Bank statements deserve your attention

Failure to perform bank statement reviews might seem like a small oversight, but it could have drastic consequences. Bank account activity is the core source of a government's money flow in and out. Reviewing this activity through the bank statements is key to preventing and/or reducing the risk of fraud. If the employee misappropriating funds is the same employee reviewing the bank statement and performing the reconciliation, the loss of funds could go undetected for years.

What should an effective review look like? An effective review does not mean simply looking at the cover sheet to see if someone reconciled the statement that month, or even reconciling it yourself.

Rather, you should scan the actual transaction activity on the original bank statement. A simple 15-minute scan of the transactions could help you detect unusual activity, especially if you review the statements each month and develop a baseline expectation of activity level and type.

Some best practices for what to look for include:

Deposit activity

• Evaluate the frequency of deposits and whether it meets your government's policies and expectations. For example, weekly deposits at a government that requires daily deposit might be a red flag.
• Examine the dollar amounts deposited and whether they are whole dollar amounts or include change. If your agency's fee schedule is not set at whole dollar amounts, a deposit without change could be a red flag.
• Consider spot-checking the month's total deposit amount on the statement to an accounting system report of total deposits recorded. Are any deposits missing from the bank but in the system?

Transfer activity

• Scan bank transfers and identify which accounts money is transferred to. Verify that these are known accounts for your agency.
• Consult a list of known agency accounts and spot check these account numbers to the transfer accounts listed on the statement.

Withdrawal activity

• If the bank statement includes copies of cleared checks, scan vendor names and who endorsed the back of the check.
• Examine ACH payment activity for frequency and overall reasonableness. Trace the ACH group (known as a batch); back to supporting documentation to see which vendors and payments were included in the batch.
• Notice any fees or charges applied on the account and whether they appear reasonable.

Take note of the following types of bank withdrawal activity, which would be rare for a government agency:

• Wire transfers: Consider whom the transfer was sent to, if shown on the statement. If possible, determine whether the bank account number transferred to is the intended destination. Follow up to determine why this payment had to be made through a wire transfer rather than other forms of payment, and review underlying supporting records.
• Debit card activity: Debit cards are a risky method of payment for governments, because payments from them immediately deduct from the government's bank account, unlike a credit card that allows dispute resolution before the government pays the card balance. If you see debit card activity during a bank statement review, first determine if policy allows a debit card to be set up and whether it was done with proper approval. If debit card use is allowed, scrutinize activity, including where the card is used, date of transaction (was it on a weekend?) and legitimate business purposes.
• Cash withdrawals: Review the underlying support for these transactions and determine the purpose or need for this type of activity, which should be quite rare.

Running balance activity

Scan the running bank balance to make sure the account does not go into a negative balance.

Recent case studies

Our Office has issued some fraud investigation reports in which a simple secondary review of the bank statement activity could have identified the fraud sooner:

• Camas Washougal Economic Development Association, issued May 14, 2020. The Executive Director obtained a debit card to make purchases without approval, misappropriated $19,311 in purchases, and made questionable purchases of $45,029 from February 2013 to March 2019.
• Pierce County Housing Authority, issued December 16, 2019. The Finance Director misappropriated $3,237,712 in vendor ACH disbursements by changing the vendors' bank account information in the accounting system to her personal bank account information between July 2016 to February 2019. She also wired $3,050,000 to her personal bank account from January 2019 to July 2019, and wired $635,000 to make personal property purchases in 2018.
• City of Mossyrock, issued December 14, 2017. The Clerk Treasurer setup an automatic withdrawal for her personal mortgage payment to be disbursed out of the City's bank account monthly. A total misappropriation of $56,981 occurred from January 2014 to June 2016.

Our Office has also posted articles on our blog that highlight bank statement best practices:

• How to prevent ACH and bank fraud, published September 18, 2020
• Start the year off right: New best practices and tools for bank reconciliations, published February 7, 2020
• Positive Pay can help protect your organization from check fraud, published June 30, 2017

Training

The Association of Certified Fraud Examiners offers a wonderful self-study training for analyzing bank statements.