control, and governance
BANKING ON POOR SEGREGATION OF DUTIES
A Colorado woman has been sentenced to 40 months in prison for defrauding the Bank of Colorado’s Craig branch of US $565,000 during her employment as head bookkeeper and later as the operations officer, according to a Craig Daily Press article.
Court records show that over a four-year period, the operations officer made unauthorized electronic transfers by means of block entries from customer accounts into her own accounts as well as accounts of family members and other customers. The woman avoided detection by developing elaborate means of re-crediting those accounts before the end of their statement cycles, concealing the unauthorized transfers, and creating and distributing false monthly statements.
Moreover, she was in charge of customer inquiries, and bank employees were instructed to direct complaints to her. She also included false descriptions of transfers and backdated electronic entries.
Control frameworks for organizations that rely on electronic transactions are built on automated controls. In this case, the head bookkeeper, who later became the operations officer, was not deterred from committing fraud by any preventive control. Without an adequate segregation of duties policy, the operations officer was authorized to process transfers, create and distribute monthly statements, and handle customer complaints. Weaknesses also existed in the preventive controls around transfers, which allowed her to have unsupervised access to customer accounts and make:
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.