Case 61

ce of bank loans by the branch manager, the internal auditor, and perhaps the state regulatory authorities, should make sure that authorization does not extend to recording and documentation or custody of funds. These should be performed by different employees or officers. The auditors will make sure that the branch manager, being the head of the office, does not override the internal control system in order to commit fraud. It will also ensure that the branch manager does not exceed his authorized limit of loans he can extend without head office or committee approval.
The branch manager had physical custody of the checks, or had complete, unchallenged access to them, relating to the transactions he had authorized (the release of the loans). He signed the checks (custodial function) in addition to authorizing the loans. The discharge of these two duties by the same person made it possible for the fraud to happen: This was obviously a violation of the principle of segregation of duties within the internal control system. Moreover, the power of the branch manager over hiring and firing, as well as evaluating performance and promoting the employees, also served as a deterrent to the employees to question anything that the branch manager would want to do. In other words, the branch manager, being the top supervisor who was ipso facto not directly accountable to anyone at the bank branch, had absolute control over what took place in his branch relative to any loan or financial transactions.
The trust reposed by subordinates on their superior officer is an obstacle to the disciplined application of any management control system, hence there is a need for an independent audit at certain intervals. The internal auditor should make not only regular audits but also surprise audits on the branch and examine all transactions, check and reconcile all records, and interview the employees on the processes and procedures they actually followed in carrying out their