|
Fraud takes motivation and opportunity. If both are not present, fraud cannot occur. The board of directors cannot control the motivation; that comes from the fraudster. The association board can , however, control the opportunity. In the tight economic conditions that now exist with foreclosures, tight credit and job layoffs, every board needs to be diligent in watching and guarding association moneys.
Most of the typical fraud types and characteristics discussed by the fraud experts do not apply to common interest developments since their revenue stream is very predictable and the volume of expenses is small. This is the main reason that the annual CPA review engagement is usually sufficient for associations and an audit is not necessary. The board on a monthly/quarterly basis can compare the revenues and expenses to budget and to the prior year and get a pretty good feel whether the financial reports are reasonably correct.
Profile of a Defrauder
Typically a defrauder, or a person planning to perpetrate a fraud, is a trusted long-term employee, not someone newly hired or a flashy, slick operator. The defrauder is someone who knows the association and its systems well, and knows how to get around the controls that are in place. However, what sets him or her apart from the ideal employee is the change in circumstances that makes him or her look to the association as a target for theft. This could be sudden money problems stemming from a spouse’s loss of job, new extravagant life style, sudden medical bills, stock market reversals, gambling debts, and/or alcohol or drug abuse. Often they think of what they do as a temporary borrowing or loan from the association. They will rationalize it by thinking they deserve the "extra" funds because they are underpaid or under-appreciated. Or they may seek to take revenge on a board that has thwarted them in some way.
Internal Control: The Key to Success
The system of internal controls, the checks and balances, is what either keeps the fraud from taking place or allows it to happen. By setting up and using a system where no one individual alone is completely responsible for the intake or dispersal of money, the association will be protected from most significant fraud. There may still be the disappearance of office supplies, small tools, the unauthorized use of the association telephone for personal long distance phone calls, but the significance of these pale against the theft of association cash and cash equivalents.
Generally the safeguards over association cash receipts are good because little cash is received by most associations. Usually assessments are paid by checks, and many payments go directly to a bank lockbox so there is no opportunity for someone to misappropriate the money coming in. However the board needs to discuss with the bank their procedures to ensure that the checks are properly applied to the association’s bank account.
If the cash does not go directly to the bank but rather to the treasurer or manager, more oversight procedures need to be installed. First, the person receiving the cash cannot be the one signing checks and reconciling the bank account. There needs to be a verification trail showing that all the cash received was deposited and that it was also credited to the proper owner or other account, such as the monthly laundry receipts. This is also made easier when an association has a policy that all monies coming in must be in the form of checks or money orders, not cash.
If receipts of cash are significant, procedures to safeguard the cash must be set up. These procedures would include cash counts, some sort of register and frequent bank deposits. If your association has significant cash receipts, then work with your association CPA to set up and maintain a good system of internal control over the cash. Generally cash coming in is not significant in associations when compared to the money coming in by check or automatic payment so that it does not become an issue in a review or an audit of the financial statements.
Cash going out, or cash disbursements, is the other area of exposure. The most common and logical method for covering cash embezzlement is the false debit. The trusted employee (let’s call him Sam, an authorized check signer) makes out a check for , say $500, to himself or his own phony company but indicates in the books that the check is voided. Then when Sam records the check for perhaps the gardener or someone else, he records that invoice at $500 more so the checkbook will balance. Lastly, Sam has to prepare the bank reconciliation so that he can destroy the check to himself and mark the gardener’s, or whoever’s check as properly cleared since the amounts net out. If Sam could not sign the check himself, he could not perpetrate the fraud.
Sam may need to have Jerry, the president, also sign the checks because the checks require two signatures. But if Jerry signs blank checks, or never really looks at what he is signing, the control is thwarted. The bank cannot be relied upon to check the signatures because the volume of checks they process is so great. Every check signer has an obligation to review the documentation supporting the disbursement. In addition each signer should note his or her review on the documents in the form of a signoff of some kind (initialing or signing or something and making sure that the check number, date, and account coding are noted somewhere on the payment package) that signifies approval of the payment. If multiple invoices are paid at one time, the amount paid is also good to note. In the above example there would be two chances for Jerry to catch Sam’s fraud. The first check would have no support and the second one would not match the invoice. Even if false invoices were presented to Jerry, one would hope that he would remember that the usual payment to Carson Landscaping Inc was a lesser amount, and/or that the monthly payment had already been paid.
California Civil Code calls for the board to review the bank statements at least quarterly so that such items can be readily caught. But that means that the reconciliation and bank statement must be closely reviewed. The treasurer or someone other than the bookkeeper could periodically, without warning and on an irregular basis, prepare the bank reconciliation. That way "Sam" would not be able to cover his tracks. However, if the board chooses not to prepare the bank reconciliation, a board member should at least inspect the cancelled checks or the copies sent by the bank with the statement. It is very hard to eliminate one of the returned checks when they are one of many micro-sized on a bank statement. Check out who the payees are-why is there a check to Carson Landscaping Inc. and another for the same amount to CLI. The board can even call Carson Landscaping Inc. to see if they are getting checks from you for CLI. If the board members are doing their job, this sort of embezzlement should be caught in the first quarter it is started.
Another form of control would be to have the bank statement mailed directly to a board member who would open and examine it before giving it to the bookkeeper or treasurer for reconciliation. This would not eliminate the need to review the reconciliation on a quarterly basis, but it would ensure that the statement could not be altered without notice and cancelled checks could not be removed.
The Civil Code mandated budget-to-actual comparison should also show a budget discrepancy as the embezzlement unfolds. The defrauder has to make the cash balance; therefore the money has to be expensed somewhere. Association budgets are tight. Small differences can be noted and addressed. This comparison needs to be done quarterly so that any problems are promptly addressed and corrected. If the defrauder knows that the procedures are done frequently and thoroughly, there is much less temptation since they will know that they will be caught quickly.
Timely Reports
The board should be getting the association financial statements and bank reconciliations within the month following the month end. If this is not happening, and it is a regular occurrence, the board needs to consider changing its financial arrangements so that they, the board members, can perform their fiduciary duties. "Within the following month" is not a hard and fast rule, but the reason for the delay needs to be very good-like a change in management, a natural disaster or the like. Sometimes at year-end it takes longer, but preliminary statements should be ready on the regular monthly schedule. In short, with proper vigilance the board can catch most frauds in short order if they are performing their duties. And by the board performing their duties, most defrauders will not be tempted to defraud the association because they do not want to get caught, and certainly not quickly!
The board must review the bank reconciliations for all accounts. This means the investments, certificates of deposit, treasury bills, savings accounts and so on in addition to the checking account(s). You need to see that statements are sent at least quarterly, although US Treasury statements are only sent when there is activity-a purchase, maturity or renewal. These are your largest cash accounts and as such must be reviewed quarterly. The Legislature recognized this when they mandated the quarterly review and required that at least two board members or an officer and board member must authorize reserve fund withdrawals. Some professionals believe this includes a transfer from one account to another even within the overall category of reserve funds, which is a good, conservative, cautious stance. Review the statements for the dollar amount (and the financial statement carrying value is the purchase cost plus investment/interest earnings, not the market value) and for the account title. The accounts should always be in the name of the association, not the manager or an owner or anyone else. If the account is not in the association’s name, then the association does not own it and someone else has control of it and can take it.
Working with Your CPA
Your CPA will look at your system of internal control during preparation of your annual review and, if you have an audit, will test those controls as well. But the CPA only comes in once a year. The board is required to review the statements at least quarterly. A lot of fraud can happen between CPA visits. If you suspect fraud from management or a fellow board member, call the CPA in to look at things early. Association CPAs want to be of service to their clients and dislike seeing anyone get away with fraud. But what a CPA cannot do is question the propriety of your management decisions. If you picked a bad contractor, and continued to pay the change orders for work not properly done but properly approved for payment, internal control is not the issue; but rather proper oversight is. And that issue is beyond the scope of this article.
Joelyn Carr-Fingerle is an accountant in Fremont, CA, with a large CID practice. She is a member of the Accountants Resource Panel, chairperson and member of the East Bay Resource Panel, and a former member of the ECHO Board of Directors.
|
