When Jerome Kerviel caused some $7.2 billion in losses for the French bank Societe Generale in January 2008, the subsequent investigation showed that two basic rules of internal control had been broken and had enabled the trader to avoid the attention of his managers.

One of them was described on Bloomberg.com by Kerviel himself when he spoke with investigators: “The simple fact that I didn't take vacation days in 2007 should have alerted my managers. That’s one of the first rules of internal controls. A trader who doesn’t take vacation is a trader who doesn’t want to leave his book to someone else.”

The second rule was broken when Kerviel knew the specific days when checks on trading activity were conducted to detect large and overly risky trading positions. He would hack into the bank’s computer systems to get around the checks when they occurred. The rule is: Do not be predictable in audit procedures; don’t adjust to client schedules or announce the timing, location or nature of the procedures.

Other rules that would apply in this and other situations that often confront CPAs include:

• Make it harder for anyone to determine the mechanisms used by the auditor in detecting fraud;
   
  and
   
• Think in terms of a worst-case fraud scenario for the client (i.e., look for fraud).

Fraud often goes undetected until it’s too late, partly because it is committed by employees who are trusted and whose activity is not verified. There is a natural human tendency to assume that one’s associates and co-workers are basically honest, but this assumption can lead to a climate of denial in which fraud is difficult to detect.

A study by Hollinger and Clark of 12,000 employees over a 20-year period found that 90 percent of them engaged in workplace behaviors like sick-time abuses, pilferage, workplace slowdowns and shirking assigned work. More surprisingly, one-third of employees had stolen money or merchandise from employers, as reported in a February 2001 Journal of Accountancy article by Joseph T. Wells. The assumption that “our people wouldn’t do that” is often incorrect.

There are a number of warning signs indicating that a person may be at risk of committing fraud. These include:

• unresolved financial problems,
• compulsive gambling,
• alcohol or drug abuse, and
• close relationships with a supplier who might conspire in a fraud.

Other signs that should cause concern include employees who:

• never take a vacation,
• work late all the time,
• constantly seem to live beyond their means, and
• are secretive about their work.

One of the most common reasons employees commit fraud has to do with motivation – the more dissatisfied the employee, the more likely he or she is to engage in criminal behavior. Employees who feel unfairly treated and harbor resentment toward their employers often rationalize embezzlement as “getting back what they owe me.”

CPAs should make every effort to advise and warn clients about fraud risks. CAMICO recommends two types of letters in this area:

1. Engagement letters for all types of engagements, to help bridge the “expectation gap” between what the client expects and what the CPA delivers. Clearly spell out the work you and others will perform and what you expect from the client. Describe the limitations of the work, especially as it pertains to detecting fraud.
2. Advisory letters, to warn clients about the general risks, to suggest steps clients can take to reduce risks, and to offer annual CPA services to help reduce the risks.

An informed client is better able to avoid fraud. If fraud is later uncovered, the CPA has documented evidence of the warning. Clients also need to be notified of “loose ends” such as sloppy bookkeeping and late bank reconciliations.

On the bright side, many clients expect their CPAs to give them advice about potential weaknesses in their financial operations. When CPAs meet this expectation, they increase their perceived value and create practice opportunities.

Reprinted with permission from CAMICO. © All rights are reserved.

About the Author
Ron Klein, JD, CFE, is vice president-claims counsel with CAMICO Mutual Insurance Company (www.camico.com). He is responsible for advising the claims department, especially on high exposure claims, and is the chief claims strategist.