Auditors Must Assess The Aftermath

What happens when a member of management leaves an organization?

Have you ever considered this might be a risk that you should look at?

Don’t believe me?

Tune in to this episode of Audit Bites to see why you should care when someone leaves the organization and why auditors should assess the aftermath.

Audit Bites gives you small bite sized chunks of audit discussions and training.

It is the first LIVE show dedicated to auditing.

And you can get CPEs too. Can’t wait to see you there.

www.auditbites.com

Transcript
Rob Berry:ut the fraud that occurred in:Unknown:

Do they give you any Express directions to not enter things into a computer? Yes, definitely. The management was all concerned about appearances and collecting their bonuses and appearing right for corporate in a statement Balfour Beatty said it is not and does not condone the falsification of records in any way. According to the company, allegations of misconduct at Tinker date back several years after being investigated by the Air Force, one employee was found to have acted improperly.

Rob Berry:

Alright guys, so you heard Tina, she said that. They just want it to look good for corporate and they did an investigation and for the entire company. One employee was responsible for a fraud that was committed. One employee acted all on her own. How many of you guys believe that if you can type into the chat? Yes. If you believe that? No, if you think now there's no way she did it on her own. But at this point, where we are is it's really her word against the word of an entire organization. So let me know do you think that she solely committed a fraud on her own or that she had help? malinska Elisa is on him Elisa says one employee question mark. Yeah, Melissa, there was a multimillion dollar fraud and one employee did it all on her own. Do you believe that? So whether you believe it or not, let's go on and hear the rest of the story. Here's another news clip. Take a listen.

Unknown:erformance bonus was fired in:Rob Berry:

Alright, so Did you guys hear that? I'm hoping that you can hear the audio because pozo hit it dead on the head. One employee was the escape goat. Melissa said the exact same thing scape goat. Ha. So now we're getting somewhere. Lisa, hey, Lisa, you showing up his LinkedIn user Lisa says if she was able to do it on her own terrible income, internal controls, no separation of duties. Haha. So but did you hear that? You guys nailed it. On this interview, she said that she believed she was the scapegoat. So now, she did something wrong though. If they terminated her, Surely she did something wrong. Here's what she did. When ordered when work orders came in, to be completed, the company kept two separate set of books. One was outside of the computer system. So she hailed work orders outside of the computer system. And she entered them into the system when they were almost complete. So the time date stamp on the computer system looks like the work orders were being completed timely. That is what she did. And that was her role. But they asked her about her role. And if she felt bad about it, and if she felt she had done something wrong. So what I'm going to do now is let you hear in her own words, what she has to say about why she actually did what she did.

Unknown:

Did you ever feel like you were doing something wrong? I did. Yes. How did you square that away? I just did what I was told.

Rob Berry:

So now I understand. In this particular situation, this young lady committed a fraud that really fleeced the government out of millions of dollars 10s of millions of dollars. When they did their own internal investigation, she was the one who was fired. Now in this interview, she's saying that she simply did what she was told. Now I will tell you she's also now suing for wrongful termination in this particular incident.

Rob Berry:

Now here's what I have to say about this. Of course she did what she what she was told to do. If not she would have been terminated. But because she did what she was told to do. She was terminated. Anyway, kind of a catch 22, right. But you will notice when things happen in organizations, someone has to take the blame. Now, I personally believe that if you're in an organization where fraud is occurring, just get out, go ahead and do the right thing. Don't be complicit to save your job or for any other reason that you can come up with. Because at some point, you're going to have to pay the price. But you're probably wondering to yourself, what does this have to do with internal auditing? Like, seriously, Robert, this sounds like the Friday froster. Why are you talking to us on a show for auditing? I'm glad you asked my friends. You see, this incident happened at one Air Force Base. And then what happened is it started happening at other Air Force bases, they took it to the government. When the government finally got it, and it got high enough in the US government, the government actually referred this case to the FBI. And if you know, like, I know, the FBI is the last group on the planet that you want coming after you for anything. So now again, what does this have to do with internal auditors? Well, it's our job to proactively help management, identify and mitigate risk. Oftentimes, when people leave an organization, especially after a fraud has occurred, or if it's an hot if it's a high level employee who is here one day and gone the next, you can best believe that there's a reason behind it. And that reason is usually because they either knew too much, sell too much said too much. Or they were the ones committing the fraud, right? Those are typically your four reasons why someone would leave an organization, especially when there's something happening where there's a law rule or regulation that is being broken. Okay, so where does that leave us? Okay, in our profession, we know that there's this thing called the fraud triangle, right? Okay. So for those of you who know that there's a fraud, hexagon, Pentagon, and maybe contemplar quintuplets on or whatever word I can make up, I know that there are other things. But we're going to talk about the fraud triangle right now. Whenever something happens, you need to look at and think about the fraud, triangle, rationalization, opportunity and pressure. So let's apply that to Miss Brown in this particular situation. She had pressure, or her pressure was from the people that worked for her the people that she worked for, she had an opportunity to she had an opportunity to commit this fraud because, well, the internal controls were weak, as Melissa said earlier, and you saw her kind of rationalize the situation away, because she said, Well, I was just doing what I was told to do. But if I'm an internal auditor, and I see that she's the person that's been terminated, because something has happened, my first thought is going to be Is she the right person? You see, in this particular situation, I think that she was escaped go to, which kind of goes back to what Austin said, motivation. What in the world was her motivation to do this other than the fact that she got to keep her job? She didn't get any of the bonuses, as we saw earlier in the news story. So why would she actually be an active participant in this fraud? Had it not been pressure from inside her company? militia is dead on it? Who benefits? Right? So if I'm an auditor inside this organization, and we've had this scandal where the stuff is just hit the fan, and I see that we've terminated this one person, my first question, who's benefiting from this, what is her motivation for committing this fraud? And this is what I mean by auditor should always assess the aftermath. Anytime someone disappears. At the blink of an eye in an organization, you have a high level person in an organization that disappears, why you have a low level person who disappears after there's been a fraud that has occurred. Why? Okay, so now I'm going to show you all another clip that I found to be interesting, because after this woman was terminated, the company put out a statement talking about how they tighten their internal controls. But a local news station did some investigating and found out maybe not so much. So let's just check out this clip. And then we'll come back and talk about it too.

Unknown:

Right here,

Unknown:

this is all water. The company says it has since worked to strengthen the documentation process at Tinker. several families say maintenance and record keeping problems continue for Framestore to fall apart. Derrick enable flight engineer who asked us not to use his last name, lives on base but it's deployed more than half a year during his wife Jennifer and three kids to deal with frequent housing issues.

Rob Berry:

Alright, let me just say one thing Derek didn't want him to use his last name, but his face is all on camp, right? You guys know, I couldn't get through a single program without being with without pointing out something that was funny, right? So Derek, I don't want you to use my last name. However, you can show the house and you can show my face. Anybody else thought that was odd. But I want you to notice the language that was used here, the company worked to strengthen and strengthen its internal controls. No, my friends, you didn't strengthen your internal controls, you put in the baseline bare minimum standard that should have been in place to begin with, because you were committing fraud. That is what happened here. But you all know how I feel about PR and how that works. When you hear stories in the news, it really gets my goat to hear the way people word things. Alright, so now, now that I've set the scene, here's what happened. We had this company that has a multi million dollar contract with the government, it's either five or 10. It's a 10 year contract with the government. As a part of that contract, they're supposed to make sure that homes that are military personnel are staying in or appropriately maintained. They get bonuses. If, if they correct any issues in these homes timely, these bonuses were based on data that this company was sending to the government. In turn, the company was fudging the data so that they could get the bonuses. In turn, they found out that something was going wrong and they terminated the person who was responsible for entering the data into the system. Now I will tell you initially she was the only person that was terminated. What ended up happening was after the FBI investigated, they found some smoking guns, they found a lot of emails from people within the organization within the organization, where they were actually saying, you need to make sure that we get these bonuses, this is important. Do whatever you do by any means necessary. So they found the smoking gun, and it got all the way up to the FBI. Which brings us back to the subject for today. Should auditors assess the aftermath? After you find that something happens, because remember, this was just one military base where Miss Brown worked, and she was terminated. auditors must assess the aftermath when things like this happened. If we had assessed the aftermath in this particular situation, it may not have blown up to a point where the FBI investigated. So now, how do we assess the aftermath? What do I suggest? What would I do? If it would mean? What have I done in the past to assess the aftermath? When something looks well just kind of off? Right? Because you have that auditor intuition? Well, I'm glad you asked friends, here's what I would do. First thing I would do is I would ask one question, What in the world happened? Because that's the first thing you need to know. So let's talk about this particular situation, I just ran through what happened, they had a system where they were keeping two records, one was outside of the system that they were using, by the way, the government could access this system to make sure that they were actually completing the tasks on time. So they had a process that was designed to allow them to cheat the system. They had one individual in this particular at this particular Air Force Base, that was cheating the system, they must have spread the word to people in other Air Force bases because it was found to be a widespread problem. So the first thing you want to know is What in the world happened. But the second thing you want to know is who all was involved. And I mean, everybody. Now the bad part about this is when something happens,

Rob Berry:

you're going to have to put the CEO on that list to begin with, because he or she is going to be involved in every single incident that occurs because he or she is responsible for the culture in the organization, he or she is responsible for the processes in the organization. And granted, that responsibility is delegated down to everyone else, but he or she is the ultimate person. But when you get your list of everyone that could be involved, you got to start thinking through that whole list. This is where critical thinking is important for internal auditors. If you look at the top five skills that they've cited to be important for internal auditors, critical thinking is I think number three for this year's survey that went out to Chief audit executives. So now you know who all was involved in this particular scheme, you start checking them off. And what you do is look and see. Here's my suggestion. First you go through the fraud pyramid, what was the rationalization and all that good stuff, but this is what you really want to look at. Ask yourself two different things. What did they stand to gain and what did they stand to maintain? You see, Ms. Brown's case she was simply trying to maintain her job maintain her current standard of living, nine times out of 10 and when you look at the person that is just trying to maintain there's someone else above them that is standing to gain something. In this particular instance, the people who were pulling the strings above her stood to get stood to gain millions of dollars in bonuses. But instead of terminating them, well, Ms. Brown was terminated. And I will tell you, when you read up on this case, you'll see that I think right now, many of the people who were in charge have been indicted, I hadn't gone back to see if they've ever actually gone to court yet and what happened, but they went through the process of being indicted by the federal government, my friends, that is the last thing that I would want to happen to me. And I'm certain that that's the last thing that they want to see happen to them. But for our internal audit professionals, when this first case happened, and this young lady was terminated, and we knew that something fraudulent had happened, why did we stand by and allow someone that really didn't have anything to gain other than keeping her job, which to me, I put that in the maintain bucket. She only had something to maintain in this situation, not something to gain yet she was the one who was terminated. And as you guys said earlier, she was probably used as the proverbial scapegoat in this situation. So let me go back to the audience real quick. I see Nicola is here. Nicola, how are you doing? My friend? Nicola, what time is it for you there? It's got to be what, six, seven o'clock for you over there in the UK. She says, Hey, great session, I can imagine many auditors may find it hard to assess the aftermath on the audit plan, despite the obvious need for it. What do you think? Absolutely. It's probably not going to be on your audit plan. Because let me let me just say this. If you have assess the aftermath as a line item on your audit plan, you probably work for a crappy company and you need to find someplace else to work again. Let me just tell you guys where you are, you own my show called audit bytes. This is episode number one where we give it to you real enroll, we tell you things that you should know in your profession, and not everyone's going to tell you this. Why am I telling you this? Because I think it can help you become better audit professionals. So this is one of those things, it's going to pop up on your audit plan. It should happen once every Blue Moon. Again, if this is a regular occurrence, find you someplace else to work because something is truly, truly wrong. Now, Marilyn, what are you saying to me, Maryland, Maryland says to medicate to mitigate risks, their maps their media awareness project. Thank you, Maryland. Set up a skate goat to give time for the company to hide slash create a better outcome that can be fair to the media and protect the C suite. Oh, Maryland. You said a mouthful. Thank you for being my guest host today because I couldn't have said it better myself. Now pose Oh is here in puzzle says What did they stand to maintain? so important to ask and pose? Oh, you know, as I was thinking about this story, because I think you will on the episode of the Friday fraudsters when this came up, and you saw how upset it made me. Um, a lot of companies when stuff happens, they find their proverbial scapegoat. And as auditors, we should be able to see, was this person the scapegoat? Or was this the right person? And here's why. Here's another reason why it's important for us to find out if this is the right person, or if it's, or if it is a scapegoat. It speaks to one of the things that we've been talking about, we need to audit recently. And that's culture. If you see management, put someone out to pasture that tells you that you may need to look at the culture in that organization, because something may be corrupt in the culture. All right, Nicola, glad you agree with what I said. Glad you asked the question too. Was that the answer? You expect it Nicola, you know me, you know that I'm gonna give it to you straight. Alright guys. So this has been

Rob Berry:

first episode of audit bites. We've been talking about should auditors assess the aftermath? And what I mean by that is when something happens in the organization, where there's a fine for violating a law rule or regulation, where someone commits fraud, and then you see someone is terminated. Should auditors really look at who's been terminated? Should we assess the aftermath of what happened? My opinion is yes, it seems like a lot of you guys agree with me. But wait, there's more. As we do our job as internal auditors, I say this all the time, it is a very serious job. It has very serious consequences. What I'm about to show you is something that is disturbing and it's a result of this particular fraud. I'm going to show you a family that the news station interviewed. Someone from this company went in and fixed something in this company's home. When they fixed it. They were truly disturbed by what they saw. They were so disturbed that they wrote it up in the notes at the company. Before you clap your hand for this person, watch the clip first. Let's just see if you have the same feeling that I have about this particular situation. So here we go. Let's take a look at this one last clip.

Unknown:

Internal records reviewed by CBS News and Reuters show that within a year, a leak caused a Balfour Beatty maintenance technician to document his concern that the couple's infant daughter could become sick from chewing on flooring tiles that contained asbestos.

Unknown:

It's very upsetting to know that he was concerned for our child safety, but didn't

Unknown:

tell us it's almost heartbreaking. I mean, we already listed our seven day bill, you think you got your family home safe? And to find out that, you know, data kitty dismissed this war?

Rob Berry:

Now, this doesn't make you upset, I don't know what will. The person that worked for this company went out did an assessment figured out that something was wrong in these people's homes, went back to the office and then wrote the notes up and said, You know, this is best those there and they have a kid and I'm really concerned about that, but didn't tell the family, again, internal auditors when something happens. And when you see that there's fraud that has occurred in an organization, you need to assess the aftermath. Did the organization actually root out? The fraud? Did they make and take corrective action? The person that was let go, is that the right person? By the way, I would have tried to interview this woman as soon as I found out she was terminated out have been looking to see what do you know what happened here? What can you tell us? Now I can see that some of you guys agree with that. Because Heather says no good. You're right, Heather, that was no good. And pozo says how disturbing, right? This this just completely upset me. But again, from our standpoint, as auditors, we could use this as a lesson to now assess the aftermath, and things like this happen in organizations. And this leads us to help assess an organization's culture. See, I did that one for you, Joe, Joe, if you're watching Joe Irvin or if you see the replay. And Melissa says great session, Melissa, I'm glad that you liked the session. I'm glad that you were here with me in this session. This has been audit bites, the first episode auditors must assess the aftermath. So let's go back to in order to assess the aftermath. What do I suggest you do? First question you ask is, What in the world happened? Get your arms around? What happened? Second thing is, who was involved in Yes, I mean, take a tally of everyone that could have been involved in then, when you go through that list of people that were involved, see what they had to gain or maintain. When you find a bunch of people who only had something to maintain. The next thing I want you to take a look at with them is see if they had power and authority to make things happen. You see, this woman was trying to maintain her job, but she really didn't have any power or authority to do what she did. Because if the organization had a good internal control system, she would have been stopped. Now, the people above her head something to gain, they had bonuses to gain. They also had the power and authority to make sure that what they wanted to happen, happened. So again, what do they have to gain? What do they have to maintain? What is their power and authority structure within the organization? This happened on one military base, it then happen on other military bases, those military bases, then moved it up the chain in the federal government, when they moved it up the chain, the federal government, when they found out what was happening, they pass the information along to the FBI. The FBI went in and investigated and laid down some indictments on several high level executives in this organization. Those people are now those people have been indicted. Again, I haven't looked up to see if they've gone to court yet. But a well placed internal audit engagement where we had assessed the aftermath could have prevented this from happening. Again, it is our job to help our organizations identify and mitigate risk. That is our job. And as I always say that job comes at a heavy price. They may get mad at you, they may name call you they may ridicule you, but you have an obligation to do the right thing. Let me say if you like this session, you can get CPE just for listening to me. Hey, that rhymed. I didn't mean around one time I did it again. Um, if you go to my website, there are a guy.com or if you go to $7 cpe.com, you will find Well guess what? $7 CPE This episode is not up there yet. But you'll give me a day and it'll be up there and you can get CPE just for watching the 30 minutes presentation. listening to me talk about auditors must assess the after math. So now guys, here's my question. What do you guys think? Do you like this format? You liked this episode? If so, I'll come to you periodically with audit bites. You know, I'm going to come to you periodically. Anyway, this is episode number one. Of course, we got to have many, many more. I would be remiss if I didn't plug the Friday froster show with Kelly Paxton and Joe urban and myself. Where on Fridays at 2pm central standard time we talk about fraud, which is friends together, talking about fraud.

Leave a Reply

Newsletter Signup

Subscribe to our weekly newsletter below and never miss the latest product or an exclusive offer.

Scroll to Top