How $16 Million was Stolen from a Bakery

Day 24 of 30 Days of Fraud

Is it possible to steal over $16 million from a bakery? Today we see that large sums can be taken from a small, mundane business. And the scheme can be so very simple.

The Theft

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

  • $11 million on a Black American Express card
  • $1.2 million at Neiman Marcus in Dallas
  • 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
  • Wine collection (having an approximate value of $50,000)
  • Steinway electronic piano (having a value of $58,500)
  • 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
  • 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
  • And more…

How the money was stolen

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

$16 million stolen from a bakery

The picture is courtesy of AdobeStock.com

The Weakness

No one was comparing the cleared check payees to the general ledger. 

The Fix

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do so, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) are to be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, you could require a daily second-person review of cancelled checks.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years probation.

Is Your Cash Receipts Supervisor on the Take?

Day 23 of 30 Days of Fraud

Sometimes the person you hire to prevent theft is the one stealing. This is one of the dangers of a trusted bookkeeper. Below I provide a real-life story of a cash receipts supervisor on the take.

The Theft

Is your cash receipts supervisor taking your cash? I once worked on a case where this person took over $300,000.

Cash receipts supervisor on the take

The picture is courtesy of AdobeStock.com

Cash Receipts Supervisor

Many businesses funnel cash receipts to a supervisor who counts the money from each cash drawer and compares the funds to the daily receipts. The purpose of this step is to ensure no front-desk clerks are stealing.

The cash collections supervisor has usually worked a cash drawer in the past. So she knows all about how the receipts enter the system and how they are deposited.

Typical Deposit Cycle

The collections process often works as follows:

  1. Money is collected at the front cash-collection desks and placed in the cash drawers that are assigned to each clerk; receipts are written for each payment
  2. These clerks tally their collections at the end of each day and reconcile the monies in their cash drawers to the receipts written
  3. The daily reconciliation for each cash drawer goes to the cash receipts supervisor who recounts the funds received and reconciles collections to the receipts written (performing the same reconciliation as the front desk clerks)
  4. The cash receipts supervisor creates a deposit slip for all funds collected (if there are seven cash drawers, then the deposit slip represents the total collections for all seven cash drawers)
  5. The cash receipts supervisor gives the checks and cash and deposit slip to a courier to take to the bank
  6. The courier receives a bank deposit receipt from the bank
  7. The courier provides the bank deposit receipt to the cash receipts supervisor (so she can compare the bank deposit receipt with the copy of the deposit slip–to ensure the courier did not steal any funds in transit)

The Cash Receipts Supervisor Steals

So how can the cash receipts supervisor steal funds in the above scenario?

In the case I worked on, the supervisor also reconciled the bank statement. After step 3., but before step 4., she would steal the cash and then lessen the deposit slip accordingly. So, if she took $2,200, the deposit slip would reflect the total daily collections less $2,200.

You’re thinking, “But then the bank account would not reconcile since the computers have recognized the front-desk collections?” You are correct—unless someone monkeys with the bank reconciliation. And that’s what she did. The supervisor adjusted the reconciling items–on the bank reconciliation–to cover up the stolen funds. The scheme worked until the annual audit.

When the auditors tested the outstanding items on the bank reconciliation, they could not tie substantial amounts to the subsequent bank statement. Generally, outstanding reconciling items clear the subsequent month’s bank statement—but large amounts on the year-end bank reconciliation could not be accounted for (because they were fictitious).

When confronted, the clerk confessed to her theft and method.

The Weakness

The weakness was the cash receipts supervisor who had custody of assets (cash) also performed the reconciliation of the related bank account.

The Fix

The person reconciling the bank statement should not also handle cash. It’s also a good idea to perform surprise tests of the receipting records. Doing so puts everyone on notice. The receipt employees know someone can appear at any time and review their work.

For additional assistance, see my article about how to audit cash.

How to Use the Camera Effect to Kill Fraud

The threat of being seen diminishes theft

You can use the camera effect to kill fraud. Today I tell you what the camera effect is and how you can use it to reduce theft.

People are more prone to steal if they think no one is looking. But the camera effect is a powerful deterrent. So what is it? It’s the positive change that occurs when employees believe their actions are seen.

using the camera effect to kill fraud

43% of fraud detection comes by way of tips. This is why whistleblower programs are the number one way to reduce theft. Time and time again the Association of Certified Fraud Examiners’ surveys show that whistleblower programs lessen the number of and dollar amount of frauds. Employers provide 1-800 numbers whereby employees can anonymously report potential red flags 24/7. So why would a telephone number reduce fraud?

The camera effect.

Use the Camera Effect to Kill Fraud

We know that when potential fraudsters believe their thefts will be seen, they stay clean. No one wants to go to jail. No one desires to embarrass themselves or their family members.

The key is to introduce the threat of discovery.

This is why whistleblower programs are effective. When in place, such programs make employees feel that others see their actions. For example, if I make $40,000 a year, but I buy an $80,000 vehicle, my fellow employees (at least some) know this is a fraud signal. Now someone can report this signal using the whistleblower program. Think of the whistleblower programs as lots of roving cameras recording and communicating actions in real time. Now employees believe, “If I take, I will be seen.”

When I teach fraud prevention classes, I stand in front of the room and turn a security camera on. It whirls and turns, making class members feel as though they are being recorded. It’s funny; people act differently. They sit up, fix their hair, smile. After the camera rotates a couple of times, I say, “The camera is not hooked up to anything. You are not being recorded.” What did I just do? I made them think they were being taped.

My teaching point: We want employees to believe their actions are visible. The camera effect causes positive actions.

Examples of the Camera Effect

Here are examples of fraud prevention steps that create the camera effect:

  • Someone outside of the accounts payable department randomly selects ten cleared checks each month and reviews the payee, the signature, and the invoice support (let the accounts payable personnel know that this procedure will be performed periodically)
  • Mail the bank statements to someone outside of accounting who opens them and inspects the contents before providing the statements to the accounting department 
  • An outside CPA or CFE performs surprise tests of accounting information twice a year, picking whatever area she desires to inspect (now everyone knows their work is potentially subject to review)

Your Camera Effects

What are you doing to create the camera effect? White-collar crime is a real threat to your organization.

Providing Fraud Prevention Services to Compilation Clients

Could it be that fraud prevention assistance is more beneficial than a compilation engagement?

This post discusses providing fraud prevention services to compilation clients.

providing fraud prevention services to compilation clients

How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is plenty. Now let me ask you another question.

The Greater Risk for Your Client

What is the greater risk for your client?

  • Financial statements are misstated or
  • A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business

You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.

I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?

It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.

When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.

Defining Your Compilation Service

Here are two questions to consider in defining your compilation engagements.

  1. Do you get signed compilation engagement letters?
  2. Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?

These two actions lessen your risk when you provide only compilation services.

If you desire to provide fraud prevention services, then use a separate engagement letter to cover that work.

Providing Fraud Prevention Services to Compilation Clients

Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.

If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.

I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)

In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)

Fraud Prevention Services Create Risk

But doesn’t providing fraud prevention services create additional risks for the CPA?

Yes.

Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. 

If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.

Independence

Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.

If your independence is impaired, you need to say so in the compilation report.

Agree or Disagree?

What do you think about offering fraud prevention services to compilation clients?

You can learn more about white-collar crime here.

Would Andy Griffith Steal? Receipt Fraud in Law Enforcement

Day 22 of 30 Days of Fraud

Would Andy Griffith steal? Maybe not. But other law officers do. Thankfully, most don’t.

The Theft

If you’ve watched Andy Griffith as much as I have, you may find it hard to believe a (small town) officer would steal–but it happens.

Andy Griffith steal

A friend of mine (we’ll call him John) audits a small Georgia city (this is a true story). One year he was reviewing the planning analytics for the audit, reviewing five years of comparative data. In scanning the comparisons, he noticed the police fines had fallen off significantly. So John asked the police chief why the fines were down.

The police chief (we’ll call him Robert) responded, “I took it.”

John laughed and said, “I’m serious, why do you think the fine revenue dropped?”

“I said I took it.”

John was stunned. It was hard for him to absorb what he was hearing. After all, fraudsters don’t generally confess on the spot–but this one did. And the chief was well-known and well-liked, a man known for his integrity.

The discussion continued as John inquired about how the chief took the money. Here’s the deal.

Robert had two receipt books, one for cash and one for checks. When checks were received, he would write a receipt from the checks receipt book–those funds were turned over to the city clerk. When cash was received, he wrote receipts from the cash receipts book–those monies went into his pocket. Simple, but effective, as he stole over $50,000.

The Weakness

So, what control weakness allowed this theft?

No one was controlling the issuance of the city receipt books. Also, the city clerk should have noticed the lack of cash payments being received for fines.

The Fix

How can we remedy this problem?

When governments use physical receipt books, assign the duty of purchasing and issuing receipt books to a particular person. He or she should maintain a log of the receipt books and who has each one.

Surprise audits of those receiving funds is another way to combat theft. These reviews can be performed by the government’s internal audit staff or by an outside CPA or Certified Fraud Examiner.

White-collar crime is real, so stay vigilant. (Even so, I still can’t believe the real Andy Griffith would steal.)

Stealing Unaccrued Receivable Checks is Easy

Day 21 of 30 Days of Fraud

Stealing Unaccrued Receivable Checks

Some fraudsters steal unaccrued receivable checks and convert them to cash. In this article, I explain the mechanics of the theft and how you can prevent it.

The Theft

Susan is an hospital executive that has the authority to approve purchases of medical devices. She commonly receives rebate checks from vendors. Since she negotiates the purchase contracts, the vendors mail the rebate checks to her. Some of these checks are north of $50,000.

A while back she received a rebate check and placed it in her top left-hand drawer, thinking she would take it to accounting the next day. But she forgot.

stealing unaccrued receivable checks

Picture is courtesy of AdobeStock.com

A month later she opened her drawer, and there it was. Oops! She hurriedly took the check to the receipting department and said, “Gosh, I must be losing my mind.” They all laughed, knowing it was an innocent mistake. But in the course of these events, she realized that no one knew she had the check. Why would they? Susan approves the purchases, and she provides the rebate information to no one. So, the rebates are not accrued in the general ledger.

Not long thereafter, Susan decides to retain two of the rebate checks totaling over $100,000. She places them in the same left-hand drawer, but this time, she does so on purpose. And then she waits—several weeks. No one calls about the checks. It’s obvious that no one knows she has them.

Susan converts the checks to cash by depositing them into a new bank account that she has opened in the name of the hospital. She is the sole authorized signer for the new bank account.

Now, let’s see what the control weaknesses are and how we can remedy this problem. 

The Weakness

The weakness is that no one is tracking or accruing the rebate checks.

The Fix

How can we cure this weakness?

Determine what companies provide rebates checks (and any other checks commonly received and not accrued). Send confirmations to the paying parties and compare the confirmed amounts with activity in the general ledger.

A master list of rebate companies should be maintained by someone in accounting, and the related activity should be monitored by comparing receipting information to this list. When possible, accrue rebate receivables.

White-Collar Crime

This is one more example of white-collar crime. Click here for many more articles about theft. For a detailed article about auditing receivables, click here.

Splitting Payments to Circumvent Approval Requirements

Day 20 in 30 Days of Fraud

Some fraudsters split payments to circumvent approval requirements. In this article, I show you how this type of theft works and what you can do to prevent it.

The Theft

The maintenance supervisor, Billy, wants to make a fraudulent payment to ABC Hardware for $9,900. (ABC Hardware is owned by his cousin.) So, Billy wants to avoid his company’s review process. He knows that all checks over $5,000 require the physical signature of the finance director. All checks below $5,000 are signed by the computer. What’s a boy to do? Well, Billy can split the transaction–two checks for $4,950 each. That will work.

Billy asks his cousin for two ABC Hardware invoices of $4,950 rather than the one for $9,900. Afterwards, Billy approves each invoice, and the payments are made.

splitting payments

Picture is courtesy of AdobeStock.com

So, Billy tries the scheme again, and it works. Then, he does so repeatedly. His cousin rewards him with free trips to South Dakota, his favorite hunting destination.

The Weakness

No one is querying the check register for payments just below the threshold. Also, bids were not obtained.

The Fix

Download the check register into Excel (or any database package). Then, sort the payments and look for repeated payments–just below the threshold of $5,000–to the same vendor.

Require bids for significant expenses, and retain the bids as support for the payments.

Difference in Bribes and Gratuities

Learning tip: The hunting trip is referred to as a gratuity rather than a bribe. Why? Bribes are inducement payments made before the purchase decision. Gratuities–free trips in this example–are given after the vendor payments. The purpose of the gratuity is to reward the complicit person (Billy). Then, in the future, Billy knows the drill and expects more of the same.

White-Collar Crime

Splitting payments is a form of white-collar crime. There are many ways that professionals steal. Click here for more fraud-related examples (some of which are hard to believe).

The Rita Crundwell Story: Why Some Ranches Have a Bad Smell

Day 19 of 30 Days of Fraud

Is it possible for one person to steal over $53 million from a city with an annual budget of less than $10 million? Yes. The Rita Crundwell story provides a cautionary tale for small businesses, governments, and nonprofits.

The Theft

Rita Crundwell, comptroller, and treasurer of Dixon, Illinois stole $53 million over a twenty-year period. The city of 16,000 residents held Crundwell in high esteem. One friend described her as “sweet as pie.” Another said: “You could not find a nicer person.”

So why did she steal? It appears Rita just enjoyed the good life. She used the money to fund one of the top quarter horse ranches in the country, and she did it with style: Some of the funds were used to purchase over $300,000 of jewelry and a $2.1 million motor coach vehicle.

Rita Crundwell story

The picture is courtesy of AdobeStock.com

Her annual salary? $80,000.

The city’s annual budget? $6 to $8 million

Were yearly audits performed? Yes.

Were budgets approved? Yes.

So how could this happen? Ms. Crundwell had won the trust of those around her—especially that of mayor and council. In April 2011, finance commissioner and veteran council member, Roy Bridgeman, praised Crundwell calling her “a big asset to the city as she looks after every tax dollar as if it were her own.” (Too much trust is the main cause of white-collar crime.)

It was a disturbing moment when Dixon Mayor James Burke presented the FBI with evidence of Crundwell’s fraud. Burke later recalled his emotions and words: “I literally became sick to my stomach, and I told him that I hoped my suspicions were all wrong.” Such a response is understandable given that Crundwell had worked for the city for decades. She had fooled everyone.

According to the mayor, the city’s annual audits raised no red flags, and the city’s primary bank never reported anything suspicious. So how did she steal the money? In 1990, Crundwell opened a secret bank account in the name of the city (titled the RSDCA account: the initials stood for reserve sewer development construction account). Crundwell was the only authorized check signer for the account, and the RSDCA bank account was never set up on the city’s general ledger. The City’s records reflected none of the RSDCA deposits or disbursements.

Crundwell would write and sign manual checks from a legitimate city capital project fund checking account, completing the check payee line with “Treasurer.” (Yes, Crundwell had the authority to issue checks with just her signature—even for legitimate city bank accounts.) She would then deposit the check into her secret account. From the bank’s perspective, a transfer had been made from one city bank account to another (from the capital projects fund to the reserve sewer development construction fund).

While the capital project fund disbursement was recorded on the city’s books, the RSDCA deposit was not. A capital project fund journal entry was made for each check debiting capital outlay expense and crediting cash. But no entry was made to the city’s records for the deposit to the RSDCA account. Once the money was in the RSDCA account, Crundwell wrote checks for personal expenses—and she did so for over twenty years.

To complete her deceit, Crundwell provided auditors with fictitious invoices from the Illinois Department of Transportation; these invoices included the following notation: Please make checks payable to Treasurer, State of Illinois. (So the canceled checks made out to Treasurer agreed with directions on the invoice, but the words “State of Illinois” were conveniently left off the check payee line.) Remember Crundwell was the treasurer of Dixon. 

Those invoices and the related checks were often for round dollar amounts (e.g., $250,000) and most were for more than $100,000. In one year alone, Crundwell embezzled over $5 million.

So how was she caught? While Rita was on an extended vacation for horse shows, the city hired a replacement for her. For some reason, Crundwell’s substitute requested all bank account statements from the city’s bank. As the bank statements were reviewed, the secret bank account was discovered. And soon after that, the mayor contacted the FBI.

The Weakness

Why was Rita able to steal $53 million? Wait for it…a lack of segregation of duties (getting tired of my saying this?–sorry, but so many thefts are rooted in this weakness).

Rita could do the following:

  • Write checks
  • Approve payments
  • Create and monitor the budget
  • Enter transactions into the accounting system
  • Reconcile the bank statements

The Fix

Multiple people should perform accounting duties, not just one person.

Accounting employees should be required to take at least a one-week vacation, and while they are gone, someone else should perform their duties. The vacation itself is not the key. The performance of the absent accountant’s duties is. Why? Doing so allows the replacement person to understand the work of the vacant employee. And, more importantly, as the substitute employee works, he or she sees any unusual or fraudulent activity.

Here’s another action to take. Periodically contact your organization’s bank and ask for a list of all bank accounts. Then compare the list to the bank accounts set up on the general ledger. If a bank account is not on the general ledger, see why. Request a copy of the related signature card from the bank.

What Happened to Rita?

So, what happened to Rita? She was sentenced to 19.5 years in prison. Here are pictures from the Chicago Tribune that shed light on the fraud.

How Employees Steal with Company Credit Cards

Day 18 of 30 Days of Fraud

Employees sometimes steal with company credit cards. Today, we look at a case where one employee was able to steal over $300,000 by misusing college credit cards.

The Theft

Donna Gamble made fraudulent purchases of over $300,000 using Georgia Tech purchase cards (credit cards).

Gamble was employed by Georgia Tech in the Parker H. Petit Institute for Bioengineering and Bioscience. As part of her job, she had access to Georgia Tech credit cards.

Gamble used the purchase cards to buy over 3,800 personal items. How did she hide her theft? She submitted false receipts to her supervisor and made fraudulent accounting entries. The thefts–taken from grant money provided to Georgia Tech by the National Science Foundation–occurred from April 2002 through April 2007. So money designed to advance educational learning was spent on personal items such:

  • A popcorn machine
  • Football tickets
  • A wave runner
  • Video games

Ms. Gamble was sentenced to two years and eight months in federal prison.

The Weakness

The internal control weakness that led to the theft was a lack of appropriate monitoring.

steal with company credit cards

Credit cards provide a simple means to bypass normal purchasing policies. Most purchasing policies require the issuance of a purchase order prior to the purchase. Such purchase orders are provided by a second person–someone other than the purchaser. So, the authorization to purchase is separate from the bookkeeping. In other words, at least two people are involved in the purchase transaction. Having multiple people involved in such transactions strengthens the controls. Why? A single person can’t make purchases alone. Consequently, theft–when such controls are in place–requires collusion. Now, it’s more difficult to steal.

Many organizations don’t require purchase orders for credit card purchases. Therefore, one person can purchase without a second person’s involvement. Even when a second person authorizes purchases, theft can occur if that person doesn’t pay sufficient attention to purchase requests (and the related documentation).

The Fix

What’s the fix? The monitoring of credit card use. Persons using company credit cards must know that someone else sees their purchases. For instance, internal auditors should routinely audit credit card activity. And the users should know that such audits occur.

Theft, like the one above, occurs when the fraudster knows no one is looking–they believe they can steal, and no one will notice.

Here are some ideas to lessen the possibility of credit card fraud:

  • Limit the number of cards issued
  • Assign each card to one person
  • Set low credit limits
  • Keep all cards in a secure location
  • Restrict card usage to particular vendors (which can be done with a purchase card)
  • Require the person to provide support for each purchase
  • If appropriate support is not provided, disallow the use of the card
  • Reconcile monthly credit card statements to supporting documentation
  • Audit personnel (internal or external) should review credit card activity
  • Provide a summary credit card activity report for each employee to the governing body or owners of the company

For more information about white-collar crime, click here.

Payroll Fraud: I Get By with a Little Help from my Friends

Day 17 of 30 Days of Fraud

Payroll fraud is quite common. Sometimes the theft occurs as a payroll department employee secretly inflates payments to family and friends.

The Theft

One Friday evening, Jimmy and Rachel are sitting on the back porch drinking a cool lemonade and chatting about how long it’s been since the business gave them a raise–three years and counting. And everyone knows the owners just bought a beautiful cabin in Aspen. The cost: $10 million. Meanwhile, Jimmy and Rachel (cousins) are wiling away their time discussing what they could do to make more money.

payroll fraud

Picture is courtesy of AdobeStock.com

“Don’t you control what people make,” Jimmy starts. Rachel laughs and says, “I may be in payroll, but I can’t give anyone a raise.”

Jimmy pauses and says, “I didn’t ask if you give raises? I mean, can’t you change pay rates, like you could increase mine. You know, quietly.” He grunts, “After all, the owners sure don’t need the money.”

Rachel ponders the request and replies, “I think I could. No one ever reviews what I do. I doubt anyone would ever notice. Come to think of it, I could do the same for myself. With over 300 employees, no one would know. The supervisors never look at the computer payroll files, only the physical personnel files.

The next day Rachel increases her pay rate and Jimmy’s by 10%, just to test the waters. If anyone notices, she’ll say it was a mistake. But no one does. And after six months, she moves the rates even higher–another 30%. Easy money. Even if she’s caught, white collar crime is often lightly punished.

The Weakness

No one is comparing–on a test basis–the pay rates in the payroll master file to the approved rates in the personnel files.

The Fix

Have someone in internal audit or an external CPA or CFE randomly select employees, comparing the master pay rates for each person to the personnel files. Let the payroll and human resources employees know that this test will be performed once a year. The knowledge of the test will be a deterrent to fraudulent increases in the master pay rate file. In particular, pay rates for payroll personnel should be reviewed.

How to Audit Payroll

For a detailed article about how to audit payroll, check out my post here.