July 2015
Preventing Sleight of Hand
Creating Manual Journal Entry Controls to
Combat Fraud at Not-for-Profit Organizations
By Stuart J. Miller, CPA, and Jennifer A. Richards, CPA
As accounting rules grow in complexity, manual journal entries are becoming more
frequent at many organizations, particularly at not-for-profit and higher education
institutions. Increased use of manual journal entries can create the potential for asset
misappropriation and financial statement fraud, which includes manipulating liabilities
or expenses, creating fictitious revenues, and overstating assets. According to a
report by the Association of Certified Fraud Examiners Inc., financial statement fraud
is among the most common types of fraud and has the greatest financial impact at an
organization, causing a median loss of $1 million in 2014.1
Without appropriate controls, fraudulent or erroneous manual journal
entries have the potential to damage an institution’s reputation irreparably
and cause financial disaster. From the smallest not-for-profit institution
to a midsize or large university, all exempt organizations should design
controls to prevent and detect fraud and errors in this area.
Rising Reliance on Manual Recording
Manual journal entries are especially prevalent at not-for-profit organizations
because, in general, the information systems at these organizations are less
robust than the systems at for-profit entities. Many not-for-profit institutions
must use manual entries to work around the fact that their systems are
not capable of automating certain processes or complex estimates.
Higher education institutions might use systems that are more complex
than those of their not-for-profit counterparts, but universities’ systems tend
to be older, necessitating that certain calculations be made outside the
systems and then manually recorded. For many institutions, a new enterprise
resource planning application is too costly. With continued pressure on
tuition pricing and expectations for declining enrollment in the coming
years, many universities are not in a position to upgrade their systems.
www.crowehorwath.com
1
Crowe Horwath LLP
Most Frequent Manual Journal Entries
Following are the accounting areas where not-for-profit organizations and higher
education institutions most often use manual journal entries. Leaders of these entities
should be aware of the frequency and type of manual recordings their organizations
use, particularly as they work to create controls to manage risk effectively.
Endowments. Typically, very few institutions have the ability to automate
accounting for their endowments. Due to highly specific accounting
requirements for investment income on endowments, many organizations
track these funds on spreadsheets outside of their information systems.
One potential scenario for fraud could take place at a university that is struggling
operationally. A senior-level accounting employee could be motivated to “borrow”
more money than allowed out of restricted funds from the endowment to cover costs
of operations. Accounting for an endowment is an area of specialization – not every
accounting team member will have knowledge of the associated requirements. This
complexity could leave fraudulent activity unnoticed for a long period of time.
Investments. Recording fair value adjustments on investments is a manual process
for most institutions. This information typically originates from an outside adviser
or brokerage firm, making its automation into the general ledger difficult. Without
strong control over custody of investments and reconciliation of investments’
ending balances to the general ledger, the ledger could be adjusted improperly.
Allocation of expenses. By assigning an expense to the incorrect department
or account in the general ledger, an employee intent on fraud could cover up
an organization’s spending challenges or simply make spending look lower
than it is. For example, an accounting manager or controller who is aware
that postage expense has declined due to lower usage could reclassify
other expenses that are abnormally high to the postage category, either
to manage the budget or to hide nefarious activity or overspending.
Valuation allowances on pledges and other receivables. Although some
short-term pledges or receivables are collected quickly, multiyear pledges and
any past-due receivables need to be valued at the estimated realizable net value
for financial reporting. Members of management must make a judgment on how
much of a contribution they believe actually will be collected and then determine
an estimate, which typically would need to be a manual entry. Although the
greatest risk here is error, there is also the potential for fraud. Organizations
have been deceived by employees who “estimated” that a donation would
not be collected and then stole the donor’s check to the organization.
Year-end estimates for large construction projects. Many higher education
institutions are faced with renovating aging campuses and constructing
buildings. At the end of the fiscal year, these organizations often need to accrue
for building-related services for which they have not yet received invoices. The
organizations would get an estimate of the cost of the work performed and make a
manual entry into accounts payable. In this scenario, a member of the accounting
2
Not-for-Profit Entities:
Vulnerable to Fraud
Dedicated to having a positive
effect on the world, not-for-profit
and higher education institutions
often earn the trust of current and
potential donors, members of the
board of directors, and the general
public. Yet an employee intent on
deception could take advantage of the
confidence in an institution’s integrity.
Many potential scenarios could
make it possible for an employee
to commit fraud at a not-for-profit
organization or university. For
example, management might feel
compelled to impress donors with an
organization’s fiscal responsibility or
might need to justify that every dollar
spent is furthering the organization’s
mission. This pressure could motivate
an employee to misrepresent the
fiscal health of an organization
to earn greater donor support.
In addition, employees might commit
fraud to augment their compensation.
Perpetrators can use manual journal
entries to hide deceitful disbursements
or other misappropriations.
Fraudulent manual journal entries
can be very difficult to detect at
not-for-profit organizations. With a
focus on accomplishing a mission
rather than generating a profit,
their internal culture often begets
a “do more with less” approach.
Accounting departments at
not-for-profit organizations often
operate with a small staff, and some
team members might not have the
appropriate experience to review
manual journal entries. Fewer
controls among smaller teams can
make it harder to notice errors and
easier to hide fraudulent activity.
Preventing Sleight of Hand:
Creating Manual Journal Entry
Controls to Combat Fraud at
Not-for-Profit Organizations
team potentially could post a journal entry that falsely shows lower-than-actual
construction costs to give the project the appearance of coming in at or below
budget. Alternatively, an accounting staff member who has a relationship with
the construction contractor might post a journal entry showing higher-thanactual costs and then receive a kickback from the vendor for the difference.
Protecting an Organization
With Strong Controls
Many organizations manage manual journal entries by having the CEO, CFO, or
board of directors conduct a review of financial statements. Governing bodies might
have extensive knowledge of an organization’s financials, but a high-level review
might not be sufficient to detect fraud or errors in manual journal entries. Employees
who commit fraud likely will go to great lengths to conceal their activities and
typically will create journal entries designed to blend in and appear as expected.
Given the potential risks and increased use of manual journal entries,
not-for-profit and higher education institutions must implement controls
that are documented and used consistently. Management should consider
incorporating the following safeguards when establishing controls:
■■ Segregate duties. Best practices dictate that a different employee be
responsible for each of the following activities: preparing, reviewing, and
recording each manual journal entry. In practice, that separation of duties
can be difficult for small accounting departments. In such cases, some
organizations mandate that a member of the management team, such as the
head of the human resource department, review manual journal entries.
Employees who commit
fraud will go to great lengths
to conceal their activities,
including creating journal
entries designed to blend in
and appear as expected.
Segregating duties also can place an onerous burden on a small organization’s
CFO, who often is tasked with reviewing every manual journal entry. To
save time, the CFO could review all manual entries at month-end.
■■ Establish a standard format for manual journal entries. Standardizing
the process will allow for easier review and detection of missing or
incorrect information. Each manual journal entry should include:
An entry description
Support for the entry
Electronic or handwritten signatures of the preparer and reviewer
Dates when the entry was prepared, reviewed, and recorded
■■ Routinely reconcile all major accounts. Although best practice is to reconcile
accounts monthly, more subjective estimates might be reconciled on a quarterly
basis. Timely closing of the books can serve as an excellent detective tool;
the less time that passes between manual recordings and reconciliation
of accounts, the more likely the reviewer will be to notice irregularities
and remember the unique circumstances surrounding each entry.
www.crowehorwath.com
3
Contact Information
Stuart Miller is a partner with
Crowe Horwath LLP.
He can be reached at +1 312 899 5495
or [email protected].
Jennifer Richards is with Crowe
and can be reached at +1 630 586 5256
or [email protected].
■■ Limit access to the general ledger. Entries should be prepared by employees who
have adequate knowledge to do so. For example, accountants should not prepare
an endowment-related manual journal entry if that is not their area of expertise.
The list of people who have access to the general ledger should be reviewed
periodically to make certain that those who have access should continue to have it.
Ideally, access to the general ledger should not be given to anyone who:
Handles cash
Prepares the bank reconciliation
Prepares or signs checks
1
“Report to the Nations on Occupational Fraud and
Abuse: 2014 Global Fraud Study,” Association of
Certified Fraud Examiners, http://www.acfe.com/
rttn-conclusions-2014.aspx
Handles accounts receivable
Processes payable invoices
Processes payroll
Processes electronic fund transfers
■■ Automate as much as possible. Often, organizations become accustomed to
working around their existing systems; however, some manual entries might be able
to be automated. Furthermore, solutions exist that can assist with automating the
workflow of manual journal entries and can generate a report that will help identify
irregularities in those entries. This topic should be explored with an organization’s
information systems vendor and IT team, as increased automation could result in
decreased risk associated with manual journal entries.
■■ Create a culture that encourages discussion. Employees responsible for reviewing
manual journal entries must make certain that they understand the entries. Asking
questions can be a critical part of the process, so employees should be encouraged
to engage one another in discussion to clarify any uncertainty about an entry.
Plan Now to Deter Fraud
Strong controls are an organization’s best line of defense against fraudulent
and erroneous manual journal entries. To adequately protect their reputation
and financial longevity, not-for-profit and higher education institutions
should not delay considering how they use manual journal entries and
putting processes in place to protect their organization from risk.
www.crowehorwath.com
Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate and independent legal entity.
Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any other member of Crowe Horwath International and specifically
disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or any other Crowe Horwath International member. Accountancy services in Kansas and North
Carolina are rendered by Crowe Chizek LLP, which is not a member of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or
legal advice. Please seek guidance specific to your organization from qualified advisers in your jurisdiction. © 2015 Crowe Horwath LLP
PSS15904