2(2) Analyze the flow chart or data flow diagram and identify control strengths and weaknesses in the system?Strengths:The personnel at West Region, is limited to edit the subscriber tracking system, which limits its staff members to disarray important information.Reviewing by Sally and investigating the variance benefit the companies to monitor their records.Cancelled checks are typically separated from the bank statement and placed in the general accounting storage vault.
3(2) Analyze the flow chart or data flow diagram and identify control strengths and weaknesses in the system?Weaknesses:Tom Swindler prepared request for payment adjustment when written termination request letter were received directly from the subscriber. In this case, there is no checks and balances.secondly, the system is not updated on a daily bases, therefore the information in the system is not current. What if a subscriber called and cancelled over the telephone, as well as sent in a letter. Is there account reconciliation involved?Sally lack of review with the information online may have chances of not catching and error or fraud committed by Tom.The records are updated every month. The information may be misleading if the numbers are used from their current system.
4(3) In your opinion, is the overall control system in place for manual disbursements at the region effective? Describe any preliminary recommendations to improve that you would suggest?*The overall control system in place was not effective. Accounts payable is one of the area where fraud is likely. Processing manual checks could me infact expensive (increase in transaction costs). Most vendors allow a certain time period to pay the remaining balances. Vendor runs could be scheduled every week by the central office to avoid errors and frauds. Signed checks should not be assigned to receptionist, but to a storage custodian.As a general rule, two (2) signatures should be used to release checks from the operating and money market accounts. All other accounts require two signatures when the check exceeds $1, Checks generated by the company must have the signature of the Executive Director.Prior to disbursing a check, the office administrator/manager or program director should review the program budget to insure sufficient funds remaining in the budget to cover the refunds or other operational expense.Checks should be pre numbered, and any missing check should be researched.Manual checks should be rare. Check request should be submitted in a timely fashion and should coincide with the stated “payables” schedule. The subscribers should be refunded electronically to maintain an audit trail.
5(1) Determine the risk factors relating to misstatements in financial statements arising from the misappropriation of assets as suggested in SAS No. 82 (replaced by 99).Auditors have always had certain responsibilities for detecting material misstatements caused by fraud. SAS 99 does not change that basic auditor responsibility, but imposes specific requirements on the audit process.During the planning and performance of your audit, you may identify information that may indicate the presence of one of the three conditions of the fraud triangle (incentive/pressure, opportunity, and attitude/rationalization). These conditions or events are referred to as fraud risk factors.Fraud risk factors do not necessarily indicate the existence of fraud; however, they often have been present in circumstances where fraud exists.
6Incentives/Pressures Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets.Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets.
7OpportunitiesCertain characteristics or circumstances may increase the susceptibility of assets to misappropriation.Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets
8Attitudes/Rationalizations Risk factors reflective of employee attitudes/rationalizations that allow them to justify misappropriations of assets are generally not susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from misappropriation of assets.
9(2) Evaluate the risk factors in relation to the control system existing at Dentistar. If Sheila has identified risks of material misstatement related to the misappropriation of assets, the scope of testing must be linked to the specific information and the specific account or class of transactions. Where certain assets are highly vulnerable to defalcation in material amounts, she must obtain an understanding of relevant prevention and detection controls and test their effectiveness.
10(2)What, if any, factors or controls mitigate the risks you have identified? The risk of fraud can be reduced through a combination of prevention, deterrence and detection measures. However, fraud often is difficult to detect because it often involves concealment through falsification of documents or collusion. Therefore, it is important to place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals that they should not commit fraud because of the likelihood of detection and punishment.
11(2)What, if any, factors or controls mitigate the risks you have identified? Anti-fraud programs and controls, as discussed in the SAS 99 Exhibit, include the following key elementsCreate and maintain a culture of honesty and high ethicsEvaluate the risks of fraud, and implement risk mitigationDevelop an appropriate oversight process.
12(3) What additional procedures should Sheila Tate have considered (3) What additional procedures should Sheila Tate have considered? What were fraudulent transactions apparent from the documentations?It’s obvious that multiple control weaknesses exist within Dentistar’s West Region office location. It’s also obvious that some fraudulent acts were being conducted.The interviews conducted were a valid and efficient tactic toward the fraud investigation. This allows for further insight into the company from participants other than management, who may be the key players, and also provides additional approaches that would not normally have been considered.What Sheila Tate did not do was to consider whether or not these subscriber terminations were initially valid subscribers, or to confirm the validity of who the payments were being made out to, with its various supporting documentation.While analyzing the cancelled check details, and the corresponding check stubs, it was clear that Tom Swindler was fraudulently involved.It seems that checks were being requested for ‘normal’ vendors, but made payable to ‘Tom Swindler himself’ as well as others.
13(4) Brief description of procedures performed and results from #3 (4) Brief description of procedures performed and results from #3. Discuss factors that allowed for transactions to be undetected.The necessary documentation was not available to conduct the procedures of verifying that subscriber terminations were from valid subscribers.If Sheila Tate had requested such listing, she would have uncovered that payments may have been made to false subscribers.The fact that Sally Trusts does not review, online, if the requests are for valid customers, or to check if the balances are correct, allows for Tom Swindler to make payments to anyone he desires.After all, the documentation and checks are within his possession multiple times throughout the process.
14(4) ContinuedBased on the analysis of the cancelled check details, and the corresponding check stubs, payments were made out to Tom and two others – Rob Howard and Bob Turner – but recorded as ‘normal vendors’. The following check #’s were:Check# 1142; 1265; 1710; 1922; 2395Part of the monthly process is to send the check stubs to the corporate headquarters where reconciliations are completed using the respective banks statements.It’s been difficult to uncover these false payments primarily because the cancelled checks were not used during the reconciliation process, and the check stubs simply portrayed the ‘normal vendor’ as the payee.Moreover, Sheila Tate’s report of supporting documentation examined for these false payments showed that only the ‘check request’ was investigated.
15(5) What recommendations would you make to management of Dentistar to improve controls over manual disbursements, and to prevent additional fraud? Suggest operational improvements.We would recommend proper signature approval from departments head in other to submit payments for amount up to $100.Payments request for amount over $100 should be signed by the department head and also authorized the Director of Administration.All disbursements should be accompanied by adequate documentation, in the form of receipts or an invoice.It is recommended to substitute stub checks for more that one copy. When manual checks are used, a copy of the check should be made instead of using stubs since these can be manipulate easily.Finance administrator should check online for patient validity and amount refunded which was not the case in Dentistar West Region.
16(5) ContinuedThere are some operational improvements that we would suggest Dentistar to implementWe recommend management to implement policies and procedures manual, so employees would have a guideline, especially for the use of manual checks.We would recommend improving the computer information system. There should be a real time communication. Disbursement should be recorded accurately and timely in the accounting records (rather than waiting until the bank statement is received to record the transaction from the cancelled checks). We also recommend not deleting subscriber form system; it should be kept as inactive.
17(6) What are some of additional areas that might possess the risk of fraudulent activity? What controls does Dentistar currently have in place to prevent fraud in the areas you identified? If no controls currently exists what recommendations would you make to management?Creating false subscribers could be prevented by having only one person such as a Provider Administrator having access to such function and be the one approving which patients/employees are approved or later put in inactive status.This person will verify any disbursements before issuing refund check.Segregation of duties is an important piece on implementing internal controls. This means that no financial transaction is handled by only one person from beginning to end.For cash disbursements, this might mean that different people authorize payments, sign checks, record payments in the books, and reconcile the bank statements.For example, in Dentistar, Tom has other responsibility as coordinating the collection of the past due accounts receivables, assist in organizing the financial reports for all internal and external audits, and assists Sally Trusts with regional Human Resources issues