Tag Archives for " Internal Auditing "

Livescribe
Jun 26

Livescribe: Note Taking Magic (for CPAs)

By Charles Hall | Accounting and Auditing , Technology

Livescribe: Note taking magic. Here’s an overview of how auditors are making their lives easier using the Livescribe pen.

Have you ever interviewed a client, feverishly taking notes, and straight away forgot critical facts? You wish you had a recording of the conversation. Better yet, you wish you could touch a particular word in your notes and hear the words that were being spoken at that moment. What if I told you, “you can”?

Livescribe: Note taking magic

How? Livescribe.

Think about what you could record with such a tool:

  • CPE class lectures
  • Walkthroughs of transaction cycles
  • Board or committee or partnership meetings
  • Fraud interviews

Livescribe: Note Taking Magic

What is Livescribe? It’s an electronic pen/recorder. As you write on special coded paper, you simultaneously record the conversation (the recorder is built into the pen). Once done, you touch a particular letter in a word (with the tip of your pen) and you hear–from the pen–the words spoken at that moment. No more forgetting and not being able to retrieve what was said. And it’s efficient since you can go to any particular part of the conversation using your notes as signposts.

To start a recording, you press the tip of the pen to the “record” icon at the bottom of the page.

IMG_0002

To stop the recording you press the “stop” icon above.

Once the recording is complete, you simply touch the tip of the pen to any letter and the audio recording will start playing–from the pen–at that point.

IMG_0004

You can upload the pen notes and the audio to your computer desktop Livescribe software using a USB cord that connects to the pen. (See below.)

IMG_0003

You can also play back notes from your uploaded desktop copy just as you can with your pen. Click a letter with your mouse and the recording will play.

I was surprised by the clarity of the sound from the pen and the audio capacity200 hours (for the Echo version that you see below).

There are different versions of the pen. I bought the Echo version due to the lower price. You can review the available pens on Amazon. I also bought additional Livescribe notebooks (they come in packs of four) and a portfolio (binder) to hold the notebook and pen.

My Experience with Livescribe

I have used a Livescribe pen for four years. After using to it to record hundreds of hours of audio, I consider my Livescribe pen to be one of my best audit tools. I recommend it.

What if you don’t desire to shell out the $155 for the pen? Consider using the Notability app. 

Another Option 

If you have an iPad, you can buy the Notability app for $9.99 and record conversations with your notes (with play-back similar to Livescribe). You will need a stylus (I use an Apple pen) to take notes since you write on your iPad screen. See my article about using Notability.

One More Thought

If you are performing a walkthrough of a complex transaction cycle, consider using your phone to take pictures of what you are seeing (e.g., computer screens, documents). I use the Scanbot app. Between your notes (with audio) and your pictures, you will have a good understanding of what you have seen and heard.

You might also be interested in my article Four Keys to Better Client Interviews.

Steal Like a Boss
Jun 18

Steal Like a Boss (and Feel Good About It)

By Charles Hall | Fraud

Can you steal like a boss? White collar crime takes special skills and thoughts. Do you have what it takes? Here’s my tongue-in-cheek look at how I would steal.

Steal Like a Boss

 

Six Steps to Steal Like a Boss

To steal, I need to:

  1. Be Believable
  2. Have a Cause
  3. Calm My Conscience
  4. Develop My Plan
  5. Execute My Plan
  6. If Caught, Settle Out of Court

1. Be Believable

Look trustworthy. The more age, experience, and education I have, the better. The longer I work for the organization, the more I am trusted.

And while I’m at it, I’ll do what I can to move to positions of higher authority which will provide me with greater opportunities. Being in authority enables me to steal like a boss.

If possible, I will gain the ability to authorize or initiate purchases. Kickbacks (paid to those who authorize payments) are difficult to detect, even by professional fraud examiners, and the dollars can be significant. Like taking candy from a baby.

But before I steal, I need motivation. 

2. Have a Cause

Any financial pressure will do–a gambling or drug habit, an affair, medical bills, or maybe I just want to appear more successful than I am. If I don’t have a need, I will create one. I am my own cause.

My unshareable need (cause) must not be known by others lest they suspect my need for cash. 

One problem I must take care of before I steal is my conscience.

3. Calm My Conscience

I hate when that little voice starts talking: “Charles, you can’t do this. You’ll embarrass your wife.” It takes skill and fortitude, but I must calm my conscience. All the more reason to have a cause (see point 2.). The nobler I can make my reasons, the better. Something like, “I’ve earned this. The company should realize my greatness and provide me with appropriate compensation. I have three kids in college, and they need my support. You know I want to be a good provider for my family.”

I may need to start stealing borrowing or compensating myself in small amounts and then build up. Such wise reasoning will make it easier to calm my conscience.

Thinking correctly is important. When that little voice speaks, I will rephrase the words. I know I can. After all, I’ve done so for years.

Now I need to develop a plan.

4. Develop My Plan

I will pay attention to control weaknesses.

Our auditors have told us for years that we lack appropriate segregation of duties in regard to purchasing. Opportunity awaits.

If I am going to steal be compensated appropriately, I need to make it worth my while. Be bold. Think big. I have noticed that one of our key vendors has been very kind to me, a free week-long trip to Vegas for the last three years.

A key contract renewal is coming up. The vendor should be more generous to me. Besides, last year the CFO received a nicer trip than I did (two weeks in Austria). And bribes gifts don’t hurt anyone; the vendor pays for them (though I have noticed the vendor’s pricing seems to be increasing…actually, exploding).

It’s game time. I need to “just do it.” But how?

5. Execute My Plan

Take I must compensate myself in a steady under-the-radar kind of way. Most folks get greedy. I must be diligent to work in a measured way, not taking receiving noticeable amounts. Greed is my enemy. Excess might land me on the front page of the paper.

Also, I think I can steal borrow money from the receipts cycle since I am in charge of daily deposits and all related accounting duties. This might cost me my vacation though. I need to be on the job to continue to hide perform my duties. But if the funds taken compensation is enough, it might be worth it.

But what if my actions become known to others?

6. If I Get Caught, Settle Out of Court

If I am discovered someone notices that I have borrowed funds, then I may have to beg for forgiveness and promise to pay it back. And, of course, I need to make sure the company understands my concern for its reputation. News like this does not support the company’s mission statement: Honesty and Compassion for Those We Serve.

I don’t need a criminal record, especially if I need to steal borrow funds from my next employer. It is comforting to know that in many cases companies don’t prosecute for fear of public embarrassment. 

More Fraud Information

You’ll find more information about fraud prevention in my book: The Little Book of Local Government Fraud Prevention.

See my series of fraud articles at White Collar Crime is Knocking at Your Door.

How to steal money with altered check payees
May 18

How to Steal Money with Altered Check Payees

By Charles Hall | Asset Misappropriation

Some fraudsters steal money with altered check payees.

As a kid I once threw a match in a half-gallon of gasoline—just to see what would happen. I quickly found out. In a panic, I kicked the gas container—a plastic milk jug—several times, thinking this would somehow kill the fire. But just the opposite happened. And when my father found out, something else was on fire.

Some accounting weaknesses create unintended consequences. Show me an accounting clerk who (1) can sign checks (whether by hand, with a signature stamp, or with a computer-generated signature), (2) posts transactions to the accounting system, and (3) reconciles the bank account, and I will show you another combustible situation. Here’s how one city clerk created her own blaze.

Altered Check Example

Using the city’s signature stamp, the clerk signed handwritten checks made out to herself; however, when the payee name was entered into the general ledger (with a journal entry), another name was used—usually that of a legitimate vendor.

How to steal money with altered check payees

For example, Susie, the clerk, created manual checks made out to herself and signed them with the signature stamp. But the check payee was entered into the accounting system as Macon Hardware (for example). Also, she allocated the disbursements to accounts with sufficient remaining budgetary balances. The subterfuge worked as the expense accounts reflected appropriate vendor activity and expenses stayed within the budgetary appropriations. No red flags.

The accounting clerk, when confronted with evidence of her deception, responded, “I don’t know why I did it, I didn’t need the money.” We do a disservice to accounting employees when we make it so easy to steal. Given human nature, we should do what we can to limit the temptation.

How?

Controls to Lessen Check Fraud

First, if possible, segregate the disbursement duties so that only one person performs each of the following:

• Creating checks
• Signing checks
• Reconciling bank statements
• Entering checks into the general ledger

If you can’t segregate duties, have someone (the Mayor, a non-accounting employee, or an outside CPA) review cleared checks for appropriateness.

Secondly, have a second person approve all journal entries. False journal entries can used to hide theft. With sleight of hand, the city clerk made improper journal entries such as:

                                                Dr.                 Cr.

Supply Expense              $5,234

Cash                                                        $5,234

 

The check was made out to Susie, but the transaction was, in this example, coded as a supply expense paid to Macon Hardware. You can lessen the risk of fraud by preventing improper journal entries.

Thirdly, restrict access to check stock. It’s wise to keep blank check stock locked up until needed.

Finally, limit who can sign checks, and deep-six the signature stamp.

A Fraud Test for Auditors

Here’s a word to external auditors looking for a fraud test idea (or those just looking for check fraud): Consider testing a random sample of cleared checks by agreeing them to related invoices.

Work from the cleared check to the invoice. It is best for the auditor to pull the invoices from the invoice file; if you ask someone in accounting to pull the invoices, that person might create fictitious invoices to support your list (not hard to do these days). If the payee has been altered, you will, in many cases, not find a corresponding invoice. Pay particular attention to checks with company employees on the payee line.

Click here for more white-collar crime examples.

Jul 21

Red Flags of Governmental Fraud

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Do you know the red flags of governmental fraud? Today I tell you what they are.

Fraud is detected by tips more than any other way–over 40% in the most recent Association of Certified Fraud Examiners’ survey. And many of those tips came from employees who knew the signs of fraud.

How can governments make employees aware of fraud signals? Education.

red flags of governmental fraud

Picture is courtesy of DollarPhotoClub.com

Would your employees recognize fraud if it were occurring? Some red flags are obvious. Others are not. Here are some sample governmental fraud red flags:

External Red Flags

  • Unexplained increases in the wealth of an accounting employee or elected official
  • Employee personal problems such as a divorce, substance abuse, financial difficulties, legal problems
  • Employee living beyond his or her means
  • Unusually close employee association with a vendor

Cash Receipts and Billing Red Flags

  • Taxpayer complaints concerning nonpayment notices (even though payment has been made)
  • A pattern of customer complaints in the utility billing and collection process
  • Substantial write-offs of receivables without support
  • Unexplained decreases in revenues
  • A pattern of missing receipt forms

Disbursements and Purchasing Red Flags

  • Altered or incomplete supporting documentation for disbursements
  • Purchasing party (e.g., department head) picking up processed vendor checks rather than accounts payable personnel mailing them
  • Unexplained increases in expenses
  • Excessive expenses when compared to the budget
  • Vendors without physical addresses

Payroll Red Flags

  • Employees with no or little payroll deductions
  • Excessive overtime expenses
  • Excessive payroll expenses when compared to the budget

Capital Assets Red Flags

  • Winning bid appears too high; all contractors submit consistently high bids
  • Qualified construction contractors not submitting bids
  • Reports of missing capital assets
  • A lack of accountability for capital assets

General Red Flags

  • A refusal by accounting personnel to take vacations
  • Unwillingness to share accounting duties
  • Employee irritability or defensiveness
  • Complaints about inadequate employee pay
  • A lack of transparency in accounting
  • Rumors of unethical conduct
  • A history of corruption in the government
  • Financial decisions made by one person with little or no accountability
  • Undocumented journal entries
  • Untimely bank reconciliations
  • Inexperienced or lax accounting personnel
  • Missing accounting records

Just because a red flag exists does not mean that fraud has occurred, but it’s still important to know the signs. Often where there’s smoke, there’s fire. Teaching employees the signals of fraud can save your government a great deal of money.

Dec 12

The New COSO Framework

By Charles Hall | Accounting and Auditing , Fraud , Local Governments

Rita Crundwell, the former comptroller for Dixon, Illinois, stole over $53 million from a city of 16,000 people with an annual budget of $6 to $8 million. In the early 1990s, she opened a secret bank account in the name of the city and began transferring funds (disguised as payments to the Illinois DOT). The monies (in the secret account) were used by Rita to fund one of the nicest quarter horse ranches in the world.

The theft was simple. The damage was massive.

COSO Framework

Picture courtesy of DollarPhoto.com

Losses from fraud and other risks can happen to any organization that lacks sufficient internal controls. Therefore, it’s imperative that your business, government, or nonprofit create a sound working internal control system.

Why COSO?

Prior to 1992 (the year COSO’s internal control framework came into existence), internal control guidance was sparse. Accountants knew that controls were needed, but many had no model to follow.

COSO to the Rescue

The Committee of Sponsoring Organizations (COSO), consisting of five organizations, such as the AICPA, came together to develop an internal control framework that accountants could use in any organization. Those standards have served well over the last twenty years, but with many changes in technology (e.g., cloud computing), the uptick in laws and regulations (e.g., Sarbanes Oxley), the increase in outsourcing (e.g., payroll), and the higher incidence of fraud, it became apparent that the framework needed amendments. So the COSO did just that, releasing the updated framework in May 2013; the effective date of the guidance is December 15, 2014.

The Hip Bone Connected to the Leg Bone

COSO added greater definition and guidance in regard to the five internal control components created back in 1992:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

As the 1992 framework states, these five components should be holistically integrated to create a healthy and safe control environment for business, nonprofits, and other organizations.

And what does this integration look like?

Every entity needs ethical leadership (the control environment). Those leaders identify key risk areas, usually in terms of likelihood and dollar impact. Once the risk areas are known, controls are designed and implemented (control activities) to ensure the creation of financial information (information and communication). Lastly, the organization monitors the system to ensure that it all works as planned (monitoring).

Most auditors (and those who design internal controls) usually emphasize the control activities component. The reason? Audit opinions relate to financial statements and deficiencies in control activities often allow misstatements to occur. The result? The reporting of significant deficiencies and material weaknesses. As auditors issue control deficiency letters, they tend to focus on control activities, though those communications can and should address deficiencies in the other four internal control components.

What changed in the new COSO framework?

Key changes in the 2013 framework include:

  • The addition of 17 principles (each related to one of the five control components listed above)
  • The addition of points of focus (each applicable to one of the 17 principles)
  • An increased focus on fraud
  • An increased focus on governance
  • An increased focus on information technology
  • An increased focus on compliance with laws and regulations

Why should I care about these changes?

Think of the COSO framework as the fountainhead of all that is good in internal control land. And once COSO speaks, other important bodies (e.g., the AICPA Auditing Standards Board) listen and absorb what is published. Remember SAS 109, Understanding the Entity and Its Control Environment, issued in 2006? Guess where the five control components (control environment, risk assessment, control activities, information and communication, and monitoring) came from? Don’t be surprised if you see the 17 new COSO principles–and possibly the points of interest–embedded in future audit standards.

In any event, the new COSO guidance is a great place for any business or organization to develop a control system that identifies and mitigates risks.

Then disasters–like the one in Dixon, Illinois–can be avoided.

Deeper Dive

If you are interested in more information about the new COSO guidance, consider purchasing the book Executive’s Guide to COSO Internal Controls by Robert Moeller. Mr. Moeller provides a nice summary of the framework along with implementation steps.

You can buy the COSO Framework here.

>