James Audette was a cashier and warranty clerk for a car service repair shop. His main responsibilities were submitting warranty claims and accepting payments from customers in the form of cash, check, or credit card. Audette quickly learned the ins and outs of handling customer payments and discovered that no receipt of payment was generated for service tickets that were covered by the customer’s extended warranty. Instead, those tickets were closed to accounts receivable (warranty companies). In addition to submitting warranty claims and accepting customer payments, Audette also was responsible for creating the journal entries and posting to the general ledger. On a monthly basis, the controller would review the journal entries and general ledger account to ensure everything balanced.
It was known that money was tight for Audette and his family. In addition, his son struggled with drug addiction, and he and his wife were continually trying to help him. On several occasions, Audette had taken out personal loans from the company, but he always repaid them on time. Audette rarely missed work and was always eager to work overtime, often staying late and volunteering to work weekends to satisfy his debts.
Audette was a loyal employee. One day, however, mounting family pressures led Audette to pocket a customer’s cash payment and record the ticket as warranty work. By classifying the ticket this way and establishing the receivable, the customer would not be billed at a later date and the customer’s account balance would be accurate. Audette began to routinely close customer tickets as warranty work and pocket the money when customers paid in cash. To conceal the fraud, he would clean the schedules each month by crediting accounts receivable and debiting labor (a cost of sale account), but would provide no journal entries for these “write offs,” thus making the general ledger balance appear to reconcile with the journal entries provided to the controller for his review and reducing the physical audit trail. This activity continued for several months, with the thefts becoming larger over time until Audette was promoted to a new department within the company.
Lauren Simpson was hired to replace Audette as warranty clerk and cashier, but Audette maintained his old duties to conceal his previous thefts and continue to write off the receivables he created to avoid further detection. Simpson complained about Audette’s continued involvement in his old role so the controller restricted his access login and alerted Russell Perez, the company’s internal auditor. Perez requested that Simpson run the accounts receivable schedules older than 90 days that were not paid. She pulled the tickets, which were stamped “paid in cash.” To confirm, the general manager called the customers on those tickets and inquired about their service and ease of use of the “new credit card reader.” Each customer whose ticket was in question promptly responded by saying he or she had paid in cash and had not used the new credit card reader, thus confirming the theft of cash payments. Perez then examined the entire population of tickets closed out by Audette, going back several months, and uncovered additional tickets closed as warranty work that were actually paid in cash and later written off. Perez met with company management to discuss the likely magnitude and nature of the fraud.
Employees were alerted of the potential fraud and asked to come forward with information. Ironically, Audette came forward with his suspicions of a fellow employee. Consistent with company policy, employees were told they were going to be subject to a lie detector test. Audette never returned to work. When the company contacted him, he denied any knowledge of the fraud and stated that he did not want to work for a company that did not trust him and would accuse him of such actions.
Internal auditors worked closely with management following the detection of the fraud, performing a complete review of internal controls in the cash receipts function and other functions, as well. The comprehensive review served to not only decrease the perceived opportunity to engage in fraudulent activities among other employees, but also to detect any other abnormalities existing in other areas of the business. Internal auditors also emphasized the importance of more routine reviews of processes and key controls.
Audette’s employer did not want to consume company resources and effort with litigation so he was never prosecuted. The fraud totaled $5,000 but was likely much larger, as the audit only went back a few months to the beginning of the fiscal year and further investigation did not ensue.
- Internal auditors must emphasize the importance of segregation of duties and closely monitor any possible exceptions. In this example, having one individual responsible for the collection of cash receipts and the subsequent recording (journalizing and posting) leaves an organization susceptible to the theft of cash.
- Internal auditors must not assume that accounts that are in balance preclude the possibility of errors, omissions, or thefts.
- Access controls should be immediately updated following an employee’s promotion, termination, or changing of job responsibilities. Internal audit should be at the forefront of ensuring policies and procedures are in place to limit logical access controls and that such policies are being enforced, including annual reviews.
- Trend analysis would allow an organization to detect such fraud more timely, as the percentage of cash payments drastically increased, while the percentage of warranty service drastically decreased, over the period. Even basic analytics can aid in the foundation of an effective analytics program, while also limiting the perceived opportunity for fraud.
- An audit of a small sample of warranty claims would have revealed those tickets had previously been paid in cash.
- Routine audits are vital for all cash processes. Even the knowledge of a potential audit can help mitigate the perceived opportunity to engage in fraudulent activities. Routine execution of the audit enhances the ability to detect existing abnormalities quicker, thus mitigating the impact of any existing fraud.
- Mandatory vacations and rotation of duties could have prevented the fraud from happening, or brought it to light sooner. Internal audit should be at the forefront of ensuring policies and procedures are in place that require mandatory vacations and that those policies and procedures are being enforced. Basic queries can easily identify employees not abiding by this policy, creating another simple, yet effective foundation to any data analytics/fraud detection program.
- The most well-liked and loyal employees are capable of fraud, and often have the most opportunity to misappropriate assets. Internal auditors must continually exhibit objectivity and maintain professional skepticism through all aspects of their job.