Bank Reconciliation Process

In previous columns, I've discussed critical steps the owner of a business - or other designated independent party - should take while performing bank reconciliations to minimize the risk of fraud from both insiders and outsiders. These steps include looking for check fraud and identifying unauthorized disbursement and payroll checks issued to trusted employees and false vendors. These reviews can ensure all redeemed checks have been issued for legitimate business purposes. We continue our discussion on insider threats begun in the November/December 2008 column.

What should a reviewer actually look for when performing bank reconciliations?" ask those who are responsible for this task in their jobs. Sometimes even these well-meaning employees don't really understand what they're doing or why.

Often the predecessor of one of these employees has taught him or her what to do and when to do it, and the employee has been doing it that way ever since without questioning the process.

REVIEWING CHECK ENDORSEMENTS FOR IRREGULARITIES 

Here's how I answer this opening question: Those responsible for the bank reconciliation process first should compare the redeemed check payee with the information in the check register and in the organization's accounting system or disbursement records. Then flip the redeemed checks over and look at the endorsement information to make sure it also agrees with the information on the check payee line. If all data elements are in agreement (for example, if all three data elements indicate "Smith and Company"), the employee has probably completed all the necessary steps.

Many check endorsements might only include a rubber stamp imprint with a statement indicating the endorsement is for the named payee on the check and therefore guaranteed by the bank. This endorsement is sufficient within the banking system even though it doesn't indicate "Smith and Company," as listed in the example. Accept the check as legitimate; this verification step helps to establish that the redeemed check was issued to a valid vendor and is for an official business purpose.

The following five fraud case studies emphasize the importance of reviewing check endorsements during the bank reconciliation process. The cases raise several issues, but not all of them are associated with fraud. Therefore, when the individual performing the bank reconciliation finds these types of check endorsements, he or she should investigate the transactions in greater detail to decide if they're valid. Auditors and fraud examiners should also investigate these unusual endorsements.

DUAL SIGNATURE ENDORSEMENTS ON PAYROLL CHECKS 

Case No. 1: Ghost School Bus Monitors Paid to Stay Home
A school district faced a crisis when its bus drivers went on strike during the school year. The district contracted with a local transit company to provide substitute bus drivers so the students could continue attending class during the labor dispute. These substitute drivers immediately complained about the children's deportment on the buses.

The transportation department director (let's call him Sam) hired bus monitors to make sure students behaved on the buses. Thirteen monitors never reported for work, but Sam still made sure the district paid them.

Sam would enter the hours of work and approve the ghost employees' timecards even though they never signed them. He instructed the payroll department to send the checks to him. Sam then would personally deliver the checks to the 13 "employees" so he could split the proceeds with each of them. He and each bogus employee would sign the check and visit a financial institution or check-cashing facility to cash it.

One day, one of the ghost employees told Sam he wanted to keep all the money from his future payroll checks rather than splitting the funds with him. He threatened to report Sam to the authorities if he didn't comply. Sam was so irritated he later pistol-whipped the ghost employee severely enough to send him to the hospital. The undaunted employee reported the fraud from his hospital bed to the newspaper, the school district, and the district's external auditor.

Sam and his 13 ghost employees stole $114,400 over eight years through this unauthorized payroll scheme, which continued many years after the bus driver strike was settled.

The district's external auditor discovered the irregular check endorsements, but the district easily could have detected them during its monthly bank reconciliation. In many instances, organizations verify only the check number and amount while performing this task.

An improved bank reconciliation procedure would require ensuring the staff turned the checks over and examined the endorsements for any unusual attributes or characteristics. In this case, that work hopefully would have detected all the checks containing the second endorsement by the district's transportation department director. (In my opinion, this verification step should be added to any organization's standard bank reconciliation process.)

The 13 ghost employees received nominal county jail time, but the court slapped Sam with a lengthy sentence in the state penitentiary on a weapons charge.

CHECK ENDORSEMENTS MADE PAYABLE TO THIRD PARTIES 

Case No. 2: Revenue Hose Springs a Leak at Fire Protection District
In two years, a bookkeeper (we'll call her Myrtle) misappropriated $25,306 from her employer, a fire protection district. She would receive payments from insurance company and patient billings for emergency medical and ambulance transportation services, then write off the accounts receivable balances. Myrtle would then delete all records of the transactions from the district's computer.

She first endorsed the stolen checks with a rubber stamp that showed the name of the district and its mailing address. Myrtle then would type below the endorsement, "Pay to the order of" and write her name, and deposit the checks into her personal bank account. This check endorsement was sufficient to process the checks through the banking system.

When Myrtle took time off for surgery, her replacement noticed some billing irregularities and contacted the district's governing body and external auditor. During the investigation, the auditors discovered enough evidence to issue a subpoena for Myrtle's personal bank records.

Though the auditors discovered the irregular check endorsements, they could have been detected when companies and patients doing business with the fire protection district conducted their bank reconciliations. This is a good example of a case in which effective bank reconciliation procedures at your organization actually could detect a fraud at another organization. It didn't do that here, but an improved procedure of reviewing check endorsements just might do this in the future.

The court sentenced Myrtle to one month in jail after plea bargaining with the county prosecuting attorney. The court also ordered her to repay the amount of the loss and pay the district's audit costs.

ENDORSEMENTS FOR MULTIPLE VENDORS WITH UNEXPLAINED SIMILARITIES 

Parent companies often perform accounting functions for subsidiary companies. Thus, a bookkeeper might deposit revenue checks from several organizations into one joint bank account.

This arrangement should cause the organizations that issued the checks to question the uncommon check endorsements even if fraud isn't involved. However, if an unscrupulous employee issued checks to several false vendors and then deposited the proceeds into one bank account - usually his personal account - the attribute of checks from several vendors being deposited into one bank account would be visible in the check endorsements.

In this case, an organization could detect fraud by closely examining the check endorsements shown on any number of unrelated disbursements.

NONLOCAL CHECKS CASHED OR DEPOSITED IN A LOCAL BANK 

Case No. 3: Employee Diverts Customer Refunds to Improve Her Lifestyle
A state agency had many inactive accounts receivable accounts with credit balances. An accounts payable employee (we'll call her Betty) was told to fix this situation by preparing manual refunds for these customers. The agency's computer didn't automatically generate refund transactions.

Betty normally performed output functions in the disbursement system such as comparing checks with disbursement documents prior to mailing. However, this project also gave her certain input functions such as the ability to create disbursement transactions. This was the fatal flaw; Betty now could control disbursement transactions completely from beginning to end. This "kiss of death" attribute almost always guarantees fraud in disbursement cases.

Betty first created valid refunds, but then never mailed them to the customers - many of whom lived in other states. Instead, she forged the customers' endorsements on the checks and deposited them into her personal credit union account. Betty also endorsed some checks payable to a third party - herself - similar to Myrtle in Case No. 2. She then created completely false refund transactions with the same results.

One of Betty's relatives, a signatory on her personal credit union account, was concerned that Betty had too much money and questioned the credit union about her deposits. The credit union investigated the complaint, found that Betty recently had been depositing several agency checks into her account, and then discovered the fraud after it checked with the state agency.

Another fatal flaw: no one at the state agency monitored Betty's work to ensure she fulfilled the organization's objectives. After the credit union contacted the agency about its discovery, the agency immediately notified its external auditor about the irregularities as required by law. The external auditor then discovered the irregular check endorsements, but the agency could have detected them if it had used more effective procedures during its monthly bank reconciliation.

The external auditor determined that Betty had misappropriated $20,219 from her employer in six months. The court sentenced her to two months in jail, one month of community service, and one year of community supervision after she plea-bargained with the county prosecuting attorney. The court also ordered her to repay the amount of the loss and pay the agency's audit costs.

VOIDED CHECKS THAT SUBSEQUENTLY CLEAR THE BANK 

Case No. 4: Deputy Controller Demonstrates How Voided Checks Clear the Bank
In one of the most complicated and sophisticated computer fraud cases I've ever encountered, a deputy controller of a public utility district (we'll call him Frank) misappropriated $236,925 from his employer.

The fatal flaw in this case was an inappropriate segregation of duties. Frank primarily managed the finance department. But he was also the organization's representative who monitored all disbursements on several personal service contracts. Finally, he could perform the daily bank reconciliation and make changes to the computer software program for check redemptions.

Frank first processed three fictitious disbursement transactions using the names of legitimate vendors. He attached Post-it notes to the  

disbursement documents asking the accounts payable department to return the checks to him for these transactions. Frank never mailed these checks but kept them in his office.

He then stole improperly voided checks he obtained from the district's vault and used his computer to make them payable to himself. The bank unwittingly redeemed these fictitious checks. Frank then stayed after work to perform the daily bank reconciliation and alter the check redemption software program so the computer would accept and process the checks he had issued to himself as disbursements made to valid vendors.

Frank then used a copy machine to record endorsement information from prior redeemed checks to the vendors on the checks he'd kept in his office that he never processed through the banking system. Finally, he substituted the checks: he filed the irregular checks payable to the vendors in the district's records and destroyed the fictitious checks payable to him. Essentially, Frank used a complicated system to perform his own check reconciliation and compromise the district's internal control structure.

A check redemption clerk discovered the fraud when Frank was out of the office working with a contractor remodeling his home. When the clerk processed the redeemed checks received from the bank, the computer compared them to the district's record of authorized disbursements, identified a fictitious check made payable to Frank, and then prepared an exception report disclosing the irregularity for further review by the staff. The district's research then detected the fraud.

Frank knew he had to be present at the office to compromise the district's check redemption process and prevent his scheme from being detected. Unfortunately for him, he was too busy with personal matters instead. He then had to watch the fraud unravel right before his very eyes.

No one knew about the fraud before, but now they did and there were serious consequences to pay for this inattentiveness. I love it when major blunders like this cause frauds to halt, but it's too bad they aren't caught sooner. Auditors and fraud examiners should always review the voided check file during audits and investigations to determine if all documents have been properly accounted for and controlled. This simple step can detect even complicated fraud schemes like the one Frank devised.

Frank pleaded guilty to state charges of misappropriating funds from his employer and federal charges of money laundering and counterfeiting. He was sentenced to 15 months in federal prison. The court also ordered him to complete 150 hours of community service and three years of supervised probation, repay the amount of the loss with interest, and pay the district's audit costs.

CHECKS ISSUED TO INDIVIDUALS FOR LARGE, EVEN AMOUNTS 

Case No. 5: Fish and Wildlife Employee Lives the Good Life
An accounts payable clerk (we'll call him Burt) misappropriated $137,467 from his employer, the state fish and wildlife department, in one year. Burt compromised internal controls in the agency's disbursement system, which allowed him to issue checks made payable to himself from the state treasury.

Burt prepared false disbursement transactions requesting the state treasurer's office prepare checks made payable to himself. After signing for, and picking up the checks at the state treasurer's office, he destroyed the records of these unauthorized transactions. The state treasurer issued some of these checks in large, even amounts up to $46,000 per transaction. Burt also paid many of his personal bills from the state treasury using these same methods.

The fish and wildlife department noticed several irregular disbursement transactions during its year-end closing activities. In a subsequent investigation, the agency's external auditor discovered the irregular checks issued to Burt. The auditors determined that Burt had stolen more than $137,000 from his employer.

The court sentenced Burt to 30 days in jail after he plea-bargained with the county prosecuting attorney. The court also ordered him to repay the amount of the loss and pay the agency's audit costs.

CHECKS ISSUED TO ORGANIZATIONS USING ABBREVIATIONS 

Entities should never issue checks made payable to organizations using the abbreviations for a company name like IBM or UPS. An unscrupulous employee can intercept these checks before they're mailed to the recipients, alter payee information, and then either cash them or deposit them in his or her personal bank account. For example, fraudsters could easily alter checks payable to IBM or UPS by making them out to IBMitchell or UPSampson, respectively.

MAKE THAT LIST 

Make a list of other possible check frauds and give it to all independent parties in your organization who could examine check endorsements during the bank reconciliation process. This critical step will reduce your organization's fraud risk.

LESSONS LEARNED 

Let's review some of the finer points of fraud in the bank reconciliation process:  

• Mail or deliver the unopened bank statement and check enclosures directly to an independent party designated by the organization. 
• If possible, the owners of small businesses should perform the daily bank reconciliation. But if they can't, they should at least review bank statements and redeem checks for any irregularities before giving them to the treasurer or account custodian who will perform the bank reconciliation. 
• A business owner or designee should ensure the payee for the redeemed check matches the check register, the organization's accounting system or disbursement records, and the check endorsement. Then he or she can determine if each disbursement transaction represents a payment to a valid vendor for a legitimate business expense. 
• The individual performing the bank reconciliation should carefully review redeemed check endorsements for any irregularities such as the examples discussed in this column.

MONEY LAUNDERING IN CHECKING ACCOUNTS 

But what about the money laundering threat from insiders who choose to manipulate checking accounts? The primary money-laundering red flag is that there are more deposits in, and more disbursements from, the account than we normally would expect. We'll cover both of these circumstances in future columns.

Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE Fellow, is retired after more than 42 years of government service. He remains the vice chair of the ACFE Foundation Board of Directors. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.