There are times when I think we do not spend enough time thinking about the possible. What I mean to say is, we are almost always fixated on the probable, or most likely to happen, outcome. This is as true in accounting and auditing as it is in life itself.
One important aspect of our role as auditor though, is to consider the possible. For instance, theft of company assets. When we look at how assets are controlled, from their purchase to their ultimate disposal, we are looking for possible holes in that system. Who approves a bad debt write-off, who can set the selling price of a piece of equipment that is no longer in use; the issues which concern is are possibilities.
If we focused solely on the probable, we would potentially miss a warning sign. Is it probable that the purchasing agent is receiving a kick-back from a vendor for steering business their way? Maybe not. But what controls, what business process reduces the possibility?
It is one of the things that concerns us regarding condo and HOA audits. As the association’s independent auditor, we are first and foremost concerned with the financial statement and the fact that it is materially correct. But when you think about what provides a materially correct financial statement, it is all the controls and safeguards of the manager – who is charged with the board with carrying out the daily activity of the association.
This is the main reason we spend so much energy on understanding how the community manager does the job. Who has access to a checking account, who initiates the transaction, who approves it? These points reduce or increase the risk of misuse of the association’s assets. There are far too many stories about trusting a system that really did not provide any safeguards and addressing that possibility is the responsibility of the auditor.
For instance, what if employee A of the community manager could initiate a transaction for say, yard maintenance. Employee A contacts the maintenance company, negotiates the price and sets the contract. Employee A then reviews their work and approves payment. Finally Employee A can write the check and have someone else sign.
This seems harmless doesn’t it? After all, employee A can’t sign the check so the asset is safeguarded right? Not at all. Employee A could have created a fact maintenance transaction, set up a fake company, approved the work and, because everything was signed off on, the check is cut. To employee A.
Is it probably this happens in any particular association? No. But this scenario could result in this possible outcome. And the auditor should know that and make appropriate comment.
Community Managers will argue that this couldn’t happen. They are, however, arguing that it is not probable because they believe they know their employees. The fact that it could happen though is what we are concerned with when we try to determine the risks of weak internal controls. Boards need to be made aware that the risk exists so they can take steps, if they feel it necessary, to eliminate, or at least reduce, the risk of it happening.
As a director, make sure your auditor works to understand how the community manager is operating and how it impacts your association. Press them on their thoughts on what risks might exist to the assets of your association. Your auditor should have a good grasp of the fundamentals of the control system and can give you some good points to consider. And if they can’t, it may be time to switch auditors. C.O.R.E. is here to help you, the board, rely upon your manager. We do this by looking at the managers controls and how they impact your association. Feel free to contact us to schedule a conversation about how we can be of service to your association.
Have a great weekend.