A busy week was interrupted by a phone call from a person who, it turned out, was cold calling forensic accounting firms that might be able to help with a fraud examination. After a brief telephone interview, arrangements were made for a meeting later that same afternoon. The meeting was between the senior management of the firm, the shareholders, corporate counsel and Arxis Financial. After introductions, the management group began to describe the circumstances leading to their initial phone call.
For several years the company’s CFO was a trusted and reliable member of the management team. In fact, she had established herself as the most reliable resource in the firm and was viewed by management, owners, and employees as the de facto leader of the company. As such, she was completely trusted and never gave any reason to question that trust – until recently. They proceeded to describe a pattern of behavior that started as strange, progressed to bizarre, and then to simply unacceptable. In the midst of her behavior, there were increasing questions about her ability to do her job and nagging concerns about why the business was so cash starved. After a few questions it became obvious that the nature of the engagement was not primarily concerned with the question of whether fraud had taken place but rather how much had been stolen. This proved to be true.
A fraud examination commenced immediately while the CFO was put on paid leave. What we found was astounding in two aspects. First, there were absolutely no internal controls. Second, the company’s exposure to potential loss was vast and while it was found that embezzlement had taken place it was nowhere near what it could have been. The loss was quantified and documented and insurance claims filed appropriately. The company made a decision whether to prosecute the now-retired CFO. In addition to quantifying the loss, Arxis Financial was very involved in establishing policies and procedures to prevent similar problems in the future.
The company had divisions in several countries located on all five continents of the world. As such, enormous amounts of money were moved via wire transfer on a daily basis. The CFO had complete control and sole knowledge of both sides of the transfers. She had the authority to make the transfers and record the transfers. There were no reconciliations done nor was reporting done to anyone else in the organization. All confirmations from the remote offices came to the company – via the CFO’s email. The exposure in just this area amounted to millions of dollars. Arxis Financial immediately initiated a change of all passwords and arranged with the bank to institute controls over the movement of money initiated by company personnel.
Arxis Financial also found that the CFO initiated all disbursements, signed checks, received and reconciled all bank statements, and recorded all transactions in the general ledger. Deposits were handled by an AR department but all deposit records were given directly to the CFO. All payroll and HR functions were under the control and authority of the CFO as were purchasing, receiving, and all subsidiary and divisional accounting. Arxis Financial, with the cooperation of management, established a system of internal controls to prevent the possibility of theft or errors going unnoticed. Accounting functions were assigned to several people rather than localized with just one person.
While this is a sad story, it is anything but an unusual event. Most fraud is committed by trusted employees who find a way to exploit that trust – or they take advantage of the opportunities right in front of them. The most basic elements of internal control were suppressed because of the long personal relationship with the CFO and the tremendous trust that came with years of faithful and competent work. However, when the personal life of the CFO began to unravel, there were no systems in place to prevent, or quickly expose, the embezzlement.