BANKING ON POOR SEGREGATION OF DUTIES

A Colorado woman has been sentenced to 40 months in prison for defrauding the Bank of Colorado’s Craig branch of US $565,000 during her employment as head bookkeeper and later as the operations officer, according to a Craig Daily Press article.

Court records show that over a four-year period, the operations officer made unauthorized electronic transfers by means of block entries from customer accounts into her own accounts as well as accounts of family members and other customers. The woman avoided detection by developing elaborate means of re-crediting those accounts before the end of their statement cycles, concealing the unauthorized transfers, and creating and distributing false monthly statements.

Moreover, she was in charge of customer inquiries, and bank employees were instructed to direct complaints to her. She also included false descriptions of transfers and backdated electronic entries.

Lessons Learned

Control frameworks for organizations that rely on electronic transactions are built on automated controls. In this case, the head bookkeeper, who later became the operations officer, was not deterred from committing fraud by any preventive control. Without an adequate segregation of duties policy, the operations officer was authorized to process transfers, create and distribute monthly statements, and handle customer complaints. Weaknesses also existed in the preventive controls around transfers, which allowed her to have unsupervised access to customer accounts and make:

  • Transfers from customer accounts to her personal account.
  • Transfers just before the end of statement cycles.
  • Unauthorized transfers

Share This Article:    


COMMENT ON THIS ARTICLE

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.

Name:

Email:

Subject:

Comment:


To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>

 

April 2014IaCover 

  IPPF_Ap42014 

IIA SmartBrief

Bookstore Digital

 IIA Academic_Nov 2013

 

 

 Twitter

 facebook IAO 

IA APP