Category Archives for "Asset Misappropriation"

How Employees Steal with Company Credit Cards

By Charles Hall | Asset Misappropriation

Some people wonder Is using a company credit card for personal use embezzlement? It can be. Employees sometimes steal with company credit cards. Today, we look at a case where one employee was able to steal over $300,000 by misusing college credit cards.

The Theft

Donna Gamble made fraudulent purchases of over $300,000 using Georgia Tech purchase cards (credit cards).

Gamble was employed by Georgia Tech in the Parker H. Petit Institute for Bioengineering and Bioscience. As part of her job, she had access to Georgia Tech credit cards.

Gamble used the purchase cards to buy over 3,800 personal items. How did she hide her theft? She submitted false receipts to her supervisor and made fraudulent accounting entries. The thefts–taken from grant money provided to Georgia Tech by the National Science Foundation–occurred from April 2002 through April 2007. So money designed to advance educational learning was spent on personal items such:

• A popcorn machine
• Football tickets
• A wave runner
• Video games

Ms. Gamble was sentenced to two years and eight months in federal prison.

The Weakness

The internal control weakness that led to the theft was a lack of appropriate monitoring.

Credit cards provide a simple means to bypass normal purchasing policies. Most purchasing policies require the issuance of a purchase order prior to the purchase. Such purchase orders are provided by a second person–someone other than the purchaser. So, the authorization to purchase is separate from the bookkeeping. In other words, at least two people are involved in the purchase transaction. Having multiple people involved in such transactions strengthens the controls. Why? A single person can’t make purchases alone. Consequently, theft–when such controls are in place–requires collusion. Now, it’s more difficult to steal.

Many organizations don’t require purchase orders for credit card purchases. Therefore, one person can purchase without a second person’s involvement. Even when a second person authorizes purchases, theft can occur if that person doesn’t pay sufficient attention to purchase requests (and the related documentation).

The Fix

What’s the fix? The monitoring of credit card use. Persons using company credit cards must know that someone else sees their purchases. For instance, internal auditors should routinely audit credit card activity. And the users should know that such audits occur.

Theft, like the one above, occurs when the fraudster knows no one is looking–they believe they can steal, and no one will notice.

Here are some ideas to lessen the possibility of credit card fraud:

• Limit the number of cards issued
• Assign each card to one person
• Set low credit limits
• Keep all cards in a secure location
• Restrict card usage to particular vendors (which can be done with a purchase card)
• Require the person to provide support for each purchase
• If appropriate support is not provided, disallow the use of the card
• Reconcile monthly credit card statements to supporting documentation
• Audit personnel (internal or external) should review credit card activity
• Provide a summary credit card activity report for each employee to the governing body or owners of the company

For more information about white-collar crime, click here.

Payroll Fraud: Easy Ways to Steal

By Charles Hall | Asset Misappropriation

Payroll fraud is quite common. Sometimes the theft occurs as a payroll department employee secretly inflates payments to family and friends.

Payroll Fraud

One Friday evening, Jimmy and Rachel are sitting on the back porch drinking a cool lemonade and chatting about how long it’s been since the business gave them a raise–three years and counting. And everyone knows the owners just bought a beautiful cabin in Aspen. The cost: $10 million. Meanwhile, Jimmy and Rachel (cousins) are wiling away their time discussing what they could do to make more money.

“Don’t you control what people make,” Jimmy starts. Rachel laughs and says, “I may be in payroll, but I can’t give anyone a raise.”

Jimmy pauses and says, “I didn’t ask if you give raises? I mean, can’t you change pay rates, like you could increase mine. You know, quietly.” He grunts, “After all, the owners sure don’t need the money.”

Rachel ponders the request and replies, “I think I could. No one ever reviews what I do. I doubt anyone would ever notice. Come to think of it, I could do the same for myself. With over 300 employees, no one would know. The supervisors never look at the computer payroll files, only the physical personnel files.“

The next day Rachel increases her pay rate and Jimmy’s by 10%, just to test the waters. If anyone notices, she’ll say it was a mistake. But no one does. And after six months, she moves the rates even higher–another 30%. Easy money. Even if she’s caught, white collar crime is often lightly punished.

Payroll Fraud Control Weakness

No one is comparing–on a test basis–the pay rates in the payroll master file to the approved rates in the personnel files.

Correcting Payroll Fraud Weaknesses

Have someone in internal audit or an external CPA or CFE randomly select employees, comparing the master pay rates for each person to the personnel files. Let the payroll and human resources employees know that this test will be performed once a year. The knowledge of the test will be a deterrent to fraudulent increases in the master pay rate file. In particular, pay rates for payroll personnel should be reviewed.

How to Audit Payroll

For a detailed article about how to audit payroll, check out my post here.

Stealing While Dying: A Motive for Fraud

By Charles Hall | Asset Misappropriation

Some fraudsters steal while dying. What’s their motive? Possibly to avoid leaving their family with medical bills. Whatever the reason, it’s a strange thing. Today we visit a fraud that I encountered over twenty years ago.

The Theft: Stealing While Dying

In one of the stranger frauds I’ve seen, the bookkeeper of a small health department, Susan, stole money. And she did so while she was dying. In the last months of her life, she fought a battle with cancer. In between the chemo treatments, she continued her work. I’m sure she believed she would survive. After all, she was only thirty-six. 

I had provided external audit services to this health department for years and knew Susan well. She sent me thank-you cards–yes, thank-you cards–for my audit work. She was polite and great at her job. If ever I thought there was someone who would not (and could not) steal, it was her.

But external circumstances can make the best of people do the unexpected. The medical treatments resulted in numerous medical bills, many of which she received while still working. She died just before my annual visit for the audit.

Knowing that Susan had passed away, I knew the audit would be challenging, especially since the health department board had not hired anyone to replace her.

Upon my arrival, I requested the bank statements, but the remaining employees could not locate them. I thought maybe she had taken the bank statements home and had not returned with them due to her illness, but that was not the case. After the employees searched for some time with no result, the health department requisitioned the bank statements and cleared checks from the bank.

In reviewing the cleared checks, I quickly noticed round-dollar checks written to Susan. The first one was for $7,000. My first thought was, “Not Susan, I’ve known her too long. No way. ” But then there was another and another…

The Weakness

The weakness was a lack of segregation of duties. Susan did the following:

• Keyed payables into the general ledger
• Created checks for signing
• Had signature authority on the bank account
• Reconciled the bank statements
• Created the monthly financial statements

Are you noticing a recurring theme in the 30 Days of Fraud? Yes, a lack of segregation of duties. It’s fundamental. One person should not be allowed to do everything.

The Fix

Segregate the accounting duties. Most importantly, Susan should not have been on the bank’s signature card. Additionally, someone other than Susan should have been reconciling the bank statement and examining cleared checks. For small organizations, have the bank statements mailed to someone outside the accounting department (e.g., a board member). This outside person should open the statements and review the cleared checks—then the statements should be sent to accounting.

See my cornerstone fraud article: How to Prevent White-Collar Crime.

Inflated Invoices: An Easy Way to Steal

By Charles Hall | Asset Misappropriation

Fraudsters can steal with inflated invoices. In the story below, you’ll see that a school maintenance director was able to take millions by doing so. Today, we look at how this scheme works and how you can prevent it.

Inflated Invoices

The school maintenance director, Derek Brown, purchases materials from two local hardware stores; also, the school contracts with a nearby electrical services company. Each of these businesses is owned by relatives of Derek. While the school board knows about the familial relationships, they are accustomed to the use of these vendors. After all, it’s been that way for years.

What the board doesn’t know is that Derek often receives inflated invoices from these related parties. For example, if the school orders $30,000 of supplies, it receives an invoice for $45,000. Derek approves the purchase orders, the physical receipt of the goods, and the payment of the invoice. (At times, one of Derek’s assistants counts the physical goods received, but he is party to the fraud as well.) It’s easy for Derek to approve the overstated bills. 

Additionally, some of Derek’s business friends (persons doing business with the school) send invoices to the school for services never provided. He approves these payments as well. 

About once a month, the related-party vendors pay Derek 50% of the excess billings.

The above fraud example is based (partially) on an ongoing case involving the Floyd County Schools where millions were stolen.

Internal Control Weakness

The weakness lies in the lack of segregation of duties. Derek approves:

• The purchase orders
• The physical counts of goods or services received
• The approval of the invoices

A contributing element is the school board going to sleep–these types of relationships should be vetted. If no other vendors are available–often the reason for using such local businesses–then additional scrutiny should be brought to bear upon the related payments.

Stopping Inflated Invoice Fraud

Segregate the duties, especially the purchase order approval. A conflict-of-interest policy should be adopted requiring all school officials and key administrative personnel to disclose questionable relationships. If key conflicts are not eliminated, the related activity should be subject to audit by an outside CPA or Certified Fraud Examiner.

Additional Fraud Prevention Assistance

If you work with local governments, you will find my fraud book useful in identifying and preventing fraud. See the book on Amazon by clicking the icon below.

 

How to Steal by Double Paying a Vendor

By Charles Hall | Asset Misappropriation

The Theft

Fraudsters can steal by double paying a vendor. In this article, I show you how duplicate payments sometimes end up in an employee’s pocket and how to prevent this fraud.

John, an accounts payable clerk, works for Zoom Inc. Last year, he accidentally sent two checks to the same company for the same invoice. To recover the second disbursement, John called the vendor, and they quickly returned the extra payment. While he was embarrassed about his mistake, he realized that had he not recovered the check, no one would have noticed.

Steal by Double Paying the Vendor

John has the itch to buy a new BMW. He saved some money, but he needs more–much more. Then he remembers the accidental double payment and has an epiphany. Yeah…that might work.

John intentionally pays the company’s vendor, River Merchants, twice for the same invoice of $47,540. The checks are signed electronically by computer, so no one is physically inspecting the checks or invoices. Liz, John’s coworker, mails all vendor payments. Consequently, he can’t steal the second check before mailing.

Liz mails the checks. The next day John calls River Merchants saying, “Sorry, but I just realized I sent two payments to you for the same invoice. Would you please return the second check? My address is…”

John receives the second check Monday morning. Now he converts the check to cash by opening a bank account in the name of River Merchants and depositing the check. John is the authorized check signer on the account, so he writes a check to himself. He’s soon cruising the boulevard in his new red Beemer.

The Weakness

No one is monitoring the accounts payable process. While the company did implement the policy of having a second person mail the checks, no one is reviewing check disbursements for double payments.

The Fix

Periodically download the check register to Excel; you only need the following columns:

1. Vendor name
2. Check number
3. Invoice number
4. Check amount (amount paid)

Sort the payments by vendor name; then scan the list for same amounts paid to the same vendor. If you see payments to the same vendor with the same invoice number and the same dollar amount, then dig deeper. (Accounts payable software should not allow the processing of two checks with the same invoice number–even so, some systems allow overrides; alternatively, the fraudster may bypass this restriction by altering the invoice number.) If it appears that a double payment has occurred, call the vendor to see if a refund has been issued.

Obviously, some payments to vendors should be for the same amount (such as rent)–these should be ignored for this test.

Sometimes, in performing this test, you will find double payments–made by mistake–that the vendor has not returned. The first time I did this test, I found such a payment for over $75,000.

More Fraud Prevention Tips

For more information about fraud prevention, check out my book on Amazon. Click the book icon below.