Have you ever wondered what value an audit offers? In November 2013 news outlets reported about a Maryland woman (“Jane”) who worked as a $56,000-a-year administrative assistant for a national non-profit organization. Jane was considered a “trusted employee” by the non-profit’s president and CEO. Jane also happened to own a bridal business and was considered a “fairy godmother” for having donated over a million dollars-worth of wedding gowns to military brides as a gesture of her goodwill.
However, it recently came to light the nearly $1.4 million in donations made by Jane’s bridal business was funded by the non-profit organization through 74 false checks. Court filings contend additional payments made by the non-profit to the bridal business, totaling more than $5 million dollars over an eight-year period, funded an auto loan and purchase of personal items.
How Does a Trusted Employee Embezzle Over $5 Million Dollars?
Over the years Jane worked in several support positions which led to her requiring a number of different types of access within financial systems. Her access to systems continued to accumulate with every change in responsibility until it eventually grew to enable her to create phony invoices, approve the invoices, and release payment – all without any oversight. Realizing a lack of proper checks and balances, Jane enriched herself by issuing checks to fictitious vendors that she controlled. How? Jane registered companies with names that closely resembled those of legitimate vendors to the non-profit and then opened a bank account for each new company, sometimes just days before cashing a falsified check.
The scheme unraveled when a bank withheld payment on a check after determining the invoice number didn’t match the bank’s records. The bank subsequently notified the non-profit, which in turn immediately fired the employee, alerted federal authorities, warned the board, and hired forensic accountants and an outside attorney.
Proactive Measures
What steps could the non-profit have taken to avoid wasting precious funds, making headlines, and losing the trust of donors? The implementation of a strong governance program consisting of policies & procedures and training could have helped communicate and reinforce management’s expectations of authorized behaviors. An audit of the financial statements could have uncovered purchase order discrepancies and misappropriation of funds. A review of transactions could have revealed checks issued and approved by inappropriate persons. And a closer inspection of the master vendor list could have distinguished fictitious vendors from authorized vendors.
In addition to financial controls, a review of IT systems would have exposed employees with excessive levels of access to financial systems. Scrutiny of the change process would provide insight into the integrity of company data. And a deeper examination of computer logs would lead auditors directly to personnel involved in any unauthorized activities.
One incident of embezzlement is one too many, let alone multiple instances recurring over an 8-year period. This case study highlights the very real risk from a lack of internal controls and a non-existent evaluation of the control environment. A 2013 study revealed approximately 1,000 non-profit organizations across the country had “significant diversions” of assets by acts of theft and fraud carried out by insiders, contractors and investment advisors. To ensure adequate safeguard of company assets a board and its management should commission a periodic, independent audit of their key business processes and require the same from their key suppliers to prevent theft of funds, embarrassing headlines, costs associated with follow-up investigations and an unfulfilled mission.