What We Can Learn from Fraudsters
by Melanie Askew, CPA, Audit Manager
Posted on September 12, 2018
What can we learn from fraudsters? Within the last year in Arizona, there have been multiple fraud cases. The Arizona State Auditor General’s website has issued seven financial Investigation reports from January 2017 through May of 2018. This list includes only those items where a formal investigation was completed and the report released. It also includes only those governmental entities under the State Auditor General’s purview. These can teach us a lot about where the risks are and what we can do to reduce the risk at our entities. In reviewing the cases, which involve everything from misuse of public monies, forgery, fraudulent schemes, theft of public monies, embezzlement, and conflict of interest activities, we can see that all of these have one thing in common. In each case, the fraudster had an open opportunity to commit the fraud.
Opportunity for fraud can exist for various reasons. The most common issues are a lack of oversight and too much access to items at risk, such as cash, record keeping and/or check stock. Various controls can be put in place to reduce the opportunity to commit fraud. These controls can include segregation of duties, requiring an independent review of items, and safeguarding and restricting access to items at risk. The next few paragraphs will provide more detail and examples of these controls.
Segregation of duties can be one of the strongest controls to put in place. This should be designed to ensure that no single employee has the ability to control all aspects of transaction cycles. In a larger organization, you can have one employee receiving cash and writing the receipts, a second employee creating the deposit from those receipts, a third employee taking the deposit to the bank, and a fourth employee reviewing everything to ensure what was entered into the receipt book matches what was ultimately deposited into the bank. Many entities do not have this level of staffing available to break out these functions. There are ways to do this with only two employees, such as having them split out the access or at least having one person outside of the process reviewing everything afterwards. For some better examples and more ideas, please see our article “Small Business Office? No Worries! Tips for Effective Segregation of Duties”.
Another effective way to prevent or detect fraud is to input a control requiring an independent review of items. This is referenced in the segregation of duties example above where a fourth person reviews the deposits and transactions. Additionally, this could include activities like a review of original source documents when signing checks. A check signer should be receiving the entire packet of material, including the approved purchase order, invoice, receiving report, and any other documentation to support the check they are signing. The reviewer should be looking at this documentation to ensure the check is for a valid approved purpose and is properly supported by the source documents. This can also include having someone outside of the process perform the bank or cash reconciliations.
Larger organizations should consider hiring an internal auditor to perform detailed reviews of various areas and transactions to determine that processes and policies are working as performed. Smaller entities may want to consider having various employees and departments conduct cross trainings and crosschecks of each other. For example, your payroll clerk can review the vouchers and support documents created by the accounts payable clerk. Similarly, the accounts payable person can review the payroll voucher support created by the payroll clerk.
A final recommendation is to safeguard and restrict access to at risk items. This can be as simple as locking up items. If you have a smaller office and one employee needs to write checks as well as perform all recordkeeping involved in those checks, then one way to reduce risk is to keep the checks locked up in another office. Many smaller entities may have a business manager who has the ability to approve purchase orders and is also the person writing all checks out of the bank accounts. To provide an additional layer of control, the blank check stock could be kept locked up with only the supervisor having access. Then the business manager must the check stock from the supervisor for vouchers run that day. The supervisor could review the voucher support ensure the checks are appropriate and then provide the business manager with only the number of checks needed for that voucher run. Another option is to use cash drop boxes so that cashiers only have the ability to put cash in and not take any out. Then a different employee would have access to count the cash and ensure it matches the receipt documentation.
These three basics can help minimize risks of fraud, but only if you have policies in place and ensure the policies are being followed. Most of the frauds noted in the latest Auditor General investigation could have been avoided or losses reduced if those entities had at least implemented these three basic processes.