As a CPA who has watched the industry change over the years, I am excited to see the continual merge of technology with accounting. As a result, there are many programs on the market to help non-CPAs help keep the books in order. One of the most popular is QuickBooks.
I have spoken with many clients who view their colleagues as very benevolent and ethical individuals. They are in business to reach the greater goals and our not-for-profit clients and their employees are passionate about their mission.
I have found that at times, their trusting nature of the noble people in their organization has caused them to lower their guard to some common fraud threats within their business or organization.
Perspective: Mary, the standard small to medium sized nonprofit manager:
“I don’t have the time to be involved with the accounting. I just want to focus on raising contributions for my nonprofit, and making sure that money is wisely spent on our organization’s purpose. Besides, John has been our outside CPA for years and really knows his stuff. He makes sure that our internal controls are air tight, so I’m not really worried with him on watch.”
Perspective: John, the prototypical contracted outside accountant turned thief:
“How did I steal from the company? It was actually pretty easy. I started out as the perfect accountant, constantly badgering Mary to read the bank statements or to review invoices before signing the checks. After a while I asked myself why I was doing it. If she isn’t going to use the safeguards then why make her? I’m not making nearly enough for the stress and client demands of this job; so I decided to increase my take home compensation with the organization’s money.
Execution:
Stealing from a company through QuickBooks is made possible when managers and supervisors are not monitoring the outside accountant. In QuickBooks, checks must be printed to pay bills. When a bill is printed, QuickBooks asks if the check printed correctly and if the user says it didn’t then he can print it again. John has the ability to print a check to himself, first for an odd amount, like $327.82. John would then tell QuickBooks the check didn’t print properly, and print another check for $327.82, but list the payee as one of the suppliers that they are consistently buying from. QuickBooks will only record the check made to the supplier. Since the nonprofit’s business with them is usually well into the thousands, a few hundred here and there won’t raise any eyebrows. John then shreds the check to the supplier, and cashes the check, and there is no way to find out what he did in QuickBooks. A record in the QuickBooks file will indicate that payment was made to the supplier. A little here and there really adds up to a lot for John, but won’t be missed by the organization.
The Reason it Worked
John could have easily been caught. If Mary had skimmed through the check images on the bank statements, she would see the check was made out to John for a few hundred dollars. The problem for Mary and her organization is that she never looks at them so even though the evidence to discover the checks made out to John was right in front of her, she would never discover it. It’s even easier for John now. The bank used to mail cancelled checks, so they would be at the office, archived forever. Now they are only available online, and the bank even purges them after a few months.
The above story illustrates how even accounting software for nonprofits like QuickBooks can be exploited when proper controls either do not exist, or exist but are not actually used. The issue with an off the shelf product like QuickBooks fraud is that management of nonprofits and other organizations often do not realize that controls are lacking.
