𝗙𝘂𝗻 𝗽𝗼𝗹𝗹: A single employee hides $150 M of expenses from your P&L, you don't realize it for 3 years, and now have to postpone your earnings announcement. How would you rate your internal controls? 1. 🔥 2. 🚀 3. 👑 Yeah, Macy's is probably looking for that option 4, "💀", too. Turns out, said person used accrual tricks to likely shift those expenses to the balance sheet to make the P&L look better, potentially securing cool bonuses in the process. Accrual accounting tricks are difficult to detect by both, software and humans, and to be fair, Macy's auditor, KPMG didn't spot them either. What's staring me in the face, though, are these words: 𝘼. 𝙎𝙞𝙣𝙜𝙡𝙚. 𝙀𝙢𝙥𝙡𝙤𝙮𝙚𝙚. Why was this not a known risk, presumably addressed by some form of segregation of duty? Did Risk not know about it? And if so, why? Did Monitoring not flag the risk? Possible, but why? Is Monitoring a manual activity that is expensive and therefore mostly non-existent? 🎯 𝗡𝗼𝘁 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗻𝗴 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 𝗶𝘀 𝗻𝗲𝗴𝗹𝗶𝗴𝗲𝗻𝘁. https://lnkd.in/e76K3fmd
How was this not caught during the employees time off? If it wasn't, look for a second person (imo) and if they didn't take vacation for years in a control position....yikes.
Empowering SaaS Startups to Achieve Confident, Cost-Effective Compliance with: #SOC 2, #ISO27001, #HIPAA, #vCISO.
4moMonitoring is likely the most underrated control point and yet it’s also the most obvious. Very interesting post, thanks for sharing.