LATIHAN SOAL 1.

INTERNAL CONTROLS 3 September 2015

1. EQUITY FUNDING CORPORATION

In 1973, one of the largest single company frauds ever committed was discovered in California. The
collapse of the Equity Funding Corporation of America involved an estimated $2 billion fraud. The
case was extremely complex, and it took several years before the investigation was complete.
However, some of the pertinent findings derived from the Trustee’s Bankruptcy report follow.
Equity Funding was a financial institution primarily enganged in life insurance. In 1964, its top
management commenced to perpetrate a fraud that would take almost ten years to discover. The
intent of the fraud was to inflate earnings so that management could benefit through trading their
securities at high prices.
The fraud progressed through three major stages: the “inflated earnings phase”, the “foreign
phase”, and the “insurance phase”. The inflated earnings phase involved inflating income with
bogus comissions supposedly earned through loans made to customers. Equity Funding had a
funded life insurance program whereby customers who bought mutual fund shares could obtain a
loan prom the company to pay the premium on a life insurance policy. After some years the
customer would sell off the mutual fund holdings to repay the loan. The mutual fund shares should
have appreciated sufficiently so only a partial sale of shares would required. Thus, the customer had
the cash value of the insurance policy and the remaining mutual fund shares as assets from the
investment.
The inflated earnings obtained via bogus commisions were supported by manual entries made on
the company’s books. Even though supporting documentation did not exist for the entries, the
company’s auditors failed to detect the fraud. However, the inflated assets did not bring about cash
inflows, and the company started to suffer severe cash sortages because of real operating losses.
To remedy the cash shortage situation, the fraud moved into the second stage, the foreign phase.
The company acquired foreign subsidiaries and used these subsidiaries in complex transfers of
assets. Funds were brought into the parent company to reduce the funded loans asset account and
falsely represent customer repayments of their loans. However, even this scheme proved
inadequate.
The third stage, the insurance phase, involved the resale of insurance policies to other insurance
companies. This practice is not unusual in the insurance business – when one company needs cash
immediately and another company has a cash surplus. Equity Funding created bogus policies. In the
short run it attempted to solve its cash problems by selling these policies to another insurance
company. In the long run, however, the purchasing company expected cash receipts from premiums
on the policies. Because the policies were bogus, Equity Funding had to find the cash to pay the
premiums. Thus, it was only a matter of time before the fraud could no longer be concealed.
Interestingly, the fraud was revealed by a disgruntled employee who was involved in the fraud but
had been fired by Equity Funding management.
The computer was not used in the fraud until the insurance phase. The task of creating the bogus
policies was too big to be handled manually. Instead, a program was written to generate policies.
These policies were coded as the now infamous “Class 99”.
The trustee’s investigations led to two conclusions. First, the fraud was unsophisticated and
doomed to failure. Second, some of the fundamental principles of good auditing were not applied.
Required. Write a brief report outlining some traditional audit procedures that, if they had been
used, should have detected the fraud. Be sure to explain why you believe the procedures you
recommend would have been successful.
(Weber, Ron. 1999. Information Systems Control and Audit. Prentice-Hall.Inc.)
LATIHAN SOAL 1. INTERNAL CONTROLS 3 September 2015

2. JERRY SCHNEIDER
One of the more famous cases of computer abuse involves a young man named Jerry Schneider.
Schneider had a flair for electronics. By the time he left high school, he had already formed his own
firm to market his inventions. His firm also sold refurbished Western Electric telephone equipment.
In 1970, he devised a scheme whereby Pasific Telephone in Los Angeles would supply him with good
equipment – free!
Pasific Telephone used a computerized equipment ordering system. Equipment sites placed orders
using a touch-tone card dialer. The orders were subsequently keypunched onto cards. The
computer then updated the inventory master file and printed the orders. The orders were supplied
to a transportation office that shipped the supplies.
Scheider intended to gain access to the ordering system. He sought to have Pasific Telephone deliver
supplies to him as if he were one of its legitimate sites. He used a variety of techniques to find out
how the system worked and to breach security: He sifted through trash cans and found discarded
documents that provided him with information on the ordering system. He posed as a magazine
writer and gathered information directly from Pasific Telephone. To support his activities, he bought
a Pasific Telephone delivery van at an auction., “acquired” the master key for supply delivery
locations in the Los Angeles area, and bought a touch-tone telephone card dialer with a set of cards
similar to those used by the equipment sites to submit orders.
Scheider took advantage of the budgeting system used for ordering sites. Typically, these sites had
a budget allocated larger than they needed. Providing this budget was not exceeded, no
investigation of equipment ordering took place. Schneider managed to gain access to the online
computer system containing information on budgets. He then determined the size of orders that
would be tolerated. For seven months Pasific Telephone delivered him equipment that he resold to
his customers and to Pasific Telephone. He kept track of the reorder levels for various Pasific
Telephone inventories, depleted these inventories with his ordering, and then resold the equipment
back to Pasific Telephone.
Scheider’s downfall occurred when he revealed his activities to an employee. He as unable to keep
up with the pace of his activities. As a result, he confided in an employee to obtain assistance. When
the employee asked for a pay raise, Schneider fired him. The employee then went back to Pasific
Telephone and told the the fraud.
There are varying reports on how much Schneider took from Pasific Telephone. Parker (1976)
estimates it as possible equipment worth a few million dollars was taken. For the fraud Schneider
received a two-month jail sentence followed by three years probation. Interestingly, upon
completing the jail term, he set up a consulting firm specializing in computer security.
Required. Write a brief report outlining some basic internal control procedures that, if they had
been applied, should have prevented or detected Schneider’s activities. Be sure to explain why the
application of the internal control procedures you recommend would have been successful.
(Weber, Ron. 1999. Information Systems Control and Audit. Prentice-Hall.Inc.)
LATIHAN SOAL 1. INTERNAL CONTROLS 3 September 2015

3. UNION DIME SAVINGS BANK

Banks seem especially prone to computer abuse. Roswell Steffen used a computer to embezzle $1.5
million of funds at the Union Dime Savings Bank in New York City. Inan interview with Miller (1974)
after he was discovered, he claimed, “Anyone with a head on his shoulders could successfully
embezzle funds from a bank. And many do.”
Steffen was a compulsive gambler. He initially “borrowed” $5,000 from a cash box at the bank to
support his gambling with the intention of returning the money from his earnings. Unfortunately,
he lost the $5,000. He then spent the next three and one-half years trying to replace the money,
again by “borrowing” from the bank to gamble at the racetrack.
As the head teller at Union Dime, Steffen had a supervisory terminal in the bank’s online computer
system that he used for various administrative purposes. He took money from the cash box and
used the terminal to manipulate customer account balances so the discrepancies would not be
evidenced in the bank’s daily proof sheets.
He used several techniques to obtain money. He first concentrated on accounts over $100,000 that
had a little activity and had interest credited quarterly. He used the supervisory terminal to reduce
the balances in these accounts. Occasionaly an irate customer complained about the balances.
Steffen then faked a telephone call to the data processing department, informed the customer it
was a simple error, and corrected the situation by moving funds from another account.
Other sources of funds included two-year certificate accounts and new accounts. With two-year
certificate accounts, he prepared the necessary documents but did not record the deposit in the
bank’s files. Initially he had two years to correct the situation. Matters became more complicated,
however, when the bank started to pay quarterly interest on these accounts.
With a new accounts, he used two new passbooks from the bank supply of prenumbered books.
Upon opening an account, he enterd the transaction using the account number of the first passbook
but recorded the entry in the second passbook. He then destroyed the first passbook.
Perpetrating the fraud became very complex, and Steffen made many mistakes. However, the
bank’s internal control system and audit techniques were sufficiently weak that he could explain
away discrepancies and continue. He was caught because police raided Steffen’s bookie and noticed
a lowly paid bank teller making very large bets.
Required. Write a brief report outlining some basic internal control procedures that, if they had
been applied, should have prevented or detected Steffen’s activities. Be sure to explain why the
application of the control procedures you recommend would have been successful.
(Weber, Ron. 1999. Information Systems Control and Audit. Prentice-Hall.Inc.)