Risk Professional: what happens at the perimeters of internal audit?
In a startling demonstration of what happens at the margins of internal audit's responsiblilty, a New Zealand case raises more problems.
Most Recent - This Section
The Risk Professional: US Treasury Statement re Iran banking sanctionsThe Risk Professional: "Clean Sheet" draft money laundering law proposed
How Not To Be A Money Launderer for Kindle - free for two days!
The Risk Professional: The USA is broke again
The Risk Professional: Forum - AML/CFT Risk in Mobile Payments, e-Payments, Kiosks and Payment Cards
Most Recent - Whole Site
Taxation: US Treasury notice re FACTAInternet: "buy this domain or lose business"
The Risk Professional: US Treasury Statement re Iran banking sanctions
Automotive: Clint Eastwood's misty eyes playing for Detroit
Aviation: Kingfisher's finances cause concern
Most Recent - BankingInsuranceSecurities.Com
FI Fraud: Phishing - Santander UKSanctions: OFAC update 20120207
Phishing Alert: Quickbooks / Intuit
Sanctions: OFAC UPDATE 20120206
Sanctions HM Treasury - Iraq
New Zealander Michael Swann had worked hard and progressed to be Chief Information Officer of Otago District Health Board. Once in post, he was responsible for the supervision of maintenance and upgrades of the District Health Board's IBM computer system. And for several years, he signed off on software and hardware maintenance and upgrade contracts undertaken by a company called Sonnford Solutions, formed by Kerry Harford. The total value of the contracts was approx NZD17 million.
But, Harford is not a computer engineer, and has no background in maintaining or upgrading IBM systems. In fact, he's a surveyor.
When the system suffered series of catastrophic failures in late 2006 and early 2007, the Board insisted that third party computer engineers review the system.
Those engineers reported that the hardware had been patched up with parts taken from other machines - not the new parts that had been charged for; software and hardware updates had been billed but never provided.
The District Health Board was struggling with its finances, the Court was told. But Swann personally pocketed approx NZD15 million. He laundered it by buying property, boats and cars. Even so, no order was made for forefeiture of property. That is being left to the Health Board which is pursuing legal action.
Harford, incredibly, took just 10% of the money as his "commission." He has come to a deal with the District Health Board but details remain private.
Both men had denied the charges. Now, however, they are sentenced to long jail sentences.
The charges were brought as fraud charges, and not as money laundering offences which would have been more difficult and more expensive to prove.
But the case raises a serious question as to where the responsibilities of internal audit end.
Should they have checked that Sonnford Solutions was a bona fide computer consultancy? Should they have checked that the work for which such a large sum was passing was in fact done? If so, is it reasonable to assume that they have the skill set to do so? Or are they supposed to engage outside experts to make an assessment?
The ramifications of a case such as this are potentially enormous.
Again, to quote Thomas Renyi of Bank of New York after the Lucy Edwards scandal "We put our trust in a senior officer. That trust was misplaced."
The Otago case again raises the issue of what it right and / or reasonble to define as the boundaries of internal audit.
Download PDF version of this page
