Today I provide three receipt fraud tests to perform in audits.
After my last fraud post regarding disbursement fraud tests, my LinkedIn friends asked two questions:
1. Shouldn’t auditors design fraud tests based on their risk assessment work?
2. Why focus just on disbursements?
In response to 1.: Absolutely. Fraud tests should not be picked willy-nilly. They should be designed in response to control weaknesses identified in your risk assessment work (e.g., transaction walk-throughs) and in prior audits.
In response to 2.: The first post was just a beginning. This post will focus on receipts (and billings). The fraud tests I’m providing are designed to stimulate thought and are not, by any means, comprehensive (there are hundreds of potential fraud tests).
So let’s jump in. Here are three receipt fraud tests.
1. Test adjustments made to receivables
Theft of cash is commonly achieved by persons writing off (or writing down receivables) and then taking the related payment. Receivables are adjusted to ensure that the customer will not receive a bill that reflects an unpaid balance.
How to test?
Obtain a download of receivable adjustments for a period of time (e.g., two weeks) and see if they were properly authorized. Review the activity with someone outside of the receivables area (e.g., CFO) who is familiar with procedures but who has no access to cash collections.
If there are multiple persons with the ability to adjust receivable accounts (quite common in hospitals), compare weekly or monthly adjustments by person.
Agree receipts created with the bank deposits.
2. Confirm rebate (or similar type) checks
When checks are not received at a central collection area (e.g., rebate checks sent to purchasing agent), there is an increased risk that the checks will be stolen.
How to test?
Determine who provides rebates (or similar non-receivable) type checks. Send a confirmation of payments to the paying company and compare the confirmed amounts with activity in the general ledger.
This type of theft is more prone to occur in larger organizations where checks are sometimes received by executives (e.g., hospitals). The executive receives the check in the mail, keeps it for a while (in his desk drawer – in case someone asks for it), sees that no one is paying attention, and then steals and converts the check.
3. Search for off-the-book theft of receipts
The fraudster may bill for services through the company accounting system or an alternative set of accounting records and personally collect the payments.
How to test?
Compare revenues with prior years and investigate significant variances. Alternatively start with original source documents and walk a sample of transactions to revenue recognition, billing, and collection.
Here are a few examples of actual off-the-book receipt thefts:
An auditor detected a decrease in police fine revenue in a small city while performing audit planning analytics. Upon digging deeper, he discovered the police chief had two receipt books, one for checks that were appropriately deposited and a second for cash going into his pocket.
A hospital CFO, while performing reorganization procedures, set up a new bank account specifically for deposit of electronic Medicaid remittances. He established himself as the sole authorized bank account check-signer. Strangely, the bank account was never set up in the general ledger. As the Medicaid money was electronically deposited, the CFO transferred the funds out to build a nice home on Mobile Bay, purchase new cars, and pay for gambling trips.