounting Systems• Accounting systems that do not haveadequate access controls.• For example, certain off-the-shelfaccounting software lets users revisetransaction dates and amounts withoutleaving an audit trail.© 2009 Lord & Benoit www.section404.org20

Payroll• Payroll is not reviewed by anyone otherthan the person doing it.• Such personnel can create fictitiousemployees, give themselves or othersraises, make adjustments to payroll andpay people after they've been terminated.• Having outside payroll services does notinsulate companies from this fraud risk.© 2009 Lord & Benoit www.section404.org21

Cash Application• Another top fraud risk was when checkswere received by those with access toaccounts receivable records.• In this scenario, personnel can set upcommercial enterprises with similarnames, and deposit checks in bogusaccounts while issuing credits as if thechecks were deposited.© 2009 Lord & Benoit www.section404.org22

Acctg Application Administrator• Having accounting people who are also ITadministrators is also a high fraud risk.• Users may delete transactions, giveaccess control to others, gain access toaccounting systems outside their assignedresponsibilities.© 2009 Lord & Benoit www.section404.org23

Journal Entries• Companies did not have a secondperson reviewing journal entries,particularly non-recurring journal entries.• Fraudulent reporting is surfaced throughgeneral ledger overrides• These are caused by incentives,pressures and rationalizations.• All entries should be proofread.© 2009 Lord & Benoit www.section404.org24

Audit Committee Overlooked• Many audit committees of smaller publiccompanies were not regularly informedabout internal control matters, eventhough these committees have ultimateoversight responsibility.• Without knowing the facts, thesecommittees lose their corporategovernance ability.© 2009 Lord & Benoit www.section404.org25

Human Behavior• Although ethics training was very high onthe COSO list of requirements, in practicalreality many smaller public companieshave no communication or monitoring ofethical values throughout the organizationthrough employee handbooks, codes ofconduct, employee sign-offs or quizzes.© 2009 Lord & Benoit www.section404.org26

Background Checks• Many smaller public companies did notbother with background checks, openingthemselves up to greater fraud potentialand expensive lawsuits.© 2009 Lord & Benoit www.section404.org27

No Fail Safe Mechanism• Many smaller public companies had nowhistleblower programs in place.• One of the first lines of defense againstfraud is giving managers and employees asafe method of reporting potential fraud.© 2009 Lord & Benoit www.section404.org28

Credit and Debit Cards• Inadequate follow-up and oversight ofcompany credit cards• Unlimited use of paypal accounts• Debit cards© 2009 Lord & Benoit www.section404.org29

Table of Authorities• Board of directors did not define andcommunicate authorities retained at theboard level and those delegated tomanagement, such as by an approvalmatrix.• Some transactions, investments or cashaccounts were set up without Boardapproval.© 2009 Lord & Benoit www.section404.org30

Lack of Board Participation• Board of directors did not actively evaluateand monitor risk of management overrideof internal control and consider risksaffecting the reliability of financialreporting?© 2009 Lord & Benoit www.section404.org31

Lack of Board Participation• Audit committee did not actively monitorthe effectiveness of internal control overfinancial reporting and financial statementpreparation?© 2009 Lord & Benoit www.section404.org32

Lack of Board Participation• Audit committee did not meet privatelywith the internal auditors to discussrelevant matters?© 2009 Lord & Benoit www.section404.org33

Computer System Event Logs• Lack of adequate access control overautomated records, including controls overand review of computer systems eventlogs.© 2009 Lord & Benoit www.section404.org34

Other Fraud Risks• Management Incentives and Pressures© 2009 Lord & Benoit www.section404.org35

Other Fraud Risks• Accounting Opportunities© 2009 Lord & Benoit www.section404.org36

Other Fraud Risks• Attitudes/Rationalizations to MisstateFinancial Statements and Reporting© 2009 Lord & Benoit www.section404.org37

Importance of Ethical Values• Accountability• Communication and Respect• Commitment to Customers• Fairness and Integrity• Human Relationship• Innovation• Stewardship© 2009 Lord & Benoit www.section404.org38

Importance of Ethical Valueswww.Section404.org© 2009 Lord & Benoit www.section404.org39

Continuing Professional EducationIf you would like CPE credit* for this webinar:1. Please email LizK@Lordandbenoit.com today.2. Be sure to include your full name in the email3. You will be asked to complete an Evaluation Form and a SurveyQuestionnaireWe will send you a1. Certificate of Completion form2. Copies of Slides• Please note: State Boards of Accountancy have final authority on theacceptance of individual courses for CPE credit.•As mentioned earlier, Lord & Benoit is not registered with NASBA40© Copyright 2008 : Lord & Benoit, LLC www.Section404.org

"FIGHTING FRAUD in SmallerPublic Companies”QuestionsContact Information:Lord & Benoit, LLCBob Benoit(800) 404-7794 x204BobB@LordandBenoit.comwww.Section404.org© 2009 Lord & Benoit www.section404.org41