acc4c prelim case analysis
TRANSCRIPT
PRELIM CASE ANALYSIS
IT 2
Submitted to:
Mr. John Karlo S. Dalangin
Group Members:
BUENAFLOR, Tessie Marie
GALES, Roel Armando
KEE, Zyra
TOTESORA, Yvonne Reina
VEGA, Dyan Patricia
ACC – 4th Year Section C
Date of Submission:
January 8, 2014
FILM ANALYSIS
A. What are the manifold ethical questions addressed in the film that you chose? In
what way were they presented in the film?
The company is claiming that they can provide an easy way for
communication but their hidden goal is to control the world. To attain these goals,
the means that they use is unethical. They steal codes and kill programmers.
Another issue would be them invading other people’s privacy in order to steal codes.
They put surveillance cameras to monitor them and use people to become closer to
their target. Milo Hoffman’s girlfriend, Alice Poulson was later on found out as a
person being paid by the company in order to monitor and observe him. Big ethical
issues that we’ve observed in class that were not maintained by the company were
workplace safety, employee privacy, and stealing of codes.
B. In what specific way did Nurv Company fail to uphold its ethical responsibilities?
This is shown when Milo Hoffman had discovered that the company was
putting cameras in order to monitor programmers and he also found out about the
multiple amounts of information that they know of him including his friends and other
employees of the company. Ethical responsibilities that the company had failed to
uphold were mostly concerned with the public. They failed to return the public’s trust
for they have crossed lines and forgot to seek balance with the interest and safety of
others as long as they can achieve being at the peak.
C. Who, do you think, is the main character in the film? Describe the character's
contribution in solving the issue of the film.
With regards to the main character, it most probably is the computer software
designer- Milo Hoffman. He was hired by NURV Company for a programming
position. While working in the company, he discovered that one of the codes shown
to him was actually from his friend Teddy Chin who was murdered and later on, he
also discovered that the company steals codes from programmers. Milo Hoffman
has decided to end the wrongdoings of Nurv by showing to the people crimes they
have committed and also distributing what should be rightfully be owned by the
public for he believed that technology shouldn’t be bought but is something which
belonged to everyone.
D. What is the main problem discussed in the film? Please cite the specific scene in the
film presenting the complex nature of the problem.
The main problem discussed in the film is the immoral things done by the
company in order to achieve being on top. Some employees are even involved in
killing programmers and theft for intellectual properties. Ethical responsibility has
long been forgotten as they were even willing to kill people in exchange for success,
to invade other people’s privacy and to disrespect the confidentiality of information
about a certain person’s life. The specific scene where the main problem occurred
was when Milo Hoffman tried to investigate the company secretly at night which
resulted to him discovering and accidentally finding out the company secrets
including their diverse knowledge of their employees, their ways of stealing codes
through implanting devices for surveillance and their extent of influence which has
even reached the police department.
E. How did the film end? Explain the various processes that led to the solution of the
problem.
Through the help of his friend, a careful plan was executed by Milo making
him the bait in order to lure his adversaries and make them follow him. During the
pursuit, Lisa Calighan, a co-worker whom he believed to be an ally was actually on
the company’s side. After succeeding being the bait, they exposed the crimes did by
the NURV company. The CEO and some employees who were involved were
arrested. The movie ended with him quoting the belief of Teddy, his deceased friend,
about how technology should belong to everyone.
SITUATIONAL ANALYSIS
a. Statement of the Problem
Major Problem: Was the malfunctioning of the system the real or only cause of the discrepancy of the AR control account and subsidiary ledger?
First, this is a problem because there are conflicting ideas found. The company
believes and has already concluded that the cause of the discrepancy is the
malfunctioning of the system but the auditor feels “differently”. In assessing how the
auditor feels about their conclusion, the auditor must have felt wrongly about their
conclusion given that they haven’t really delved in to investigating the problem, and yet
they have already concluded prematurely. It might be true that there was really a
malfunction but the auditor has not yet reached a reasonable assurance that there was
no real manipulation perpetrated. Second, it is a major problem in the case because
efforts in solving the major problem may justify that the malfunctioning of the system is
the real cause or may refute the company’s assertion and prove that there was in fact
embezzlement. Even though the company already put the blame into the system, it
doesn’t mean that it also holds true to everyone, or is the truth, in that case, unless
careful analysis and judgment has been applied.
Minor Problems:
1. How did the perpetrator, if there’s any, conceal the fraud?
2. Who could have possibly committed the fraud?
3. If there was really embezzlement, was the company’s delegation of tasks a
contributing factor?
4. What can be done in order to prevent the embezzlement to occur again?
5. What will be the future consequences if the fraud really happened but the
company did not pursue in trying to discover it?
b. Areas of Consideration
The company’s customers ordered the same quantity of crabmeat each week, the prices for the crabmeat remained the same all year, and the quantity ordered was always the same. Thus, it should be implied that the
invoices and payments from the customer that are recorded by the company
should be the same as to their dollar amount.
The company sends weekly invoice to the customers, and so the customers pay weekly as well. Monthly bills were not sent to customers unless the customer was behind in payments. Payments from customers,
then, are expected to come in weekly and must be reflected as such in the
records. If a customer was unable to make payment, the customer would have
received a bill and the auditor could confirm from the customer regarding the
receipt of such bill.
The company kept the accounting records in a microcomputer wherein the four modules that made up the whole system were not integrated. This
condition did not enable data updating and currency of information between
modules. Hence, the records that were maintained by the company’s system
were not up-to-date and had been possibly used as a means to perpetrate fraud.
The manual sales invoices were not pre-numbered. If these invoices had
been pre-numbered, it would have been easy to detect any invoice that had not
been recorded.
The summary totals from the report that the auditor reviewed did not coincide with the total amount reflected in the general ledger program, and different amounts had been entered. This lack of correspondence between the
records raises suspicion as to how the company records its transactions in the
system. It should prompt the auditor to inquire as to why there had been different
amounts that entered in the program, and whether it had been properly
authorized by management.
Sheets from the computer listing had been discovered to be ripped apart at the bottom. This is another instance that should alert the auditor as to the
purpose and necessity of such ripping of important documents in the company’s
system. There must be a valid reason that would support the act done so as to
clear off the auditor’s suspicions.
A customer’s check had been stamped on the back with an address stamp of the company instead of the usual “for deposit only” company stamp. This instance is a deviation from the company’s regulation of incoming checks. It
implicates that the check could have possibly been delivered to another person
instead of the check being deposited directly in the bank.
The order of payments that were reflected in the accounts receivable program was not consecutive. That is, a check received on May 10 was only recorded after the May 17 and May 23 checks. This curious event could
possibly signify a loss of control in recording the checks, or a possible misuse of
the check that was recorded later than its date of receipt.
A copy of a bank deposit ticket which had not been properly stamped by the bank and with the amounts added up not corresponding to the total at the bottom of the ticket was available and presented to the owner and auditor. Such document is difficult to rely on especially when it lacked the bank’s
stamp. There must be authentication of the said document.
c. Alternative Courses of Action
ACA #1 INVESTIGATE AND CONFIRM DEPOSIT
Given the important facts of the case stated above, it can be inferred that the
discrepancy in the records cannot be attributed solely to the malfunctioning of the
system. The auditor has a good reason to feel differently, and so, with sufficient facts
that would back up his doubt, he must convince the owners of the company to allow him
to continue the investigation.
So as to prepare him in convincing Susan to reconsider the problem at hand, the
auditor should work on the facts that he had already gathered. He must present the
facts which are highly indicative of embezzlement of funds within the company. Unless
the auditor can have sufficient reason so as to satisfy his doubts regarding such curious
instances that occurred within the company, his efforts to convince the owners to allow
him to go further in his investigation is above reproach and necessary.
With John and Susan’s permission, the next thing that the auditor should
accomplish to do is to verify whether the received checks had been subsequently
deposited in the bank. He can do this by obtaining the most recent bank statement
obtained by the company or if none is available at hand, he may send a bank
confirmation request to the bank which should accordingly indicate the specific items
that he needs confirmation with. He must also verify with the bank whether the
cancelled check of the customer who had been called were deposited or cashed. These
steps are necessary in order to affirm that all checks received had been subsequently
deposited in the company’s bank account.
The auditor’s next step is dependent on the bank’s response to the auditor’s
letter and inquiry. If it is discovered in the bank deposit that some checks have not been
deposited or some checks have been cashed by the bank, the auditor will have
substantive proof of embezzlement of cash and that the malfunctioning of the system
was not the real cause of the discrepancy that was noted. He must, then, proceed to
identifying who might have accomplished the embezzlement, and how such person has
committed such act (the steps in accomplishing these are discussed in the
recommendations as solutions to the minor problems).
If it is otherwise declared by the bank that all checks (including the customer’s
cancelled check) have been properly deposited in their account, the auditor must still be
able to find out why the AR control account and the summary totals per AR subsidiary
ledger were not in agreement by (1) checking why the list of individual accounts
receivable balances had been ripped apart at the bottom and (2) why was the order of
payment by the customers not in chronological order in the AR program, that is, May 10
payment came after May 23 payment.
He should review the internal control of the company and the issues that have
caught his attention upon studying the facts of the case. He should be able to find out
who is responsible for entering amounts in the AR subsidiary ledger and also inquire if
he has solely the authority to do so. If not, then the auditor should find out who also had
the same authority. Among those who control the AR subsidiary ledger, he might try to
analyse who could have the intention to do such thing and why. If it is impossible to find
an answer, then he could proceed with the next issue, the incorrect order of payments.
He can check who has the function in recording and receiving payment. If only one
person does both tasks, he can further investigate to discover whether there could have
been lapping done. He can do this by sending confirmation letters from clients whether
the balances recorded correspond to their record. If there is negation, then we can
further investigate whether there is really lapping. If the auditor can prove that there was
lapping, then ripping apart of computer listing might now be explained.
Finally, the auditor must be able to recommend ways to ensure that internal
controls are properly working and that the loss of cash in the company can be
prevented in the future.
BENEFITS COSTS The issue as to whether the
malfunctioning of the system was the
real or only cause to the discrepancy
of the AR control account and
subsidiary ledger will be resolved.
Evidence showing the truth regarding
such issue can be established.
There would be confirmation as to
whether the auditor’s assumption that
embezzlement had occurred is valid.
The checks that were supposedly
accounted for by the bank can be
verified as to their completeness, and
any check that had not been
deposited or had been cashed can
be attributed to the stolen amount of
cash.
The auditor would be able to identify
the lapses in the internal control of
the company and thereby suggest
ways in order to amend it.
Compensation of the auditor for
continuing the investigation
Postage expenses for sending letter
to bank
Utility expenses
Estimated time frame for
accomplishing this ACA and how
soon the company’s problem be
resolved: one to three weeks
Risk of delaying the work of
employees by inquiring them about
management’s internal control
ACA #2 INQUIRE ABOUT THE SYSTEM AND SEGREGATION OF DUTIES
After efforts of finding out if there is fraud by checking whether the bank deposit
was really made, why the computer listings were ripped apart at the bottom, and order
of payment was not in chronological order, and yet it was futile, inquiring about the
system is the next course of action of the auditor.
With the auditor considering the system of the company especially the accounts
receivable system as the cause of the embezzlement, it would then be important for him
to check how the system works by visiting RadioShack. Since the modules of the
company’s accounting system consists of four modules (general ledger system,
purchases program, accounts receivable program, and a payroll program) that are not
integrated, these modules are not automatically updated when data is placed in one
module and it would not then be easy for the auditor to check the accounts
independently. Visiting RadioShack could also help the auditor in identifying the usual
causes of the malfunctioning of their systems. That is, the auditor is to ask RadioShack
the number of programs that malfunctioned during the year and ask the common
causes to the malfunctioning of such programs. If the gathered information shows that a
lot of programs made by RadioShack malfunctioned, then the auditor may believe
Susan’s conclusion that the Accounts Receivable program is malfunctioning. For this
reason, the auditor may suggest to the company that it reconsider its supplier
relationship with RadioShack or reconsider its choice as to its program maker.
With Susan’s conclusion that the accounts receivable program was not working
properly, it would then also be important to check on how duties were segregated on the
system, who has access to the system and why there was an immediate loss of the
accounts receivable file given that there is still information that might be useful in solving
the problem.
Lastly, the auditor should check or inquire as to the functions that are placed in
the accounts receivable module since there was a loss of the accounts receivable file.
Normally, the accounts receivable module handles invoices or bills and payments of
customers, the money due to the company and often has a record of the deposits to
banks since deposit information is important to update customer accounts. With all
these functions and the immediate loss of the information which subsequently hid all
evidence, the auditor may consider that the loss of money is due to the malfunctioning
system.
Hence, even if the auditor feels that there is a need to check whether fraud
existed, it is still important to check the system itself and to reconcile the discrepancies
discovered (if possible), for the main problem is to know the truth as to whether the
system is the real or only cause of the discrepancy. And knowing the truth in this matter
will need to justify the conclusion of the company that it is only the system’s malfunction
which contributed to the difference of amounts.
BENEFITS COSTS The auditor would be able to identify
whether the loss is due to the
embezzlement of an employee or
because of the malfunctioning of the
system.
The auditor would be able to know
how the company segregates its
duties in the system and suggest the
proper ways of segregating duties.
The auditor would be able to identify
the lapses in the internal control of
the company and thereby suggest
ways in order to amend it.
The auditor would be able to suggest
whether the company should
continue using programs from
Compensation of the auditor for
continuing the investigation
Utility expenses while investigating
the system
Transportation cost of the auditor for
visiting RadioShack
Estimated time frame for
accomplishing this ACA and how
soon the company’s problem be
resolved: several days to a whole
week
RadioShack or choosing another
maker of their program.
d. Recommendations and Conclusion
The group takes it stand on the first alternative course of action (ACA #1 or INVESTIGATE AND CONFIRM DEPOSIT) since it is the more appropriate strategy to
use in this case. ACA #1 is able to address more areas of consideration in this case,
and it is important that they must be addressed because there is an issue as to the
effectiveness and efficiency of the company’s internal control. As can be noticed from
the given areas of consideration in the case, the physical controls of the company have
more deficiencies compared to its IT controls. Also, an audit trail is more observable in
ACA #1 than ACA #2 since the focus of the former is on the physical or manual controls
of the system. It is also important that a confirmation from the bank be accounted for in
solving the case since it is the company’s policy to have all payments received from
customers deposited in the bank as a safety measure in keeping all cash intact. ACA #1
is able to include a procedure which would involve the coordination of the bank in the
auditor’s investigation. Lastly, though it is to be expected that salary expense for the
auditor would be higher in ACA #1, the long-term benefits that the company will gain
from the auditor’s findings and recommendation would compensate for such spending
of the company in the present. It can be assured, then, that the quality of the company’s
internal control would not be prejudiced and if fraud really existed, the perpetrator can
be held accountable.
In order to execute this chosen course of action, the auditor must first prepare in
convincing the owners of the company that it is necessary to continue the investigation
because there are unresolved facts in the case that cannot be satisfied by the discovery
that the computer program was malfunctioning. It is important that the auditor’s
investigation proceed with the approval of the owners.
The auditor can start preparing by gathering facts from his previous review of the
company’s operation and controls. He should gather facts which are highly indicative of
embezzlement of funds from the company. Such facts would be: a) the customer’s
check had been stamped on the back with an address stamp of the company instead of
the usual “for deposit only” company stamp, b) accounting records had been ripped
apart for some unknown reason and c) the order of payments that were reflected in the
accounts receivable program was not consecutive. These events go beyond the policy
of the company and must be investigated as to why they had occurred, how necessary
that such acts be done despite them being a clear violation of the company’s policy, had
such acts been authorized and who had performed them. The auditor must then present
such facts to the owners so as to satisfy them that a further investigation is indeed
necessary.
Having gained the owners’ approval, the auditor should gather sufficient reason
so to satisfy his doubt regarding such curious events. He can start by verifying that the
company’s account in the bank contains all deposits from the received checks from
customers. A bank statement or a bank confirmation request would suffice; however in
this case, the auditor is provided with a copy of a bank deposit ticket. The deposit ticket
which Debbie had presented was suspicious because it lacked the bank’s stamp which
would verify its authenticity, it was dated May 10 and the added up amount did not
correspond with the totals at the bottom of the ticket. He may, then, request for an end-
of-the-month, stamped bank deposit ticket through a letter of confirmation to the bank or
he may send the suspicious bank deposit ticket and verify its authenticity with the bank.
Pending the reply from the bank, the auditor can continue investigating by
inquiring as to the curious events that had caught his attention. He should inquire
Debbie as to why she had used the address stamp on that particular customer check
and whether she was authorized to use such stamp. Since no explanation can be
gathered as to why different amounts had been entered in the company’s records, the
auditor should perform alternative procedures. Moreover, the auditor must inquire why
there had been some sheets in the computer listing that were ripped apart at the
bottom, whether it was authorized and who had done it. The auditor must satisfy himself
with evidences that would rule out any suspicion regarding the events he had noted.
To resolve the issue of incorrect order of payments, the auditor should check
who has the function in recording and receiving payment. If only one person does both
tasks, he can further investigate to discover whether there could have been lapping
done. He can do this by sending confirmation letters from clients whether the balances
recorded correspond to their record. If there is negation, then we can further investigate
whether there is really lapping. If the auditor can prove that there was lapping, then
ripping apart of computer listing might now be explained.
Upon receipt of the bank’s response to the confirmation letter, the auditor should
then corroborate information from the records and the valid bank deposit ticket and
check for any undeposited check/s or cashed check/s. If there would be evidences as to
the latter, the auditor would have substantial proof of embezzlement of cash and that
the loss of money cannot be attributed to the malfunctioning of the system. The auditor
must then identify how the perpetrator concealed the fraud and who could have possibly
committed the fraud. The auditor should likewise recommend ways to amend the loose
internal control in the company and how they would be able to prevent such loss from
occurring again.
If there would be no evidences as to any undeposited or cashed check/s the
auditor must still be able to reconcile as to why the AR control account and the
summary totals per AR subsidiary ledger had not been in agreement. He should be able
to find out who is responsible for entering amounts in the AR subsidiary ledger and also
inquire if he has solely the authority to do so. If not, then the auditor should find out who
also had the same authority. Among those who control the AR subsidiary ledger, he
might try to analyse who could have the intention to do such thing and why. The auditor
should, then, perform additional procedures and recommend actions to be done in order
to secure that proper internal controls are being observed within the company.
The benefits of ACA #1 would outweigh the present expenses that need to be
incurred in order to set out and accomplish this strategy. The very source of the problem
would be located through the investigation and the recommendations that would result
from the auditor’s findings would resolve the causes and not just the “symptoms” of the
problem. There would also be evidence regarding the embezzlement and the person
responsible for this would be duly apprehended. Also, the company would be able to
provide additional measures to safeguard its cash and receipt of payment. As a result,
any instances of embezzlement in the future can be prevented, and improvements in
the supervision within the company can be suggested and acted upon. The costs of this
course of action can be thought of as an investment that would support the long-term
effectiveness and efficiency of the company’s operations.
Moreover, the necessary costs to be incurred in this course of action are possibly
more costly than the second alternative. However, more areas of consideration are duly
addressed in ACA #1; thereby, there is better assurance that more problems will be
dealt with accordingly.
Minor problems and the corresponding solutions:
1. How did the perpetrator, if there’s any, conceal the fraud?
Given that the company’s customers ordered the same quantity of crabmeat each
week, the prices for the crabmeat remained the same all year, and the quantity ordered
was always the same, the records should reflect a single, recurring dollar amount in its
records. In this case, $5,000 was the recurring amount reflected in the payment records.
Stealing checks and tampering records can be possibly done in this situation because
there is no variation as to the amount in each customer’s account. If each customer had
variation as to the amount they ordered from the company weekly, then such unique
value per customer can be easily traced to each one of them.
It does seem peculiar; however, that a check received on May 10 was only
recorded after the May 17 and May 23 checks. The dating was inconsistent; thereby,
the auditor was curious as to why it had been this way. Also, the improper segregation
of duties paved way for fraud to be concealed since the perpetrator might have the
authority to do incompatible functions such as recordkeeping and physical handling of
assets. Lastly, the perpetrator might have seen the malfunctioning of the system as an
opportunity to conceal the deception.
With such things in mind, a possible scenario can be concocted as to how the
perpetrator was able to conceal the fraud. The perpetrator could have recorded one
sale but kept the payment of the said sale. Because no payment was reflected for that
account, the perpetrator had to find a way to credit the account in order to avoid the
billing of such customer. Thus, the perpetrator could have credited the next payment for
a separate sale to the account from which he has stolen the payment (same as how it is
done in lapping). In order to resolve the problem as to the next sale having no credited
payment, the perpetrator could have possibly not recorded the sale itself. He is then
able to avoid the problem of arising AR balances from the customer whose payment
was not recorded which would warrant a bill to be sent to such customer.
2. Who could have possibly committed the fraud?
The fraud could have been committed by one who has access to the checks (or
cash) and the accounting records, who can prepare bank deposits and make actual
deposits, and who can input summaries into the general ledger program. Among the
individuals in the case, the persons who had such functions were Susan and Debbie.
However, since Susan was the one who hired the fraud auditor in order to locate the
problem, Susan can be crossed out of the list.
Therefore, Debbie is the only one who could have possibly committed the
embezzlement of cash. She had access to cash and helped record the receipt of cash
in the records. She also admitted that she sometimes used the address stamp instead
of the “for deposit only” stamp which was the proper stamp to use in order that the
checks be all warranted for deposit only. Using the address stamp would mean the
check would be delivered to the company and whoever could get hold of it can encash it
right away. Also, she was only able to present a copy of a bank deposit ticket which had
not been properly stamped by the bank and the amounts added up did not correspond
to the total at the bottom of the ticket. This could mean that the bank deposit ticket was
invalid or tampered with.
3. If there was really embezzlement, was the company’s delegation of tasks a
contributing factor?
The company’s delegation of tasks was a huge contributing factor to the
occurrence of fraud. In fact, the delegation of tasks was not the only factor that
contributed to an opportunity for fraud within the company. The internal control of the
company had its lapses and must be dealt with accordingly.
4. What can be done in order to prevent the embezzlement to occur again?
The fraud could have been prevented in the first place if the internal controls had
been working and monitored by management. However, there had been problems in the
physical controls in their system as discovered by the auditor. Clearly, the internal
control activities of the company need improvement. Enumerated below are the
recommendations to each internal control activity of the company:
TRANSACTION AUTHORIZATION The checks to be deposited should
pass by authorization for deposit from a person not performing the deposit of
the checks in the bank. The same person should prepare a list of checks that
are clear for deposit so that such list can be compared with the records and
the bank deposit tickets in order to verify the completeness of checks
deposited in the bank. From the four persons involved in the case, John
should be the assigned person for the job since he does not have any
recording function.
SEGREGATION OF DUTIES As emphasized above, the duties assigned
to each person in the company played an important part in determining
whether fraud could have occurred. In the case of this company, the custody
of assets should be separate from the record-keeping responsibility. Also, the
keeper of records as to sale and receipt of payment is better off separated
because the accounts receivable program in the minicomputer cannot permit
the segregation of such tasks.
SUPERVISION There should be strict supervision especially when such
small company only employs few people in its operations. Segregation of
duties is difficult to accomplish in a small company.
ACCOUNTING RECORDS The manual sales invoices should be pre-
numbered for convenience in checking whether all invoices had been
recorded.
ACCESS CONTROLS The person in charge of record-keeping should not
have access to cash and other assets. Preferably, such person should also
not have access to important documents received from the bank (e.g. bank
deposit ticket) which are used in the audit trail.
INDEPENDENT VERIFICATION The company does prepare daily sales
reports which summarize the company’s business activity. However, they
made a mistake in assigning Debbie to such preparation of sales report which
she could falsify in order that she could cover up her theft of cash. The sales
report should be prepared by the person in charge of shipping the crabmeat
to their customers who, in this case, is Tommy.
5. What will be the future consequences if the fraud really happened but the company
did not pursue in trying to discover it?
If the company would not have pursued in preventing the fraud that had
occurred, it would have a negative impact on the future operations of the company. The
effect of such fraud would be long term. The company’s income can possibly have a
downward trend. As long as the perpetrator of fraud is still in the company, there is a
possibility that the amount of cash embezzlement would have an upward trend.
Knowing that the management had not taken any action to stop the embezzlement, but
instead just ignored it, it would be possible that it could open an opportunity to the
perpetrator to commit another type of fraud.
e. Learnings and Take-Aways
The case is about a company, involved in crabmeat processing, discovering a
discrepancy in the AR control account and subsidiary ledger. They hired a fraud auditor
in order to investigate who or what could have caused it. During the investigation, the
auditor found out some lapses that could show evidence that fraud really materialized.
Susan, having the gut feeling that the system was the cause for the discrepancy,
consulted RadioShack to check whether her inference was true. When the RadioShack
confirmed it, the company did not bother to investigate further if there was really fraud
and decided to focus their attention in re-entering transactions on the system. However,
the auditor felt “differently”.
Since the auditor’s feeling is different from the company, there arises a conflict.
Was the malfunctioning of the system the real or only cause of the discrepancy? This
was the major problem in the case because the auditor has not yet reached a
reasonable assurance of the conclusion made by the company, and yet they already
stopped further investigation. Efforts in solving the major problem may justify that the
malfunctioning of the system is the real cause or may refute the company’s assertion
and prove that there was in fact embezzlement. Minor problems also emerged along
with the major problem, with the assumption that fraud really did exist. These are: who
the perpetrator was, how he could have concealed fraud, how the delegation of tasks
became a contributing factor to fraud, what preventions should be made in order for
embezzlement not to occur again, and what future consequences that the company will
suffer if they did not pursue in trying to discover it.
Before alternative courses of action can be formulated, consideration of the facts
is important in order to have basis for such alternative actions. These are: (1) the
company’s customers ordered the same quantity of crabmeat each week and the prices
for the crabmeat remained the same all year, (2) they send weekly invoice to the
customers, and so the customers pay weekly as well, (3) the four modules that made up
the whole system were not integrated, (4) the manual sales invoices were not pre-
numbered, (5) the summary totals from the report did not coincide with the total amount
in the general ledger program, (6) sheets from the computer listing had been ripped
apart at the bottom, (7) a customer’s check had been stamped on the back with an
address stamp of the company instead of the usual “for deposit only” company stamp,
(8) the order of payments that were reflected in the accounts receivable program was
not consecutive, and (9) amounts in the bank deposit not properly stamped, when
added up doesn’t correspond to the total at the bottom of the ticket.
The first course of action was to investigate and confirm deposit. First, he needs
to convince the owners that fraud existed by working on the facts he gathered. When he
gets their permission, he could then proceed to verify whether the checks were really
deposited to the bank. If he finds out that some of the checks were not deposited to the
bank, he can now have a convincing proof that embezzlement of funds did happen.
After which, he can proceed in finding out who could be the perpetrator and how he had
concealed it. However, if he finds out that all checks have been deposited, then his
recourse is to investigate why the computer listings of individual accounts in AR had
been ripped apart in the bottom and why the order of payment was not consecutive. The
greatest benefit of this action is the auditor will probably detect fraud and suggest
preventive actions for the future. The greatest cost would be higher compensation for
the auditor. But the benefits outnumber the costs so it is a reasonable course of action.
If the first course of action proves to be futile and impossible because of
insufficient evidence, the auditor can proceed with justifying the conclusion of the
management that the system’s malfunction was the cause of the discrepancy. He may
do this by inquiring RadioShack what specific modules suffered glitches. He can also
inquire what could be the causes of the system breakdown in order to prevent this from
happening again. And if all the modules malfunctioned, the company can decide
whether to retain the system made by RadioShack or to find another system. He can
also inquire about the segregation of duties—who authorizes transaction, records it, and
has physical custody of assets. If the auditor finds incompatible functions done by a
single employee, then conclusion can be drawn out that there could have been
manipulation of records and theft of assets. The greatest benefit that this action can
give is the auditor will be able to justify that the malfunctioning of the system was the
real cause of the discrepancy and the cost would be the compensation of the auditor.
From the two mutually exclusive courses of action, the former proved to be the
better choice since it is able to address more areas of consideration in this case, and it
is important that they must be addressed because there is an issue as to the
effectiveness and efficiency of the company’s internal control. True, there was a system
breakdown but the internal control of the company was more inclined into opening
opportunities to theft. Next, audit trail in the former course of action is more observable
than the latter. Lastly, the compensation for the auditor in the former might be higher but
the long-term benefits outweigh the cost as the auditor will also recommend improving
their internal control to prevent fraud to materialize again.
With regards to the minor problems, the perpetrator could have concealed fraud
in several ways. He could have done it by taking opportunity of the weak internal control
of the company and the malfunctioning of the system. The possible perpetrator could be
someone who prepared bank deposit tickets and made actual deposit in the bank, who
recorded receipt of cash and checks, and who had access to the individual accounts.
Debbie is the one who does these functions. More or less, she can be the most
convincing suspect that the auditor can have. The delegation of tasks was a huge
contributor of fraud in the company since it allowed the same person to do numerous
incompatible functions. The fraud can be prevented from occurring again by
implementing physical controls such as transaction authorization, segregation of duties,
supervision, audit trails brought by accounting records, direct and indirect access
controls, and independent verification. The inaction of the company might open new
opportunities for the perpetrator or any other individual to commit fraud again and the
company might suffer greater losses.
It is being learned in this case that prevention is really better than cure. If only the
company could have strengthened their internal control, the opportunities for fraud
might be narrower. Curing a mistake is never easy since you have to find out many
things: how can it be detected and corrected, how did it occur and who is held
responsible. And sometimes, companies are faced with a dilemma of prioritizing cost
savings (short-term) over finding the truth as to the matter.
The real issue in this case is how brave and determined the company is to know
the truth behind a questionable circumstance. Yes, Susan and Debbie confirmed their
inference to RadioShack but did not seek second opinion and they stopped right there
even when Susan knew there were peculiar and intriguing facts that were unleashed by
the auditor. Susan and John could have pursued the investigation but instead, they
made themselves contented of the findings of RadioShack. Who could blame them?
Continuing the investigation would entail costs to the company and might add problems
of finding another employee to replace the perpetrator. Hence, they might have been
afraid to verify the truth.
Most of us experience the same thing. Even if we still can do something to know
what the truth is, we make ourselves believe that being safe is already enough. For
John and Susan, it was safer to blame the discrepancy to the system and go on with the
operations as if nothing happened. They were afraid of what changes might further
investigation bring them. They were afraid to lose one of their staff, or incur greater
costs. But these benefits are short-lived as they would realize that the perpetrator may
do that again and again without being detected and company will suffer greater losses,
in the long-term. Most of us would rather continue doing the familiar and not taking risks
because we are afraid what events might spark if we trigger change. But later on, we
would realize that the benefit of continuing the familiar is short-lived like the decision of
Susan and John, for change is indeed inevitable. Like Susan and John, the possibility to
larger chunks of money stolen increases as they tolerate more and more weak internal
controls. It will cost us more if we let time pass by ignoring truth for it will later come out,
no matter how much we suppress it. And by that time, we would not know that it already
took greater value from us—greater than we could have expected.