control, and governance
BOOKKEEPER BILKS THOUSANDS FROM VET CLINIC
A former Lufkin, Texas, bookkeeper has pleaded guilty to stealing more than US $350,000 from the veterinary clinic where she worked, according to an article published in The Lufkin News. The former bookkeeper admitted to overriding the computer to make false daily reports for the clinic to turn in. An audit report showed that, in each instance, the woman either discounted payments, took the cash, or took a cash down payment showing an account was ongoing to keep the funds off the report. After the daily report was complete, the woman adjusted the accounts to the correct amount to avoid questions from customers. According to the auditor, the thefts began on Jan. 3, 2007, with US $25.45 taken; the former bookkeeper then progressed to taking larger amounts over time.
This fraud case demonstrates several control deficiencies and a failure to recognize red flags that indicated a possible fraud. The primary control issue was a lack of separation of duties. In particular, the bookkeeper was able to discount payments that already had been received — even though this typically is not consistent with a bookkeeper’s duties. Payments often are received by a clerk at the time payments are made. The article states that the former bookkeeper also was able to falsify daily reports and then modify the amounts taken in the system after the daily report had been produced. From a control perspective, comparing bank deposits with daily reports would not have caught this type of fraud, as the daily reports were falsified to match the deposit amount. However, a simple review of the monthly summary report would have disagreed with the bank deposits, thereby identifying the theft.
This fraud is typical in that it started small — only US $25.45 the first time money was taken. The fact that the fraud continued and that the amount grew larger over time could indicate the bookkeeper was testing the system with something small and perhaps easily explained. Once this first fraud escaped detection, the amounts grew to the point where US $1,000 was stolen in two days, and a total of more than US $350,000 was taken. Had the controls been stronger (e.g., reconciliation by a second party), the bookkeeper might never have attempted to steal from the clinic.
Some of the red flags include the use of an override function in the bookkeeping system to bypass certain controls, changes to daily reports after the report had been printed, and the nature and timing of discounts. These should have been indicators to management that theft was occurring. Management and internal audit have a responsibility to design and monitor key controls that will prevent and detect fraud.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.