IIA Central Kentucky Chapter
Audit Trails
Chapter Officers
President
Lisa Watkins
University of Kentucky
(859) 257-9734
Executive Vice
President
Jamey Reynolds
Deloitte & Touche
(513) 784-7264
Vice President
Richard Pena
Ashland Inc.
(859) 357-7007
Treasurer
Todd Coleman
Kentucky Retirement
Systems
(502) 696-8453
Secretary
Laura Barthel
Tempur-Pedic Int.
(859) 514-4693
Avoiding a Common Fraud
Volume 25
Issue 4
April 2008
Tom Crouch, CPA, CIA, CISA, Attorney
Money stolen from a bank account is a very common fraud. This usually happens in small organizations. These include
small businesses, non-profit groups, churches, scout groups, and clubs. In most of these situations, a minimum level of
controls would have greatly reduced the fraud risks. Adequate controls protect innocent people from suspicion of
wrongdoing, which protects their reputation.
The individuals who perpetrate these frauds usually have been given a high degree of control over bank account duties.
The perpetrators are usually people who are trusted by those with management responsibilities over the bank account.
The people who commit these frauds are often among the most trusted people in these organizations. Auditors often say
“trust, but verify.” If people with management responsibilities and adequate staff use the “trust, but verify” approach,
they can avoid many frauds. ((Continued
Continued on page 2)
Chief Audit Executive Roundtable
Join a group of Central Kentucky IIA Chapter CAEs as they discuss some of their most helpful and informative audits.
Moderator: Johnny Cagle, Tempur-Pedic International, Inc.
Participants: Dave Osborne, Internal Audit Director, Ashland Oil;
Heather Barger, Kentucky Bank; Joseph Reed, University of Kentucky,
and Bruce Sahli, Lexington-Fayette Urban County Government.
Date: Tuesday, April 8, 2008
Time: 11 AM to 2 PM
Place: Doubletree Hotel – 2601 Richmond Rd, Lexington
CPE Credits Offered: 2 CPE credits
Cost: $25 for members, $30 for non-members (includes lunch).
RSVP: Rebe Conley at [email protected] (no later than April 4th).
[Next]
Audit Trails
Avoiding a Common Fraud
April 2008
(From page 1)
The key bank account duties include:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Maintaining custody of blank checks;
Preparing checks to be signed by an authorized check signer;
Reviewing and signing checks;
Matching the invoice or other supporting documentation to the check being issued;
Issuing the checks whether in person or by mail;
Preparing deposit slips and making deposits;
Matching supporting documentation to the deposit slip;
Posting the deposits, the checks issued, and the other transactions to a check register;
Receiving and reconciling the monthly bank statement (this should include comparing each check payee and amount to source documents
and/or the check register); and
10. Reviewing the bank reconciliation to ensure that it is consistent with the check register and other accounting records.
When one person handles all of these key bank account duties, there is a high risk of fraud. A way to reduce fraud risk is to have each duty
performed by a different person or group of people, but this is usually only feasible in large organizations. If these duties can be separated
among two or more people, the fraud risk drops. When two signatures are required on checks, or at least checks over a threshold level (such as
over $500), the fraud risk is only slightly lower, because banks rarely review check signatures, due to check processing automation. Another
risk reduction technique is to have other people randomly perform these duties once every six months, or at least once a year. Bank employees
are required to have a 2-week vacation or a 2-week separation of duties.
The most critical duties to separate are those related to receiving the bank statement, reconciling the bank statement, and approving or verifying
the reconciliation (#9 and #10 above). If the person who handles the reconciliation duties (#9 and #10) is different from the person who handles
the other duties (#1 through #8), fraud risk can be reduced to an acceptable level.
Money stolen from a bank account is a common fraud. These frauds can be avoided by separating and rotating the bank account duties.
Copyright © 2006 by Tom Crouch. Tom has 30 years of financial and IT audit experience. He has an accounting degree, a Juris Doctor, and an
associate degree in Computer Science. During the late 1990s, he contributed to both the IIA and ISACA websites. Tom was a Central Kentucky
IIA Chapter member during the early years of the chapter and currently does financial audits. You can find more articles by Tom on AuditNet.
This article may be forwarded via e-mail or fax so long as the copyright is shown. This article may be reprinted or placed on a web site so long
as the copyright is shown. All other rights are reserved.
[Previous] [Next]
-2-
Audit Trails
April 2008
Something can be better than nothing
Will Keenan, CIA
In 1989 I supervised an internal audit of a service business in Spain. Originally headquartered in Barcelona, the company had
transferred its head office to Madrid eight years earlier. As business was expanding, a new Finance Director had been hired in
Madrid. The Accounting Department remained in Barcelona, however, because the computer center was there and the company
didn’t want to incur the expense of moving it. (Remember, this was 20 years ago and transplanting an IBM System 36 was more
complicated than packing up today’s System i.) More importantly, the Chief Accountant, who had been with the firm since its
inception, was three years from retirement and had no interest to relocate.
Preparing for the exit conference, the lead auditor said that he wanted to recommend relocating the Accounting Department to Madrid, a
recommendation that the Finance Director had been lobbying for over the past two weeks. When asked why he wanted to make this
recommendation, the lead auditor replied with a hint of annoyance, “It’s obvious!” Our permanent files contained the reports from the previous
two audits, conducted three and five years earlier, before I had joined the company. Both reports recommended relocating Accounting to Madrid
and in both replies the Managing Director argued that due to cost and personnel considerations, they did not agree with the recommendation.
Against this background, I asked what new elements had the audit identified that would make the recommendation compelling this time than in
the previous audits. Annoyance slipped into anger as the lead auditor invoked his professional judgment as justification. Hoping to avoid a
confrontation–especially since the lead was bigger than me–I asked what was the point of repeating a recommendation that had already been
rejected twice. Maybe it would be best if Accounting was located at the head office, but if we cannot have best, how can we have better?
In this company, as in many service firms, payroll was the largest expense item, about 65% of total expenses. Rather than relocating the
Accounting Department, we recommended transferring payroll processing to Madrid, where it could be run on a personal computer using an
off-the-shelf software package. This gave the Finance Director direct control over most of the expenses and provided a first step towards
transferring Accounting to the head office, which would be easier when the Chief Accountant retired and the S/36 gave up the ghost. The
Managing Director accepted the recommendation, the Finance Director was satisfied, and there were smiles all around, although the lead
auditor’s expression was more like a sheepish grin.
Internal Audit job opportunities
Robert Half Finance & Accounting
Job Title
Salary
Posted
Location
Industry
Reference
Contact
Senior Auditor
$60-100K
03/14/08
Lexington
Banking / Financial
01710-102639
[email protected]
Internal Controls Analyst
$65-80K
03/22/08
Chicago
Services
01300-117406
[email protected]
Sr. Internal Audit
$80-85K
03/21/08
Atlanta
Manufacturing
00900-110099
[email protected]
Section criteria: Job types: Audit Manager, Auditor-Internal.
[Previous] [Next]
-3-
Audit Trails
April 2008
Who’s who at the CAE Roundtable…?
Johnny Cagle has been Director of Internal Audit at Tempur-Pedic International, Inc. for the past five years and worked previously at
Intergraph Corporation. He is an MBA and a BS in Accounting and is currently writing a book on “The Elements of Control”.
Joe Reed, Senior Audit Director, University of Kentucky, has a BS in Mechanical Engineering and an MBA from the University of New Haven.
He joined the UK Internal Audit staff in March of 2004
Heather Barger is Vice President and Director of Risk Management at Kentucky Bank. Heather has 14 years of banking experience and a
Bachelor of Science in Finance with minors in Economics and Organizational Communication from Georgetown College.
Bruce Sahli, Director of Internal Audit for the Lexington-Fayette Urban County Government (LFUCG). He is a CIA with an MBA from the
University of Kentucky
Dave Osborne, Director of Internal Audit, Ashland Oil, has 26 years experience with internal audit at Ashland. He has an MBA from the
University of Cincinnati and is a CIA. During the past four years he has been leading Ashland’s SOX testing effort.
[Back]
-4-