- Email: [email protected]
Student health services: a case of employee fraud
J. of Acc. Ed. 21 (2003) 61–73 www.elsevier.com/locate/jaccedu
Student health services: a case of employee fraud Bonita K. Petersona,*, Thomas H. Gibsonb a
Montana State University, Bozeman, College of Business, 429 Reid Hall, Bozeman, MT 59717-3040, USA b Montana State University, Bozeman, 204 Montana Hall, Bozeman, MT 59717-2440, USA Received 1 October 2001; received in revised form 1 March 2002; accepted 1 July 2002
Abstract The indicators of employee fraud often are not recognized by auditors or their clients until after financial losses have been incurred. Employee fraud costs society hundreds of billions of dollars every year [The Association of Certified Fraud Examiners. (2002). Report to the nation on occupational fraud and abuse. Austin: ACFE], and as such, it is increasingly important for auditors and accountants to have fraud prevention and detection skills. This nonfictional case of employee fraud in a university setting is designed to expose students to several different fraud issues. Topics covered in this case include: an explanation of why people commit fraud; the profile of the typical fraud perpetrator; recognizing red flags that may indicate the presence of fraud; the importance of a strong system of internal controls in preventing and detecting fraud; and audit procedures that may help to detect a skimming scheme. This case is appropriate for use in a first auditing course or a fraud examination course. # 2002 Elsevier Science Ltd. All rights reserved. Keywords: Fraud; Asset misappropriation; Skimming scheme; Embezzlement; Red flags
1. Introduction This nonfictional case exposes students to a classic occurrence of employee fraud where the perpetrator was a long-time, trusted employee. This fraud is not an ingenious scheme committed by a criminal mastermind, but a case of a low-level employee who stole nearly three-quarters of a million dollars from her employer over a 13-year period. The six learning objectives this instructional case is designed to achieve are: (1) to help students understand why people commit fraud, (2) to identify demographic and * Corresponding author. Tel.: +1-406-994-4620; fax: +1-406-994-6206. E-mail addresses: [email protected] (B.K. Peterson), [email protected] (T.H. Gibson). 0748-5751/03/$ - see front matter # 2002 Elsevier Science Ltd. All rights reserved. PII: S0748-5751(02)00016-7
62
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
psychological characteristics of a typical fraud perpetrator, (3) to give students practice in identifying red flags that may indicate the presence of fraud, (4) to provide students with a greater appreciation of the crucial importance of internal controls in helping to prevent and detect fraud, (5) to give students experience in identifying audit procedures that can help detect a skimming scheme, and (6) to enlighten students about the prevalence of fraud, the potential difficulty in detecting fraud, and how people can be affected directly or indirectly by a fraud. Because this case occurred in a university setting, students should realize that fraud can, and does, occur anywhere. When working the case, students use the factual information provided and apply their own knowledge of internal control principles and auditing procedures to arrive at solutions for the discussion questions.
2. Case 2.1. Background The campus student health services (SHS) was relatively small in terms of revenue generated annually when compared to other university departments. For example, in the mid-1980s, the SHS reported about $4 million per year in revenue, while the university recorded revenue of approximately $175 million annually. Most of SHS’s revenue was earned from providing various general health services for students, such as diagnosing health problems, performing X-rays, filling prescriptions, drawing blood, performing throat cultures, casting broken bones, and giving shots. Prior to 1984, the SHS was funded entirely by a health fee charged to all students. Starting in 1984, however, the SHS began charging students an additional fee for services rendered, which varied depending upon the type of service performed. Payment was made by students, usually with cash or a personal check, at the time the service was provided. In 1986, the university’s internal audit department performed a random audit of the SHS. During this audit, the auditors noted that there were insufficient procedures in place to adequately track revenue earned by the SHS. The internal audit department recommended that the SHS implement the use of prenumbered multiple-copied receipts for all services provided. The copies were to be distributed so that the physician or department performing the service kept copy 1, the cashier kept copy 2, and copy 3 was given to the student as a receipt. In addition, the internal auditors recommended that the SHS account for all receipts on a daily basis, including any voided copies of the receipt forms, and reconcile the total receipts to the daily deposit. Shortly after the completion of this audit, severe university budget cuts eliminated two of the three internal audit department staff positions. Consequently, there were insufficient personnel to follow up on the implementation of recommended control procedures at the SHS.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
63
2.2. The fraud perpetrator Bess Lear was a pleasant, quiet woman who had lived virtually all of her life in the area and graduated from a local high school in 1972.1 In 1979, Bess and her husband built a modest home a few miles from town. While her husband worked as a warehouseman, Bess stayed at home and raised their daughter and son. When her children were old enough to begin school, Bess began her employment with the SHS in 1984. Although Bess eventually worked her way up to the position of cashier supervisor, she never earned more than $20,000 a year in salary. No one was surprised when Bess was promoted to cashier supervisor because she was considered to be a model employee. Bess usually came to work early and left late, and she rarely took any time off. The only vacation time she took was when the students were gone during university holidays and the SHS was closed. Bess got along well with her co-workers, and always remembered their birthdays, anniversaries, and other special occasions with a gift. Usually, she also would take a co-worker out to lunch to celebrate a birthday. In addition, Bess was always willing to help her co-workers whenever necessary. For example, if it was late and preparation of the daily deposit had not been completed, Bess volunteered to finish the task so her co-worker could leave. As the SHS volume of business grew and the workday became busier, Bess usually would prepare the daily cash deposit at her home in the evening. Given all these characteristics, SHS management considered her ‘‘one of the best employees we ever had in the SHS.’’ When the SHS began charging students a fee for services, Bess worked closely with the internal audit department to establish the system for keeping track of the cash. She was very helpful in devising the Services Provided Form. This new, unnumbered form was prepared in triplicate. Throughout the day, Bess would collect the copy retained by the physician or department performing the service, supposedly to match that copy with the cashier copy to ensure each student had paid for all drugs and services received. These cash recording and handling procedures remained unchanged throughout Bess’s employment. Shortly after Bess began working at the SHS, her husband suffered a serious back injury on the job and was no longer able to work. A few years later, one of her children was involved in a car accident and incurred large, uninsured medical bills. Despite the hardship at home, Bess continued her dedicated service to the SHS, working long hours and seldom taking a vacation. 2.3. The first clue Banks are required by federal law to report suspicious transactions to the US Treasury under the Bank Secrecy Act. Specifically, banks are required to complete a Currency Transaction Report (CTR) for daily currency transactions of $10,000 or 1
The facts in this case have not been altered; however, the names of the individuals involved have been changed.
64
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
more. In addition to the dollar amount of the transaction, a CTR lists the identity, address, and social security number of the person making the cash transaction. For the years 1990–1996, Bess made cash deposits into her personal bank account totaling $195,972. The deposits included $59,000 for 1995 and $24,500 for the first 7 months of 1996. These figures do not include her paychecks, which were electronically deposited into her account. Her husband, on workers’ compensation, never received more than $13,500 a year during this time period, ruling out his income as a likely source of the deposited funds. As required by federal law, Bess’s bank filed the mandated CTRs in a timely manner with the US Treasury Department. However, only about 0.5% of the approximately 10 million annual CTRs are tagged as suspicious (ACFE, 1998). The Criminal Division of the Internal Revenue Service (IRS) is charged with investigating these suspicious transactions, but the IRS does not have enough personnel to follow up consistently. As a result, reports of suspicious CTRs are used more often to support an investigation already underway than to initiate an investigation (ACFE, 1998). Perhaps not unexpectedly then, nothing happened in Bess’s case until an FBI agent in another town noticed the reports. He had previously worked with a state Criminal Investigation Bureau agent, Will Catchia, and he told Catchia about the reports. Catchia then initiated the investigation on behalf of the state. 2.4. The fraud investigation Catchia started a preliminary investigation in September 1996, in cooperation with the university’s internal audit department and the state’s legislative auditor’s office. During the initial stages of the investigation, Bess continued working in her position as cashier supervisor at the SHS so that the investigators might be able to gather some concrete evidence of fraud without arousing suspicion. Discussions with SHS management revealed some unsettling information. A new director of the SHS had been hired almost 2 years earlier, and he believed the prior director did not fully understand the accounting system. In fact, he was beginning to believe that money was missing from the SHS, but was at a loss to explain how much was missing or how the money was disappearing. However, he did know that a fiscal analysis showed that the established profit margin percentage at the SHS had not changed. Yet, even though more students were paying the SHS fees and the SHS’s total costs were increasing due to the growth in the volume of services provided, net profits were decreasing. Investigators reviewed Bess’s leave records and found that she never reported using any vacation or sick leave. They discovered that if she was sick and could not come in to work, she would nonetheless come in at night and prepare the deposit. While in hindsight this routine may seem unusual, she told her co-workers at the time that she did not want to ‘‘infect’’ them and no one questioned this practice. After some lengthy discussions, the state investigators decided to implement a ‘‘sting operation’’. The plan was to send some university students working for the campus internal audit department into the SHS with marked currency to pay for their medical services, and then to determine if those specific marked bills made their
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
65
way into the daily university business deposit or to her personal bank account. This fact could be determined easily since the daily SHS deposit was given to the university’s business office, where deposits from various departments (bookstore, cafeteria, etc.) were consolidated and submitted for a daily deposit to the bank. The sting worked not once, but six times before 8 November 1996, when officials stopped Bess’s Ford Explorer on her way home and took her to the sheriff’s office for questioning. The detectives found $343 in Bess’s possession during the interview, including a $50 bill—one of the photocopied bills. While searching her vehicle, police discovered a computer disk that contained a spreadsheet detailing her thefts over the past several years. Apparently, Bess prepared the spreadsheet in case any questions arose about the deposits. The disk also contained all of her personal credit card numbers and account use information. In addition, police found the entire day’s SHS deposit in a bank bag in the front seat of her car. Bess was immediately suspended by the university without pay. To estimate how much money was missing from the SHS, the university’s internal auditor put together detailed comparisons of SHS deposit receipts prepared by Bess. He compared the cash-to-check ratio of the deposits before Bess’s suspension and for several weeks afterwards. He found that when Bess prepared the deposit, the ratio was consistently $1 cash for every $66 in checks. After her suspension, the ratio changed to $1 cash for every $2 in checks. Although a second cashier was employed at the SHS, Bess (as cashier supervisor) had closed out the registers and prepared the daily deposits. The cash taken by Bess was then estimated based on the difference in the ratio times the total check deposits over her employment term as the cashier supervisor. As a result, investigators conservatively estimated her total embezzlement to be over $757,000.2 2.5. The charge and the plea Prior to the conclusion of the investigation, Bess had never been charged with any recorded crime. However, in January 1998, the County Attorney charged Bess with five counts of felony theft and five misdemeanor counts of failing to report income and pay state taxes on the money she was accused of stealing.3 These 10 charges represented one felony charge for every year the thefts occurred since 1993 and one misdemeanor charge for each of the last 5 years for the alleged filing of fraudulent state income tax returns (the state’s 5-year statute of limitations on felony crimes affected the charges). The County Attorney combined the oldest alleged thefts, from 1984 to 1992, in one felony count because state law says there is no statute of limitations for a
2 Investigators routinely rely on bank and credit card records to compile embezzlement figures, however, these records typically are retained for only five years. In this case, the County Attorney believed that the amount of cash stolen by the SHS cashier supervisor was so consistent that a small sampling of the cash-to-check discrepancy could be applied to all 13 years of her employment. 3 The investigation revealed that per Bess’s tax returns for the years 1990–1996, the Lears’ combined income totaled no more than $33,500 a year. None of the frequent cash deposits to her bank accounts had been included on her tax returns.
66
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
‘‘public officer’’ who steals public funds. If convicted, Bess would face up to 10 years in prison and up to a $50,000 fine for felony theft. In March 1998, Bess pleaded guilty to four felony counts of theft and five misdemeanor tax evasion charges. However, she pleaded ‘‘not guilty’’ to the tenth count, a felony theft charge making up nearly $500,000 of the amount investigators claim she embezzled from 1984 to 1992. Her attorney stated the amount the County Attorney accused her of stealing was too high, and Bess was not guilty of the charge. When the County Attorney was asked by reporters where did all the money go, he responded, ‘‘Every indication I have is that this is a lifestyle thing, and there are no significant assets out there to obtain restitution.’’4 2.6. The sentencing In July 1998, Bess faced the judge for sentencing. Her attorney placed a psychologist on the stand who testified that her fears of not being able to support her family were so real to her that she believed they were worth stealing for, but the judge was not swayed. For three counts of felony theft, she received 30 years in the state’s women’s prison, with all 30 years suspended. But for the fourth theft count, she was committed to the Department of Corrections for 5 years, with an order that she serve at least 6 months in prison.5 In addition, the judge ordered that she pay restitution to the university and perform 250 hours of community service for the five misdemeanor counts of state tax evasion.6
3. Discussion questions
1. Identify the control objective(s) that would be satisfied by the recommendations the internal auditors proposed during their 1986 audit. Explain how each objective would be met by the recommended procedures. 2. Explain how the tasks performed by Bess violate the basic principle of segregation of duties. 3. Because the university is a state-funded entity, the state’s Office of the Legislative Auditor (OLA) served as the external auditor and audited the uni4 Further investigation into Bess’s spending habits revealed she owned five vehicles, including a vehicle purchased for one of her children; she was paying off large medical bills for an uninsured child who was in a car accident; she had a taste for very expensive clothing; she owned several horses; and she had credit card bills that were ‘‘astronomical’’ in the words of one investigator. When examining the past 5 years of her credit card expenditures, investigators found the stack of bills measured six inches high, with each page of a bill typically containing about 60 entries. 5 The fifth theft count was dropped because the alleged thefts fell outside the state’s prosecution statute prohibiting people from being charged with crimes more than five years old. The County Attorney determined that the exception to the five-year statute of limitations (i.e. the perpetrator holding a position as a public official) probably would not apply. 6 The State Department of Revenue had already filed a lien against her in County District Court for $123,500—the amount of taxes she owed on the embezzled funds.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
4.
5.
6.
7.
67
versity’s financial statements annually. Explain why Bess’s fraud remained undetected by the auditors for 13 years. Fraud is sometimes considered to be a victimless crime. Who ultimately was affected by the actions of the SHS cashier supervisor? How might each party have been affected? Fraud researchers have coined the phrase ‘‘fraud triangle’’ to help explain why people commit fraud (Wells, 1997). The three elements that make up the fraud triangle are pressure (the motive to commit the fraud), perceived opportunity (the perception to be able to commit the fraud and remain undetected), and rationalization (to provide a morally acceptable excuse in the mind of the fraud perpetrator to justify why the crime is not really a crime). All three elements must be present for a fraud to occur. Apply the fraud triangle to this case, and describe the pressure, perceived opportunity, and rationalization that allowed the SHS cashier supervisor to perpetrate her fraud. With the three elements of the fraud triangle in mind, how could this fraud have been prevented or detected sooner by the SHS management? What procedures might the state’s auditors have performed to detect this fraud in a more timely manner? What red flags were present in this case that could have helped management or the auditors suspect fraud? Considering the red flags exhibited, how was the SHS cashier supervisor able to perpetrate this fraud for 13 years without arousing suspicion?
4. Teaching notes 4.1. Overview Most fraud cases focus on management fraud or fraudulent financial reporting (e.g. Beasley, Buckless, Glover, & Prawitt, 2003; Boockholdt, 2000; Calderon, Conrad, & Green, 2000). This case exposes students to the other major category of fraud identified in SAS No. 82 (AICPA, 1997), employee fraud involving the misappropriation of assets. Fraudulent financial reporting cases account for less than 4% of fraud litigation, but are the most costly frauds and, consequently, they receive greater publicity. However, asset misappropriation cases are more common, accounting for nearly 80% of the cases of reported fraud (Wells, 2000). This case may be used in an introductory internal or external auditing course, or in a fraud examination course. One author has used the case as an introduction to internal controls and fraud risk factors when discussing SAS No. 82 (AICPA, 1997) in an introductory external auditing course. The author’s experience is that students have a keen interest in the case since it occurs in a university setting, where many students have utilized a campus student health services center. Instructors may wish to provide students with recent fraud statistics. KPMG periodically conducts a US fraud survey (KPMG, 1998). Similarly, Ernst and Young
68
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
began conducting an international fraud survey in 1996 and performs new international surveys every 2 years in order to monitor changes in the environment in which fraud occurs (Ernst & Young, 2000b). Additional statistics may be gathered from the Association of Certified Fraud Examiners (ACFE, 2002).7 When providing students with fraud statistics, emphasize that the statistics are estimates due to the concealed nature of fraud and the embarrassment often suffered by the victim at being defrauded. However, these estimates are alarming. For example, KPMG (1998) reported that 62% of its respondents were aware that fraud occurred in their organizations during the prior year, with the median loss due to fraud being $116,000. The ACFE (2002) estimates that fraud costs US organizations more than $600 billion annually. Ernst and Young’s (2000b) survey found that more than two thirds of respondents have suffered from fraud in the prior 12 months, and almost 1 in 10 have suffered more than 50 frauds. 4.2. Suggested solutions
(1) Identify the control objective(s) that would be satisfied by the recommendations the internal auditors proposed during their 1986 audit. Explain how each objective would be met by the recommended procedures. The internal auditors’ recommendations were designed primarily to help satisfy the control objective of completeness (did all the cash coming into the SHS get recorded and deposited?). Using prenumbered multiple-copied receipts for all services and accounting for these documents daily would allow the SHS to determine if any receipts, and the resulting cash, were missing. Further, by reconciling the daily total receipts to the daily deposit amount, the SHS would have assurance that all cash received was deposited. (2) Explain how the tasks performed by Bess violate the basic principle of segregation of duties. Bess’s duties violated the basic principle of segregation of duties because she performed the incompatible functions of custody and recordkeeping. When these functions are combined in one individual, it is possible to steal the asset (cash) and conceal the crime by manipulating the related records (such as not recording all the revenue), as Bess did.
7 The instructor also may wish to make students aware of the existence of The Association of Certified Fraud Examiners (ACFE), an organization established in 1988 and presently numbering nearly 26,000 members. The organization is the largest anti-fraud association in the world, and is dedicated exclusively to its single mission of reducing white-collar crime. The Certified Fraud Examiner (CFE) certification program is offered through the ACFE. Interested students can contact the ACFE at the following address for more information: Association of Certified Fraud Examiners; The Gregor Building; 716 West Avenue; Austin, Texas 78701. The ACFE can also be contacted at 800–245–3321 or http://www.cfenet.com.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
69
(3) Because the university is a state-funded entity, the state’s Office of the Legislative Auditor (OLA) served as the external auditor and audited the university’s financial statements annually. Explain why Bess’s fraud remained undetected by the auditors for 13 years. The SHS cashier supervisor embezzled an average of slightly less than $60,000 a year for 13 years. This amount represented approximately 1.5% of the SHS’s total recorded revenues ($4 million) in the early stages of the fraud. When the embezzled dollars are compared to the university’s financial statements, the amount equals less than 0.04% of the university’s total revenues ($175 million). This percentage is clearly immaterial. Thus, for the OLA auditors to miss the fraud is not at all unusual. (4) Fraud is sometimes considered to be a victimless crime. Who ultimately was affected by the actions of the SHS cashier supervisor? How might each party have been affected? Victims in this case include the state university, the students, the taxpayers of the state, the SHS co-workers, and the family and friends of the SHS cashier supervisor. This fraud was very costly to the university. The university carried fidelity insurance on all employees, with the expectation that any loss suffered from employee asset misappropriation would be an insured loss once the perpetrator was found legally guilty. However, the university received no insurance benefits because the insurance company claimed there was lack of ‘‘timely notice’’, as required in the contract, while the university was investigating the fraud. The university changed insurance carriers, but now must pay premiums four times greater. Since the university is a state-funded entity, the taxpayers are ultimately affected through the payment of higher taxes to support the university without suffering any reduction in the quality or level of services. In addition, students are paying higher SHS services fees to ensure adequate operating capital. Co-workers and friends are affected by the shock of the realization that Bess was not all that she seemed. A violation of trust occurred. Despite Bess’s confession, it is still too difficult for some co-workers to accept that she committed this crime and they adamantly insist that Bess is not guilty. Finally, Bess’s family was affected in multiple ways. They had to endure the embarrassment of the negative publicity surrounding the case, their house and many belongings were sold to raise money for the restitution Bess was ordered to pay, and they had to live without Bess for 6 months while she served time in prison. Further, because of her criminal record Bess can find only low-paying jobs for herself, so the family’s income has been permanently affected. (5) Fraud researchers have coined the phrase ‘‘fraud triangle’’ to help explain why people commit fraud (Wells, 1997). The three elements that make up the fraud triangle are pressure (the motive to commit the fraud), perceived opportunity (the perception to be able to commit the fraud and remain undetected), and rationalization (to provide a morally acceptable excuse in the mind of the fraud perpetrator to justify why the crime is not really a crime). All three elements must be
70
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
present for a fraud to occur. Apply the fraud triangle to this case, and describe the pressure, perceived opportunity, and rationalization that allowed the SHS cashier supervisor to perpetrate her fraud. The cashier supervisor’s pressure to commit the fraud was financial because she had difficulty paying for basic necessities with her modest salary and her husband’s workers’ compensation. Besides his medical expenses, she had a mortgage to pay and two children to support. However, once she began stealing money without being caught, the temptation to continue was too great. Soon, she found herself spending money on luxury items (new vehicles, horses, more expensive clothing) and used the embezzled funds to support a lifestyle much more extravagant than her legitimate salary could provide. Perception is the key with the second element. The opportunity to commit and conceal the fraud need not actually exist, but perpetrators must believe they will remain undetected. For the SHS cashier supervisor, the lack of properly functioning internal controls provided both a perceived and actual opportunity. The third element, rationalization, is unique to fraud perpetrators—bank robbers, for example, do not need to rationalize their actions. According to a psychologist’s testimony during Bess’s sentencing, however, she believed she needed the money to support her family. Perhaps in her mind, no one specific person was being hurt by her thefts. (6) With the three elements of the fraud triangle in mind, how could this fraud have been prevented or detected sooner by the SHS management? What procedures might the state’s auditors have performed to detect this fraud in a more timely manner? This fraud could have been easily prevented with proper controls (i.e. eliminating the perceived opportunity). Separating the incompatible functions of cash recording and cash custody, independent reconciliations of cash received and cash deposited, mandatory vacations with other personnel performing duties during the employee’s absence, use of sequentially prenumbered Services Provided Forms and accounting for the numerical integrity of such documents, are a few of the controls that would have helped to prevent this fraud from occurring.8 Bess was engaged in a ‘‘skimming’’ scheme, a fraud where an employee sells goods or services to a customer, collects the payment, but makes no record of the sale. This scheme is the most common form of cash misappropriation (Wells, 2002). The fraud might have been detected sooner if management had been properly educated about the red flags of fraud. If the auditors had been alerted by SHS management about the red flags displayed by the cashier supervisor, suspicions of potential fraud would have arisen much 8
Ernst and Young (2000a) suggests that preventing fraud should be a two-pronged approach. First, ensure that opportunities to commit fraud do not arise by identifying weaknesses in the system and establishing appropriate controls. Second, ensure that fraud perpetrators believe they will be caught if they commit fraud. The firm suggests that a business develop a fraud policy that should make clear that fraud is unacceptable and all instances of suspected fraud will be treated seriously and dealt with swiftly. This policy should be very clear about management’s intent to prosecute cases of fraud.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
71
earlier. Any weaknesses in the control system could be identified and a search for evidence to confirm any suspicion of fraud could be conducted. For example, if the auditors had compared the amount of X-ray film purchased to the number of X-rays taken and the amount of X-ray revenue recorded for a certain period of time, unexplainable discrepancies would arise because the cash receipts associated with X-rays were separately identifiable.9 Unfortunately, management had not been knowledgeable about the warning signs of fraud. Conducting periodic training seminars for management on the nature of fraud and its warning signs could have been a useful proactive step by the state auditors.10 ‘‘Diligent inquiry’’—asking employees some very direct but nonaccusatory questions about fraud—is being proposed as a useful method of detecting fraud (Wells, 2001b). Approximately 80% of all frauds are discovered through tips and complaints because many times the best clues about fraud come not from the books, but from people working with the perpetrator. Although an embezzler normally carries out the crime alone, the perpetrator conspicuously spends the money and usually there are at least a few co-workers who have noticed. Questions such as, ‘‘Do you know of any co-workers who are having personal financial difficulty?’’ and ‘‘If someone wanted to commit fraud against the company, what would be the easiest way to do it?’’ are examples of these questions. Students might suggest periodic surprise cash counts performed by internal auditors, but this technique was not successful in detecting this fraud. The auditors found that the surprise cash counts always balanced with the recorded revenue and Services Provided Forms present at the time of the count. No cash discrepancy was discovered because the fraud was perpetrated during the closing of the daily business. Although some Services Provided Forms were discarded, this irregularity was not detected because the documents were not sequentially prenumbered. Timely implementation of the internal auditors’ recommendations and subsequent follow-up reviews probably would not have detected the fraud. Rather, these measures more likely would have the effect of preventing the continuation of this fraud. Bess would have understood the controls now in place and probably would have stopped her scheme. However, if she did not understand the new controls in effect, her fraud would have been detected when the sequentially prenumbered Services Provided Forms were accounted for by a person independent of the cash custody function. Also, reconciling cash received to cash deposited would have revealed the embezzlement. (7) What red flags were present in this case that could have helped management or the auditors suspect fraud? Considering the red flags exhibited, how was the SHS cashier supervisor able to perpetrate this fraud for 13 years without arousing suspicion? 9
Under the internal controls initially established, each service provided by the SHS was separately identifiable on the Services Provided Form. 10 The state’s new insurance carrier required that a statewide fraud training program be conducted for management at all state-supported agencies.
72
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
Numerous red flags were present that could have helped management or the auditors suspect fraud, including: Lifestyle changes. Arguably the biggest red flag in this case was the lifestyle the SHS cashier enjoyed that could not possibly be supported by her $20,000/year salary. With an unemployed husband and two children to support, she managed to purchase several new vehicles, owned her own home with acreage for her horses, developed a taste for expensive clothing, and frequently took her coworkers to lunch and bought them gifts for birthdays and other occasions. Many of these lifestyle changes were visible to her co-workers. Use of sick leave/vacation time. The SHS cashier supervisor never took any time off, even if she was sick. These actions are beyond that of a dedicated, loyal employee. Lack of internal controls. There was a lack of proper segregation of duties and there were no independent reconciliations to verify that all cash that was received by the organization was recorded and deposited. In addition, investigators discovered that the three-part receipts were not prenumbered, as had been recommended by the internal audit department.11 Excessive hours worked and/or lack of delegation of apparently mundane tasks. The SHS cashier supervisor took her vacations when the university was closed. She usually came to work early and left late, and took no sick leave. She always prepared the daily deposit, although there was another cashier who could have assisted with, or completed, that task. Unusually low profit level with no ready explanation. This red flag might have eventually led to the discovery of the fraud had not the FBI agent noticed the bank’s CTR, which triggered the investigation. Placing too much trust in a key employee. Most people do not initially begin their employment for the purpose of committing fraud (Wells, 2001a). But given the right set of circumstances, ordinary people like the SHS cashier supervisor can and do commit fraud. Missing documentation. If a colleague requested that Bess produce a copy of a particular Services Provided Form, she might not be able to provide it if she had already destroyed the incriminating evidence. She then would need to offer some plausible explanation. One possible ‘‘explanation’’ might be that she had misplaced the document, but would find it shortly.12 11 Missing internal controls were compounded by lax management and a significant and prolonged understaffing of the internal audit department. The SHS director for most of the fraud period did not fully understand the accounting system. Management is responsible for the implementation of controls. If management does not understand the system, then it cannot properly understand the risks and the controls required to minimize the risks. Further, an inadequately staffed internal audit department will have difficulty finding time to review all operations and make control recommendations. 12 KPMG’s (1998) US fraud survey found that personal financial pressure was the most widely reported (66%) red flag exhibited by fraud perpetrators. For more information on red flags, Ernst and Young (2000a) has prepared an extensive list, using the categories of ‘‘People’’ (e.g. low morale), ‘‘Processes’’ (e.g. continuing failure to correct major weaknesses in internal control where such corrections are practicable and cost-effective), and ‘‘Profits’’ (e.g. cash pressure in an otherwise profitable business).
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
73
The question about how Bess was able to commit the fraud for so long was asked frequently after the fraud was discovered, but the answer is straightforward: she was able to commit this fraud undetected for nearly 13 years because appropriate internal controls were nonexistent. No one suspected the SHS cashier supervisor because she was a trusted, well-liked employee. Fraud research finds that most members of the general public fit the profile of the typical fraud perpetrator (Albrecht, Wenz, & Williams, 1995; Robertson, 1997), making it impossible to predict who will commit a fraud. Besides being a highly regarded employee in a position of trust, the SHS cashier supervisor fits the profile of the typical fraud perpetrator in other respects. She had no prior criminal record, she spent virtually all of the embezzled funds, she looked and acted like all of her co-workers, and she committed the crime alone. Robertson (1997) also notes that fraud perpetrators are likely to be married, belong to a church, be educated beyond high school, range in age from teens to over 60 years old, be socially conforming, and have employment tenure from 1 to 20 or more years—all very common characteristics in the workforce.
Acknowledgements We would like to thank the editor, James E. Rebele, and two anonymous reviewers who made several helpful suggestions on earlier versions of this case.
References Albrecht, W., Wernz, G., & Williams, T. (1995). Fraud: bringing light to the dark side of business. Burr Ridge: Richard D. Irwin. American Institute of Certified Public Accountants. (1997). Consideration of fraud in a financial statement audit. Statement on auditing standards no. 82. New York: AICPA. The Association of Certified Fraud Examiners. (1998). Making crime pay: how to locate hidden assets. Austin: ACFE. The Association of Certified Fraud Examiners. (2002). Report to the nation on occupational fraud and abuse. Austin: ACFE. Beasley, M., Buckless, F., Glover, S., & Prawitt, D. (2003). Auditing cases: an active learning approach (2nd ed.). Upper Saddle River: Prentice-Hall. Boockholdt, J. (2000). Comptronix, Inc.: an audit case involving fraud. Issues in Accounting Education, 15, 105–128. Calderon, T., Conrad, E., & Green, B. (2000). Qualitative analytical procedures and management fraud: the case of the Regina Company. The Journal of Accounting Case Research, 5, 163–174. Ernst & Young. (2000a). Fraud: risk and prevention. London: Caspian Publishing Ltd. Ernst & Young. (2000b). Fraud: the unmanaged risk. An international survey of the effects of fraud on business. London: Ernst & Young. KPMG Peat Marwick. (1998). 1998 fraud survey. Montvale: KPMG Peat Marwick. Robertson, J. (1997). Fraud examination for managers and auditors. Austin: Viesca. Wells, J. (1997). Occupational fraud and abuse. Austin: Obsidian Publishing Co. Wells, J. (2000). So that’s why it’s called a pyramid scheme. Journal of Accountancy, 190, 91–95. Wells, J. (2001a). Why employees commit fraud. Journal of Accountancy, 191, 89–91. Wells, J. (2001b). ‘‘Why ask?’’ you ask. Journal of Accountancy, 192, 88–93. Wells, J. (2002). And one for me. Journal of Accountancy, 193, 90–92.
Student health services: a case of employee fraud Bonita K. Petersona,*, Thomas H. Gibsonb a
Montana State University, Bozeman, College of Business, 429 Reid Hall, Bozeman, MT 59717-3040, USA b Montana State University, Bozeman, 204 Montana Hall, Bozeman, MT 59717-2440, USA Received 1 October 2001; received in revised form 1 March 2002; accepted 1 July 2002
Abstract The indicators of employee fraud often are not recognized by auditors or their clients until after financial losses have been incurred. Employee fraud costs society hundreds of billions of dollars every year [The Association of Certified Fraud Examiners. (2002). Report to the nation on occupational fraud and abuse. Austin: ACFE], and as such, it is increasingly important for auditors and accountants to have fraud prevention and detection skills. This nonfictional case of employee fraud in a university setting is designed to expose students to several different fraud issues. Topics covered in this case include: an explanation of why people commit fraud; the profile of the typical fraud perpetrator; recognizing red flags that may indicate the presence of fraud; the importance of a strong system of internal controls in preventing and detecting fraud; and audit procedures that may help to detect a skimming scheme. This case is appropriate for use in a first auditing course or a fraud examination course. # 2002 Elsevier Science Ltd. All rights reserved. Keywords: Fraud; Asset misappropriation; Skimming scheme; Embezzlement; Red flags
1. Introduction This nonfictional case exposes students to a classic occurrence of employee fraud where the perpetrator was a long-time, trusted employee. This fraud is not an ingenious scheme committed by a criminal mastermind, but a case of a low-level employee who stole nearly three-quarters of a million dollars from her employer over a 13-year period. The six learning objectives this instructional case is designed to achieve are: (1) to help students understand why people commit fraud, (2) to identify demographic and * Corresponding author. Tel.: +1-406-994-4620; fax: +1-406-994-6206. E-mail addresses: [email protected] (B.K. Peterson), [email protected] (T.H. Gibson). 0748-5751/03/$ - see front matter # 2002 Elsevier Science Ltd. All rights reserved. PII: S0748-5751(02)00016-7
62
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
psychological characteristics of a typical fraud perpetrator, (3) to give students practice in identifying red flags that may indicate the presence of fraud, (4) to provide students with a greater appreciation of the crucial importance of internal controls in helping to prevent and detect fraud, (5) to give students experience in identifying audit procedures that can help detect a skimming scheme, and (6) to enlighten students about the prevalence of fraud, the potential difficulty in detecting fraud, and how people can be affected directly or indirectly by a fraud. Because this case occurred in a university setting, students should realize that fraud can, and does, occur anywhere. When working the case, students use the factual information provided and apply their own knowledge of internal control principles and auditing procedures to arrive at solutions for the discussion questions.
2. Case 2.1. Background The campus student health services (SHS) was relatively small in terms of revenue generated annually when compared to other university departments. For example, in the mid-1980s, the SHS reported about $4 million per year in revenue, while the university recorded revenue of approximately $175 million annually. Most of SHS’s revenue was earned from providing various general health services for students, such as diagnosing health problems, performing X-rays, filling prescriptions, drawing blood, performing throat cultures, casting broken bones, and giving shots. Prior to 1984, the SHS was funded entirely by a health fee charged to all students. Starting in 1984, however, the SHS began charging students an additional fee for services rendered, which varied depending upon the type of service performed. Payment was made by students, usually with cash or a personal check, at the time the service was provided. In 1986, the university’s internal audit department performed a random audit of the SHS. During this audit, the auditors noted that there were insufficient procedures in place to adequately track revenue earned by the SHS. The internal audit department recommended that the SHS implement the use of prenumbered multiple-copied receipts for all services provided. The copies were to be distributed so that the physician or department performing the service kept copy 1, the cashier kept copy 2, and copy 3 was given to the student as a receipt. In addition, the internal auditors recommended that the SHS account for all receipts on a daily basis, including any voided copies of the receipt forms, and reconcile the total receipts to the daily deposit. Shortly after the completion of this audit, severe university budget cuts eliminated two of the three internal audit department staff positions. Consequently, there were insufficient personnel to follow up on the implementation of recommended control procedures at the SHS.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
63
2.2. The fraud perpetrator Bess Lear was a pleasant, quiet woman who had lived virtually all of her life in the area and graduated from a local high school in 1972.1 In 1979, Bess and her husband built a modest home a few miles from town. While her husband worked as a warehouseman, Bess stayed at home and raised their daughter and son. When her children were old enough to begin school, Bess began her employment with the SHS in 1984. Although Bess eventually worked her way up to the position of cashier supervisor, she never earned more than $20,000 a year in salary. No one was surprised when Bess was promoted to cashier supervisor because she was considered to be a model employee. Bess usually came to work early and left late, and she rarely took any time off. The only vacation time she took was when the students were gone during university holidays and the SHS was closed. Bess got along well with her co-workers, and always remembered their birthdays, anniversaries, and other special occasions with a gift. Usually, she also would take a co-worker out to lunch to celebrate a birthday. In addition, Bess was always willing to help her co-workers whenever necessary. For example, if it was late and preparation of the daily deposit had not been completed, Bess volunteered to finish the task so her co-worker could leave. As the SHS volume of business grew and the workday became busier, Bess usually would prepare the daily cash deposit at her home in the evening. Given all these characteristics, SHS management considered her ‘‘one of the best employees we ever had in the SHS.’’ When the SHS began charging students a fee for services, Bess worked closely with the internal audit department to establish the system for keeping track of the cash. She was very helpful in devising the Services Provided Form. This new, unnumbered form was prepared in triplicate. Throughout the day, Bess would collect the copy retained by the physician or department performing the service, supposedly to match that copy with the cashier copy to ensure each student had paid for all drugs and services received. These cash recording and handling procedures remained unchanged throughout Bess’s employment. Shortly after Bess began working at the SHS, her husband suffered a serious back injury on the job and was no longer able to work. A few years later, one of her children was involved in a car accident and incurred large, uninsured medical bills. Despite the hardship at home, Bess continued her dedicated service to the SHS, working long hours and seldom taking a vacation. 2.3. The first clue Banks are required by federal law to report suspicious transactions to the US Treasury under the Bank Secrecy Act. Specifically, banks are required to complete a Currency Transaction Report (CTR) for daily currency transactions of $10,000 or 1
The facts in this case have not been altered; however, the names of the individuals involved have been changed.
64
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
more. In addition to the dollar amount of the transaction, a CTR lists the identity, address, and social security number of the person making the cash transaction. For the years 1990–1996, Bess made cash deposits into her personal bank account totaling $195,972. The deposits included $59,000 for 1995 and $24,500 for the first 7 months of 1996. These figures do not include her paychecks, which were electronically deposited into her account. Her husband, on workers’ compensation, never received more than $13,500 a year during this time period, ruling out his income as a likely source of the deposited funds. As required by federal law, Bess’s bank filed the mandated CTRs in a timely manner with the US Treasury Department. However, only about 0.5% of the approximately 10 million annual CTRs are tagged as suspicious (ACFE, 1998). The Criminal Division of the Internal Revenue Service (IRS) is charged with investigating these suspicious transactions, but the IRS does not have enough personnel to follow up consistently. As a result, reports of suspicious CTRs are used more often to support an investigation already underway than to initiate an investigation (ACFE, 1998). Perhaps not unexpectedly then, nothing happened in Bess’s case until an FBI agent in another town noticed the reports. He had previously worked with a state Criminal Investigation Bureau agent, Will Catchia, and he told Catchia about the reports. Catchia then initiated the investigation on behalf of the state. 2.4. The fraud investigation Catchia started a preliminary investigation in September 1996, in cooperation with the university’s internal audit department and the state’s legislative auditor’s office. During the initial stages of the investigation, Bess continued working in her position as cashier supervisor at the SHS so that the investigators might be able to gather some concrete evidence of fraud without arousing suspicion. Discussions with SHS management revealed some unsettling information. A new director of the SHS had been hired almost 2 years earlier, and he believed the prior director did not fully understand the accounting system. In fact, he was beginning to believe that money was missing from the SHS, but was at a loss to explain how much was missing or how the money was disappearing. However, he did know that a fiscal analysis showed that the established profit margin percentage at the SHS had not changed. Yet, even though more students were paying the SHS fees and the SHS’s total costs were increasing due to the growth in the volume of services provided, net profits were decreasing. Investigators reviewed Bess’s leave records and found that she never reported using any vacation or sick leave. They discovered that if she was sick and could not come in to work, she would nonetheless come in at night and prepare the deposit. While in hindsight this routine may seem unusual, she told her co-workers at the time that she did not want to ‘‘infect’’ them and no one questioned this practice. After some lengthy discussions, the state investigators decided to implement a ‘‘sting operation’’. The plan was to send some university students working for the campus internal audit department into the SHS with marked currency to pay for their medical services, and then to determine if those specific marked bills made their
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
65
way into the daily university business deposit or to her personal bank account. This fact could be determined easily since the daily SHS deposit was given to the university’s business office, where deposits from various departments (bookstore, cafeteria, etc.) were consolidated and submitted for a daily deposit to the bank. The sting worked not once, but six times before 8 November 1996, when officials stopped Bess’s Ford Explorer on her way home and took her to the sheriff’s office for questioning. The detectives found $343 in Bess’s possession during the interview, including a $50 bill—one of the photocopied bills. While searching her vehicle, police discovered a computer disk that contained a spreadsheet detailing her thefts over the past several years. Apparently, Bess prepared the spreadsheet in case any questions arose about the deposits. The disk also contained all of her personal credit card numbers and account use information. In addition, police found the entire day’s SHS deposit in a bank bag in the front seat of her car. Bess was immediately suspended by the university without pay. To estimate how much money was missing from the SHS, the university’s internal auditor put together detailed comparisons of SHS deposit receipts prepared by Bess. He compared the cash-to-check ratio of the deposits before Bess’s suspension and for several weeks afterwards. He found that when Bess prepared the deposit, the ratio was consistently $1 cash for every $66 in checks. After her suspension, the ratio changed to $1 cash for every $2 in checks. Although a second cashier was employed at the SHS, Bess (as cashier supervisor) had closed out the registers and prepared the daily deposits. The cash taken by Bess was then estimated based on the difference in the ratio times the total check deposits over her employment term as the cashier supervisor. As a result, investigators conservatively estimated her total embezzlement to be over $757,000.2 2.5. The charge and the plea Prior to the conclusion of the investigation, Bess had never been charged with any recorded crime. However, in January 1998, the County Attorney charged Bess with five counts of felony theft and five misdemeanor counts of failing to report income and pay state taxes on the money she was accused of stealing.3 These 10 charges represented one felony charge for every year the thefts occurred since 1993 and one misdemeanor charge for each of the last 5 years for the alleged filing of fraudulent state income tax returns (the state’s 5-year statute of limitations on felony crimes affected the charges). The County Attorney combined the oldest alleged thefts, from 1984 to 1992, in one felony count because state law says there is no statute of limitations for a
2 Investigators routinely rely on bank and credit card records to compile embezzlement figures, however, these records typically are retained for only five years. In this case, the County Attorney believed that the amount of cash stolen by the SHS cashier supervisor was so consistent that a small sampling of the cash-to-check discrepancy could be applied to all 13 years of her employment. 3 The investigation revealed that per Bess’s tax returns for the years 1990–1996, the Lears’ combined income totaled no more than $33,500 a year. None of the frequent cash deposits to her bank accounts had been included on her tax returns.
66
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
‘‘public officer’’ who steals public funds. If convicted, Bess would face up to 10 years in prison and up to a $50,000 fine for felony theft. In March 1998, Bess pleaded guilty to four felony counts of theft and five misdemeanor tax evasion charges. However, she pleaded ‘‘not guilty’’ to the tenth count, a felony theft charge making up nearly $500,000 of the amount investigators claim she embezzled from 1984 to 1992. Her attorney stated the amount the County Attorney accused her of stealing was too high, and Bess was not guilty of the charge. When the County Attorney was asked by reporters where did all the money go, he responded, ‘‘Every indication I have is that this is a lifestyle thing, and there are no significant assets out there to obtain restitution.’’4 2.6. The sentencing In July 1998, Bess faced the judge for sentencing. Her attorney placed a psychologist on the stand who testified that her fears of not being able to support her family were so real to her that she believed they were worth stealing for, but the judge was not swayed. For three counts of felony theft, she received 30 years in the state’s women’s prison, with all 30 years suspended. But for the fourth theft count, she was committed to the Department of Corrections for 5 years, with an order that she serve at least 6 months in prison.5 In addition, the judge ordered that she pay restitution to the university and perform 250 hours of community service for the five misdemeanor counts of state tax evasion.6
3. Discussion questions
1. Identify the control objective(s) that would be satisfied by the recommendations the internal auditors proposed during their 1986 audit. Explain how each objective would be met by the recommended procedures. 2. Explain how the tasks performed by Bess violate the basic principle of segregation of duties. 3. Because the university is a state-funded entity, the state’s Office of the Legislative Auditor (OLA) served as the external auditor and audited the uni4 Further investigation into Bess’s spending habits revealed she owned five vehicles, including a vehicle purchased for one of her children; she was paying off large medical bills for an uninsured child who was in a car accident; she had a taste for very expensive clothing; she owned several horses; and she had credit card bills that were ‘‘astronomical’’ in the words of one investigator. When examining the past 5 years of her credit card expenditures, investigators found the stack of bills measured six inches high, with each page of a bill typically containing about 60 entries. 5 The fifth theft count was dropped because the alleged thefts fell outside the state’s prosecution statute prohibiting people from being charged with crimes more than five years old. The County Attorney determined that the exception to the five-year statute of limitations (i.e. the perpetrator holding a position as a public official) probably would not apply. 6 The State Department of Revenue had already filed a lien against her in County District Court for $123,500—the amount of taxes she owed on the embezzled funds.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
4.
5.
6.
7.
67
versity’s financial statements annually. Explain why Bess’s fraud remained undetected by the auditors for 13 years. Fraud is sometimes considered to be a victimless crime. Who ultimately was affected by the actions of the SHS cashier supervisor? How might each party have been affected? Fraud researchers have coined the phrase ‘‘fraud triangle’’ to help explain why people commit fraud (Wells, 1997). The three elements that make up the fraud triangle are pressure (the motive to commit the fraud), perceived opportunity (the perception to be able to commit the fraud and remain undetected), and rationalization (to provide a morally acceptable excuse in the mind of the fraud perpetrator to justify why the crime is not really a crime). All three elements must be present for a fraud to occur. Apply the fraud triangle to this case, and describe the pressure, perceived opportunity, and rationalization that allowed the SHS cashier supervisor to perpetrate her fraud. With the three elements of the fraud triangle in mind, how could this fraud have been prevented or detected sooner by the SHS management? What procedures might the state’s auditors have performed to detect this fraud in a more timely manner? What red flags were present in this case that could have helped management or the auditors suspect fraud? Considering the red flags exhibited, how was the SHS cashier supervisor able to perpetrate this fraud for 13 years without arousing suspicion?
4. Teaching notes 4.1. Overview Most fraud cases focus on management fraud or fraudulent financial reporting (e.g. Beasley, Buckless, Glover, & Prawitt, 2003; Boockholdt, 2000; Calderon, Conrad, & Green, 2000). This case exposes students to the other major category of fraud identified in SAS No. 82 (AICPA, 1997), employee fraud involving the misappropriation of assets. Fraudulent financial reporting cases account for less than 4% of fraud litigation, but are the most costly frauds and, consequently, they receive greater publicity. However, asset misappropriation cases are more common, accounting for nearly 80% of the cases of reported fraud (Wells, 2000). This case may be used in an introductory internal or external auditing course, or in a fraud examination course. One author has used the case as an introduction to internal controls and fraud risk factors when discussing SAS No. 82 (AICPA, 1997) in an introductory external auditing course. The author’s experience is that students have a keen interest in the case since it occurs in a university setting, where many students have utilized a campus student health services center. Instructors may wish to provide students with recent fraud statistics. KPMG periodically conducts a US fraud survey (KPMG, 1998). Similarly, Ernst and Young
68
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
began conducting an international fraud survey in 1996 and performs new international surveys every 2 years in order to monitor changes in the environment in which fraud occurs (Ernst & Young, 2000b). Additional statistics may be gathered from the Association of Certified Fraud Examiners (ACFE, 2002).7 When providing students with fraud statistics, emphasize that the statistics are estimates due to the concealed nature of fraud and the embarrassment often suffered by the victim at being defrauded. However, these estimates are alarming. For example, KPMG (1998) reported that 62% of its respondents were aware that fraud occurred in their organizations during the prior year, with the median loss due to fraud being $116,000. The ACFE (2002) estimates that fraud costs US organizations more than $600 billion annually. Ernst and Young’s (2000b) survey found that more than two thirds of respondents have suffered from fraud in the prior 12 months, and almost 1 in 10 have suffered more than 50 frauds. 4.2. Suggested solutions
(1) Identify the control objective(s) that would be satisfied by the recommendations the internal auditors proposed during their 1986 audit. Explain how each objective would be met by the recommended procedures. The internal auditors’ recommendations were designed primarily to help satisfy the control objective of completeness (did all the cash coming into the SHS get recorded and deposited?). Using prenumbered multiple-copied receipts for all services and accounting for these documents daily would allow the SHS to determine if any receipts, and the resulting cash, were missing. Further, by reconciling the daily total receipts to the daily deposit amount, the SHS would have assurance that all cash received was deposited. (2) Explain how the tasks performed by Bess violate the basic principle of segregation of duties. Bess’s duties violated the basic principle of segregation of duties because she performed the incompatible functions of custody and recordkeeping. When these functions are combined in one individual, it is possible to steal the asset (cash) and conceal the crime by manipulating the related records (such as not recording all the revenue), as Bess did.
7 The instructor also may wish to make students aware of the existence of The Association of Certified Fraud Examiners (ACFE), an organization established in 1988 and presently numbering nearly 26,000 members. The organization is the largest anti-fraud association in the world, and is dedicated exclusively to its single mission of reducing white-collar crime. The Certified Fraud Examiner (CFE) certification program is offered through the ACFE. Interested students can contact the ACFE at the following address for more information: Association of Certified Fraud Examiners; The Gregor Building; 716 West Avenue; Austin, Texas 78701. The ACFE can also be contacted at 800–245–3321 or http://www.cfenet.com.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
69
(3) Because the university is a state-funded entity, the state’s Office of the Legislative Auditor (OLA) served as the external auditor and audited the university’s financial statements annually. Explain why Bess’s fraud remained undetected by the auditors for 13 years. The SHS cashier supervisor embezzled an average of slightly less than $60,000 a year for 13 years. This amount represented approximately 1.5% of the SHS’s total recorded revenues ($4 million) in the early stages of the fraud. When the embezzled dollars are compared to the university’s financial statements, the amount equals less than 0.04% of the university’s total revenues ($175 million). This percentage is clearly immaterial. Thus, for the OLA auditors to miss the fraud is not at all unusual. (4) Fraud is sometimes considered to be a victimless crime. Who ultimately was affected by the actions of the SHS cashier supervisor? How might each party have been affected? Victims in this case include the state university, the students, the taxpayers of the state, the SHS co-workers, and the family and friends of the SHS cashier supervisor. This fraud was very costly to the university. The university carried fidelity insurance on all employees, with the expectation that any loss suffered from employee asset misappropriation would be an insured loss once the perpetrator was found legally guilty. However, the university received no insurance benefits because the insurance company claimed there was lack of ‘‘timely notice’’, as required in the contract, while the university was investigating the fraud. The university changed insurance carriers, but now must pay premiums four times greater. Since the university is a state-funded entity, the taxpayers are ultimately affected through the payment of higher taxes to support the university without suffering any reduction in the quality or level of services. In addition, students are paying higher SHS services fees to ensure adequate operating capital. Co-workers and friends are affected by the shock of the realization that Bess was not all that she seemed. A violation of trust occurred. Despite Bess’s confession, it is still too difficult for some co-workers to accept that she committed this crime and they adamantly insist that Bess is not guilty. Finally, Bess’s family was affected in multiple ways. They had to endure the embarrassment of the negative publicity surrounding the case, their house and many belongings were sold to raise money for the restitution Bess was ordered to pay, and they had to live without Bess for 6 months while she served time in prison. Further, because of her criminal record Bess can find only low-paying jobs for herself, so the family’s income has been permanently affected. (5) Fraud researchers have coined the phrase ‘‘fraud triangle’’ to help explain why people commit fraud (Wells, 1997). The three elements that make up the fraud triangle are pressure (the motive to commit the fraud), perceived opportunity (the perception to be able to commit the fraud and remain undetected), and rationalization (to provide a morally acceptable excuse in the mind of the fraud perpetrator to justify why the crime is not really a crime). All three elements must be
70
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
present for a fraud to occur. Apply the fraud triangle to this case, and describe the pressure, perceived opportunity, and rationalization that allowed the SHS cashier supervisor to perpetrate her fraud. The cashier supervisor’s pressure to commit the fraud was financial because she had difficulty paying for basic necessities with her modest salary and her husband’s workers’ compensation. Besides his medical expenses, she had a mortgage to pay and two children to support. However, once she began stealing money without being caught, the temptation to continue was too great. Soon, she found herself spending money on luxury items (new vehicles, horses, more expensive clothing) and used the embezzled funds to support a lifestyle much more extravagant than her legitimate salary could provide. Perception is the key with the second element. The opportunity to commit and conceal the fraud need not actually exist, but perpetrators must believe they will remain undetected. For the SHS cashier supervisor, the lack of properly functioning internal controls provided both a perceived and actual opportunity. The third element, rationalization, is unique to fraud perpetrators—bank robbers, for example, do not need to rationalize their actions. According to a psychologist’s testimony during Bess’s sentencing, however, she believed she needed the money to support her family. Perhaps in her mind, no one specific person was being hurt by her thefts. (6) With the three elements of the fraud triangle in mind, how could this fraud have been prevented or detected sooner by the SHS management? What procedures might the state’s auditors have performed to detect this fraud in a more timely manner? This fraud could have been easily prevented with proper controls (i.e. eliminating the perceived opportunity). Separating the incompatible functions of cash recording and cash custody, independent reconciliations of cash received and cash deposited, mandatory vacations with other personnel performing duties during the employee’s absence, use of sequentially prenumbered Services Provided Forms and accounting for the numerical integrity of such documents, are a few of the controls that would have helped to prevent this fraud from occurring.8 Bess was engaged in a ‘‘skimming’’ scheme, a fraud where an employee sells goods or services to a customer, collects the payment, but makes no record of the sale. This scheme is the most common form of cash misappropriation (Wells, 2002). The fraud might have been detected sooner if management had been properly educated about the red flags of fraud. If the auditors had been alerted by SHS management about the red flags displayed by the cashier supervisor, suspicions of potential fraud would have arisen much 8
Ernst and Young (2000a) suggests that preventing fraud should be a two-pronged approach. First, ensure that opportunities to commit fraud do not arise by identifying weaknesses in the system and establishing appropriate controls. Second, ensure that fraud perpetrators believe they will be caught if they commit fraud. The firm suggests that a business develop a fraud policy that should make clear that fraud is unacceptable and all instances of suspected fraud will be treated seriously and dealt with swiftly. This policy should be very clear about management’s intent to prosecute cases of fraud.
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
71
earlier. Any weaknesses in the control system could be identified and a search for evidence to confirm any suspicion of fraud could be conducted. For example, if the auditors had compared the amount of X-ray film purchased to the number of X-rays taken and the amount of X-ray revenue recorded for a certain period of time, unexplainable discrepancies would arise because the cash receipts associated with X-rays were separately identifiable.9 Unfortunately, management had not been knowledgeable about the warning signs of fraud. Conducting periodic training seminars for management on the nature of fraud and its warning signs could have been a useful proactive step by the state auditors.10 ‘‘Diligent inquiry’’—asking employees some very direct but nonaccusatory questions about fraud—is being proposed as a useful method of detecting fraud (Wells, 2001b). Approximately 80% of all frauds are discovered through tips and complaints because many times the best clues about fraud come not from the books, but from people working with the perpetrator. Although an embezzler normally carries out the crime alone, the perpetrator conspicuously spends the money and usually there are at least a few co-workers who have noticed. Questions such as, ‘‘Do you know of any co-workers who are having personal financial difficulty?’’ and ‘‘If someone wanted to commit fraud against the company, what would be the easiest way to do it?’’ are examples of these questions. Students might suggest periodic surprise cash counts performed by internal auditors, but this technique was not successful in detecting this fraud. The auditors found that the surprise cash counts always balanced with the recorded revenue and Services Provided Forms present at the time of the count. No cash discrepancy was discovered because the fraud was perpetrated during the closing of the daily business. Although some Services Provided Forms were discarded, this irregularity was not detected because the documents were not sequentially prenumbered. Timely implementation of the internal auditors’ recommendations and subsequent follow-up reviews probably would not have detected the fraud. Rather, these measures more likely would have the effect of preventing the continuation of this fraud. Bess would have understood the controls now in place and probably would have stopped her scheme. However, if she did not understand the new controls in effect, her fraud would have been detected when the sequentially prenumbered Services Provided Forms were accounted for by a person independent of the cash custody function. Also, reconciling cash received to cash deposited would have revealed the embezzlement. (7) What red flags were present in this case that could have helped management or the auditors suspect fraud? Considering the red flags exhibited, how was the SHS cashier supervisor able to perpetrate this fraud for 13 years without arousing suspicion? 9
Under the internal controls initially established, each service provided by the SHS was separately identifiable on the Services Provided Form. 10 The state’s new insurance carrier required that a statewide fraud training program be conducted for management at all state-supported agencies.
72
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
Numerous red flags were present that could have helped management or the auditors suspect fraud, including: Lifestyle changes. Arguably the biggest red flag in this case was the lifestyle the SHS cashier enjoyed that could not possibly be supported by her $20,000/year salary. With an unemployed husband and two children to support, she managed to purchase several new vehicles, owned her own home with acreage for her horses, developed a taste for expensive clothing, and frequently took her coworkers to lunch and bought them gifts for birthdays and other occasions. Many of these lifestyle changes were visible to her co-workers. Use of sick leave/vacation time. The SHS cashier supervisor never took any time off, even if she was sick. These actions are beyond that of a dedicated, loyal employee. Lack of internal controls. There was a lack of proper segregation of duties and there were no independent reconciliations to verify that all cash that was received by the organization was recorded and deposited. In addition, investigators discovered that the three-part receipts were not prenumbered, as had been recommended by the internal audit department.11 Excessive hours worked and/or lack of delegation of apparently mundane tasks. The SHS cashier supervisor took her vacations when the university was closed. She usually came to work early and left late, and took no sick leave. She always prepared the daily deposit, although there was another cashier who could have assisted with, or completed, that task. Unusually low profit level with no ready explanation. This red flag might have eventually led to the discovery of the fraud had not the FBI agent noticed the bank’s CTR, which triggered the investigation. Placing too much trust in a key employee. Most people do not initially begin their employment for the purpose of committing fraud (Wells, 2001a). But given the right set of circumstances, ordinary people like the SHS cashier supervisor can and do commit fraud. Missing documentation. If a colleague requested that Bess produce a copy of a particular Services Provided Form, she might not be able to provide it if she had already destroyed the incriminating evidence. She then would need to offer some plausible explanation. One possible ‘‘explanation’’ might be that she had misplaced the document, but would find it shortly.12 11 Missing internal controls were compounded by lax management and a significant and prolonged understaffing of the internal audit department. The SHS director for most of the fraud period did not fully understand the accounting system. Management is responsible for the implementation of controls. If management does not understand the system, then it cannot properly understand the risks and the controls required to minimize the risks. Further, an inadequately staffed internal audit department will have difficulty finding time to review all operations and make control recommendations. 12 KPMG’s (1998) US fraud survey found that personal financial pressure was the most widely reported (66%) red flag exhibited by fraud perpetrators. For more information on red flags, Ernst and Young (2000a) has prepared an extensive list, using the categories of ‘‘People’’ (e.g. low morale), ‘‘Processes’’ (e.g. continuing failure to correct major weaknesses in internal control where such corrections are practicable and cost-effective), and ‘‘Profits’’ (e.g. cash pressure in an otherwise profitable business).
B.K. Peterson, T.H. Gibson / J. of Acc. Ed. 21 (2003) 61–73
73
The question about how Bess was able to commit the fraud for so long was asked frequently after the fraud was discovered, but the answer is straightforward: she was able to commit this fraud undetected for nearly 13 years because appropriate internal controls were nonexistent. No one suspected the SHS cashier supervisor because she was a trusted, well-liked employee. Fraud research finds that most members of the general public fit the profile of the typical fraud perpetrator (Albrecht, Wenz, & Williams, 1995; Robertson, 1997), making it impossible to predict who will commit a fraud. Besides being a highly regarded employee in a position of trust, the SHS cashier supervisor fits the profile of the typical fraud perpetrator in other respects. She had no prior criminal record, she spent virtually all of the embezzled funds, she looked and acted like all of her co-workers, and she committed the crime alone. Robertson (1997) also notes that fraud perpetrators are likely to be married, belong to a church, be educated beyond high school, range in age from teens to over 60 years old, be socially conforming, and have employment tenure from 1 to 20 or more years—all very common characteristics in the workforce.
Acknowledgements We would like to thank the editor, James E. Rebele, and two anonymous reviewers who made several helpful suggestions on earlier versions of this case.
References Albrecht, W., Wernz, G., & Williams, T. (1995). Fraud: bringing light to the dark side of business. Burr Ridge: Richard D. Irwin. American Institute of Certified Public Accountants. (1997). Consideration of fraud in a financial statement audit. Statement on auditing standards no. 82. New York: AICPA. The Association of Certified Fraud Examiners. (1998). Making crime pay: how to locate hidden assets. Austin: ACFE. The Association of Certified Fraud Examiners. (2002). Report to the nation on occupational fraud and abuse. Austin: ACFE. Beasley, M., Buckless, F., Glover, S., & Prawitt, D. (2003). Auditing cases: an active learning approach (2nd ed.). Upper Saddle River: Prentice-Hall. Boockholdt, J. (2000). Comptronix, Inc.: an audit case involving fraud. Issues in Accounting Education, 15, 105–128. Calderon, T., Conrad, E., & Green, B. (2000). Qualitative analytical procedures and management fraud: the case of the Regina Company. The Journal of Accounting Case Research, 5, 163–174. Ernst & Young. (2000a). Fraud: risk and prevention. London: Caspian Publishing Ltd. Ernst & Young. (2000b). Fraud: the unmanaged risk. An international survey of the effects of fraud on business. London: Ernst & Young. KPMG Peat Marwick. (1998). 1998 fraud survey. Montvale: KPMG Peat Marwick. Robertson, J. (1997). Fraud examination for managers and auditors. Austin: Viesca. Wells, J. (1997). Occupational fraud and abuse. Austin: Obsidian Publishing Co. Wells, J. (2000). So that’s why it’s called a pyramid scheme. Journal of Accountancy, 190, 91–95. Wells, J. (2001a). Why employees commit fraud. Journal of Accountancy, 191, 89–91. Wells, J. (2001b). ‘‘Why ask?’’ you ask. Journal of Accountancy, 192, 88–93. Wells, J. (2002). And one for me. Journal of Accountancy, 193, 90–92.