Accounts Payable Confirmation Response Fraud



Similar documents
Hudson Insurance Company 100 William Street, New York, NY 10038

Fraud Control Theory

INVESTMENT COMPANY BOND APPLICATION

LAKE COUNTY BOARD OF DD/DEEPWOOD BOARD POLICY I. SUBJECT: FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTION

Avoiding Medicaid Fraud. Odyssey House of Utah Questions? Contact your Program Director or Emily Capito, Director of Operations

Berkley Insurance Company

NON-PROFIT DIRECTORS AND OFFICERS LIABILITY INSURANCE THIS IS AN APPLICATION FOR A CLAIMS MADE POLICY PLEASE READ YOUR POLICY CAREFULLY

C O N F I D E N T I A L A N D P R O P R I E T A R Y. Page 1 of 7 Title: FRAUD, WASTE, AND ABUSE POLICY

v. : Criminal Number: IRINA ZELIKSON : Title 18, United States Code, Sections 1349 and 982(a)(7) I N F O R M A T I O N

CALIFORNIA FALSE CLAIMS ACT GOVERNMENT CODE SECTION

Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT

AIG CORPORATE IDENTITY PROTECTION

UNDERWRITTEN IN FEDERAL INSURANCE COMPANY OR VIGILANT INSURANCE COMPANY A. GENERAL INFORMATION

Coffee Regional Medical Center FALSE CLAIMS EDUCATION

ERRORS & OMISSIONS INSURANCE APPLICATION

Broward County False Claims Ordinance. (a) This article shall be known and may be cited as the Broward County False Claims Ordinance.

Web Site Hosting Service Agreement

OSF HEALTHCARE FALSE CLAIMS PREVENTION AND WHISTLEBLOWER PROTECTIONS

APPLICATION FOR EMPLOYEE BENEFIT PLAN FIDUCIARY INSURANCE

Compliance with False Claims Act

Title: Preventing and Reporting Fraud, Waste and Abuse in Federal Health Care Programs. Area Manual: Corporate Compliance Page: Page 1 of 10

AN ACT IN THE COUNCIL OF THE DISTRICT OF COLUMBIA

ERRORS & OMISSIONS INSURANCE APPLICATION

APPLICATION FOR A FINANCIAL INSTITUTION BOND, STANDARD FORM NO. 25 FOR INSURANCE COMPANIES

How To Report Fraud At Care1St

BY COMPLETING THIS NEW BUSINESS APPLICATION YOU ARE APPLYING FOR COVERAGE WITH FEDERAL INSURANCE COMPANY OR VIGILANT INSURANCE COMPANY (THE COMPANY )

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY. v. : Criminal No. 08- I N F O R M A T I O N

AFFIDAVIT OF JOHN P. KELLEHER. John P. Kelleher, being duly sworn upon oath, deposes and says:

Louisiana State Bar Association Rules of Professional Conduct Committee

POST MORTEM SERVICES Supplemental Application

Leonard W. Vona, CPA, CFE

APPLICATION FOR EMPLOYED LAWYERS PROFESSIONAL LIABILITY INSURANCE

Asterias Biotherapeutics, Inc. Code Of Business Conduct And Ethics. March 10, 2013

HP0868, LD 1187, item 1, 123rd Maine State Legislature An Act To Recoup Health Care Funds through the Maine False Claims Act

BORIS SOKHA : Title 18, United States Code, Section 371 and Title 26, United States Code, Section 7201 I N F O R M A T I O N

An Introduction to Identity Theft. Letbighelptoday.com. Your Free Copy

ACE Advantage. Employed Lawyers Professional Liability Application

CHAPTER 17 CREDIT AND COLLECTION

Preventing Liability for Foreign Products A PLP Primer By Kenneth Ross

Four Advantages an Online International Payments Platform Gives Your Business

Admiral Insurance Company

ARCH CANOPY POLICY FOR NONPROFIT ORGANIZATIONS SM APPLICATION

TITLE: Fraud Prevention and Detection Program IDENTIFIER: S-FW-LD-1008 APPROVED: Executive Cabinet (Pending)

Property Managers Errors & Omissions and Commercial Crime Application

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT : : : : : : : : INFORMATION GENERAL ALLEGATIONS

Case 3:08-cv JAP-JJH Document 1 Filed 02/20/2008 Page 1 of 13 UNITED STATES DISTRICT COURT DISTRICT OF NEW JERSEY ) ) ) ) ) ) ) ) ) ) ) ) ) )

Referral Agency and Packaging Agency Agreement

6. Does Applicant encrypt all sensitive and Personally Identifiable Information? Yes No If yes, give details:

Travelers 1 st Choice ACCOUNTANTS PROFESSIONAL LIABILITY COVERAGE SMALL ACCOUNTING FIRM APPLICATION

APPLICATION FOR DIRECTORS AND OFFICERS LIABILITY INSURANCE POLICY INCLUDING EMPLOYMENT PRACTICES LIABILITY COVERAGE

INSTRUCTIONS FOR COMPLETING THIS APPLICATION

MISCELLANEOUS PROFESSIONAL LIABILITY INSURANCE

TECHNOLOGY E&O APPLICATION FORM

Last Approval Date: May Page 1 of 12 I. PURPOSE

APPLICATION FOR A FINANCIAL INSTITUTION BOND, STANDARD FORM NO. 15 FOR MORTGAGE BANKERS AND FINANCE COMPANIES

Web Hosting Agreement

SAMPLE RETURN POLICY

Online Banking Agreement and Disclosures

BILL OF SALE (AUTOMOBILE), PROMISSORY NOTE (AUTOMOBILE) & GUIDES

FORM 14 BROKER-DEALER FIDELITY BOND

POLICY ON THE FALSE CLAIMS ACTS

Colorado West HealthCare System Grand Junction, CO

Automating the Audit July 2010

Prevention of Fraud, Waste and Abuse

RENEWAL Application for Business and Management (BAM) Indemnity Insurance

WEB HOSTING AGREEMENT

LAWYERS PROFESSIONAL LIABILITY INSURANCE APPLICATION

Marketing Services Subscription Agreement

THE HARTFORD DIRECTORS, OFFICERS AND ENTITY LIABILITY INSURANCE APPLICATION (FINANCIAL INSTITUTIONS/FINANCIAL SERVICES) NEW YORK

The Rosenthal Fair Debt Collection Practices Act California Civil Code 1788 et seq.

BASIS OF ACCOUNTING WHICH ONE SHOULD YOU USE?

Your Responsibilities as a Director of a Company. Serious about Success

EXECUTIVE SUMMARY Compliance Program and False Claims Recovery

Transcription:

Accounts Payable Confirmation Your company could be at risk and not even know it. By Brian Fox, CPA and Clark Hudgins This guide is brought to you by CPA2Biz through its Trusted Business Advisor SM Solutions Program in partnership with Confirmation.com. www.cpa2biz.com/confirmation

Motivation to Participate in Fraud... 3 Historically, Who Participates in a Confirmation?... 3 The SEC s Role... 3 Simply Centralizing the Response Won t Work... 4 Errors, the Irrational Fear... 4 Fraud, the Rational Fear... 5 Solution... 5 SARBOX 404 Adherence... 6 About the Authors... 6 This guide has not been approved, disapproved or otherwise acted upon by any senior technical committees of, and does not represent an official position of, the American Institute of Certified Public Accountants or CPA2Biz. It is distributed with the understanding that the contributing authors and editors, and the publisher, are not rendering legal, accounting, or other professional services in this guide. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The information contained in this guide is for informational purposes only. The information and views expressed are those of the people who contributed to the creation of this document, or were interviewed and surveyed, and not the publisher. The information provided in the guide will not be kept up-to-date after the date of publication and neither the AICPA nor CPA2Biz makes any representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability or suitability of the information contained herein. Any reliance you place on this information is strictly at your own risk. In no event, will either the AICPA or CPA2Biz be held liable for any loss or damage including without limitation, indirect or consequential loss or damage or any damage whatsoever arising out of the use of the information contained in this guide. 2

Being involved in a confirmation fraud will cost your company, and the cost will be time and resources to defend your company and its name in a court of law and in the court of public opinion. Recently, several articles have been written warning companies about the risks of falsely responding to an auditor s confirmation of your payable. The frauds at Ahold, Kmart and Just for Feet are just some of the examples cited wherein employees at each of these three companies persuaded employees at other companies to respond falsely to the auditors confirmation requests. Motivation to Participate in Fraud Why, you may ask, would an employee falsely respond to an audit confirmation request? The answer is probably best answered by reviewing the research collected over the years by the Association of Certified Fraud Examiners (ACFE), but here are a few reasons. To start, there is normally an external pressure that leads someone to the point where they will become involved in a fraud. In the confirmation response fraud cases the authors of this article have reviewed, there has often been a financial incentive. There has been an outright payment but there has also been the threat of losing a large business account or even one s job. Take for example the Kmart confirmation response fraud. Kmart convinced employees (all sales and relationship managers) from at least four Fortune 1,000 companies to respond falsely to the auditor s confirmation request. The key fraudsters from within Kmart threatened the outside relationship managers with the loss of the Kmart account if the relationship managers did not participate in the fraud. In two cases, Kmart employees threatened to transfer its business to a customer s arch rival if the responding party chose not to participate in the confirmation fraud. Historically, Who Participates in a Confirmation? The primary individuals participating in the confirmation fraud from responding companies have been employees in the sales and marketing areas, or other key relationship managers. The SEC s Role Companies continue to see the SEC filing charges against the third-parties who participated in deceiving the auditors with false confirmation responses, and point out the SEC s ability to pursue these participants under Rule 13b2-2. Rule 13b2-2 gives the SEC the authority to pursue anyone doing business with a public company who knowingly or should have known that the information provided to the public auditors would be misleading or false. The SEC s trend in going after co-conspirators in a confirmation fraud is likely to continue. U.S. Attorney Alice H. Martin has been outspoken on this point, Audit confirmation letters are sent by independent auditing firms in order to validate information which a corporate client is supplying. The intentional falsification of such letters undermines the auditor effort, and helps to perpetrate fraud on investors. Once again in this investigation (Just for Feet) we see a vendor more concerned about maintaining a corporate account than being accountable to corporate investors with truthful audit confirmation statements. This type of complicity in a criminal conspiracy to defraud investors will meet with prosecution. 3

In an attempt to control who has the ability to respond to confirmation requests, industry experts and law firms are advising companies to route the confirmations they receive to the accounts payable department, not through sales and marketing, so that the responding company can be certain that the information provided to the auditors is accurate. This is a good step forward, but the pivotal question remains, how do you effectively accomplish this task? Simply Centralizing the Response Won t Work It seems obvious that a simple solution is to internally communicate a corporate policy to all employees that all auditors confirmation requests are to be internally forwarded to the central response center, normally the accounts payable department since that is where the knowledge resides regarding the outstanding balances on accounts. While this is the correct department to respond, channeling the confirmation requests alone will not solve the problem. When auditors send confirmations, they have traditionally asked the audit client to provide the name and address for where to send the confirmation. Audit clients normally provide the name of their relationship manager to their auditor. An employee at your company who is conspiring with the audited company to commit fraud will not simply forward the confirmation request to the accounts payable department for response. Your employee, this coconspirator, will instead sign the name of one of the people from your accounts payable department and send the fraudulent confirmation back to the public auditor themselves. Instead of properly filing their fraudulent response, they will shred, then burn, and throw away their copy of the response in an effort to hide their involvement, but leaving your company on the hook for the intentional false response. While a central response center is a must, controlling how and to whom an auditor sends the confirmation is the key. Tools like Confirmation.com, discussed below, allow you to control where the request goes, so it doesn t fall into the hands of a co-conspirator. Errors, the Irrational Fear Unfortunately, a few authors and lawyers give stern warnings that you should consider a No Response policy to audit confirmations for fear that an error will result in your legal liability for misleading a public auditor. This fear, however, is tenuous. Here is why. When an auditor receives a confirmation response, the response is not simply taken at face value and booked to the audited company s financial statements. Instead, auditors compare the invoices and statements that were provided by the audited company to the confirmation response. The two documents must match before the auditor considers the confirmation response valid. If the invoice provided by the audit client and the confirmation response provided by your company do not match, then the auditor will contact your company to ascertain why there is a difference. (Note: Because of the frequency of inaccurate responses, auditors are accustomed to receiving confirmation responses that do not match the statement they have been given by the audited company.) The difference could be a difference in the timing of booked entries, an unapplied credit or may simply be a mistake. Regardless of the cause, the auditor determines the correct number and moves on with the audit. If the audited company is trying to cover up fraudulent activity, they are not going to lie to their auditors about what your company owes them unless they have someone within your company who will corroborate the fraudulent number they provided to the auditor. The only way for an error to conceal a fraud would be for the audited company to book a fraudulent receivable from your company on their books and then hope that the person in the accounts payable department not only accidentally makes a mistake on the response, but also somehow guesses the exact fraudulent number booked on the other side. Because this scenario is so improbable and practically impossible, as you consider your company s confirmation response policy you should have no fear over the error, but should be very concerned about an employee who may respond intentionally false because that is where your real liability exists. 4

Fraud, the Rational Fear Though it may seem counterintuitive, confirmation fraud occurs when the auditor compares the invoice provided by the audited company to the confirmation response provided by your company and the two numbers match because unknown to the auditor, the number on both the invoice and the confirmation response is fraudulent. Auditors are thrilled when numbers agree when numbers tie-out and this is where the fraudsters take advantage of the audit confirmation process. If the invoice and the confirmation response match why would an auditor call your accounts payable department? The answer is that the auditor sees no need to follow-up so they don t call. The auditor only calls when the numbers do not match. That is why it is more important for your company to fear the rogue employee who intentionally responds falsely and why you should not be concerned about an accidental error in the confirmation response. Solution What your company should consider is a confirmation response solution that provides you: 1. Process Control over how and to whom the auditors send confirmation requests. 2. Centralized Response Center which is usually the accounts payable department. 3. Automatic Signature of the employee who responds to the confirmation, eliminating the ability for a rogue employee to sign the name of someone else on the confirmation response. 4. Review Storage that allows you to review all the responses sent out by your company. This feature along with the Automatic Signature feature serve as a deterrent to an employee who even considers falsely responding because they know the false response will be tracked back to them. 5. Response Control that ensures your confirmation response is sent back to the public auditor and not the audited client. One company, Confirmation.com created and patented the solution that adheres to these criteria, and it is the #1 choice of Fortune 1,000 companies to control their confirmation responses. Today, with new auditing standards expanding the requirements of audit confirmations, more than 8,000 accounting firms and 35,000 auditors use Confirmation.com to send and manage their audit confirmation requests more efficiently. Since the service is delivered over the Internet, there is no hardware to buy or software to install. The only thing you need is an Internet connection. Best of all, as this is a service for accounting firms, there is no cost for responding companies to use Confirmation.com, and setup, training and customer support are all provided free of charge, as well. Confirmation.com is simple to use and easier to manage than paper. Users say they save five minutes per confirmation, and that compared to handling paper inquiries, Confirmation.com is more efficient, and less complicated. To begin using Confirmation.com, simply go to Confirmation.com and complete the New User registration form. It takes only five minutes to sign up! 5

SARBOX 404 Adherence An electronic confirmation response solution like Confirmation.com is truly the only way your company can control who responds to auditor confirmation requests on behalf of your company. All other methods allow for a co-conspirator within your company to respond, thereby negating any internal control efforts you have put in place. The authors of this paper encourage you to consider where and how confirmation response fraud can occur within your company, and then to select a solution provider that allows you to internally control how confirmations come to your company and also control who responds to audit confirmations from your company. About the Authors Brian Fox, CPA & Associate Member of the Association of Certified Fraud Examiners, is the founder of Confirmation.com. Prior to Confirmation.com, Brian worked for Ernst & Young LLP and PriceWaterhouseCoopers LLP. He received an MBA from Vanderbilt s Owen Graduate School of Management and a BBA in Accounting from SMU s Cox School of Business. Brian is a member of the AICPA and The Tennessee Society of CPA s where he sits on the Accounting and Auditing Symposium Committee for Society. Brian has been named three times to the list of Top 40 CPA s under Forty and has authored numerous articles on fraud with articles and quotes in The CPA Journal, New York Times, The CPA Technology Advisor, AP Matters, The Auditor s Report, The International Herald Tribune and many other professional publications. He also teaches continuing professional education classes on detecting financial fraud and is often a guest lecturer at professional conferences and business schools. Clark Hudgins, Vice President of Capital Confirmation, Inc., has worked with hundreds of companies, large and small, to assess their current confirmation process to help promote efficiencies and reduce the opportunities for confirmation fraud. Clark also works with Fortune 1,000 companies to address their current confirmation response policies to identify potential improvements and ensure they are taking the right steps to prevent being associated with a fraud perpetrated by one of their vendors or customers. Clark is a guest speaker at professional conferences, and a member of the International Accounts Payable Professionals (IAPP). 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information