Industry

Controllers, Don’t Skim On These 6 Tips to Thwart Fraud

By | December 7, 2017

It’s not every day that you come across a controller who had worked on the Allen Stanford and Bernie Madoff Ponzi scheme investigations. But Bridget Meacham Kowalski, CPA, CFE, did just that.

Now the controller of the Pittsburgh Symphony Orchestra, Kowalski was working as a financial and litigation consultant for FTI Consulting at the time of Stanford’s and Madoff’s malfeasance.

“With Ponzi schemes, there are always winners (usually those on the inside or early liquidators) and losers (those who never recover their investment),” Kowalski wrote in an email. “Once a Ponzi scheme is uncovered, a clawback analysis is done to try to help mitigate the losses of everyone, even taking back proceeds from those who innocently benefited from wrongdoing.”

“For Stanford, as part of the clawback, I was tasked with searching for evidence of his use of investor money to fund cricket-related activities in the West Indies. For Madoff, I was sitting at a computer going through microfilm scans from the last 20 years and recording investment returns and customers. Looking at them, it was clear something fishy was going on. While not super exciting, it gave me a taste of how fraud and investigations impact people’s lives for the better.”

But many controllers aren’t lucky enough to have Kowalski’s experience investigating fraudulent activities. And according to the 2016 Report to the Nations on Occupational Fraud and Abuse from the Association of Certified Fraud Examiners, guess which business unit had the most cases of occupational fraud worldwide between January 2014 and October 2015? You guessed it, accounting!

So, how can controllers prevent it?

When fraud comes calling

But before we get to that, let’s take a quick look at a few types of fraud that could rear their ugly head.

According to the ACFE report, asset misappropriation was by far the most common form of occupational fraud, occurring in more than 83% of cases. Among the many forms of asset misappropriation, billing and check tampering schemes posed the biggest risks. On the other hand, financial statement fraud only occurred in less than 10% of cases.

“Asset misappropriation is more of a concern for me because as a smaller-sized entity, even a relatively minor incident comparatively could be material to my company’s balance sheet,” said Bradford Towne, CPA, controller of a small publicly traded renewable chemicals and advanced biofuels company based in Englewood, Colo.

“We recently performed a complete review of our IT and manual segregation duties controls, especially given the limited number of staff involved in our accounting and treasury functions. We were able to prove that there was no way anyone, including myself, could possibly divert corporate funds either through check, ACH, or wire without collusion.”

So, what fraud risk troubles Towne the most? “All fraud is wrong and unethical,” he said. “However, as controllers, our licenses and reputations are our currency in this business. And any situation where accountants feel undue pressure to misrepresent financial information is troubling. The obvious answer is to refuse and risk termination or resignation, but the fact these events even arise is unfortunate.”

The Pittsburgh Symphony Orchestra fell victim last year to a check tampering scheme, according to Kowalski, which led to the nonprofit organization adopting a positive pay system to prevent check fraud from happening again.

“Luckily, our bank figured out something was wrong and called to alert us the same day. (We would have seen it the next day during our regular procedures.),” she said. “It forced me to re-evaluate our check security and talk to our bank about ways to protect ourselves.”

Best practices for mitigating fraud

Kowalski believes that one of the keys to fraud prevention is just knowing what is going on within your organization.

“I walk around and talk to people. If someone makes an unusual supply purchase, I go check it out,” she said.

Here are some other fraud prevention tips from Kowalski and Towne that controllers and chief accounting officers should consider:

1. Review processes and controls over procure to pay and payroll. “Many of us are going to be controllers over medium- to smaller-sized entities, lacking their own dedicated treasury and internal audit teams, and often outsourcing IT support,” Towne said. “In addition, most of your staff, especially in the procure-to-pay area, may lack the skill set for identifying potential process or control issues that give rise to the opportunities to commit fraud. If you are in charge of treasury or payroll as the controller, take the time to evaluate the processes and systems involved.”

2. Keep a handle on your cash, especially in small businesses. “Small organizations seem like family, but trust shouldn’t trump good internal controls,” Kowalski said. “Keep cash under lock and key, and reconcile it regularly.”

3. Review key customer contracts. “In the Topic 606 world we live in now, this is an area where you need to understand how the company before you arrived came to the decisions it did on revenue recognition,” Towne said. “Revenue recognition is, historically, a significant contributor to corporate fraud and ultimate restatements. Make sure you are comfortable with the conclusions reached.”

4. Pay attention to details. “My experience in investigations taught me to listen carefully to what people say, and ask the right questions,” Kowalski said. “Sometimes what someone doesn’t say is more telling than what they do. The solution to your problems is often in the details. You have to understand the nuts and bolts of a situation in order to understand the big picture.”

5. Understand your company’s business. “I have often seen accounting teams working in a vacuum from operations,” Towne said. “When an error occurs, this often is because accounting misunderstood either a contract’s terms or the underlying economics or risks of a given transaction or estimate. But in other cases, it can result in failure to identify fraud, especially if the central accounting team relies on data or other information from operations or satellite accounting teams.”

6. Don’t forget, everything has a financial component. “Establish relationships throughout your organization so you are among the first to know of new initiatives and developments,” Kowalski advised. “Help others understand how their activities impact finance and how you can help them achieve their goals.”

Image: iStock/Masuti

  • Big4Veteran

    I feel like in both my public and private accounting careers I could have found or thwarted fraud, if I weren’t so apathetic and lazy. It’s not that I’m dumb or easily deceived. It’s that I just don’t care that much. I’d say the vast majority of rank-and-file auditors at Big 4 firms would probably agree with me on this one.

    If you throw it in my face (i.e. hugely material and obvious), then yeah, I have to do something about it. But if you do a reasonable job of covering it up, I’m not going to dig that much. That would just be more work for me with little reward.