There’s a common misconception with what an
auditor does. Take a look at the standard language on an unqualified audit
opinion- specifically the middle (scope) paragraph. The auditor is giving
assurance (giving an opinion) that the financial statements are free
of material misstatement. An audit is not designed to detect fraud.
Fraud:
The textbook definition of fraud is “willful
intent to deceive”. If two or more people collude to go around the company’s
internal controls and commit fraud, all the audit procedures in the world may
not catch the fraud. An audit is performed with an assumption that internal
controls will be followed and that those internal controls are reliable. The degree
to which the controls are reliable is a story for another day.
More
transactions, more risk:
Accounting areas with lots of transactions carry
more risk. One risk is that company employees simply make a mistake. Maybe they
post a transaction to the wrong general ledger account, for example. If an area
of your business involves more transactions, it may be harder (or take longer)
to uncover fraud. That’s because there is more “noise”: more transactions make
the intentionally fraudulent transactions less noticeable.
Segregation
of duties:
You improve your chances of preventing fraud by using segregation of duties. As the name implies, you separate key duties
between different people. Use cash as an example- there’s normally lots of cash
transactions in most businesses. Here are the three duties you’d like to keep
segregated:
1.
Custody of assets: Person A has physical
custody of the assets. By that you mean access to the assets. For cash, custody
refers to whoever has the checkbook. For equipment, it means the person
who has the keys to the equipment room.
2.
Authority over
assets:
Person B has authority to move assets. In the case of cash, that’s the person
who can sign checks. For equipment, it’s the person who can sign out
equipment for company use.
3.
Accounting
records:
Finally, Person C makes the accounting entries for cash. C
debits cash for deposits and credits cash when you write checks. Someone is making accounting entries for every transaction.
If any one person has two or more of these
duties, bad things might happen. If that person decides to commit fraud,
uncovering that fraud will be hard to find. In fact, the fraud may continue for
years before it is detected.
How not to
segregate duties:
Sadly, this brings us to a massive fraud just reported in my newspaper. Here’s the article
link:
Here
are some quotes from the article, which bold, italic items added:
“A former city bookkeeper was sentenced to nearly
20 years in prison Thursday for embezzling more than $53 million from her
Illinois community, in what ranks as one of the worst abuses of public trust in
the state's corruption-rich history.”
“For more
than two decades as comptroller for Dixon, a northern Illinois community
best known for being the site of Ronald Reagan's boyhood home, Crundwell siphoned city funds to pay for properties, vacations, luxury cars and a
horse-breeding operation that became nationally renown.”
“Crundwell got away with her scheme
for so long because for years, she had sole
control of the city's finances and would hide her theft behind fictitious
invoices for things such as municipal sewer projects. All the
while, she was spending the city's money on her prize-winning horses, expensive
jewelry, luxury cars and birthday bashes in Florida.”
“Prosecutors say Crundwell began depositing Dixon's money in a secret bank
account in January 1991 and continued doing so until her arrest in April
2012, months after the FBI began monitoring her transactions. Her scheme began to unravel when she sent on an
extended vacation in 2011 and the person
filling in for her stumbled upon her secret account, prompting
the mayor's call to the FBI.”
Fictitious
Payee: A classic case
The controller was able to:
1.
Open
an account with a company name and address controlled by the controller.
2.
Write
checks from the city accounts that were payable to this fictitious company.
3.
Apparently
post accounting entries to the city’s accounting records which implied that the
payments were for a legitimate product or service.
If a separate person was reconciling the bank
account, they may have started to notice the large amount of checks paid to the
fictitious company. “Why are we making all these payments- and what are we
paying for?”, the reconciler might ask. That’s usually how this fraud is
caught.
In this example, the controller could generate a
fictitious invoice. The controller could still sign a check authorizing payment
for a bogus invoice. In other words, the controller retains custody of the
assets (the checkbook) and authority (check signing ability). However, if a
separate party reconciled the bank account (accounting records), the fraud may
be caught- and prevented going forward.
The
fallout
This article provides more details and some
legal fallout.
This video link provides another example of
fictitious payee and the importance of bank reconciliations:
http://www.youtube.com/watch?v=Dzvjj7RjxO4
Your comments are welcome! For live chats on
some of the toughest accounting topics, go to my website listed below.
Thanks!
Ken Boyd
St. Louis Test Preparation
(cell) (314) 913-6529
(you
tube channel) kenboydstl
(blog) http://accountingaccidentally.blogspot.com/
(twitter)
@StLouisTestPrep
Author/ Cost Accounting for Dummies (John Wiley and Sons) March 2013
No comments:
Post a Comment