I don’t usually cover the same topic three weeks in a row. But I couldn’t resist a third post about fraud after reading a recent Internal Auditor article, “The Lottery Loser,” by Art Stewart. The article highlights yet another example of bad things happening when one person has too much unchecked control.
Mr. Stewart summarizes and comments on a CNBC news report about a New York credit union CEO who ran a fraud totaling $6 million since 2013. His methods included depositing credit union funds into his personal account and submitting personal expenses for business reimbursement. Read the full article here for Mr. Stewart’s take on three critical measures that organizations can take to prevent a fraud like this from happening. https://bit.ly/2sQWeyn
Here are a few of my thoughts:
Oversight – Regardless of power or position, financial activities conducted by senior leadership should be overseen by someone who is independent of that activity. Organizations can implement periodic, independent reviews of financial transactions and variance/trend reporting to detect and act upon inappropriate activity. Larger organizations often have an internal audit or compliance function to perform oversight duties. Nonprofits usually delegate these reviews to the Board’s Treasurer.
Financial Controls – Implementing exception reporting, segregation of duties and other financial controls decreases opportunities for inappropriate financial activity to go undetected – or could prevent them from happening at all. In the case of Mr. CEO, an authorized check signer should not have access to blank checks. The account reconciliation, another important financial control, must have been poorly designed or performed, since it failed to detect a flagrant check-writing fraud for four years! A poorly-executed control is just as bad as no control at all.
Human Resource Management – Trust is great, but organizations need to protect themselves with policies and processes to verify that people in positions of trust are trust-worthy. Processes are also needed for times when trust is broken. Periodic background and credit checks can reveal personal or financial stresses that could lead to fraud. Mr. CEO’s financial losses would have shown up in his credit report and raised a red flag at the credit union. Whistle-blower reporting policies and mechanisms provide an anonymous way to bring inappropriate activity to light without risk of repercussion.
A fraud that goes on for years means that one person had too much unchecked control over financial assets, transactions or reporting. When that “one person” is the CEO or other member of senior leadership, the risk of loss can spike due to his or her access to the organization’s finances. Taking Mr. Stewart’s and my advice on the three critical measures to prevent a fraud could keep your organization from being victimized like that New York credit union.