Would Andy Griffith Steal? Receipt Fraud in Law Enforcement

Day 22 of 30 Days of Fraud

Would Andy Griffith steal? Maybe not. But other law officers do. Thankfully, most don’t.

The Theft

If you’ve watched Andy Griffith as much as I have, you may find it hard to believe a (small town) officer would steal–but it happens.

Andy Griffith steal

A friend of mine (we’ll call him John) audits a small Georgia city (this is a true story). One year he was reviewing the planning analytics for the audit, reviewing five years of comparative data. In scanning the comparisons, he noticed the police fines had fallen off significantly. So John asked the police chief why the fines were down.

The police chief (we’ll call him Robert) responded, “I took it.”

John laughed and said, “I’m serious, why do you think the fine revenue dropped?”

“I said I took it.”

John was stunned. It was hard for him to absorb what he was hearing. After all, fraudsters don’t generally confess on the spot–but this one did. And the chief was well-known and well-liked, a man known for his integrity.

The discussion continued as John inquired about how the chief took the money. Here’s the deal.

Robert had two receipt books, one for cash and one for checks. When checks were received, he would write a receipt from the checks receipt book–those funds were turned over to the city clerk. When cash was received, he wrote receipts from the cash receipts book–those monies went into his pocket. Simple, but effective, as he stole over $50,000.

The Weakness

So, what control weakness allowed this theft?

No one was controlling the issuance of the city receipt books. Also, the city clerk should have noticed the lack of cash payments being received for fines.

The Fix

How can we remedy this problem?

When governments use physical receipt books, assign the duty of purchasing and issuing receipt books to a particular person. He or she should maintain a log of the receipt books and who has each one.

Surprise audits of those receiving funds is another way to combat theft. These reviews can be performed by the government’s internal audit staff or by an outside CPA or Certified Fraud Examiner.

White-collar crime is real, so stay vigilant. (Even so, I still can’t believe the real Andy Griffith would steal.)

Stealing Unaccrued Receivable Checks is Easy

Day 21 of 30 Days of Fraud

Stealing Unaccrued Receivable Checks

Some fraudsters steal unaccrued receivable checks and convert them to cash. In this article, I explain the mechanics of the theft and how you can prevent it.

The Theft

Susan is an hospital executive that has the authority to approve purchases of medical devices. She commonly receives rebate checks from vendors. Since she negotiates the purchase contracts, the vendors mail the rebate checks to her. Some of these checks are north of $50,000.

A while back she received a rebate check and placed it in her top left-hand drawer, thinking she would take it to accounting the next day. But she forgot.

stealing unaccrued receivable checks

Picture is courtesy of AdobeStock.com

A month later she opened her drawer, and there it was. Oops! She hurriedly took the check to the receipting department and said, “Gosh, I must be losing my mind.” They all laughed, knowing it was an innocent mistake. But in the course of these events, she realized that no one knew she had the check. Why would they? Susan approves the purchases, and she provides the rebate information to no one. So, the rebates are not accrued in the general ledger.

Not long thereafter, Susan decides to retain two of the rebate checks totaling over $100,000. She places them in the same left-hand drawer, but this time, she does so on purpose. And then she waits—several weeks. No one calls about the checks. It’s obvious that no one knows she has them.

Susan converts the checks to cash by depositing them into a new bank account that she has opened in the name of the hospital. She is the sole authorized signer for the new bank account.

Now, let’s see what the control weaknesses are and how we can remedy this problem. 

The Weakness

The weakness is that no one is tracking or accruing the rebate checks.

The Fix

How can we cure this weakness?

Determine what companies provide rebates checks (and any other checks commonly received and not accrued). Send confirmations to the paying parties and compare the confirmed amounts with activity in the general ledger.

A master list of rebate companies should be maintained by someone in accounting, and the related activity should be monitored by comparing receipting information to this list. When possible, accrue rebate receivables.

White-Collar Crime

This is one more example of white-collar crime. Click here for many more articles about theft. For a detailed article about auditing receivables, click here.

Payroll Fraud: I Get By with a Little Help from my Friends

Day 17 of 30 Days of Fraud

Payroll fraud is quite common. Sometimes the theft occurs as a payroll department employee secretly inflates payments to family and friends.

The Theft

One Friday evening, Jimmy and Rachel are sitting on the back porch drinking a cool lemonade and chatting about how long it’s been since the business gave them a raise–three years and counting. And everyone knows the owners just bought a beautiful cabin in Aspen. The cost: $10 million. Meanwhile, Jimmy and Rachel (cousins) are wiling away their time discussing what they could do to make more money.

payroll fraud

Picture is courtesy of AdobeStock.com

“Don’t you control what people make,” Jimmy starts. Rachel laughs and says, “I may be in payroll, but I can’t give anyone a raise.”

Jimmy pauses and says, “I didn’t ask if you give raises? I mean, can’t you change pay rates, like you could increase mine. You know, quietly.” He grunts, “After all, the owners sure don’t need the money.”

Rachel ponders the request and replies, “I think I could. No one ever reviews what I do. I doubt anyone would ever notice. Come to think of it, I could do the same for myself. With over 300 employees, no one would know. The supervisors never look at the computer payroll files, only the physical personnel files.

The next day Rachel increases her pay rate and Jimmy’s by 10%, just to test the waters. If anyone notices, she’ll say it was a mistake. But no one does. And after six months, she moves the rates even higher–another 30%. Easy money. Even if she’s caught, white collar crime is often lightly punished.

The Weakness

No one is comparing–on a test basis–the pay rates in the payroll master file to the approved rates in the personnel files.

The Fix

Have someone in internal audit or an external CPA or CFE randomly select employees, comparing the master pay rates for each person to the personnel files. Let the payroll and human resources employees know that this test will be performed once a year. The knowledge of the test will be a deterrent to fraudulent increases in the master pay rate file. In particular, pay rates for payroll personnel should be reviewed.

How to Audit Payroll

For a detailed article about how to audit payroll, check out my post here.

How Honest People Steal

Day 16 of 30 Days of Fraud

Honest people steal. White collar crime is real. Nice, innocent-looking people take money that’s not theirs.

The Theft

The title of my post–How Honest People Steal–is tongue-in-cheek. Why the title? Well, we’re talking about expense report fraud.

I teach a college Bible study, and in it, I sometimes talk about “acceptable sins,” things like gossip, impatience, anger. My point is they are all issues and not acceptable, but we like to pawn them off as being okay–especially when it’s me that’s angry.

Picture is courtesy of AdobeStock.com

Picture is courtesy of AdobeStock.com

Likewise, expense report fraud is often viewed as acceptable, at least when it’s within bounds. But we all know fraud is fraud. The taking of something that does not belong to us is theft. But, I must say, it is so human to fudge on expense reports. We think things like: If I drove 355 miles, isn’t it okay to round up to 375? After all, I forgot to turn on my distance gauge until I was at least three miles out of town. Such rationalizations are easy to come by.

It always amazes me that executives–making six figures–are willing to jeopardize their positions for a few measly dollars. But C-suite employees commit expense report fraud just like new-hires. Recently, the Health and Human Services Secretary resigned over questions about travel. While the Secretary was not accused of expense report fraud, it’s an example of how powerful people can abuse the use of travel privileges and, in this case, cost his employer (the federal government) money.

So how do people inflate their expense reports?

  • Inflating mileage
  • Submitting the same receipt multiple times
  • Asking for advances and then requesting a second payment after returning from the trip
  • Submitting the receipts of a nonemployee (e.g., spouse)
  • Submitting hotel reservation printouts (with projected cost), but not spending the night there

The Weakness

Usually, the weakness is that no one is properly reviewing the expense reports. Also, the company may not appropriately communicate the penalties (what happens when fraud is detected) for false reporting.

The Fix

Create a written expense report policy that all employees sign, acknowledging their agreement to abide by the guidance.

The person reviewing the expense reports should be trained. He needs to know what is acceptable–and what is not. And most importantly, the person reviewing expense reports must be supported by the leadership of the entity–he has to know that the CEO or board chair has his back. (It’s difficult to stand up to high-level employees unless the reviewer knows the leader supports him.)

Stealing While Dying: The Motive for Fraud Comes in Many Forms

Day 15 in 30 Days of Fraud

Some fraudsters steal while dying. What’s their motive? Possibly to avoid leaving their family with medical bills. Whatever the reason, it’s a strange thing. Today we visit a fraud that I encountered over twenty years ago.

stealing while dying

The Theft

In one of the stranger frauds I’ve seen, the bookkeeper of a small health department, Susan, stole money. And she did so while she was dying. In the last months of her life, she fought a battle with cancer. In between the chemo treatments, she continued her work. I’m sure she believed she would survive. After all, she was only thirty-six. 

I had provided external audit services to this health department for years and knew Susan well. She sent me thank-you cards–yes, thank-you cards–for my audit work. She was polite and great at her job. If ever I thought there was someone who would not (and could not) steal, it was her.

But external circumstances can make the best of people do the unexpected. The medical treatments resulted in numerous medical bills, many of which she received while still working. She died just before my annual visit for the audit.

Knowing that Susan had passed away, I knew the audit would be challenging, especially since the health department board had not hired anyone to replace her.

Upon my arrival, I requested the bank statements, but the remaining employees could not locate them. I thought maybe she had taken the bank statements home and had not returned with them due to her illness, but that was not the case. After the employees searched for some time with no result, the health department requisitioned the bank statements and cleared checks from the bank.

In reviewing the cleared checks, I quickly noticed round-dollar checks written to Susan. The first one was for $7,000. My first thought was, “Not Susan, I’ve known her too long. No way. ” But then there was another and another…

The Weakness

The weakness was a lack of segregation of duties. Susan did the following:

  • Keyed payables into the general ledger
  • Created checks for signing
  • Had signature authority on the bank account
  • Reconciled the bank statements
  • Created the monthly financial statements

Are you noticing a recurring theme in the 30 Days of Fraud? Yes, a lack of segregation of duties. It’s fundamental. One person should not be allowed to do everything.

The Fix

Segregate the accounting duties. Most importantly, Susan should not have been on the bank’s signature card. Additionally, someone other than Susan should have been reconciling the bank statement and examining cleared checks. For small organizations, have the bank statements mailed to someone outside the accounting department (e.g., a board member). This outside person should open the statements and review the cleared checks—then the statements should be sent to accounting.

How Fraudsters Steal with Inflated Invoices

Day 13 of 30 Days of Fraud

Fraudsters can steal with inflated invoices. In the story below, you’ll see that a school maintenance director was able to take millions by doing so. Today, we look at how this scheme works and how you can prevent it.

The Theft

The school maintenance director, Derek Brown, purchases materials from two local hardware stores; also, the school contracts with a nearby electrical services company. Each of these businesses is owned by relatives of Derek. While the school board knows about the familial relationships, they are accustomed to the use of these vendors. After all, it’s been that way for years.

steal with inflated invoices

This picture is courtesy of AdobeStock.com

What the board doesn’t know is that Derek often receives inflated invoices from these related parties. For example, if the school orders $30,000 of supplies, it receives an invoice for $45,000. Derek approves the purchase orders, the physical receipt of the goods, and the payment of the invoice. (At times, one of Derek’s assistants counts the physical goods received, but he is party to the fraud as well.) It’s easy for Derek to approve the overstated bills. 

Additionally, some of Derek’s business friends (persons doing business with the school) send invoices to the school for services never provided. He approves these payments as well. 

About once a month, the related-party vendors pay Derek 50% of the excess billings.

The above fraud example is based (partially) on an ongoing case involving the Floyd County Schools where millions were stolen.

The Weakness

The weakness lies in the lack of segregation of duties. Derek approves:

  • The purchase orders
  • The physical counts of goods or services received
  • The approval of the invoices

A contributing element is the school board going to sleep–these types of relationships should be vetted. If no other vendors are available–often the reason for using such local businesses–then additional scrutiny should be brought to bear upon the related payments.

The Fix

Segregate the duties, especially the purchase order approval. A conflict-of-interest policy should be adopted requiring all school officials and key administrative personnel to disclose questionable relationships. If key conflicts are not eliminated, the related activity should be subject to audit by an outside CPA or Certified Fraud Examiner.

Additional Fraud Prevention Assistance

If you work with local governments, you will find my fraud book useful in identifying and preventing fraud. See the book on Amazon by clicking the icon below.

 

How to Steal by Double Paying a Vendor

Day 12 of 30 Days of Fraud

The Theft

Fraudsters can steal by double paying a vendor. In this article, I show you how duplicate payments sometimes end up in an employee’s pocket and how to prevent this fraud.

John, an accounts payable clerk, works for Zoom Inc. Last year, he accidentally sent two checks to the same company for the same invoice. To recover the second disbursement, John called the vendor, and they quickly returned the extra payment. While he was embarrassed about his mistake, he realized that had he not recovered the check, no one would have noticed.

steal by double paying a vendor

Picture is courtesy of AdobeStock.com

Steal by Double Paying the Vendor

John has the itch to buy a new BMW. He saved some money, but he needs more–much more. Then he remembers the accidental double payment and has an epiphany. Yeah…that might work.

John intentionally pays the company’s vendor, River Merchants, twice for the same invoice of $47,540. The checks are signed electronically by computer, so no one is physically inspecting the checks or invoices. Liz, John’s coworker, mails all vendor payments. Consequently, he can’t steal the second check before mailing.

Liz mails the checks. The next day John calls River Merchants saying, “Sorry, but I just realized I sent two payments to you for the same invoice. Would you please return the second check? My address is…”

John receives the second check Monday morning. Now he converts the check to cash by opening a bank account in the name of River Merchants and depositing the check. John is the authorized check signer on the account, so he writes a check to himself. He’s soon cruising the boulevard in his new red Beemer.

The Weakness

No one is monitoring the accounts payable process. While the company did implement the policy of having a second person mail the checks, no one is reviewing check disbursements for double payments.

The Fix

Periodically download the check register to Excel; you only need the following columns:

  1. Vendor name
  2. Check number
  3. Invoice number
  4. Check amount (amount paid)

Sort the payments by vendor name; then scan the list for same amounts paid to the same vendor. If you see payments to the same vendor with the same invoice number and the same dollar amount, then dig deeper. (Accounts payable software should not allow the processing of two checks with the same invoice number–even so, some systems allow overrides; alternatively, the fraudster may bypass this restriction by altering the invoice number.) If it appears that a double payment has occurred, call the vendor to see if a refund has been issued.

Obviously, some payments to vendors should be for the same amount (such as rent)–these should be ignored for this test.

Sometimes, in performing this test, you will find double payments–made by mistake–that the vendor has not returned. The first time I did this test, I found such a payment for over $75,000.

More Fraud Prevention Tips

For more information about fraud prevention, check out my book on Amazon. Click the book icon below.

A Fraudster’s Refuge: The Appalachian Trail

Day 10 of 30 Days of Fraud

The Theft

Some fraudsters steal money by opening a fraudulent bank account and funneling funds into that account. Today, I show you how one controller did this and walked away with millions.

In May 2015 James Hammes was arrested for the theft of $8.7 million from his former employer, G&P Pepsi-Cola Bottlers. After Mr. Hammes was confronted about the theft in February 2009, he left his home and hid on the Appalachian Trail, which runs from Georgia to Maine. Hammes assumed a hiking name of “Bismarck” and spent several years on the popular trail. Fellow hikers enjoyed Bismarck since he seemed to be one of them.

Wanted poster from the FBI

Wanted poster from the FBI

How the Funds Were Stolen

The FBI reported the following:

Court documents show that Hammes’ embezzlement began around 1998. As a controller, he was responsible for all financial accounting and internal controls for his division, including supervising accounts payable to several hundred outside vendors. He carried out the fraud by establishing a new bank account for an existing vendor at a different bank. He then deposited hefty payments to that vendor—often $100,000 at a time—in the phantom account that he alone controlled. He then could transfer money from the phantom account to his personal accounts.

“He knew how to cover his tracks by manipulating audits and ledger entries,” Jones said. “He got away with it for so long because he knew how to manipulate his subordinates and how not to raise accounting red flags.”

So, Hammes opened a fraudulent bank account at another bank (one the company did not use) and deposited vendor checks into that account. Then he transferred funds out of the fraudulent bank account to himself.  Since he opened the account, he was the authorized check signer. Simple but effective.

The Weakness

If extra payments were made to vendors (and it appears that occurred), then the company may not have been reviewing vendors payments. It’s easy to just make vendor payments without seeing patterns, especially if hundreds of checks are processed each month.

Also, it appears the company may have lacked sufficient segregation of duties since Hammes was able to disburse extra vendor payments without detection.

The Fix

Periodically, review total payments made to each vendor. For example, generate the total monthly payments made to XYZ Company. Then compare the monthly payments over a two to three year period. If payments dramatically increase, then someone within the company may be making additional payments and stealing those checks. Or there may a legitimate reason for the increase. Either way, it’s wise to review vendor payments for anomalies. 

Fraudsters Writing Checks to Themselves: How to Understand It and Prevent It

Day 9 of 30 Days of Fraud

The Theft

Fraudsters do write company checks to themselves. Today I tell you how they do so and how you can prevent this type of theft.

Randy Toms, a city accounting clerk, creates a manual check for $5,200 that is made out to himself and signs it with a signature stamp. (The stamp is used when the mayor is out of town.) Randy enters the transaction into the accounting system–using a journal entry–as a payment to Macon Hardware. The result: The general ledger reflects a payment to Macon Hardware, but the check is made out to Randy. Also, he codes the disbursement to an account with sufficient remaining budgetary balance. The subterfuge works since the expense accounts reflects appropriate vendor activity (a check to Macon Hardware), and expenses don’t exceed budget. Randy performs the monthly bank reconciliation, so he alone sees the cleared checks.

Given Randy’s success with the first check, he continues the fraud for several years.

(Here’s another twist to this type of theft. Some companies print their checks with the signature affixed, so the computer (in effect) signs the check. When this is true, some fraudsters will print the check to a legitimate vendor. Then they will destroy the check and write a manual check (from other company check stock) to themselves. In such cases, they are either authorized signers or they forge the signature.)

Fraudsters writing checks to themselves

This is picture is courtesy of AdobeStock.com

The Weakness

The following provides the perfect environment for this theft:

  1. The existence of the signature stamp
  2. The clerk posts journal entries without a second-person review (approval)
  3. The clerk reconciles the related bank account (ensuring that no one–other than Randy–sees the cleared checks)

As you can tell there is a lack of segregation of duties. Many small organizations are unable to segregate accounting duties since they have a limited number of employees. Even so, there are steps you can take to reduce the possibility of theft.

You may be thinking, “Wouldn’t the auditors catch this type of fraud?” Probably not. Auditors seldom compare cleared checks to supporting invoices. (If you’re an auditor, you may want to consider this potential theft in your fraud brainstorming sessions.)

The Fix

The fix includes the following:

  1. Get rid of the signature stamp
  2. Require second party approval of all journal entries
  3. Have someone other than the clerk reconcile the bank account (and review cleared checks)

Some governments or businesses have bank statements mailed to someone outside the accounting department such as the city mayor or business owner. This person opens the bank statement and performs a cursory review of the cleared checks–once done, the bank statement is routed to the accounting department. Since cleared checks are viewed by someone else, there is less of a chance that the accounting staff will write checks to themselves.

Converting Company Checks to Cash: How to Understand It and Prevent It

Day 8 of 30 Days of Fraud

The Theft

In a recent post, we saw that John opens the mail and receipts checks made out to the City of Whoville. He was stealing cash by using the check-for-cash fraud scheme. That’s one way to steal.

But consider that converting company checks to cash—even without using a check-for-cash scheme—is possible. 

In this post, I show you how fraudsters turn company checks into cash.

converting company checks to cash

Picture is courtesy of AdobeStock.com

John can open a new bank account in the name of the city. Everyone in the community knows that John works in the city’s accounting department; so it appears perfectly normal for him to open a new bank account. John conveniently signs the signature card as the solely authorized signature. The name he uses for the bank account is Whoville Projects. So, the account name appears reasonable, and John has what he wants–a bank account for which he is the solely authorized signer.

John alone opens the mail. Now he steals checks made out to the city and deposits them into the Whoville Projects bank account (the new account is never set up in the city’s general ledger). Then John writes checks from his fraudulent bank account to anyone he chooses–including himself. (Rita Crundwell used an off-the-books checking account to steal $53 million dollars.)

Many companies incorrectly believe that fraudulent bank accounts can’t be opened in their name, especially if they are incorporated. Why? Because most banks ask for copies of company corporate documents. But consider that fraudsters can open a “doing business as” bank account in the name of ABC Company. Since the bank account is a personal (and not a corporate) bank account, the bank will not ask for corporate documentation.

Also, fake corporate documents can be created, if Susie wants to go the route of opening the bank account in the name of ABC Company, Inc.

The Weakness

The fundamental weakness is John opens the mail and receipts the checks by himself. Also, this type of theft often occurs when no one is comparing revenues to budget or prior period amounts. A lack of security cameras allows John’s thefts to go undetected.

The Fix

Two people should be present when the mail is opened and receipted. Another alternative is to use a lockbox; that way, all checks go directly to the city’s bank rather than to the city.

The city should install security cameras and record all activity.

Periodically request a list of all accounts from the bank. Then see if each account is set up in the city’s general ledger.