After nearly 10 years of writing this column, I am bemused with the topic my owner asked me to address: that of technology removing the need for hands-on auditing. Sigh.
The truth is that technology only provides the information you need to audit in a more manageable format. You still have to review it. And, of course, you still have to ensure that the data are correct.
I am reminded of a “high tech” manager of a garage in the Northeast. Now this was 20 years ago, so we should remember that he had the computer knowledge of 50% of today’s eighth-graders.
He worked the swing shift, and upon his arrival, plugged his then rather large and bulky laptop between the location’s computer and the system’s printer. He was then in a position to “edit” the reports as they printed out.
He made one very minor change. He changed the end-of-day report so that it showed no “manual transactions” by the cashier. If you looked at the report, you would see no manual transactions by his cohort in the lane.
However, what was happening was this: The cashier was showing the parker the actual amount due, then cancelling the transaction before the gate went up, entering a manual time for the “unreadable” ticket and then proceeding with the transaction. The manual time caused the ticket to be rung up as a, say, $1 ticket, while the cashier was collecting $10 or $20 from the patron.
The garage manager looked at the end-of-day report and saw that there were no transactions out of the ordinary. Your hero simply looked at the line-by-line transactions for one week, saw all the manual transactions, and then pulled the tickets. A quick check showed that the night manager, his cohort and his PC had, in less than three months, taken nearly $40,000 from the lot.
The end of the story was that the garage owner, who liked the night manager and needed a computer geek on his payroll, HIRED the thief and put him in charge of his data center.
Consider the frustration this lowlife must have felt when he discovered that this old dog had caught him by simply looking through the historical reports. Of course, with a bit more programming, his laptop could have changed all the reports.
Ah-ha, you say, but now those reports are kept on a hard drive that’s password-protected in the manager’s office. Yeah, right. And today our “geek” would sit at home and change the reports over the Internet.
As the systems become more complex, the thieves simply become smarter.
How about the garage manager who was selling monthly permits “off the books?” They didn’t even show up on any report, except the daily activity report, which showed cards being used. He put the cards in a “group” that allowed them to work, but bypassed all the high-tech checks by the computer to ensure that they had been “paid” each month.
Since no one was auditing the system, he was able to pocket thousands. Until, that is, yours truly went in one morning before his arrival, did a list of active cards, and found more than 200 cards in the “attendant” category. The only problem was that there were only 10 attendants. I turned them all off and waited.
It took only about three hours and some chaos in the lanes. People were screaming that they had paid and their cards didn’t work. I just told them to pull a ticket and come by the office. Seems most knew that they were paying less than the going rate, in cash, and that they paid it every month directly to the manager. He disappeared, and we never saw him again. Let’s see: 200 times 200 is 40 grand a month. Last we heard, he had retired to his island near Bimini.
All it took was a quick audit. When was the last time you had someone other than your manager run a card list and compare it with actual transactions?
One of the great airport scams involved a technician from the company that supplied the equipment. He simply set up a “test” ticket dispenser in his shop and generated valid tickets, which were then swapped with actual tickets in the lanes and the difference pocketed. Auditors found that the loss was in the millions. They would have been caught much sooner if the number of “lost” tickets had been tracked. But then, someone would have had to check that. Who better than an auditor?
The deal is this: Great software can collect the data and put them in a format that makes it easy for you to review. However, how do you know the data are correct?
Consider the system that had three of its six ticket dispensers set on “override.” Just a little error in setup after the last software upgrade. That meant that all the tickets issued from those dispensers were not tracked by the system. (“Override” is used for installation, test and emergency modes.) All your numbers are off by half, and you don’t know it.
By the way, just who can change the settings in your system? Who has the password level to get to that screen? Do you know? Can you even find out?
The list is endless. Each time a hole is found and plugged, another pops up. Remember: You are putting extreme temptation in the way of folks who make just over minimum wage. The best way to keep them honest is through constant review.
Woof!