Divider
Divider

Spreadsheet Fraud

Prevent it on your watch and learn from the Société Générale calamity.

March 6, 2008
by Mary Schaeffer

When I read about the €7 billion loss at Société Générale (SG) I thought, "This can't be happening AGAIN!" But, apparently, it can and it has. One of the many speculations about what triggered the SG debacle is spreadsheet fraud. Even organizations with great internal controls often overlook controls when it comes to spreadsheets. It's just something no one really thinks about, except a few wily employees bent on deceit.

The Stories

It will probably be years before the whole SG story unfolds and we find out exactly what happened. However, a theory circulating in IT security and compliance circles indicates that inadequate, spreadsheet-based internal controls may have played a part in allowing trader Jerome Kerviel to build up his positions. As you already know, these positions eventually resulted in the tremendous loss for the bank. There has been speculation that, in addition to disguising his trades through a fictitious company and a colleague's accounts, Kerviel was able to circumvent SG's internal warning systems by opening and manipulating Excel spreadsheet reports used by managers to monitor traders' activities.

But, this is not a lone example of how unscrupulous employees can manipulate electronic spreadsheets for personal gain. One of my favorite stories involves spreadsheets and unclaimed property. In this fraud, a midsize manufacturer located in the Northeast tracked its unclaimed property on a spreadsheet by updating it each time the company had an uncashed check. In this case, the employee simply changed the name of the intended payee from whoever it was to his own. How was he caught? He put his own name down for a $300,000 claim and the claim stood out like a red flag. It should be noted that the state of Delaware recently experienced a similar fraud, although in that case the employee was a tad smarter and used friends' names for the claim and took a kickback from them.

What You Can Do

First, recognize the potential danger of spreadsheet fraud and every organization is vulnerable. Employ the same strong internal controls and segregation of duties with your spreadsheets as you do in all other parts of your accounting and finance operations:

  • Make sure you document your procedures and verify the internal controls surrounding the process.
  • Do not allow your processors to develop their own processes outside your approved procedures. If it's not in the policy and procedure manual, they should not be doing it.
  • Do not overlook the controls around how the information gets onto those Excel spreadsheets in the first place, if you use Excel uploads to get information into your accounting system.

When your employees create workarounds to fill in when the accounting package doesn't handle your unique requirements, it should be a red flag for you because this is what provides opportunities for those looking to steal from you.

Conclusion

By recognizing that you might be vulnerable to spreadsheet fraud and by taking anti-fraud prevention steps, you can protect your company from a major loss. And, if you have already taken the appropriate steps, you should be congratulated on your foresight. Too bad Societe Generale didn't have you on its staff!

Rate this article 5 (excellent) to 1 (poor).
Send your responses here.

Mary S. Schaeffer is the author of more than a dozen business books including Controller and CFO's Guide to Accounts Payable. She is the president of CRYSTALLUS, Inc. a publishing, training and consulting firm focused on payment issues. A knowledgeable speaker, she will be part of the team that discusses Cash Leakage in the Procure-to-Pay process at seminars next spring.

Accounts Payable Now & Tomorrow has run several articles on this topic relying on the expertise of PinPoint Profit Recovery's Bob Lovallo.  We believe this issue is so important — and so frequently overlooked — that we are willing to share this advice with any accounting or finance professional who asks. Send your request to publisher@ap-now.com with the words "AICPA Desktop Fraud Prevention" in the subject line.