One of the oldest home-improvement companies in Washington had bad news for its 210 employees: they wouldn't be receiving holiday bonuses. The owner discovered that an accountant had embezzled $1.2 million in five years by issuing unauthorized checks to himself from the company's bank account, and the firm was now short on cash.
The accountant had spent most of the funds supporting an openly lavish lifestyle, which eventually gave him away and led to his conviction. He used the ill-gotten money to woo his second wife and to buy audio and video equipment including an expensive stereo system, thousands of CDs, and hundreds of DVDs. The accountant took most of the money after the business owner's wife was killed in an automobile accident and the owner was distracted. The accountant was later sentenced to 33 months in federal prison for bank fraud. The court also required him to spend five years on probation and to pay back the money to the company.
WHO CAN BEST DETECT DISBURSEMENT FRAUD?
In prior columns, I discussed the importance of business owners promptly and properly performing monthly bank reconciliations. The owners obviously know the most about their organizations and are in the best position to know if checks are for legitimate business purposes. However, owners are often too busy to stop and consider the risk of fraud by trusted insiders, so they don't implement the appropriate internal controls in the disbursement system. Sadly, and much like the case cited above, the resulting frauds can bankrupt or destroy businesses while distracted owners watch in utter dismay. Sometimes unprosecuted insiders slither off to other unsuspecting employers to wreak havoc again.
In this column, we'll explore how business owners can find ways to keep tabs on key employees who hold the highest risk for fraud -- bank account custodians -- to detect the issuance of unauthorized checks.
'TRUST BUT VERIFY' AND FOCUS ON RED FLAGS
"Trust but verify" is the overarching internal control principle that helps deter fraud. Organizations of all sizes blindly trust key employees who have almost complete control over disbursement systems. Managers expect them to complete assignments but then fail to monitor their work and ensure the organization's expectations are met.
An independent bank reconciler should verify if a trusted employee is boldly paying personal bills and credit card accounts with organization funds. This fraudster often uses valid business names as vendors, but the irregular transactions never have official business purposes. After the checks have been issued, the employee simply mails them with personal billing statements to his or her creditors. The creditors rarely, if ever, question the source of funds for these payments.
Commonly, a corrupt employee will also issue checks payable to "cash," and to the name of a financial institution to purchase money orders or cashier's checks or will leave the payee line blank on the check. The employee might also simply pay himself more than the authorized amount.
The fraudster also could enter the name of a false vendor into the organization's vendor file, which would compromise the internal controls in the disbursement system. After this step, the accounts payable staff will routinely accept all subsequent payments to this vendor.
As a variation of the last condition cited above, the corrupt employee could also abuse the "pseudo-vendor code" process used in large organizations for one-time payments. These override codes bypass internal controls that help ensure the organization deals only with reputable businesses. Therefore, the organization must prepare a daily computer exception report listing the universe of these high-risk transactions. Managers should review the report to ensure the override transactions are authorized, approved, and properly supported. They should also promptly investigate all irregular transactions.
WHAT TO LOOK FOR IN ENDORSEMENTS ON IRREGULAR CHECKS
Crooked employees deposit many of these irregular checks in their personal bank accounts to conveniently gain immediate access to the money, but they first have to alter some of them.
For example, an employee might alter the payee line by adding her name on the face of the check and then endorse it using only her signature. (The bank usually shares some of the loss on these transactions because the organization's name was omitted from the check endorsement.)
The employee could also falsify a check endorsement by listing the vendor's name on the back of the check, followed by a "pay to his/her name" entry, and then endorsing the check with his or her signature. (The bank doesn't always share any of the losses on these transactions because this is a common type of check endorsement.)
NO SUPPORT FOR IRREGULAR TRANSACTIONS
Managers don't often feel it's necessary to closely monitor the work of key employees in the disbursement system. Fraud is hard work, and most devious employees won't try to conceal their crimes if they think internal controls are lax and that they can get away with it. They simply don't prepare any supporting documents for unauthorized disbursements. Thus when fraud occurs, fraud examiners find no supporting documents on file within the organization.
But if managers are occasionally watching, employees might have to create false documents to support their irregular transactions when committing fraud. That takes more dedication than some employees might be willing to spare, which is why adding such a simple control, such as a review of redeemed checks by the business owner, makes an effective deterrent.
HOW TO AVOID HIRING A CROOK
After business owners conclude fraud examinations, they often realize they've hired crooks as their bookkeepers or accountants even though these employees appeared to have solid résumés at the time of hire.
Bookkeepers might have plenty of experience, but much of it can be bad. Many of them aren't qualified, and others even have hidden embezzlement histories. Many small businesses still don't conduct background investigations on job applicants before hiring.
In the ACFE's "2008 Report to the Nation on Occupational Fraud and Abuse," more than half of the organizations experiencing fraud conducted background checks on the fraudster's employment history, but only 40 percent performed criminal background checks on the employees prior to hiring. Many small business owners often hurriedly hire someone to take care of their accounting records and quickly go back to operating the company without thinking much about finances. This can be a tragic mistake.
PROSECUTE TO PREVENT FUTURE FRAUDS
Sometimes many organizations don't prosecute employees for embezzlement. In the state of Washington, government fraud examiners refer all fraud cases to the prosecutors. Some private-sector organizations only ask for restitution of the loss amount and then terminate the individuals, leaving these unscrupulous and often predatory bookkeepers free to search for other organizations with lax controls. During job interviews, these individuals can then legitimately say they've never been convicted of crimes.
Several years ago, a convicted criminal described his fraud scheme at the closing general session of an ACFE Annual Fraud Conference and Exhibition. He didn't seem remorseful. After the session, I said to him, "You sound like a predator looking for another victim. Is that true?" He looked me straight in the eye with a bit of a grin, and said, "Yes, I am. You're a good listener." If these predators aren't in jail, they're either seeking employment with another victim business now, or they already have the job.
Sometimes, a new employer receives a wage garnishment order soon after hiring a new bookkeeper. Many such garnishments are to repay prior employers, but the purpose of the garnishment might not be known. Regardless of the circumstances, receipt of a wage garnishment order is definitely a red flag. All employers should understand one thing: whether the corrupt employee has been prosecuted and spent time in prison or not, nothing seems to deter these crooks from continuing their lives of crime. They just can't stop!
LESSONS LEARNED
Let's review some of the finer points of fraud by insiders that can be detected in the bank reconciliation process:
- An unopened bank statement with enclosed checks should be mailed or delivered directly to an independent party, such as the business owner, for review.
- All redeemed checks should accompany the monthly bank statement so the reviewer can identify check fraud and other check alterations by outsiders and unauthorized checks issued by insiders. High-risk transactions include checks issued to cash or checks with a blank payee.
- Trust but verify is the overarching internal control principle in any organization. Managers must monitor the work of key employees.
- Employees will abuse the pseudo-vendor code process, designed for one-time payments. Prepare a daily computer exception report to identify the universe of these high-risk transactions. Managers must ensure that all "pseudo-vendor code" disbursement transactions are authorized, approved, and properly supported.
- Fraudsters seldom prepare supporting documents for irregular disbursement transactions.
- Disbursement fraud by insiders is legion. Don't hire a crook as your accountant or bookkeeper. Perform employment history and criminal background checks before hiring employees for key positions.
WHAT ELSE SHOULD WE DO?
The next column covers some additional tools and skills the independent party bank reconciler should use to detect a wide variety of check manipulations in disbursement schemes. We'll focus on check endorsements to help business owners, auditors, and fraud examiners learn what to look for in the bank reconciliation process and why. There's still much more to learn.
Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE Fellow, is retired after more than 42 years of government service. He remains the vice chair of the ACFE Foundation Board of Directors.
Accounting Services Firm Takes Advantage of its Physicians
A 41-year-old bookkeeper providing accounting services to small businesses misappropriated more than $262,000 from her clients for at least seven years. She and her husband owned and operated an accounting firm that marketed bookkeeping services to medical practices. These organizations were vulnerable to the fraud because busy owners were concerned primarily with supplying medical care rather than safeguarding their hard-earned revenues.
The accounting services firm's co-owner and bookkeeper began to deposit checks payable to her clients into her personal bank account. Courts in two states had convicted her of similar crimes. She completed the sentencing of an unspecified amount of time in jail for her most recent crime. Then she tried to go straight in the first two years after forming the accounting services firm, but she couldn't change her old habits.
None of the medical practices performed criminal background checks on the accounting services firm's owners to find any prior felony convictions or significant gaps in their employment histories possibly due to prison stints.
Judges in her two previous cases had stipulated that the bookkeeper couldn't hold any job in which she'd be responsible for handling money or securities, but she did exactly that for two subsequent employers. The court sentenced the bookkeeper to 41 months in federal prison for mail fraud in the medical practices' crime, followed by three years of supervision after her release. The court also ordered her to pay more than $422,000 in restitution.
Bookkeeper Drags Environmental Firm Through the Mud
A 32-year-old bookkeeper -- a trusted insider in an environmental firm in the state of Montana -- embezzled $255,324 from her employer over a period of three years.
She issued 480 unauthorized checks to herself from the company's bank account, forged the signature of the firm's president on the checks, and even prepared false financial reports for the owners. She spent the money on shopping sprees, personal bills, vacations, drugs, and gambling.
Eventually she stole more money than the company had in the bank. This fraud was detected when checks started bouncing, but by this time it was too late for the bookkeeper to continue concealing the scheme. Funds were so short that 10 other employees almost lost their jobs while the company worked with creditors to avert bankruptcy.
The court sentenced the bookkeeper to three years and 10 months in federal prison for wire fraud and ordered her to pay back $255,324. The firm didn't have an employee dishonesty bond for the bookkeeper position and probably won't receive any restitution.
The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.
