In
my professional career as an auditor of community associations I have been
involved in the investigation of approximately 20 embezzlements (embezzlement
being one form of fraud, the most common form in the community association
industry) over the years. Most frauds are not discovered by
auditors, but are found based on internal reviews or tips from employees.
Contrary to what many people believe, discovery of fraud is NOT the primary
goal of an audit; the audit is intended to determine the (relative) accuracy of
the association's financial statements. CPAs performing audits have an
obligation to consider the possibility that fraud may exist in the performance
of our procedures.
At
the core of any form of fraud are three underlying factors referred to as
the "Fraud Triangle."
·
Incentive to
commit fraud
·
Opportunity to carry
out the fraudulent act
·
Ability to rationalize fraud
The incentive to
commit fraud is normally caused by personal financial pressures that can't be
relieved by ordinary, legitimate means. Such pressures are often caused
by divorce, health issues, bad investments, gambling, or addictions.
The opportunity to
commit fraud exists where there are weaknesses in financial processes; internal
controls over financial transactions.
Rationalization of
fraudulent activity takes place where an individual thinks they are justified
in taking money because they are underpaid or under-appreciated, or
because it is for their family, or because it's just temporary and they intend
to pay it back.
Exposure
to fraud, or risk of fraud, differs depending on type of organizations and
processes used.
1.
Smaller, self- managed associations that depend on
directors/members to process transactions have a higher degree of risk because
there is usually no one reviewing the transactions. The association is
completely dependent on the honesty of the member. Risk is reduced if an
outside contractor performs some or all of the accounting function.
2.
Larger, self-managed associations that employ staff usually
have the issue that no more than one or two people are involved in the
accounting process, so there is little, if any, segregation of duties, which is
one of the cornerstones of strong internal controls. Use of outside
lockbox and payroll services help reduce risk.
3.
Associations that employee an outside management company
enjoy some level of automatic protection against internal fraud
risk. Most management companies have a sufficient number of staff in
their employ that they can achieve an adequate segregation of duties.
However, use of an outside management company exposes the
association to risk of fraud at the management company level.
Fortunately, that occurs very infrequently.
In
all instances, the association should make sure that they have adequate
insurance to mitigate losses. Consult with your HOA insurance specialist,
as different kinds of insurance policies may be required depending on which of
the three categories above that you fall into.
Regular
review of association financial statements by a knowledgeable board or finance
committee member is another action that limits ability by anyone to divert
funds. Consistently late delivery of financial statements to the board or
finance committee is another potential sign of problems. Make sure that
the association gets an annual audit or review of financial statements.
Even though those engagements are not specifically designed to detect
fraud, discovery can occur during this process.
Weaknesses
in internal financial controls cover a very wide range of activities, but there
are a few generalizations that exist.
Money
can be diverted from either the billing/cash receipts cycle or the
purchase/cash disbursements cycle of financial transactions. One of the
"tracks" that perpetrators often leave are "journal
entries" in the general ledger to cover up funds diverted. Example -
assessment payments received in the form of cash can be diverted, but a journal
entry must be made to show the account as "paid" in the receivables
listing. Reviewing general ledger accounts for cash, assessments
receivable, and accounts payable should normally not show any general journal entries,
as all entries to these accounts should come from billing journals, cash
receipts journals, purchase journals, or cash disbursement journals.
General journal entries in these accounts are a red flag.
Using
an outside bank lockbox system is one of the best ways to reduce risk on the
billings/cash receipts cycle of transactions, as it eliminates the most common
methods of diverting funds
No comments:
Post a Comment