AuditNet®

CAATT Tales

 

 

Credit Balance Hide and Seek

BY DONALD E. SPARKS

Audimation Services, Inc.

 

Experts in Data Analysis
Volume 1 Issue 8

 

 

A determined internal auditor and a simple data analysis technique uncover an insurance company’s fraud against its customers.

David Arnold, the internal auditor for Amity Insurance Co., began his workweek with a visit to one of the company’s field offices, where commercial cus­tomers interact with employees and pay their premiums. The audit in­cluded a surprise after-hours inspec­tion to make sure doors and cabinets were locked, negotiable instruments were not lying around, and live checks were stored securely.

Tim Reynolds, the office manager, showed Arnold the safe, where he noticed a check for US $53,000. It had been held in the store for more than two months, and no attempts had been made to deliver the check to the payee. Reynolds said he didn’t know why the check was in the safe, though he mentioned that the home office often sent unrequested checks.

Arnold took the check back to the home office and requested the requisition document from account­ing. He learned that the assistant controller, who also signed the check, requested it, and that no additional requests or approvals were required to issue the check because it was a re­fund on a cancelled account. Arnold learned that the check was issued after a request by a state auditor to clear a finding from the audit report showing a 10-month old credit bal­ance on the account, and was going to be used by a broker to pay down the first-year premium to secure a new account.

Additional examination revealed there was no monitoring mechanism in place for outstanding balance refunds. The assistant controller’s re­sponse to the auditor was troubling.

“Why so many questions about this? It’s a common practice around here. If the insured or broker didn’t miss the money, why should internal audit be concerned?”

The company’s chief operations officer (COO) shared this opinion.

The guidelines set by the National Association of Insurance Commis­sioners instruct insurance companies to return outstanding account bal­ances within 90 days. If the rightful owner cannot be found, the guide­lines state it should be considered an abandoned asset and remitted to a state escheat fund. Amity Insurance Co., however, had been cultivating and banking the credits on closed accounts for years, and using those funds as it saw fit.

The company treated the funds as open receivables and felt entitled to keep those funds because the busi­nesses cancelled their insurance policies without knowing there was a remaining balance. In most cases, the balances were left on accounts for years. In addition, the funds were used for instances of goodwill to en­sure renewals. Arnold’s investigation included a case of multiple account managers combining funds from closed accounts totaling US $1.1 million, which was used to supple­ment a payout on an uncovered loss for a guarantee that the policyholder would renew with the insurance company when the time came.

Arnold sent a request to the IT direc­tor for a data extract of current open receivable files that were prepared and approved by the CEO, the chief audit executive’s administrative re­porting authority. The company kept records on the status of accounts, whether active or cancelled, but the information was kept in separate tables from the open receivable bal­ances. Using data analysis techniques, Arnold ran a “join” on the two tables and then a “summarization” by pol­icy number, which resulted in a list of each account with the net balance open on a single line. He excluded the positive accounts and looked at credit balances on cancelled accounts, sorting them by descending order. Arnold found hundreds of thousands of dollars of unclaimed funds span­ning nearly all field office locations, some dating back two to three years. He sorted them by account represen­tative for further investigation.

Arnold contacted the five regional vice presidents to enlist their sup­port, only to later learn they sent alert notices to their account repre­sentatives working at branch offices. The account representatives quickly began looking for ways to allocate the money to buy down premiums on new accounts they were working to secure. In the meantime, Arnold returned to the CEO and COO to review the list of discrepancies, and recommended that they issue a 90-day reconciliation policy where the company would return funds from closed accounts to the right­ful recipients. The policy was never implemented, so Arnold turned to the audit committee for support.

The audit committee chair provided the summary and recommendations to the company’s audit partner, an outside firm, which claimed that in 56 years of work it had never found any balances on closed accounts or reallocation of those funds for inap­propriate use. The committee asked Arnold to help manage controls, add the analysis work to every field office audit, and report back on whether the controls were working.

Arnold scheduled a quarterly data extraction of the two required data tables to be placed on the company’s shared drive to track the newly im­plemented policy. In just one quarter, the routine was so precise that the auditors found no false positives and no additional work was required. Most of the account representatives had stopped the practice of using funds from closed accounts to man­age open accounts, though others found a way to roll the credit balanc­es together into a new balance with a new effective date to elude detection. However, the audit team noticed the new balances did not match the un­derwriting records and changed the script to detect consolidated records. Violations were reported in detail to the board, which instructed the internal audit team to conduct the company’s first anti-fraud review.

The policies recommended by the audit team seemed to work, and most of the account managers stopped committing the fraud. The company then entered a merger, where managers, accountants, and lawyers from five different companies began reviewing the audit reports. The assistant controller asked Arnold to remove the comment in the report about the balances on can­celled accounts in exchange for any reasonable position he wanted within the newly merged company. Arnold refused and resigned, but not before including his latest findings on new credit balances being withheld in a final report to the audit committee.

Lessons Learned

• Do not overlook the value of a “surprise” audit. Auditors who are predictable are easily deceived. While most fraud is uncovered through tips, auditors can find fraud by searching for anomalies. Data mining is the most effective and efficient way to drill down and find the root cause of fraud when routine analysis techniques reveal suspicious balances.

 

• Find out who in the organization is responsible for monitoring the return of balances on cancelled business and whether they have a standard report or record of responsible parties. Check to ensure that levels of approval are established appropriately.

 

• Open debit balances should be turned over to collections and account cancellation for nonpayment. Often account managers are reluctant to take this action as they usually forfeit any commissions.

 

• Before presenting your findings, don’t overlook the potential for a valid business reason to justify holding a credit balance. Sample some of the transactions and pull the support files to see whether patterns emerge.

Take IDEA for a test drive:

If you would like to try this feature out for yourself, request a demo copy of the IDEA data analysis software [CLICK HERE].

 

DONALD E. SPARKS, CIA, CISA, ARM, is a vice president of Audimation Services Inc. in Houston. To respond to this solution or provide data analysis questions you would like answered in future newsletter articles, please send an email to dons@audimation.com 

The opinions, beliefs and viewpoints expressed by the various authors and forum participants on this web site do not necessarily reflect the opinions, beliefs and viewpoints of AuditNet®

 

This article was reprinted with permission from the June 2012 issue of Internal Auditor, published by The Institute of Internal Auditors, Inc., www.theiia.org.