This is the third in a series of case studies of frauds/defalcations which I personally investigated. This month’s case study is entitled “The Other Account.” Similar to the first two cases, the plan is simple – most successful frauds are.
Remember our three items related to defalcations:
- A well-designed, well-executed fraud is a thing of beauty in a perverse sense. Properly executed, a fraud such as this one can go on for years without detection provided the fraudster doesn’t get too greedy, as they often do.
- The point of describing the case is not to poke fun at the targeted company, but rather to introspectively ask “Can this, or something similar, happen to my company?”
- A common thread of identified frauds is someone saying; “I never would have suspected him /her.” This has to be true – you’re watching the ones you might suspect!
The OTHER Account
Perpetrator:
- Male
- Late 40s
- 18-year employee
Position in the Organization: Controller
Described by others as:
- Dedicated to the Mission
- Talented, knowledgeable
- Hard-working
- Generous
Length of scheme: 3 years
Scheme:
As controller of a not-for-profit entity, the perpetrator had access to virtually all company records. He was also the primary contact for the entity’s annual audit. The not-for-profit had a policy of funding capital replacements by transferring cash to a separate “Building” account which was to be conservatively invested in an account with check writing privileges. The perpetrator was an authorized check signer on the building account but not on the regular account (to maintain segregation of accounting functions).
The Executive Director, Board of Directors, and outside auditors all accepted the controller’s annual bank reconciliation of the account. The auditors only asked for the December year-end bank statement to agree on the balance. In years with significant fixed asset acquisitions, they asked for verification of expenditures over $2,000 the entity’s capitalization limit.
The perpetrator:
- Periodically over-funded the building account
- Wrote checks to himself – but never in December because the auditors looked at that statement.
- Checks were always under $1,000 – a cushion in case the auditors reduced materiality
What went wrong?
- Overreliance on a trusted “dedicated” employee (we’ve seen that before)
- Poorly designed / predictable audit testing
- Lack of segregation of duties – monitoring of the building account
How was it detected?
Because the perpetrator was superstitious he tended to write checks to himself in the same amounts. The Bank became suspicious of clearing many checks in the same amounts from a bank account designed to have limited activity. The Banker notified the Executive Director and the fraud was uncovered.
Can this happen to you?
Do you have “other” accounts (investment, payroll, etc.)? Attorneys have IOLTA accounts used for client funds which are particularly subject to misappropriation since they are often “off the books”. If so, make certain these accounts are controlled as well as the main account.
What should you do?
Review your internal controls. That doesn’t mean reading the accounting manual; that means walking a transaction or two through your system to make certain the written policies (billing, cash receipts, purchases, payroll, cash expenditures, etc.) are actually being followed. By the way, when was the last time your policies were updated? We do very little the way we did it 5-10 years ago. This is especially true since the pandemic. As always, if you would like some assistance reviewing or monitoring internal controls, contact me or your HW&Co account professional.
CPA, CGMA
Principal
olejarski@hwco.com
