Don't shoot the messenger: auditors sometimes must weigh doing the right thing against keeping their job. Will Sarbanes-Oxley put an end to this dilemma?

Internal Auditor, Dec, 2004 by Courtenay Thompson

ORGANIZATIONS THAT RESPOND well when frauds are revealed make the job of internal auditors, managers, and executives less complicated. By having a well-defined, communicated, and consistently applied response to suspected wrongdoing, executives can help provide employees with the courage they need to bring fraud to the surface. Unfortunately, however, those who bring wrongdoing to light can experience rough times. Internal auditors, for example, sometimes get "the bearer treatment"--he who brings the bad news is identified with the bad news itself.

For years, in internal audit seminars, I have taught auditors and others that one of the dangers associated with responding to fraud is damage to their careers. The likelihood of career damage varies depending on the perpetrator and the nature of the fraud. For example, career damage is rare when the fraud is perpetrated by clerical employees. It is most likely to occur to auditors who surface:

* Fraud by executives.

* Fraud by top performers, including sales staff.

* Fraud for the benefit of the organization, including sales fraud.

* Fraudulent financial reporting.

STEALING STEEL

A case recently submitted to "Fraud Findings" is a good example of what happens when an organization responds poorly to reports of fraud. Late one evening, after most of the staff of a steel company had left for the day, the internal auditor was standing at his second floor office window when he noticed a pickup truck in the yard loading what appeared to be full sheets of metal. He could not make out the materials, or identify the people or the pickup truck's license-plate number.

Because the auditor considered the activity to be suspicious, he called the purchasing manager, whose office was near the loading dock where the materials were being removed. The purchasing manager approached the individuals, who produced some paperwork. The manager got the individuals' names and the vehicle's license-plate number.

Back in the auditor's office, the purchasing manager and auditor looked over the document that the manager had obtained from the individuals he had confronted. It authorized removal of steel, but it did not indicate whether it was scrap metal, stainless steel, or something else. The document had the signature of a purchasing supervisor and stated that the materials were to be provided to one of the three individuals loading the pickup. One of the individuals worked in the plant and had access to the loading doors that were being used.

The following day, the internal auditor explained the situation to his boss, the controller, who indicated the auditor should investigate further. The signature on the paperwork clearly was not the signature of the purchasing supervisor. The supervisor confirmed that she had not signed the document, had no knowledge of the transaction, and had not given anyone else permission to sign the document. Upon learning this, the vice president of operations, without the internal auditor's knowledge or consent, put the employee who had been loading the truck on suspension.

The auditor subsequently learned that the father of the suspended individual owned a kitchen equipment supply and manufacturing company that used large amounts of stainless steel in the products it made. He also learned that the father was the first cousin of the individual who owned 80 percent of the steel company.

Three days after learning about the relationship, the vice president of operations, purchasing supervisor, manager, and internal auditor were fired. No cause was given. Two weeks later, the controller resigned. The internal auditor was able to find new employment. The other three were not so lucky, and two were basically forced into early retirement.

NOT AN ISOLATED INCIDENT

The person who submitted this case is not alone. In doing seminars and consulting work, I often encounter people who believe their careers were negatively impacted when they tried to handle fraud their organization was not ready to address, including:

* An internal auditor for an insurance company, who, through policy loan confirmations, learned that a top agent had made fictitious policy loans, forged the check endorsements, and deposited the checks in his own bank account. The insurance company made the customers whole and set the agent up to pay the money back to the company out of future commissions. When the auditor came up for his first annual evaluation, he was told that he perhaps did not fit in and might enjoy working elsewhere.

* A tax manager for a division of a large international company who was fired three days after he refused to backdate documents to save money on taxes. He had trouble locating employment and spent years in litigation with his former employer.

* Two auditors who had been asked by the chief executive officer (CEO) to verify that a real estate developer was due a bonus for successfully completing a major project on time and within budget. As the auditors got closer to the facts, which indicated problems involving the CEO, the contractor, and the certified public accounting firm, the CEO told them to stop their work. The board hired an independent counsel, who reviewed the situation and confirmed there was no problem. The investigators also found no problem. Both auditors were eventually fired and vowed never to work in internal auditing or public accounting again. The federal government later made a criminal case against the CEO.