Employees sometimes steal with company credit cards. Today, we look at a case where one employee was able to steal over $300,000 by misusing college credit cards.
Donna Gamble made fraudulent purchases of over $300,000 using Georgia Tech purchase cards (credit cards).
Gamble was employed by Georgia Tech in the Parker H. Petit Institute for Bioengineering and Bioscience. As part of her job, she had access to Georgia Tech credit cards.
Gamble used the purchase cards to buy over 3,800 personal items. How did she hide her theft? She submitted false receipts to her supervisor and made fraudulent accounting entries. The thefts–taken from grant money provided to Georgia Tech by the National Science Foundation–occurred from April 2002 through April 2007. So money designed to advance educational learning was spent on personal items such:
- A popcorn machine
- Football tickets
- A wave runner
- Video games
Ms. Gamble was sentenced to two years and eight months in federal prison.
The internal control weakness that led to the theft was a lack of appropriate monitoring.
Credit cards provide a simple means to bypass normal purchasing policies. Most purchasing policies require the issuance of a purchase order prior to the purchase. Such purchase orders are provided by a second person–someone other than the purchaser. So, the authorization to purchase is separate from the bookkeeping. In other words, at least two people are involved in the purchase transaction. Having multiple people involved in such transactions strengthens the controls. Why? A single person can’t make purchases alone. Consequently, theft–when such controls are in place–requires collusion. Now, it’s more difficult to steal.
Many organizations don’t require purchase orders for credit card purchases. Therefore, one person can purchase without a second person’s involvement. Even when a second person authorizes purchases, theft can occur if that person doesn’t pay sufficient attention to purchase requests (and the related documentation).
What’s the fix? The monitoring of credit card use. Persons using company credit cards must know that someone else sees their purchases. For instance, internal auditors should routinely audit credit card activity. And the users should know that such audits occur.
Theft, like the one above, occurs when the fraudster knows no one is looking–they believe they can steal, and no one will notice.
Here are some ideas to lessen the possibility of credit card fraud:
- Limit the number of cards issued
- Assign each card to one person
- Set low credit limits
- Keep all cards in a secure location
- Restrict card usage to particular vendors (which can be done with a purchase card)
- Require the person to provide support for each purchase
- If appropriate support is not provided, disallow the use of the card
- Reconcile monthly credit card statements to supporting documentation
- Audit personnel (internal or external) should review credit card activity
- Provide a summary credit card activity report for each employee to the governing body or owners of the company
For more information about white-collar crime, click here.