NO SoD POLICIES? IT’LL COST YOU
Tuesday, May 1, 2012 at 05:44PM Dixon, Illinois is a pretty neat little town. Half dying because it used to depend on a fading farm community, but it’s got an iconic arch for a gateway, it’s the birthplace of Ronald Reagan, and it’s home to an excellent state park. My wife and I have had a couple of getaways there over the years, a ways west of Chicago.
In October 2011, Rita Crundwell, the comptroller and treasurer of Dixon, went on her own getaway, and while she was gone, the city clerk found some boo-boos in the books. Turns out Rita had been looting the town, and had stolen around $30 million over six years. The town’s annual budget never exceed $9 million.
Rita had been supporting a lavish lifestyle, including a couple of horse farms, on a salary of $80K. Nobody seemed to catch that.
Everybody had trusted Rita. She would even perform some of the duties of the city commissioners while they were unavailable. Real or digital, that’s excess entitlements.
But here’s the kicker. Kelly Pope, a forensic accountant as well as a professor of accountancy at DePaul, said that auditors should have caught Dixon’s weak internal controls. “That’s Accountancy 101, SEGREGATION OF DUTIES … the person that writes the checks isn’t the person who deposits the checks.”
My first introduction to the consequences of SoD was during a visit to a mortgage company in Pennsylvania, during the height of the real estate boom. Anybody who could make an X in purple crayon on the back of an Eskimo Pie wrapper could get a mortgage. But the client at hand had been written up when one of their officers had submitted and approved his own $2M mortgage. Hey, you gotta draw the line somewhere.
I have spent a lot of time cataloging the various tricks and traps of auditors, the ways in which they show they’re worth their money, by tripping people up on the dumbest of things. Remember, auditors are not your pals. They are there to screw with you. If an audit goes squeaky clean, it’s assumed the auditors haven’t done their job. So they will always find something. It’s like the old story in Chicago, if the health inspectors need a Christmas bonus, and your restaurant doesn’t have any rat droppings, they will bring their own.
Segregation of Duties is an easy one. People who have conflicting entitlements. A lot of organizations KNOW they have this problem, but can’t fix it simply because they don’t have enough bodies. That’s when you come up with toxic combos. “You can’t have A and B if you already have C.” In any event, there must be a set of policies, they must be regularly reviewed and enforced, and any exceptions must be documented.
And there’s your partial out. Document all exceptions. This provides you at least a temporary reprieve. The only thing worse than a violation is one you were grossly ignorant of. Take responsibility for it, document it, and mitigate as best you can. In other words, it’s okay to get caught, just not with your drawers completely down.
There’s only one place on Earth where violations are not enforced. My house. I am not allowed to pick dinner, handle the check book, choose my own clothes, determine the time to leave for church, or comment on the kids’ hairstyles. And it all started years ago with the exclamation from the household SoD violator: “Please tell me you’re not wearing THAT to the funeral.”