Insider Fraud: Biting the Hand That Feeds

[Editor's Note: I've for some time been imploring Howard Silverstone to share with our readers a few stories and insights from his forthcoming second edition of Forensic Accounting and Fraud Investigation for Non-Experts (Wiley, 2006). With the new edition now in press, Howard has kindly acceded to this adaptation.]

You've read about it, you've heard about it, but let's say it again: Your employees, on their own or in collusion with others, can make your firm a victim of fraud. Understanding how fraud takes place can help you and your clients minimize its possibility; yet statistics show that many businesses do not understand fraud and do not recognize its red flags.

For starters, it's important to realize that employees at any level (including owners) can commit fraud, and that fraud can be simple or complex ' from bookkeepers writing themselves checks, to complex collusions accomplished by manipulating computer data and shipping stolen inventory to offsite locations.

Next, it's helpful to know that the prevalence of fraud varies greatly by type. As indicated in the 2004 report of the Association of Certified Fraud Examiners on Occupational Fraud and Abuse:

• Asset misappropriation figures in an overwhelming 92.7% of all occupational fraud.
• Corruption schemes are a distant second at 30.1%.
• Fraudulent statements come in third at 7.9%.

The rest of this article explores examples of inside fraud drawn from a variety of businesses. Law firms are far from immune to such problems.

Cash

Cash is the favorite target of fraudsters and accounts for 93% of all asset misappropriations, according to the 2004 ACFE study. Much is taken by outright cash larceny and skimming, but the majority is stolen through more elaborate disbursement schemes, including manipulation of the billing and payroll systems, falsification of expense reimbursements and check tampering.

All accounting cycles pass through the cash account at some time. The cash produced in these processes becomes either petty cash or demand deposits, such as checking accounts, interest-bearing accounts, certificates of deposit, or other liquid investments. The mechanism of these thefts is usually quite simple. Petty cash, for example, is stolen by forging authorizing signatures or creating false vouchers for reimbursement.

Dishonest employees often manipulate receipts being prepared for deposit. This is common in small companies where the same person is responsible for booking the cash receipts and writing the checks for deposit. In the face of this temptation, it is not uncommon for a long-term trusted employee to become an 'opportunity taker' type of fraudster. Because the money is so available and no one appears to be watching, the fraudster frequently rationalizes the theft as 'borrowing' with the intent to return the cash later.

Case Example:
Simple Deposit Fraud

A receptionist-bookkeeper at a dental practice prepared deposits of receipts for the bank and was also the only person who understood the proprietary software used to track patient data. The bookkeeper noticed that she could input data (checks, insurance receipts, credit card receipts) and prepare a deposit slip for the owner to take to the bank, before inputting cash into the system. The deposit slip given to the owner of the practice did not show certain cash receipts, hence he had no idea the bookkeeper had in fact pocketed the money. She entered the remaining cash into the system after printing the deposit slip, just in case a patient should ever be questioned about their account.

When the bookkeeper left the practice for a better-paying job, however, something happened that she had not factored into her scheme: a patient returned to the dental office asking for a receipt for cash she had paid 2 weeks before. The new bookkeeper, not yet being familiar with the computer system, obtained the deposit slip used by her boss to make the deposit on that particular day. Of course, the cash was nowhere to be found. They then went into the computer file and realized what had happened. A call to the police ensued!

Payroll Fraud

Fraud through the payroll department is commonly committed by using ghost employees, inflating hours of regular and overtime work, or overstating expense accounts or medical claims.

Case Example:
Simple Payroll Fraud

The bookkeeper of a construction company knew there were hundreds of transient workers on the payroll at any given time. She also knew that at any point in time, many workers dropped off the payroll and many more joined. She also knew that no one was checking her work. She handled the payroll, used the owner's facsimile signature stamp on checks, and hand-delivered the checks to the various jobsites.

The bookkeeper kept a handful of former employees on the payroll, both male and female. She even paid their union dues and payroll taxes. However, instead of delivering these checks to the jobsite, where of course the employees no longer worked, she endorsed the back of the checks and deposited them into her own bank account. She was friendly with one particular teller at the bank branch and used that teller exclusively to deposit the checks. Several people at her company were curious as to her new executive automobile, new home and rumored house at the beach ' which she passed off as the result of her husband's large win at the casino, but nobody pursued these red flags.

Finally, the bookkeeper had a prolonged illness. During her absence from the office, a temporary bookkeeper questioned why non-employees were still on the payroll. Ultimately, the company recovered just about all of its lost funds, including refunds from the union and the IRS together with recoveries from the bank and the fraudulent bookkeeper.

Case Example:
Expense Report Fraud

For some reason, expense accounts have been the most overlooked and least controlled area for many companies. Some supervisors give these reports a cursory review and, if they pass the 'smell test,' they are authorized.

Imagine the horror of a company that discovered a particular employee's 'authorized' expense reports had not in fact been authorized. She had forged the signatures of her supervisors and hand-delivered her expense reports to the accounting department, each time concocting an excuse why they did not come through the customary route.

This embezzler was later described as a 'smooth talker' who distracted others with her line of conversation. Over the course of 4 years, she submitted expense reports with several hundred thousand dollars of falsified expenses. She even went as far as creating false invoices submitted with her expense reports as support for her expenses. She included vouchers for business publication subscriptions, where she would show her credit card as having been used to incur the original expense, when in fact she hadn't even submitted the application for the subscription.

As is typical in many of these situations, her scheme was never found while she was in the company's employment. She actually was dismissed for a totally unrelated insubordination issue. In the interim, she had become bold and mailed an invoice to the company from a fictitious vendor using a post office box. That invoice first reached the bookkeeping department after she had been dismissed. A keen and skeptical clerk ran some Internet searches and internal reports, and discovered that the post office box had actually been used by the now former employee. Further investigation uncovered her entire scheme. The company recovered much of its loss from its insurance carrier, and the perpetrator was sentenced to time in prison.

Management Thefts

Fraud by management can be extremely serious since senior personnel can override the controls that have been put in place to prevent the very fraud they are committing. The effects of management misconduct can also have severe consequences for the company's overall morale and set a negative model for lower-level employees.

Case Example:
A Misused Credit Card

The new president of a publishing company was told by a disgruntled employee in Accounting that the company's secretary-treasurer was misusing her credit card and then covering her tracks by manipulating the firm's accounting records. (The president realized that this accusation was a political hot potato. It could not be left uninvestigated, but it could also destroy his effectiveness if it proved to be untrue. He was unknown, while the secretary-treasurer had been with the company for 7 years.)

Forensic accountants discovered that the secretary-treasurer had charged personal items to a general corporate expense account and to the advance accounts of several employees. (The company permitted employees to charge personal expenses to their own advance accounts, from which they would be deducted later.) The false journal entries were in the secretary-treasurer's own handwriting. On the basis of the investigators' evidence, the president was successful in persuading the board of directors to dismiss her.

The company was now faced with the expense of an executive search and the prospect of hiring an unknown for a sensitive position. Everyone was shocked that such a trusted person should have committed fraud. The company wisely incurred the additional expense of developing an educational program for employees in fraud prevention and detection and reviewing its accounting controls.

Case Example:
The Whole Shebang

A manufacturing company was headquartered on the East Coast of the U.S., but had its main facility in the Midwest. There was little day-to-day communication between the board of directors and senior management with management of the main operation in the Midwest. The chief financial officer, based in the Midwest, had been with the company for many years and had worked his way up from bookkeeper to assistant controller, to controller, and ultimately to CFO.

What was most interesting about the CFO's role was that with all the promotions leading finally to CFO, he retained custody over the bank reconciliations. Perhaps unwittingly, the company also allowed the CFO to authorize contracts with vendors, approve payments, actually print and sign checks, receive bank statements, and perform the bank reconciliation.

Over 7 years, the CFO embezzled over $600,000 through almost a dozen different schemes. One scheme was a falsified employee workers' compensation claim, which the CFO used to pay for his children's braces. Another was an expense account fraud, whereby the company paid the CFO's credit card bill through a corporate check ' while he at the same time submitted the charges on his expense account and was therefore reimbursed twice. He also paid for lavish family travel and entertaining at company expense, and received kickbacks from vendors in return for giving them various contracts.

When his former staff was questioned as to how these schemes could go unnoticed for so long, it became apparent that he had created a barrier between himself and anyone who worked for him. In addition, his physical size and manner reportedly intimidated anyone who wished to confront him.

Ultimately, a disgruntled secretary approached Human Resources and informed them that she thought something was peculiar about the handling of the CFO's expenses. She also questioned why he was still handling the bank reconciliation. An internal investigation ensued, and the schemes were discovered.

The company eventually recovered $500,000 of its losses under a fidelity bond. An agreement was reached between the company, the bonding company, and the U.S. attorney to keep the principal out of jail and working at another company in a nonfiduciary position, where he was able to start making restitution.

Conclusion

As recent corporate incidents have shown us, financial losses arising from fraudulent activity may lead to layoffs, closures or even business failures. Firms able to survive a fraudulent event may still miss key business opportunities. Fraud also extracts a huge personal cost ' leading, in some cases, to marriage break-ups, nervous disorders or even suicide.

We have to accept that no business and no one is immune to fraud. A firm that thinks itself invulnerable to fraud is, in fact, the most inviting to fraudsters.

Through stronger controls and regular checks and balances, firms can reduce the opportunities for fraud and increase fraudsters' expectation of getting caught. This benefits both your own organization and the clients you serve.

For all of the facts and war stories we tell as fraud investigators, however, we see that fraud cannot be eliminated entirely; for those in business, it is an occupational hazard. We therefore help ensure that a firm does not spend more money preventing and detecting fraud than it may possibly lose by it.

[Editor's Note: I've for some time been imploring Howard Silverstone to share with our readers a few stories and insights from his forthcoming second edition of Forensic Accounting and Fraud Investigation for Non-Experts (Wiley, 2006). With the new edition now in press, Howard has kindly acceded to this adaptation.]

You've read about it, you've heard about it, but let's say it again: Your employees, on their own or in collusion with others, can make your firm a victim of fraud. Understanding how fraud takes place can help you and your clients minimize its possibility; yet statistics show that many businesses do not understand fraud and do not recognize its red flags.

For starters, it's important to realize that employees at any level (including owners) can commit fraud, and that fraud can be simple or complex ' from bookkeepers writing themselves checks, to complex collusions accomplished by manipulating computer data and shipping stolen inventory to offsite locations.

Next, it's helpful to know that the prevalence of fraud varies greatly by type. As indicated in the 2004 report of the Association of Certified Fraud Examiners on Occupational Fraud and Abuse:

• Asset misappropriation figures in an overwhelming 92.7% of all occupational fraud.
• Corruption schemes are a distant second at 30.1%.
• Fraudulent statements come in third at 7.9%.

The rest of this article explores examples of inside fraud drawn from a variety of businesses. Law firms are far from immune to such problems.

Cash

Cash is the favorite target of fraudsters and accounts for 93% of all asset misappropriations, according to the 2004 ACFE study. Much is taken by outright cash larceny and skimming, but the majority is stolen through more elaborate disbursement schemes, including manipulation of the billing and payroll systems, falsification of expense reimbursements and check tampering.

All accounting cycles pass through the cash account at some time. The cash produced in these processes becomes either petty cash or demand deposits, such as checking accounts, interest-bearing accounts, certificates of deposit, or other liquid investments. The mechanism of these thefts is usually quite simple. Petty cash, for example, is stolen by forging authorizing signatures or creating false vouchers for reimbursement.

Dishonest employees often manipulate receipts being prepared for deposit. This is common in small companies where the same person is responsible for booking the cash receipts and writing the checks for deposit. In the face of this temptation, it is not uncommon for a long-term trusted employee to become an 'opportunity taker' type of fraudster. Because the money is so available and no one appears to be watching, the fraudster frequently rationalizes the theft as 'borrowing' with the intent to return the cash later.

Case Example:
Simple Deposit Fraud

A receptionist-bookkeeper at a dental practice prepared deposits of receipts for the bank and was also the only person who understood the proprietary software used to track patient data. The bookkeeper noticed that she could input data (checks, insurance receipts, credit card receipts) and prepare a deposit slip for the owner to take to the bank, before inputting cash into the system. The deposit slip given to the owner of the practice did not show certain cash receipts, hence he had no idea the bookkeeper had in fact pocketed the money. She entered the remaining cash into the system after printing the deposit slip, just in case a patient should ever be questioned about their account.

When the bookkeeper left the practice for a better-paying job, however, something happened that she had not factored into her scheme: a patient returned to the dental office asking for a receipt for cash she had paid 2 weeks before. The new bookkeeper, not yet being familiar with the computer system, obtained the deposit slip used by her boss to make the deposit on that particular day. Of course, the cash was nowhere to be found. They then went into the computer file and realized what had happened. A call to the police ensued!

Payroll Fraud

Fraud through the payroll department is commonly committed by using ghost employees, inflating hours of regular and overtime work, or overstating expense accounts or medical claims.

Case Example:
Simple Payroll Fraud

The bookkeeper of a construction company knew there were hundreds of transient workers on the payroll at any given time. She also knew that at any point in time, many workers dropped off the payroll and many more joined. She also knew that no one was checking her work. She handled the payroll, used the owner's facsimile signature stamp on checks, and hand-delivered the checks to the various jobsites.

The bookkeeper kept a handful of former employees on the payroll, both male and female. She even paid their union dues and payroll taxes. However, instead of delivering these checks to the jobsite, where of course the employees no longer worked, she endorsed the back of the checks and deposited them into her own bank account. She was friendly with one particular teller at the bank branch and used that teller exclusively to deposit the checks. Several people at her company were curious as to her new executive automobile, new home and rumored house at the beach ' which she passed off as the result of her husband's large win at the casino, but nobody pursued these red flags.

Finally, the bookkeeper had a prolonged illness. During her absence from the office, a temporary bookkeeper questioned why non-employees were still on the payroll. Ultimately, the company recovered just about all of its lost funds, including refunds from the union and the IRS together with recoveries from the bank and the fraudulent bookkeeper.

Case Example:
Expense Report Fraud

For some reason, expense accounts have been the most overlooked and least controlled area for many companies. Some supervisors give these reports a cursory review and, if they pass the 'smell test,' they are authorized.

Imagine the horror of a company that discovered a particular employee's 'authorized' expense reports had not in fact been authorized. She had forged the signatures of her supervisors and hand-delivered her expense reports to the accounting department, each time concocting an excuse why they did not come through the customary route.

This embezzler was later described as a 'smooth talker' who distracted others with her line of conversation. Over the course of 4 years, she submitted expense reports with several hundred thousand dollars of falsified expenses. She even went as far as creating false invoices submitted with her expense reports as support for her expenses. She included vouchers for business publication subscriptions, where she would show her credit card as having been used to incur the original expense, when in fact she hadn't even submitted the application for the subscription.

As is typical in many of these situations, her scheme was never found while she was in the company's employment. She actually was dismissed for a totally unrelated insubordination issue. In the interim, she had become bold and mailed an invoice to the company from a fictitious vendor using a post office box. That invoice first reached the bookkeeping department after she had been dismissed. A keen and skeptical clerk ran some Internet searches and internal reports, and discovered that the post office box had actually been used by the now former employee. Further investigation uncovered her entire scheme. The company recovered much of its loss from its insurance carrier, and the perpetrator was sentenced to time in prison.

Management Thefts

Fraud by management can be extremely serious since senior personnel can override the controls that have been put in place to prevent the very fraud they are committing. The effects of management misconduct can also have severe consequences for the company's overall morale and set a negative model for lower-level employees.

Case Example:
A Misused Credit Card

The new president of a publishing company was told by a disgruntled employee in Accounting that the company's secretary-treasurer was misusing her credit card and then covering her tracks by manipulating the firm's accounting records. (The president realized that this accusation was a political hot potato. It could not be left uninvestigated, but it could also destroy his effectiveness if it proved to be untrue. He was unknown, while the secretary-treasurer had been with the company for 7 years.)

Forensic accountants discovered that the secretary-treasurer had charged personal items to a general corporate expense account and to the advance accounts of several employees. (The company permitted employees to charge personal expenses to their own advance accounts, from which they would be deducted later.) The false journal entries were in the secretary-treasurer's own handwriting. On the basis of the investigators' evidence, the president was successful in persuading the board of directors to dismiss her.

The company was now faced with the expense of an executive search and the prospect of hiring an unknown for a sensitive position. Everyone was shocked that such a trusted person should have committed fraud. The company wisely incurred the additional expense of developing an educational program for employees in fraud prevention and detection and reviewing its accounting controls.

Case Example:
The Whole Shebang

A manufacturing company was headquartered on the East Coast of the U.S., but had its main facility in the Midwest. There was little day-to-day communication between the board of directors and senior management with management of the main operation in the Midwest. The chief financial officer, based in the Midwest, had been with the company for many years and had worked his way up from bookkeeper to assistant controller, to controller, and ultimately to CFO.

What was most interesting about the CFO's role was that with all the promotions leading finally to CFO, he retained custody over the bank reconciliations. Perhaps unwittingly, the company also allowed the CFO to authorize contracts with vendors, approve payments, actually print and sign checks, receive bank statements, and perform the bank reconciliation.

Over 7 years, the CFO embezzled over $600,000 through almost a dozen different schemes. One scheme was a falsified employee workers' compensation claim, which the CFO used to pay for his children's braces. Another was an expense account fraud, whereby the company paid the CFO's credit card bill through a corporate check ' while he at the same time submitted the charges on his expense account and was therefore reimbursed twice. He also paid for lavish family travel and entertaining at company expense, and received kickbacks from vendors in return for giving them various contracts.

When his former staff was questioned as to how these schemes could go unnoticed for so long, it became apparent that he had created a barrier between himself and anyone who worked for him. In addition, his physical size and manner reportedly intimidated anyone who wished to confront him.

Ultimately, a disgruntled secretary approached Human Resources and informed them that she thought something was peculiar about the handling of the CFO's expenses. She also questioned why he was still handling the bank reconciliation. An internal investigation ensued, and the schemes were discovered.

The company eventually recovered $500,000 of its losses under a fidelity bond. An agreement was reached between the company, the bonding company, and the U.S. attorney to keep the principal out of jail and working at another company in a nonfiduciary position, where he was able to start making restitution.

Conclusion

As recent corporate incidents have shown us, financial losses arising from fraudulent activity may lead to layoffs, closures or even business failures. Firms able to survive a fraudulent event may still miss key business opportunities. Fraud also extracts a huge personal cost ' leading, in some cases, to marriage break-ups, nervous disorders or even suicide.

We have to accept that no business and no one is immune to fraud. A firm that thinks itself invulnerable to fraud is, in fact, the most inviting to fraudsters.

Through stronger controls and regular checks and balances, firms can reduce the opportunities for fraud and increase fraudsters' expectation of getting caught. This benefits both your own organization and the clients you serve.

For all of the facts and war stories we tell as fraud investigators, however, we see that fraud cannot be eliminated entirely; for those in business, it is an occupational hazard. We therefore help ensure that a firm does not spend more money preventing and detecting fraud than it may possibly lose by it.