Fraud Risk Assessment and Internal Controls Overview

This presentation by Ron Smith & Karen Olivieri from RHR Smith & Co discusses fraud risk assessment, the definition of fraud, types of fraud, fraudster statistics, and the importance of internal controls in preventing and detecting fraud. They also delve into the responsibilities of auditors in providing assurances and performing audit procedures related to fraud detection.

• Fraud Risk Assessment
• Internal Controls
• Auditors
• Fraud Detection
• Fraudster Statistics

maxx_196 Follow

Uploaded on Sep 30, 2024 | 4 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. MMTCTA Fraud Risk Assessment (Outside independent auditors what to expect and internal auditors fraud risk) Presented By Ron Smith & Karen Olivieri, RHR Smith & Co. May 19, 2017 About RHR Smith & Company: RHR does approx 130 of Maine s 500 Municipalities In the past year RHR has Investigated 21+ (18%)cases of Fraud or Abuse Ron & Karen have over 40 years collectively of this specialty area as it pertains to you

2. Definition of Fraud Fraud is an intentional deception made for personal gain

3. Fraud Triangle

4. Types of Fraud Misstatements arising from fraudulent financial reporting. Misstatements arising from misappropriation of assets.

5. Fraudster Statistics Most fraudsters are middle class, white males with a social status. Behavior is learned. Social Status is important to fraudsters About 1 in 5 receive prison time. Other Alternatives Restitution Other Alternatives Community Service

6. Having Said That Out of 21 investigations 0 of the suspects was male (0%) Most of these cases pertaining to Municipalities included, Tax Collector, Treasurer, or Deputy in each instance. 1 Case involved Federal Funds leading to Questioned Costs.

7. Internal Controls & Fraud - Defined An accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error etc. In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. A coordinated system of procedures and techniques designed to safeguard a company s assets, to ensure the accuracy of its accounting records, and to promote efficiency and adherence to prescribed policies.

8. Level of Responsibility - Auditor Auditors Assurances: 3) Auditor s Procedures General (Taken from a standard engagement letter) An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements; therefore, our audit will involve judgment about the number of transactions to be examined and the areas to be tested. We will plan and perform the audit to obtain reasonable rather than absolute assurance about whether the financial statements are free of material misstatement, whether from (1) errors, (2) fraudulent financial reporting, (3) misappropriation of assets, or (4) violations of laws or governmental regulations that are attributable to the entity or to acts by management or employees acting on behalf of the entity.

9. COSO Committee of Sponsoring Organizations Internal Control Framework Image Source: www.journalofaccountancy.com

10. Internal Controls & Fraud 5 Components of Internal Controls 1) Control Environment 2) Risk Assessment 3) Control Activities 4) Information & Communication 5) Monitoring Your Government is Responsible

11. Internal Controls Control Environment It means the overall attitude, awareness and actions of directors and management (i.e. "those charged with governance") regarding the internal control system and its importance to the entity. They express it in management style, government culture, values, philosophy and operating style, the organizational structure, and human resources policies and procedures. IE: System of Integrity, hire competent people, get them trained, reasonable organizational structure.

12. Internal Controls Risk Assessment Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). Quantitative risk assessment requires calculations of two components of risk (R):, the magnitude of the potential loss (L), and the probability (p) that the loss will occur.

13. Internal Controls - Control Activities Control activities. Control activities are the specific policies and procedures management uses to achieve its objectives. The most important control activities involve segregation of duties, proper authorization of transactions and activities, adequate documents and records, physical control over assets and records, and independent checks on performance. A short description of each of these control activities appears below. Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. For example, the same person who is responsible for an asset's recordkeeping should not be responsible for physical control of that asset Having different individuals perform these functions creates a system of checks and balances. Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action. For example, a fixed price list may serve as an official authorization of price for a large sales staff. In addition, there may be a control to allow a sales manager to authorize reason able deviations from the price list.

14. Internal Controls - Control Activities (Cont) Adequate documents and records provide evidence that financial statements are accurate. Controls designed to ensure adequate recordkeeping include the creation of invoices and other documents that are easy to use and sufficiently informative; the use of pre-numbered, consecutive documents; and the timely preparation of documents. Physical control over assets and records helps protect the company's assets. These control activities may include electronic or mechanical controls (such as a safe, employee ID cards, fences, cash registers, fireproof files, and locks) or computer- related controls dealing with access privileges or established backup and recovery procedures.

15. Internal Controls Information & Communication Information should be recorded and communicated to management and others within the entity who need it and in a form and within a time frame that enables them to carry out their internal control and other responsibilities.

16. Internal Controls Monitoring Monitoring occurs in the course of normal operations. It is performed continually and is ingrained in the agency s operations. It includes regular management and supervisory activities, comparisons, reconciliations, and other actions people take in performing their duties. Monitoring should assess the quality of performance over time and ensure that the findings of audits and other reviews are promptly resolved.

17. Types of Fraud or Mismanagement: Monetary Theft (Town Office, Recreation, Transfer Station, Rescue, Library) Travel Abuse Use of Postage Meter For Personal Use Cell Phone Abuse for Personal Use Use of Inventoried Gasoline Personal Use of Government Credit Accounts Such as Sams, Walmart, Staples Awarding of Contracts Creating Personal Gain Payroll Fraud Misuse of Federal & State Funds. Non filing of Liens (Collector & Liens)

18. Treasurer: 5603. Powers and duties The treasurer has the following powers and duties. [1987, c. 737, Pt. A, 2 (NEW); 1987, c. 737, Pt. C, 106 (NEW); 1989, c. 6, (AMD); 1989, c. 9, 2 (AMD); 1989, c. 104, Pt. C, 8, 10 (AMD).] 1. Powers. The treasurer may: A. Make deductions from the salary of a municipal employee and pay the money deducted to the proper payee, when the employee gives the written authority to do so. The treasurer's authority to make a deduction continues until: (1) The employee revokes the authorization in writing; or (2) The treasurer knows that the reason for the deduction no longer exists. [1987, c. 737, Pt. A, 2 (NEW); 1987, c. 737, Pt. C, 106 (NEW); 1989, c. 6, (AMD); 1989, c. 9, 2 (AMD); 1989, c. 104, Pt. C, 8, 10 (AMD).] [ 1987, c. 737, Pt. A, 2 (NEW); 1987, c. 737, Pt. C, 106 (NEW); 1989, c. 6, (AMD); 1989, c. 9, 2 (AMD); 1989, c. 104, Pt. C, 8, 10 (AMD) .]

19. Treasurer (Continued) 2. Duties. The treasurer shall: A. Except as provided in subparagraphs (1) to (3), and except as otherwise provided by charter or ordinance, disburse money only on the authority of a warrant drawn for the purpose, affirmatively voted and signed by a majority of the municipal officers. (1) The municipal officers may adopt a written policy to permit the disbursement of employees' wages and benefits when a disbursement warrant has been signed by one or more designated municipal officers. The policy must be filed with the town clerk and the municipal treasurer and renewed annually by vote of the municipal officers. (2) The municipal officers may adopt a written policy to permit the disbursement of payments for municipal education costs when a disbursement warrant has been signed by the school superintendent and approved by a majority of the school board or by a finance committee appointed or duly elected by the school board. The policy must be filed with the town clerk and the municipal treasurer and renewed annually by vote of the municipal officers. (3) The municipal officers may adopt a written policy to permit the disbursement of state fees when a disbursement warrant has been signed by one or more designated municipal officers. The policy must be filed with the town clerk and the municipal treasurer and renewed annually by vote of the municipal officers; [2009, c. 6, 1 (AMD).]

20. Treasurer (Continued) B. Upon request, provide an account of the finances of the municipality and exhibit the official records to the municipal officers or to any committee appointed by them to examine the accounts. The municipal officers shall examine the treasurer's accounts at least once every 3 months; and [1987, c. 737, Pt. A, 2 (NEW); 1987, c. 737, Pt. C, 106 (NEW); 1989, c. 6, (AMD); 1989, c. 9, 2 (AMD); 1989, c. 104, Pt. C, 8, 10 (AMD).] C. Maintain a bank account in the municipality's name for the deposit of cash receipts. The treasurer shall deposit all cash receipts in the bank within 10 days. The treasurer may not commingle funds of the municipality with any personal funds or in any personal account of the treasurer. [2009, c. 193, 2 (AMD).] [ 2009, c. 6, 1 (AMD); 2009, c. 193, 2 (AMD) .] SECTION HISTORY 1987, c. 737, A2,C106 (NEW). 1989, c. 6, (AMD). 1989, c. 9, 2 (AMD). 1989, c. 104, C8,10 (AMD). 1991, c. 271, (AMD). 1993, c. 96, 2 (AMD). 1995, c. 83, 1 (AMD). 1995, c. 549, 1 (AMD). 2009, c. 6, 1 (AMD). 2009, c. 193, 2 (AMD).

21. Tax Collector: 753. Municipal tax commitment; form The State Tax Assessor shall annually, before April 1st, prescribe the form of the municipal tax commitment to be used by municipal assessors in committing property taxes to the municipal tax collector. [P&SL c. 78, 21.] 755. Bond The municipal officers shall require each tax collector to give a corporate surety bond for the faithful discharge of his duty, to the inhabitants of the municipality, in the sum, and with such sureties as the municipal officers approve. The tax collector may furnish a bond signed by individuals if such individuals submit to the municipal officers a detailed sworn statement as to their personal financial ability, which shall be found acceptable by the municipal officers. [1973, c. 695, 18 (RPR).] Such bond shall, after its approval and acceptance, be recorded by the clerk in the municipal records, and such record shall be prima facie evidence of the contents of such bond, but a failure to so record shall be no defense in any action upon such bond. [1973, c. 695, 18 (RPR).] SECTION HISTORY 1973, c. 620, 25 (AMD). 1973, c. 695, 18 (RPR).

22. Tax Collector: (Continued) 757. Receipts for taxes When a tax is paid to a tax collector, he shall prepare a receipt for each payment; and upon reasonable request therefore, shall furnish a copy of such receipt to the taxpayer. 759. Accounting; penalties Every tax collector shall, on the last day of each month, pay to the municipal treasurer all moneys collected by him, and once in 2 months at least shall exhibit to the municipal officers a just and true account of all moneys received on taxes committed to him and excise taxes collected by him, and produce the treasurer's receipt for money by him paid. For each neglect, he forfeits to the municipality $100 to be recovered by the municipal officers thereof in a civil action. 759-A. Prohibition on commingling funds A tax collector is prohibited from commingling personal funds with any funds collected for a municipality while performing the duty of tax collector. [2009, c. 193, 3 (NEW).] 760. Perfection of collections Municipal assessors, or municipal officers in the case of primary assessing areas, shall specify in the collector's warrant the date on or before which the tax collector shall perfect his collections. Such date shall not be less than one year from the date of the commitment of taxes. In the event that no time is specified in the collector's warrant, tax collectors shall perfect their collections within 2 years after the date of the commitment of taxes. [1973, c. 695, 19 (AMD).] . 761. -- failure; action An action against a tax collector for failure to perfect his tax collections shall be commenced within 6 years after the date of such collector's warrant.

23. Risk Assessments Outside Independent Auditor See Attachment A

24. Auditors Fraud Risk Assessment Outside Independent Auditor See Attachment B

25. Auditors Fraud Risk Assessment Area s of Risk 1 - Employee Assessment 2 - Management/Key Employee Assessment 3 - Physical Controls 4 - Skimming Schemes 5 - Cash Larceny Scheme 6 - Check Tampering Schemes 7 - Cash Register Schemes 8 - Purchasing and Billing Schemes 9 - Payroll Schemes 10 - Expense Schemes 11 - Theft of Inventory and Equipment 12 - Theft of Proprietary Information 13 - Corruption 14 - Conflicts of Interest 15 - Fraudulent Financial Reports

26. 1 - Employee Assessment Questionnaire Key 1. Are employees provided formal written job descriptions? In addition to clarifying what employees are responsible for, job descriptions signify what employees are not responsible for. Employees who perform duties outside of their job descriptions represent a significant red flag. 2. Does the company have written accounting policies and procedures? Accounting policies and procedures, including those related to fraud, should be documented, implemented, and communicated to employees. 3. Is there a formal policy covering approval authority for financial transactions, such as purchasing or travel? In order to safeguard assets and financial reporting, companies should develop and implement policies for determining how financial transactions are initiated, authorized, recorded, and reviewed. 4. Does the company have written fraud policies and procedures? The company should document and implement fraud policies and procedures that describe (1) fraudulent conduct, (2) punishment for engaging in fraudulent conduct, and (3) how to report fraudulent conduct. 5. Doesthe company conduct pre-employment background checks? Before offering employment to an applicant, a company should conduct a pre-employment background check. 6. Are the duties related to authorization, custody of assets, and recording or reporting of transactions segregated? The company should segregate the duties related to authorization, custody of assets, and recording or reporting of transactions. 7. Is there a lack of clear organizational responsibilities in the company? A lack of clear organizational responsibilities can lead to confusion and frustration for employees. Organizational charts and job descriptions can be used to clarify organizational responsibilities.

27. 2 - Management/Key Employee Assessment Questionnaire Key 1. Is the Board of Selectmen/Council related to any municipal employed individuals? The Governing Board should include independent board members from all municipal employed individuals. Almost impossible. 2. Is there an independent audit committee? Independent audit committee members with financial and accounting expertise can be instrumental in preventing and detecting financial fraud. 3. Has any key employee failed to take vacation? Requiring key employees to take annual vacations can aid an employer in detecting an ongoing fraud scheme because the employer is more likely to discover a perpetrator running such a scheme when the perpetrator is removed from the scene. 4. Does the municipality have problems with regulatory agencies? The company should determine the reasons for the problems with regulatory agencies and implement measures to encourage compliance with regulations. 5. Does the municipality have poor accounting records? The municipality should implement proper accounting records. 6. Does the accounting department appear to be inadequately staffed? The accounting department should be adequately staffed to allow for proper segregation of duties. 7. Does the municipality lack an internal control system, or does it fail to enforce the existing internal controls? Municipality should establish and enforce an internal control system.

28. 3 - Physical Controls Questionnaire Key 1. Does the municipality conduct pre-employment background checks to identify previous dishonest or unethical behavior? Before offering employment to an applicant, a municipality should conduct a pre- employment background check. 2. Are there policies and procedures that address dishonest or unethical behavior? The municipality should document and implement policies and procedures that describe (1) unethical conduct, (2) punishment for engaging in unethical conduct, and (3) how to report unethical conduct. 3. Does the municipality restrict access to areas containing sensitive documents (such as invoices, receipts, journals, ledgers, and checks) and maintain a system for providing an audit trail of access? Access to areas containing sensitive documents should be restricted to those individuals who need the information to carry out their jobs. Also, an audit trail of access should be maintained. from having time to alter, destroy, and misplace records and other evidence of their offenses. 4. Does the organization promptly investigate incidents of suspected or reported fraud? Promptly investigating incidents of suspected or reported fraud can minimize losses.

29. 4 - Skimming Schemes Questionnaire Key 1. Is there periodic analytical review of revenue accounts using year to year comparative analysis? Periodic analytical review of sales accounts using vertical, horizontal, and ratio analysis can highlight discrepancies that point to skimming. 2. Is there periodic review of the inventory and receiving records using statistical sampling? Periodic review of the inventory and receiving records using statistical sampling can highlight discrepancies that point to skimming. 3. Is there periodic review of accounts receivable and allowance for uncollectible accounts to look for write-offs of accounts receivable? Accounts receivable and allowance for uncollectible accounts should be reviewed periodically for write-offs of accounts receivable. 4. Is there periodic review of cash accounts for irregular entries? Cash accounts should be reviewed periodically for irregular entries. 5. Is the company mail opened by someone other than bookkeepers, cashiers, or other accounting employees who make journal entries? Company mail should be opened by someone other than bookkeepers, cashiers, or other accounting employees who make journal entries. 6. Is each of the following responsibilities assigned to a separate employee: general ledger entries, cash receipt entries, and accounts receivable billing? Having different employees perform these tasks helps minimize the potential for the concealment of theft. 7. Is cash deposited daily? Daily bank deposits should be made so that excess cash does not remain on the premises. 8. Are employees who handle cash bonded? Employees who handle cash should be bonded in order to protect against theft.

30. 5 - Cash Larceny Scheme Questionnaire Key 1. Are cash register journals reconciled to the amount in the cash drawer? Cash register journal totals should be reconciled to the amount in the cash drawer. Any discrepancies should be investigated. 2. Is access to registers or the cash box closely monitored? Are access codes kept secure? Access to registers or the cash box should be closely monitored and access codes should be kept secure. 3. Does a person independent of the cash receipts and accounts receivable functions compare entries to the cash receipts journals with the bank deposit slips and bank deposit statements? Companies should assign a person independent of the cash receipts and accounts receivable functions to compare entries to the cash receipts journals with the bank deposit slips and bank deposit statements. 4. Are the cash receipts, cash counts, bank deposits, deposit receipt reconciliations, bank reconciliations, posting of deposits, and cash disbursements duties segregated? The primary way to prevent cash larceny is to segregate duties. 5. Are surprise cash counts conducted? Surprise cash counts help prevent fraud perpetrators from having time to alter, destroy, and misplace records and other evidence of their offenses. 6. Are journal entries made to the cash accounts reviewed and analyzed on a regular basis? Journal entries made to the cash accounts should be reviewed and analyzed on a regular basis.

31. 6 - Check Tampering Schemes Questionnaire Key 1. Are unused checks stored in a secure container with limited access? Blank checks, which can be used for forgery, should be stored in a secure area such as a safe or vault. Security to this area should be restricted to authorized personnel. 2. Are unused checks from accounts that have been closed promptly destroyed? Companies should promptly destroy all unused checks from accounts that have been closed. 3. Are printed and signed checks mailed immediately after signing? Printed and signed checks should be mailed immediately after signing. 4. Do company checks contain security features to ensure their integrity? Companies can reduce their exposure to physical check tampering by using checks containing security features, such as high-resolution microprinting, security inks, and ultraviolet ink. 5. Has the company notified its bank to not accept checks over a predetermined maximum amount? Companies should work in a cooperative effort with banks to prevent check fraud, establishing maximum dollar amounts above which the company s bank will not accept checks drawn against the account. 6. Is the employee who prepares the check prohibited from signing the check? Check preparation should not be performed by a signatory on the account. 7. Are detailed comparisons made between the payees on the checks and the payees listed in the cash disbursements journal? Companies should perform detailed comparisons of the payees on the checks and the payees listed in the cash disbursements journal. 8. Are bank reconciliations completed immediately after bank statements are received? Companies should complete bank reconciliations immediately after bank statements are received. The Uniform Commercial Code states that discrepancies must be presented to the bank within 30 days of receipt of the bank statement in order to hold the bank liable. Questionable payees or payee addresses should trigger a review of the corresponding check and support documentation. 9. Are two signatures required for check issuance? Requiring dual signatures on checks can reduce the risk of check fraud.

32. 7 - Cash Register Schemes Questionnaire Key 1. Are refunds, voids, and discounts evaluated on a routine basis to identify patterns of activity among employees? Municipalities should routinely evaluate refunds, voids, and discounts to search for patterns of activity that might signal fraud. 2. Is there a sign posted at the register asking the customer to request and examine a sales receipt? Signs asking customers to request and examine sales receipts should be posted at registers. 3. Are customers that are involved in voided sales and refunds randomly contacted to verify the accuracy of the transaction? Customers involved in voided sales and refunds should be randomly contacted to verify the accuracy of the transactions. 4.. Is documentation of void and refund transactions maintained on file? Documentation of void and refund transactions should be maintained on file. 5. Is an employee other than the register worker responsible for preparing register count sheets and comparing them to register totals? An employee other than the register worker should be responsible for preparing register count sheets and comparing them to register totals. 6. Does each cashier have a separate access code to the register? Each cashier should be assigned a separate access code to the register. 7. Does each cashier have a separate cash drawer? Each cashier should have a separate cash drawer. 8. Is an over and short log kept for each person and/or register? An over and short log should be kept for each person and/or register. 9. Are over and short incidents thoroughly investigated and monitored? Over and short incidents should be thoroughly investigated and monitored.

33. 8 - Purchasing and Billing Schemes Questionnaire Key 1. Does the organization have a purchasing department? The organization should have a purchasing department that is separate from the payment function. 2. Is the purchasing department independent of the accounting department? The purchasing department should be independent of the accounting, receiving, and shipping departments. 3. Do purchase requisitions require management approval? Management should approve all purchase requisitions. 4. Do purchase orders specify a description of items, quantities, prices, and dates? Purchase orders should specify a description of items, quantities, prices, and dates. 5. Are purchase order forms pre-numbered and accounted for? Purchase order forms should be pre-numbered and accounted for. 6. Does the company maintain a master vendor file? The company should maintain a master vendor file. 7. Are competitive bids required for all purchases? Companies should require competitive bids for all purchases. 8. Are purchasing and receiving functions separate from invoice processing, accounts payable, and general ledger functions? Purchasing and receiving functions should be segregated from invoice processing, accounts payable, and general ledger functions. 9. Are vendor invoices, receiving reports, and purchase orders matched before the related liability is recorded? Companies should match vendor invoices, receiving reports, and purchase orders before recording the related liability.

34. 9 - Payroll Schemes Questionnaire Key 1. Is the employee payroll list reviewed periodically for duplicate or missing Social Security numbers? Organizations should check the employee payroll list periodically for duplicate or missing Social Security numbers that may indicate a ghost employee or overlapping payments to current employees. 2. Are personnel records maintained independently of payroll and timekeeping functions? Personnel records should be maintained independently of payroll and timekeeping functions. 3. Are references checked on all new hires? Organizations should perform reference checks on all new hires. 4. Are sick leave, vacations, and holidays reviewed for compliance with company policy? Sick leave, vacations, and holidays should be reviewed for compliance with company policy. 5. Are appropriate forms completed and signed by the employee to authorize payroll deductions and withholding exemptions? Employees should complete and sign appropriate forms to authorize payroll deductions and withholding exemptions. 6. Is the payroll bank account reconciled by an employee who is not involved in preparing payroll checks, does not sign the checks, and does not handle payroll distribution? The payroll bank account should be reconciled by an employee who is not involved in preparing payroll checks, does not sign the checks, and does not handle payroll distribution. 7. Are payroll registers reconciled to general ledger control accounts? Payroll registers should be reconciled to general ledger control accounts. 8. Are new employees required to furnish proof of immigration status? Companies must require new employees to furnish proof of immigration status. 9. Does any change to an employee s salary require more than one level of management approval? Changes to an employee s salary should require more than one level of management approval.

35. 10 - Expense Schemes Questionnaire Key 1. Are the expense accounts reviewed and analyzed periodically using historical comparisons or comparisons with budgeted amounts? Companies should periodically review and analyze expense accounts using historical comparisons or comparisons with budgeted amounts. 2. Do employee expense reimbursement claims receive a detailed review before payment is made? Employee expense reimbursement claims should receive a detailed review before payment is made. 3. Are employees required to submit detailed expense reports? Employees should be required to submit detailed expense reports containing receipts, explanations, amounts, etc. 4. Is a limit placed on expenses such as hotels, meals, and entertainment? Companies should place a spending limit on expenses such as hotels, meals, and entertainment. 5. Are receipts required for all expenses to be reimbursed? Companies should require receipts for all expenses to be reimbursed. 6. Are supervisors required to review and approve all expense reimbursement requests? All expense reimbursement requests should be reviewed and approved by supervisors.

36. 11 - Theft of Inventory and Equipment Questionnaire Key 1. Has a recent inventory of municipal equipment, listing serial numbers and descriptions, been completed? Companies should inventory company equipment and maintain a list of the equipment, serial numbers, and descriptions. 2. Does the company assign an individual from outside of the department to conduct the department s inventory? An employee who doesn t work in the department should be assigned to conduct the department s inventory. 3. Are analytical reviews of beginning inventory and ending inventory conducted periodically to look for unexplained differences? Analytical reviews of beginning inventory and ending inventory should be conducted periodically. Any discrepancies should be investigated. 4. Does someone independent of the purchasing, receiving, and warehousing functions physically count the inventory? Physical inventory counts should be conducted by someone independent of the purchasing, receiving, and warehousing functions. 5. Are quantities of materials received counted and compared to purchase orders? Quantities of materials received should be counted and compared to purchase orders. 6. Is there a written policy allowing management to inspect all desks, file cabinets, and other containers on municipal property? Companies should document and implement a written policy allowing management to inspect all desks, file cabinets, and other containers on municipal property.

37. 12 - Theft of Proprietary Information Any Municipality develop a blueprint? IE Road Management System?

38. 13 - Corruption Questionnaire Key 1. Is there a municipal policy that addresses the receipt of gifts, discounts, and services offered by a supplier or customer? Organizations should implement a policy that addresses the receipt of gifts, discounts, and services offered by a supplier or customer. 2. Is there an established procurement policy? Organizations should establish a bidding policy. 3. Are purchases reviewed to identify favored vendors? Purchases should be reviewed to identify favored vendors. 4. Are purchases reviewed to identify excessive amounts? Purchases should be reviewed and any excessive amounts should be investigated. 5. Are pre-bid solicitation documents reviewed for any restrictions on competition? Pre-bid solicitation documents should be reviewed for any restrictions on competition. 6. Is communication between bidders and purchasing employees restricted? municipalities should restrict and monitor communication between bidders and purchasing employees.

39. 14 - Conflicts of Interest Questionnaire Key 1. Are there periodic comparisons of vendor information with employee information, such as addresses and telephone numbers? Organizations should conduct periodic comparisons of vendor information with employee information, such as addresses and telephone numbers. 2. Are vendors who employ former company employees under increased scrutiny? Vendors who employ former company employees should be under increased scrutiny for potential conflicts of interest. 3. Does the organization have a reporting procedure for personnel to report their concerns about vendors receiving favored treatment? Organizations should provide personnel with a confidential system for reporting concerns about vendors receiving favored treatment. 4. Does the organization require vendors to sign an agreement allowing vendor audits? Organizations should require vendors to sign an agreement allowing vendor audits. 5. Are vendor audits conducted by someone independent of the purchase, sales, billing, and receiving departments? Vendor audits should be conducted by someone independent of the purchase, sales, billing, and receiving departments.

40. 15 - Fraudulent Financial Reports Questionnaire Key 1. Are the organization s accounting records in proper form? Organizations should maintain accounting records in proper form. 2. Does the organization employ an adequate number of accounting employees? The accounting department should be adequately staffed to allow for proper segregation of duties. 3. Does the organization have an effective internal audit staff? An effective internal audit staff can focus on high-risk areas for fraud and can identify new vulnerabilities, measure the effectiveness of internal controls, and signal that fraud prevention is a high priority for the company. 4. Are proper internal controls established and maintained? Organizations should establish and enforce an internal control system.

41. What our Profession wants us to do Attachment C

42. Questions & Answers: Ron Smith, CPA, CFE Principal, RHR Smith & Company 3 Old Orchard Road Buxton, Maine 04093 (800) 300-7708 rsmith@rhrsmith.com Karen Olivieri Audit Manager, RHR Smith & Company 3 Old Orchard Road Buxton, Maine 04093 (800) 300-7708 kolivieri@rhrsmith.com