Select any two topics and a

summary on those two topics and pages are 3 to 4 Fraud, Internal Control, and Cash 8 CHAPTER PREVIEW FEATURE STORY As the Feature Story about recording cash sales at Barriques indicates below, control of cash is important to ensure that fraud does not occur. Companies also need controls to safeguard other types of assets. For example, Barriques undoubtedly has controls to prevent the theft of food and supplies, and controls to prevent the theft of tableware and dishes from its kitchen. In this chapter, we explain the essential features of an internal control system and how it prevents fraud. We also describe how those controls apply to a specific assetcash. The applications include some controls with which you may be already familiar, such as the use of a bank. Minding the Money in Madison For many years, Barriques in Madison, Wisconsin, has been named the city's favorite coffeehouse. Barriques not only does a booming business in coffee but also has wonderful baked goods, delicious sandwiches, and a fine selection of wines. "Our customer base ranges from college students to neighborhood residents as well as visitors to our capital city," says bookkeeper Kerry Stoppleworth, who joined the company shortly after it was founded in 1998. "We are unique because we have customers who come in early on their way to work for a cup of coffee and then will stop back after work to pick up a bottle of wine for dinner. We stay very busy throughout all three parts of the day." Like most businesses where purchases are low-cost and high-volume, cash control has to be simple. "We use a computerized point-of-sale (POS) system to keep track of our inventory and allow us to efficiently ring through an order for a customer," explains Stoppleworth. "You can either scan a barcode for an item or enter in a code for items that don't have a barcode such as cups of coffee or bakery items." The POS system also automatically tracks sales by department and maintains an electronic journal of all the sales transactions that occur during the day. "There are two POS stations at each store, and throughout the day any of the staff may operate them," says Stoppleworth. At the end of the day, each POS station is reconciled separately. The staff counts the cash in the drawer and enters this amount into the closing totals in the POS system. The POS system then compares the cash and credit amounts, less the cash being carried forward to the next day (the float), to the shift total in the electronic journal. If there are discrepancies, a recount is done and the journal is reviewed transaction by transaction to identify the problem. The staff then creates a deposit ticket for the cash less the float and puts this in a drop safe with the electronic journal summary report for the manager to review and take to the bank the next day. Ultimately, the bookkeeper reviews all of these documents as well as the deposit receipt that the bank produces to make sure they are all in agreement. As Stoppleworth concludes, "We keep the closing process and accounting simple so that our staff can concentrate on taking care of our customers and making great coffee and food." 354 CHAPTER OUTLINE Discuss fraud and the principles of internal control. DO IT! 1 Control Activities Apply internal control principles to cash. DO IT! 2a Control over Cash Receipts 2b Petty Cash Fund Identify the control features of a bank account. DO IT! 3 Bank Reconciliation Explain the reporting of cash. DO IT! 4 Reporting Cash Go to the REVIEW AND PRACTICE section at the end of the chapter for a review of key concepts and practice applications with solutions. Visit WileyPLUS with ORION for additional tutorials and practice opportunities. James Pauls/iStockphoto 1 2 3 4 Learning Objectives Fraud The Sarbanes-Oxley Act Internal control Principles of internal control activities Limitations of internal control Cash receipts controls Cash disbursements controls Petty cash fund Making bank deposits Writing checks Bank statements Reconciling the bank account EFT system Cash equivalents Restricted cash 356 8 Fraud, Internal Control, and Cash LEARNING OBJECTIVE 1 Discuss fraud and the principles of internal control. The Feature Story describes many of the internal control procedures used by Barriques. These procedures are necessary to discourage employees from fraudulent activities. Fraud A fraud is a dishonest act by an employee that results in personal benefit to the employee at a cost to the employer. Examples of fraud reported in the financial press include the following. A bookkeeper in a small company diverted $750,000 of bill payments to a personal bank account over a three-year period. A shipping clerk with 28 years of service shipped $125,000 of merchandise to himself. A computer operator embezzled $21 million from Wells Fargo Bank over a two-year period. A church treasurer "borrowed" $150,000 of church funds to finance a friend's business dealings. Why does fraud occur? The three main factors that contribute to fraudulent activity are depicted by the fraud triangle in Illustration 8-1 (in the margin). The most important element of the fraud triangle is opportunity. For an employee to commit fraud, the workplace environment must provide opportunities that an employee can take advantage of. Opportunities occur when the workplace lacks sufficient controls to deter and detect fraud. For example, inadequate monitoring of employee actions can create opportunities for theft and can embolden employees because they believe they will not be caught. A second factor that contributes to fraud is financial pressure. Employees sometimes commit fraud because of personal financial problems caused by too much debt. Or, they might commit fraud because they want to lead a lifestyle that they cannot afford on their current salary. The third factor that contributes to fraud is rationalization. In order to jus- tify their fraud, employees rationalize their dishonest actions. For example, employees sometimes justify fraud because they believe they are underpaid while the employer is making lots of money. Employees feel justified in stealing because they believe they deserve to be paid more. The Sarbanes-Oxley Act What can be done to prevent or to detect fraud? After numerous corporate scandals came to light in the early 2000s, Congress addressed this issue by passing the Sarbanes-Oxley Act (SOX). Under SOX, all publicly traded U.S. corporations are required to maintain an adequate system of internal control. Corporate executives and boards of directors must ensure that these controls are reliable and effective. In addition, independent outside auditors must attest to the adequacy of the internal control system. Companies that fail to comply are subject to fines, and company officers can be imprisoned. SOX also created the Public Company Accounting Oversight Board (PCAOB) to establish auditing standards and regulate auditor activity. One poll found that 60% of investors believe that SOX helps safeguard their stock investments. Many say they would be unlikely to invest in a company that fails to follow SOX requirements. Although some corporate executives have criticized Opportunity Financial Pressure Rationalization Illustration 8-1 Fraud triangle the time and expense involved in following the SOX requirements, SOX appears to be working well. For example, the chief accounting officer of Eli Lily noted that SOX triggered a comprehensive review of how the company documents its controls. This review uncovered redundancies and pointed out controls that needed to be added. In short, it added up to time and money well spent. Internal Control Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives related to operations, reporting, and compliance. In more detail, it consists of all the related methods and measures adopted within an organization to safeguard assets, enhance the reliability of accounting records, increase the efficiency of operations, and ensure compliance with laws and regulations. Internal control systems have five primary components as listed below.1 A controlled environment. It is the responsibility of top management to make it clear that the organization values integrity and that unethical activity will not be tolerated. This component is often referred to as the "tone at the top." Risk assessment. Companies must identify and analyze the various factors that create risk for the business and must determine how to manage these risks. Control activities. To reduce the occurrence of fraud, management must design policies and procedures to address the specific risks faced by the company. Information and communication. The internal control system must capture and communicate all pertinent information both down and up the organization, as well as communicate information to appropriate external parties. Monitoring. Internal control systems must be monitored periodically for their adequacy. Significant deficiencies need to be reported to top management and/or the board of directors. 1The Committee of Sponsoring Organizations of the Treadway Commission, "Internal Control Integrated Framework," www.coso.org/documents/990025P_executive_summary_final_May20_e.pdf. Fraud and Internal Control 357 People, Planet, and Profit Insight Karl Dolenc/iStockphoto And the Controls Are . . . Internal controls are important for an effective financial reporting system. The same is true for sustainability reporting. An effective system of internal controls for sustainability reporting will help in the following ways: (1) pre-vent the unauthorized use of data; (2) provide reasonable assurance that the Informa- accounting policies. With these types of controls, users will have the confidence that they can use the sustainability information effectively. Some regulators are calling for even more assurance through audits of this information. Companies that potentially can cause environmental damage through greenhouse gases, as well as companies in the mining and extractive industries, are subject to reporting requirements. And, as demand for more information in the sustainability area expands, the need for audits of this information will grow. Why is sustainability information important to investors? (Go to WileyPLUS for this answer and additional questions.) on is accurate, valid, and complete; and (3) report information that is consistent with overall sustainability 358 8 Fraud, Internal Control, and Cash Principles of Internal Control Activities Each of the five components of an internal control system is important. Here, we will focus on one component, the control activities. The reason? These activities are the backbone of the company's efforts to address the risks it faces, such as fraud. The specific control activities used by a company will vary, depending on management's assessment of the risks faced. This assessment is heavily influenced by the size and nature of the company. The six principles of control activities are as follows. Establishment of responsibility Segregation of duties Documentation procedures Physical controls Independent internal verification Human resource controls We explain these principles in the following sections. You should recognize that they apply to most companies and are relevant to both manual and computerized accounting systems. ESTABLISHMENT OF RESPONSIBILITY An essential principle of internal control is to assign responsibility to specific employees. Control is most effective when only one person is responsible for a given task. To illustrate, assume that the cash on hand at the end of the day in a Safeway supermarket is $10 short of the cash entered in the cash register. If only one person has operated the register, the shift manager can quickly determine responsibility for the shortage. If two or more individuals have worked the register, it may be impossible to determine who is responsible for the error. Many retailers solve this problem by having registered with multiple drawers. This makes it possible for more than one person to operate a register but still allows identification of a particular employee with a specific drawer. Only the signed-in cashier has access to his or her drawer. Establishing responsibility often requires limiting access only to authorized personnel, and then identifying that personnel. For example, the automated systems used by many companies have mechanisms such as identifying pass-codes that keep track of who made a journal entry, who entered a sale, or who went into an inventory storeroom at a particular time. The use of identifying pass-codes enables the company to establish responsibility by identifying the particular employee who carried out the activity. It's your shift now. I'm turning in my cash drawer and heading home. Transfer of cash drawers ANATOMY OF A FRAUD Maureen Frugal was a training supervisor for claims processing at Colossal Health- care. As a standard part of the claims-processing training program, Maureen created fictitious claims for use by trainees. These fictitious claims were then sent to the accounts payable department. After the training claims had been processed, she was to notify Accounts Payable of all fictitious claims, so that they would not be paid. However, she did not inform Accounts Payable about every fictitious claim. She created some fictitious claims for entities that she controlled (that is, she would receive the payment), and she let Accounts Payable pay her. Fraud and Internal Control 359 Total take: $11 million THE MISSING CONTROL Establishment of responsibility. The healthcare company did not adequately restrict the responsibility for authorizing and approving claims transactions. The training supervisor should not have been authorized to create claims in the company's "live" system. Source: Adapted from Wells, Fraud Casebook (2007), pp. 61-70. SEGREGATION OF DUTIES Segregation of duties is indispensable in an internal control system. There are two common applications of this principle: 1. Different individuals should be responsible for related activities. 2. The responsibility for recordkeeping for an asset should be separate from the physical custody of that asset. The rationale for segregation of duties is this: The work of one employee should, without a duplication of effort, provide a reliable basis for evaluating the work of another employee. For example, the personnel that design and program computerized systems should not be assigned duties related to day-to- day use of the system. Otherwise, they could design the system to benefit them personally and conceal the fraud through day-to-day use. SEGREGATION OF RELATED ACTIVITIES Making one individual responsible for related activities increases the potential for errors and irregularities. Instead, companies should, for example, assign related purchasing activities to different individuals. Related purchasing activities include ordering merchandise, order approval, receiving goods, authorizing payment, and paying for goods or services. Various frauds are possible when one person handles related purchasing activities: If a purchasing agent is allowed to order goods without obtaining supervisory approval, the likelihood of the purchasing agent receiving kickbacks from suppliers increases. If an employee who orders goods also handles the invoice and receipt of the goods, as well as payment authorization, he or she might authorize payment for a fictitious invoice. These abuses are less likely to occur when companies divide the purchasing tasks. Similarly, companies should assign related sales activities to different individuals. Related selling activities include making a sale, shipping (or delivering) the goods to the customer, billing the customer, and receiving payment. Various frauds are possible when one person handles related sales activities: If a salesperson can make a sale without obtaining supervisory approval, he or she might make sales at unauthorized prices to increase sales commissions. A shipping clerk who also has access to accounting records could ship goods to himself. A billing clerk who handles billing and receipt could understate the amount billed for sales made to friends and relatives. These abuses are less likely to occur when companies divide the sales tasks. The salespeople make the sale, the shipping department ships the goods on the basis of the sales order, and the billing department prepares the sales invoice after comparing the sales order with the report of goods shipped. 360 8 Fraud, Internal Control, and Cash ANATOMY OF A FRAUD Accounting employee A Maintains cash balances per books Segregation of duties (Accountability for assets) Assistant cashier B Maintains custody of cash on hand Lawrence Fairbanks, the assistant vice-chancellor of communications at Aesop University, was allowed to make purchases of under $2,500 for his department without external approval. Unfortunately, he also sometimes bought items for himself, such as expensive antiques and other collectibles. How did he do it? He replaced the vendor invoices he received with fake vendor invoices that he created. The fake invoices had descriptions that were more consistent with the communications department's purchases. He submitted these fake invoices to the accounting department as the basis for their journal entries and to the accounts payable department as the basis for payment. Total take: $475,000 THE MISSING CONTROL Segregation of duties. The university had not properly segregated related purchasing activities. Lawrence was ordering items, receiving the items, and receiving the in- voice. By receiving the invoice, he had control over the documents that were used to account for the purchase and thus was able to substitute a fake invoice. Source: Adapted from Wells, Fraud Casebook (2007), pp. 3-15. SEGREGATION OF RECORDKEEPING FROM PHYSICAL CUSTODY The accountant should have neither physical custody of the asset nor access to it. Likewise, the custodian of the asset should not maintain or have access to the accounting records. The custodian of the asset is not likely to convert the asset to per- sonal use when one employee maintains the record of the asset, and a different employee has physical custody of the asset. The separation of accounting responsibility from the custody of assets is especially important for cash and inventories because these assets are very vulnerable to fraud. ANATOMY OF A FRAUD Angela Bauer was an accounts payable clerk for Aggasiz Construction Company. Angela prepared and issued checks to vendors and reconciled bank statements. She perpetrated fraud in this way: She wrote checks for costs that the company had not actually incurred (e.g., fake taxes). A supervisor then approved and signed the checks. Before issuing the check, though, Angela would "white-out" the payee line on the check and change it to personal accounts that she controlled. She was able to conceal the theft because she also reconciled the bank account. That is, nobody else ever saw that the checks had been altered. Total take: $570,000 THE MISSING CONTROL Segregation of duties. Aggasiz Construction Company did not properly segregate recordkeeping from physical custody. Angela had physical custody of the checks, which essentially was control of the cash. She also had recordkeeping responsibility because she prepared the bank reconciliation. Source: Adapted from Wells, Fraud Casebook (2007), pp. 100-107. DOCUMENTATION PROCEDURES Documents provide evidence that transactions and events have occurred. For example, Barriques' point-of-sale terminals are networked with the company's computing and accounting records, which results in direct documentation. Similarly, a shipping document indicates that the goods have been shipped, and a sales invoice indicates that the company has billed the customer for the goods. By requiring signatures (or initials) on the documents, the company can identify the individual(s) responsible for the transaction or event. Companies should document transactions when they occur. Companies should establish procedures for documents. First, whenever possible, companies should use prenumbered documents, and all documents should be accounted for. Prenumbering helps to prevent a transaction from being recorded more than once, or conversely, from not being recorded at all. Second, the control system should require that employees promptly forward source documents for accounting entries to the accounting department. This control measure helps to ensure timely recording of the transaction and contributes directly to the accuracy and reliability of the accounting records. Fraud and Internal Control 361 S Firm Name O L Attention of D T Address O Harding City Chelsea Video 125 Main Street Chelsea, IL 60915 Highpoint Electronic No. 0124 No. 0123 No. 0127 No. 0126 No. 0125 Susan Malone, Sales Representative 27 Circle Drive MI 48281 Date 5/8/17 Catalogue No. State Salesperson Malone Description Quantity Price Zip Amount Invoice No. 731 Invoice Date 5/4/17 Approv 300 ed Reid $300 A2547Z45 Production Model Circuits (Inoperative) 1 Prenumbered invoices ANATOMY OF A FRAUD To support their reimbursement requests for travel costs incurred, employees at Mod Fashions Corporation's design center were required to submit receipts. The receipts could include the detailed bill provided for a meal, the credit card receipt provided when the credit card payment is made, or a copy of the employee's monthly credit card bill that listed the item. A number of the designers who frequently traveled to- gether came up with a fraud scheme: They submitted claims for the same expenses. For example, if they had a meal together that cost $200, one person submitted the detailed meal bill, another submitted the credit card receipt, and a third submitted a monthly credit card bill showing the meal as a line item. Thus, all three received a $200 reimbursement. Total take: $75,000 THE MISSING CONTROL Documentation procedures. Mod Fashions should require the original, detailed receipt. It should not accept photocopies, and it should not accept credit card statements. In addition, documentation procedures could be further improved by requiring the use of a corporate credit card (rather than a personal credit card) for all business expenses. Source: Adapted from Wells, Fraud Casebook (2007), pp. 79-90. PHYSICAL CONTROLS The use of physical controls is essential. Physical controls relate to the safeguarding of assets and enhance the accuracy and reliability of the accounting records. Illustration 8-2 shows examples of these controls. Illustration 8-2 Physical controls Physical Controls Safes, Vaults, and safety deposit boxes for cash and business papers Locked warehouses and storage cabinets for inventories and records Computer facilities with pass key access or fingerprint or eyeball scans Alarms to prevent break-ins Television monitors and garment sensors to deter theft Time clocks for recording time worked 362 8 Fraud, Internal Control, and Cash ANATOMY OF A FRAUD At Centerstone Health, a large insurance company, the mailroom each day received insurance applications from prospective customers. Mailroom employees scanned the applications into electronic documents before the applications were processed. Once the applications were scanned, they could be accessed online by authorized employees. Insurance agents at Centerstone Health earn commissions based upon successful applications. The sales agent's name is listed on the application. However, roughly 15% of the applications are from customers who did not work with a sales agent. Two friendsAlex, an employee in recordkeeping, and Parviz, a sales agentthought up a way to perpetuate a fraud. Alex identified scanned applications that did not list a sales agent. After business hours, he entered the mailroom and found the hard-copy applications that did not show a sales agent. He wrote in Parviz's name as the sales agent and then rescanned the application for processing. Parviz received the commission, which the friends then split. Total take: $240,000 THE MISSING CONTROL Physical controls. Centerstone Health lacked two basic physical controls that could have prevented this fraud. First, the mailroom should have been locked during non-business hours, and access during business hours should have been tightly controlled. Second, the scanned applications supposedly could be accessed only by authorized employees using their passwords. However, the password for each employee was the same as the employee's user ID. Since employee user-ID numbers were available to all other employees, all employees knew all other employees' passwords. Unauthorized employees could access the scanned applications. Thus, Alex could enter the system using another employee's password and access the scanned applications. Source: Adapted from Wells, Fraud Casebook (2007), pp. 316-326. INDEPENDENT INTERNAL VERIFICATION Most internal control systems provide for independent internal verification. This principle involves the review of data prepared by employees. To obtain maximum benefit from independent internal verification: 1. Companies should verify records periodically or on a surprise basis. 2. An employee who is independent of the personnel responsible for the informa- tion should make the verification. 3. Discrepancies and exceptions should be reported to a management level that can take appropriate corrective action. Independent internal verification is especially useful in comparing recorded accountability with existing assets. The reconciliation of the electronic journal with the cash in the point-of-sale terminal at Barriques is an example of this internal control principle. Other common examples are the reconciliation of a company's cash balance per book with the cash balance per bank, and the verification of the perpetual inventory records through a count of physical inventory. Illustration 8-3 shows the relationship between this principle and the segregation of duties principle. ANATOMY OF A FRAUD Bobbi Jean Donnelly, the office manager for Mod Fashions Corporation's design cen- ter, was responsible for preparing the design center budget and reviewing expense re- ports submitted by design center employees. Her desire to upgrade her wardrobe got the better of her, and she enacted a fraud that involved filing expense reimbursement requests for her own personal clothing purchases. Bobbi Jean was able to conceal the fraud because she was responsible for reviewing all expense reports, including her Fraud and Internal Control 363 Segregation of Duties Illustration 8-3 Comparison of segregation of duties principle with independent internal verification principle Accounting Employee Maintains cash balances per books Assistant Cashier Maintains custody of cash on hand Independent Internal Verification Assistant Treasurer Makes monthly comparisons; reports any unreconcilable differences to treasurer own. In addition, she sometimes was given ultimate responsibility for signing off on the expense reports when her boss was "too busy." Also, because she controlled the budget, when she submitted her expenses, she coded them to budget items that she knew were running under budget, so that they would not catch anyone's attention. Total take: $275,000 THE MISSING CONTROL Independent internal verification. Bobbi Jean's boss should have verified her expense reports. When asked what he thought her expenses for a year were, the boss said about $10,000. At $115,000 per year, her actual expenses were more than 10 times what would have been expected. However, because he was "too busy" to verify her expense reports or to review the budget, he never noticed. Source: Adapted from Wells, Fraud Casebook (2007), pp. 79-90. Large companies often assign independent internal verification to internal auditors. Internal auditors are company employees who continuously evaluate the effectiveness of the company's internal control systems. They review the activities of departments and individuals to determine whether prescribed internal controls are being followed. They also recommend improvements when needed. For example, WorldCom was at one time the second largest U.S. telecommunications company. The fraud that caused its bankruptcy (the largest ever when it occurred) involved billions of dollars. It was uncovered by an internal auditor. HUMAN RESOURCE CONTROLS Human resource control activities include the following. 1. Bond employees who handle cash. Bonding involves obtaining insurance protection against theft by employees. It contributes to the safeguarding of cash in two ways. First, the insurance company carefully screens all individuals before adding them to the policy and may reject risky applicants. Second, bonded employees know that the insurance company will vigorously prosecute all offenders. 2. Rotate employees' duties and require employees to take vacations. These measures deter employees from attempting thefts since they will not be able to permanently conceal their improper actions. Many banks, for example, If I take a vacation they will know that I've been stealing. 364 8 Fraud, Internal Control, and Cash have discovered employee thefts when the employee was on vacation or assigned to a new position. 3. Conduct thorough background checks. Many believe that the most important and inexpensive measure any business can take to reduce employee theft and fraud is for the human resources department to conduct thorough background checks. Two tips: (1) Check to see whether job applicants actually graduated from the schools they list. (2) Never use telephone numbers for previous employers provided by the applicant. Always look them up yourself. ANATOMY OF A FRAUD Ellen Lowry was the desk manager and Josephine Rodriguez was the head of housekeeping at the Excelsior Inn, a luxury hotel. The two best friends were so dedicated to their jobs that they never took vacations, and they frequently filled in for other employees. In fact, Ms. Rodriguez, whose job as head of housekeeping did not in- clude cleaning rooms, often cleaned rooms herself, "just to help the staff keep up." These two "dedicated" employees, working as a team, found a way to earn a little more cash. Ellen, the desk manager, provided significant discounts to guests who paid with cash. She kept the cash and did not register the guest in the hotel's computerized system. Instead, she took the room out of circulation "due to routine maintenance." Because the room did not show up as being used, it did not receive a normal housekeeping assignment. Instead, Josephine, the head of housekeeping, cleaned the rooms during the guests' stay. Total take: $95,000 THE MISSING CONTROL Human resource controls. Ellen, the desk manager, had been fired by a previous employer after being accused of fraud. If the Excelsior Inn had conducted a thorough background check, it would not have hired her. The hotel fraud was detected when Ellen missed work for a few days due to illness. A system of mandatory vacations and rotating days off would have increased the chances of detecting the fraud before it became so large. Source: Adapted from Wells, Fraud Casebook (2007), pp. 145-155. Accounting Across the Organization SOX Boosts the Role of Human Resources Under SOX, a company needs to keep track of employees' degrees and certifications to ensure that employees continue to meet the specified requirements of a job. Also, to ensure proper employee supervision and proper separation of duties, companies must develop and monitor an organizational chart. When one corporation went through this exercise, it found that out of 17,000 employees, there were 400 people who did not report to anyone. The corporation also had 35 people who reported to each other. In addition, if an employee complains of an unfair firing and mentions financial issues at the company, HR should refer the case to the company audit committee and possibly to its legal counsel. Why would unsupervised employees or employees who report to each other represent potential internal control threats? (Go to WileyPLUS for this answer and additional questions.) Stockbyte/Getty Images, Inc. Limitations of Internal Control Companies generally design their systems of internal control to provide reasonable assurance of proper safeguarding of assets and reliability of the accounting records. The concept of reasonable assurance rests on the premise that the costs of establishing control procedures should not exceed their expected benefit. To illustrate, consider shoplifting losses in retail stores. Stores could eliminate such losses by having a security guard stop and search customers as they leave the store. But store managers have concluded that the negative effects of such a procedure cannot be justified. Instead, they have attempted to control shoplifting losses by less costly procedures. They post signs saying, "We reserve the right to inspect all packages" and "All shoplifters will be prosecuted." They use hidden cameras and store detectives to monitor customer activity, and they install sensor equipment at exits. The human element is an important factor in every system of internal control. A good system can become ineffective as a result of employee fatigue, carelessness, or indifference. For example, a receiving clerk may not bother to count goods received and may just "fudge" the counts. Occasionally, two or more individuals may work together to get around prescribed controls. Such collusion can significantly reduce the effectiveness of a system, eliminating the protection offered by segregation of duties. No system of internal control is perfect. The size of the business also may impose limitations on internal control. Small companies often find it difficult to segregate duties or to provide for independent internal verification. A study by the Association of Certified Fraud Examiners (Report to the Nation on Occupational Fraud and Abuse) indicates that businesses with fewer than 100 employees are most at risk for employee theft. In fact, 29% of frauds occurred at companies with fewer than 100 employees. The median loss at small companies was $154,000, which was close to the median fraud at companies with more than 10,000 employees ($160,000). A $154,000 loss can threaten the very existence of a small company. Helpful Hint Controls may vary with the risk level of the activity. For example, management may consider cash to be high risk and maintaining inventories in the stock- room as low risk. Thus, management would have stricter controls for cash. Fraud and Internal Control 365 DO IT! 1 Control Activities Identify which control activity is violated in each of the following situations, and explain how the situation creates an opportunity for a fraud. 1. The person with primary responsibility for reconciling the bank account and making all bank deposits is also the company's accountant. 2. Wellstone Company's treasurer received an award for distinguished service because he had not taken a vacation in 30 years. 3. In order to save money spent on order slips and to reduce time spent keeping track of order slips, a local bar/restaurant does not buy prenumbered order slips. Solution Action Plan Familiarize yourself with each of the control activities summarized on page 358. Understand the nature of the frauds that each control activity is intended to address. 1. Violates the control activity of segregation of duties. Recordkeeping should be separate from physical custody. As a consequence, the employee could embezzle cash and make journal entries to hide the theft. 2. Violates the control activity of human resource controls. Key employees must take vacations. Otherwise, the treasurer, who manages the company's cash, might embezzle cash and use his position to conceal the theft. 3. Violates the control activity of documentation procedures. If prenumbered documents are not used, then it is virtually impossible to account for the documents. As a consequence, an employee could write up a dinner sale, receive the cash from the customer, and then throw away the order slip and keep the cash. Related exercise material: BE8-1, BE8-2, BE8-3, BE8-4, E8-1, and DO IT! 8-1. 366 8 Fraud, Internal Control, and Cash LEARNING OBJECTIVE 2 Apply internal control principles to cash. Cash is the one asset that is readily convertible into any other type of asset. It also is easily concealed and transported, and is highly desired. Because of these characteristics, cash is the asset most susceptible to fraudulent activities. In addi- tion, because of the large volume of cash transactions, numerous errors may occur in executing and recording them. To safeguard cash and to ensure the accuracy of the accounting records for cash, effective internal control over cash is critical. Cash Receipts Controls Illustration 8-4 shows how the internal control principles explained earlier apply to cash receipts transactions. As you might expect, companies vary considerably in how they apply these principles. To illustrate internal control over cash receipts, we will examine control activities for a retail store with both over-the-counter and mail receipts. Illustration 8-4 Application of internal control principles to cash receipts S Firm Name O L Attention of D T Address O City Date 5/8/17 Catalogue No. State Invoice No. 731 Invoice Date 5/4/17 z Reid Amount Beyer Video 125 Main Street Chelsea, IL 60915 No. 0124 No. 0123 No. 0125 Zip Salesperson Malone Description Quantity Price Establishment of Responsibility Only designated personnel are authorized to handle cash receipts (cashiers) Physical Controls Store cash in safes and bank vaults; limit access to storage areas; use cash registers Cash Receipts Controls Segregation of Duties Different individuals receive cash, record cash receipts, and hold the cash Independent Internal Verification Supervisors count cash receipts daily; assistant treasurer compares total receipts to bank deposits daily Documentation Procedures Use remittance advice (mail receipts), cash register tapes or computer records, and deposit slips Human Resource Controls Bond personnel who handle cash; require employees to take vacations; conduct background checks OVER-THE-COUNTER RECEIPTS In retail businesses, control of over-the-counter receipts centers on cash registers that are visible to customers. A cash sale is entered in a cash register (or point-of- sale terminal), with the amount clearly visible to the customer. This activity prevents the sales clerk from entering a lower amount and pocketing the difference. The customer receives an itemized cash register receipt slip and is expected to count the change received. (One weakness at Barriques in the Feature Story is that customers are only given a receipt if requested.) The cash register's tape is locked in the register until a supervisor removes it. This tape accumulates the daily transactions and totals. At the end of the clerk's shift, the clerk counts the cash and sends the cash and the count to the cashier. The cashier counts the cash, prepares a deposit slip, and deposits the cash at the bank. The cashier also sends a duplicate of the deposit slip to the accounting department to indicate cash received. The supervisor removes the cash register tape and sends it to the accounting department as the basis for a journal entry to record the cash received. (For point-of-sale systems, the accounting department receives information on daily transactions and totals through the computer network.) Illustration 8-5 summarizes this process. Supervisor Removes locked cash register tape Sends cash register tape to accounting dept. Accounting Department Agrees register tape to deposit slip and records journal entry Sends deposit slip copy to accounting dept. Cash Controls 367 Clerk Enters sales, counts cash Sends cash and count to cashier Cashier Counts cash, prepares deposit slips Illustration 8-5 Control of over-the-counter receipts Helpful Hint Flowcharts such as this one enhance the understanding of the flow of documents, the processing steps, and the internal control procedures. Sends cash and deposit slip to bank This system for handling cash receipts uses an important internal control principlesegregation of recordkeeping from physical custody. The supervisor has access to the cash register tape but not to the cash. The clerk and the cashier have access to the cash but not to the register tape. In addition, the cash register tape provides documentation and enables independent internal verification. Use of these three principles of internal control (segregation of recordkeeping from physical custody, documentation, and independent internal verification) provides an effective system of internal control. Any attempt at fraudulent activity should be detected unless there is collusion among the employees. In some instances, the amount deposited at the bank will not agree with the cash recorded in the accounting records based on the cash register tape. These differences often result because the clerk hands incorrect change back to the retail customer. In this case, the difference between the actual cash and the amount reported on the cash register tape is reported in a Cash Over and Short BANK 368 8 Fraud, Internal Control, and Cash A 5 L 1 OE 210.10 16,956.20 Cash Over and Short Sales Revenue (To record cash shortfall) 10.10 account. For example, suppose that the cash register tape indicated sales of $6,956.20 but the amount of cash was only $6,946.10. A cash shortfall of $10.10 exists. To account for this cash shortfall and related cash, the company makes the following entry. 16,946.10Cash 6,946.10 6,956.20 Cash Flows 16,946.10 Cash Over and Short is an income statement item. It is reported as a miscellaneous expense when there is a cash shortfall, and as miscellaneous revenue when there is an overage. Clearly, the amount should be small. Any material amounts in this account should be investigated. MAIL RECEIPTS All mail receipts should be opened in the presence of at least two mail clerks. These receipts are generally in the form of checks. A mail clerk should endorse each check "For Deposit Only." This restrictive endorsement reduces the likelihood that someone could divert the check to personal use. Banks will not give an individual cash when presented with a check that has this type of endorsement. The mail clerks prepare, in triplicate, a list of the checks received each day. This list shows the name of the check issuer, the purpose of the payment, and the amount of the check. Each mail clerk signs the list to establish responsibility for the data. The original copy of the list, along with the checks, is then sent to the cashier's department. A copy of the list is sent to the accounting department for recording in the accounting records. The clerks also keep a copy. This process provides an excellent internal control for the company. By employing two clerks, the chance of fraud is reduced. Each clerk knows he or she is being observed by the other clerk(s). To engage in fraud, they would have to collude. The customers who submit payments also provide control because they will contact the company with a complaint if they are not properly credited for the payment. Because the cashier has access to cash but not the records, and the accounting department has access to records but not cash, neither can engage in undetected fraud. DO IT! 2a Control over Cash Receipts Action Plan Differentiate among the internal control principles of (1) establishing responsibility, (2) using physical controls, and (3) independent internal verification. Design an effective system of internal control over cash receipts. L. R. Cortez is concerned about the control over cash receipts in his fast-food restaurant, Big Cheese. The restaurant has two cash registers. At no time do more than two employees take customer orders and enter sales. Work shifts for employees range from 4 to 8 hours. Cortez asks your help in installing a good system of internal control over cash receipts. Solution Related exercise material: BE8-5, BE8-6, BE8-7, E8-2, and DO IT! 8-2a. Cortez should assign a separate cash register drawer to each employee at the start of each work shift, with register totals set at zero. Each employee should have access to only the assigned register drawer to enter all sales. Each customer should be given a receipt. At the end of the shift, the employee should

do

cash count. A separate employee should compare the cash count with the register tape to be sure they agree. In addition, Cortez should install an automated system that would enable the company to compare orders entered in the register to orders processed by the kitchen. Cash Disbursements Controls Companies disburse cash for a variety of reasons, such as to pay expenses and liabilities or to purchase assets. Generally, internal control over cash disbursements is more effective when companies pay by check or electronic funds transfer (EFT) rather than by cash. One exception is payments for incidental amounts that are paid out of petty cash.2 Companies generally issue checks only after following specified control pro- cedures. Illustration 8-6 shows how principles of internal control apply to cash disbursements. VOUCHER SYSTEM CONTROLS Most medium and large companies use vouchers as part of their internal control over cash disbursements. A voucher system is a network of approvals by authorized individuals, acting independently, to ensure that all disbursements by check are proper. The system begins with the authorization to incur a cost or expense. It ends with the issuance of a check for the liability incurred. A voucher is an authorization form prepared for each expenditure. Companies require vouchers for all types of cash disbursements except those from petty cash. Illustration 8-6 Application of internal control principles to cash disbursements Cash Controls 369 Payments Due TREASURER Establishment of Responsibility Only designated personnel are authorized to sign checks (treasurer) and approve vendors Cash Disbursements Controls Segregation of Duties Different individuals approve and make payments; check- signers do not record disbursements Documentation Procedures Use prenumbered checks and account for them in sequence; each check must have an approved invoice; require employees to use corporate credit cards for reimbursable expenses; stamp invoices "paid" Human Resource Controls Bond personnel who handle cash; require employees to take vacations; conduct background checks Physical Controls Store blank checks in safes, with limited access; print check amounts by machine in indelible ink Independent Internal Verification Compare checks to invoices; reconcile bank statement monthly 2We explain the operation of a petty cash fund on pages 370-372. 370 8 Fraud, Internal Control, and Cash A 5 L 1 OE 1100 2100 Cash Flows no effect Mar. 1 Petty Cash Cash (To establish a petty cash fund) 100 100 The starting point in preparing a voucher is to fill in the appropriate informa- tion about the liability on the face of the voucher. The vendor's invoice provides most of the needed information. Then, an employee in accounts payable records the voucher (in a journal called a voucher register) and files it according to the date on which it is to be paid. The company issues and sends a check on that date, and stamps the voucher "paid." The paid voucher is sent to the accounting department for recording (in a journal called the check register). A voucher system involves two journal entries, one to record the liability when the voucher is issued and a second to pay the liability that relates to the voucher. The use of a voucher system, whether done manually or electronically, improves internal control over cash disbursements. First, the authorization pro- cess inherent in a voucher system establishes responsibility. Each individual has responsibility to review the underlying documentation to ensure that it is correct. In addition, the voucher system keeps track of the documents that back up each transaction. By keeping these documents in one place, a supervisor can independently verify the authenticity of each transaction. Consider, for example, the case of Aesop University presented on page 360. Aesop did not use a voucher system for transactions under $2,500. As a consequence, there was no independent verification of the documents, which enabled the employee to submit fake invoices to hide his unauthorized purchases