Tuesday, February 19, 2013

Segregation of Duties and the Fictitious Payee



There’s a common misconception with what an auditor does. Take a look at the standard language on an unqualified audit opinion- specifically the middle (scope) paragraph. The auditor is giving assurance (giving an opinion) that the financial statements are free of material misstatement. An audit is not designed to detect fraud.

Fraud:
The textbook definition of fraud is “willful intent to deceive”. If two or more people collude to go around the company’s internal controls and commit fraud, all the audit procedures in the world may not catch the fraud. An audit is performed with an assumption that internal controls will be followed and that those internal controls are reliable. The degree to which the controls are reliable is a story for another day.

More transactions, more risk:
Accounting areas with lots of transactions carry more risk. One risk is that company employees simply make a mistake. Maybe they post a transaction to the wrong general ledger account, for example. If an area of your business involves more transactions, it may be harder (or take longer) to uncover fraud. That’s because there is more “noise”: more transactions make the intentionally fraudulent transactions less noticeable.

Segregation of duties:
You improve your chances of preventing fraud by using segregation of duties. As the name implies, you separate key duties between different people. Use cash as an example- there’s normally lots of cash transactions in most businesses. Here are the three duties you’d like to keep segregated:

1.     Custody of assets: Person A has physical custody of the assets. By that you mean access to the assets. For cash, custody refers to whoever has the checkbook. For equipment, it means the person who has the keys to the equipment room.
2.     Authority over assets: Person B has authority to move assets. In the case of cash, that’s the person who can sign checks. For equipment, it’s the person who can sign out equipment for company use.
3.     Accounting records: Finally, Person C makes the accounting entries for cash. C debits cash for deposits and credits cash when you write checks. Someone is making accounting entries for every transaction.

If any one person has two or more of these duties, bad things might happen. If that person decides to commit fraud, uncovering that fraud will be hard to find. In fact, the fraud may continue for years before it is detected.

How not to segregate duties:
Sadly, this brings us to a massive fraud just reported in my newspaper. Here’s the article link:


Here are some quotes from the article, which bold, italic items added:

“A former city bookkeeper was sentenced to nearly 20 years in prison Thursday for embezzling more than $53 million from her Illinois community, in what ranks as one of the worst abuses of public trust in the state's corruption-rich history.”

For more than two decades as comptroller for Dixon, a northern Illinois community best known for being the site of Ronald Reagan's boyhood home, Crundwell siphoned city funds to pay for properties, vacations, luxury cars and a horse-breeding operation that became nationally renown.”

“Crundwell got away with her scheme for so long because for years, she had sole control of the city's finances and would hide her theft behind fictitious invoices for things such as municipal sewer projects. All the while, she was spending the city's money on her prize-winning horses, expensive jewelry, luxury cars and birthday bashes in Florida.”
“Prosecutors say Crundwell began depositing Dixon's money in a secret bank account in January 1991 and continued doing so until her arrest in April 2012, months after the FBI began monitoring her transactions. Her scheme began to unravel when she sent on an extended vacation in 2011 and the person filling in for her stumbled upon her secret account, prompting the mayor's call to the FBI.”
Fictitious Payee: A classic case
The controller was able to:
1.     Open an account with a company name and address controlled by the controller.
2.     Write checks from the city accounts that were payable to this fictitious company.
3.     Apparently post accounting entries to the city’s accounting records which implied that the payments were for a legitimate product or service.

If a separate person was reconciling the bank account, they may have started to notice the large amount of checks paid to the fictitious company. “Why are we making all these payments- and what are we paying for?”, the reconciler might ask. That’s usually how this fraud is caught.

In this example, the controller could generate a fictitious invoice. The controller could still sign a check authorizing payment for a bogus invoice. In other words, the controller retains custody of the assets (the checkbook) and authority (check signing ability). However, if a separate party reconciled the bank account (accounting records), the fraud may be caught- and prevented going forward.

The fallout

This article provides more details and some legal fallout.


This video link provides another example of fictitious payee and the importance of bank reconciliations:

http://www.youtube.com/watch?v=Dzvjj7RjxO4


Your comments are welcome! For live chats on some of the toughest accounting topics, go to my website listed below.

Thanks!
Ken Boyd
St. Louis Test Preparation
(cell) (314) 913-6529
(website) www.stltest.net
(you tube channel) kenboydstl
(blog) http://accountingaccidentally.blogspot.com/
(twitter) @StLouisTestPrep                         
Author/ Cost Accounting for Dummies (John Wiley and Sons) March 2013

No comments:

Post a Comment