Fraud Forum Results: Exploring New Ways to Protect the Organization’s Cash

If detecting and preventing occupational fraud is your professional duty, plan on filing this issue of The White Paper in your “frequently referenced” file (along with all the other issues, of course). The Association is proud to announce the results of the first-ever Occupational Fraud Forum, which took place last August in New Orleans, La., just prior to the Ninth Annual Fraud Conference.

Participating in this executive roundtable, “Exploring Ways to Protect the Organization’s Cash,” was a wide range of professionals dedicated to fighting white-collar crime, such as forensic accountants, auditors, loss prevention specialists, lawyers, and many others. They were presented with detailed information regarding the mechanics of three types of occupational fraud (skimming, check tampering, and billing schemes) and then were asked to devise methods of detecting and preventing these crimes.
Here are the results:

Skimming and Cash Larceny Schemes 

Skimming is the theft of cash before it is recorded in an organization’s books. It is an off-book scheme that is particularly hard to detect by normal accounting procedures, because the scheme leaves no direct audit trail. Skimming is among the most pervasive forms of occupational fraud.

Skimming at the Point of Sale 

The danger of skimming is particularly great at the point of sale when an employee first receives cash from a customer. In the retail industry, for example, employees who work at a cash register often pocket sales without recording them. Many times, the organization’s best chance to detect a skimming scheme is to catch the fraudster in the act. Forum participants named some ways an organization could detect employees stealing cash at the point of sale:

• Install video cameras to monitor cash collection points. Tell employees about the cameras to eliminate perceived opportunity.
• Place registers in clusters to increase visibility of cash transactions.
• Learn to spot “markers” that employees use to keep track of how much they have stolen. (For instance, an employee who has stolen $500 might keep a nickel by his register to represent the $500 he has pocketed.)
• Institute employee reward programs for turning in suspects.
• Conduct surprise cash counts.
• Place a supervisory station near point of sale. (Consider elevating it for better observation.)
• Require employees to place bags, coats, and other personal belongings at a specified location that is visible to management, so stolen money or goods cannot be hidden in these items. Consider video surveillance of this area as well.
• Create customer awareness about asking for receipts. (For instance, some businesses offer discounts on purchases if the customer does not get a receipt.)
• Make employee uniforms pocketless.
• Check daily the sequentially numbered receipts for missing ones.
• Require an activity log for external sales staff (date and time of sales call, customer visited, address, and result).
• Reconcile inventory on a regular basis, looking for high levels of shrinkage.
• Look for excessive number of “no sales” or other non-sale transactions.
• Watch for drop in gross profit margin.
• Use secret shopper service to observe clerks and their procedures.
• Rotate job schedules and look for variances in revenues for the same or similar time periods. Consider bringing in temporary employees as the “control” group in this scenario.

Skimming in the Mailroom 

The second most common place for skimming is in the mailroom. Employees who open an organization’s mail often steal incoming checks and never log the payments. If the stolen check was sent along with a product order, the perpetrator often will steal the product and send it to the customer. This will keep the customer from complaining about paying for goods that he did not receive. Forum participants named several ways an organization can detect skimming in the mailroom:

• Install video surveillance and create management presence where mail is opened.
• Obtain a mail count from the post office — does this number match the number of checks received?
• Employee two people to open the mail.
• Require employees to immediately stamp “for deposit only” on all incoming checks.
• Use a lock box, accessible by bank personnel only, to collect payments by mail. (Require two employees pick it up.)
• Have the mail opened in a clearly visible area, free of blind spots, with managers or supervisors nearby.
• Rotate the mail-opening duties and look for variances in revenues depending on who opens the mail.
• Mail “test” checks or money orders to the company from fictitious customers. Verify that checks are cleared and products are mailed.
• Instruct company’s bank only to deposit – never to cash – checks made out to the company.
• Publicize the customer complaint system (e.g., on monthly statements sent to customers to confirm sales).
• Monitor the number of complaints received for products not received.
• Send random inquiries to customers to evaluate service, receipt of goods, type of payment, etc.
• Monitor inventory for shrinkage.
• Look for lifestyle changes in employees who open the mail.
• Log all revenue from incoming mail and compare to deposit.
• Require all purses and other personal belongings of employees to be stored outside of the mailroom.
• Monitor the trash in the mail-opening area. Number of envelopes should equal number of checks/transactions recorded for a particular day.
• Check the area banks for accounts with similar company names under which stolen checks could be cashed.

Understating Sales 

Sometimes, a fraudster does not skim the entire sale. An employee might only skim a portion of a sale and post the transaction to the books by understating the amount sold. For example, if a customer buys $500 worth of widgets, the employee may only post a $300 sale of widgets, then skim the excess $200. The perpetrator usually falsifies the merchant’s copy of the receipt to reflect a lower sales price than what the customer actually paid. Forum participants discussed a number of ways to detect understating sales schemes:

• Maintain video surveillance and management presence at the point of sale.
• Perform customer satisfaction surveys to verify price paid, mode of payment, etc.
• Spot-check customers who received discounts to verify authenticity.
• Establish a hot line or other channel for employees to report unethical conduct.
• Perform frequent, unannounced cash and inventory counts.
• Require supervisory authority for all price modifications.
• Build a confirmation system for re-order forms by having the customer indicate products previously purchased.
• Check receipts/invoices for alterations.
• Scrutinize handwritten receipts.
• Analyze trends for number of discounts, coupons, over rings, etc. and sort results by employee or workstation.
• Analyze trends comparing sales to inventory.
• Review cost of goods sold per employee.
• Look for drop in gross profit margin.
• Spot check invoices against price list.
• Create a “low margin/loss sales” report to detect sales that generated losses or lower-than-normal margins.
• Monitor average unit sales price.

Skimming Receivables

Employees sometimes skim from receivable payments by understating the amount owed on the books, then stealing the excess. For instance, if a customer owes $5,000, the perpetrator might post the receivable as $3,000 and skim the excess $2,000. The fraudster either enters the wrong amount owed, or adjusts the account that already has been posted.

Forum participants listed techniques to detect receivables skimming – particularly cases in which one employee is in charge of collecting and posting receivable payments, as well as authorizing adjustments to those accounts:

• Send customer satisfaction surveys or account balance letters.
• Compare customer’s copy of receipt to store’s copy.
• Rotate job responsibilities without prior notice.
• Implement policy that separates receivable duties (i.e., employees who post payments cannot enter or adjust accounts receivable items).
• Monitor and follow up on customer complaints.
• Look for lifestyle changes in accounts receivable personnel.
• Enforce mandatory vacations and rotate assignments.
• Audit receivables randomly.
• Analyze trends for excessive discounts.
• Check supporting documentation for all adjustments to accounts receivable.
• Install hidden flags on accounting software to highlight changes/overrides to accounts receivable.
• Monitor gross profit margins on receivables.
• Spot-check credit sales to receivables accounts.
• Use three-part invoices — one to accounts receivable, one to independent staff, one to customer — and see if they match.
• Perform ratio analysis; compare each salesperson’s profit margins for common products.
• Create exception report for all alterations to accounts receivable.
• Review all general ledger adjustments.
• Compare “goods shipped” records to “payment received” records.
• Monitor employee desks and trash bins for notes indicating forced reconciliation.
• Intercept incoming mail, open, and note amount of receivables. Re-seal the envelopes, have employees open them, and then check the recorded receivables.

Lapping 

One common way to conceal the skimming of receivables is by lapping incoming payments. For example, an employee steals Customer A’s payment, and then applies Customer B’s payment to A’s account to cover the loss. When Customer C makes a payment, it is applied to B’s account, and so on. Forum participants devised methods to detect lapping schemes:

• Keep an eye out for employees who work excessively on weekends or after business hours.
• Enforce mandatory vacations.
• Rotate job assignments without notice.
• Send out confirmation statements to vendors.
• Perform surprise audits and publicize that such counts will occur randomly.
• Spot check payment dates with postings.
• Verify account activity when payments do not match open invoice amount(s).
• Spot-check deposits to accounts receivable to ensure the name on the check corresponds to posted name in ledger.
• Match daily deposits to accounts receivable postings on a regular basis.
• Investigate any unusual delays in posting to accounting books.
• Separate duties of recording deposits and preparing statements.
• Check for financial difficulties of suspect employees.
• Check employee desks and trash bins for documentary evidence of fraud.
• Reassign suspect for a period of time.

Falsified Account Statements 

When an employee steals a customer’s payment instead of posting it, the customer’s account will become past due. To cover the theft, the employee sometimes will send the customer a falsified account statement that shows the stolen payment applied to the customer’s account. Forum participants named ways to detect stolen or altered customer statements:

• Chart customer account statements and determine who has access to switch them.
• Contact customers to obtain copies of statements they have received.
• Separate mail function from accounts receivable.
• Use “one seal” envelopes. Once opened they will not re-seal.
• Scrutinize aging accounts receivable.
• Confirm overdue balances with customer.
• Secure customer account statements immediately after preparation by someone separate from the accounts receivable function.
• Look for an increase in amount of overdue accounts; follow up on independent collections.
• Rotate duties of personnel in receivables department.

Forced Balances on Receivables

Employees who control the books and records can conceal the skimming of receivables by “forcing” the balance on targeted accounts. In this type of scheme, receivable cash is stolen, but the payment is still posted to a customer’s account. The perpetrator, with control over the records, alters the balances in the books to create the appearance that the money paid by the customer was deposited. Forum participants named ways to detect employees forcing balances on receivables:

• Make sure control of books does not remain with a single person if possible.
• Perform regular and surprise audits.• Note irregular entries (alterations, corrections) to other accounts in general, but also entries made by same individual.
• Follow up on all customer complaints.
• Review credit memos. Credits should equal cash receipts plus credit memos.
• Verify deposit totals to accounts receivable that exceed total credits.
• Separate duties of accounts receivable and recording sales.
• Require external audits.
• Verify non-cash entries to accounts, especially when the posting dates are the same as the dates the cash was applied.
• Reconcile accounts with bank records.
• Review write-offs or discounts. Are many of them made by a particular employee?
• Perform independent confirmations with customers, particularly overdue customers.
• Cross-check discarded envelopes or canceled checks with ledger entries.
• If you have a suspect, review all entries made by that person for a particular period, looking for irregularities.

 Writing Off Delinquent Accounts 

If payments on receivables are stolen and never posted, the targeted accounts will become past due. Some fraudsters conceal their skimming schemes by writing off losses on targeted accounts to contra revenue accounts.

Another way to conceal the losses due to skimming receivables is to carry the losses in large or fictitious accounts receivable. These accounts are debited, and the accounts from which the fraudster steals are credited so that they remain current. This method keeps the victim’s books in balance. Forum participants provided several methods to detect a scheme in which an employee conceals skimming by writing off delinquent accounts or carrying losses in fictitious accounts:

• Review all write-offs for a specific period of time, looking for patterns in the amounts and in the employees and customers involved.
• Require supervisory approval on write-offs.
• Monitor accounts for unusually high number of write-offs.
• Verify the existence of fictitious companies by checking addresses, running “doing business as” records, cross-referencing with customer listings, etc.
• Audit debits to dormant accounts; if automated, run dormant activity report.
• Look for unusually high number of debits and overdue accounts.
• Verify aging reports for accounts that have little or no payment activity.
• Separate receivables and recording sales functions.

Cash Larceny from the Deposit 

A common target of those who steal cash is the company deposit. This scheme is especially difficult to detect when a single person controls the preparation of the deposit slip, the deposit transaction, and the reconciliation of the company’s accounts. Forum participants gave some ways to detect the physical act of stealing cash from the company bank deposit:

• Separate duties of calculating receipts, preparing the deposit, and taking it to the bank.
• Implement video surveillance in area where the deposit is prepared.
• Carefully audit bank receipts.
• Utilize lock box to receive payments by mail.
• Maintain daily control over the bank account balance.
• Verify each deposit prior to dispatch without suspect’s knowledge, and then verify the bank records.
• Implement dual control over posting and delivering the deposits to the bank.
• Investigate the lifestyle of the person in charge of the deposits.
• Look for signs of alterations to deposit slips or receipts.
• Obtain copies of deposit slips/bank statements from bank and compare to company records.
• Scrutinize all journal entries made to cash accounts.
• Maintain and review daily cash availability amounts and investigate unexplained decreases in funds.
• Reconcile customer accounts to payments made and payments booked.

Deposit Lapping or Deposits in Transit 

Sometimes, when a daily deposit has been stolen, the perpetrator conceals the crime by delaying the deposit. The perpetrator replaces the missing money with receipts from the following day, and then makes the deposit. This puts the organization’s deposits a day behind.

Another way to conceal theft from a company’s deposits is to carry the stolen money as deposits in transit. This keeps the books in balance, accounting for the missing money as funds that will show up on the next month’s bank statement. Forum participants named a number of detection methods for cash larceny when it is concealed using these techniques:

• Determine who is making the deposits; identify and interview all possible suspects.
• Search work areas for duplicate books, or other indicators of fraud.
• Rotate deposit schedule without notice.
• Make all deposits in night drop and verify at beginning of next day’s business.
• Look for particular days in which cash intake is insufficient to cover each previous day’s cash requirement.
• Compare daily cash intake to daily cash deposit.
• Look for sudden, unexplained overdrafts in a checking account.
• Investigate any lifestyle changes of the person who makes deposits.
• Enforce mandatory vacations.
• Rotate the duty of making deposit.
• Look for a decrease in gross and net income.
• Audit any exceptions to a two-day clear.
• Verify that deposits in transit were the first to clear on next statement.
• Review ledger entries and note the number of deposits in transit.
• Obtain copies of statements from the bank to see if company copies have been altered.
• Look for personality clues: overly nervous about audits, will not share duties, often works overtime, etc.

Check Tampering 

Check tampering occurs when an employee prepares or alters a company check so that he can fraudulently use company funds. There are a number of methods used by employees to commit check-tampering fraud, including forging a signature, changing the name of the payee, or altering the amount of the check.

Stealing Blank Checks 

The key to every check-tampering scheme is for the fraudster to obtain control of a company check. Typically, an employee will steal a blank check from the company checkbook. The employee then can make the check payable to himself or to an accomplice, forge the signature of a person with check-signing authority, and convert the check. Forum participants listed a number of ways to detect employees who steal blank checks, particularly those employees whose job duties give them access to the checkbook:

• Use computer-generated checks and restrict access to the code or password.
• Conduct video surveillance of employees who handle checks.
• Verify checks with payees after they are cashed.
• Look for out-of-sequence checks on bank statement.
• Perform periodic independent verification of unused checks.
• Place security tape on boxes of blanks. If the tape is broken, someone has opened the box.
• Maintain blank checks under lock and key and severely limit access to blank checks.
• Retain or destroy voided checks.
• Reconcile unused checks each morning prior to first entry.
• Require two signers to pay on checks.

Counterfeit Checks 

Instead of stealing company checks, some employees produce counterfeit blank checks. These instruments often appear legitimate, especially if a professional check-printing company prepares them. The employee places the company account number on the counterfeit checks so that funds can be drawn from the employer’s accounts. Forum participants brainstormed some ways to detect high-quality counterfeits of company checks:

• Look for duplicate or out-of-sequence check numbers on the bank statement.
• Contact the check manufacturer.
• Incorporate security threads, logos, and other measures that are difficult to replicate.
• Initiate a positive pay system with the bank.
• Rotate check printers and/or check colors.
• Check stock on watermark paper supplied by a company independent of the check printer.
• Look for inferior paper quality.
• Look for payees on canceled checks who do not match entries in ledger.

Forged Signatures 

After an employee steals a check, the next step is to forge the signature of an authorized signatory. Without a good forgery, the perpetrator more than likely will not be able to convert the check. Many companies, particularly those that issue numerous checks, use mechanical check-signers such as signature stamps. If an employee gains access to a mechanical check-signer, he can produce perfect forgeries. How could these high-quality forgeries be prevented or detected? Forum participants said:

• Assure that persons with access to blank checks do not have access to check signers.
• Maintain strict control over signature stamps.
• Rotate check signers.
• Use a distinctive ink or pen for signing checks.
• Periodically have authorized check signer verify his signature on checks before they are mailed or after they are returned with bank statement.
• Compare signatures on canceled checks to the signature file.
• Employ a document examiner to review suspicious checks.
• Look for practice signatures or indentation marks of signatures in suspect’s work area.
• Watch for out-of-balance accounts or checks returned “nsf.”
• Review ledger for checks written and signed while signer was on vacation/leave.
• Check for fingerprints on questionable checks.
• Require dual signatures for high-dollar items.
• Match the meter on the signature machine to number of checks processed or recorded in ledger.
• Look for overridden authorization limits.
• Review transactions just below authorization limits.
• Strictly document when the signature stamp is used and who uses it.
• Temporarily stop using the signature stamp and advise the bank only to honor original signatures.
• Look for canceled checks with payees that do not reconcile to accounts payable.
• Perform independent confirmations on suspect payees.
• Investigate any non-payroll checks payable to employees.
• Look for checks to unapproved vendors.
• Watch for returned checks with a different font or ink than what is used on legitimate checks.
• Review endorsements on suspicious checks. Compare signature and bank account information to other checks to same vendor.
• Look for unusual timing of payments to regular vendors.
• Include year-to-date payment activity on checks.

Intercepting Signed Checks 

Instead of forging company checks, a dishonest employee might wait until checks have already been made out to legitimate payees and signed by authorized personnel. The fraudster then steals the check before it is delivered to the intended payee. Employees assigned to deliver outgoing payments usually commit these crimes.

One way to misappropriate a signed company check is to alter the delivery address. The perpetrator changes the address of the intended payee to the perpetrator’s own home address, the address of an accomplice, or some other destination. Once the check has been delivered, the employee who committed the scheme collects the misdelivered check and alters it to his benefit. Forum participants listed some techniques for detecting this fraud:

• Install surveillance cameras in the mailroom.
• Chart mailing/delivery dates with employment dates and work schedules of suspects.
• Perform fingerprint analysis on fraudulent checks.
• Examine back of returned checks to determine where they were negotiated.
• Monitor vendor complaints of late/missing payments.
• Deliberately insert mock checks into the system and follow their trails.
• Reconcile returned checks to general ledger.
• Inspect checks for physical alterations.
• Randomly confirm with vendors that payments were received.
• Segregate functions of check cutter, deliverer, and person responsible for researching missing checks.
• Look for checks with unusually short clearing time.
• Use electronic funds transfer when possible.
• Determine who has the ability to change addresses in the payables system.
• Scrutinize payments to post office boxes and compare business-owner listings in public records with employee information.
• Generate report that lists all changes made to vendor addresses, amounts, payees, etc.
• Look for duplicate or overstated payments to vendors.
• Scrutinize all checks with dual endorsements.
• Audit aged accounts against vendors’ records.
• Rotate duties of employees in payables function.

Altering Payee and Amount Information on Checks 

The person who prepares a check should not be involved in delivering the payment. Nevertheless, this fundamental control often is overlooked. When one person is allowed to prepare checks and handle them after they have been signed, that person is in a position to commit fraud. A common scheme is for an employee to draft a check to a legitimate payee using erasable ink or type. The fraudster then presents the check – which appears to be issued for a legitimate purpose – to an authorized signer. After the check has been signed, the perpetrator erases the name of the payee and/or the amount, and enters new information. In most cases these employees also have access to the bank reconciliation. This allows them to “re-alter” the fraudulent checks with the correct amount/payee when the bank statements arrive. Forum participants devised several security and detection methods:

• Verify all statement items to canceled checks.
• Spot-check support documentation for returned checks.
• Request two copies of bank statements, delivered to different persons.
• Use carbon copy checks and compare canceled checks to copies.
• Compare imaged check from banks and compare to returned checks.
• Avoid the use of handwritten checks or at least mandate the use of permanent ink on all handwritten checks.
• When possible, use electronic fund transfers.
• Chemically treat checks so that any erasures will cause blotches.
• Follow up on vendor complaints of late/missing payments.
• Look for duplicate payments to vendors.
• Examine canceled checks to see who endorsed them and where they were negotiated.
• Separate the duties of check preparation, check signing, and check delivery.

Fraudulent Checks Written by Authorized Signers 

Check tampering is much easier when the person who commits the fraud is authorized to sign company checks. These employees simply take a blank check, make it payable for some unauthorized purpose, and sign it as they would a legitimate check. Forum participants provided some ways to detect a scheme in which an authorized signatory writes fraudulent checks:

• Look for lifestyle changes in authorized check signers.
• Interview employees who report to the check signer.
• Establish a business abuse hotline.
• Send two copies of the bank statement to different persons.
• Trace bank account information from the back of canceled checks.
• Scrutinize canceled checks with dual endorsements.
• Make a source code/payee comparison.
• Look for multiple checks paying the same expense.
• Look for payments to unusual vendors or in unusual amounts.
• Confirm checks to vendor listings.
• Require dual signature over threshold amounts.

Forced Bank Reconciliations 

In this type of fraud, the person who has access to the bank statement and performs the reconciliation generally codes a fraudulent check as “void” in the disbursements journal, then removes the canceled check from the bank statement and destroys it. The fraudster then only needs to force the totals on the reconciliation to conceal the fraud. Another way to conceal a fraudulent check is to code it to an extremely active business account, effectively “burying” the bogus payment. Forum participants compiled some techniques to detect check tampering when the perpetrator controls the bank reconciliation or buries the fraudulent payment in an active account:

• Require authorization for all voided checks.
• Require voided checks to be maintained in file for review and/or insist that voided checks be attached to bank reconciliations. (Request copies of voided checks from bank if not on file.)
• Analyze trends for increases in number of voids. Also, analyze number of voided checks per employee or per seasonal pattern.
• Compare the cash disbursement journal with long-form bank reconciliation.
• Look for unexplained increases in expenses.
• Obtain copies of bank statements directly from bank.
• Look for significant shortages in cash account.
• Review detailed expense accounts for abnormal vendor entries.
• Determine who usually handles high-volume accounts.
• Look for unknown or out-of-town payees.
• Spot-check for supporting documents on disbursements.
• Conduct sample audits on high-volume accounts.
• Reconcile all vendor entries for any unusual amounts or dates.

Billing Schemes 

Billing schemes or false purchases are among the most common forms of asset misappropriation. These crimes attack the purchasing cycle, causing an organization to pay for some good or service that either does not exist or is not needed by the organization. In some cases, the purpose of a billing scheme is to generate cash. An employee runs fraudulent invoices through his employer’s payables system, causing the victim organization to issue a check to the perpetrator, an accomplice, or a shell company.

Sometimes the fraudster buys goods or services for his personal use, and then deceitfully gets his employer to pay for them.

Fraudulent Invoices 

In most billing schemes an employee introduces a fraudulent invoice into the payables system. The false invoice instructs that payment should be made to some company, either real or fictitious, which the employee owns. Forum participants gave ways to detect a fraudulent invoice based on its physical appearance:

• Verify the existence of any company with a post office box or residential address.
• Scrutinize invoices that do not appear to have been prepared/printed professionally.
• Look for lack of detail on the face of the invoice (e.g., absence of phone number, fax number, invoice number, tax identification number, etc.) Fraudulent invoices might also lack detailed descriptions of the billed items.
• Make sure invoice numbers make sense. For example, if two invoices are received from the same company a month apart, they should not be numbered consecutively.
• Make sure phone and fax numbers correspond to the area of the physical address.
• Check the company on the invoice against the approved vendor list.
• Check delivery address on the invoice against the known address(es) of the vendor.
• Look for invoices for goods or services that the organization normally would not purchase.
• Look for folded invoices, which usually indicate they were mailed to the company in envelopes. An unfolded invoice might mean an employee inserted a fraudulent invoice into a stack of payables.
• Compare vendor invoices to employee addresses.
• Determine if other vendors typically provide this good or service. If so, why was there a change?
• Determine if the quantity purchased appears to be in line with company operations.
• Look for prices that seem atypical.

Shell Companies 

A shell company is a fictitious business created for the purpose of committing fraud. These companies are often little more than a fabricated name, a post office box, and a bank account. The perpetrator sets up a bank account in the name of the fictitious company and bills his employer on behalf of the shell company. When the victim distributes checks for the fraudulent goods or services, the perpetrator deposits them in the shell company checking account.

The key to stopping a shell company scheme is to identify the employee who has set up the false company. Forum participants thought of several strategies to catch the crook:

• Check public records (maintained by the secretary of state) for articles of incorporation, “doing business as” filings, etc. Compare to employee names and addresses.
• Utilize databases such as InfoAmerica or Lexis/Nexis to determine ownership.
• Utilize Dun & Bradstreet, which lists descriptions of businesses, primarily for potential investors.
• Subpoena related bank records.
• Trace the business’s tax identification number.
• Compare the address of the shell company with employee address.
• If employee names do not match ownership records of the shell company, check public records for marriage licenses of suspects, looking for maiden names of spouse or other relatives that match owner of the shell company.
• Compare the phone number of the shell company with employee phone numbers.
• Use a reverse phone directory to trace phone numbers on invoices.
• Check the handwriting on business filings.
• Visit the mailing address.
• Conduct surveillance on the post office box or other mailing address.
• Check with the post office for commercial address.
• Review canceled checks, payable to the shell company, for bank account information or employee endorsements.
• Review bank surveillance films to see who is depositing the checks.
• Determine which employee recommended the shell company as a vendor.
• Determine who authorized the purchase from the shell company.
• Look for patterns of employee authorization of payments.
• Hire a professional investigator.
• Search the workstation of suspects.
• Purposely let a questioned bill become past due and see who follows up.
• Check invoices for fingerprints.
• Compare handwriting on communications from the shell company with suspect’s handwriting.

Control Breakdowns 

Many organizations become victims of false purchases schemes because the perpetrator recognized and took advantage of a lack of internal controls within the business. For instance, it is common for an employee who commits billing fraud to have approval authority over purchases. This means the person who submits a fraudulent invoice is also the person who approves payment on that invoice. In other instances, the fraudster does not have approval authority, but the person who approves purchases is not thorough about verifying support documentation: either purchase orders or packing slips to the invoice in question are not compared, or purchase requests simply are “rubber stamped” by the person in charge. Forum participants named some methods to detect billing schemes that involve these common control breakdowns:

• Conduct surprise audits of the purchasing function.
• Look for a pattern of invoice and approval in relation to vendor selection among employees with authority to approve purchases. Does a certain employee consistently approve payments to unknown vendors, companies with questionable invoices, etc?
• Watch for employees approving sequentially numbered invoices.
• Look for employees who approve an unusually high level of purchases for services. Are these the types of services the company would purchase ordinarily?
• Look for payments to individuals rather than companies.
• Gather support documentation to verify all purchases.
• Perform inventory verification on suspect purchases.
• Compare expenses to prior year and to current year budget.
• Look for payments to multiple vendors for the same product.
• Look for purchases that do not correspond to an apparent business need.
• Verify if vendor is used by anyone else in the industry.
• Investigate the purchaser’s lifestyle.
• Identify employee whose purchase requisitions tend to be rubber stamped, and investigate that employee’s lifestyle.
• Replace any supervisors who tend to rubber stamp purchase approvals.
• Look for invoices approved by supervisors outside the area of origination.
• Interview employees for information about questionable transactions.
• Rotate supervisors, and duties of employees in the purchasing department. Also, enforce mandatory vacations.
• Look for budget overruns specific to a given supervisor or department.
• Conduct surprise inventory checks and compare results with delivery records for receipt of goods.
• Initiate video surveillance at receiving points to determine whether deliveries were made for suspected invoices.
• Compare serial numbers of goods received to those in inventory.
• Compare the signatures of those who received goods or services to the individuals who approved the purchases.
• Conduct background checks on suspected vendors to make sure they exist.
• Look for a correlation between disbursement origination and requester.
• Conduct an address comparison of vendors and employees.
• Look for payments outside usual patterns, frequency, or amounts.
• Randomly confirm purchases with vendors.
• Look for an increase in cost of goods sold.
• Look for a significant increase in shrinkage.
• Require independent verification of approvals and receipt.
• Conduct a special review of all purchases made on oral requests.
• Spot-check inventory to invoices.
• Enforce mandatory confirmation of all new vendors.

Falsified Support Documents 

Employees also can obtain payment on fraudulent invoices by falsifying support for bogus purchases. This may involve forging the authorization of a supervisor, or producing bogus purchase orders, purchase requisitions, and receiving reports. Forum participants supplied examples of ways to detect false support documentation:

• Have supervisors review the authorizations they signed.
• Require multiple-level approval.
• Compare signatures during periodic review of paid invoices with supporting purchase requisitions.
• Separate the purchasing and payment functions.
• Review approval sign-off procedures for consistency.
• Look for vendor-employee pattern in purchases.
• Contact vendors for oral confirmation on purchases.
• Compare current support documentation and invoices to previously paid invoices and support.
• Look for non-required services and materials purchased.
• Look for invoices payable to individuals.
• Perform cyclical test counts of inventory for fictitious purchases of goods.
• Look for purchase orders, requisitions, or invoices with sequential numbers.
• Look for indications of erasures or other tampering with purchase orders, requisitions, receiving reports, etc.
• Educate employees on detecting fraudulent documents.

Collusion 

Even if controls are in place and are enforced, purchasing frauds can occur when employees, who control purchasing, receiving goods, and making payments to vendors, conspire to defraud their employer. The separation of duties aspect of internal controls obviously is rendered useless in this circumstance. Forum participants devised these ways to detect collusion:

• Identify suspects, obtain all relevant documents, and try to find weak link in the group through interviewing.
• Create a database or spreadsheet on who placed, received, and authorized each purchase, as well as the vendors’ names and addresses, etc. Analyze this data for patterns.
• Rotate duties to break the chain of collusion.
• Verify the address and tax identification of the suspect vendor and compare the information to the social security numbers of the employees.
• Look for sequentially numbered invoices.
• Look for extreme inventory shortages.
• Look for a large increase in the cost of goods sold.
• Look for gross and net profits that are understated
• Conduct independent inventory of goods received.
• Compare actual expenses to budgeted expenses.
• Analyze the processing time on vouchers. Is there a particular vendor whose payments are processed more quickly than others?
• Plant an undercover operative in suspect departments.

Pass-through Schemes 

The pass-through scheme occurs when an employee purchases goods through a shell company, then turns around and sells those same goods to his employer at an inflated price. Employees in charge of purchasing usually undertake this type of scheme. Forum participants supplied methods to detect this scheme:

• Review books and records for unknown, out-of-state companies.
• Verify the legitimacy of all new vendors.
• Cross-check the addresses of vendors with employees.
• Look for trends in vendor selections to the employees who make purchase requests.
• Scrutinize purchases in which no price comparisons were conducted.
• Trace account information on the back of returned checks.
• Conduct independent follow-up on all vendor complaints.
• Look for unexplained changes in vendors.
• Look for a rise in the cost of goods sold.
• Look for a decrease in profit margins.
• Interview other vendors who sell the same or similar goods and compare prices.
• Compare prices to industry average.
• Look for correlations in vendor changes to employee change/turnover.

Pay-and-return Schemes 

Some employees commit fraud in the purchasing function by intentionally overpaying a legitimate vendor. The fraudster then contacts the vendor, explains the “mistake,” and asks the vendor to return the excess payment to the fraudster’s attention. When the check is received, the perpetrator steals it. Forum participants listed several ways to detect this form of purchasing fraud:

• Interview the vendor about the “mistake.”
• Determine who made the call to the vendor.
• Track the excess payment check by the endorsement and/or bank account information on the back of the returned check.
• Implement mail procedures which mandate that incoming mail to an employee should be opened by mailroom personnel.
• Photocopy all incoming checks when mail is opened.
• Instruct the company’s bank not to cash checks payable to the company (deposit only).
• Look for shell accounts with names similar to the company.
• Compare invoices to accounts payable and confirm with vendor.
• Look for patterns of overpayment; is one employee consistently involved?
• Conduct independent electronic comparison of invoice prices to purchase order prices.
• Look for duplicate payments.
• Review accounts payable records for duplicate invoice numbers.

Fraudulent Purchases on Company Credit Cards 

In many cases, fraudsters commit billing schemes by purchasing personal items and billing them to their employers. This happens most frequently when an employee misuses a company credit card. Forum participants named methods of detecting the fraudulent use of company credit cards, particularly when the fraudsters are in charge of reviewing credit card purchases:

• Conduct routine reviews of credit card statements.
• Compare credit card statements with employee expense vouchers for duplications.
• Mandate supporting documents for credit card use.
• Implement spending limits for credit card use, and place limits on where card can be used.
• Obtain credit card receipts for signatures.
• Correlate items that were purchased to business function.
• Look for an unexplained rise in credit card purchases.
• Look for a rise in expenditures tied to certain individual(s).
• Compare actual expenses to budgeted expenses.
• Monitor lifestyle changes in cardholders.
• Make card users personally responsible for explaining and supporting charges before credit card accounts are paid.
• Interview vendors for details of suspect purchases.
• Separate the duty of reconciling the statement from signature authority.
• Send credit card account statements to two different people.

There you have it: a breakdown of ways to detect and prevent some of the most common forms of occupational fraud. Now that you know how to protect your organization’s cash, get out there and use these methods. And if, by chance, you forget a step or two, just reach over to your “frequently referenced” file and pull out this issue for a refresher course. Good luck!

John Warren, J.D., CFE, is associate general counsel with the Association of Certified Fraud Examiners.