How $16 Million was Stolen from a Bakery

By Charles Hall | Asset Misappropriation

Is it possible to steal over $16 million from a bakery? You bet. Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.

The Theft

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

• $11 million on a Black American Express card
• $1.2 million at Neiman Marcus in Dallas
• 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
• Wine collection (having an approximate value of $50,000)
• Steinway electronic piano (having a value of $58,500)
• 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
• 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
• And more…

How the money was stolen

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

The Weakness that Led to the Theft

No one was comparing the cleared check payees to the general ledger. 

The Fix that Will Detect the Theft

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, require a second-person review of canceled checks.

Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.

Make Your CPE Useful: Seven Suggestions to Improve Learning

By Charles Hall | Accounting and Auditing

In a thirty-five year career as a CPA, you will spend well over 1,400 hours taking CPE classes. Are you using this time wisely? Today I share how you can make your CPE useful.

It’s 3:32 p.m. on a Friday and you are thinking, “When will this CPE class ever end?” Your golf swing, a late tax return, your daughter’s college tuition cost–each float through your mind. Your thoughts continue, “So much to do, and I sit here wasting another day. Why can’t this be more interesting?” Tired. Bored. Numb. You want to be anywhere but where you are. You feel trapped. 

Why does this happen? Many CPAs mistakenly believe this pain is a requirement of the profession. They seem resigned to death-by-CPE, as though there is no other choice.

But then you’ve been in classes where you’re laughing, learning, and even wanting more. The day ends quickly, and you walk away satisfied.

Wouldn’t you love to increase the quality of your training and your engagement with what you are learning? Here are seven suggestions to make your CPE useful.

1. Create Three-Year CPE Learning Goals: Tie Training to Vision

Create a three-year rolling CPE plan. While you may not be able to plan each individual class, you can still sketch out your desired objectives and learning path.

Fifteen years ago, I decided to become a Certified Fraud Examiner. I thought, “Why not use my CPE hours to move me in that direction?” Over the next year, I purchased the training material from the Association of Certified Fraud Examiners and trained. In September 2004, I reached that goal. Without the goal, the idea would still be just that–an idea. 

What training goal can you set that will make your dream a reality? What vision do you have for your future?

In your career, you will spend hundreds of hours in training. Why not use those precious hours to get you to your desired destination? Continuous learning about new things is no longer an option. There are exciting (and scary) future changes in accounting.

2. Plan Your CPE Classes Annually: Avoid Cramming in December

Planning your CPE calendar will allow you to spread out the learning load (I do not recommend taking 40 hours of CPE the last week of December). The human mind is not designed to absorb large quantities of complex information in a short period. Space out your classes. The separation will allow your mind to digest and retain what you learn. 

3. Seek Out the Best CPE Trainers: They Will Elevate Your Game

Will excellent trainers cost more money? Sometimes yes, but what’s the alternative? Cheap teachers that bore you to death. Signing up for any old class for convenience’s sake or because it’s cheap is a terrible idea.

Great trainers make for excellent learning experiences. Seek them out. Pay the extra money, if need be. This will make your CPE more useful.

4. Revisit CPE Information: Move Learning to Long-Term Memory

For each one-day class, write a one-page summary. Do this the day after you attend the course. (Once you create the one-page outline, archive it in Evernote for future reference.) Merely writing the summary will drive the learning deeper into your mind. 

Then revisit the summary using the following intervals:

• One week later – review for 20 minutes
• Two weeks later – review for 10 minutes
• Three weeks later – review for 5 minutes

There’s nothing sacred about the intervals. The method is what is essential.

Additionally, try to recall the information before reviewing the notes. Doing so facilitates retention according to the book Make It Stick. Revisiting the information and trying to recall it will move your knowledge from short-term to long-term memory–where you need it!

Another suggestion to help you remember the information is that you teach it to your firm members. You can’t explain something you don’t understand. Teaching forces you to learn.

5. Use Livescribe Pen to Take Notes: Record the Audio 

For about $180, you can own the Livescribe pen. No, it will not allow you to remember everything you hear. However, it will record the full audio as you write. Then, later, you can touch a particular word in your notes with the tip of the pen and “voilà,” you hear–from the pen–what was said at that moment. You can upload the written notes and audio to your computer. Don’t ask me how it does this, but it works. Amazing! Now you can have a full recording of your training with shortcuts (notes) to find the audio you want to hear. The pen holds up to 200 hours of audio. 

In terms of learning, writing your notes is more effective than typing (and I might add, less distracting to those around you). Science has proven that writing has a more significant effect on learning and retention than typing.

Another learning tip to make your CPE useful: Read the table of contents before the class starts.

6. Read the Table of Contents: Prepare Your Mind 

The human mind likes to anticipate, to know what’s coming. If you can access your CPE material before the class, I encourage you to scan the table of contents and highlight the areas you are most interested in. Highlighting the table of contents will prepare you for what’s coming.

7. Sit Up Front: You’ll Learn More

Finally, sit up front. The farther back you sit, the more distractions you will see (like the guy reading the latest ESPN headlines or the couple talking all day).

Take Action Now: Plan Time to Consider Your Goals

I challenge you to take action now! Go ahead. Specify a time on your calendar to think about your goals and the CPE classes that will get you there. Become an expert in cybersecurity, fraud prevention, litigation support, data mining, artificial intelligence. Pick an area and move toward your goal. 

How to Write Clear Financial Statement Disclosures

By Charles Hall | Accounting and Auditing

Creating clear financial statement disclosures is not always easy. Creating (unintentional) confusion? Well, that’s another matter.

Clear Financial Statement Disclosures

Let’s pretend that Olympic judges rate your most recent disclosures, flashing scores to a worldwide audience. What do you see? Tens everywhere—or something else?

Balance sheets tend to be clear. Why? The accounting equation. Assets always equal liabilities plus equity. But there is no disclosure equation (darn it), and without such, we flounder in our communication. 

CPAs tend to be linear thinkers. We enjoy Pascal more than Hemingway, numbers more than words, debits and credits more than paragraphs. Our brains are wired that way.

But accounting is more than just numbers. It is the communication of financial statements and disclosures. In the name of clear disclosures, I offer these suggestions.

Consider Your Readers

Who will read the financial statements? Owners, lenders, and possibly vendors. Owners—especially those of smaller businesses—may need simpler language. Some CPAs write notes as if CPAs (alone) will read them. While accounting is technical, we need—as much as possible—to simplify.  

Use Short Paragraphs

Lengthy paragraphs choke the reader. Breaking long paragraphs into shorter ones makes the print accessible. 

Less is more in many instances. When we try to say too much, we sometimes say…too much. Additionally, short sentences are helpful.   

Use Short Sentences

CPAs may have invented the run-on sentence. As I read one of those beauties, I feel as though I can’t breathe. And by the end, I’m gasping. Breaking long sentences into shorter ones makes the reader more comfortable. And she will thank you. 

Use Shorter Words

CPAs don’t receive merit badges for long, complicated words. Our goal is to communicate, not to impress. For example, split is better than bifurcate.  

Attorneys are not our model. I sometimes see notes that are regurgitations of legal agreements, copied word for word—and you can feel the stiltedness. Do your reader a favor and translate the legalese into digestible—and might I say more enjoyable—language. 

Use Tables

Long sentences with several numbers can be confusing. Tables are easier to understand.

Write Your Own Note

Too many CPAs copy disclosures from the Internet without understanding the language. Make sure the language is appropriate for your company.

Put Disclosures in the Right Buckets 

Think of each disclosure header as a bucket. For example, if the notes include a related party note, then that’s where the related party information goes. If the debt note includes a related party disclosure (and this may be necessary), place a reference in the related party note to the debt disclosure. You don’t want your reader to think all of the related party disclosures are in one place (the related party note) when they are not. The same issue arises with subsequent event notes.

Have a Second Person Review the Notes

When writing, we sometimes think we are clear when we are not. Have a second person review the note for proper punctuation, spelling, structure, and clarity. If you don’t have a second person available, perform a cold review the next day—you will almost always see necessary revisions. I find that reading out loud helps me to assess clarity.

I also use Grammarly to edit documents. The software provides grammar feedback as you write. If you don’t have a second person to review your financials, I recommend it.

Use a Current Disclosure Checklist

Vetting your notes with a disclosure checklist may be the most tedious and necessary step. FASB and GASB continue to issue new statements at a rapid rate, so using a checklist is necessary to ensure completeness.   

Winning Gold

I hope these suggestions help you win gold–10s everywhere. I think I hear the national anthem.

Inherent Risk: How to Save Time by Properly Assessing

By Charles Hall | Auditing , Risk Assessment

Do you know how to assess inherent risk? Knowing when inherent risk is low is a key to efficient audits. In this article, I tell you how to assess inherent risk--and how lower risk assessments (potentially) decrease the amount of work you perform.

While audit standards don't require a separate assessment on inherent risk (IR) and control risk (CR), it's wise to do so. Why? So you know what drives the risk of material misstatement (RMM). 

Many auditors assess control risk at high (after performing their risk assessment procedures). Why? So they don't have to test controls. 

If control risk is high, then inherent risk is the only factor that can lower your risk of material misstatement. For example, a high control risk and a low inherent risk results in a moderate risk of material misstatement. Why is this important? Lower RMMs provide the basis for less substantive work.

The Audit Risk Model

Before we delve deeper into inherent risk assessment, let's do a quick review of the audit risk model. Auditing standards (AU-C 200.14) define audit risk as “The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.”

Audit risk is defined as follows:

Audit Risk = IR X CR X Detection Risk

Inherent risk and control risk live within the entity to be audited.

Detection risk lies with the auditor.

A material misstatement may develop within the company because the transaction is risky or complex. Then, controls may not be sufficient to detect and correct the misstatement. 

If the auditor fails to detect the material misstatement, audit failure occurs. The auditor issues an unmodified opinion when a material misstatement is present.

Risk of Material Misstatement

As we plan an audit, we assess the risk of material misstatement. It is defined as follows:

RMM = IR X CR

Auditors assess the risk of material misstatement at the assertion level so they can determine the level of substantive work. Substantive work is the response to risk.

If the RMM is high, more substantive work is needed. Why? To reduce detection risk. 

But if the RMM is low to moderate, less substantive work is needed. 

Inherent Risk

What is inherent risk? The susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.

Examples

The inherent risk of cash is greater than that of a building. Cash is easily stolen. Buildings are not.  

The inherent risk of a hedge transaction is greater than that of a trade receivable. Hedges can be complicated to compute. Trade receivables are not. 

Post-retirement liabilities are inherently risky. Why? It's a complex accounting area. The numbers usually come from an actuary. There are estimates in the form of assumptions.

Inherent Risk Factors 

Consider factors such as the following in assessing inherent risk:

• Susceptibility to theft or fraudulent reporting
• Complex accounting or calculations
• Accounting personnel’s knowledge and experience
• Need for judgment
  
• Difficulty in creating disclosures
  
• Size and volume of accounts balance or transactions
  
• Susceptibility to obsolescence
  
• Prior year period adjustments

Inherent risk is not an average of the above factors. Just one risk factor can make an account balance or transaction cycle or disclosure high risk.

Inherent Risk at Less Than High

When inherent risk is less than high, you can perform fewer or less rigorous substantive procedures.

An example of a low inherent risk is the existence assertion for payables. If experienced payables personnel accrue payables, then the existence assertion might be assessed at low. (The directional risk of payables is an understatement, not an overstatement.) The lower risk assessment for existence allows the auditor to perform little if any procedures in relation to this assertion. 

Conversely, the completeness assertion for accounts payable is commonly a high inherent risk. Businesses can inflate their profits by accruing fewer payables. Fraudulent reporting of period-end payables is possible. Therefore, the inherent risk of completeness for payables is often high. That's why auditors perform a search for unrecorded liabilities.

Base your risk assessment on factors such as those listed above. If inherent risk is legitimately low, then great. You can perform less substantive work. But if the assertion is high risk, then it should be assessed accordingly--even if that means more work. (The AICPA has included questions in peer review checklists regarding the basis for lower risk assessments. Their concern (I think) is that auditors might manipulate inherent risk in order to perform less work. I've heard no one from the AICPA say this. But I can see how they might be concerned about this possibility.)

Control Risk

So, what is the relationship between inherent risk and control risk?

Companies develop internal controls to manage areas that are inherently risky.

A business might create internal controls to lessen the risk that payables are understated. Examples of such controls include:

• The CFO reviews the payables detail at period-end, inquiring about the completeness of the list
• A payables supervisor reviews all invoices entered into the payables system
• The payables supervisor inquires of all payables clerks about any unprocessed invoices at period-end
• A budget to actual report is provided to department heads for review

Inherent risk exists independent of internal controls.

Control risk exists when the design or operation of a control does not remove the risk of misstatement. 

Video Demonstration of the Effects of Inherent Risk

Going Concern in Compilation and Review Engagements

By Charles Hall | Preparation, Compilation & Review

Do you need to concern yourself with going concern in compilation and review engagements? Yes, if the financial statements are prepared in accordance with the FASB Codification. But is going concern relevant to special purpose frameworks such as the cash basis or tax basis financial statements. Yes, going concern is in play even with special purpose frameworks. This post provides an overview of what you need to know about going concern as it relates to compilation and review engagements.

A while back I wrote a post about ASU 2014-15, Disclosure of Uncertainties about an Entity’s Ability to Continue as a Going Concern, which was effective for years ending after December 15, 2016. This standard requires companies to include certain disclosures when substantial doubt is present. So, we know that financial statements prepared in accordance with GAAP must include these disclosures. Otherwise, there is a GAAP departure. And in an audit, we modify our opinion when there is a departure.

Going Concern in Compilation Engagements

But what about financial statements subject to a compilation engagement, especially when substantially all disclosures are omitted? Is it not permissible for the CPA to ignore the going concern standard since it just requires disclosures? Yes, but be careful. Ask yourself whether the financial statements would be misleading (without the going concern disclosure). If they are misleading, then include a selected disclosure regarding going concern. Also, consider adding an emphasis-of-matter paragraph (regarding going concern) to your compilation report.

Consider the following scenario. Your client (who has significant going concern issues) takes your compilation report (which has no emphasis of a matter paragraph) and their financial statements (that has no disclosures) to a local bank. It’s obvious that the company is not doing well. But the bank makes a large loan anyway, and later, the company defaults on the loan. Then the bank files suit against you (the CPA) asserting that you issued the compilation report without the emphasis-of-matter paragraph and that you knew the financial statements had no going concern disclosure. The bank says the financial statements were misleading.

While the emphasis-of-matter paragraph is not required, consider adding one anyway.

Going Concern in Review Engagements

Since review engagements require full disclosure, going concern disclosures are not optional when substantial doubt exists in GAAP financial statements. They must be provided. If they are not, a GAAP departure exists.

So what going concern procedures should you perform in a review engagement?

In regard to going concern, AR-C 90.65 states:

AR-C 90.A123 provides the following example of a going concern paragraph in a review engagement when (1) substantial doubt exists for a reasonable period of time, (2) management’s plans don’t alleviate the substantial doubt, and (3) the reporting framework requires a note disclosure.

Emphasis of Matter

Special Purpose Frameworks and Going Concern

While the cash, modified cash, or tax bases of accounting do not address going concern, accountants still need to consider the effects of negative financial conditions and trends. Why? When using a special purpose framework (like the tax basis), the accountant should follow the guidance in GAAP. No, that doesn’t mean your disclosures are just like GAAP, but it does mean they are similar to GAAP.

Since GAAP tells the financial statement preparer to consider whether substantial doubt exists, then persons creating cash basis, modified cash basis or tax basis financial statements should do the same. If substantial doubt is present, going concern disclosures are necessary. 

So, what is substantial doubt? The FASB Codification defines it this way:

Substantial doubt about the entity’s ability to continue as a going concern is considered to exist when aggregate conditions and events indicate that it is probable that the entity will be unable to meet obligations when due within one year of the date that the financial statements are issued or are available to be issued.

If substantial doubt is present and going concern disclosures are not included in full disclosure compilations or reviews, then modify your accountant’s report (for the departure).