Are Your Internal Controls like Swiss Cheese?
by Gene Bucciarelli, MBA CPA
Employee accounts present a compliance and fraud risk to the Bank. Easily overlooked in the day to day rush of customer, compliance, and various internal activities, these accounts provide a window of opportunity for the employee intent on fraud. The employee accounts definition should include employees and joint accounts with relatives who have accounts at the Bank.
The initial setup of employee accounts should encompass at least one of the following processes;
Unique Employee Account Branch
While this set up is unusual, it is a best practice in that all usual branch reports such as kiting, large items, and NSF are produced daily and can be used to monitor all employee activity in one place on a continuous basis. This is not a physical branch but a virtual one.
Unique Account Numbers
Giving employees unique account numbers enables all monitoring personnel, centralized and local, to identify a transaction that involves an employee account immediately. Again, this is unusual but it has significant daily monitoring advantages.
Coded as Employee Account
Coding allows unique reports to be produced by report writer type programs. These reports can be used during audits or reviews to obtain the universe of the employee accounts. This is the typical employee account identification scheme.
The review of employee accounts should be conducted as follows:
- Review all employee accounts at the same time or in blocks of time throughout the year. Sampling accounts is not a good idea as employee accounts do not lend themselves to sampling, which is reserved for transactions that have similar characteristics so the sample can be used to make a judgment concerning the population.
- Review 3 or 4 months in a row. Reviewing a period like a specific quarter enables the reviewer to spot trends and patterns while keeping the workload somewhat reasonable.
- The review should be primarily concerned with:
- Violations of company policy, i.e. NSF activity
- Unusual credits, i.e. out of pattern deposits and internally generated credits
- Significant change in activity
- Transfers from non employee accounts.
Employee loans should be reviewed at least annually looking for such things as:
A strong employee accounts review process is part of a system of internal controls that every bank should incorporate as part of its internal compliance and fraud prevention program.
Gene Bucciarelli, MBA CPA is the principal of Internal Control Systems, a community bank internal auditing and consulting firm. Reach him at email@example.com and 925.828.7360.
First published on BankersOnline.com 10/17/05
First published on 10/17/2005