Peter Singer, the head of a marketing department at an event company, was retiring but agreed to stay on for six months to transition the new department head. On day two of the transition, the incoming department head called the CAE and left a voicemail message saying something odd was going on and urged him to take a look.
During the investigation, the CAE found that Singer purchased marketing services from a vendor to support revenue targets for a specific product. Although that seemed reasonable, the audit also revealed that Singer was holding US$500,000 in late invoices from the vendor, a significant amount to the company. Some invoices were overdue by 18 months, well past the typical 45-day average pay cycle. The vendor representative sent numerous emails to Singer complaining about the invoices.
The invoices were being paid increasingly late beginning several years earlier, when the budget for this marketing service was reduced by US$400,000. This was due to the belief that the vendor’s services were less useful as the product became more established in the marketplace. If the invoices had been paid timely, Singer would have been over budget. The invoices were never sent to accounts payable, as Singer asked the vendor to send the invoices directly to him. In addition, Singer never disclosed these commitments during the monthly financial close process.
Singer sent emails requesting that the vendor reduce the amounts of the invoices so that he could avoid additional approvals. The vendor complied by splitting invoices. Singer also developed a close personal friendship with the vendor representative — they would often go on trips together with their spouses. They were so close that, when Singer’s wife lost her job two years earlier, the vendor representative offered her a position at his firm.
As seemingly fraudulent events like this are investigated, internal auditors are often quick to look for the motivations and benefits to the perpetrators. Although the situation unraveled with a lot of juicy, and often irrelevant, tidbits of information along the way, management wanted internal audit to focus on one question: Why did Singer do it?
After hundreds of hours of research and several hours of interviews, internal audit was left with a troubling assessment of Singer’s behavior. He had committed fraud. He lied to the company about spending money with the vendor by making it appear that he was on budget, evidenced by the outstanding invoices. He was aware of these outstanding invoices, as they were piled up on his desk. He worked hard to circumvent internal controls for authorizing and recording the invoices, and the vendor representative conspired with him to circumvent company authorization limits. Because of this activity, the company had a US$500,000 debt for services it did not authorize, value, or want.
In the end, there was no direct and convincing way to prove that Singer received any benefit from the vendor. In the eyes of management, this made the behavior much less grievous and “not quite fraud.” Internal audit was able to convince management that Singer intentionally circumvented internal controls to conceal the budget overrun, so he was asked to leave a few months earlier than planned. Consequently, management changed the policy to have all invoices sent directly to accounts payable to avoid future errors. However, management paid the outstanding invoices without confronting the vendor about its part in knowingly evading internal controls.
The absence of a clear-cut villain stealing from the company left management wondering what the concern was about. As a result, management sent a muddled message about what is acceptable and missed an opportunity to strengthen the company’s defenses against future fraud.
Fraud investigations are often the most intriguing part of an internal auditor’s job. You have villains, who break rules and selfishly benefit to the detriment of the organization. Until someone catches on, that is.
However, the reality is not always so clear cut. In fact, it could be argued that the villain situation is rare. In many cases, a confused individual takes a few small steps across the line of good judgment and winds up entangled in rationalizations and good intentions. As things progress, this person hears the chirping of his or her conscience that something isn’t right, but the warning is distant and the words are muffled. In the end, the employee is baffled as to how his or her actions were perceived so negatively. The individual knows he or she could have done things better, but can’t believe the situation is being taken so seriously. Termination? Fraud? The employee is shocked by the possibility, and many times will utter the words, “But I didn’t steal.”
It is always difficult to see ordinary people fumble into bad situations. And organizations are not always prepared to handle these situations, which leads them down a messy road of uncomfortable conversations, half measures, and lackluster support.
- Organizations need to establish a clear perspective on how they want to approach fraud and its many faces. A strong fraud policy describes what the company perceives as fraud and lays out the expectations for investigation and resolution. Without a policy, fraudulent activity is often addressed by management based on the biases and perspectives associated with each unique instance.
- Internal audit should use these situations to improve the organization’s fraud perspective. Fraud is often interpreted and managed differently across organizations based on corporate culture and understanding of internal control. Although frustrating for those involved, management’s lukewarm support may be the most valuable observation from this scenario. It is an indication that there is significant work to be done to improve internal control awareness at the top of the organization.
- Internal audit has the expertise, perspective, skills, and independence to lead in these situations. Expecting others to share a clear vision of murky fraud cases is not always realistic.