Warning: A non-numeric value encountered in /home/johnhall/public_html/johnhallspeaker.com/wp-content/plugins/wordpress-seo-premium/frontend/class-frontend.php on line 1086
social_icon__apple
social_icon__behance
social_icon__bitbucket
social_icon__blogger
social_icon__dribble
social_icon__dropbox
social_icon__facebook
social_icon__flickr
social_icon__github
social_icon__googleplus
social_icon__googleplay
social_icon__instagram
social_icon__linkedin
social_icon__pinterest
social_icon__skype
social_icon__tripadvisor
social_icon__tumblr
social_icon__twitter
social_icon__vimeo
social_icon__youtube
Internal Control

Fraud Prevention Tip #17: Solid Internal Control Procedures

An interesting conversation last evening with four anti-fraud professionals I’ve known for years. One discussion question, “Do internal controls prevent fraud?”

The consensus answer: some controls prevent some fraud sometimes!

Let me explain.

Anti-fraud controls are based on a two-step process.

First, a meaningful comprehensive fraud risk assessment is the foundation. If done properly, this effort will result in a deep list of the risks from theft, manipulated financial and other results, corruption, shadow deals, technology, and management override. In performing a fraud risk assessment, ‘meaningful and comprehensive’ are the key. Half-hearted boilerplate efforts by external firms usually fall far short. The best exposure work is done by a dedicated team of insiders with the technical knowledge and street sense needed to ‘think like a thief.’

Second, specific procedures and behaviors are developed, implemented and maintained to prevent these risks from happening and detect them immediately should they occur despite prevention efforts. Listen carefully here. Procedures and behaviors. Daily behaviors by trained conscientious employees and managers.

Here are some high-level examples of what we mean by controls.

1. Clear policies and procedures spelling out approved use of organization assets, staff and information.

2. Limiting physical access. Things like the lock on the front door, the fence around a warehouse, and the security guard in the lobby. The password on your

High Impact Auditing: Practices that Pay

High Impact Auditing: Practices that Pay |
Every day, the expectations placed on professional internal auditors are on the rise. As a result, we all find ourselves in a constant state of “catching up” in order to meet the needs of management, board members, clients and even ourselves. This highly interactive program will provide proven ideas that can dramatically increase the daily effectiveness and perceived value of the individual auditor and the audit team. Participants will learn how to: Identify the key areas where management and other client groups want and need attention. Define your role to fully meet the needs of the organization. Identify the behavioral adjustments needed to be more effective every day. Improve audit planning and performance to identify and address areas of importance. Develop audit steps that find important problems and opportunities. Get desired action from auditees and others. Demonstrate measurable value

computer system limits physical access and protects confidential information and critical systems.

3. Authorization responsibilities and limits.

4. Proper documentation in support of transactions and other business activities.

5. Monitoring and analysis. Independent reviews, where appropriate, by someone else at a higher level or a different department.

6. Segregation of incompatible duties. Things like transaction initiation, recording, approval, summarization and analysis. Or the receipt, management and disbursement of funds.

7. Supervisors who pay attention to details, spot check the quality of work, and always make sure what they personally sign is correct.

8. Employees at all levels who will not hesitate to stop the process and sound the alarm when something doesn’t look right.

And this is just the start. There are entire multi-volume models of comprehensive business and anti-fraud controls, perhaps the most famous of which is the COSO Internal Control – Integrated Framework (www.COSO.org).

But there are limits to how far controls will go to protect us against fraud. Here are two examples of the limits:

1. Things change. New people come in. Systems are modified. We move to new cultures and new countries with our product lines. We institute a heavier reliance on technology thus reducing human oversight of details.

2. It’s a human endeavor. The people in the control equation fail to keep up with what’s needed because of:

• Changing risks
• Emerging risks
• Human fatigue
• Inadequate information
• Inadequate skills
• Inadequate attention to details
• Inadequate time to perform the control tasks completely
• Improperly placed trust in others

Well designed anti-fraud controls are an important part of a comprehensive Anti-Fraud Campaign. But it is in fact a campaign – not an event. Controls must come alive and stay alive through human attention to details every single day.

‘Control Procedures’ are the minimum. ‘Controls Behavior’ is the target. Nothing less will work.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

Busy Middle Managers

Fraud Prevention Tip #16: Avoid Common Mistakes

Over and over, year after year I see the same anti-fraud mistakes. Leaders are willing. They take the correct first steps to fight fraud. They speak the right words and make the right initial commitment to get anti-fraud efforts off the ground.

Then they trip themselves up and undermine their own efforts by making the same mistakes that others before them have made. And by and large, these mistakes can be easily avoided once they are brought to the surface.

Here are the five most common mistakes that undermine Anti-Fraud Campaigns along with a few ideas on how to avoid them.

Common Mistake 1: Strong management statements but inadequate follow up

My client’s board and senior executives were trying to regain their footing after a major fraud surfaced on their watch. A rogue treasury department employee

Busy Middle Managers

Auditors are expected to master many skills – including communications, data testing, cause diagnosis, and motivation. But are these expectations reasonable? Is it fair to assume that every internal auditor should be a master at surfacing hidden problems and unexplored opportunities? And when issues are identified, is it really the auditor’s job to convince managers to act? Unfortunately for many auditors who are unprepared, most executives believe that the answer to these questions is a resounding “Yes!” This seminar teaches participants how to enhance the likelihood that the real cause of issues is identified – while dramatically increasing the probability that the management team will take corrective action.

had taken advantage of their position of trust and ripped off the company for over four million dollars. After the theft became public and arrests were made, CEO David recorded a five-minute video sent in an email link to all of the 55,000 employees. “We’re not going to tolerate this type of behavior. We’ll support prosecution. We’ll pursue restitution.” Etc, etc, etc. Important messages to be sure, but that was the first and last that employees heard from their top leaders.

Strong statements must be followed by strong visible action. Not a witch hunt. Positive, proactive steps to recruit every employee into your Fraud Risk Management Campaign. Don’t miss the opportunity to rally the troops that comes from a crisis. Sell awareness and specific anti-fraud behaviors hard and fast as part of you crisis response plan.

Common Mistake 2: No Policy on Anti-Fraud Responsibilities

Sally has been a mid-level financial manager for 12 of her 25 years with the company. For her division, she oversees critical controls including transaction processing, vendor payment approval, out of pocket expense reimbursement, budgeting, and month-end analysis and reconciliation. All are anti-fraud controls. Yet she has never – not once in 25 years – been told in explicit terms what her responsibilities are for fighting fraud and theft in her areas of responsibility.

A Policy on Anti-Fraud Responsibilities is an easy fix. Email me at John@JohnHallSpeaker.com and I’ll send you an outstanding example for you to follow.

Common Mistake 3: CEO Anti-Fraud Efforts are Unintentionally Undermined by Busy Middle Managers

Hopefully, the CEO has been both visible and vocal in their leadership of the organization’s Anti-Fraud Campaign. But at management levels that make up the rest of the organization chart, everyone is busy with a thousand other priorities. All are supportive of the boss’s fraud prevention program, but most simply don’t believe that fraud will happen on their watch so they don’t give this risk the attention it deserves. Result: good intentions are undermined by busy managers with other more pressing responsibilities.

CEO’s must personally hold managers accountable for their anti-fraud responsibilities. Every manager at every level must know that they will be held personally accountable for their signature on documents. Zero exceptions – zero tolerance.

Common Mistake 4: Flawed Beliefs About Fraud Risks are Left Uncorrected

Beliefs lead to actions. Flawed beliefs lead to flawed actions. Pretty basic stuff. Yet flawed beliefs about fraud risks usually go unaddressed in business. Here are a few for you to consider as well as the correcting belief you should help others embrace.

Flawed belief #1: “We only hire honest people.”

Better Belief #1: Most of our people are honest, but a few have changed since hiring. Family pressures, spouses who have lost their jobs, substance abuse and other addictions, and living beyond one’s means all cause people to change over time. Many employees and managers are under significant undisclosed pressure. A few will cheat to solve their problems.

Flawed Belief #2: “Our controls will prevent wrongdoing and fraud.”

Better Belief #2: Controls will not prevent all fraud. They will prevent some schemes and deter others. Controls should be well designed and consistently executed. But beware that in a worst case, controls will just make a potential fraudster or thief change their method. And by definition, anti-fraud controls have only limited effectiveness on employees who are part of the control structure. They are already inside your circle of trust, and can even use the controls they oversee to mask their misconduct.

Flawed Belief #3: “We don’t have a fraud problem here.”

Better Belief #3: “We do have a fraud problem and it’s costing us $______ (fill in your own amount!).” You may think it’s zero, but it’s not. For larger mature organizations, fraud costs in the range of one to two percent of revenue are the norm, not the exception. Assume you’re losing one percent of revenue to wrongdoing. Prove you’re not.

Common Mistake 5: Employee Fraud Prevention Expectations without Skills Training

This one is the biggest and most damaging mistakes, and a gaping hole in most anti-fraud initiatives. Few come to work for you with education and/or job experience that includes in-depth anti-fraud skills. This is just a simple fact. Yet even knowing this, the vast majority of leaders still expect their employees and supervisors to know what fraud looks like and how to respond. ‘Situational incompetence’ and frustration are the inevitable result.

This huge mistake is so easy to fix.

Get serious about Fraud Risk Management Skills Training for all employees. Not just awareness sessions – real skills training. Your employees are your first and last line of defense against wrongdoing. Don’t send them into battle unarmed.

These five mistakes aren’t everything you need to avoid. But they’re a good start. We can help you avoid these and other common mistakes in your Fraud Risk Management Campaign.

Just say the word and we’ll get started today.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

Fraud Prevention Tip #15: How to Estimate Your Fraud Losses

Fraud Prevention Tip #15: How to Estimate Your Fraud Losses

For 15 years, I’ve been asking this simple question of financial and audit leaders at live training events.

“How much did your organization lose to
wrongdoing, theft and fraud last fiscal year?”

Answer: Very few leaders even try to estimate their actual losses. Most CFO’s have no idea and they believe it can’t be calculated. They are wrong.

It’s interesting to me. All the talk and articles about the cost of fraud in business yet so little precision or discipline in estimating losses in specific organizations.

Loss statistics get tossed around without critical review or verification, so much so that these flawed numbers become hard facts in the thinking of many financial leaders. “Losses are equivalent to 5% of revenue” is well publicized, and yet inherently flawed. No for-profit business is incurring year over year fraud losses equal to 5% of revenue. Not if they are still in business.

So, how much are you losing?

Here’s exactly how to estimate it. And it’s easy.

Step One. Get a half-dozen of your best thinkers on this topic in a conference room for one hour. Include finance and accounting, internal audit, loss prevention, legal and compliance, your external accountants, and especially a few well-informed operational leaders. Get someone with deep fraud expertise to round out the group. Make sure everyone you invite has a reputation for relevant knowledge and for speaking up. This isn’t time for politically-motivated games. It’s time for honest, open brainstorming about what can and probably is going wrong.

Step Two. Give your brainstorming team this simple task: List the top seven or eight broad areas where you know you have losses. Tell them, “Don’t over think

Fraud Prevention Tip #15: How to Estimate Your Fraud Losses

Hall Consulting is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of Continuing Professional Education Sponsors – so your training event may qualify for CPE credit as well!

this step; go with your gut.” Start by asking:

• How much of our inventory or other asset ‘shrink’ was really diverted?
• What percentage of our employee time charges, travel costs and purchasing card transactions are inflated?
• What portion of the charges from outsiders have been inflated – by vendors, suppliers, contractors, consultants, property managers and other third-parties on whom we rely?
• What portion of our employee benefit costs have been inflated by outside service providers or employees?
• Where have our financial books been cooked even a little bit to meet organization or work group objectives?
• Where have non-financial results been manipulated so that managers and executives can meet their performance, regulatory or public perception goals?
• What sensitive or proprietary data has been taken from us and used to our detriment?
• What fraud exposures unique to our organization or industry have come to life – things like abuse in insurance claims, government program benefits, or services provided by not-for-profits?
• If we knew from a trusted source that fraud was occurring on our watch, what would it be?

Again – and this is very important – limit this initial list of fraud loss areas to seven or eight tops. This is your low-hanging fruit. I use a 5 by 7 inch index card for this exercise. The very small size of the card implicitly limits the length of the list.

fraud loss score card

Savvy CFOs, accounting and finance managers have taken measures to prevent large-scale fraud and embezzlement. But many organizations still remain dangerously exposed to less grandiose forms of employee theft. The reality in most organizations is that petty crimes of opportunity account for a majority of fraud incidents. Controls are in place to safeguard the family jewels but the less spectacular misappropriations often “fly below the radar” so they are hard to detect and even harder to prevent. As a result, organizations incur small losses (often from multiple perpetrators) over a long period of time … and the running total becomes significant. In fact, studies show that as many as 75% of employee wrong doing never get uncovered … and those that are take place for an average of 18 months before they are stopped.

Step Three. Get the right people to estimate a range of losses for each of these initial seven or eight areas. How much of total inventory shrink is actually due to theft? How much of your construction change orders are inflated during the build up of these charges? What’s the estimate of inflated costs in your employee benefits, time charges and out of pocket reimbursement? The experts or process owners in each area are your best source of this information. Industry associations, benefits consultants, credit card companies, loss prevention and fraud experts, and other sources are helpful as well.

Here’s how to record your results. Complete a Fraud Loss Scorecard like the one in the graphic. Again, don’t overthink or overanalyze your results. If your column totals fall between one percent of revenue (low column) and two percent of revenue (high column), you are on the right track.

Step Four. For one solid year, work every day to cut losses in half in each category on your Fraud Loss Scorecard. This is why we limit the number of areas to seven or eight. To focus attention to the highest payback areas.

Never forget: every dollar saved from fraud losses adds a dollar to income or is available for high value return. Wouldn’t you want to add the equivalent of one percent of revenue to your bottom line in 2015? At zero cost? If I was your CFO, I certainly would!

You see, at the end of the day managing business fraud isn’t only about the triumph of good over evil. It’s also about tracking costs and return on investment.

Whatever your reason for calculating your fraud losses, get started today with this quick and simple approach. Get your leadership team focused. Identify and pick the low-hanging fruit first. Let us know if we can help.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

I want GREAT results

Living ‘Better!’

Jennifer brought an interesting perspective to the coaching meeting. “I’m tired of just getting good results in my life. I want GREAT results.”

Wow – that was a challenging opening statement. So I pushed her for details.

“My boss just gave me my annual review, and he said I was doing good work. He said I’m reliable and was meeting all of his expectations. And a week ago on our anniversary, my husband and I were talking about how content and happy we were together these last nine years.”

“Don’t get me wrong – I’m happy and comfortable both at work and at home. But I’m concerned that ‘comfortable’ is holding me back from what I could be or even must be if I was my highest self. So I’m looking to step it up, and I would like some advice on how to do it. What would you suggest?”

I recently attended an incredible four-day event called High Performance Academy. Program founder and leader Brendon Burchard covered this exact issue – exactly how to live at our highest self. Our ‘Charged’ self, in his terms. Leaving that event I found myself facing the same challenge as Jennifer. Everything was fine.

But ‘fine’ is often the enemy of my key mission of ‘Better!

I silently repeat this mission to myself dozens of times every day:

Better! tomorrow than today.

Better! next week than this week.

Better! next year than right now!

Back to Jennifer and her request for advice. Here are the three things we agreed were essential to live Better! each and every day.

First: mind our health. Good health is essential to all pursuits. It is the very foundation on which we reliably brainstorm, plan and act. Poor health draws down the body’s energy; good health charges it back up.

Do you have thoughts of operating every single day at the highest level possible? Then take care of your self. Exercise, real food, plenty of sleep, hydration, minimal sugar, stress management – sounds like a ton of work. But it isn’t. It’s just how you live each day, making Better! decisions about how you will treat your body and mind at every decision point.

Get conscious about your health. Get healthy. Stay healthy. Simply – be healthy.

The Do What You Can System meets you where you are. It guides and inspires you as you move through an easy, 6-step process. Follow The System, and you’ll achieve real results, both personally and professionally. You’ll get results while making our world a better place. You’ll serve others while meeting your own obligations. You’ll think and you’ll dream. Most important, you’ll take action that moves you in a meaningful direction. How? By following a system that empowers you to reach personal and professional goals … and propels you to achieve extraordinary results!

The Do What You Can System meets you where you are. It guides and inspires you as you move through an easy, 6-step process. Follow The System, and you’ll achieve real results, both personally and professionally. You’ll get results while making our world a better place. You’ll serve others while meeting your own obligations. You’ll think and you’ll dream. Most important, you’ll take action that moves you in a meaningful direction. How? By following a system that empowers you to reach personal and professional goals … and propels you to achieve extraordinary results!

Second, define exactly what our highest self would look like. In our work, marriage, relationships, family, friendships. In every aspect of who and what we want to be. Think it through, say it out loud, write it down, and then take the first steps needed to head towards that goal. Better! Charged!

Third, bring the heat. Moving from ‘fine’ to ‘charged’ is not the time for modest efforts. It’s time for heat. For passion. For massive focused action. Nothing less will work. Not thinking about it; not dreaming about it; certainly not wishing it. Only action will work. Right now with the very next routine decision we need to make. What to eat, how much TV to watch, whether to go for a walk. Thousands of little steps lead to massive sustained change.

Simple Steps – Extraordinary Results– the subtitle of my first book Do What You Can.

As we finished our coaching meeting, Jennifer immediately signed on to these three things. Good health, clarifying exactly what she wants, and massive sustained action through Better! decisions every day starting right now.

How about you?

Let’s get started together.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”

 

 

fraud risk assessment

Fraud Prevention Tip #14: Perform a Useful Fraud Risk Assessment

At least twice every week, a seminar participant will ask about how to conduct a useful fraud risk assessment. Here’s why.

Starting with the Sarbanes-Oxley Act in 2002, regulatory initiatives have suggested or required organizations to perform a ‘fraud risk assessment’. Unfortunately, there’s minimal guidance out there on exactly what’s involved and how far to go. Result: the large consulting and accounting firms push for efforts and documentation that go far beyond what was intended or needed. Bonus revenue for them; extra low-value results for organizations.

Fraud Risk Assessment and Response has been my professional specialty area for over 25 years. So hopefully this gives me a legitimate foundation to offer the following suggestions.

1. Identify What Could Go Wrong?

Fraud Risk Assessment should ask and answer the simple question, “What Could Go Wrong?” Answers should specifically include these five major categories of

Misappropriation or theft of both hard and soft assets, including proprietary business and personal information

Misappropriation or theft of both hard and soft assets, including proprietary business and personal information

wrongdoing:

Misappropriation or theft of both hard and soft assets, including proprietary business and personal information

Intentional misrepresentation of financial information, whether used internally for analysis and decisions or released externally to investors, partners, regulators, lenders and others

Intentional misrepresentation of non-financial information, including program results, product safety, market conduct, or any other important non-financial information used by decision makers or those responsible for oversight

Corruption and Shadow Deals, including any ‘corruption’ of relationships with third parties like vendors, suppliers, contractors, agents, partners or others through kickbacks, bribes, extortion, collusion or other wrongful non-transparent actions

Exposures unique to the organization, such as cyber-crime involving medical records, product formulas, key employee data, marketing plans, customer lists, technology code, research results and any other information stored in electronic form

Step one in any meaningful fraud risk assessment is framing what’s to be included in answering the core question of what could go wrong at the entity, operating and transaction level.

Easy enough to say, but just how do you do it? Read on!

2. Assemble the Fraud Risk Assessment Team

Here the path often splits into two possible directions.

Formal Brainstorming Teams

If you prefer to assemble a formal team to handle the bulk of the risk brainstorming, here’s who should be on the team.

Formal Brainstorming Teams

Brainstorming Teams

1. Finance & Accounting experts
2. Business & Operations experts
3. Risk Management experts
4. Legal & Compliance experts
5. Information technology security experts
6. Auditing experts
7. Fraud and Loss Prevention experts

Increasingly, the position of The Chief Risk Officer is being added to the roster of C-level leaders. This position is often required in financial services, insurance, investments, technology and other industries. If your organization has designated a Chief Risk Officer, this person should not only be on your Fraud Risk Assessment team, they should be leading it!

Informal Brainstorming Teams

Many organizations choose a less formal approach to brainstorming fraud risks. Here, brainstorming occurs at the work team level. Discussions are held in staff meetings and one-on-one between supervisors and subordinates. Emphasis is on department and transaction level exposures employees might see in their daily work. Informal lists of what could go wrong are the result.

Work-group brainstorming usually results in surfacing dozens of risks that formal high-level teams miss. First-level employees and supervisors who are down in the trenches have the potential to identify the nitty-gritty fraud schemes.

The challenge is the potential for inconsistent quality simply because brainstorming is delegated to dozens or perhaps thousands of work-group teams. And then there needs to be a formal mechanism for collecting and collating risk lists. Clear instructions from on high can help. But as with any mandated initiative, consistency of execution in brainstorming, documenting and summarizing risks will vary widely.

Blended Brainstorming Efforts

The best brainstorming results come from a blend of formal and informal efforts. A formal team is identified and charged with coordinating the fraud risk assessment efforts. This team develops and provides instructions and training for work-group level teams to use as they brainstorm and record fraud risks. The combination of formal high-level and informal work-group and transaction level brainstorming provides the best one-two punch combination needed to ensure a meaningful and comprehensive result.

3. Think like a Thief

Regardless of how formally you organize your fraud risk assessment efforts, one key action accelerator is essential. All involved must ‘think like a thief’. Here’s what

A thief (or fraudster, if you prefer) looks at controls as something to be defeated. They view management oversight, analysis, monitoring and approval as steps to be circumvented. They are constantly looking for ways to scam the system for their own benefit.

A thief (or fraudster, if you prefer) looks at controls as something to be defeated. They view management oversight, analysis, monitoring and approval as steps to be circumvented. They are constantly looking for ways to scam the system for their own benefit.

this means.

A thief (or fraudster, if you prefer) looks at controls as something to be defeated. They view management oversight, analysis, monitoring and approval as steps to be circumvented. They are constantly looking for ways to scam the system for their own benefit. They consider how to commit wrongful acts, convert their actions to what they need, and conceal what they have done. They are willing to lie verbally and in the records. Thieves think through the paperwork trail, consider how to fool approvers, and even what general ledger account to charge with their schemes.

This is an area where audit, loss prevention and external experts can really help because they are already familiar with the weaknesses in the control environment.

Thinking like a thief is not just a suggestion – it’s the instruction that is at the very core of fraud risk assessment efforts. Thinking like an honest person won’t do it. Honest people can come up with a hundred different reasons why fraud won’t occur and go undetected on their watch. Thieves think in exactly the opposite manner. They believe it can occur and that they will get away with it.

Brainstorming fraud risks is based on assuming that fraud can, will or already has occurred. Controls and behaviors to plug those opportunities come next.

John J. Hall, CPA

John J. Hall, CPA

John J. Hall, CPA, is an author, speaker and results expert who presents around the world at conventions, corporate meetings and association events. Throughout his 35-year career as a business consultant, corporate executive and professional speaker, John has helped organizations and individuals achieve measurable results. He inspires audience members in corporations, not-for-profit organizations and professional associations to step up, take action and “do what you can.”