Page 2 of 2 1 2
Thread Options
#308064 - 02/04/05 05:06 PM Re: Employee account review procedures...
EdOils Offline
Platinum Poster
EdOils
Joined: Jan 2004
Posts: 553
Louisiana
Quote:

Come on, are you going to go up to an employee and demand an explanation of where they got that $20??



Nope. I'll follow the paper trail.

Quote:

It sounds like someone enjoys this a little too much and might be on a power trip.



Not at all. I do it because it is a risk to the bank. If I wanted to get on a power trip, I could, but then I would be ineffective as an auditor. AuditGuy was right, it's our job. It ain't pretty, but someone's gotta do it.

Quote:

I have more important things to do than break out the thumbscrews for every non-payroll deposit.



I've also talked to auditors who didn't believe cash counts were an effective use of their time, either. All I have to say is that once you've been burned, you look at things differently.
_________________________
You gain education by reading the fine print. You gain experience by not.

Return to Top
Audit
#308065 - 02/04/05 05:45 PM Re: Employee account review procedures...
Jay-Risk Offline
Gold Star
Joined: May 2004
Posts: 274
New England
Quote:


Jay, I hope you don't think I'm picking on you, because I'm not. I love a good debate. If I'm off-mark here, let me know.




Of course not. You are not speaking out of school, or off-mark. As you've noted, BOL is about gathering varied professional views based on our collective experiences, training, and background.

One problem with any professional site, such as BOL, is that we all come from different banking backgrounds with varied levels of risk-solution methodologies. Someone who works for a $100 billion regional office of $1 trillion Bank of America in Boston or Providence can at any moment be discussing an issue with another professional who might work in an $80 million institution from Salina, KS, or Norman, OK. Their commitment, professional motivation, and recognition of the need to solve the problem are the same; however, their solution methodology is vastly different.

When I'm speaking of overseeing the conducting of account anomalies, I'm referring to having ACL perform the analyses of various data populations in multiple ERP systems (i.e., for each employee's direct deposit, checks issued, savings, CDs, household) to evaluate trends, pinpoint out-of-pattern account activities, and to highlight potential issues for further investigation. (ACL can also be used in the same way for deposit and DDA accounts to aid in your BSA/AML/PATRIOT/OFAC programs).

Some people, on the other hand, manually review employee account transactions. My concern with this level of detail is that if you observe an employee's account with a $100 deposit not from your bank's payroll (which could easily be a gift from Aunt Helen), are you then approaching the employee to inquire of the transaction's purpose?

I still support the ACFE study wholeheartedly, and I believe that a scheming employee who might have an account with you is smart enough to also have another account elsewhere -- even having the account in a wife's, girlfriend's, or someone else's name. Setting exception threshholds at $100 transactions might occasionally capture minnows, but the $750,000 sharks you speak of are not banking that carelessly and will seldom be detected in that manner. My personal view is that an anti-fraud measure must follow written, well-understood standards; must be communicated to employees to serve as a preventive measure and to gain senior management buy-in; and must complement long-held, industry-accepted indicators of fraud -- such as the indicators provided by seeing an employee who annually earns $60,000 suddenly driving a $55,000 car; wearing a $4,200 Raymond Weil watch; wearing expensive jewelry and expensive clothes; and generally demonstrating an out-of-pattern lifestyle. Our fraud audit motivation is the same, but I'd rather target the $220 thousand commercial loan officer who can collude to set-up phony businesses and take the institution for millions, versus targeting the single-mother teller who takes that hundred dollar bill, but who eventually gets caught anyway.

Return to Top
#308066 - 02/04/05 06:18 PM Re: Employee account review procedures...
Anonymous
Unregistered

I like the solution my mentor in banking had at his bank. He first arranged in the 1970's.

He arranged for free accounts at a correspondent for all employees. Employees were informed this was done for the mutual benefit of the bank and employee. This way bank was assured of the confidentiality of payroll information (i.e. no payroll checks at the teller line or in proof) and employees were likewise assured of privacy in their financial affairs - no fellow staff members or auditors (well intentioned or power tripper) poking around their accounts.

Remember this was in the 70's and hard copy trial balances were the rule instead of on-line inquiry with access control. This arrangement also eliminated the problems of inadvertent overdrafts, Reg O violations, turning down employee loan requests etc.

For employee convenience, since branch banking had yet to come to Illinois, they could cash a check (up to a certain limit) at the teller line. However, this privilege was suspended if they bounced a check.

Not having an employee account in the bank also functioned as an internal control by eliminating the opportunities - as previously noted - for G/L fraud (debit expense/suspense credit my account) and EDP programing fraud (e.g. round all the pennies into my account).

Return to Top
#308067 - 02/04/05 07:03 PM Re: Employee account review procedures...
Anonymous
Unregistered

I'm a firm believer of risk-based auditing. It happens that tellers sneak that extra $20 into his/her pocket, but the function of an audit department isn't to look for mice, unless there is a good reason. Given limited audit resources, that kind of employee theft should show up in routine balancing and controls. If you focus too much on the small stuff, then it's more likely that the large losses are being overlooked. We've generally found the higher losses to be generated from the more highly compensated staff and the smaller losses are normally identified by our customers.

It would be interesting to hear how much your auditors make per hour and how much it is costing you to catch that $20.

Return to Top
#308068 - 02/04/05 09:28 PM Re: Employee account review procedures...
EdOils Offline
Platinum Poster
EdOils
Joined: Jan 2004
Posts: 553
Louisiana
Jay - you're right about the different approaches for different sized banks. What is good for my $110M bank is not good for the BoAs and Chases of the world. A $750M loss from an employee stealing would take up a year's worth of earnings for us, but would not be material for the big boys. So Anon, do you now understand that I am using a risk approach to my audit? It's just that my risk is different than yours.

Let me tell you about the $750M fraud, without going into detail (I don't know all of the details, since it happened somewhere else). This person was the operations officer for the bank. She used her knowledge to get around the controls that were in place. She used her own checking account to make daily deposits from GL accounts that she reconed. She audited all of the employees accounts, except hers. Her boss was supposed to audit hers, but he didn't. The transactions were small amounts over 15 years. The $750M was all that the bank could prove, but they suspected that she took well over $1MM. This lady was addicted to a lifestyle, so they should have noticed the nice clothes, cars, etc. Just like Jay said.

Now, let me tell you about the head teller that took over $100M out of the vault at a bank that I work at. She had been with the bank over 10 years and was a trusted employee. Cash audits were being performed by the branch manager, but not very well. Again, she was a trusted employee. She was addicted to video poker. She didn't drive a new car. She wore the same clothes she always had. You would not know she had a problem (no one did until she confessed). We may have eventually found it, but she could have gotten away with much more. This was a $150MM bank and it was a big loss, but the bigger then the loss of $s was the drop in employee morale. They were in shock that a well trusted employee had done this.

So, maybe I am being a little cautious, but I think I have good reason. Jay and I (and others) may disagree on the level of risk, but we are in different situations. Moral of the story is that no one program fits all in any area of audit. You have to audit based on what you feel is important. I think we can all agree on that.
_________________________
You gain education by reading the fine print. You gain experience by not.

Return to Top
#308069 - 02/04/05 10:33 PM Re: Employee account review procedures...
Anonymous
Unregistered

Quote:

I'm a firm believer of risk-based auditing. It happens that tellers sneak that extra $20 into his/her pocket, but the function of an audit department isn't to look for mice, unless there is a good reason. Given limited audit resources, that kind of employee theft should show up in routine balancing and controls. If you focus too much on the small stuff, then it's more likely that the large losses are being overlooked. We've generally found the higher losses to be generated from the more highly compensated staff and the smaller losses are normally identified by our customers.

It would be interesting to hear how much your auditors make per hour and how much it is costing you to catch that $20.




I would have to agree with you on auditors doing all of this review. I am one of three auditors for a three bank holding company of 1.2 billion. We have recently moved the regular review of the employees to the banks themselves. They perform roughly 20 - 25% of employees each year. Audit is only brought in on issues that raise a question. This allows the time for Audit to be spent more wisely while still being able to be involved when necessary such as the employees with issues in their accounts.

Return to Top
#308070 - 02/05/05 01:24 AM Re: Employee account review procedures...
Anonymous
Unregistered

The point was made that the problems with the employee theft was really a problem with the strength of cash controls, and that in the other instance she got around the controls that were in place. If controls are weak or are not tested, then losses may occur through carelessness as well as by theft. Relying on employee account reviewsfor very small amounts would tend to dilute the ability to review and test those major controls. That being said, you gotta do what you think is best and you're in the best position to decide how low to go in your examinations given your circumstances.

Return to Top
#308071 - 02/07/05 09:30 PM Re: Employee account review procedures...
H Ford Offline
New Poster
H Ford
Joined: Oct 2002
Posts: 23
California
We review monthly-it is not my functional area so I'm unsure of any threshold amount. I know our attorney advised us to keep disciplinary measures separate between employee mishandling their account (ie: NSF) and actual fraud (kiting, stealing, etc) Be careful, especially those in CA. We treat employees' accounts as any other customer. If they are NSF repeatedly, we will attempt to educate, if that doesn't work we will close the account because we don't want any customers like that(fees or no fees). If there is actual fraud it would be handled on a case by case basis, according to incident and severity.

Return to Top
Page 2 of 2 1 2

Moderator:  Andy_Z