Wire Transfer Theft: How to Prevent It

How to steal $6.9 million in less than an hour

In one of the easiest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to another account in Austria. The wire transfer originated with the fax of a letter (which took less than an hour to create). Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned her husband in; he later came back to the states of his own volition (after his wife gave him an earful). He went to jail. I guess, after a few boat rides down the Danube, he missed his family.

Preventing wire transfer theft

Picture from AdobeStock.com

Wire Transfer Theft is Easy

It’s easy for an accounting clerk (or other authorized company official) to wire funds and to cover their tracks with a journal entry – too easy in many cases. If a company  accountant or official has the ability to (1) wire funds by himself and (2) make journal entries without a second-person review, then the organization has left the fraud door wide open. Such a situation is not uncommon in small businesses, nonprofits and governments.

As you think about wire transfers, consider that they can be originated with a fax, a phone call, a personal visit to the bank, or a computer. Determine how your bank handles wire transfers and craft your internal controls based on those dynamics.

Wire Transfer Internal Controls

Organizations should do the following to mitigate wire transfer fraud:

  1. Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  2. Require two persons to consummate all wire transfers to external parties (the most important control in my opinion)
  3. If the wire transfer request is by phone or by fax, require the bank to call your organization back before the wire transfer is consummated
  4. The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are keyed into the bank software as a part of the transfer request)
  5. Restrict the bank accounts from which a wire transfer can be made (the organization may want to limit external wire transfers to just one bank account)
  6. Restrict certain bank accounts so that wire transfers can only be made to other bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  7. Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  8. Require sufficient documentation for all wire transfer journal entries; require a second-person review of these journal entries
  9. Consider using a dedicated computer for all wire transfers; do not use this computer for any other purpose (malware is often picked up by computers as they visit Internet websites)
  10. Use all bank-provided wire transfer controls
  11. Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

Use Fraud Prevention Controls Offered by Banks

Not using controls offered by banks may make your organization liable should funds be stolen by hackers. One company sued its bank when hackers took $440,000 from its bank account with a wire transfer; the judge ruled against the company because it had opted out of control procedures offered by the bank. Also make sure your company uses appropriate firewall and antivirus protection.

Closing Words

If one person can make external wire transfers and journal entries to record those transactions, you have the makings of wire fraud–soon you may see that employee on Facebook, riding down the old Danube.

Video from Gary Zeune

You can see a news video about the nonprofit fraud mentioned above at Gary Zeune’s website: The Pros and The Cons. (If you have not heard Gary speak about fraud, you should do so. He does a great job.)

How to Steal Money with Altered Check Payees

This simple fraud occurs all too often

Some fraudsters steal money with altered checks.

As a kid I once threw a match in a half-gallon of gasoline – just to see what would happen. I found out. Quickly. In a panic, I kicked the gas container–a plastic milk jug–several times, thinking this would somehow put the fire out. But just the opposite occurred, and when my father found out? Something else was on fire.

Steal money with altered check payees

Some accounting weaknesses create unintended consequences. Show me an accounting clerk who (1) can sign checks (whether by hand, with a signature stamp, or with a computer-generated signature), (2) posts transactions to the accounting system, and (3) reconciles the bank statements, and I will show you another combustible situation. Here’s how one city clerk created her own blaze.

Altered Check Example

Using the city’s signature stamp, the clerk signed handwritten checks made out to herself; however, when the payee name was entered into the general ledger (with a journal entry), another name was used – usually that of a legitimate vendor.

For example, Susie, the clerk, created manual checks made out to herself and signed them with the signature stamp. But the check payee was entered into the accounting system as Macon Hardware (for example). Also, she allocated the disbursements to accounts with sufficient remaining budgetary balances. The subterfuge worked as the expense accounts reflected appropriate vendor activity and expenses stayed within the budgetary appropriations. No red flags.

Check

The accounting clerk, when confronted with evidence of her deception, responded, “I don’t know why I did it, I didn’t need the money.” We do a disservice to accounting employees when we make it so easy to steal. Given human nature, we should do what we can to limit the temptation.

How?

Controls to Lessen Check Fraud

First, if possible, segregate the disbursement duties so that only one person performs each of the following:

• Creating checks
• Signing checks
• Reconciling bank statements
• Entering checks into the general ledger

If you can’t segregate duties, have someone (the Mayor, a non-accounting employee, or an outside CPA) review cleared checks for appropriateness.

Secondly, have a second person approve all journal entries. False journal entries can used to hide theft. With sleight of hand, the city clerk made improper journal entries such as:

                                                Dr.                 Cr.

Supply Expense              $5,234

Cash                                                        $5,234

 

The check was made out to Susie, but the transaction was, in this example, coded as a supply expense paid to Macon Hardware. You can lessen the risk of fraud by preventing improper journal entries.

Thirdly, limit who has access to check stock. It’s usually wise to keep blank check stock locked up until needed.

Finally, limit who can sign checks, and deep-six the signature stamp.

A word to external auditors looking for a fraud test idea (or those just looking for check fraud): Consider testing a random sample of cleared checks by agreeing them to related invoices. Work from the cleared check to the invoice. It is best for the auditor to pull the invoices from the invoice file; if you ask someone in accounting to pull the invoices, that person might create fictitious invoices to support your list (not hard to do these days). If the payee has been altered, you will, in many cases, not find a corresponding invoice. Pay particular attention to checks with payees that are company employees.

Red Flags of Governmental Fraud

Fraudsters unwittingly send signals--Do you know them?

Fraud is detected by tips more than any other way–over 40% in the most recent Association of Certified Fraud Examiners’ survey. And many of those tips came from employees who knew the signs of fraud.

How can governments make employees aware of fraud signals? Education.

Picture is courtesy of DollarPhotoClub.com

Picture is courtesy of DollarPhotoClub.com

Would your employees recognize fraud if it were occurring? Some red flags are obvious. Others are not. Here are some sample governmental fraud red flags:

External Red Flags

  • Unexplained increases in the wealth of an accounting employee or elected official
  • Employee personal problems such as a divorce, substance abuse, financial difficulties, legal problems
  • Employee living beyond his or her means
  • Unusually close employee association with a vendor

Cash Receipts and Billing Red Flags

  • Taxpayer complaints concerning nonpayment notices (even though payment has been made)
  • A pattern of customer complaints in the utility billing and collection process
  • Substantial write-offs of receivables without support
  • Unexplained decreases in revenues
  • A pattern of missing receipt forms

Disbursements and Purchasing Red Flags

  • Altered or incomplete supporting documentation for disbursements
  • Purchasing party (e.g., department head) picking up processed vendor checks rather than accounts payable personnel mailing them
  • Unexplained increases in expenses
  • Excessive expenses when compared to the budget
  • Vendors without physical addresses

Payroll Red Flags

  • Employees with no or little payroll deductions
  • Excessive overtime expenses
  • Excessive payroll expenses when compared to the budget

Capital Assets Red Flags

  • Winning bid appears too high; all contractors submit consistently high bids
  • Qualified construction contractors not submitting bids
  • Reports of missing capital assets
  • A lack of accountability for capital assets

General Red Flags

  • A refusal by accounting personnel to take vacations
  • Unwillingness to share accounting duties
  • Employee irritability or defensiveness
  • Complaints about inadequate employee pay
  • A lack of transparency in accounting
  • Rumors of unethical conduct
  • A history of corruption in the government
  • Financial decisions made by one person with little or no accountability
  • Undocumented journal entries
  • Untimely bank reconciliations
  • Inexperienced or lax accounting personnel
  • Missing accounting records

Just because a red flag exists does not mean that fraud has occurred, but it’s still important to know the signs. Often where there’s smoke, there’s fire. Teaching employees the signals of fraud can save your government a great deal of money.

To learn more about fraud prevention for governments, check out my book on Amazon.

The New COSO Framework

See what changed in the new COSO Framework

Rita Crundwell, the former comptroller for Dixon, Illinois, stole over $53 million from a city of 16,000 people with an annual budget of $6 to $8 million. In the early 1990s, she opened a secret bank account in the name of the city and began transferring funds (disguised as payments to the Illinois DOT). The monies (in the secret account) were used by Rita to fund one of the nicest quarter horse ranches in the world.

The theft was simple. The damage was massive.

COSO Framework

Picture courtesy of DollarPhoto.com

Losses from fraud and other risks can happen to any organization that lacks sufficient internal controls. Therefore, it’s imperative that your business, government, or nonprofit create a sound working internal control system.

Why COSO?

Prior to 1992 (the year COSO’s internal control framework came into existence), internal control guidance was sparse. Accountants knew that controls were needed, but many had no model to follow.

COSO to the Rescue

The Committee of Sponsoring Organizations (COSO), consisting of five organizations, such as the AICPA, came together to develop an internal control framework that accountants could use in any organization. Those standards have served well over the last twenty years, but with many changes in technology (e.g., cloud computing), the uptick in laws and regulations (e.g., Sarbanes Oxley), the increase in outsourcing (e.g., payroll), and the higher incidence of fraud, it became apparent that the framework needed amendments. So the COSO did just that, releasing the updated framework in May 2013; the effective date of the guidance is December 15, 2014.

The Hip Bone Connected to the Leg Bone

COSO added greater definition and guidance in regard to the five internal control components created back in 1992:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

As the 1992 framework states, these five components should be holistically integrated to create a healthy and safe control environment for business, nonprofits, and other organizations.

And what does this integration look like?

Every entity needs ethical leadership (the control environment). Those leaders identify key risk areas, usually in terms of likelihood and dollar impact. Once the risk areas are known, controls are designed and implemented (control activities) to ensure the creation of financial information (information and communication). Lastly, the organization monitors the system to ensure that it all works as planned (monitoring).

Most auditors (and those who design internal controls) usually emphasize the control activities component. The reason? Audit opinions relate to financial statements and deficiencies in control activities often allow misstatements to occur. The result? The reporting of significant deficiencies and material weaknesses. As auditors issue control deficiency letters, they tend to focus on control activities, though those communications can and should address deficiencies in the other four internal control components.

What changed in the new COSO framework?

Key changes in the 2013 framework include:

  • The addition of 17 principles (each related to one of the five control components listed above)
  • The addition of points of focus (each applicable to one of the 17 principles)
  • An increased focus on fraud
  • An increased focus on governance
  • An increased focus on information technology
  • An increased focus on compliance with laws and regulations

Why should I care about these changes?

Think of the COSO framework as the fountainhead of all that is good in internal control land. And once COSO speaks, other important bodies (e.g., the AICPA Auditing Standards Board) listen and absorb what is published. Remember SAS 109, Understanding the Entity and Its Control Environment, issued in 2006? Guess where the five control components (control environment, risk assessment, control activities, information and communication, and monitoring) came from? Don’t be surprised if you see the 17 new COSO principles–and possibly the points of interest–embedded in future audit standards.

In any event, the new COSO guidance is a great place for any business or organization to develop a control system that identifies and mitigates risks.

Then disasters–like the one in Dixon, Illinois–can be avoided.

Deeper Dive

If you are interested in more information about the new COSO guidance, consider purchasing the book Executive’s Guide to COSO Internal Controls by Robert Moeller. Mr. Moeller provides a nice summary of the framework along with implementation steps.

You can buy the COSO Framework here.

Fraud Prevention for (Very) Small Governments

Most governmental officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

Old-fashioned Main Street

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources – whether money to pay for outside assistance or employees to segregate duties – to prevent fraud. Here are few ideas for even the smallest of governments.

First let’s look at lower cost options:

  • Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity prior to providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
  • Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
  • Once or twice a year, have council members randomly select checks (e.g., 10 vendor checks and 10 payroll checks) and review supporting documentation (e.g., invoices and time sheets)
  • Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
  • Provide monthly budget to actual reports to mayor and council
  • Provide monthly overtime summaries to mayor and council
  • Do not allow Dale to sign checks
  • Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
  • Require Mayor Chester and Dale to authorize any wire transfers
  • Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
  • Don’t provide Dale with a credit card
  • If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
  • Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Now let’s examine some higher cost options (that are probably more effective):

  • Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
  • Have an outside CPA or CFE map your internal control system and make system-design recommendations
  • Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
  • Install a security camera to record all of Dale’s collection and receipting activity
  • Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA; simply include contract limits for the project; the contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most important steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Other Suggestions?

What other suggestions do you make for small government fraud prevention?

Click here for a list of local government controls to consider.

The above picture is courtesy of iStockphoto.com.

My book provides additional fraud prevention ideas. Presently it is only available in a Kindle format, but I plan to have the physical book available within the next two weeks.

Livescribe: Note Taking Magic

Have you ever interviewed a client, feverishly taking notes, and straight away forgot critical facts (that you did not have time to write down)? You wish you had a recording of the conversation. Better yet, you wish you could magically touch a particular word in your notes and hear the words that were being spoken at that moment. What if I told you, you can?

IMG_0001_2Think about what you could record:

  • CPE class lectures
  • Walkthroughs of transaction cycles
  • Board or committee or partnership meetings
  • Fraud interviews

How? Livescribe.

What is Livescribe? It’s an electronic pen/recorder. As you write on special coded paper, you simultaneously record the conversation (the recorder is built into the pen). Once done, you touch a particular letter in a word (with the pen) and you will hear, from the pen, the conversation that was occurring at that moment. No more forgetting and not being able to retrieve what was said. And it’s efficient since you can go to any particular part of the conversation using your notes as signposts.

To start a recording, you press the tip of the pen to the “record” icon at the bottom of the page.

IMG_0002

To stop the recording you press the “stop” icon above.

Once the recording is complete, you simply touch the tip of the pen to any letter and the audio recording will start playing–from the pen–at that point.

IMG_0004

You can upload the pen notes and the audio to your computer desktop Livescribe software using a USB cord that connects to the pen. (Yes, you can play back notes from your uploaded desktop copy just as you can with your pen; click a letter with your mouse and the recording will play.)

IMG_0003I was surprised at the clarity of the sound from the pen and at the amount of audio that the pen will hold–200 hours (for the Echo version that you see above).

There are different versions of the pen; I bought the Echo version due to price–only $115. You can review the available pens on Amazon. I also bought additional Livescribe notebooks (they come in packs of four) and a portfolio (binder) to hold the notebook and pen.

Another Option 

If you have an iPad, you can buy the Notability app for $2.99 and record conversations with your notes (which play back similar to Livescribe); this is a new feature that Ginger Labs (maker of Notability) just added. You will need a stylus to take notes since you will write on your iPad screen.

One More Thought

If you are performing a walkthrough of a complex transaction cycle, consider using your phone to take pictures of what you are seeing (e.g., computer screens, documents). Between your notes (with audio) and your pictures, you will have an excellent understanding of what you have seen and heard.

Steal Like a Boss

How do fraudsters think and act?

Can you steal like a boss? White collar crime takes special skills and thoughts. Do you have what it takes? Here’s my tongue-in-cheek look at how I would steal.

Steal Like a Boss

Picture Courtesy of iStockphoto.com

To steal, I need to:

  1. Be Believable
  2. Have a Cause
  3. Calm My Conscience
  4. Develop My Plan
  5. Execute My Plan
  6. If Caught, Settle Out of Court

1. Be Believable

I must be seen as trustworthy. The more age, experience, and education I have, the better. The longer I work for the organization, the more I will be trusted.

And while I’m at it, I’ll do what I can to move to positions of higher authority which will provide me with greater opportunities. Being the boss will enable me to steal like a boss.

If possible, I will gain the ability to authorize or initiate purchases. Kickbacks (paid to those who authorize payments) are difficult to detect, even by professional fraud examiners, and the dollars can be significant. Like stealing candy from a baby.

2. Have a Cause

Any financial pressure will do–a gambling or drug habit, an affair, medical bills, or maybe I just want to appear more successful than I am. If I don’t have a need, I will create one. I am my own cause.

My unshareable need (cause) must not be known by others lest they suspect my need for cash.

3. Calm My Conscience

I hate when that little voice starts talking: “Charles, you can’t do this. Your grandmother would be so ashamed.” It takes skill and fortitude, but I must calm my conscience. All the more reason to have a cause (see point 2.). The more noble I can make my cause, the better. Something like, “I’ve earned this. The company should realize my greatness and provide me with appropriate compensation. I have three kids in college, and they need this. You know I really want to be good provider for my family.” I may need to start stealing borrowing or compensating myself in small amounts and then build up. This will make it easier for my conscience to adjust.

I need to think correctly. When that little voice speaks, I will reword those thoughts. I know I am right.

4. Develop My Plan

I will pay attention to control weaknesses.

Our auditors have told us for years that we lack appropriate segregation of duties. Opportunity awaits.

If I am going to steal be compensated appropriately, I need to make it worth my while. Be bold. Think big. I have noticed that one of our key vendors has been very kind to me, a free week-long trip to Vegas for the last three years. And a key contract renewal is coming up. I think cash would be better this year. Besides, I know the CFO received an even sweeter trip than I did last year. And bribes gifts don’t hurt anyone; the vendor pays for them (though I have noticed the vendor’s pricing seems to be increasing…actually, exploding).

5. Execute My Plan

Take Compensate myself in a steady under-the-radar kind of way. Most folks get greedy. I must be diligent to work in a measured way, not taking receiving more than would be noticed. Greed is my enemy, the element that lands good guys like me in the newspapers.

Also, I think I can consistently steal borrow money from the receipts cycle since I am in charge of daily deposits and all related accounting duties. This might cost me my vacation though. I need to be on the job to continue to hide perform my duties. But if the funds taken compensation is enough, I can forgo the Vegas trip.

6. If I Get Caught, Settle Out of Court

If I am discovered someone notices that I have borrowed funds, then I may have to beg for forgiveness and promise to pay it back. And, of course, I need to make sure the company understands my concern for its reputation; news like this does not coalesce well with the company’s mission statement: Honesty and Compassion for Those We Serve.

I don’t need a criminal record, especially if I need to steal borrow funds from my next employer.

More Fraud Information

You’ll find more information about fraud prevention in my book: The Little Book of Local Government Fraud Prevention.

Backdoor Thefts of Payroll Withholdings

Common payroll frauds include ghost employees, inflated time cards, and improper changes to pay rate files. These payroll frauds are usually discussed in fraud prevention classes, but backdoor thefts of payroll withholdings are not. So how is this fraud carried out?

iStock_000016900942Small

A payroll clerk intentionally overpays payroll withholdings (for the business as a whole), alters his or her personal W–2 withholdings to include the excess payment, and later receives a tax refund that includes the overpayment.

For example, if Gertrude, the payroll clerk, intentionally overpays state tax withholdings by $25,000, she can amend her W–2 so that it reflects the excess payment as withheld from her paycheck (though it was not); once she files her state tax return, she gets an extra $25,000. In effect, she is using the state government as a funnel for her theft. Since payroll tax deposits are seldom monitored by a second person, it’s an easy way to steal.

The potential for this scheme increases if one person processes payroll, files all related payroll tax reporting information, makes payroll withholding payments, and records payroll entries in the general ledger—not uncommon in smaller organizations or businesses. As a preventive measure, have someone outside of the payroll department review all W–2s before they are issued; this person should also physically mail the W-2s (to prevent the payroll clerk from making changes after the review).

Governmental Fraud Prevention Book

This fraud is discussed in my book: The Little Book of Local Government Fraud Prevention. The book covers dozens of common local government frauds and how to prevent them. For a limited time you can purchase the Kindle version on Amazon for only $4.99

The photo is courtesy of iStockphoto.com.

Stealing While Dying

In one of the stranger frauds I’ve seen, the bookkeeper was stealing money while dying. Going to meet your Maker with the fresh scent of theft on your hands is not a good way to go.

manager in office

Courtesy of iStockphoto.com

I had provided external audit services to this health department for years and knew the bookkeeper (we’ll call her Katie) quite well. She sent me thank you cards – yes, thank you cards – for my audit work. Katie was polite, well spoken, and great at her job. If ever I thought there was someone who would not (and could not) steal, it was (you guessed it) Katie.

But external circumstances can make even the best of people do the impossible. During the course of one audit year, Katie developed cancer. The medical treatments resulted in numerous medical bills, many of which were received while she still worked off and on. Sadly she eventually died.

Knowing that Katie had passed away, I knew the audit would be challenging, especially since the health department board had not hired anyone to replace her.

Upon my arrival I requested the bank statements, but the remaining employees could not locate them (not a good sign). I thought maybe she had taken the bank statements home and had not returned with them due to her illness. After the employees had searched for some time with no result, the client requisitioned the bank statements and cleared checks from the bank (this was some twenty years ago, before electronic access).

In reviewing the cleared checks, I quickly noticed round-dollar vendor checks written to Katie. The first one was for $7,000. My first thought was, “not Katie, I’ve known her too long. No way. Surely there’s a reason for this.” But then there was another and another…

Reporting the theft to the health department board was difficult. Here was an honest person who had stolen money because she felt she had to.

This is one case where I wanted to just let it go, to walk away and pretend it didn’t happen. But I knew that was not an option. Can you imagine being the board member that called Katie’s husband – just months after her death – and informed him of the theft?

Fraud is an ugly thing.

If you ever need a reason to communicate control weaknesses in an open manner, here’s one – for the employee’s own safety (not to mention your own).  Sometimes money is too tempting, even for the best of people.

Fraud Triangle 

So what led to the theft?

  • Pressure (need for cash)
  • Opportunity (almost no segregation of duties), and
  • Rationalization (Katie’s unselfish desire to leave her family with no medical bills).

Katie was authorized to sign checks. Though the checks required two signatures, the bank cleared these checks with just Katie’s signature. Since Katie keyed all transactions into the computer and reconciled the bank statements, she had the keys to the castle. (I was thankful that our firm had – in the prior audits – communicated the lack of segregation of duties.)

The guy or gal you’re auditing is too honest to steal? Maybe. But you never know what is going on in their lives – or what will come.

Lessons Learned

  • When records go missing – pay attention
  • When you see round-dollar vendor checks – dig deeper
  • When your client lacks segregation of duties – raise your antenna

Your Fraud Story

What strange occurrences of fraud have you observed?