|
||||
| ||||
Search Software Personal Help |
Jan 1990 A case study of employee frauds.by Seidman, Jack S.
At that time, circulation was smaller, authoritative pronouncements on accounting and auditing were non-existent, and business was conducted in a B.C era (i.e., Before Computers). The editors have selected an article on a prosaic, yet ever present topic-employee fraud-written in a lively and sparkling style. The author was none other than Jack S. Seidman, who will be remembered by many older readers recognizing his literary style. The article appeared in the October 1939 issue of the Journal. The matter described by the author is a continuing and pervasive evil. With the advent of sophisticated equipment to handle most bookkeeping tasks, the methods for Prevention have changed markedly. The evil persists and continues to warrant the attention and ingenuity of managers and auditors working to prevent fraud. Over two hundred million dollars a year is lost to industry through employee frauds. This, however, is only the amount that is ferreted out and made public. There is no telling how much additional is lost either in undetected frauds or those that for one reason or another are hushed. That the record should contain fraud in such prolific measure is not the exciting feature. Fraud is merely another badge of human failing, though, to be sure, an unpleasant one. The part about these frauds that does cause blush, at least to the cheek of an auditor, is that when the frauds are exposed, it is found that so many of them had been started and blithely had been going on for long periods of time untouched by auditing pursuit. Even more damaging is the fact that frequently some of these frauds come to light not as a result of internal control or auditing technique, but wholly out of accidental or adventitious circumstances. Chance, rather than auditing, prevails. This is in no way a disparagement of auditing. Frauds prevented or detected by auditing no doubt by far preponderate over those that elude-for some time at least-auditing or auditors. However, the fact is that many frauds have defied the calendar, and when at last they came to grief, the apprehender was dogged luck, not science. A Case Study In the hope that laboratory dissection and analysis of frauds might, through the development of some new or modified auditing technique, narrow if not eliminate the fortuitous aspects of detection, a case study was undertaken. The study was confined to employee frauds. Hence there was banished from consideration skullduggery by employers themselves, occasionally witnessed, in perpetrating frauds upon accountants, credit grantors, or governmental bodies. For case material, accountants, surety companies, banks, stock brokerage concerns and industrial and commercial organizations were invited to submit details of frauds that were unearthed by "happenstance" rather than by the normal workings of accounting controls. More than five hundred cases were thus culled out and test-tubed. What is here reported or treated is based solely on that study. There is no drawing on the imagination. There is no dealing with the academics of fraud, internal control, or auditing. The hard knocks and provocations of actual experience are the auspices under which we proceed. So What? Revelations of the Study First, however, a word of caution, or perhaps confession. Some objection was raised to the study-and not without foundation. The objection was really not to the study itself, but rather the nature of the report that might emanate from the study. It was felt that a publicized review of the methodology of the fraud-doer, especially of those instances where there was temporary success in evading auditing barriers, might do more harm in the impetus it would provide for prospective wrong-doers than it would do good in extending the art of policing. That may possibly be one of the reasons why the cupboard is so bare of literature on fraud. One objector was even uneasy about informing accountants on fraud in the light of what the Interstate Hosiery Company case has shown can happen.' Circumspection is of course desirable. On the other hand, it would be an ostrich-like procedure to avoid realities. A piercing spotlight on the path of sinners has always been a good way to bring the path into desuetude. Furthermore, since this is entre nous and among experienced accountants, it is feasible to avoid the revealing, intimate details of the various cases, and yet, through brief technical description or categories, automatically implant a picture in our minds of those details. Accordingly, instead of going through a case by case review of history, symptoms and prescription, there is submitted (at the end of this article) a classified outline of the hideouts of fraud and the technical undercover media employed-all as revealed by the case material. The question now before the house is best expressed by the poignant colloquialism "so what?" Its answer will best emerge if we first consider some general phases revealed by the study. A portrait of the average fraud-doer, what he does and how it comes about that he gets by for a while, will provide orientation for determining where we (accountants) go from here in the matter of fraud prevention or detection. Portrait of the Average Fraud-Doer The fraud-doer is generally a man-though fraud is by no means exclusively a masculine machination-about thirty-six, married, has children, owns a car, participates in social and communal work, and is of wholesome convivial habits. He has been in the company's employ over five years and, ironically enough, has advanced to a position of trust by honest endeavor and commendable merit. The defaulter lives anywhere and occupies any position, from watchman to president. Perhaps it is not sheer coincidence that fraud and Freud should sound and be spelled so much alike. Sex and fraud have a fundamental aspect in common-ubiquity. How Does He Do It? The "why" of fraud may best be left for the psychiatrist. The "how" is right up our alley. Invariably the method selected for going wrong is of a character that sooner or later must "out" if restitution is not made in the interim. That is easy to explain. The average fraud-doer doesn't intend permanently to default. His objective is merely to "borrow" money from his company, and to make good long before his manipulation can be detected. Then again, recent conflagrations to the contrary notwithstanding, in very few cases does the fraud-doer get someone "in" on the peculation, or rely on the collusion of a fellow employee. Not intending to steal, it is natural that he try to keep others from aiding or even knowing of his temporary financial aberrations. How does he go about it? Generally he grabs cash on its way into the company. That is to say, he tampers with money from customers (by a process that we call lapping), or he makes off with funds the anticipated receipt of which is not usually set up or controlled in the accounts, like recoveries on bad debts, proceeds from sale of scrap, etc. It is not alone incoming funds that he covets. Lifting funds already in comes within his ambit too. This he usually does through fake disbursements. His chief repositories for faking are petty cash, padded bills and payrolls, and fictitious expenses. Only occasionally does he make off with merchandise and securities. If he is connected with two institutions-his company and a charitable enterprise, for example-he frequently plays the cash or securities of one against the other. And How Does He Get Away With It? What makes it possible for him to get by? In the last analysis, the answer boils down to auditing failure or man failure. It is both disturbing and heartening to find that none of the cases was of a type that only accident could have unearthed. There were no fool-proof or perfect manipulations. The frauds were cloaked for long periods by situations that were correctable or need not perforce have existed. Fraud Prevention and Detection Accounting technique for fraud prevention or detection pivots around internal control and outside (independent) audit. The cases show that, for the large part, it was internal control that took the count in its combat with fraud. Truth to tell, internal control was never in the ring. It was hopelessly unfit or lackadaisical. In some cases no fault could be found with the system, but there was a bogging down in the application of the system. An immovable perfect system met an irresistible force of human frailty, and fraud was born or nurtured. In some cases the employee had been trained to connive or pilfer for his employer and ended up stealing from him-a natural sequence, and a background for which few tears need be shed. Independent audits, the mate, complement and supplement of internal control, also occasionally lent a hand in permitting fraud to thrive. In most instances due provocation is traceable to the less than extensive scope of examination. Combine half-baked internal control with a highly limited examination and fraud may go out on a lark. However, inadequate audit scope alone is not an explanation for some of the cases. A few afforded the auditors all the rope needed and yet the fraud-doer didn't hang. The auditor, human being that he is, slipped from grace. A momentary let-down of his guard, a lapse into perfunctory checking of detail instead of sustainment of imagination or mental agility, and the fraud-doer was one up on the whole pack. True it is that auditors are not supposed to be bloodhounds. But the canine analogy has been carried (by the English courts) to the point where auditors are expected to be sleek watchdogs. Enough about the fraud-doer and the crevices through which he creeps. It is time to consider the repair work. Old fences must be re-examined, new ones erected if necessary-all to the end that fraud may be intolerably constricted. Since internal control and outside audit are the focal mechanisms for sighting or hedging-in the culprit, we may consider the possible avenues for improvement of the role of each. First, internal control. Recommended Internal Control Procedures Reference has been made to the fact that many frauds involve diverting cash at the gateway. Obviously, therefore, the first line of defense is to increase the guard at that liminal point. The Check List. Excellent for this purpose is the check list. Text books have long and loudly proclaimed the significance of having the person who opens the mail, or anyone else not connected with the bookkeeping department, list all checks and securities contained in the mail. Few enterprises, however, have heeded this clarion call to protection. There is plenty of fussing and fuming when anything goes wrong, but there is stark apathy about palpable means of correction. A small enterprise generally counters that there isn't enough personnel to take care of the check list procedure because the bookkeeper is also the mail opener, and everything else. That, however, is no rebuff to the recommendation. If the proprietor has any sanctity for his own funds and investment, he can and should do the check listing himself if need be. But try and suggest it to him, no less get him to do it ! Lapping. Arch enigma of internal control is lapping (using funds from one source to cover up money previously misappropriated from another) and its confreres, exchange transactions and inter-bank transfers. Many a fraud has been committed under their shibboleth and pattern. But they can be successfully purged by internal control. The check list is a starter. Independent, however, of the check list, or in supplement of it, is a surefire device about which nothing thus far seems to have been said in auditing texts-a controlled duplicate deposit slip. Lapping, exchanges and inter-bank manipulations hinge on the disparity between the actual source of a bank deposit and the false source recorded in the accounts. In recognition of this, a procedure calling for bank-stamped duplicate slips is frequently followed. Even if the duplicate were a facsimile, or, as is sometimes done, even if a photostat of the original were obtained from the bank, the fraud- doers would still not be under control. All that would be buttoned up would be the tampering with individual amounts. The door would remain wide open for attributing false sources to the same amounts. Some lapping and almost all exchange and interbank transfers would still be in their heyday. Only the plugging of both source and amount can blight the evil. Here is the type of procedure to accomplish this, wherever feasible: The bookkeeping department prepares a duplicate deposit slip on which is recorded not only the amounts but also their sources and the accounts to be credited. All items intended to be recorded as exchange or inter-bank transfer will thus of course be marked as such on the duplicate. Before making the deposit, an authorized individual (or in the small unit, the proprietor if need be) not connected with the bookkeeping department, is required to compare the cash, checks, etc., to be deposited with the prepared duplicate. The comparison is to be made both as to amounts and description. Inter-Bank Transfers. Continuing with the procedure, all items marked for exchange or as inter-bank transfer, must be individually and specially approved. (Nothing is permitted to be recorded as exchange or inter-bank transfer without such approval.) The duplicate deposit slip is then initialled by the reviewer and retained for the use of the internal or outside auditor as a check on the recordation of the deposit on the books. The deposit itself need be made only with the original slip and the passbook. A bank-stamped duplicate is unnecessary. It is supplanted by a meaningful controlled duplicate. Let lapping or exchange or inter-bank tampering then try to rear its ugly head. Unless there be collusion, it will be guillotined right on the spot, and pronto ! Petty Cash. Having thus soldered some important leaks in the trough for incoming funds, let us now see what can in most cases be done toward frustration of fraud that uses as its vehicle fictitious disbursements. We said that petty cash is one of the softies. It can be made robust if petty cash disbursements were limited to items of nominal amount, if petty cash slips were made out in ink, if all figures were spelled out instead of being written in numerals, and if petty cash slips were cancelled or voided by someone other than the person handling the petty cash, immediately after the check in reimbursement of the fund were signed but before the slips got back to the one in charge of the petty cash. Such a program would mark the death knell of tinkering with the amounts on petty cash slips, dampen the possibilities of duplication, and, in any event, minimize the size of items that can go through petty cash in the first instance. If, in addition, the bookkeeping for petty cash were divorced in terms of personnel from the one handling the petty cash itself, the days of most petty cash looting might well be considered numbered. Padded Payrolls. Padded payrolls are next on the list. Intrinsically they represent the difference between what is drawn and what is actually paid out for payroll. The difference can frequently be squelched, if not annihilated, by separating the functions of making up the payroll, filling in the payroll envelopes, and paying off the help, so that no individual does more than one of these tasks. In addition, the help should sign for the amount they receive. Payment by check will accomplish the desired end without the tripartite separation, but then endorsements must be carefully reviewed and compared with specimen signatures of the employees. Fictitious Purchase Orders. Many frauds are keyed to the substitution, alteration or misappropriation of checks generally in connection with fictitious purchase bills. What happens is that under one guise or another, the signature to a check is procured and the check then comes into the hands of the erring employee, for better or for worse-and of course it is for worse. To the extent that the monkeyshines depend on the check coming into the defaulter's hands, an effective stop-gap can usually be interposed if a procedural rule of internal control were observed whereby checks are released for mailing directly from the office of the signing individual. Under no circumstances should signed checks in payment of bills get into the hands of the bookkeeping department. The mail clerk should be under strict instruction that if there is to be any hold-up on the release of the check, it can only develop by direction of the office of the signing individual, and never at the insistance of a bookkeeper. If there are vouchers or other supporting documents that accompanied the check when it was submitted for signature, the office of the signing individual can detach these papers and send them back to the bookkeeping department. The check, however, should wend its way directly to the mails. With such a course of handling, fraud-doers would find an otherwise fertile avenue for check-manipulation rendered barren. The Bank Statement. As a sequel to controlling the check release, or even independent of it, there beckons the control of the checks as they come back from the bank as part of the bank statement. Some types of fraud require check substitution and tampering to make the bank statement behave. The foundation can therefore be pulled from under if the routine were such that the bank were directed to send the statement to an executive independent of the bookkeeping department, and even to his personal address, to insure inaccessibility of the statement to the bookkeeping department. The office of the independent auditor can also supply a convenient mailing destination for bank statements. Furthermore, the bank statement should be released to the bookkeeping department only after reconciliation has been effected, and-this is cardinal-the reconciliation should be made by someone wholly removed from the underlying bookkeeping processes. There would be mighty lean pickings, or none at all, through check manipulation if these preventatives were applied. Securities. Securities, we said, are not actively in the industrial fraud limelight. But even the little that does arise could probably be headed for the discard if securities were put in registered form wherever possible, and if tabs were kept on security numbers, and if access to the vault required the presence of at least two people. Merchandise. In the case of merchandise, considerable barrier will be placed on looting if inventory is physically taken by employees other than the regular custodians of the merchandise. Internal Control Commonalities Thus far, specific features of internal control have been considered for certain focalized niches. Common to all aspects of internal control is the O.K. of the reviewing executive on bills, payrolls, vouchers, special entries, etc. If the reviews are made inattentively and the O.K.'s are affixed in robot fashion, all pretense of internal control should be swept aside. It would be more realistic to hand to an employee bent on fraud, a key to the treasury and let it go at that. It is sheer nonsense to require two signatures on a check if either one is placed there in advance or blindly follows as a result of the other. It is a perversion of fiduciary relationship to one's employer if O.K.'s are considered as red tape and a nuisance, or if they are disposed of in a listless, routine manner. The smaller the company, the greater the violence to any semblance of control when O.K.'s are a soporific process. The reason is obvious. The smaller the company, the more the O.K.'s become the sole basis for reliance. To have faith in one's employees or fellow employees, may be a sound emotional or spiritual pattern. It will certainly save time and energy. But it is necessary to recognize that with such faith there is aligned exposure of the till to aU sorts of plunder. The quirk is such that the more we feel that a given employee merits being trusted, the more we open vistas to him to jar that trust. Employee frauds win go hungry if individuals charged with review and O.K. look upon these functions as an affirmative essential step in the conservation process, instead of as an unwelcome formalism that is tackled when one is mentally garbed for blind man's bluff . Quality and Caliber of the Personnel Even then, when all is said and done, and control machinery is geared to perfection, the ideal at all times is to have no actual need for the defensive armament. Erasers are on pencils because people make mistakes. However, some people are constitutionally patterned to make fewer mistakes than others. So also with fraud. We need controls because humans do wander from the straight and narrow. But some humans are more allergic to detours than others. Quality and caliber of the personnel, therefore, become more vital factors than the procedural paths by which the personnel is circumscribed. An ounce of care in the selection and training of the proper personnel is worth a ton of ritualistic internal control. To put it another way, the essence of control is in the functioning of a personnel department! Before anyone is employed, careful study must be made of the moral fabric and hazard as revealed by the past and as manifested by the occasion for or resiliency to financial temptation. The outside activities of an applicant or employee, the mode of living, financial stresses and strains, etc., all require careful and continuous surveillance and appraisal. If the tests in these respects show negative, the foundation for internal control is ipso facto positive. Internal Control Conclusions We may perhaps conclude the discussion of improved internal control in this way: Procedure abounds to corner the rabbit at every turn. True, observance of the procedure takes time and involves cost. These must be related to the risks entailed if there is no control mechanism. If management concludes to go without, it must recognize consequent possibilities and is presumably prepared for them. Bonding of Employees Bonding of employees is a solution reached in many instances in mollification of any untoward blow, or as less costly than the internal control machinery that would be needed. Bonding is also of advantage for other reasons. The investigations made by the surety companies about employees to be bonded are frequently of great assistance in regard to the personnel factor previously described. Furthermore, would-be defaulters are no doubt seriously disturbed, if not deterred by the knowledge that they may have an unflinching surety company to reckon with. However, employers must recognize that financial recoupment under a bond can come about only if there can be assurance that murder will "out" and the losses disclose, and their amount proven. The bond obviously has no significance if the dirty work afoot remains in hiding because there is no control procedure to bring it to light, or establish its amount, or for any other reason. The bonding companies themselves are apprehensive on that score and generally refuse to write a policy unless they feel that the accounting methods and procedures followed are such as to make possible proof of loss without wrangling. Some of the companies even make a critical survey of the employer's accounting and control setup and offer recommendations for improvement. At all events, the point is that a bond must be implemented by accounting weather vanes and thermometers, if the bond is to have its full value. Recommended Independent Audit Procedures Attention may now be riveted upon the outside or independent audit. How can a reorientation in auditing procedures dam the fraud waters? The study provoked a number of possibilities in this respect. The Surprise Audit. A time there was when audits were surprise affairs. In fact, the surprise part was considered an inherent element of an audit. In this sophisticated day and age, the only one surprised seems to be the auditor. The cases show that a genuine surprise approach would have caught many a manipulator red-handed. Let us go back to first principles. Let us salvage the value of surprise checkups. An excellent opportunity for this is afforded in bring-up work. Let us avail ourselves of it. Surprises include not only the time when auditors get started but what audit step they start with. If cash is the conventional beginning point, then ever so often receivables can be tackled first, or some other phase. Auditors must not be taken for granted in their procedures, if they are to prevent employees from planning "around" the audit. Put Lapping on the Spot. Control over lapping from the standpoint of the internal affairs of a company has been considered. Audits, too, have a vital role in the curbing process. Not only that, but the same audit procedure that can put lapping on the spot, will also serve to waylay kiting and check substitutions. The procedure is this: In the first place, bank deposits should be checked to controlled duplicate deposit slips. If there be no such slips, the next best bet, wherever feasible, is the original slip or its photostat procured from the bank. (We have already indicated why the bank-stamped duplicate lacks stamina for audit purposes.) Review of the Bank Statement. The second step, of coordinate rank with the first, is the review of the bank statement for the month immediately succeeding the one that terminates the audit period. The need for this ex post facto review is, among other things, to see whether interbank checks that cleared in the period following the one under audit may have been furtively used in the last deposits of the audit period, as a cover for lapping. This can be unearthed by reference to the date inter-bank checks cleared and were charged on the bank statement. If the normal time span for deposit and clearance is allowed for, the date the check was actually deposited can be computed. If this brings the deposit date within the audit period and yet no such deposit is shown, the jig is up for the lapper. Addresses. Equally disturbing to the lapper, and significant for many other reasons, is the verification of customers' balances by direct communication from the auditor. Three features now conspire to undermine some of the value of this step. One is the possibility of tampering with addresses so that the verification never gets to the customer. Where that obstacle is hurdled, the indifference or lethargy of the recipient can throw detection for a loss. Finally, even in the hands of an attentive recipient, differences are frequently taken up and disposed of with the bookkeeping department of the client, and the needed independent control is thus smashed. So far as addresses are concerned, that is something for internal control. Addressing of the envelopes or the preparation of address plates should always be outside the reaches of the bookkeeping department. The other two phases are primarily a matter of educating businessmen. For their own reciprocal good, attention to one another's verification requests must be diligently made the order of the day. Furthermore, they must understand the importance of taking up differences only with the auditors, and under no circumstances with the auditor's client. Auditors can aid in the process if their verification letters make the specific exhortation about steering clear of the client's personnel. Certainly a verification should be regarded as a nullity, and second requests forwarded, when a verification that should be coming from an outsider comes instead from the client's office. Reminders for the Auditor The fraud cases also show that auditors need to be reminded on occasions about the following: Adding machine tapes are worthless unless run off by the auditors. Non-print and non-add devices make possible all sorts of disparity between the indicated total and the actual one. Balanced items may establish an arithmetic calm, but may also be the hideout of vicious fraud storms. No matter how small the amounts are, no matter how placid the occasion may appear, entries on one side balanced by entries on another where both are unnatural, should excite suspicion. In the same vein, erasures and slight irregularities should cause an auditor to sit up and take notice until he is fully satisfied that relaxing is in order. Finally, if as a matter of internal control, businessmen learn that trusted employees still require control-perhaps because they are trusted-then it must perforce follow that auditors too should take trusted employees with a grain of salt. A better way of putting it is that auditing flourishes where auditors look upon people and transactions through the eyes of auditors. Faith and credence must be reposed somewhere and on someone, to be sure. However, this involves the faith of auditors, groomed by the experience of auditing, rather than the "faith of our fathers." The subject of rotation of auditors was catapulted to the fore because of recent happenings. Viewed from the objective of fraud detection, rotation of auditing firms or members of the staff of the same auditing firm has its advantages and disadvantages. A new auditor, like a new broom, will make a clean sweep and can pick up things not caught by the predecessor. However, many times frauds are brought to light only because of the thorough familiarity by the auditor with the company's affairs and its personnel and by piecing together things from one examination to the other. An increased use of surprise audits rather than surprise by new auditors may go much further in creating an impasse for employee frauds. However, the sine qua non of audit effectiveness revolves not about procedures, but about the personal traits of the auditor. Bereft of alertness or imagination, all the procedures in the world may be unavailing. It is the auditor that makes the audit. Audit performance rises only to the mental level of the auditor, not to the comprehensiveness of the audit program. "It ain't what we do, but the way that we do it." The Scent of Fraud We must be sensitive to the scent of fraud. We cannot afford to pass by, as being without significance, the fact that records may be in a chaotic condition, or not up to date or in charge of one person. Over- anxiety by the bookkeeper to assist in the audit, or the opposite extreme of resentment on the part of the bookkeeper because of the interference caused by an audit, may all be perfectly innocent-but then again it may not. That is where the sixth sense of auditing enters. Along the same line would be subtle bookkeeping faux pas like the following: Secrecy on the part of the bookkeeper, refusal to take a vacation, records missing or under lock and key while the bookkeeper is away, failure to produce required documents promptly, many alterations, erasures or different color inks, etc. The Auditing Electronic Eye The ideal is to become magnetized by an auditing electric eye that is actuated by the tiniest possibility of fraud. Nothing can keep us in better training for the ideal than to infuse life into an audit program through sustained mental agility, independence, and effectiveness. As a working guide, we must continuously put before us this question: If we were the client's employee and wanted to get away with everything possible, overt and covert, how could we best go about it? Whatever answer we give ourselves supplies the cue for our examination, in checking on whether an employee did not in fact beat us (and the client) to it. That is, of course, on the assumption that the auditor is engaged for such an examination and the client is willing to pay for it. Both the auditor and the client must become aware of the pitfalls of audits of lesser scope. The Future of Fraud And when internal control and external audit have soared to the heavens, will employee frauds be an extinct specie? Not a whit! There will be no extirpation of fraud until the human being is really molded in the image of God, and virtue is triumphant. In other words, when accounting technique attains perfection, fraud-doers are likely to be perfect plus. However, if the band of separation is only that small plus," we will have made laudable strides. If the case study that has here formed our foundation is to be regarded as symptomatic, the head start of the fraud-doer today is a couple of pluses. Auditing has shown sufficient plasticity and progress to justify the anticipation that the pickings of fraud-doers will daily get leaner and leaner. Unflinching introspection, such as is made possible by a case study, will be one of the laboratory methods of leading auditing to the promised land.
The
CPA Journal is broadly recognized as an outstanding, technical-refereed
publication aimed at public practitioners, management, educators, and
other accounting professionals. It is edited by CPAs for CPAs. Our goal
is to provide CPAs and other accounting professionals with the information
and news to enable them to be successful accountants, managers, and
executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices |
Visit the new cpajournal.com.