Internal Controls

Will KPMG Join Wells Fargo in its Walk of Shame?

In 2011, Going Concern speculated about potential issues with internal controls at Wells Fargo that prompted the then CFO, Howard Atkins, to abandon ship. Just a little foreshadowing of what is happening to good ol’ Wells this month. If you haven’t been following the news, here’s the scoop: Over the last 5 years a handful […]

Accounting News Roundup: Unholy Vatican Accounting and Deloitte’s Bitcoin ATM | 09.08.16

Vatican accounting Here's an article about Cardinal George Pell, "the pope's finance chief" who hired PwC to audit the Vatican late last year. And if you think your company's/client's books are a mess, you'll thank the Almighty that you don't have to deal with this: Accounting at the Vatican has never followed unified policies. Annual […]

Multi-factor Authentication: Mo’ Factors, Mo’ Problems

The dreaded “access denied” error message. It makes you want to cry, doesn’t it? Not only do you have to change your password every 90 days, but throw in other options for dual factor authentication such as getting a text to your phone or some type of biometric scan… it’s headache central. As I said […]

Tighten Up Privileged Access Now, or Hate Yourself Later

The 2016 Verizon Data Breach Investigations Report (aka: “DBIR”) is out and it isn’t pretty. Where to start…? Maybe by saying that 2015 heralded over 100,000 information security incidents — including 3,141 data breaches. If those numbers are not staggering enough, it’s more unnerving to realize this is the first time I have heard about […]

Man Who Lived Out Fantasy of Screwing Over a Major Airline Sentenced to Six Years in Prison

Paul Anderson, a former Delta Airlines employee, defrauded Northwest and Delta Airlines out of $36 million. In a just world, we would proclaim him a hero who sees the injustice of horrendous business practices and does right by all of us who have been fucked over by an airline. Alas, we live in nation of […]

“Is the CFO’s quitting time after 3 pm?” Coming to an Auditor’s Questionnaire Near You

“If the managers, the C-level and board have good demonstrative behavior, everybody down the line will mimic that,” said Yigal Rechtman, senior manager of forensics and litigation at Grassi & Co., an accounting and business consulting service, at a New York State Society of CPAs’ forensic accounting conference yesterday. “People need to operate by example,” […]

JOBS Act Hasn’t Encouraged as Many Companies to Avoid Sarbanes-Oxley as Some Would Have Hoped

Before the House of Representatives got down with some Audit Integrity whatever whatever, we had the Jumpstarting Our Business Startups Act as an example of Congressional wading into the accounting/auditing regulatory waters. If you need a refresher, the JOBS Act flew through Congress and the got the President's signature last year despite a lot of people saying […]

Wanted: New COSO Chairman

Are you looking for a side project? Do you love internal controls? Could you use some extra beer money? Then chairing the Committee of Sponsoring Organizations of the Treadway Commission may be for you! The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is seeking a new chair for a three-year term that would begin […]

COSO’s Internal Control Framework Update Has Some Material Weaknesses

Oh my God. Last month, COSO released a post-public exposure version of its update of Internal Control – Integrated Framework. In February, George Lucas released Phantom Menace in 3D. Both of these caused nerds to cream their jeans. For Star Wars nerds who work in internal control, 2012 has been better than sex (a comparison […]

You Can Officially Check “Updated COSO Internal Control – Integrated Framework” Off Your Wish List

Another Festivus miracle!  The Committee of Sponsoring Organizations of the Treadway Commission (COSO) – an organization providing thought leadership and guidance on internal control, enterprise risk management, and fraud deterrence – has released, for public comment, an updated Internal Control – Integrated Framework (Framework) intended to help organizations improve performance with greater agility, confidence and […]

There’s at Least One Interesting Theory Out There About the Wells Fargo CFO’s Sudden Resignation

Last week, we told you about Wells Fargo’s announcement that their CFO gave himself an early birthday gift by throwing a retirement party for himself. As previously mentioned, Howard Atkins’s departure was a little mysterio and no one had any theories (crackpot or otherwise) on the Atkins’s march in. That all changed yesterday when Christopher Whalen, an analyst at Institutional Risk Analytics issued a report that stated that he, for one, wasn’t buying the “personal issues” story put out by the bank:

“The departure of Atkins, we are led to believe, was not merely the result of personal issues, but reflects an ongoing internal dispute within [Wells Fargo’s] executive suite regarding the bank’s disclosure,” he writes.

Whalen then goes on to argue that Wells Fargo’s “public behavior suggests significant problems in the bank’s internal systems and controls as defined by the Sarbanes-Oxley law. We further understand that some officials of [Wells Fargo], increasingly uncomfortable with the bank’s aggressive public disclosure regime, have reached out to regulators because of concerns regarding accounting issues.”

The Stagecoach Gang, for their part, is sticking to their story citing the “personal reasons” and their spokesman dismissed Whalen’s report with “pfffft” and a wave of the hand, saying, “I haven’t heard anything like that. It’s speculation. I’m not going to comment on it.”

Wells Fargo CFO Exit Tied to Disclosure: Analyst [The Street]

Accounting News Roundup: GM Still Lacks Effective Internal Control System; The Ten Highest State Income Tax Rates; How to Know When Your Boss Is Lying | 08.20.10

GM filing warns on reporting [Detroit Free Press]
This may come as a shock but General Motors, despite filing paperwork for its IPO, admits that they still don’t have effective internal controls.

“[I]n regulatory filings about its upcoming initial public offering, GM warned potential investors that ‘our internal controls of financial reporting are currently not effective.’

Experts are divided on whether the warning — one of about 30 risk factors identified by GM in a document describing a planned sale of shares — is just an obscure accounting matter or a red flag that taints GM’s financial reporting

The 10 Highest State Income Tax Rates For 2010 [Forbes]
If you’re single and make $200k or $400k and married in Hawaii, you get dinged for 11%, the highest ranking state on the list. Dark horse Iowa comes in at #5 gets 8.98% of taxable income over $64,261. That’s above New Jersey and New York tied at #6.

Transocean accuses BP of withholding data on Deepwater Horizon and oil spill [WaPo]
Just when you thought the ugliness was slowing down (at least in the media coverage), ” Even as they work together to kill the Macondo well in the Gulf of Mexico, the oil giant BP and the deep-water drilling rig company Transocean are in an increasingly bitter battle over what went wrong on April 20 to trigger America’s worst oil spill.

The conflict flared Thursday when Transocean fired off a scathing letter accusing BP of hoarding information and test results related to the Deepwater Horizon blowout that killed 11 people, including nine Transocean employees. Signed by Transocean’s acting co-general counsel, Steven L. Roberts, the letter says that Transocean’s internal investigation of what went wrong has been hampered by BP’s refusal to deliver ‘even the most basic information’ about the event.

‘[I]t appears that BP is withholding evidence in an attempt to prevent any entity other than BP from investigating the cause of the April 20th incident and the resulting spill,’ the letter states, and it demands a long list of technical documents and lab tests.”


How to tell when your boss is lying [The Economist]
Apparently cursing is a good sign.

Koss reports smaller quarterly loss on 14% sales decline [Milwaukee Journal Sentinel]
The company lost $423,450 for the six months ended June 30th. They spent $1.12 million on legal fees related to Suzy Sachdeva.

It’s Ridiculous to Think That Enterprise Financial Dismissed KPMG Because of the Restatements

KPMG has been kicked to the curb by Enterprise Financial according to an 8-K that was filed on Friday by the company. The ubiquitous claim of “no disagreements with [insert firm]” was there along with a mention of a material weakness that was related to the restatements issued for both 2008 and 2007 but that couldn’t possibly have anything to do with the dismissal of the auditors:

In connection with the identification of the loan participation accounting error described in Item 7, Management Discussion & Analysis and in Item 8, Note 2 of the consolidated financial statements and elsewhere in the Form 10K dated March 16, 2010, the Company also determined that a material weakness in its internal controls over financial reporting existed during the periods affected by the error, including as of December 31, 2008. The Company’s management concluded that the material weakness was the Company’s lack of a formal process to periodically review existing contracts and agreements with continuing accounting significance. To remediate this material weakness, during the fourth quarter of 2009 the Company implemented a formal process to review all contracts and agreements with continuing accounting significance on an annual basis. As a result of the review conducted in the fourth quarter, management did not identify any other errors in its previous accounting for such contracts or agreements. Management believes that this new process has remediated the material weakness in the Company’s internal control over financial reporting.

So in other words, “Yeah, maybe we should have been looking at these contracts but we weren’t and so some material misstatements slid through. We’ve slapped some duct tape on it and it’ll be fine from here on it. End of story.”

The esteemed pleasure of auditing Enterprise now belongs to Deloitte who has now snagged three clients from KPMG this year (by our count) – picking up Jefferies and Select Comfort back in March.

Enterprise Bank parent dismisses KPMG [St. Louis Business Journal]

Five Questions with Norman Marks

Norman Marks is an “evangelist for GRC” (that’s governance, risk management and compliance for those of you that can’t do a Google search). He is a CPA, a chartered accountant and vice president, governance, risk, and compliance for SAP’s BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years.

He blogs at the IIA website and keeps a personal blog on governance, risk management and internal controls. He is also the contributing editor of Internal Auditor’s “Governance Perspectives.”

If you read a few Norman’s posts you’ll understand his passion for internal audit, GRC and helping companies find solutions for these issues. Simply stated, Norman is one of the good guys and is doing more than his fair share to help take on the challenges in these areas.


Why should accountants read your blog?
My blog is for anybody with an interest in monitoring events and sharing views around governance, risk management, and internal audit. Accountants are more than people who maintain the books: they are businessmen and women interested in advancing and protecting their organization. That makes them natural leaders in each of these areas.

What are your three must-read accounting blogs and one must-read non-accounting blog?
I read the occasional business blog (aren’t all the better so-called accounting blogs really business blogs) when the topics are interesting. Certainly reTheAuditors by Francine McKenna is interesting. But I really enjoy Mike Jacka (an auditor/humorist) and Richard Chambers, President and CEO of the IIA.

A good accounting blogger is…
Not somebody who writes about (yawn) accounting, but about the accountant’s role in business and advancing the success of his or her organization.

The biggest issue facing accountants today is…
Will the inevitable court cases around Lehman and the principle of ‘fair presentation’ change the nature of external auditing, so that compliance with the rules of US GAAP is no longer sufficient?

Best accounting firm we’ve never heard of (and why they’re great)…
The firm that John Cleese worked in Monty Python (accounting is not boring). Seriously, though, the best accounting firm is the one that puts the interests of its customers first and foremost, consistently performs quality work, exercises fine judgment, provides sound and valuable advice, and sets fees that are reasonable by eliminating unnecessary work and recognizing that fees should not rise faster than wage inflation. You have never heard of them, because I have yet to see them. Sorry, sad, but true.

A Wisconsin Non-Profit Learns an Important Lesson in Internal Controls

Presented by Serenic Software. Download our free whitepaper – “5 Key Reasons Why Great Financial Management is So Important for Your Nonprofit Now”

What is in the water up in America’s Dairyland? We’ve been going on and on about the internal control failures at Koss in Milwaukee but now there’s more of it at a non-profit organization just up the road. Let’s hope everyone at UW Madison is taking notes.

The latest tale of non-profit fraud stars 56 year-old Leonard V. Lauth of Beaver Dam.

Wings Over Wisconsin bills itself as a conservation organization dedicated to natural resource preservation and education through youth and community involvement. Spelling errors and obvious lack of updates since 2006 on its website aside, WOW manages nearly 1,300 acres of land and provides mostly young hunter education to the future gun-toting blue-stater babes in Wisconsin.


While it prides preservation of Wisconsin’s precious wetlands, internal controls do not appear to be high on WOW’s priority list. Hopefully this changes that.

It’s a textbook fraud case, starting with the mounting medical bills and the poor internal controls that allowed its Treasurer to lift $16,875 since 2005. Lauth’s advanced methods of fraud include writing checks to himself labeled “office supplies” in the books and taking home banquet funds after the event insisting he’d deposit them at the bank in the morning.

While typically WOW practice to require two signatures, Lauth had been with the organization for 24 years, leaving the “trust” issue totally taken care of. Opportunity, motive, what else do we need?

Rationalization, of course! Lauth told Beaver Dam Police Lt. Joel Kiesow he thought he’d taken $788 from the organization in the four year period in which he executed his fraud. When informed it was more like $17,000, Lauth was shocked. I guess he didn’t realize how expensive “office supplies” can be these days.

“Maybe I was robbing Peter to pay Paul on different things,” said Lauth in regards to using WOW funds to pay off family medical bills. Actually, he was robbing the little Dustins and Bobbys with their baby shotguns and wildlife of Wisconsin who counted on the funds to which he so sloppily helped himself. Shame shame.

Let this be a lesson to all you non-profits: cash management and financial literacy (including fraud prevention measures) are not only best practices for public companies and private industry. If anything, non-profits need sharper internal controls – without shareholders to answer to, money can easily slip into the fraud vacuum undetected for years, as in the case of Mr Lauth and WOW.

Calls to WOW left after business hours were not returned.

Man accused of taking funds from non profit [Beaver Dam Daily Citizen]

Reason #10,308 to Not Engage in Dubioius Accounting Practices

So! Thinking about getting a little aggressive with the accounting? Forget aggressive, let’s just say you need to make your numbers next quarter come hell or high water? Maybe there are some pesky internal controls that you would really, really like to get around. For the good of the company of course.

Do whatcha gotta do but before you do, consider the sentence of Charles McCall, the former chairman of McKesson Corp. first. If, after reading his story, you decide it’s still worth the risk, then proceed with your plans.

A former chairman of San Francisco-based McKesson Corp. has been sentenced in federal court to 10 years in prison for securities fraud in an accounting scheme that cost shareholders $8.6 billion in 1999.

Charles McCall, 65, of Delray Beach, Fla., was given the prison term by U.S. District Judge William Alsup in San Francisco on Friday.

McCall was convicted by a jury in Alsup’s court in November of four counts of securities fraud and one count of circumventing the company’s internal accounting controls.

Prosecutors said that in the fraud, HBO & Co. and McKesson HBOC inflated revenues by backdating software sales and concealing side letters that would have allowed buyers to cancel proposed purchases that the company had counted as revenue.

This poor bastard got sentenced to 10 years (at 65, he’ll be lucky if manages to serve the full sentence) and he probably doesn’t know a internal control from his ass, other than at one time, he thought it was enough of a hindrance that he’d just ignore it altogether. If anyone has an extra copy of COSO laying around, kindly send it his way. He’ll have time to get caught up on the idea.

Ex-McKesson chairman gets 10 year sentence [SF Chronicle]

SHOCKER: GAO Says the Federal Government Has Weak Internal Controls

Talk about a blow. Everyone here at GC soiled themselves after finding out this piece of news.

The mother of all auditors, the General Accountability Office, released its FY 2009 Financial Report for the U.S. Government last week and things are, shall we say, typical. How typical? How about things are such a mess that the GAO can’t render an opinion on the consolidated financial statements?

“The U.S. Government Accountability Office (GAO) could not render an opinion on the consolidated financial statements of the federal government (other than the Statement of Social Insurance) because of widespread material internal control weaknesses and other limitations.”


That’s from the press release and while we were expecting a shitshow spread amongst all the agencies of the government, it’s due to the weaknesses in four agencies: the Defense Department, Homeland Security, State Department, and NASA.

Here’s the full rundown on the agencies from the report:

You may remember us noting the Defense Department’s audit problems back in the fall when we said:

For one of the 69 reviews the GAO performed, the audit report cited eight significant deficiencies in the contractor’s accounting system but since the contractor wasn’t really cool with that, the auditors dropped five of the [significant deficiencies] and recommended that the other three be “improved without additional work”.

So this really, really, really does come as a surprise. It is good to know that the GAO — never shy on tooting its own horn — is still out there earning it’s “taxpayer watchdog” badge.

At 256 pages, this thing is a beast. We’re plowing through it to find the more interesting tidbits where we can and if you’re on cruise control today, take a gander for yourself to see your tax dollars at work.

Fiscal Year 2009 Financial Report of the United States Government [GAO.gov]
U.S. Government’s 2009 Financial Report Shows Significant Fiscal Challenges [Press Release]
GAO Cites Weak Financial Management in Federal Government [Web CPA Debits & Credits]

At Blackwater, Strippers and Hookers are Legitimate Expenses

Allegedly of course!

It’s bad enough when even the Iraqis are saying GTFO but that’s exactly what’s happened to about 250 ex-Blackwater employees still lingering around Iraq. “I don’t think the Iraqi government is willing to have any Blackwater member, even if they are working in other companies,” government spokesman Ali al-Dabbagh told CNN in January.”

But it isn’t just the Iraqis with a Blackwater bone to pick – former Blackwater employees allege the security firm hired strippers, prostitutes, and “incompetent personnel” to defraud authorities while working security details in Iraq and Afghanistan, as well as in post-Katrina Louisiana.


WTF is going on here? If you’re going to rip off the federal government, I guess it’s good to get your money’s worth, especially if you know their internal controls are for shit.

CNN:

Melan Davis, who was involved in record-keeping, said Blackwater billed the government for prostitution services in Afghanistan from a Filipino female, whose name was on Blackwater’s payroll roster under a category called “Morale Welfare Recreation.”

She said Blackwater billed the woman’s plane tickets and monthly salary to the United States.

The lawsuit also said a vendor being paid for “cleaning services” in Louisiana was providing strippers.

Blackwater spokespeople (the company is now known as Xe, though we won’t pontificate as to why another rebranding might be appropriate at this time) claim Davis must be trippin’. Strippers? Hookers? Fake receipts? No way!

“The allegations are without merit and the company will vigorously defend against this lawsuit. It is noteworthy that the government has declined to intervene in this action,” Xe told CNN.

This is not the first time Blackwater has been accused of defrauding the government; California’s Henry Waxman (D) accused the contractor of running a tax scheme to avoid paying what his staffers estimated as $15.5 million in Social Security and Medicare taxes, $15.8 million federal income tax withholding and $500,000 in unemployment taxes between May 2006 and March 2007.

So? What’s worse? Not paying taxes or expensing “Morale Welfare Recreation” on Uncle Sam’s dime?

Fraud Risk, Staffing Reductions, and OJ Logic at CFO.com

orangejuice_Full.jpgEditor’s Note: Robert Stewart is a former Big 4 auditor and ex-Marine who has since served in several executive management roles in both Internal Audit and Corporate Finance. He is also the founder and chief contributor to the online accounting and audit community, The Accounting Nation. Outside of work, he is a husband, father, brother, writer,uate aspiring triathlete.
You can always count on CFO.com for logic flaws and surface reporting. It’s like drinking that concentrated orange juice in a can when you add three parts too much water and then put ice cubes in it because it’s warm, which makes it even more watery which… Where was I going with this?
Oh yeah. In one of their latest articles, entitled “As Internal Audit Staffs Shrink, Will Fraud Rise?“, the author portends — based on a Deloitte survey and subsequent interview — that the decrease in internal audit personnel somehow increases the risk of organizational exposure to fraud. What? Ever hear the phrase “Correlation is not Causation”? Symptom or cause.


Here’s my $0.02: such staffing reductions may increase the risk that fraud will go undetected (though only nominally given that IA only uncovers about 12% percent of frauds according to the ACFE’s Report to the Nation), but the risk to the organization more than likely remains constant, right? Am I missing something here?
After all, Internal Audit is a downstream event unless you make the argument that the organizational perception of being “watched” has diminished with the reductions in internal audit/compliance staffing, thus emboldening would-be fraudsters (i.e. strengthening the “opportunity” leg of Cressey’s Fraud Triangle). But this article doesn’t make that argument.
The article further states that:

Despite the reduction in compliance personnel, 50% of respondents to the Deloitte survey, who included CFOs, CEOs, board members, and middle managers in finance and risk management, said their compliance and ethics programs are strong. Another 36% said they are adequate. Many public companies and some private companies invested significantly in their compliance programs after the passage of Sarbox in 2002, notes Francis, and they may now feel confident that those programs are effective even with a reduced staff. But that confidence may not always be justified.

Confidence? I would hardly call the above percentages “confidence” on the part of the respondents. If I told you that 50% of the airline pilots felt that their pre-flight checklist procedures were strong, how would you feel about flying? No F*#$ing way I’m getting on that plane.
The words wrapped around the survey results and subsequent interview quotes don’t at all support the conclusion that this article is trying to draw. Perhaps it’s because the survey was designed and administered by a firm (Deloitte) that has a vested interest in drumming up some business through fear tactics? After all, you’re never going to hear a burglar alarm company extolling the improvements in public safety.
And you’re never going to hear a company that sells risk-related services conducting and publicly releasing results that don’t support their strategic objectives. Or perhaps it’s just bad writing at CFO.com in order to satisfy a quota? The World may never know (I think the World will be fine with this). Either way, I’ve wasted double the amount of time that I should have on this topic (i.e. read it and wrote about it). And so with that…I bid you adieu.