Financial Fraud – Topple the Triangle by Eliminating Opportunities (Part 1)
By John E. Shields, CPA, CFE
Fraud of any kind can occur if three conditions exist: pressure, rationalization and opportunity, commonly known as the Fraud Triangle. Pressure and rationalization are often impacted by factors specific to the fraudster, which are outside of the Organization’s influence. To mitigate fraud, an Organization must therefore focus on, and eliminate, opportunities for fraud to occur by establishing strong controls. But, what does that mean?
In this multi-part series, we will review examples of internal procedures, identify fraud opportunities, and consider strategies to eliminate fraud opportunities. Let’s begin with cash receipts.
Mr. Liability is the trusted office manager who handles all of the finances and has been with the Organization for many years. Mr. Liability obtains any customer payments made through the mail, matches them to customer accounts and takes the funds to the bank. Mr. Liability returns with a deposit slip and adds deposit information manually to an internal spreadsheet. Electronic payments are received into a holding account until processed. Once processed, the funds are transferred to the Organization’s operating account. The holding account is reviewed by Mr. Liability, reconciled to customer accounts, and added to the spreadsheet. Mr. Liability generates monthly customer statements and sends them to the customer. If customers call to discuss their balances, the receptionist forwards the call to Mr. Liability. To increase efficiency, the owner meets with Mr. Liability weekly to review the clean and user-friendly internal spreadsheet and to address any long-outstanding customer balances. The meetings are always efficient as the owner is always satisfied with the strong cash balance and the minimal amount of delinquent customer account balances.
- Long-time employees are typically trustworthy. Greater trust typically means more responsibility and more control. Mr. Liability operates in an environment where he can perhaps bend the rules and circumvent enforcement of official policies because he is trustworthy and perhaps for the sake of efficiency. Mr. Liability works in an environment free of detailed oversight, and ripe with fraud opportunities.
- Mr. Liability alone has custody of payments and alone reconciles the payments to customer accounts. Without another person involved in the reconciliation process, no one would know what was actually received and could not stop Mr. Liability from “skimming” or pocketing payments from customers. Because Mr. Liability has control over internal records of customer accounts, he has the ability to transfer payments between customers to satisfy overdue balance notices and hide stolen funds. This is known as “lapping.”
- To complete the theft, Mr. Liability, who runs the funds to the bank, could deposit client payments into a separate account, since no one else would know what funds were actually received in the mail.
- Spreadsheets are helpful in presenting information effectively, but they can be easily manipulated. Liability can simply hide stolen funds from the owner by altering balances or excluding stolen funds from the spreadsheet entirely.
- Having control of customer statements and custody of customer payments is a dangerous combination. Mr. Liability can hide his thefts by altering customer statement balances at will. If customer questions arise, Mr. Liability would have the means to ‘address’ any concerns independently without anyone else knowing.
- Even with strong internal policies and controls, Organizations should always have a “trust but verify” attitude, even with highly trusted employees. The perception of being caught is often the strongest control. If you integrate this into the Organization’s identity by applying it to everyone, the employees will oblige rather than resist.
- Have another existing employee check the mail for customer payments alongside of the typical employee and have that employee verify that payments received are applied to the correct customer accounts alongside of the typical employee. For online giving, have a manager or accountant review the transaction history for any signs of unusual activity. Consider rotating these responsibilities among different employees to prevent collusion.
- Require a receipt log or similar document be completed right after opening the mail to reduce the window of opportunity for potential illicit activity. Require that the completed log accompany the bank deposit and review for differences.
- Always reconcile cash transactions using a bank statement instead of an internally generated document. The bank statement is an independent verification of what cash activity actually occurred which can be used to identify any illicit activity by showing what was or was not deposited. The reconciliation of cash receipts should be done by someone other than the person receiving customer payments.
- Have customer statements sent electronically or mailed from a different department other than the person in charge of cash receipts or customer accounts. Require that customer questions or complaints be handled by someone other than the employee in charge of cash receipts or customer statements. Since customers know when they make payments, making this change will greatly increase the likelihood that missing customer payments are identified in a shorter amount of time.
If this article raises any questions or concerns about your Organization, please contact a professional to assist with your needs.