HomeMy WebLinkAbout08122019 City Council Laydown - Best Practices in Fraud Prevention City. of Seward
Best Practices
in
Fraud Prevention
Wednesday,August 14, 2019 1
0 0
Discussion Items
Best Practices to Prevent Fraud
Segregation of Duties: initiating, authorizing, preparing, signing, mailing and reconciling
Internal Controls
Banking Controls
Auditor's Role
Wednesday,August 14, 2019 2
Segregation of Duties
S a�ra' ii ire ofduties �t
Separation of dutjjes its the coiiicept of li`u,a ing mor-le more than alit e person
required to, c:l0imp le�t�e a task. hi, business the separation by shaifln
Of a or-1 than one irm�911i��ii�lllILOI in Tonle�siingl task i8 are linternal cont�r llll
int� nided to, prevent fraud and error. " liilkiipedi,
Wednesday,August 14, 2019 3
IMulltii-L. v II Appirovall lPirocess
R � T1 ATIE R q u u ii ii ii o Iru (o ii c )
�W AUTHORIZEpuwulydh (IDelpairtiment IFN d) approves verndoir, coding, puirdhase
and dhairges
R IRI :II (IDepuwuty Flinaince Director) coding, quotes, aimournts
R IRI :II / IPIPIROVI (IFlinairuc Director) iiteims, process, coding, Ibudget
R APPROVE ( iity I Iru Ir)
R lEaclh IReq uwu ii ii bl o in !is Il c iro in!Ica 11 lly date, bl im , pp Irov lr- t Irru ped
R IRoutiling dllslpllays on every Ir q uwu ii ii bl o Iru
R IPayalblles Clleirlk sends IP to ve in d o lr
RAudi!toirs irevilew bu lly.-added veindolr
RAudi!toirs co m Ida Ire - ii Iru fo rm tii o Iru fo Ir Irru p II oy / ii ty offliblalls wilth
payments
Wednesday,August 14, 2019 4
{
R II II ilinvolices it c iiv d lby PayalbIles Clleirlk
R Coded lby department ent staff
RAut1hoirlized lby Department ent IHead
R IRevilewed and approved lby I'llinaince C ii it cto it
R IRevilewed and approved lby Clity IMainageir
R IPayalbIles Clleirlk einteirs b it lI II to the 1p ii d
R Deputy or Filinaince C ii it cto it irevilews c lh ec lk v irii fli c tii o ru it 1po in ( rn a irii rng
Ipirop it v irndoir® invoice airrnournL irnaLclhes Llhe airrnouir L Lo the 1paiid® accouir L coding,
Ipirop it siiginaLuires Ihave b rn obLalirn d® IPO rnuirrnb it ® Lc„)
R Deputy or Filinaince Director aut1hoirlizes batch to the 1p iid
R IPayalbIles Clleirlk 1p irii ru t /im a!ills c lh c Ik
RAccountant conducts lb sulk it corubillii tiioru
Wednesday,August 14, 2019 5
R Deputy or Flinaince D ii it cto it o iru Ily, inn uwu t ellectiroin!Ica IIlly aut1hoirlize c Ih c Ik
to the Ipiriiinted; clheclk Iliit it lllly c iruinot the Ipiriiinted wilt1hout tlhlls step
R All II aut1hoirlizatiloins aire d fie/t ii inn /ii iru d iiv ii d uwu II appiroveir staimped
R IPayalblles Clleirlk c iru iru o t aut1hoirlize c Ih c Ik to the Ip irii iru fed; c iru o iru Ily Ip irii in t
t h irn oince aut1hoirlized at Ih it g h it II v II
R IP y lb ll Il irlk its custodilain of (Il oclk d) c lh ec lk stock, silinglle Ik y
R Nell-their IDeputy iru o it ID ii it cto it cairn Ip irii in t c Ih cIk (iru o access to c Ih c Ik
oclk)
R Use of Ib irulkiiiru tooll to prevent fir uwud
R IPayalblles Clleirlk relpoirts p uwu irdh xc d ii in c ii ty irnainageir's speindiling
uwu tIh o irii ty, !!in the Couinclill Ip c Ike t
R IPayalblles Clleirlk, IDeputy iru d Flinaince D ii it c o ir, aind ClIty IMainageir einsuire
that puirdhases exceedilingc ii ty irnainageir's speindilinguwu 1h o irii ty Ih v
lbeein aut1hoirlized Iby CouinclH
Wednesday,August 14, 2019 6
Segregation of Duties. PAYROI.J.,
R IP y iro ll ll does not !issue im in u ll c lh ec lk ; allll d ii it ct d 1po ii t
R lEirnlplloyee einteirso iru bl im 1h t ellectiroin!Ica Illy
R ID iiv ii ii o iru Ihead and ID 1pt Ihead irevilew/alplpirove bl im 1h t
R ii ty IMainageir approves t ii im 1h t for ID 1pt Iheads
R Tilimes1heet correctiloins wire made Iby IP y iro ll ll; im ru uwu ll bl im 1h t 1p irii ru t d
o uwu t and irequilires eirnlplloyeeand ID IH appirovall of the co rr ctii o ru Ib fo it
1p yd y (v ii -irn ii ll and th iru Iby ire tuwu irru of im iru uwu ll -- 1p 1p ir- bl im 1h )
R IP y iro 1111 Clleirlk 1p it 1p it H data hills Ib uwu t cannot uwu 1p ll o d/ uwu tlh o irii /win d
RACH data hills its irevilewed, uwu 1p ll o d d and sent Iby Deputy IFii ru ru c
Director or Filinaince Director. Changes cannot The made to ACH after
cireated Iby IP yiro1111„
RACH its it co ru c ii ll d to IP y iro ll ll duiriling lb ru lk it co ru c ii ll ii t ii o ru lby Accountant
R IFir uwu d too ll „ ACH d 1b ii t 1p iro sec tii o iru avoilds uwu iru uwu tlh o mi d d 1b ii t Piro irn Clity
account
R IP y iro 1111 comes o uwu t of silinglle Z IBA account swelpt !!into silinglle
co iru c iru t it tii o iru account. Use of silinglle account im ii iru ii im ii fir uwu d
o 1p 1po irtuwu in ii ty
Wednesday,August 14, 2019 7
SH RECIEWIS
"? gation of Duties.
.. .:
RCashileirs Ihave ii iru d iiv ii d uwu II lodkiling caslh diraweirs
R ITV o slhairiling of caslh diraweirs
R IDiraweirs wire Il odk d !!in v uwu ll , silinglle Ik y 1p it 1p it o ru
RCashileirs Ihave uwu ru ii q uwu , t it clk lb lle so-ftwaire Il o ii iru
RCashileirs lballaince tii ll ll at I ID; oveirs/slhoir-ts it co ird d
RSulpeirvilsoirs it v ii oven/ Ih o in for -tiralliniling ineeds, coinfliguire they t irn
to count c1h iru to ireduce eirroirs, etc„
R IBack.-of iic irnlplloy irecoinclilles each cashileir's d 1po iit to accouintiling
y t irn crud 1p it 1p ites Clity.-wilde d 1po ii t at Ib ru lk
R IRecoincillIlling It irn irevilewed Iby sulpeirvilsoir
R IB ll iru c d d 1po ii t Ib iro uwu h t to lb iru Ik lby accouintiling c ll irlk, iru o t cashileir
R IB ru lk it co ru c ii ll ii t ii o ru Iby ( 1p it e) Accountant 'to co ru fii irinn d 1po ii t to G IL.
R IB iru Ik it co iru c ii II ii t ii o iru irevilewed aind sligined off Iby Accouintiling Sulpeirvilsoir
Wednesday,August 14, 2019 8
IB iru Ik IRco iru c ii II ii tii o iru
iR IRcoruciillir Dues ruo access -to cash
iR IR co in c ii ll it cannot wirlite c lh ec lk , salad wilires or perform fii iru iru c ii ll
tirainsactiloins
iR lEaclh recoincillIlling It irn it co ird d selpairatelly wilth proper d ocuwu irn iru t tii o iru
attached
iR R co iru c ii Il ii tii o iru irevilewed Iby Accountiling Sulpeirvilsoir or Deputy Fii ru ru c
ID ii it c o it
iR Audi!toirs irevilew t co iru c ii II ii iru iIt irn , einsuire recoincillIllatiloins aire bl im IIy
and 1pirolp irlly approved
Wednesday,August 14, 2019 9
Internal (.','ontrols:
Segiregatiloin of dutiles
Password protected access for each user
IL.iiimiit d access to c Ih; iirudiiviiduwu ll ccouwurut lbiilliity
gully caslhlleirs and accouintiling -teclhsIhave access to c Ih/clheclk
Sulpeirvilsoirs approvetirainsactiloins b uwu t Ihave ru o access to cash or c lh ec lk
II II payments it q uwu ii it irnull-tillplle Ilevells of appirovall
ID uwu ll sliginatuires on c lh clk
l o uwu irru ll eintirlies einteired lby staff, irevilewed lby Acct Sulpeirvilsoir, 1posted lby
IFilinaince Director
Budget adjustments < ; 0IK it q uwu ii ire appirovall lby ID IH, IFIC , CIM
IC uwu ll appirovall on wilires wilth Ik y fob ( Il oirii hirn codes c1hainge every 60
seconds)
Use of Ib iru Ikii iru fir uwu d fii II to it o 1p tii o iru
IL.iiimiit d access to 1plhy iic ll clheclk stock
Use of a silinglleIb iru Ik account
II II ii ru t rfuwu ru d -tirains-feirs irevilewed lby audiltoirs
Wednesday,August 14, 2019 10
Bank ..A.ccount Protections:
Siling1le Ib iru Ik account
ID uwu II Itirainsactiloin appirovalls irq uwu ii ird
IMallintallin 1p lh y ii c ll secuirlity of clh ec lk
IR t ii iru c Ih c Ik linnages t h it t1h iru colplies
Sore clheclk stock !!in locked Iloc tiioiru
IP y iro 11 11 1p ii d through Ibatch ACH it d uwu c fir uwu d shod expense
linninnedilate update of aut1hoirlized Ib iru Ik sligineirs uwu Igo iru staff c1hainge
linninnedilate it irn ova ll of aut1hoirlitiles uwu po iru staff departure
Z iro IB Il rucAccount (lp yirc,llll) sweeps !into silinglle Clity account
Use of Ceintirall Itir uwu iry (silinglle Ib ru lk account)
Mire It it iru f it
in uwu II-tii-f cto it lid e iru tlifii c tii o in (o iru II ii n , 1p Ih o iru , -to Ike iru)
in o irn 1p ll x passwords crud allgoirlithirn -to Ik ru
R ID uwu II wirlittein aut1hoirlizatiloin !!in d d ii Il o iru to d uwu II ellectiroinlic
lrutir -day account it 1poirtiiru access for Minn lly irevilew
Wednesday,August 14, 2019 11
Other er ..' ._Relate Fraud r tectio :
IFlr uwud Ipir veintiloin 'tooll (ireviieW and iiimplleimernt vairiious firaud toolls as they Ibecoime available
such as IMICIfk ink, 1payee positive 1pay, ACIII delbiit Iblock)
Mires 'to inew accountsv Irlb lllly v Iriifii d Iby lbainik
IB Iru Ik veirlifiles Ilairge wiliresIby Ip Ih o Iru
ii Ire ii Iru tiruwu ct ii o Iru c1hainges Ir q uwu ii Ire v Irlb II coin ii Irim t ii o Iru (Iru o -Irn ii II)
IB Iru lk im y call 'to v Iriify c lh ec lk !issued 'to aut1hoirlized offii c ii ll
IB Iru Ik sends coin ii Irim t ii o Iru letteirs d ii Ir ct 'to audiltoirs
II ctiro Iru ii c Ib Iru Ik statements r t ii Iru d o Iru II ii Iru
Access 'to clheclk ilim 'foIr v Iriifilcatiloin
Wednesday,August 14, 2019 12
Auditor role:
o iru fii irinn IB iru Ik aind :l iru v Sinn iru.t Account lballainces d ii it c t w Ib iru Ik
IDo iruot ireIly oiru staff to 1piroviidaccount iiirufoirinn tiioiru
IR c live data d uwu irn 1p of :1.00% Itir iru c tii o iru !!in fii iru iru c ii II accouintiling systeirns
through date CARR !is Ip uwu Ib II ii Ih d
Data inn ii iru ii iru too II to ii d iru t ify sairnlplle set
Request colplies of alIll irnorutlhlly statements
IRevilew irn o ru tlh lly account it co ru c it ll ii tii o ru
IRevilew ii ru d iiv it d uwu ll Itirainsactiloins
Sairnlplle vo uwu c lh d 1po ii s, wilires, Ip y irn ru t Piro irn accounts
IRevilew coll1lateirallilzatiloin agireeirneints crud vouwuclh collll t it ll
IRevilew alIll resollutiloins aind o ird ii iru iru c , Couinclill inneetiling inn ii iru uwu des
Wednesday,August 14, 2019 13
Auditor role:
SainnIpIle inuirneirous P y iro II II eirnIpIloyee -flilles, recompute 1p y c1hainges, v irii fy
paychecks, irevilew aininuall Ileave accirualls, etc„
SainnIpIle iru uwu irn iro uwu /IP c III c lks, irevilew ilinvolices, c III clk for proper cod ii iru
crud appirovall IIvII
IRvii iirutrfuwurud Itirrufir
I d iru tify ainoirnallous data (ii„ „ uwu II II ii ty c Ih it ) aind it v ii !!in depth
Vairlious Ity p of irevilew, c1haingiling every year (uwu tii 11 i!tiles:: t it ru tii it years'
Ibiillll to G /IL.G /IRI irvruuwu ; irevilew rma cIhru ; irevilew sainnIpIleIbiillll
Piro irn each c 1l ii fii c tii o iru Piro irn inn et it it d to Ib ii 11 11 ii iru ; irevilew NI II 11
adjustments)
ID11scuss ainy conic irru "coruflliict of iirut it ", fir uwud, etc„ iirud 1p rud rutlly wilth
ciity irnainageir, filinaince diiir ,ctoir, alleged offildi ll
Wednesday,August 14, 2019 14
..........
Conclusion*
The City's finance department employs numerous types of internal controls to prevent
fraud or misappropriation of funds. We strive to reduce any opportunity for fraud in
order to also protect our employees from any accusations of fraud. Auditors discuss
detailed workflow with each member of the staff to determine how they actually perform
their work, to ensure that practices comport with policy. Test samples are reviewed by
auditors to ensure transactions have been properly authorized and that policies are
followed. The best way to strengthen internal controls is to segregate responsibilities so
that a single individual does not have an opportunity to make erroneous payments,
inappropriate transactions, or to post errors. We recognize that fraud prevention is a
team approach and staff members are encouraged to report any practice which could
create a loophole or an opportunity for fraud. The City's IT department sends out
phishing e-mails to educate and test staff regarding the importance of cyber-security and
the risks of cyber-fraud. The banking and investment professionals we work with, as
well as the auditors, play key roles in helping to reduce opportunities for fraud by
standardizing processes, being vigilant, requiring proper and redundant authorizations,
keeping the focus on internal controls, and employing best practices aimed at reducing
fraud.
Wednesday,August 14, 2019 15