Control Misconceptions Color Too Many Audit Approaches
Auditors should never assume anything! Strong, empirical evidence needs to be obtained to prove that risks are being adequately controlled. Unfortunately, too many auditors take shortcuts, and don’t take a hard look. For example:
1. Dormant Accounts
Your bank believes they already have control over dormant accounts as they are identified by the core banking system and transactions monitored daily. It is true that externally-generated transactions such as a customer-generated withdrawal will cause a dormant account to become “active” again and be subject to review.
Most auditors and banks are not aware that internally-generated transfers between accounts also leave a dormant account in dormant status. However, internally-generated transactions such as service charges leave a dormant account in dormant status. A dormant account balance can be fraudulently set up to accept regularly scheduled debit transfer transactions and be brought to zero without any evidence of fraudulent activity.
Use a computer-assisted audit tool to monitor dormant accounts for “internal transfer” transaction codes.
2. Check Kiting
Your bank believes they already have an excellent routine for detecting check kiting whether it is being perpetrated internally or externally.
Backdating of transactions is always allowed. Backdating a deposit causes the deposit to be made “good” days before the posting date. A kiting analysis routine will not detect this; neither will any bank produced reports. Large internally-generated kiting fraud using a transaction backdating technique can be perpetrated and easily maintained.
Fraud Detection Routine
Use a computer-assisted audit tool to monitor backdating of deposit transactions occurring more than ‘N’ times on an account over a short time period