Juan Guerrero
Auditing 29:010:430:62
Wells Fargo Case Study
Wells Fargo & Company is an American multinational financial service company in the United States. In 2016, the company was faced with a big scandal where some of the employees were secretly opening saving and checking accounts on behalf of clients without their consent since 2011. Then in the year 2017, it was in the news that Wells Fargo charged mortgage fees that were unwarranted in the year 2013- 2017 and imposed many of its customers with unnecessary auto insurance causing them to fall behind on their car loans and have them repossessed. However, the most shocking thing is that KPMG had audited the company’s books during this period, but the auditors failed to detect the fraud committed by the company’s employees. This essay looks to address Wells Fargo’s failure in the opening of fake accounts by employees.
The auditor is more at fault because he failed to identify Wells Fargo employees’ fraudulent opening of fake customer accounts, which led to severe consequences on various parties. First, the customers were the most affected because of the bank charges and interest on the mortgage they incurred without their knowledge and the insurance imposed on them by the bank employees. This, in turn, led to them losing trust in the organization. Due to this, the institution’s management and shareholders also suffered from a bad reputation that led to customers’ loss, leading to low business returns. According to (CNN NEWS) Wells Fargo suffered another quarterly loss of $321, bringing the total loss to $2.2 billion. The employees of Wells Fargo also suffered from fraudulent activities because 5,300 of them involved in this fraud were fired from their jobs.
According to International Standards of Auditing (ISA) 315, it is the responsibility of the auditor to identify and assess the risks of material misstatement in the financial statements through understanding the entity and its environment, including the entity’s internal control, and report their findings to the management according to ISA 260. The auditor must acquire enough understanding of every component of the company’s internal controls over financial reporting to know all potential misstatements. In my opinion, the auditor is more at fault for failing to do this. The company’s management is also at fault for setting unrealistic targets for employees that were unattainable and for failure to put in place internal control procedures that could prevent and detect such fraud. The internal control system of a financial services firm is vital to the management of the organization and serves as the basis for its effective functioning. This system may also assist in ensuring that the organization’s rules and regulations, as well as policies and processes, are followed, thereby reducing the likelihood of unanticipated losses and harm to the company’s image.
Internal Controls
The auditor failed to recognize the internal controls Procedure. The internal control procedures initially were a mechanism for reducing fraud, misappropriation, and errors, which has now been broadened to address all the risks financial institutions face. The internal control system can be divided into five-element:
Segregation of duties and control activities
Management oversight
Risk assessment and recognition
Monitoring activities
Information and communication
Segregation of duties and control activities
Control activities should be considered as an essential element of the organization’s everyday operations by management and all workers. This will allow for a speedy reaction to changing situations while avoiding excessive expenses. Management should check in on a frequent basis to verify that all of these parts of the company are adhering to the rules and procedures in place. An efficient internal control system requires proper segregation of duties and ensures individuals are not assigned conflicting tasks. In the case of Wells Fargo, there was a lack of adequate segregation of duties that led to the losses. There was no clear separation between the person who created the accounts and those who approved the accounts. The auditor should have ensured that there is proper segregation of duties within the company by testing the approval procedures of the organization. The auditors should have also performed walkthroughs of transactions through the company processes and verified necessary documents. This is a preventive measure by management.
Management Oversight
The management of the organization has the responsibility of approving and reviewing strategies and policies of the organization. Senior management has the responsibility of implementing strategies and policies and establishing an effective system of internal control. The internal control system should be properly documented and communicated to show responsibilities and authority throughout the organization and ensure there is no gap. Wells Fargo management failed to oversee the employees’ performance, which led to prolonged fraudulent activities. This control can both prevent fraud and detect fraud in case of occurrence.
Risk assessment and recognition
Financial institutions are in the business of risk-taking. It is important to have an internal control system that continuously assesses and recognizes these risks. Risk assessment should identify both internal and external factors that could prevent the organization from achieving its goals. This process should cover all risks that could affect the organization at all levels. If the management of Wells Fargo had put in place risk assessment procedures, they would have been able to determine the various fraud committed by the employees and take necessary action. Various scenarios must be considered to understand best the risks that may face the organization. The auditor should have performed risk assessment procedures to identify the risks present and respond to the identified risks appropriately.
Monitoring activities
Internal control of any financial institution should be monitored regularly as a preventive measure by the management. Monitoring activities should be part of the organization’s daily activities and should also include regular evaluations of internal controls. This can help in determining the nature of various risks and which risks occur frequently. Wells Fargo management should have put in place ongoing monitoring to quickly help detect and correct weaknesses of the internal control procedures. The auditor should find out the company’s procedures to show the effectiveness of the internal control and to find out how the company responds to identified risks. This, in turn, would have helped prevent fraud by employees.
Information and Communication
A system of internal control requires adequate information and good communication to function properly. Information should be relevant, reliable, timely, accessible, and consistent to be useful, and it should cover all significant activities of the bank. Information systems must be independently safeguarded and monitored. The management should ensure that controls over the information system include both general and application controls. General control includes control over computer systems to ensure their continued and proper operation.
On the other hand, application control is a computerized step that controls the transaction processing and activities of the business. The auditors should have monitored the information system to ensure that only authorized personnel had access to information and perform analytical reviews to understand the significance of transactions in the company’s system. This is a detective control that the management of Wells Fargo should have put in place to detect unusual transactions in the system.
In conclusion, having discussed the various internal controls procedures, it is clear both the management of Wells Fargo failed to put in place systems that could easily prevent the fraud, and the auditors of the company did not perform adequate procedures to determine whether the organization had put in place any internal controls and their effectiveness. The lack of effective internal control to prolonged employee fraud led to huge losses to the company. Therefore it’s the auditor’s fault need to be hawk-eyed when it came to the wells Fargo books; therefore, he missed the key details any qualified auditor should have critiqued.
Carretta, A., & Bianchi, N. (2016). Risk Culture in Financial Institutions, regulators and supervisors. Doing Banking in Italy: Governance, Risk Accounting, and Auditing issues, 167-195.
Amernic, J., & Craig, R. (2021). Evaluating Assertions by a Wells Fargo CEO of a ‘Return to Ethical Conduct.’ Leadership.
Sridharan, U. V., & Hadley, L. U. (2018). Internal audit, fraud, and risk management at Wells Fargo. International Journal of the Academic Business World, 12(1), 49-53.
Witman, P. D. (2018). “What Gets Measured, Gets Managed” The Wells Fargo Account Opening Scandal. Journal of Information Systems Education, 29(3), 131-138.
Bishop, E. E. (2018). An Analysis of Motivation and Culture: Examining the 2009-2016 Wells Fargo Case (Doctoral dissertation, Indiana University).
Suyanto, S. (2009). Fraudulent financial statement: evidence from statement on auditing standard no. 99. Gadjah Mada International Journal of Business, 11(1), 117-144.