This is the latest in a series of blog posts highlighting real auditors who have uncovered major frauds. We’ll break down the frauds, explore auditing theories and concepts, and get to know the people who brought these frauds to light.
John Kaneklides is a man of many talents. He’s an experienced auditor, a classical singer, and my friend and business partner. John has a lot of stories to tell, but I specifically wanted to hear about a fraud he uncovered years ago. With the benefit of hindsight, what lessons can he teach other auditors?
Olivia Whipple: John, thank you for participating in this fraud series! We’ve known and worked with each other for years, but today pretend we just met. Tell the readers a little bit about yourself, both professionally and personally.
John Kaneklides: I began my career in Credit Union Internal Audit directly out of college, after completing a successful internship. After many years working for a large Credit Union, I decided to explore one of my other passions, classical music. I moved to New York City and became a professional opera singer. Being a full-time professional singer is fun and exciting, but is also a difficult life. I was typically on the road for about 8 months out of the year! So, I decided to get back into Internal Auditing though consulting work, and I continued to sing here and there to have a more balanced life. During this time, you called me out of the blue with the idea for The Audit Library, and that is how we are here today! I am married and we live in the Tampa Bay area of Florida with our two Yorkies, Monty and Scarlett.
OW: So now that we have a frame of reference for your career trajectory, tell us what was going on in your career when you discovered the fraud? How long had you been an auditor, and what exactly was your role at that time?
JK: When I discovered the fraud, I had been auditing for about 5 years. Among many other duties, I had recently become the IDEA specialist. My company had purchased IDEA four years prior, but no one was fully trained on how to use it and get the full benefit of this powerful tool. So, my boss sent me to an IDEA workshop and then allocated 40 hours in my schedule for me to “play around” with IDEA in our system and see what it could really do.
OW: We hear that from a lot of auditors. They invest in IDEA or one of its competitors, but then don’t use all the features. It does take a special person, and an investment of time, to unlock all of IDEA’s potential! So, you are buried in data, and sorting through it with IDEA. What alerted you to the fraud?
JK: I had written several scripts in IDEA that I thought might be useful for an audit of accounts I had recently started. I was looking at teller transactions and because I was able to filter through so much data quickly and easily, I found some anomalies I needed to look into.
OW: Can you describe the anomalies?
JK: Sure, I found transactions where the processing date and the effective date of loan payments did not match. In plain English, tellers were back-dating loan payments for one another.
OW: Definitely suspicious, but at this point there might be a reasonable explanation. What happened next?
JK: I would describe that discovery as the tip of the iceberg. Once I discovered the anomalies in the first few tellers’ transactions, I was able to identify more tellers involved. I found that this had been a pattern over several months involving employees at several branches. The evidence of fraud was there, I just had to figure out what to look for.
OW: So, if many different people were doing this over many months, you must have wondered what was going on. Were they instructed to do this?
JK: Yes, that thought crossed my mind. I was able to rule out a training issue, as only employees at branches were doing this. We had a centralized Call Center and a mail-processing department, and none of those employees were involved. At this point I realized it was an issue I needed to bring up to senior management immediately. If there was an explanation, I needed to hear it. If it was fraud, I needed support outside of Internal Audit. I went to my boss and showed him the suspicious transactions.
OW: What did your boss think of all this?
JK: Well, he thought it over, and decided that he wanted me to complete the audit project I was working on and present the suspicious transactions as an audit issue in the final report. I completely disagreed with this approach and really tried to convince him we needed to report the issue immediately! Waiting for our final audit report would have taken several more weeks and resulted in the financial institution losing thousands of dollars and potentially having multiple employees committing fraud right under our noses. Any reasonable auditee would ask why we sat on this information. I could prove what was happening, and we were approaching the loan due dates for many of the accounts that were being monitored, so the cycle was about to repeat. I was watching a fraud unfold in real time!
OW: It’s not uncommon to have a disagreement with your boss, but this seems like a big deal. What did you do?
JK: I really struggled. After a lot of thought, I felt like I had to become a “whistleblower” in order for the fraud to be handled in an appropriate and timely manner. So, I took printed transaction reports that indicated the fraud, and highlighted every detail an investigator would need. I walked into the COO’s office and just dropped them on her desk. She asked what they were. I said, “just take a look at them, they should make sense to you” and then walked back to my desk. I went back to work, and kept my head down. Within a week, Internal Audit received an email from operations saying that they had uncovered a fraud and several people were being fired as a result!
OW: So how many people were ultimately involved?
JK: I can’t remember exactly. More than 10 people, but less than 20, were terminated. Many were long-term employees with perfect records otherwise.
OW: Can you describe the fraud in one sentence?
JK: It was basically a fraud ring of tellers back-dating each other’s loan payments to avoid interest and late penalties.
OW: Did any control weaknesses or failures contribute to the fraud?
JK: There were definitely some control weaknesses in our system. Employees could manually backdate a payment without a second approval.
OW: Did the system have any controls in place that helped contain the fraud?
JK: Well, this is just speculation on my part. The system did allow us to restrict employees from performing their own transactions. It was a messy and manual process, but it made the fraud harder to commit because the employees had to find someone to collude with. Maybe that made the fraud harder to discover, maybe it made the fraud worse because more people became involved. They were also doing this for family members, and the system had limited capability to restrict family member transactions.
OW: What auditing concepts from business school and/or CPE courses were relevant here? Did knowing these concepts help you in your investigation?
JK: Yes, there were various principals I learned studying for the CIA exam that helped me with the concepts of my investigation. Also, I reviewed the IIA Code of Conduct extensively before reporting the fraud in the manner I did. I concluded that not blowing the whistle in a timely way would violate my oath as a CIA. As much as I hated being insubordinate to my boss, who I saw as a mentor, I really felt it was the right thing to do.
OW: What was the ultimate conclusion, including consequences for the company and the perpetrators?
JK: As I said earlier, several employees were fired because of this fraud. We had mandatory ethics training for all employees. We also had to file a suspicious activity report on the individuals involved, which is a required report for banks and Credit Unions. Internal Audit was not involved in the investigation and reporting, because the way it unfolded the fraud was “discovered” on the operations side. For that reason, I don’t know all the details. We were on the outside watching it happen, rather than working directly with operations, as I would have liked.
OW: Looking back now, what was your experience like? For example, did you have any feelings of guilt or doubt? Happiness or justice?
JK: At first, I was excited that I had uncovered something like this. It felt good to know that I could contribute to make my company better and more ethical in the long run. Then I had waves of doubt and disappointment when my boss didn’t want me to report it. In my opinion, he let some of his personal issues with management at the company come in the way of his decision making. Finally, when I learned that so many people were being fired because of this incident, I felt guilty. I had met most of these people. I knew their stories. I knew that they had families and lives, and now they were losing their jobs because of something that they had been able to justify to themselves was ok. Some people didn’t even benefit financially, they were just posting transactions for others, for whatever reason they were able to rationalize.
OW: Did your boss ever find out that you went to the COO?
JK: Not that I know of. When the COO said they had uncovered a fraud, which I had told him about previously, he was immediately suspicious. But, the information was there for anyone with access to discover it. The COO just took the information and ran with it, and my boss was upset that we didn’t ultimately get credit. We could have been the heroes of the story, or had a seat at the table during the full investigation, if this had been approached differently.
OW: Could a similar fraud happen today? If so, what advice would you give to auditors reading this now?
JK: I think this just depends on the systems and controls in place at your company. My advice to auditors reading this would be to remember that it is your job to not only look for these types of things, but to look for ways to prevent them. Had the proper controls been put into place, these employees, who may have otherwise been good people, would not have had the opportunity to commit this fraud. I would also encourage you to review your whistleblower and antifraud protection policy to make sure it is up to date and covers all it needs to. Because my company had a robust policy, I felt more comfortable coming forward to report this fraud. Ironically, my boss helped create and implement the policy. We just disagreed on how this specific incident should be handled.
OW: John, thank you so much for telling your story! I hope our readers realize that being a whistleblower is yet another way to be an effective auditor.
Thank you for reading! More fraud stories from real people like John will be coming to the blog. If you would like to contribute to this series, contact us for details!