The controller of a mid-Atlantic company was recently charged with stealing millions of dollars from her employer since the middle of the last decade. Details of the alleged fraud have emerged and have been documented in numerous press accounts over the last month.
Red Flags and Controls
In reviewing the press coverage, we found the following indicators that might have led to earlier discovery of the scheme or controls that could have been put into place that might have entirely mitigated, or at least limited, the financial loss sustained:
From press accounts, the alleged perpetrator amassed significant holdings in real estate, automobiles, jewelry, clothing, stocks and entertainment memorabilia, among other things. Additionally, she took numerous personal trips to Europe and had interactions with high-profile celebrities.
Significant lifestyle changes can be an indicator that an individual might be supporting his lifestyle through fraud and possibly prompt at least a cursory review into potential fraudulent activity.
Lack of oversight
According to a newspaper article, the controller diverted funds from the payroll bank account to her personal bank accounts.
Generally, disbursements from a payroll account should virtually match independently generated reports from the payroll system. It would be relatively simple to detect such a fraud scheme if a secondary review of payroll account activity had taken place.
The controller falsified company banks statements to cover her tracks and perpetuate her scheme. Best practices dictate that bank statements should be opened and filed by an individual independent of the accounting function to minimize the risk that such activities could take place.
The controller apparently hid her thefts by inflating inventory balances and manipulating other internal records. In order to limit company exposure to this area of the fraud, the controller of a mid-to-large-sized entity should not be actively engaged in the recording of transactions, but should be limited, primarily, to an oversight role in reviewing executed transactions and activity.
The items identified above are not all-encompassing, and even if all of the actions would have been taken by members of the organization, it is still possible that the fraudster could have perpetrated other types of fraud schemes.
Preventative Steps – What Can You Do?
To minimize fraud risks, organizations should consider taking a more proactive and comprehensive approach in preventing and detecting fraud by performing an entity-wide fraud risk assessment.
A fraud risk assessment is a disciplined approach to identify significant fraud risks (i.e., what could go wrong?) by transaction cycle and then compare such risks to the organization’s internal controls in place (if they exist).
To the extent that controls are not in place to reduce identified fraud risks, it is then incumbent upon the organization to put controls in place to reduce the overall level of fraud risk.
Schneider Downs can assist you with your performance of a fraud risk assessment. Contact Joel Rosenthal, Shareholder, or Marc Brdar, Senior Manager, if you would like to discuss how we might be able to assist you with assessing, improving or designing your fraud mitigation program.
© 2012 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.