Stop, Look, and Listen

There’s never enough time to explore every angle on an engagement. Skilled fraud examiners understand this limitation and prioritize their work accordingly. They also make it a habit to stop, look, and listen for red flags when communicating with staff.

Fraud comes in many shapes and sizes, and there can be a wide variety of attributes to pursue when searching for clues. Detection tools can include analytical procedures or scanning documents and accounting records. But sometimes we overlook the obvious. In this column, I want to focus on the office environment – specifically, how staff members communicate with you and your team. You must continually observe your surroundings and listen to not only what staff members are saying (or not saying) but also the tone of these communications. If fraud is present, what employees are communicating (and not communicating) could point you to the heart of the problem.

THE TRAFFIC SIGNAL 

Let’s treat staff communications like a traffic signal.

Red: potential red flag

Yellow: caution

Green: normal

Green light: The green light signifies normal communications with staff. (Fortunately, for the external auditors in my home state of Washington, this is the situation they most often encounter.) Under these conditions, an organization has implemented an effective system of internal controls that includes an appropriate segregation of duties and independent monitoring of employee tasks. The staff is friendly and cooperative and strives to be as helpful as possible to ensure the engagement is completed in the least amount of time. They research auditor inquiries thoroughly and provide prompt assistance upon request.  Hopefully, this is the condition you’ll encounter on the majority of your assignments.

Case No. 1: No fraud: During my first school district audit as an external auditor in Washington, I found a green-light condition in which the staff was cooperative. One of my first tasks at the district, which had received only clean audit opinions in the past, was to review all the checking accounts identified during the most recent audit.

After completing this task, I asked the staff member who controlled the bank accounts if she was aware of other bank accounts at the district. She gave me the records for a new account our agency hadn’t seen before. When I finished reviewing this additional account, I again asked the staff member if she knew of other bank accounts. She then gave me the records for a trust fund that we didn’t know existed; it had a balance of approximately $300,000 that a citizen had sent to the district from a final estate. These restricted funds were to be used only for student college scholarships. The bank account, which had remained a material omission from the district’s financial statements, had existed for many years. The auditors never asked if there were other accounts, so no one mentioned it. Asking this simple question helped me avoid making the mistake of providing a clean audit opinion on the district’s financial statements.

Ever since that time, I’ve always asked that familiar question during my audits: “Do you have any more bank accounts?” This question has served me well.

Yellow light: The yellow light, of course, signifies caution because staff communications seem strained. In these instances, staff might not respond promptly to an external auditor’s requests for information. The delays can be frustrating to auditors and fraud examiners, who might juggle other tasks in the interim, hoping they will receive the sought-after information before the audit deadline.

Early in my career, while working with local governments, I encountered two constants: a) preparing annual financial statements was never the job of only one person and b) the audit never occurred at a good time for the staff. Preparing financial statements most often required a team of staff members, and they usually had to do it in addition to their normal duties. This meant that the staff had to work overtime to prepare the financial statements.

In these circumstances, we must show empathy for the staff. It’s understandable that employees might be on edge or stressed during an audit, so strained communications don’t necessarily indicate a red light; however, this situation should heighten our awareness of conditions in the office that might increase the probability of fraudulent behavior.

Case No 2: Cash larceny from the deposit scheme: During a routine audit of a municipal court in Washington, the external auditor encountered some abnormal conditions in the office – a yellow-light condition. The court’s accounting records were in disarray, and the court administrator resisted the auditor’s inquiries about the complex accounting system.

From my experience, the administrator’s initial response to the auditor was typical of a yellow-light condition. She said: “I’m just too busy right now to get to your questions. Can you come back later at a more convenient time?” Of course, as every auditor learns, there’s never such a time.

During a preliminary review of the court’s records, the auditor found that the bank account hadn’t been reconciled for more than a year. The city had a history of significant risks in other departments. So, with a limited budget, the auditor decided to address these other areas before finishing work in the court. As he was departing the court, the auditor asked the court administrator to reconcile the bank account. She indicated that she would. However, the auditor later returned to find the bank account hadn’t been reconciled. He didn’t have time to deal with the problem, so he wrote an internal control finding that, among other things, recommended the court administrator reconcile the bank account in a timely manner and an independent party verify the work.

The next year, another auditor visited the court and found the same yellow-light condition – messy records and an unreconciled bank account. The court administrator once again told this auditor to “go away and come again another day.” Yet, to the horror of the court administrator, the auditor decided to reconcile the bank account and discovered funds had been misappropriated from the court. The yellow light quickly changed to a red. The auditor’s investment of resources paid big dividends.

Each municipal court maintains a trust fund checking account that has two components: court revenue and bail funds held in trust. All funds collected are recorded and deposited daily into the bank account. At the end of each month, the court administrator transmits all court revenue to the city, and the transaction is recorded in the accounting records and subsequently reported on the financial statements. After this transaction, all funds remaining in the court bank account should reconcile with the amount of all bail funds held in trust.

The court administrator had misappropriated $20,103 from the municipal court over two years. She stole currency from cash receipt transactions and deposited a lesser amount than she collected in the court’s bank account each day. However, at the end of the month, she remitted the correct amount of all revenue to the city. This transferred the cumulative amount of the shortage to the bail trust fund at the end of each month. The court administrator concealed this loss from the city and the auditors by not reconciling the bank account. The fraud was always there, but she was going to make others work hard to find it.

After the first audit cited the city for not reconciling the court bank account each month, the finance director told the auditors he was going to monitor bank reconciliations to ensure the court’s internal control weakness were resolved. However, when reconciling the account, the court administrator made false adjustments in the accounting records to eliminate bail fund transactions equaling the amount of funds – $8,177 – she had misappropriated up to that time. Once the finance director found that the bank account had been reconciled (even though it was false), he ceased monitoring it. The court administrator then reversed all the false adjustments she had made and continued the scheme as before. When the second audit was completed, the amount of the shortage in bail funds was $20,103.

The court sentenced the administrator to a nominal time in county jail for the crime and ordered her to make restitution for the total loss amount plus audit costs.

Lesson learned: Segregation of duties is critical when it comes to account reconciliation. Unopened bank statements should be sent to an independent party who then reconciles the account within 30 days.

Red light: The red light signifies danger. Communications with staff are abrupt, nonexistent, or adversarial. Key contacts in the company have built imaginary walls around themselves and are resistant to any inquiries. Their offices and accounting records are a mess, often by design.

If you encounter this or similar conditions, treat it as a red flag of fraud. Stay the course until you receive appropriate responses to your inquiries or find evidence of fraud in the workplace. In my experience, uncooperative staff members have almost always been the treasurer or another individual of similar stature. In small organizations in both the public and private sectors, this individual might be the bookkeeper or even the chief executive officer or chief financial officer.

Case No. 3: Concealed check scheme: As discussed in a previous column, Janice was the clerk-treasurer of a small city for more than 13 years. During disbursement transaction testing, the external auditor found falsified check register entries that proved Janice had embezzled funds. When the auditor presented her findings to Janice, she said inexperienced staff members had probably made mistakes recording the information on the check register. But as the number of irregularities increased, Janice became vague and uncooperative.

The work environment became hostile as Janice, irritated by the repeated questions, evaded the employees and the auditor. She attempted to deflect attention from herself to the “incompetent” office staff and demanded the auditor talk only to them. Janice’s conversations with the auditor were brief and terse, and her tone was harsh and derogatory.

The auditor began taking the pertinent documents home with her every night because she was concerned they might be destroyed. Her concerns were warranted; a huge fire destroyed the upper floor and attic of the city hall soon after Janice stopped talking to the auditor. Authorities suspected arson, but they were unable to find enough evidence to pursue criminal charges.

The auditors then obtained copies of the city’s redeemed checks for the previous seven years – the maximum time banks are required to retain this financial information. The auditors determined the amount of the loss by listing all checks issued to Janice and then eliminating all payroll and travel checks that represented legitimate payments to her. The remaining payments to Janice were approximately the amount of her normal payroll checks and represented the total amount of the loss in the case: $47,762 over the past six years of her employment.

She prepared fraudulent checks and submitted them to the finance manager for signature along with batches of other legitimate checks. The finance manager signed all the checks without properly reviewing them or the supporting documents. Janice deposited the fraudulent checks in her personal bank account and then destroyed them after they had been redeemed.

We’ll never know how much Janice actually stole, but she pleaded guilty to misappropriating funds from the city, made full restitution for the amount of the loss documented by the external auditors plus audit costs, and was sentenced to 30 days in county jail. Her husband was a wealthy contractor, and the family didn’t need the funds she stole. This was simply a case of greed.

LESSONS LEARNED 

Let’s review some of the finer points of fraud deterrence and detection in the office environment as illustrated in the four fraud cases above:

• Always stop, look, and listen in the office environment to identify red flags in staff communications.
• Treat staff communication indicators like a traffic signal – green for normal, yellow for caution, and red for danger.
• An independent party designated by the organization should receive unopened bank statements directly from the bank and reconcile the account promptly (within 30 days).

Always take time to stop and smell the roses. The next series of articles will concentrate on specific disbursement fraud case studies. They’re exciting!

Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE Fellow, is retired after more than 42 years of government service. He remains the vice chair of the ACFE Foundation Board of Directors.  

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.