Tag Archives: controls

Something’s Not Right

306H

When I was just heading into my teenage years, something was not right. Not with me, but with my mother. It was unsettling for me and then miserable. It was difficult enough to be heading into my teenage years but my mother was not helping by being off.

First of all, she began to act out of character. She would come home from work and ask for a glass of water with lots of ice in it. You may not see anything wrong with that, on the face of it, but it was plenty odd because my mother never drank glasses of water with lots of ice in them. And now she wanted a glass every night. To make things even more stressful for us, each glass was closely examined and if it was not perfect – not enough ice, water somehow looked cloudy, the glass was not perfectly polished – one of us kids would have to get a new glass and make sure that it was perfect this time.

Then there was the language. My mom started using new slang. For all I know now, she may have started hanging out with a new lunch buddy and picked up some phrases from this new friend. But, along with the water, this new language mom was freaking me out. It was truly odd. But the breaking point came, for me, one Saturday morning. I was following my mother around the house and she watered and spoke to her many, many plants. This was totally in character so that gave me some comfort and was likely the reason why I was hanging about with her that morning. Then I noticed that her dress didn’t quite fit. It was tight on my mom and that was, once again, out of character for her. What was going on?

That thought was still with me as I spent time alone that afternoon. What was going on? Well, after an afternoon of pondering, I had narrowed it down to two options. Either my mother was having an affair or she had been abducted by aliens and they had left an imposter alien in her place. My two options seemed to be the only options that made sense to me at the time – I had friends at school whose parents were going through divorce. Something about our conversations made me think that divorcing parents did not act like themselves. But, if it wasn’t divorce, it could only be aliens. I blame Star Trek for getting me to believe that my mother could be abducted and a poor replica, that wasn’t quite the same size and betrayed itself with its weird speech patterns and love of ice, be left in her place. Both options were devastating for me; either way I was losing my mother and that filled me with despair. I even cried a little that afternoon.

Fortunately for my state of mind, just that week, as though she knew what was going on with me, my mother broke the news. She was pregnant (some may say I was sort of right about the alien in her body). What a relief!

It turns out that, despite all the clues that I noticed, I came to a completely wrong conclusion about what was causing the changes in my mother. Fortunately all my wrong conclusions led to was an afternoon of sadness and tears. In the work place, the consequences of taking data, red flags and other clues to incorrect conclusions can be far more costly. A classic example is that of Rita Crundwell, who defrauded the city of Dixon of over $53 million. The people who worked with her saw that she had a growing stable of quarter horses and was often traveling far and wide with these horses. They assumed that the horses paid for themselves and more and this was how she could afford to keep them. People in the horse world, who knew that horses cost more than they made, thought that she had some kind of trust fund that paid for her extravagant lifestyle. When Rita would not let anyone do her work, or even collect her mail, they thought she was being a great treasurer who diligently controlled her city’s budget. No one saw all the clues and thought she was embezzling money.

If someone was paying attention to the clues and knew how to analyze all the red flags that Rita Crundwell left in her wake, her fraud would never have lasted for the two decades that it did. If, for instance, the city had taken on the services of a forensic CPA to analyze, design and implement control systems and to help them with fraud prevention and deterrence, they may not have lost over $53 million to Crundwell.

This is an excellent reminder of how important it is to have a CPA, with experience and qualifications in financial forensics, to analyze and assess your business’s operations and finances to see what clues are there and what those clues really mean. You may notice that things are amiss, but how willing are you to accept how expensive coming to the wrong conclusion can be for you?

Advertisements
Tagged , , , , , , , , , , , ,

Massive Betrayal of Trust

7198648678_7a3c5905d8_b

Photo by Mamnaimie Piotr

On September 8, the Consumer Financial Protection Bureau (CFPB) put out a press release that it was fining Wells Fargo Bank $100 million for secretly opening deposit and credit card accounts, without customer approval. In addition to the CFPB fine, Wells Fargo was fined $35 million by the Office of the Comptroller of the Currency, $50 million by the City and Country of Los Angeles and will have to pay approximately $5 million in restitution to customers. This fraudulent behavior occurred on a massive scale and, based on the CFPB’s investigation, resulted in:

  • Employees opening 1,534,280 unauthorized deposit accounts;
  • Employees submitting applications for 565,443 credit-card accounts, without the knowledge or consent of the people in whose names the applications were made;
  • Employees creating fake email addresses in order to enroll consumers in online-banking services;
  • Employees requesting debit cards for customers, without the customers’ knowledge or consent, and creating PINs to activate these cards.

All of the above has happened only since January 1, 2011. That is about five years in which these shenanigans were going on. During this time, Wells Fargo fired about 5,300 employees but it does not appear that the bank did a lot more than that to change the culture and systems in order to keep these practices from recurring, or that it took any steps to do right by the customers who were affected. To boot, the executive who oversaw the unit where this all happened left without having to pay back any of the almost $125 million that she earned with the bank. To understand why employees engaged in these dishonest practices, it is important to understand how they benefitted.

Wells Fargo is valued at over $250 billion, making it the most valuable bank in United States, by this yardstick. Wells Fargo was also considered to be the king of cross-selling. Cross-selling is a practice where banks sell more than one service to a customer. For instance, say you open a checking account with Wells Fargo. If the person that you open your account with convinces you to then open a savings account, a credit card account and a mortgage, all of that is cross-selling. At Wells Fargo, employees were paid and received bonuses based on the number of different services they were able to sell to customers. At times, employees would have to work unpaid overtime hours in order to reach these goals and would be threatened with losing their jobs if they did not do enough cross-selling. These employees were told to do “whatever it takes” in order to meet sales goals and this turned out to include engaging in the fraudulent behaviors I noted above.

With the pressure to perform in order to increase earnings, through bonuses, or merely keep a job, the retail employees, at least 5,300 of them, found many opportunities to game the system. Controls at Wells Fargo, when it came to ensuring accounts were valid and authorized by customers, appears to have been very lax. For instance:

  • Employees were able to sign up customers for banking services and would use fake email addresses that used wellsfargo.com as the domain name, such as 1234@wellsfargo.com or none@wellsfargo.com. Doesn’t that seem rather brazen? It also seems like a security shortfall on the part of the bank, that the application process wouldn’t flag an email that doesn’t exist in your own system.
  • When employees opened fake deposit accounts, they would fund these accounts by transferring a customers money from an authorized account to the fake account. Sometimes, as a result of the transfer, the authorized account would incur insufficient balance and overdraft fees. Also, the fake accounts would also incur fees and Wells Fargo would withdraw money from the authorized accounts in order to pay these fees.
  • In a similar manner, credit card accounts opened, without the approval or knowledge of customers, would incur annual and other fees. At times, these customers would find that they were in collections and their credit scores had been affected by accounts that they did not even know they had.
  • Some customers actually received credit cards for accounts that they had not authorized. When these customers contacted Wells Fargo to complain about these cards, they were told to simply destroy the cards. Destroying a credit card does not close the credit card account, nor does the shredding of a card do anything as far as the shredding that your credit profile may have taken.
  • In order to meet quarterly goals, employees would hold back applications for account openings. The manual applications, that included sensitive personal information, would be stockpiled in an unsecured manner and the accounts would only be opened in the next sales goal period, in a practice referred to as sandbagging.
  • Wells Fargo also misled customers by telling them that they could not get one service without getting a bundle of other included services. That would be like opening a checking account and being told that you cannot do so unless you open a savings account and get a credit card with the bank.

With how widespread these practices were, it seems that employees were sharing knowledge about how to best bulk up their cross-selling numbers, without actually cross-selling. Also, when customers complained about fees, it is unclear how much of a follow-up there was to discover if what had happened was a mistake or not. Then, when Wells Fargo discovered this behavior and fired an employee, the bank did not take any steps to let the impacted customers know that their information had been used to open accounts in their name and, if applicable, charge them fees. The bank did not go back and refund customers the fees they had been charged, unless the customer raised a stink about them. When I was discussing this case with my husband and explaining how customers were negatively affected, he had a tale of his own. He has a credit card (not Wells Fargo) and the company changed his credit card information, without letting him know. When he sent payment on his account, they accepted the payment, without telling him that the account was closed, and then charged him interest and fees on the balance that had been moved to a new account. He, not the credit card company, had to figure out what had happened and he, not the credit card company had to calculate the monies that needed to be refunded to him and make sure that the company was not just holding money on a nonexistent account but actually crediting it to his account.

As a result of this case, in addition to the fines that Wells Fargo has been ordered to pay, there are steps the bank has been ordered to take in order to improve the culture and strengthen the system so that this kind of behavior can be prevented, detected and corrected in the future. This includes:

  • Employee training to prevent “Improper Sales Practices” and improve integrity at the bank;
  • Creating monitoring processes and policies to effectively deal with customer complaints;
  • Creating systems to ensure that customer approval is received before accounts are opened on their behalf;
  • Revising the basis for how employees are paid and reviewing sales goals to ensure that they are not unrealistic and do not impose unreasonable pressure on employees.

Wells Fargo will continue to be monitored for five years, to make sure that they comply with the CFPB’s consent order.

On your part, with all your accounts, you can check to make sure that they accounts that you have are ones that you have authorized and that transactions made in your name are valid. Some steps that you can take are:

  • Review your credit report on a regular basis to make sure that all accounts listed are ones that you know about. Several financial institutions offer free credit reports to customers. If this is not an option for you, you can visit the Annual Credit Report website. On this website, you are entitled to credit report per year, from each of the three major credit reporting companies. A strategy to employ is to check a report with one agency every four months;
  • Check your bank statements regularly (at least monthly) for any transactions that are incorrect. Even if it is a small amount, look into a transaction. That small amount could be an indication of something bigger;
  • If you receive a card in the mail that you did not apply for it, follow-up on it and make sure that it is cancelled. Then check your credit report again.

On the Wells Fargo website, the Chairman and CEO states that “Everything we do is built on trust.” It seems that many employees have been playing lip service to that value and we know that, even with trust, it is important to verify. Take the time to check in on your finances. There may be mistakes that need fixing and there may also be pressured employees who are trying to get ahead or merely hold onto their jobs by engaging in dishonest practices.

Tagged , , , , , , , , , , , ,

When To Fold ‘Em

Sports-betting

We are a household of sports fans and this tends to be just about the only live television that we watch. Because we can’t fast forward through the commercials during live games, I have watched commercials about daily fantasy sports. A lot of commercials about daily fantasy sports (DFS). It doesn’t matter whether it is DraftKings or FanDuel, as they both seem just about the same. I have heard about how you can win millions, practically for free, and about how easy it all is. I know nothing about fantasy sports, and I have come away mostly irritated by how ubiquitous the advertising is than wanting to try out the daily fantasy sports scene. I also don’t trust them when they tell me that I could win money for nothing and, instead, I wonder how they could claim to give away so much money for nothing and still pay for the many, many ads that are everywhere we look.

Answers came to me at the beginning of October, when a DFS scandal hit the news. As the story went, a DraftKings employee released key information earlier than he should. This information, if known, would give someone a tactical edge when playing fantasy football. The same employee also won $350,000 betting at FanDuel. Even though this doesn’t look good, DraftKings says they are certain that, even with an extra $350,000 in his pocket, their employee did not act improperly – he merely made a mistake. As I read the story, I shook my head in disbelief. I was surprised by several things. First of all, I was surprised to discover that Daily Fantasy Sports betting is not considered to be gambling. Now, I know hardly anything about daily fantasy sports, so it may indeed be a game of skill and not luck. However, especially with terms like “betting” used when talking about it, it sure does look a lot like gambling. That said, interviews that I have seen and read show those who spend a lot of money on DFS referring to it as investing. Nevada recently shut down DraftKings and FanDuel, declaring that DFS is gambling and that the two companies need licences before they can operate in that state. So, in that regard, let’s go with more and more people are agreeing with me on the whole “is it gambling” question.

More surprising, though, was the employee betting. To have a company that runs the betting allow its employees to bet as well smacks of impropriety, regardless of whatever steps the companies claimed they took to keep things on the up and up. Both FanDuel and DraftKings would not let their employees bet with them but those same employees, armed with whatever insider information they might (or might not) have, were able to go to competitor sites and bet there. And bet they did and how surprised are we to find out that the top winners in daily fantasy sports tended to be employees of DraftKings and FanDuel (though never from their own employer, of course).

As I read articles and watched news pieces on what was going on in the Daily Fantasy Sports realm, I kept exclaiming, to anyone within earshot, “who thought this was okay? How could they think it was okay?”

I couldn’t believe that management at this company could look at the set up was acceptable. Maybe they did, or maybe they just thought they could get away with it but it has me wondering about what operation and control policies other entities have in place that either do not protect them and their assets, or even put them at greater risk. Just because you institute a rule, it does not mean that it is a good or useful rule. For instance, DraftKings employees, with all the inside information they potentially had access to, could not place a bet with their employer, DraftKings. However, they could log into FanDuel, their competitor and use their edge when placing bets there. And the policy was mirrored by FanDuel. Looking in from the outside, both companies appeared to be acting unethically, and just about always, perceptions are as powerful as reality. If it looks as though someone is having a $350,000 party with your money, the facts will matter very little to you.

It might feel very managerial to make rules in your organization, but if all they serve to do is fill operations manuals and make you feel good, they are achieving less than nothing. It is worse than not making rules at all because, at least when you don’t have regulations, you have no illusions about whether or not you are protected. On the other hand, creating a free for all entity may make you feel like the cool kid and may even have people clamoring to work for you. However, among those clamoring, it is almost guaranteed, will be those seeing ample opportunity to commit fraud and perhaps lay waste to your business. There are very important reasons why people like me preach setting up your business in ways that prevent and detect fraud and two of these reasons are protecting your assets and protecting your reputation.

Now, FanDuel and DraftKings are finding themselves on the defensive and being given the cold shoulder by entities who do not want to be tainted by the growing scandals. They are being investigated by state and federal authorities, and are now scrambling to clean up an image that would never have been sullied if they had formed their operating and control structures correctly and ethically, in practice and appearance, from the get go. Now they are tripping over themselves, doing things like creating self-regulatory bodies in order to regain the trust of the public. Judging from what I have read, that is not working very well – something that happens when a company has betrayed the public’s trust. Instead these companies are being put under the microscope and their reputation is taking a beating. They are on the defensive now and all of this could have very easily been avoided. If you are running a business, you should ensure that you consult with a qualified professional to avoid issues such as:

  • Conflict of interest in perception and reality;
  • Approaches that compromise your reputation; and
  • Procedures that may cross legal lines.

Spending time and resources doing things property in the first place is less costly, in dollars and reputation, than trying to clean things up after the damage is done. That kind of disaster can be very difficult to come back from. Is it something you are ready to bet on?

Tagged , , , , , , , , ,

While We Are Making Plans

surprise

Because I live in the Northeastern part of the United States, I have become one of those people who lives for the brief summer months. There are only a few brief months of warmth and sunshine (and, often, humidity) in which to have a fun life. There are outdoor shows, there is the beach, there are picnics and that’s just a small sliver of all that needs to be done before the cold and darkness return. In my case, I had also signed up for a half marathon, to be run in the middle of October. Summer was my chance to keep on running and build my endurance and distance. When I run, I run on streets and have to deal with cracks in the sidewalk, people getting in my way and traffic. I am always on the lookout to stay safe and not hurt myself. So, in addition to all the stretching and foam rolling (never enough) that I do in order to prevent injury, on top of all of the careful calibration of distance that I do so that I don’t hurt myself by doing too much too soon, I am also keeping a watchful eye on every step that I take in order to keep myself safe and sound during my run.

Well, on a bright and sunny Sunday morning, at the beginning of August, I stepped out of my apartment building and into the parking lot, armed with a whole lot of recycling to put out. The next thing I knew, I had tripped over something (turned out to be a concrete block) and I was stumbling. The recycling flew out of my hands and the first thought that I had was, “this better not mess with my running”. In an attempt to break my fall, I jammed my leg into the ground and a sharp pain shot up my leg. I crumpled, in my mind, elegantly to the ground. It turns out that for all my measures to protect my body, all it took was taking out the trash in order to fracture my knee. I ended up with my knee in a brace and using a cane (that I still have). Throw in a surgery that I had in September and it turns out that this summer was not the summer I had imagined at all. An acquaintance said to me that life is what happens while we are making plans.

Most people business owners, similarly, spend a lot of time and invest a lot into protecting their businesses from most expected challenges. Depending on the size and complexity of the business, this will range from control systems to detect and prevent fraud and waste, to various reports that business owners and management use to monitor how the business is doing. The question that stands though is, what are business owners and management doing to deal with the unexpected or the events that they hope will never happen? Does the business have a disaster recovery plan? Has the business taken steps to encourage tips that will help uncover weaknesses in control systems and catch fraud and waste? Does the business know what it will do when fraud and waste are uncovered? Yes we make plans and take precautions, but are we ready to deal with what happens when the unexpected happens? Are we ready for, you know, life?

Tagged , , , ,

Gimme A Break!

gimme_a_break

It almost seems a long time ago, but November and December had a great series of holidays that, for some, were leveraged into a week or two of time off. From the conversations that I have had with strangers in elevators, not a single person wished they could have just stayed in the office and worked. The only gripe was the weather (for those of us in the Northeast). Everyone needs time off to recharge and those who tell us otherwise are lying to themselves or to us.

However, for those bosses who don’t care about whether or not their workers are worn out, just as long as they show up, there is a reason to give time off that benefits them – security. You would not believe how many stories I have come across, of fraud perpetrated by employees who rarely took time off and , if they did, it was only ever for a couple of days at a time. The bosses loved them because they were so diligent and always there when anything was needed. It also turned out that these same employees were diligently stealing from their employers. because they were always in the office, they were able to make sure that people didn’t poke around in their work too much. Because they were always in, they were able to steer people away if anyone seemed to be getting close to discovering their scheme. Because they were always the face in the office, they were able to gain the trust of their employers. In this way, they were able to keep watch over their fraud schemes and keep them going on for a long time. I have lost count of the number of times I have heard about how shocked people were when a fraudster was exposed because of how diligent and ever-present that person was.

In theory, it is an admirable thing to have a worker who so loves coming into work that they won’t even take paid time off. However, when you think about it, why wouldn’t someone want to take time off that they are being paid to take? I don’t know about you but I do not have conversations where employees go on about how much they prefer being at work over spending time with loved ones, how much they love their daily commute and wouldn’t trade it for anything, or how they wish that weekends and days off would be abolished so they could spend more time at work. With this in mind, employees who do not want to take time off should be viewed with skepticism.

It is important that employers take advantage of the time off given, in order to perform fraud prevention and detection activities. This is mostly achieved by having another employee do the work of the vacationing employee. This is particularly important if the employee has a financial role or access to assets. A few examples of tasks that should be performed in an employee’s absence are:

  • reconciling the bank accounts;
  • receiving and opening mail, especially correspondence from banks and vendors
  • receiving and processing inventory;
  • disbursing checks.

Nobody likes to do someone else’s work, and that is a plus for a fraudster. But, doing someone else’s work has gotten many a fraudster caught (and often highlights errors and weaknesses). Bank reconciliations have been found to contain fictitious reconciling items. Checking the mail has revealed bank accounts that employees secretly opened and used to divert company funds for their own benefit. A check of vendor statements and payments has revealed payments being made to fake vendors. A lot of benefits are gained by employers when they give their workers time off and use that time to have their peers do the vacationers’ work. Several authorities, including the Federal Deposit Insurance Corporation (FDIC) and the SEC recommend that banks and investment advisors, among others, adopt mandatory two-week vacation policies as a safeguard against fraud. This is an approach that other types of businesses should also consider adopting. Several companies have adopted this policy of a two consecutive weeks off. This gives sufficient time to have other employees perform the tasks of their vacationing colleagues.

There is another benefit to having others do the work of their coworkers, either when that employee is on vacation or by rotating tasks. This is increases the number of employees with knowledge of processes, with all the peculiarities a company will have that are not in the company manuals. I recently read a piece on TheInnerAuditor website about the dangers and risks involved when knowledge is held by one individual in a company. Invariably that person’s work is never checked (who would know how to) and no one ever knows when this special person makes an error or, even worse, is committing fraud. In addition to this, should this person quit, retire or fall ill, the company will find that has no idea how to do certain things or even where to find the information required for the task. This is because it has been easier to rely on this one brain trust than to learn what the trust knows. And the brain trust enjoys the power and authority given to them because they are always the smartest person in the room. I have written before about how notes on systems and processes may not include every single piece of information. Having others cycle through tasks is the best way to be sure that others know how to perform the tasks and that more than one person knows what is going on.

So, bosses, go ahead, give your employees a break, a real break. They will be happier and likely more productive for it and it will benefit your company. it will improve your chances of detecting and deterring fraud and it will help prevent errors. Finally, it will make sure that you don’t have to depend on one person to keep the business running.

And, workers, tell your bosses to give you lots of time off and remind them to, please, have someone do your work while you’re away. Assure them that you are not doing this for yourself. No, this is part of you looking out for their business.

Tagged , , , , , ,

Oh Yes, She Did!

james_ano_silly

In previous posts, when talking about the importance of controls in a system to help prevent fraud, I discussed the case of Amy Wilson. These posts were specifically about how trust is not a control. Regardless of how nice a person seems to be (or is) or how long someone has worked for you, you should never decide that you can trust them enough to forgo system controls. It really cannot be said enough, trust is not a control. It does not matter how good a person is or how long they have worked without ever considering defrauding their employer, there may come a time when they face great pressure to commit fraud. It is important that, should this time arise, there are controls that deter them from giving in to temptation.

In my first post about Amy Wilson, I discussed how many controls I come across when I run a race compared to how few controls I have seen in many businesses. I continue to be amazed by this; people will put so much into making sure folk aren’t fabricating their running times, yet they are willing to trust those very same folk with their money and assets. The second time I wrote about Amy Wilson, I had watched her enlightening interview on the Attestation Update website. Here and in the articles she has authored, Amy Wilson speaks very clearly about what she did and how she could either have been caught or have never had the opportunity to perpetrate the fraud.

Well, fast forward to today. I received notification, this morning, that Amy Wilson had visited my website and left me a comment. She was very complimentary (whew!). I am glad because Ms. Wilson does have great lessons to impart and I appreciate that she does not take issue with how I have shared her story and lessons. To have real life examples of where the weaknesses in a system were, how they were exploited and the ultimate consequences of all of this is absolutely priceless. When it comes to designing and instituting controls in a financial system, it is imperative that this is performed effectively and consistently. In order to make sure that this process is correctly implemented, the stories must be told clearly, correctly and honestly. It is fantastic that Ms. Wilson is unflinching when she talks about what she did; that kind of thing does not happen often. This kind of honesty helps forensic accountants get better at what they do and, hopefully, businesses get better at deterring, preventing and detecting fraud. Finally, feedback like Amy Wilson’s helps me feel happier about what I do.

Tagged , , , , , , , , ,

Stuff It

Back in the early days of my time as an auditor, I went on many inventory counts. Because companies would have to close their businesses while the inventory count was going on, they tended to happen over the weekend. I am yet to meet anyone who likes to spend their weekends at work and it is even worse when all of your friends are going to be sleeping in or doing something fun while you are at work. I could complain (and I am sure I did) but it was a necessary part of the work that I did and so I spent several weekends at a client, observing their inventory counts and carrying out audit tests. One particular assignment sticks in my head. I went to a company that had a very large inventory of bags of cement. I cannot, for the life of me, remember what the company did – whether it was construction or the manufacture and sale of cement. Either way, there was a huge warehouse, filled with stacks of these bags. I don’t know how much you know about cement but, what I found out that day is that cement is very powdery and the small particles are very good at escaping the bags that they are put into. You could see the air in the warehouse; it looked a little like the inside of a snow globe, except for the fact that no one would ever make a snow globe of mountains of brown bags. One of my tests involved test counting areas of inventory to see if my numbers tied up with the numbers counted by the client. I walked around sections of the warehouse and counted stacks of bags – the length, breadth and height – and multiplied numbers to come up with totals. I was not done though. I had to make sure that the mountains were made up of cement bags all the way through and not, say, hollow in the middle. So, I climbed up the dusty stacks of bags, fighting my fear of heights in the name of my mission, and checked to make sure that the stacks were not hollow. I then also had some of the staff at the company move some bags around to make sure that the stacks were made up of only cement bags and not bags of some other filler. I went home that day coated in a film of cement dust. I know my neighbors were wondering how an auditor could get so dirty at work – didn’t I just work with a calculator and pen? Ink stains were expected, but not cement. For all the complaining that I did about spending my Saturdays on inventory counts, I found a lot of the assignments, like this one, to be a lot of fun and rather exciting. I got to be queen of the cement mountains and bound about, on high, in the name of thoroughness.

If you have a company that sells or makes any kind of stuff, you will have inventory, which is also called stock. In accounting lingo, inventory is considered to be an asset because it is something that is expected to make you money in the future. For the very reason that inventory is expected to make you money in the future, it is important, for the health of your company, to safeguard your inventory, so that someone else doesn’t make off with it and, thus, your future money. I have spoken many times about many ways to prevent fraud and error with financial statements, but a lot of these steps can be translated into making sure that you hold on to your stuff.

In the world of inventory, your stuff disappearing is referred to as shrinkage. It makes it sound like you didn’t follow the instructions for laundering clothing, but it basically means that someone is stealing from you and, I don’t know about you, but I don’t like it when people steal my stuff. Any advice I can take to keep that from happening is good advice to me. The first step, in order to protect your inventory, is to keep it locked up. I have told you before about the steps my husband took to install physical barriers to access to his belongings in his studio. These are the types of steps that you should take in physically safeguarding your inventory, your stuff. Depending on what you have and what your needs are, the physical safeguarding may be locks, cameras, doors with security codes or even those fancy retina scanners that we see on crime shows. You should not only keep your inventory under lock and key but also limit access to the inventory to a few authorized parties. Only people with a reason to get to the inventory should have access. This makes it easier to trace the movements of inventory and it also serves as a deterrent to those who might think about pilfering inventory. If the list of suspects is a short one, those people might think twice about stealing.

The segregation of duties is also vital with inventory. The cycle of inventory begins with its purchase. Inventory is then stored until it is needed for manufacture or sale. Sometimes inventory is damaged, expires or is otherwise no longer of value to you and your company. When this happens, the inventory is either destroyed or sold, at a loss, to someone else who still finds it useful. Now, if one person has control over this process, from purchase to sale or destruction, there are many opportunities for fraud. For example, a person may take inventory, sell it for a profit and then write off that inventory as obsolete, pocketing the money made from the sale. Another example of fraud is ordering and receiving, say, ten items, but claiming that only nine were received. This person can then take the tenth item for personal use or profit.

Another very useful and important control is the use of preprinted, prenumbered documentation. These documents range from order forms, to receiving reports and shipping reports. All movement of inventory coming in and going out must be documented and those documents must be prenumbered. Gaps in the document numbering, or repeated numbers, will raise red flags that should be investigated. Missing documents should also raise red flags that should be investigated.

Inventory is your company’s stuff and it is important to seek out the advice and guidance of qualified CPAs to best protect it. Doing so dissuades potential criminals from trying to take it and also will make it easier to track it down, should someone take it. Taking the time to adequately plan and incorporate these controls into your inventory system can protect you from loss. I know I get worked up about people messing with my stuff and I am pretty sure you feel the same about the stuff that helps your business run.

Tagged , , , , ,

The Sheriff in Town!

When I first went to university, I was unsure what I wanted to major in. I had been considering chemistry, because I fancied that I might be the person to come up with a cure for AIDS. At the idealistic age of 18, I was so sure that I could use the colorful magic of gas chromatography to come up with a solution that many experienced scientists with doctoral degrees had been unable to discover. I signed up for a chemistry class and, I decided to take an elective in economics. I was hooked after my first class and ended up majoring in economics. I was fascinated by various theories and the push and pull between fiscal and monetary policies. I did come away from my class knowing one thing – I wanted to work for the Federal Reserve System, home of US monetary policy. To me, to be part of an organization that was focused on what to do in order to best positively influence the economy of the entire nation was awesome! Federal Reserve Banks issue the money that we use; how cool is that? I remember going to a campus career fair and spending most of my time there chatting with a representative from the Fed. Following that conversation, getting a job at the Fed was my dream. One big obstacle stood in my way; at the time, I was not a US citizen. I was devastated but I still dreamt that one day I would either be a citizen or the Fed would change its policies, whichever came first. At the time, as an economist in training, my dream was to be an analyst.

As time has gone by (I am a citizen now) and I have gone on to add becoming a CPA and then getting Certified in Financial Forensics to my skill set, my interest in the Fed and what it does has grown. After graduating, with my degree in economics and mathematics, I went on to work at a bank, where I was an analyst. I was very excited about the opportunity to apply the theory I had learnt in college. I had not bargained on how people are not very good at following the rules, be they the rules of logic or the rule of law. I mean, how many times have you said, “Who would do that,” or “Why did they act that way? It doesn’t make sense”? Yep, we humans use our free will in the nuttiest ways. Just last week, I read a crazy story about a Georgia woman filing a tax return for a $94 million dollar refund. Every aspect of the story is insane, from her 100 dependents to thinking that she could pick up her refund check at a local Kroger grocery store, and yet she is neither the first or last person to attempt this kind of thing. So, after the monetary policy folks have come up with their ideas about how best to influence the economy, there need to be the people who make sure that people are not breaking the rules and people who create control systems and audit them to minimize the risk of people breaking the rules. This is where forensic accountants come into play at the Fed.

Forensic Accountants, both those Certified in Financial Forensics and those who are Certified Fraud Examiners, can be found in the audit and enforcement areas of the Federal Reserve System. The saying is that love makes the world go around, but we are all aware that money is a big motivator for who many people behave. I have written about the fraud triangle and how people in positions of trust and authority will break the law in pursuit of illicit gain. With this in mind, it is vital to assess and improve control systems to make sure that, starting at the top financial institution, there is little opportunity for those who feel the pressure to commit financial crime. If the top bank cannot keep money safe, what hope is there for the rest of them? The Fed has bank examiners whose goal is to ensure that banks comply with laws such as those governing anti-money laundering and doing business with nations and people that the US government has imposed sanctions upon. The Fed plays an important role as an independent third party that will objectively assess operations at the banks that they supervise to make sure that they are not, for example, helping criminal rings hide their ill-gotten gains.

There are twelve banks in the Federal Reserve System and each bill of paper money that you have incorporates, in its serial number, the letter assigned to bank that issued that bill. Pull out a banknote, be it a dollar or a $100 bill, it will have the letter of the particular Federal Reserve Bank that issued it, be it Boston, San Francisco or any of the ones in between. In the case of the dollar bill, the name of the issuing bank is also noted on the bill. It goes almost without saying that the institution that issues the money that we use should have top notch controls. Each Federal Reserve Bank, therefore, has audit departments that are constantly reviewing it and making sure that the banks are complying with the rules. The auditors also work to improve systems. Every day, people are spending a lot of time and energy trying to figure out how to game the system and so those at the Fed should spend at least as much time and energy working to keep the banks safe and compliant.

Though my focus has changed, my excitement when it comes to the Fed is unabated. Not only are they working on monetary policy, they are also working to make sure that the rules are not being broken and that the opportunity to defraud, steal or abet crime is diminished. Take a look at the money in your wallet and think about what goes into making it worth what it is worth.

Tagged , , , , , , , , , , , , , , , , ,

From The Horse’s Mouth

Mister-Ed-Talking-HorseEarly last year, I wrote about Amy Wilson and the lack of controls that existed in the company that she stole from. The complete lack of controls and reliance on trust gave her the opportunity to steal from the company, which she did… for four years. She was actually caught by the fraud department at the credit card company, not by her employers. Anyway, I am talking about her because Jim Ulvog has an excellent post on his website, Attestation Update. Here, Amy Wilson tells us about her fraud, how she was caught and how she got away with things for as long as she did. It is an excellent watch and a great reminder of the very wise words – “trust, but verify.”

Tagged , , , , , , , , , ,

It’s A Good Hurt

This morning, after my run, I pulled out my yoga mat and foam roller and embarked on my post-run stretches. I am yet to come across a runner who looks forward to the stretching – most of us confess to not stretching enough. And as much as we deplore the stretching we tend to do that more often than the foam rolling. This is because, despite the benign name, the foam roller is an instrument of torture. When I have taken yoga classes, teachers have asked me if I am a runner. They ask this, not because my yoga skills are impressive, but because my leg muscles are so tight that touching my toes is a feat; it’s not a good look. These tight leg muscles are what I target with the foam roller. I am terrible at stretching because stretching after a run is mind-numbing tedium. I am atrocious at using my foam roller after a run because trying to loosen up my tight muscles after a run hurts like hell. However, if I don’t loosen up these muscles, I am setting myself up for injuries and pain that will keep me from running for a lot longer than it takes to suffer through the rolling.

The same is true of many aspects of an entity’s financial system. There are many controls that are recommended by accountants and auditors that may seem like overkill or painfully tedious. However, as I have explained in some of my posts regarding aspects of control systems, such as segregation of duties and double entry accounting, being proactive about creating and maintaining a robust financial control system goes a long way to keeping things from going horribly wrong in the future. I will be the first person to tell you that there are many parts of an accounting system that are not fun. For example, it would be so much easier to have checks come into a company and be dumped on an accountant’s desk and have that one accountant deal with recording the check in the books, depositing the check in the bank and then reconciling the bank statement at the end of the month. Way too many companies opt for the easier path and find many ways to justify their decisions – the accountant has been with them for years, the accountant is such a nice person and totally trustworthy and wouldn’t act in an unethical manner. It’s an easy path until the money is stolen and, more often than not, not recovered. Too many stories of beloved staff members who have turned out to be fraudsters and thieves should show people that a great personality is not an acceptable control measure. Way too many times, we discover that the friendly coworkers are able to perpetuate their crime for a long time because they just seem too good to be crooks.

Record-keeping can seem like such a drag. I mean, what fun is there is debits and credits and keep track of income statements and balance sheets. Oh, and don’t get me started on the headaches that a balance sheet that doesn’t balance can bring. Why would anyone want to keep track of order forms, receipts and other elements of an audit trail? When making an adjustment to the ledger, you know that you will totally remember why you processed the change, even ten years from now. You don’t need to provide backup or keep a record of why you made the change. You wouldn’t believe how often I hear this kind of talk from accountants. Six months later, practically none of them can explain a journal entry that doesn’t have backup and this is for the accountants that have not decided to move on to another company, leaving the person who has taken over their position completely in the dark. Especially since we live in an age when people are not married to one job for life, it is essential that anyone looking at a transaction can find out just about everything there is to know about the transaction without having to employ the services of a forensic accountant.

There are times when I start nodding off just at the thought of the some of the processes I need to go through. Sometimes I think – I don’t really need to check this; the accountant has done this a hundred times, so it is probably okay. But then I think about what might happen if I am incorrect. The thought of how much more I will have to do if I don’t perform the check and then have to clean up the mess afterward pushes me to suck it up and do things correctly the first time. When, on occasion, I find an error, I know that it’s good that I decided to do the right thing. Also, the fact that those in the finance department know that work is being reviewed and being given a look-over by others is a great deterrent to those tempted to engage in nefarious behavior. I also remind myself of this when my own work is being reviewed and my ego has to be reminded that even I can make mistakes and that, in the name of outputting a superior product, the checks on work are not only good but necessary.

Running a business is not all fun, games and glamour. There are times when the physically and mentally painful work must be done in order for the business to succeed and minimize errors and fraud. I groan in pain and have to will myself to remain diligent and not cheat on the foam rolling. The neighbors may wonder what is going on but I know that this is how I can minimize injuries and keep on running happy and healthy. Likewise, though I make less noise (at least, I think I make less noise) about some of the work that I have to do, I know that this is what must be done to keep the company happy and healthy. So, do what hurts – it’s good for you.

Tagged , , , , , , , , ,