(Boston, MA) In 2003, I was fortunate enough to be one of a handful of project managers charged with investigating, documenting, and quantifying the largest fraud in the history of the planet, WorldCom. Eventually the fraud reached 10 or 12 Billion dollars, and the CEO was put away for 20+ years.

A year or so later, I was hired to do a Policies, Procedures, and Controls assessment for Tyco. As many may remember, the CEO used the company’s bank account as his personal piggy bank, and (no thanks to me) he, too, is looking through bars for twenty years. [For the record, I tried to get into Enron, too, but they wouldn’t have me.]

The Massachusetts Office of the State Auditor just issued several scathing reports in the last few weeks. The most scandalous was the Merrimack Special Education Collaborative (MSEC) with $20M in state and local revenue. The Board and Senior Management were warned about their lack of written internal control procedures for some years but chose to ignore it, resulting in over $30 million in undocumented salary and other expenses listed ad infinitum in 102 startling pages.

The Inspector General has also been swarming all over the operation, and all signs point to key senior management siphoning up to $10 million for their own use. Estimates of credit card abuses alone range up to $400,000. As in WorldCom, Tyco, and Enron, it appears that a few “bad apples” caused this scandal, but the remainder of senior management and the Board may have prevented the problem if sound internal control had been followed.

There are lessons to be learned from what the above examples have in common.

Almost all staff, managers, and Board members are honest and well-intentioned. But that is just not enough to completely prevent either inadvertent errors or intentional abuse.
Well thought out internal control procedures are intended primarily to help those employees and Boards really trying to do a good job. It minimizes the risk of errors – from the clerks who process transactions to Boards who monitor performance. Good internal control helps the organization perform “better, cheaper, faster,” as my high tech friends would say.
Well thought out internal control procedures make it harder for dishonest folks to engage in fraudulent activity; and hopefully detect bad behavior once perpetrated. Where intimidation is a potential issue, whistleblower telephone lines make a difference.
Good internal control includes Board responsibility and behavior. Board members must be independent of senior management in every sense of that word. Boards can and should seek out the advice of independent accountants, lawyers, and other consultants. They should think for themselves and not be a rubber stamp for management.
Bad internal control makes operations inefficient and risky, opens the door to dishonest behavior, and hurts company morale for all the honest, well-intentioned employees. And it can ultimately ruin the organization and the stability of all those good folks connected with it, not to mention the organization’s mission.
NPA Consultants

NPA Consultants are specialists in Policies, Procedures and Controls. We perform inexpensive assessments and have updated/created procedures manuals for organizations from $1M to $100M in revenue. If your accounting department is “broken” or just needs some updating, call us. We are also happy to answer any questions. Contact us at info@NPAccountants.com or 617 694 4600.