control, and governance
UNIVERSITY: MANAGER RIDES OFF WITH EQUINE PROGRAM FUNDS
The Courier-Journal reports that the University of Louisville in Kentucky is accusing the former senior program coordinator of its Equine Industry Program of taking more than US $463,000 from the program and using it for home renovations and dozens of personal purchases. Although the former employee has not been charged with a crime, the university’s police department has given the case to the U.S. Attorney’s office in Louisville.
The university’s audit notes that suspicious transactions were detected when a contractor called the university controller’s office to inquire about a tax form showing a US $40,000 payment from the university. The payment was determined to be part of the US $150,000 the former employee allegedly used to “renovate her home” and “make other purchases.”
In an interview, the university’s chief auditor and the director of audit services said their six-month probe showed that the former employee used the equine program director’s university-issued credit card, signed his name, created fake PayPal accounts for vendors the program did business with, and doctored invoices so they would be paid with less scrutiny. Auditors also reported that no one else in the university was reviewing bank or credit card statements, which would have raised obvious red flags. The university’s president said the university “has solid policies and procedures in place to prevent this kind of fraud if people will do their jobs and follow those policies and procedures.”
The former employee has been tied to another US $88,000 in suspicious transactions, but auditors don’t have enough information to conclude whether they were appropriate.
While it is important to have solid policies and procedures in place to prevent fraud, organizations cannot assume employees are following them. In this case, the former program coordinator’s actions were not monitored or reviewed by her supervisor.
The university has taken many positive steps, including publicizing and prosecuting the program manager for her actions, retraining department heads and business managers on procedures, and mandating that a monthly review of credit card transactions be performed. However, organizations cannot rely on manual controls or on employees to do their jobs. Without an independent review performed by internal audit, senior management cannot rely on manual procedures and policies. The procedures should include a regular independent review by internal audit of the effectiveness of management’s monitoring activity.
An electronic analysis of credit card transactions — examining both the merchant name and merchant category code — can identify transactions counter to an organization’s policy. The analysis can be performed in minutes and reviews 100 percent of transactions, which can provide additional assurance that managers are doing their jobs. Furthermore, these types of reviews can serve as a deterrent to employees thinking about committing fraud.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.