Fiscal integrity
John Kennedy – KPMG
August 21, 2014
Overview
■ Fiscal integrity
■ Fraud
■ Internal controls
■ Financial statement audit
■ Single audit
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
1
Fiscal integrity
■ The ability to produce accurate and timely financial information
… and that the accuracy of the information can be easily verified
■ The ability to comply with regulatory requirements
– Document compliance
– Timely report compliance
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
2
Who cares about fiscal integrity?
■ Who doesn’t?
■ Legal/regulatory requirement to accurately report financials
■ Organizations need relevant, reliable, timely financial information in order to operate
effectively, to:
– Control costs
– Review revenue
– Prevent fraud
– Demonstrate regulatory compliance
– Ensure on-going financial viability
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
3
Fraud
Fraud conditions triangle
■ Incentive or pressure: could be specific to an employee such as a financial need or fear of
loss of job
■ Opportunity: generally present due to absent or ineffective controls; management’s ability to
override controls that appear to be effective
■ Ability to rationalize committing a fraudulent act: the attitude, character or set of values
that allows a person to knowingly and intentionally commit a dishonest act
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
5
How can fraud occur in NFPs?
■ There is an “atmosphere of trust”
■ Revenue sources that are difficult to estimate and control
■ Employees may have limited business experience
■ Experience financial constraints that keep the not-for-profit from being able to hire sufficient
people to properly segregate duties
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
6
Quick fraud quiz
Source Data:
Association for Certified Fraud Examiners
Question 1
The percentage of frauds committed by male employees is approximately:
a. 86%
b. 75%
c. 53%
d. 45%
e. 38%
And the answer is……
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
8
Answer: Question 1
Percent
Median Loss
Female
47.1%
$
60,000
Male
52.9%
$
160,000
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
9
Question 2
Frauds with the biggest losses are committed by people who are:
a. Less than 36 years old
b. 36-40 years old
c. 41-50 years old
d. 51-60 years old
e. greater than 60 years old
And the answer is……
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
10
Answer: Question 2
Age of Employee
Greater than 60 years
Percent
Loss
2%
$
527,000
51-60 years
15.1%
$
250,000
41-50 years
32%
$
173,000
36-40 years
16.2%
$
80,000
31-35
18%
$
75,000
26-30
10.7%
$
25,000
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
11
Question 3
Which measures are the most helpful in preventing fraud:
a. Ethics training for employees
b. Fraud audits
c. Strong internal controls
d. Background checks on new employees
e. Anonymous reporting “hotlines”
And the answer is……
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
12
Answer: Question 3
System component
Effectiveness
1= most effective
8= least effective
Strong internal controls
1.62
Background checks on new employees
3.70
Regular fraud audits
3.97
Established fraud policies
4.08
Willingness of companies to prosecute
4.47
Ethics training for employees
4.86
Anonymous reporting hotlines
5.02
Workplace surveillance
6.07
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
13
Key features of internal control
1. Separation of duties
2. Documentation
3. Authorization and approvals
4. Security of assets
5. Reconciliation and review
With properly designed controls


The likelihood of fraud is greatly reduced
Honest mistakes can be identified and corrected
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
14
Separation of Duties
■ If a single person can carry out and conceal an error or fraud, that individual has incompatible
duties
■ When duties are separated, the work of one employee can act as a check on the work of
another employee.
■ More than one person is required to complete a task
– Two signatures required to execute a transaction
■ Dual check signing
– One individual performs task and another reviews (four eyes principle)
■ Make sure the review is documented
■ If separation of duties is not possible, design appropriate compensating controls
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
15
Authorization and Approval
Reconciliation and Review
■ An organization needs to set authorization and approval limits
– Small procurements do not need to be bid
– Board chair needs to sign all checks over $5,000
■ Financial accounts need to be reconciled and reviewed
– Cash needs to be timely reconciled monthly
– Other key accounts also need to be reconciled to subsidiary ledgers
– All reconciliations should be reviewed by someone other than the preparer
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
16
A Few Other Tips to Ensure Fiscal Integrity
■ Foster collaboration and communication between finance and other areas of organization
■ Maximize technology
■ Leverage professional expertise
■ Involve the Board
■ Prepare timely internal financial statements
– Timely detailed review by management
– Timely review at regular board meetings
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
17
Financial statement audit
and single audit
Annual independent financial audit
■ Is an audit required
– Could be required by agreements with grantors
– Could be required if grant expenditure thresholds are exceeded
– Practically speaking, annual audit is required to raise funds
■ Engage an audit firm with appropriate experience
■ Ensure the firm has adequate resources to meet your timelines
■ Audit rotation considerations
– Periodically bid your audit services
– Ask for periodic rotation of key engagement personnel
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
19
Timely issuance of audit
■ Independent audit should be completed timely
– Best practice would be to complete audit within 90 days of year end
■ Close books and records/Audit prep
5 weeks
■ Conduct audit fieldwork
2 weeks
■ Prepare and review draft financials
3 weeks
■ Present financials to Board
Week 12
– Drop Dead Date for Audit Completion
■ Single Audit requires audit to be completed within nine months
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
20
Single audit (OMB circular A-133)
■ Primary mechanism utilized by the Federal government to monitor compliance with grant
requirements
■ Requires grant recipient to hire independent external auditor
■ Audit will focus on larger grants
– Tests internal controls over grant activities
■ Review and approval of expenses
■ Review of reports by someone other than the preparer
■ Tracking mechanism to ensure contractors timely submit certified payrolls
– Tests compliance with grant requirements
■ Fourteen types of requirements are required to be tested
■ Not all grant requirements are included in the fourteen prescribed requirements
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
21
Impact of audit results
■ Findings are reported to Federal government (and grantors)
– Significant financial statement findings
– Grant findings
■ Corrective Actions are required
■ Late audits could result in funding being withheld or withdrawn
■ Findings
– Require corrective actions
– Questioned costs could result in requirements to repay funds
– Significant findings, especially repeat findings, could result in withdrawal of future funding
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
22
Example Single Audit Findings and Federal Government Response
■ Procurement Suspension and Debarment
– Inadequate evidence that project was advertised and bids were obtained
■ Federal government requested refund of all amounts spent on the project
■ Eligibility
– Files documenting tenant eligibility were not well maintained
– Did not appear that eligibility was periodically updated as required
■ Federal government requested refund of amounts identified by auditor
■ Allowable costs
– Client documented a sole source rationale for using a particular vendor
– Other vendors providing the same service were available for consideration
■ Federal government requested refund of all amounts spent with the vendor
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
23
Single audit changes
■ Increases audit threshold from $500,000 to $750,000 in expenditures
■ Changes risk assessments for major program determination
– Could decrease number of programs determined to be high risk
■ Decreases percentage of coverage minimums to:
– 40% for non low-risk auditees
– 20% for low-risk auditees
■ Changes single audit reporting
– Requires a senior level representative certification upon submission
– Single audit reports will be publically available
■ Includes significant differences in time and effort documentation requirements
– Increases emphasis on internal controls
– Provides less prescriptive guidance on documentation
■ Modifies procurement requirements
■ Makes changes related to indirect costs
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member
firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 297357
24
Thank you!!!
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm
of the KPMG network of independent member firms affiliated with KPMG International
Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
NDPPS 297357
The KPMG name, logo and “cutting through complexity” are registered trademarks or
trademarks of KPMG International.