INTERNAL CONTROL CITI GROUP -VS --FRAUD
--On August 1, 2014 Citigroup Inc [C] received a comment letter from
the SEC. One of the comments referred to a $235 million after-tax
charge resulting from a fraud discovered at its Banco Nacional de
Mexico (Banamex) subsidiary, which was recorded during the 12/31/2013
year-end close process. Commenting on this charge, the SEC raised
concerns that the identification of the fraud might have affected the
company’s evaluation of the effectiveness of its internal controls
over financial reporting (ICFRs), and that the deficiency might not be
limited to the Banamex subsidiary:
“Tell us how the identification of this fraud impacted your conclusion
on the effectiveness of your disclosure controls and procedures and
internal control over financial reporting (ICFR)as of December 31,
2013. As part of your response, please explain how you considered
whether locations other than Banamex have controls that are similar in
design to those that failed at your Banamex location.”
Despite the fraud, the company’s fiscal 2013 ICFR opinions – both
management’s and the auditor’s – did not cite any material weaknesses
or significant deficiencies, nor did its DC (Sox 302) evaluation. So
how is it that these controls were considered compliant?
According to Audit Standard 5 companies must disclose “all such
deficiencies that it believes to be significant deficiencies or
material weaknesses.” A material weakness is a deficiency in controls
such that there is a reasonable possibility that a material
misstatement would not be prevented or detected in a timely manner. A
significant deficiency is less significant than a material weakness,
but nevertheless merits attention.
In Citigroup’s response, the company explained its process for
determining the severity of the deficiency. First, the company
reviewed its worldwide accounts receivable processes. During the
review, it discovered that five of its 1,100 receivable facilities had
deficiencies. Citigroup determined that the errors were not material,
and that the process breakdowns were isolated. Next, the company
evaluated controls designed to limit the materiality of any potential
deficiencies. They concluded that these controls were effective in
preventing a material misstatement. Finally, the company evaluated the
employee responsible for the transaction, and concluded that the
employee did not have an oversight role in which the employee could
exacerbate the deficiency.
In the end, Citigroup determined that its ICFRs were effective.
--On August 1, 2014 Citigroup Inc [C] received a comment letter from
the SEC. One of the comments referred to a $235 million after-tax
charge resulting from a fraud discovered at its Banco Nacional de
Mexico (Banamex) subsidiary, which was recorded during the 12/31/2013
year-end close process. Commenting on this charge, the SEC raised
concerns that the identification of the fraud might have affected the
company’s evaluation of the effectiveness of its internal controls
over financial reporting (ICFRs), and that the deficiency might not be
limited to the Banamex subsidiary:
“Tell us how the identification of this fraud impacted your conclusion
on the effectiveness of your disclosure controls and procedures and
internal control over financial reporting (ICFR)as of December 31,
2013. As part of your response, please explain how you considered
whether locations other than Banamex have controls that are similar in
design to those that failed at your Banamex location.”
Despite the fraud, the company’s fiscal 2013 ICFR opinions – both
management’s and the auditor’s – did not cite any material weaknesses
or significant deficiencies, nor did its DC (Sox 302) evaluation. So
how is it that these controls were considered compliant?
According to Audit Standard 5 companies must disclose “all such
deficiencies that it believes to be significant deficiencies or
material weaknesses.” A material weakness is a deficiency in controls
such that there is a reasonable possibility that a material
misstatement would not be prevented or detected in a timely manner. A
significant deficiency is less significant than a material weakness,
but nevertheless merits attention.
In Citigroup’s response, the company explained its process for
determining the severity of the deficiency. First, the company
reviewed its worldwide accounts receivable processes. During the
review, it discovered that five of its 1,100 receivable facilities had
deficiencies. Citigroup determined that the errors were not material,
and that the process breakdowns were isolated. Next, the company
evaluated controls designed to limit the materiality of any potential
deficiencies. They concluded that these controls were effective in
preventing a material misstatement. Finally, the company evaluated the
employee responsible for the transaction, and concluded that the
employee did not have an oversight role in which the employee could
exacerbate the deficiency.
In the end, Citigroup determined that its ICFRs were effective.
No comments:
Post a Comment