Bank Reconciliation Process

Dealing With Outsiders' Threats (Part 4)

Fraud's Finer Points  
One of the oldest home-improvement companies in Washington had bad news for its 210 employees: they wouldn't be receiving holiday bonuses. The owner discovered that an accountant had embezzled $1.2 million in five years by issuing unauthorized checks to himself from the company's bank account, and the firm was now short on cash. 
The accountant had spent most of the funds supporting an openly lavish lifestyle, which eventually gave him away and led to his conviction. He used the ill-gotten money to woo his second wife and to buy audio and video equipment including an expensive stereo system, thousands of CDs, and hundreds of DVDs. The accountant took most of the money after the business owner's wife was killed in an automobile accident and the owner was distracted. The accountant was later sentenced to 33 months in federal prison for bank fraud. The court also required him to spend five years on probation and to pay back the money to the company.
In prior columns, I discussed the importance of business owners promptly and properly performing monthly bank reconciliations. The owners obviously know the most about their organizations and are in the best position to know if checks are for legitimate business purposes. However, owners are often too busy to stop and consider the risk of fraud by trusted insiders, so they don't implement the appropriate internal controls in the disbursement system. Sadly, and much like the case cited above, the resulting frauds can bankrupt or destroy businesses while distracted owners watch in utter dismay. Sometimes unprosecuted insiders slither off to other unsuspecting employers to wreak havoc again.  
In this column, we'll explore how business owners can find ways to keep tabs on key employees who hold the highest risk for fraud -- bank account custodians -- to detect the issuance of unauthorized checks.  
"Trust but verify" is the overarching internal control principle that helps deter fraud. Organizations of all sizes blindly trust key employees who have almost complete control over disbursement systems. Managers expect them to complete assignments but then fail to monitor their work and ensure the organization's expectations are met. 
An independent bank reconciler should verify if a trusted employee is boldly paying personal bills and credit card accounts with organization funds. This fraudster often uses valid business names as vendors, but the irregular transactions never have official business purposes. After the checks have been issued, the employee simply mails them with personal billing statements to his or her creditors. The creditors rarely, if ever, question the source of funds for these payments.  
Commonly, a corrupt employee will also issue checks payable to "cash," and to the name of a financial institution to purchase money orders or cashier's checks or will leave the payee line blank on the check. The employee might also simply pay himself more than the authorized amount.  
The fraudster also could enter the name of a false vendor into the organization's vendor file, which would compromise the internal controls in the disbursement system. After this step, the accounts payable staff will routinely accept all subsequent payments to this vendor.  
As a variation of the last condition cited above, the corrupt employee could also abuse the "pseudo-vendor code" process used in large organizations for one-time payments. These override codes bypass internal controls that help ensure the organization deals only with reputable businesses. Therefore, the organization must prepare a daily computer exception report listing the universe of these high-risk transactions. Managers should review the report to ensure the override transactions are authorized, approved, and properly supported. They should also promptly investigate all irregular transactions.  
Crooked employees deposit many of these irregular checks in their personal bank accounts to conveniently gain immediate access to the money, but they first have to alter some of them.  
For example, an employee might alter the payee line by adding her name on the face of the check and then endorse it using only her signature. (The bank usually shares some of the loss on these transactions because the organization's name was omitted from the check endorsement.)  
The employee could also falsify a check endorsement by listing the vendor's name on the back of the check, followed by a "pay to his/her name" entry, and then endorsing the check with his or her signature. (The bank doesn't always share any of the losses on these transactions because this is a common type of check endorsement.) 
Managers don't often feel it's necessary to closely monitor the work of key employees in the disbursement system. Fraud is hard work, and most devious employees won't try to conceal their crimes if they think internal controls are lax and that they can get away with it. They simply don't prepare any supporting documents for unauthorized disbursements. Thus when fraud occurs, fraud examiners find no supporting documents on file within the organization. 
But if managers are occasionally watching, employees might have to create false documents to support their irregular transactions when committing fraud. That takes more dedication than some employees might be willing to spare, which is why adding such a simple control, such as a review of redeemed checks by the business owner, makes an effective deterrent. 

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.