Print


A War Story: Controller Defalcation

By Ron Klein

Sterling Strip Malls (SSM), a commercial real estate development company in Florida, engaged the accounting firm of Oldham, Hughes & Booker (OHB) to perform review services in order for Sterling to qualify for construction bonds.

OHB provided SSM with an engagement letter stipulating that the review: 1) would not contemplate obtaining an understanding of internal control or assessing control risk; 2) could not be relied on to disclose any errors, irregularities, or illegal acts, including fraud or defalcations, that may exist; and 3) would include a report that would state in part: “All information included in these financial statements is the representation of the management of Sterling Strip Malls.”

The terms of the letter were discussed with the owner of SSM, Robert Sterling, and a notation was made in OHB’s file that Sterling understood the terms, although he never signed the engagement letter. Sterling and his controller, Paul Peterson, did sign a management representation letter, indicating that SSM’s financial information was accurate and in conformance with GAAP.

Sterling had absolute trust in Peterson and gave the controller complete control over all aspects of the financial records, including accounts receivable, accounts payable, making bank deposits, processing payroll, signing checks and reconciling bank records.

Unknown to Sterling and OHB, Peterson had been engaged in a complex embezzlement scheme in which he posted payments for payroll taxes but never actually made the payments. He instead diverted the funds to another account from which he wrote checks to pay for personal expenses. At one point during the review, bank account reconciliation items totaling about $150,000 came to the attention of the OHB accountant, who questioned the controller about the items and received assurances from Peterson that the items were due to legitimate delays in deposits being posted.

After OHB had completed reviews of SSM financial statements for three years, Peterson suddenly disappeared. Albert Woods, a CPA and business planning consultant to Sterling, was hired by Sterling to step in as controller. Woods then discovered the failure of SSM to pay its payroll taxes, as well as the embezzlement by Peterson. The amount embezzled totaled about $100,000, but the failure to pay payroll taxes resulted in penalties and interest totaling about $250,000, a liability that caused SSM to lose its credit and to declare bankruptcy.

Sterling then sued OHB for negligent representations in the SSM financial statements. A summary of the alleged damages in the suit included the value of Sterling’s business, about $1 million, plus approximately $400,000 of Sterling’s personal funds invested in an attempt to save his company. Added to the $100,000 embezzled and the $250,000 in penalties and interest, total alleged damages came to $1.75 million.

When the jury deliberated on the issues, it focused on the bank reconciliation items of $150,000. Jurors acknowledged that the CPA’s inquiry was correct in going to the controller, who was the embezzler, but they were dissatisfied with the “vague” answer that the controller provided about delays in deposits. The jury decided that the CPA should have performed additional procedures to “achieve limited assurance” that there were no material modifications to the statements.

The jury ultimately assigned 20 percent of the responsibility to Peterson (the embezzler), 18 percent to Sterling (the owner), and 62 percent to OHB (the CPA firm).

The jury determined that 95 percent of the alleged damages were to be awarded ($1.66 million), resulting in an award of $1.03 million against the accounting firm, and $332,000 against the embezzler, who was long gone.

Loss Prevention Tips

The public generally expects CPAs to uncover fraud, regardless of the services being rendered, to police the financial reporting of their clients, and to make sure that their clients are honest and law-abiding. CPAs need to develop a “nose for fraud” in all engagements.

Engagements as basic as bank reconciliations present significant liability exposure to CPAs if the scope and limits of the engagement are not understood by the client. Client communications can also include advisories that apprise clients of the risks to which they may be exposed. A “mini–internal control letter” can include wording such as:

“Internal controls are deterrents to fraud. Small businesses often have a single employee responsible for all cash-related functions: receiving and disbursing funds, signing checks, and reconciling bank accounts. In such cases, cash frauds are easy to commit. The following minimum procedures are recommended for your business:

  • Do not allow the same employee to keep books, collect funds, write checks, and reconcile the bank account.
  • Have the monthly bank statement delivered unopened to you; review the statement and the uncancelled checks for unfamiliar payees and unusual transactions such as declining deposits.
  • Conduct background checks on all employees who handle your finances.
  • Consider an annual independent inspection of the cash accounts and bank statements by an anti-fraud specialist. (We would be pleased to provide this service).”

Fraudsters generally test the waters to see if their thefts are detected. If not, they will keep stealing for as long as they believe they can get away with it. The median length of occupational fraud (from inception to detection) is about 18 months.

Ron Klein, J.D., CFE, is vice president of claims with Camico. Recipient of the 2002 Award for Outstanding Conference Speaker from the Education Foundation of the California Society of CPAs, Klein co-authored the CPA’s Guide to Loss Prevention Practices and CPA’s Guide to Effective Engagement Letters.
Editor’s Note: “War Stories,” drawn from Camico claims files, illustrate some of the dangers and pitfalls in the accounting profession. All names have been changed.

Close