I heard of an interesting case of a controller committing fraud in a small business last week. The controller of the business installed a wireless router in the office unbeknownst to the owner of the business. The controller was responsible for making the entries into the books and made the daily bank deposits. The owner reconciled the bank accounts on a monthly basis. The business was using QuickBooks for its accounting system and had few internal controls over the IT system. The controller would properly enter the transactions into the system during business hours and take the deposit to the bank at the end of the day. On the way to the bank the controller would remove cash from the deposit and create a new deposit ticket. In the evening the controller would park behind the business and using her personal laptop computer would access the business accounting system through the wireless router. By doing this she was able to erase the transactions from the system for which she had skimmed the cash from the deposit.
This case makes a strong argument for small business to review and audit their internal controls on a regular basis. Strong internal controls over the IT system can help prevent fraud or sabotage to the business systems. Software that tracks when employees log into the system and identifies who posted which transactions is a strong internal control. Additionally, segregating duties whenever possible is a strong internal control. In this case if the owner would have taken a few extra minutes at the end of the day to make the deposit himself the embezzlement would probably not have occurred.
Robert K Minniti, CPA, CFE, Cr.FA, CFF, MBA
www.linkedin.com/in/robertminniti
Arizona Society of CPAs
J. Michael Stolp
mhstpt
Robert K Minniti, CPA, CFE, Cr.FA, CVA, CFF, MBA
Ed Zollars, CPA
Jason Washo, CPA, PFS
dsscpa
cguerriero
Cindie Hubiak, CPA
Jose Herrera
Heidi Frei