control, and governance
Fraud in the Audit Department
A CAE looks to restore his team's credibility after a member of the audit staff is caught embezzling company funds.
Edited by Eelco van Wijk
One of Bill’s worst nightmares has just come true: A member of his audit team has just been arrested for fraud and embezzlement. The suspect, Cheryl, is internal auditing’s most senior manager and has been with the department for nine years. Before moving to auditing, she was a supervisor in accounts payable (AP).
During her tenure as AP supervisor, Cheryl used her system access to set up recurring vouchers that automatically paid several nonexistent vendors. The payments repeated every month, with amounts ranging between US $500 and $700. In total, the vendor payments came to around US $45,000 per year. Further investigation showed that Cheryl had set up the fictitious vendors several years before the payments began, when she worked in the AP department’s vendor maintenance area. Moreover, the scam had been in place for 11 years. Her misdeeds came to light when someone at the company set up a new vendor with the same name as one of the fictitious vendors, and an alert clerk tagged the vendor for further review.
Bill has just been reprimanded by the chief financial officer, not only for employing Cheryl, but also for neglecting to detect the scam during the audit department’s AP reviews. Cheryl was one of the cornerstones of the audit department — she maintained several audit certifications and had been under consideration for promotion. The CFO is concerned that this long-term breach will discredit the entire audit department and possibly affect Namnetics’ external audit signoff on U.S. Sarbanes-Oxley Act of 2002 Section 404 work.
Bill wonders what he can do to restore the department’s reputation. Is there anything he could have done that would have exposed Cheryl earlier? Does the blame for this incident reside solely with his department?