Category Archives for "Fraud"

Thefts of cash
Nov 14

Thefts of Cash From Local Governments

By Charles Hall | Asset Misappropriation , Local Governments

Thefts of cash from local governments is common.

How many times have you seen a local newspaper article like the following?

Johnson County’s longtime court clerk admitted today to stealing $120,000 of court funds from 2019 through 2021. Becky Cook, 62, faces up to 10 years in federal prison after pleading guilty to federal tax evasion and theft.

Thefts of cash

Thefts of Cash from Local Governments

Usually, the causes of such cash thefts are (1) decentralized collection points and (2) a lack of accounting controls.

1. Decentralized Collection Points

First, consider that governments commonly have several collection points.

Examples include:

  • Recreation department
  • Police department
  • Development authority
  • Water and sewer department
  • Airport authority
  • Landfill
  • Building and code enforcement
  • Courts

Many governments have over a dozen receipting locations. With cash flowing in so many places, it’s no wonder that thefts of cash are common. Each cash receipt area may have different accounting procedures – some with physical receipt books, some with computerized receipting, and some with no receipting system at all. 

A more centralized receipting system reduces the possibility of theft, but many governments may not be able to centralize the receipting function. Why? Here are three reasons:

  1. Elected officials, such as tax commissioners, often determine how monies are collected without input from the final receiving government (e.g., county commissioners or school). Consequently, each elected official may decide to use a different receipting system.
  2. Customer convenience (e.g., recreation centers and senior citizen centers) may drive the receipting location decision.
  3. Other locations, such as landfills, are purposely placed on the outer boundary of the government’s geographic area.

What’s the result? Widely differing receipting systems. Since these numerous receipting locations have varying controls, the risk of theft is higher. 

Cash theft

2. Lack of Accounting Controls

Second, consider that many governments lack sufficient accounting controls for cash.

It’s more likely cash will be stolen if cash collections are not receipted. If the transaction is recorded, then the receipt record must be altered, destroyed or hidden to cover up the theft. That’s why it’s critical to capture the transaction as early as possible. Doing so makes theft more difficult.

Additional steps that will enhance your cash controls include the following:

  1. If possible, provide the government’s administrative office (e.g., county commissioners’ finance department) with electronic viewing rights for the decentralized receipting locations (e.g., landfill).
  2. Require the transfer of money on a daily basis; the government’s administrative office (e.g., county commissioners’ finance department) should provide a receipt to each transferring location (e.g., landfill).
  3. Limit the number of bank accounts.
  4. Deposit funds daily.
  5. Periodically perform surprise audits of outlying receipting areas.
  6. Use a centralized receipting location (and eliminate the decentralized cash collection points).
  7. Persons creating deposit slips and handling cash should not key those receipts into the accounting system.
  8. The person reconciling the bank statements should not also handle cash collections.
  9. Don’t allow the person billing customers to handle cash collections.

If segregation of duties is not possible (such as 7., 8. and 9. above), consider having a second person review the activity (either an employee of the government or maybe an outside consultant).

Final Thoughts About Fraud Prevention for Cash

When possible, use an experienced fraud prevention specialist to review your cash collection procedures. Can’t afford to? Think again. The average incidence of governmental fraud results in a loss of approximately $100,000.

Finally, make sure your government has sufficient fidelity bonding. If all else fails, you can recover your losses through insurance.

For more fraud prevention guidance, check out my book on Amazon: The Little Book of Local Government Fraud Prevention. Additionally, here’s a post telling you how to audit cash.

Segregation of Duties
Sep 30

Segregation of Duties: How to Overcome

By Charles Hall | Auditing , Fraud

Segregation of duties is key to reducing fraud. But smaller entities may not be able to do so. Today, I tell you how overcome this problem, regardless of the entity’s size.

Segregation of duties

The Environment of Fraud

Darkness is the environment of wrongdoing.

Why?

No one sees us. Or so we think.

Fraud occurs in darkness.

In J.R.R. Tolkien’s Hobbit stories, Sméagol, a young man murders another to possess a golden ring, beautiful in appearance but destructive in nature. The possession of the ring transforms Sméagol into a hideous creature–Gollum.

And what does this teach us? That which is alluring in the beginning can be destructive in the end.

Fraud opportunities have those same properties: they are alluring and harmful. And, yes, darkness is the environment where fraud happens.

What’s the solution? Transparency. It protects businesses, governments, and nonprofits.

But while we desire open and understandable processes, our businesses often have just a few employees that perform the accounting duties. And, many times, no one else understands how the system works.

It is desirable to divide accounting duties among various employees, so no one person controls the whole process. This division of responsibility creates transparency. How? By providing multiple eyes to see what’s going on.

But this segregation of duties is not always possible.

Lacking Segregation of Duties

Some people says here are three key duties that must always be separated under a good system of internal controls: (1) custody of assets, (2) record keeping or bookkeeping, and (3) authorization. I add a fourth: reconciliation. The normal recommendation for lack of segregation of duties is to separate these four accounting duties to different personnel. But many organizations are unable to do so, usually due to a limited number of employees.

Some small organizations believe they can’t overcome this problem. But is this true? I don’t think so.

Here’s two easy steps to create greater transparency and safety when the separation of accounting duties is not possible.

1. Bank Account Transparency

First, consider this simple control: Provide all bank statements to someone other than the bookkeeper. Allow this second person to receive the bank statements before the bookkeeper. While no silver bullet, it has power.

Persons who might receive the bank statements first (before the bookkeeper) include the following:

  • A nonprofit board member
  • The mayor of a small city
  • The owner of a small business
  • The library director
  • A church leader

What is the receiver of the bank statements to do? Merely open the bank statements and review the contents for appropriateness (mainly cleared checks).

In many small entities, accounting processes are a mystery to board members or owners. Why? Only one person (the bookkeeper) understands the disbursement process, the recording of journal entries, billing and collections, and payroll.

Relying on a trusted bookkeeper is not a good thing. So how can you shine the light?

Allow a second person to see the bank statements.

Segregation of duties

Fraud decreases when the bookkeeper knows someone is watching. Suppose the bookkeeper desires to write a check to himself but realizes that a board member will see the cleared check. Is this a deterrent? You bet.

Don’t want to send the bank statements to a second person? Request that the bank provide read-only online access to the second person. And let the bookkeeper know.

Even the appearance of transparency creates (at least some) safety. Suppose the second person reviewer opens the bank statements (before providing them to the bookkeeper) and does nothing else. The perception of a review enhances safety. I am not recommending that the review not be performed. But if the bookkeeper even thinks someone is watching, fraud will lessen.

When you audit cash, see if these types of controls are in place.

Now, let’s look at the second step to overcome a lack of segregation of duties. Surprise audits.

2. Surprise Audits

Another way to create small-entity transparency is to perform surprise audits. These reviews are not opinion audits (such as those issued by CPAs). They involve random inspections of various areas such as viewing all checks clearing the May bank statement. Such a review can be contracted out to a CPA. Or they can be performed by someone in the company. For example, a board member.

Additionally, adopt a written policy stating that the surprise inspections will occur once or twice a year.

The policy could be as simple as:

Twice a year a board member (or designee other than the bookkeeper) will inspect the accounting system and related documents. The scope and details of the inspection will be at the judgment of the board member (or designee). An inspection report will be provided to the board.

Why word the policy this way? You want to make the system general enough that the bookkeeper has no idea what will be examined but distinct enough that a regular review occurs. 

Segregation of duties

Surprise Audit Ideas

Here are some surprise audit ideas:

  • Inspect all cleared checks that clear a particular month for appropriate payees and signatures and endorsements
  • Agree all receipts to the deposit slip for three different time periods
  • Review all journal entries made in a two week period and request an explanation for each
  • Inspect two bank reconciliations for appropriateness
  • Review one monthly budget to actual report (look for unusual variances)
  • Request a report of all new vendors added in the last six months and review for appropriateness

The reviewer may not perform all of the procedures and can perform just one. What is done is not as important as the fact that something is done. In other words, the primary purpose of the surprise audit is to make the bookkeeper think twice about whether he or she can steal and not get caught.

I will say it again. Having multiple people involved reduces the threat of fraud.

Segregation of Duties Summary

In summary, the beauty of these two procedures (bank account transparency and surprise audits) is they are straightforward and cheap to implement. Even so, they are powerful. So shine the light.

What other procedures do you recommend?

For more information about preventing fraud, check out my book: The Little Book of Local Government Fraud Prevention.

$16 million stolen from bakery
Feb 20

Collin Street Bakery Fraud: $16 Million

By Charles Hall | Asset Misappropriation

Sandy Jenkins, a controller, stole $16 million from the Collin Street Bakery. You read that right. A bakery.

Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.

The Collin Street Bakery Fraud

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

  • $11 million on a Black American Express card
  • $1.2 million at Neiman Marcus in Dallas
  • 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
  • Wine collection (having an approximate value of $50,000)
  • Steinway electronic piano (having a value of $58,500)
  • 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
  • 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
  • And more…

How the money was stolen from Collin Street Bakery

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

Collin Street Bakery

The Weakness that Led to the Collin Street Bakery Theft

No one was comparing the cleared check payees to the general ledger. (The Collin Street Bakery is not the only business that has suffered from this type of fraud; see my previous article titled Fraudsters Writing Checks to Themselves.)

The Fix that Will Detect the Theft

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, require a second-person review of canceled checks.

Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.

In March 2019, Sandy Jenkins passed away in a federal prison.

Fruitecake Movie

You may be familiar with the movie Catch Me If You Can which chronicled the exploits of Frank Abagnale, one of the most brilliant cons of all time. Now, there is a new movie about another: Sandy Jenkins. 

https://youtu.be/D_0f0O814co

 

Related party transaction
Dec 22

Related Party Transactions: Fraud

By Charles Hall | Auditing , Financial Statement Fraud , Fraud

Related party transactions can be a means to fraudulent financial reporting. Yet, auditors often don't detect the financial statement manipulation, leading to audit failure. This article explains how to understand and find fraudulent related party transactions. 

Related party transaction

Related Party Transaction

What is a related-party transaction?

It’s a transaction between two parties that have a close association. For example, two commonly owned businesses sell services or goods to one another. In another example, a business buys property from a board member or from the owner. 

Normal Related Party Transactions

Related party transactions are typical and often expected. For example, a business might rent real estate from a commonly owned entity. In such an arrangement, the rental rate can be at fair value. So if a company pays for twelve months' rent at a standard rate, everything is fine. No manipulation is occurring. 

Reason for Related Party Fraud

But in some cases, companies use related party transactions to deceive financial statement readers. Why? Because the business is not performing as well as desired, or maybe the company is not in compliance with debt covenants. (Noncompliance can trigger a call for repayment, or the loan can become a current liability based on accounting standards.) 

Fraudulent Increase in Net Income

Imagine this scene. It's December 15th, and management is reviewing its annual financial results. The CEO and CFO receive substantial bonuses if the company's net profit is over $10 million. At present, it looks as if the business is just short, with an expected net income of $9.7 million. They need another $300,000. 

So they develop a related party transaction whereby a commonly owned company pays their business $350,000 for bogus reasons--what auditors call a transaction outside the normal course of business. Since the CEO and CFO also manage the related entity, they control the accounting for both entities.  

Management performs the trick on December 27th, and soon they are toasting drinks in the back room. The bonus enables the CEO to buy his wife a new Tesla and the CFO to take a one-month trip to Europe. And it was so easy. 

In considering related party transactions, know that they are more likely with smaller entities, especially when one person owns several entities. So you'll want to know if associated businesses are making payments or loans to commonly owned companies.

Related Party Audit Procedures

As you begin your audit, request a list of all related-party transactions. Also, pay attention to such activity in the company's minutes. Additionally, electronically search company receipts, payments, and journal entry descriptions using the related party names. Then investigate any abnormal transactions outside the normal course of business, especially if they involve round-dollar amounts (e.g., $350,000). 

In performing your fraud inquires, ask about related party transactions and if any unusual transactions occurred during the year (or after the year-end). And make sure you interview persons responsible for initiating, approving, or recording transactions. In other words, inquire of the CEO and CFO, but also ask questions of others such as the cash receipts or the accounts payable supervisor. The CEO and CFO might hide the bogus transaction, but, hopefully, the cash receipts supervisor will not. 

As you can tell in the above example, you want to be aware of incentives for fraud, such as bonuses or the need to comply with debt covenants. 

Does It Make Sense?

If you see an unusual transaction, request supporting information to determine its legitimacy. I once saw a $5 million transaction at year-end, and when I asked for support, the journal entry said, "for prior services provided." You might receive some mumbo jumbo explanation for such a payment. But know this: vague reasons usually imply fraudulent activity. 

So, see if the economics make sense. Would a company pay that much for the services or products received? If not, you may need to propose an audit entry to correct the misstatement. 

Representation Letter

And, by the way, having the client sign a management representation letter saying the transaction is legitimate does not absolve the auditor. Either the payment is economically supportable, or it is not. 

Fraudulent Decrease in Net Income

Strangely, some companies desire to deflate their earnings. For example, maybe the company has had an unusually good year and wants to defer some net income for the future. So it is possible that related party payments are made to decrease earnings, and then the company might receive the same amount in the future from the related entity.  The result: expenses in the current year and revenue in the subsequent year. Again, we as auditors need to understand the goals and incentives of the company to understand how and why fraud might occur. 

Related Party Disclosures

Even if related party transactions are legitimate, businesses are required to disclose them. The related party disclosure should include the reason the other entity is a related party and the amount of the transactions. 

Financial Statement Fraud

The easiest way to fraudulently report financial activity--at least in my opinion--is to post deceptive journal entries. Those can be created without the use of related parties. For example, an entity might fraudulently debit receivables and credit revenue for $350,000. No revenue is earned but the entry is made anyway. 

The second easiest way—explained in this article—is fraudulent related party transactions. 

Either method can magically create millions in fraudulent revenue. So be on guard as you consider the possibility of transactions outside the normal course of business. 

Make sure you:

  1. Obtain a list of related parties
  2. Review minutes for related party activity
  3. Search records electronically for related party names
  4. Inquire of management and others about related party activity

See AU-C 550 Related Parties for AICPA guidance. 

Fraud prevention
Nov 25

Providing Fraud Prevention Services to Compilation Clients

By Charles Hall | Fraud

This post discusses CPAs providing fraud prevention services to compilation clients. If you haven’t done so in the past, it could be a new revenue stream for your firm. 

Fraud prevention

The Greater Risk for Your Client

How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.

What is the greater risk for your client?

  • Financial statements are misstated or
  • A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business

You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.

I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?

It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.

When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.

Defining Your Compilation Service

Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.

  1. Do you obtain a signed compilation engagement letter?
  2. Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?

These two actions lessen your risk.

If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment. 

Fraud Prevention and Compilation Services 

Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.

Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you don’t have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners

If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.

I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)

In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)

Fraud Prevention Services Create Risk

But doesn’t providing fraud prevention services create additional risks for the CPA?

Yes.

Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say. 

If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.

CPA Independence

Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.

If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look at Definitive Guide to Compilation Engagements

Agree or Disagree?

What do you think about offering fraud prevention services to compilation clients?

You can learn more about white-collar crime here.

1 2 3 10
>