By Phil Bertram, Principal, Bertram & Associates LLC
“It could never happen here! Our remote unit heads are responsible for controlling their locations. They would find and stop any fraudulent activity. Senior management trusts them. We do not need additional monitoring processes, internal control training, or internal audits to prevent and deter fraud. We do not need to teach the ‘red flags’ of fraud!”
How often have you heard a senior executive issue that disclaimer, only to follow it with:
“However, if only we had paid attention to our processes and monitored his location, we would not have be victims of fraud and lost all that money.”
Several years ago, one company had that experience. The company sold a remote business unit to another company. The acquiring company took several months to integrate the remote unit into its control system.
Then “IT” happened. “IT” was the unexpected discovery of fraud imbedded in the acquired remote business unit.
After integrating the remote unit, an accounts payable clerk received calls from a vendor serving the newly-acquired remote unit. The vendor repeatedly asked for payment for invoices for inventory shipped shortly before the acquisition. Upon investigation, the clerk discovered the invoices lacked proper receipt and proof of delivery support. The clerk became suspicious and communicated her concerns to management and internal audit.
A fraud investigation ensued. The investigation identified a multi-million dollar fake invoice and over-pricing fraud between the remote unit general manager and the vendor’s owner. The fraud occurred over the three and one-half years prior to the remote unit’s acquisition.
Why did this fraud occur? Several reasons exist. The former owners did not:
- Identify their fraud risks and implement appropriate internal controls.
- Question their trust of their remote long-term employees.
- Perform internal audits of the remote location.
- Complete their due diligence when remote location concerns arose.
- Implement internal controls over the purchase to pay and inventory management processes at the remote location.
- Establish proper segregation of duties, limiting the location general manager’s authority to control the vendor master file or monitor his vendor relationships.
- Notice the ‘red flags’ of fraud exhibited by the remote unit’s general manager.
The Fraud Triangle’s three legs existed in this fraud.
- Opportunity existed in the former owners’ management structure, its implicit trust in a long-term employee, and the lack of effective internal controls. It also existed due to the unmonitored relationship between the remote site general manager and the vendor.
- Justification resulted from two factors. First, the general manager felt he did not receive fair remuneration and appreciation for his work. Second, the vendor felt he did not receive a fair price for the services and products he provided. He also wanted to recover funds from the remote unit’s parent company due to the excessive entertaining he provided to obtain the business.
- Motivation came from the general manager’s need to fund his extravagant lifestyle and the alimony payment required after his divorce.
What surprises me is not that the internal control weaknesses and Fraud Triangle’s symptoms existed, but that the former owners did not detect them, letting this activity continue for over three years. They failed to identify their fraud risks. They did not design, implement, and monitor the controls necessary to prevent or discover fraud. They were not vigilant. They did not consider reviewing remote site internal controls periodically as important.
Needless to say, the former owners learned a costly, multi-million dollar lesson. They could have prevented or minimized the fraud had they identified their fraud risks, implemented mitigating controls, and monitored their remote location’s internal control system! They truly thought that “It could never happen here!”
Consider the following questions: Does your company know and take its fraud risks seriously? Has your management conducted a fraud risk assessment? Has your company identified and implemented the internal controls necessary to prevent fraud and identify it when questionable activities occur?
If not, you can help your company identify its fraud risks and the controls necessary to prevent fraud or alert you to its potential occurrence with help from Bertram & Associates LLC. Visit the Bertram & Associates LLC web site: www.PBertram.com to learn more. If you wish to discuss how you might prevent your management from experiencing fraud, please contact me through this blog, at Inquiry@PBertram.com, or call me at 224.735.7472. I look forward to serving you.
© 2013 Bertram & Associates LLC.