Case Description Beta Magnetic, a large company, experienced a fraud in the cash payments processed for employees’ supplementary medical benefit claims. Fictitious benefit claims were paid by the company, which self-insured up to $50,000 per employee for supplementary benefits costs (such as physiotherapy and acupuncture) not covered by other medical and benefits coverage plans. The expense account that included legitimate and false charges was “employee supplementary medical benefits.”
As manager of the claims payment department, Martha Lee was considered one of Beta
Magnetic’s best employees. She never missed a day of work in 10 years, and her department had one of the company’s best efficiency ratings. Controls were considered good, including the verification by a claims processor that (1) the patient was a Beta employee, (2) treatments were covered by the company-sponsored plan, (3) the charges ere within approved guidelines and not covered by another plan, (4) the cumulative claims for the employee did not exceed $50,000 (if over $50,000, a claim was submitted to an insurance company), and (5) the calculation for payment was correct.
After verification processing, claims were sent to the claims payment department to pay the medical practitioner directly. No payments ever went directly to employees. Martha Lee prepared false claims on real employees, forging the signature of various claims processors, adding her own review approval, naming bogus medical practitioners who would be paid by the payment department. The payments were mailed to various post office box addresses and to her husband’s business address.
Nobody ever verified claims information with the employee. The employees received no reports of medical benefits paid on their behalf. While the department had performance reports by claims processors, these reports did not show claim-by-claim details. No one verified the credentials of the medical practitioners. Over the last seven years, Martha Lee and her husband stole $3.5 million, and, until the last, no one noticed anything unusual about the total amount of claims paid.
Audit Trail The falsified claim forms were in Beta’s files, containing all the fictitious data on employee names, processor signatures, medical practitioners’ bills, and phony medical practitioners addresses. The cancelled cheques, “endorsed” by the doctors, were returned by the bank and kept in Beta’s files. Martha Lee and her husband were somewhat clever: They deposited the cheques in various banks in accounts opened in the names and identification of the “medical practitioners.”
Martha Lee did not make any mistakes in covering the paper trail. She drew the attention of an auditor who saw her take her 24 claims-processing employees out to an annual staff appreciation luncheon in a fleet of stretch limousines.
Audit Approach Analysis The auditor’s objective is to obtain evidence determining whether employee medical benefits “existed” in the sense of being valid claims paid to valid medical practitioners.
Controls relevant to the process are good as far as they go. The claims processors used internal data in their work—employee files for identification, treatment descriptions submitted by medical practitioners with comparisons to plan provisions and mathematical calculations. This work amounted to all the approval necessary for the claims payment department to prepare a cheque. There were no controls that connected the claims data with outside sources, such as employee acknowledgment or investigation of medical practitioners.
Describe in detail the audit procedures you would perform in this case. Consider tests of control and substantive tests, such as dual-purpose tests of transactions and/or tests of details of balance. Which tests do you consider likely to detect Martha Lee’s theft? Why?