Guest Author - Consuelo Herrera, CAMS, CFE
Lack of internal controls is not an option. Losses arise as a result of wrongdoing or fines are imposed to corporations, especially in public companies, when management fails to exercise due care and proper supervision of employees.
The Securities and Exchange Commission fined an organization that failed to supervise employees who behave improperly. It portrays corporate responsibility when it comes to prevent and detect misconduct and implement controls. In this case, a broker-dealer company was charged because three of its employees collectively spent more than $600,000 while entertaining traders at an investment firm in an effort to meet financial goals by generating brokerage business. Employees and supervisors were charged for violating securities laws. The SEC established that the supervisors of these employees failed to supervise them during their misconduct. The question here is how these extravagant expenses where recorded in the accounting system without raising red flags to those in charge of the financial records? Some of the expenses incurred included trips to destinations such as Europe, the Bahamas, the Caribbean, and Florida, often by private plane. The executives’ meals and lodging at high-end hotels were also paid along with race car driving lessons, adult entertainment, and, on top of it, approximately $50,000 was contributed toward an executive bachelor party in Miami.
How did the SEC uncover this scheme? Was it because an accountant voiced out his or her concerns about these exorbitant expenses? Being willfully blinded is against professional standards and undermines the trust bestowed on accountants. The Statement of Auditing Standards SAS 78 “Consideration of Internal Control in a Financial Statement Audit”, which amended SAS 55 incorporates the common critical elements of internal control systems in the Committee of Sponsoring Organizations of the Treadway Commission (COSO) report, defines internal control as a process designed to provide reasonable assurance regarding the achievement of objectives for reliable financial statements, effective and efficient operations, and compliance with applicable laws and regulations.
Examiners are advised that when they begin an examination, they first should review and evaluate the adequacy and effectiveness of the internal control system. If they discover areas where internal controls are inadequate, they should expand the scope of examination to determine whether there are any safety and soundness concerns.
A set of internal control procedures is imperative in each organization or otherwise, mitigating factors that help safeguard assets, ensure adherence to company policies, and promote efficiency, and ensure issuance of reliable financial information. Efficiency is the accomplishment of or ability to accomplish a job with a minimum expenditure of time and effort, or to obtain the best outcome at the lowest cost.
Management sets the tone in an organization by having in place a Code of Ethics and monitoring adherence to ethical standards that must be published and made known to employees across the organization.
A practical means of identifying potential risks or weaknesses is by using management’s implicit assertions of (1) existence or occurrence, (2) completeness, (3) rights and obligations, (4) allocation, (5) presentation and disclosure. Control-related policies and procedures designed to compensate for such risks are categorized as follows: (1) authorization, (2) properly designed records, (3) security of assets and records, (4) segregation of incompatible duties, (5) periodic reconciliations, (6) periodic verifications, (7) analytical review, (8) and timely preparation of financial reports in conformity with generally accepted accounting principles.
Although schemes such as the one described above do not happen every day because of the amount, organizations lose millions to fraud schemes perpetrated due to lack of internal controls or mitigating factors when the cost of implementing internal procedures outweighs the benefits in small organizations. Simple steps such as proper authorization and segregation of duties render visible cost-savings. Do not allow any employee to be in a position of both commit fraud and conceal it.