What financial scandals show about the fraud risk of manual journal entry
Despite large investments in modern ERP and finance systems, manual processes like journal entry continue to leave businesses exposed to significant human error or fraudulent activities. This ultimately creates the opportunity for the material misstatement of financial results and all the implications that brings.
WorldCom is the poster child for these types of financial scandals, where manual journals were used to inappropriately capitalize expenses as fixed assets, which inflated net income and total assets by $3.8 billion.
In the Xerox scandal, revenues were overstated over five years by more than $3 billion by bringing forward equipment sales using top-side journals. These manual adjustments were made at the group corporate level during the preparation of the consolidated statements. In another example, HealthSouth Corporation inflated its earnings by $2.8 billion over six years using manual journals in the same way.
Manual journals are synonymous with adjustments. That’s why they’re so frequently exploited for fraud. They enable fraud to be perpetrated and then hidden by, for example, diverting funds to the fraudster’s own bank account and then creating journals to cover the missing cash.
Some of the specific issues around manual journal entries that can lead to fraud include:
Setup of new accounts: If you have little control around this, then you are leaving yourself open to people setting up new account codes to make it easier to hide the fraud and to manipulate the financial statements.
Implementation of controls: This includes controls around value limits, who can sign things off, which accounts and cost centers they can post to, who can request journals, who can review them and who can approve them. And, more importantly, which people are on all of those lists and can basically do the whole thing. What controls exist to limit the accounts to which someone can post journals?
Infrequently used accounts: Someone might try to post to an existing infrequently used account to hide their tracks. In organizations where high account reconciliation or balance sheet reconciliation volume is a challenge, certain accounts will be eliminated from that process, so the rogue posting will go undetected.
Rotation of employees: Are you rotating people’s roles, so they are not in the same post with the same responsibilities and authority levels for a long period?
The big lesson from all of this is that organizations need to improve controls around the journals and adjustment process to include top-line and top-side adjustments. It’s all well and good having internal controls that are effective in the day-to-day accounting, but if you are opening the floodgates at consolidation level to people just going in and doing massive multi-million dollar journals without any accountability, then that’s an issue.
Eliminating the manual touchpoints in the journal entry process is one of the key ways to tackle this problem. That’s where finance automation plays a vital role in prevention and detection.
ERP and finance systems have very little control over the manual journal process and setup of new account codes. The structure of these systems is set up to assume you have segregation of duties and manual internal controls before it hits. Automation needs to be added into processes to force further review, approval and scrutiny over manual journals and the set-up of new accounts before that stage. Automation can also force segregation of duties into the process.
Forensic auditing is another layer of prevention and detection automation adds. This includes exception criteria to flag up postings to rarely used accounts, for example, and statistical analysis with trend identification to alert to abnormally high journal volumes or spot persistent journals for suspicious-looking amounts, such as whole round millions of dollars.
Ultimately, along with good practice such as rotating staff roles, it’s about trying to eradicate as many manual journal entries as possible and replace them with either automated entries or processes that go through a more controlled procedure where automation and humans work in combination.
Find out how to eliminate manual journal entries and reduce your risk of fraud with Finance Automation by Redwood.
About The Author
Shak Akhtar
Shak Akhtar, General Manager of Finance Automation at Redwood Software, possesses extensive experience in finance and IT. With an accounting background with IBM and roles at SAP®, BEA and Wolters Kluwer/Tagetik, he brings a wealth of hands-on knowledge as he leads global initiatives in finance automation and record-to-report (R2R), facilitating client-led financial transformation.