You are on page 1of 4

Date: March 3, 2013 To: The Director of Internal Audit, Dentistar Inc.

From: Kathryn Wolf, Staff Auditor Subject: Internal Controls Assessment Report Western Region

Background: Dentistar Inc. operates with four regional offices located in Pittsburgh, PA (Central Region and corporate Headquarters), Boston, MA (East Region), Atlanta, GA (South Region), and Los Angeles, CA (West Region). The majority of accounting functions are performed at the corporate Headquarters in Pittsburgh but management at each regional office has the ability to manually issue checks when time constraints do not allow for a check to be processed through the accounts payable system and sent from the home office. The records for each disbursement made at the regional offices are sent to the corporate headquarters each month for reconciliation and to aid in planning future cash needs for each regions checking account. Over the past few months, the operating bank account for the West Region has been receiving overdrafts and management of the West Region has been issuing a larger volume of manual checks when compared to the other three regional offices. Purpose: An internal controls audit will be performed to determine if the West Region office is in compliance with Dentistar Inc.s internal control policies and procedures. This audit will also assess the current internal control policies and procedures to determine if they are effective for preventing fraudulent behavior by employees. Scope: The scope of this audit is examine recent bank overdrafts resulting from the West Regions issuing of manual checks for subscriber termination refunds and expedited payments of operating expenditures. Our team began the internal control audit by reviewing Dentistar Inc.s company policies and procedures regarding managements ability to issue manual checks. We then conducted employee interviews and reviewed corroborating documentation. Findings: Subscriber Termination Procedures The first control weakness our team discovered is in the preparing of the Request for Payment Adjustment form. This form is currently prepared by the Finance Coordinator. The Finance Coordinator should not have the functions of preparing requests for payments and issuing checks because this would enable the creation of fictitious documents which would result in payments being made to the unapproved payee. We suggest the duty of preparing the Request for Payment Adjustment form should be given to the Executive Assistant. This would separate the creation of supporting documentation and check issuing which would reduce the companys fraud risk. The second control weakness our team discovered is a lack of segregation of duties in the custody and reporting of payments. The Finance Coordinator is responsible for issuing the checks and recording the transaction. These two duties together expose the company to check fraud which involves concealing payments made to unapproved payees. We suggest separating

these duties by requiring the recording function to be performed by the Administrative Clerk. This will lessen the ability to conceal check issuing fraud. The third control weakness our team discovered is the failure of the Director of Administration to perform online checks in the subscriber tracking system to ensure the refund request is from a legitimate subscriber before approving the payment. Currently, approval is granted based on the documentation prepared or created by the Finance Coordinator. We suggest a policy requiring online checks be made before approving any requests to minimize the risk of fictitious requests being approved. The fourth control weakness our team discovered involves the handling and storage of the original documentation refund requests. Currently the original documentation is stored at the West Region office and only a copy of the Request for Payment Adjustment form is sent to the Computer Information Systems Group at the corporate offices. This could allow for false documentation with fictitious refund amounts to be sent to the corporate offices while the real documentation is hidden or destroyed to conceal fraud. We suggest all the original documentation be sent to the Computer Information Systems Group at the corporate offices. This would reduce the ability to conceal fraudulent refund requests. A strength we discovered involves the subscriber tracking system. All West Region personnel are limited in their ability to edit subscriber information. All personnel are only able to update subscriber addresses and initiate transfers of subscribers to different dentists. By only allowing certain personnel at the corporate offices to create or remove subscribers, Dentistar has greatly reduced the opportunity for fraud through the creation of fictitious subscribers. Another strength found in the Subscriber Termination Procedures is limiting the authority to sign checks to only the Director of Administration. By giving the authority to sign checks to only one person, Dentistar has greatly reduced the risk of unauthorized checks being issued for fictitious Request for Payment Adjustment forms created for the purpose of committing fraud. Expedited Operating Expenditures The first control weakness discovered involves the current flow pattern of documentation through the approval process. Check request forms are first reviewed by the Finance Coordinator, then approved by the Director of Administration, and then returned to the Finance Coordinator who issues the check. This flow pattern could allow for documentation to be added, removed, or changed before or after approval because the documentation is handled by the same person before and after approval. We suggest transferring the duties of reviewing the Check Request form and supporting documentation for completeness to the Executive Assistant who will then submit it to the Director of Administration for approval. The second control weakness discovered involves check issuing and recording functions. Currently, the Finance Coordinator is responsible for both duties which could enable him to conceal fraud. We suggest transferring the recording duties to the Administrative Clerk. By dividing these duties up between two people, the company will greatly reduce their risk by making it harder to conceal fraud. The third control weakness we discovered involves the relationship between the Director of Administration and the Finance Coordinator affecting the review and investigation into significant variations between the actual profit and loss figures and the ones budgeted for the year. During an interview conducted with the Director of Administration, she praised and shared that she places great reliance on the Finance Coordinator. This high opinion that the Director of

Administration has of the Finance Coordinator would make her less effective when reviewing documentation that may contain fraudulent acts performed by the Finance Coordinator. We suggest having a person from another regional office, someone from corporate, or an outside person responsible for investigating any significant variations between profit and loss statements and budgets. This would remove any bias on the part of the investigator. The fourth weakness we discovered involves failing to use the cancelled checks when performing bank reconciliations. Currently the volume of cancelled checks is too great to use for reconciling so the checks are separated from the bank statements and filed away with no one comparing any checks to accounts. We suggest taking a random sampling of checks each month and comparing them to the general ledgers to ensure the accuracy and check for fraudulent transactions. This would also be a useful tool for deterring fraud. A strength we discovered is the personnel authorization restrictions placed on the general ledger system. The West Region employees are not authorized to edit transactions or balances recorded in the general ledger system. This lack of authorization greatly reduces the risk of concealing fraudulent activities. Another strength we discovered involves the cancelled checks and monthly bank statements being sent directly to the corporate accounting personnel in Pittsburgh. By performing the bank reconciliations at the corporate level instead of the regional level, the risk of being able to conceal a fraud greatly reduces. Transactions Requiring Further Investigation Check 1142 - According to the check stub, this check was issued on 12/30/96 in the amount of $192.40 to the U.S. Postage Service for the purchase of postage. However, the payee on the cancelled check returned from the bank is Tom Swindler, the Finance Coordinator for the West Region office. Check 1265 - According to the check stub, this check was issued on 1/22/97 in the amount of $125.44 to Quiks Supply for the purchase of supplies. However, the payee on the cancelled check returned form the bank is Rob Howard. Check 1710 - According to the check stub, this check was issued on 6/3/97 in the amount of $118.19 to the U.S. Postage Service for the purchase of postage. However, the payee on the cancelled check returned from the bank is Bob Turner. Check 1769 According to the check stub, this check was issued on 6/13/97 in the amount of $101.60 to Bob Turner for a patient refund. A review of supporting documentation shows that adequate documentation for this refund is present. However, after reviewing the list of West Region Subscriber Terminations (11/1/96 through 10/31/97) provided by corporate, there is no record of corporate headquarters terminating a subscription for Bob Turner. Check 1922 - According to the check stub, this check was issued on 6/25/97 in the amount of $92.80 to North Central Electric for utilities. However, a check for the same payee, same amount, and same purpose was issued 2 days earlier and the payee on the cancelled check returned from the bank is Bob Turner. Check 2395 - According to the check stub, this check was issued on 8/1/97 in the amount of $200.16 to Lawn Valley for lawn service. However, the payee on the cancelled check returned from the bank is Tom Swindler, the Finance Coordinator for the West Region office.

Conclusion: It is my opinion that the internal controls at the West Region office are weak and I assess the West Region offices risk for fraud as high. This assessment has been made based on the lack of segregation of duties involving custody and recording of payments. The Finance Coordinator is involved in all stages of the payment process, with the exception of final authorization. Also the Director of Administration relies heavily on the Finance Coordinator to check for supporting documentation and accuracy which results in the Director of Administration not performing all required checks herself before approving payments.

You might also like