by Rod Smith
While UNC-CH’s systems of internal control have been established and integrated into our policies and procedures, it nevertheless helps to remind people periodically on the essential components of fraud protection and why we have certain procedures in place. Take, for instance, the segregation of duties. Duties within a department should be segregated so that one person does not perform financial transactions for a department from the beginning to the end of a process.
Whoever authorizes the purchase of a transaction should not be the same person who executes the transaction, records the purchase and then provides the sole review and approval of such transaction. Reconciliations should be performed by a person independent of the initial transaction process. For example, one person should not be able to order equipment, enter the transaction into the system, approve the purchase and then reconcile the account. The following story illustrates why this is important.
During an audit planning, while obtaining accounts receivable data, an interesting trend appeared. Collections for delinquent accounts showed huge improvements over previous years – at least in appearance — but it raised a flag. So, it was agreed a surprise audit would be initiated.
Upon arriving at the office, the auditors immediately met with the collection specialist to go over the department’s procedures. They also had a checklist to compare how the department’s process worked in relation to policy. Upon this review, it was discovered that the employees not only conducted the collection efforts, they also received the funds and were responsible for posting the payments to the delinquent accounts/receipting the payments.
It was also discovered that the employees were told that if they could reduce the delinquent accounts by a certain percentage, they would be treated to lottery tickets and bonus pay. With these types of incentives, one would expect morale to be very good, right? The auditors were surprised to find the opposite: the employees were uptight and appeared very nervous. It didn’t take long to find out why: the employees were conducting activities that were clearly against policy, unethical and fraudulent. One employee had over 14 postdated checks hidden in his drawer. Instead of becoming better at collecting outstanding payments, the employees had found a weakness in the controls that allowed them to exploit the department for the bonus funds. Instead of collecting the checks on time, they would simply contact the delinquent account holder and let them know that if they were to bring in a postdated checks for payment or mail them into to the collectors, the collectors would then post them as being ‘received’ and then hold the checks until they could be posted, which ranged from 5-20 days on average. This practice was wrong on so many levels, and it gave investors a false sense of what the financial status was for the business.
Clearly, changes were made, and new controls were put into place. The new collection process was separated into multiple layers. Managers assigned employees to oversee delinquent accounts, payments were then processed by the cashiers and then the managers performed daily cash drawer checks to make sure everything was accurate. In addition, the department instituted a process of scanning the received checks to show the date and the amounts of checks.