Since fraud is present at some level in every organization, IACA includes fraud detection as a part of its annual work plan. Yes, even here at RIT, fraud and theft is occurring as you are reading this article and yes, some employees have been terminated for their actions.
IACA investigates various types of fraudulent activity including:
falsification of travel expense reports
personal purchases charged to Institute procurement cards
forgeries of signatures on petty cash, invoice payment forms, and travel expense reports
The underlying reasons for such activities include:
lack of management oversight
lack of segregation of duties
lack of appropriate ledger review
Appropriate management oversight includes, at a minimum, a cursory review of the ledger activity by the person who is fiscally responsible for the ledger accounts (i.e. the department director, division vice president, college dean, or principle investigator).
Adequate segregation of duties occurs when one person alone is not responsible for all aspects of the financial activity in the account (generating the form of payment, approving it, reviewing ledger activity, and reconciling deposit amounts).
Appropriate ledger review includes reconciling each charge or deposit on the ledger reports to supporting documentation.
The following are best practices for preventing fraud:
Be diligent. If something you are witnessing does not seem right, question it or report it to the anonymous RIT Ethics Hotline, IACA, or Campus Safety.
Review your Oracle ledger activity for unusual items.
Appropriately safeguard Institute procurement cards.
Secure departmental petty cash funds.
Obtain keys, identification cards, and procurement cards from terminated employees.
Assure there are appropriate internal controls in place for adequately safeguarding cash receipts throughout the revenue cycle.
Assure segregation of duties exists.
The vast majority of Institute personnel are ethical, well intentioned, and desire to conduct Institute business activities with utmost propriety. However, there are some employees that are breaching the Institute’s and their supervisor’s trust by making fraudulent choices.
In the next issue we will answer the question, “Why do people commit fraud?”
So, It’s Your Turn to be Audited……….
When you are notified that your department or operating unit will be receiving a visit by Institute Audit, Compliance & Advisement (IACA), don’t be unnecessarily concerned. IACA performs a variety of audit and review engagements throughout campus every year.
One of the goals of IACA is to assist departments by offering recommendations on how to improve their internal controls so that they will not be as susceptible to fraud, will not rely on improper information, and will avoid situations that can get in the way of achieving the department’s objectives. If your department is selected for an audit we will try to select a time of year that works best for you, although some disruption may be unavoidable. We are hoping that by providing some insight into the audit process, your anxiety level will be reduced when we call to schedule an audit or review engagement with your department.
Why us, what did we do to deserve an audit?
Each year, IACA performs an Institute-wide risk assessment. The results of that risk assessment process provide the basis for the development of IACA’s annual work plan. IACA’s work plan is comprised of audits, business process reviews, questionnaire reviews, and continuous (fraud) auditing. If your department is selected for an audit, it does not necessarily mean that there is a problem in your area. Your department may have been chosen because of the nature of the work that it does on campus, the length of time since you’ve been audited, or for other reasons. Regardless, the IACA staff understands that an audit can be disruptive to your operation; therefore, we will work closely with you on manageable dates and reporting timelines.
The Audit Planning Phase
This is a very important part of our audit process. A well planned engagement will provide us and our client with an efficient and well-run audit. IACA staff will generally meet two times with the client department during this phase to obtain important specific operational information, discuss any management concerns, review the audit timeline, identify key contacts, and review the audit scope. Much of this phase happens within the walls of the IACA offices.
The Audit Fieldwork Phase
This phase is when the actual audit work is performed and is conducted both at the client’s site and in the IACA offices. The fieldwork is generally led by a senior internal auditor and may include the use of a staff internal auditor or a co-op student auditor. It is possible that you will have some interaction with IACA’s Associate Director or Executive Director during this phase as well.