Assess your risk to determine if a forensic audit is needed.
You’ve just accepted a new position as the Chief Financial Officer (CFO) at a fine Texas school district. You’re excited about the opportunity, ready to apply your management skills that you’ve refined over the last 15 years, and provide the assistance the Superintendent has stated is desperately needed.
The first day on the job you realize that not one account is reconciled, and in fact, last year’s books were not closed. You take a deep breath and tell yourself that things will be better tomorrow. You realize that the cash accounts have serious errors, you’ve discovered duplicate vendor payments and internal controls are, well, non-existent. You discuss this with your Superintendent and you both panic a bit and think you need a forensic audit. Something has gone terribly wrong. If this scenario sounds familiar, you’re not alone. As accountants we want things to reconcile and when they do not to this degree, we’re inclined to think that fraud is running amuck within an organization.
Oftentimes, high turnover and/or inexperienced individuals in the accounting department leave critical accounts like cash in shambles. To make things worse, segregation of duties in smaller districts are quite difficult to implement, but of course this also makes an entity more vulnerable to fraud. As an accounting firm, we want to be of service and help in way we can but sometimes we ask our clients to take a step back and really think through their options. According to Merriam-Webster forensic means “Belonging to, used in, or suitable to courts of judicature or to public discussion and debate”. A forensic audit is typically used because you need assistance with a potential court case or someone has already been caught misappropriating assets.
Before you engage a firm to perform a forensic audit, we think a few steps are very important before going this route. After you’ve assembled a team of consultants and/or qualified employees, identify internal control weaknesses and make the necessary changes. Contact your external financial statement auditors and discuss your concerns with them. Their experience conducting the previous financial statement audit could be a good start at identifying the problem areas. At a minimum, make sure there are segregation of duties in these six (6) significant areas: Human Resources, Payroll, Purchasing, and Accounts Payable, PEIMS and Information Technology. Next, ensure that critical accounts such as: cash, property taxes, state aid, inventory, prepaids, accounts payable, accrued wages, payroll liabilities, are reconciled. Through the reconciliation process you may find transactions that cause you angst.
If this is the case, then perhaps a forensic audit is needed. The Association of Certified Fraud Examiners (ACFE) has made available a great Fraud Risk Management Tool. (https://www.acfe.com/fraudrisktools-tools.aspx) that allows you to assess your fraud risk. It allows you to score a matter between 1 and 5, with 1 considered incidental and a 5 considered catastrophic.
In addition, the tool provides an example risk assessment that incudes identified fraud risk schemes. Some of these are as follows:
- Fraudulent Disbursements – Check Tampering and Expense Reimbursement Schemes
- Conflict of interest – undisclosed relationships or related party transactions that negatively impact an organizations reputation and may cause financial harm while benefiting the person with the relationship
- Cash Theft by Cyberfraud – Professional fraudsters use phishing to obtain an organization’s online banking login credentials and severely deplete the bank accounts.
- Use of fictitious vendors
- Manipulation of Liabilities/Expenses – Unrecorded vendor invoices
- Overstated/false employee qualifications or certifications
- Inappropriate journal entries
- Theft or diversion of inventory
- Cash skimming (i.e. the cash collections are taken “skimmed” prior to recording them in the organization’s books)
The key is to determine whether the accounting records you’ve inherited fell victim to sloppy accounting practices or intentional fraudulent activity. As noted before, the first order of business is to identify internal control weaknesses and make the necessary changes, even if it means making personnel changes. Next, reconcile the District’s accounts and through this process make a list of questionable items. At this point, you can decide whether to move forward with a forensic audit or not. Either way, we know it’s a huge undertaking but with the right resources you can get through it.