In this blog, we're looking at how to write a fraud action statement using the payroll function as a way to understand the starting process for a fraud audit.
But first, here are the answers for the trivia from the last blog:
1. What was the biggest corporate lawsuit settlement? $206 billion, paid by the nation’s four largest tobacco companies.
2. Excluding the tobacco lawsuit, what is the aggregate dollar value of the next 10 large corporate settlements? $88 billion dollars.
3. What is a stockholder derivate lawsuit? One brought by a shareholder or group of shareholders on behalf of the corporation against the corporation's directors, officers, or other third parties who breach their duties.
4. Are banks being sued for how they administered the first-come first-serve provision of the PPP Loan program? Yes, customers of Bank of America, JP Morgan Chase, and Wells Fargo have sued the banks in federal court.
5. What cost Walmart more money to settle the FCPA allegations - fines & penalties or forensic accounting and legal fees? The fines totaled $282 million whereas the professional fees totaled $870 million.
6. Are lawsuits an indicator of weak internal controls? (This is an opinion question versus a fact statement). In my opinion, the answer is an unequivocal yes. My guess is that if you study large corporate lawsuits, you will find weaknesses in the governance aspect of COSO. My further guess is the tension between revenue generation and warranties for customers causes adverse tension. My last guess is that they all involve senior management, not necessarily all senior management, but one or more.
Are you sure you are focusing on high-risk?
Creating the Ghost Employee Fraud Risk Statement
The entity segment is the primary element. So, our first step is to identify the entity permutations. In this step, I have identified the entity structure and provided a brief explanation of the entity structure.
1. Fictitious employee occurs by creating an identity for a person that does not exist in real life.
2. Assumed identity employee occurs by taking over the identity of a real person for either a temporary period or permanently.
3. Assumed identity by reactivating a terminated employee for either a temporary or permanent period.
4. Assumed identity of a real person who is not complicit in the scheme and is added to your human resource database.
5. Real employee complicit in the fraud action. In payroll, complicity is defined as the real employee receiving the payroll payment.
6. Real employee not complicit in the fraud action. In payroll, complicity is defined as the real employee does not receive the payroll payment.
The secondary element is financial gain. I believe there are two primary items, theft of monetary funds or paying a bribe to someone.
The first person is always the person with direct access, so the correct answer is the payroll function. The next answer is the person with indirect access, so the correct answer is the department manager or senior member of manager. If we consider cybercrime, then we could state computer hacker.
The fraud action statement is the same for every ghost employee fraud risk statement; “Paid for services not performed”.
Now that we have identified all of the parts, it is time to combine the elements into a fraud risk statement. We start with the primary element and then change the person committing or the financial gain. The following four examples illustrate the methodology.
Etc.
As a reminder,
Now we can start creating the fraud audit program.
Next month we will show you how to link the audit program to the fraud risk statement.
I thought we needed a break from fraud trivia, hope you enjoy it.
1. Was Christmas ever illegal? True or False?
2. Is KFC one of the most popular Christmas meals in Japan? True or False?
3. What retail store created Rudolph the red nose reindeer?
4. Which band had the most Christmas hits?
5. Which countries write the most letters to Santa Claus?
6. Which country has the cleverest postal code for Santa Claus?
7. Who wrote the most Christmas songs?
8. Which food group is named after Christmas?
FYI, I was surprised at most of the answers.