A few years ago, one of our audit clients was the victim of fraud when an employee embezzled cash receipts. The fraud was made possible by a combination of unusual circumstances and errors in management judgment.
As we started the annual audit of our client’s financial statements, we learned that the long-time controller had decided to retire. He did not want to leave the company in a bind, so he offered to stay on until the audit was completed. By late April we had completed the audit and issued our report so the controller began his retirement. Although senior management of the company had been given adequate notice of his departure, we observed that they had not yet lined up a replacement.
Actually, they had purposely not found a replacement. They reasoned that existing personnel could surely keep the accounting department functioning for several months in the absence of a controller. In fact, they said, as long as a new controller was in place by the start of the next annual audit, all should be well. In the interim, they could cut expenses and boost profits by not paying a controller. The chief financial officer (CFO) realized that the procedures normally performed by the controller still had to be accomplished, so he reassigned those tasks to other members of the accounting department.
The Fraud is Detected
The company finally hired a new controller and she began work in early December. Within a day or two of starting work she asked to review the bank reconciliations and promptly raised a question. She noted that the reconciliation of the main checking account showed several deposits in transit as reconciling items. Normally there is nothing unusual about that, but she was perplexed that the reconciliation indicated that some of the items had been deposited in August. She immediately spoke to the bookkeeper in charge of cash reconciliations and inquired as to how deposits made in August could still be in transit three months later. The bookkeeper acknowledged that it did seem unusual and offered to investigate the situation first thing the next morning.
When morning came, the bookkeeper called in to say that she was sick and could not come in that day. As it turned out, she not only did not come in that day, she was never seen or heard from again. Unfortunately, the money that she had embezzled was never seen again either. The new controller called us and asked us to investigate the situation and within a few hours we had determined exactly what had happened. The now missing bookkeeper had perpetrated a lapping scheme with cash receipts.
How the Fraud was Perpetrated
In lapping schemes, embezzlers steal cash or divert checks to their own use and cover the disappearance of the funds by substituting and falsely recording subsequent collections. To illustrate: the person in charge of depositing a payment received from Customer A steals that payment. Later, when a payment is received from Customer B, the thief deposits those funds, but records them in the company records as the receipt from Customer A. Then, the thief deposits a receipt from Customer C and indicates in the records that it came from Customer B, and so on. To avoid detection, the thief must either return the stolen cash, which is unlikely to happen, or continue to use a payment from one customer to credit the account of another. Otherwise, a customer who has paid will be contacted by the company, due to what appears to be non-payment, and the scheme will be exposed.
When the controller retired in April, the CFO temporarily assigned normal controller duties to other accounting department personnel, and reassigned some of their normal duties to balance out the workload and promote efficiency. In the interest of efficiency, the bookkeeper who was responsible for making bank deposits was also assigned to record the cash receipts, and credit customers for their payments, in the company records. The CFO reasoned that since she was making the bank deposits she would know exactly who to credit for payments. She was also assigned to prepare bank reconciliations, formerly a responsibility of the controller, and some of her normal duties were shifted to others. She must have seen her opportunity to steal almost immediately. In early May she began diverting checks to her own use and then covered the disappearance of those funds by perpetrating a lapping scheme utilizing checks received from other customers.
Unfortunately for the embezzler, something unexpected happened in August and she was unable to adequately cover certain missing funds with subsequent receipts. Collections fell off and there simply were not enough receipts during August to allow for adequate lapping. However, despite the lack of receipts, she knew that she had to credit customers who had actually paid or her scheme would be exposed. So, she credited customers for payments and indicated that those payments had been deposited in the checking account even though there were no amounts available to deposit.
Since deposits recorded in the books did not exist, they obviously did not appear on the bank statement and her scheme should have been detected and exposed by the person preparing the August bank reconciliations. But, thanks to reassignment of controller duties by the CFO, she was now the person in charge of bank reconciliations. When she prepared the August reconciliations, she identified the non-existent deposits as deposits in transit and everything appeared to balance. It did not occur to her to alter the dates of the deposits in transit on subsequent reconciliations so the new controller immediately recognized an anomaly, deposits still in transit after three months, and the scheme unraveled.
Unusual Circumstances and Management Errors
As noted above, the opportunity to steal arose because of unusual circumstances and errors in management judgment. The unusual circumstances were that upon completion of the audit the auditors left the premises and the controller retired without a replacement, effectively eliminating all normal oversight of the accounting department until the new controller was hired. The errors in management judgment were less obvious but nonetheless opened the door to theft.
First, management made the decision to cut costs and, presumably, boost profits by delaying replacement of the controller. Due to this shortsighted decision, they put dollars at risk to save pennies. Next, the CFO violated one of the basic principles of internal control, segregation of duties, when he assigned recording responsibilities to the person in charge of making bank deposits. This error allowed her to steal funds and then cover up the theft through fraudulent recording of transactions. Reconciliation of the bank statements, a normal check on the recording function, was also put in her hands and allowed the cover up to continue.
Once we had established what had happened, the CFO realized his error and took steps to reestablish segregation of duties and proper controls. Of course, at that point it was too late to recover a large portion of the cash that had been diverted by the embezzler. Adherence to basic principles of internal control is a necessity in all organizations and increases the likelihood of avoiding situations such as this one. Hopefully, management of organizations will recognize this and will not have to learn by experience like the CFO in this case.