Internal Control and Enterprise Risk Management Case Study R

Internal Control and Enterprise Risk Management

Case Study

Read the following case study related to fraud that occurred in a small business. Identify at least 2 red flags of the fraudulent behavior and at least 2 items in the internal control structure that should be changed to prevent a similar incident from occurring again and explain.

Case Study

Sue was a bookkeeper who worked for the CFO of a small business. The company was still growing and did not have any other accounting resources. The CFO had an accounting background and stayed as close to the details as he could, and Sue rarely entered accounting transactions without needing help. That’s why it was such a surprise when it was discovered that Sue had been stealing about $1,000/month from the company.

The CFO recognized the company was big enough to need a Controller. The new Controller had been assigned a complete review of all of the accounts that were three months behind being reconciled. Sue did not like having the new Controller in all of her files, and she often interfered with his review. She became difficult to work with yet still seemed to think she deserved a raise. Her reason for the raise was not based on her performance, but rather that she needed the extra money, a reason that the CFO did not consider valid.

In his review of the accounts, the controller noticed that while the ending balances of the credit card accounts were appropriate, the payment activity did not match. The details soon came to light. Sue had a credit card with the same bank as the company and had been sending payments to her account from the company\'s cash account. In order to make the month-ending balance of the credit card match the statement, she added fake expenses to offset the fraudulent payments. The CFO reviewed and signed all checks, but these payments were made via a little-known online payment option. Sue also personally used the company\'s airline rewards miles, and she set up expensive office supply agreements where she personally collected incentive gifts rather than choosing office supply agreements that would be in the best interest of the company. Due to its small size, the company did not have a code of conduct handbook at that time.

It was difficult for the CFO to believe. Yet, Sue had access to the cash and to the financial system to record journal entries. These duties should be separated if possible. Looking back, he understands why Sue had been so disagreeable in her relationship with the new controller. Sue recently had surgery which caused her financial hardship. Sue is no longer an employee of this company and is facing prosecution.

Solution

2 red flags of the fraudulent behavior :-

1. The first red flag was having just one person to handle the accounting transaction and no one reviewing her work or to do the reconciliation of accounts which was already lagging behind.

2. There was no code of conduct or corporate gift policy to which Sue could adhere too.

2 items in the internal control structure that should be changed to prevent a similar incident from occurring again:-

1. Set up an internal audit team as soon as possible. The role of the audit team will then be to identify all the critical processes of the organization and then review the risk modes present in all of those processes.

2. The company need to put all its relevant policies and framework in place and well documented. for example policies on code of conduct, corporate gifting, credit card etc. Once these are documented then the employees will have written rules to which they need to be adhered to.