All Posts by Charles Hall

Follow

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.

Bribery in business
Nov 16

Bribery in Businesses: How to Lessen

By Charles Hall | Corruption

The World Bank estimates that over $1 trillion in bribes are offered each year. Bribery in business is costly. Today we look at how bribery works and how you can prevent it.

A Bribery Story

The FBI performed a sting operation involving two mid-Georgia city council members. The Bureau’s court complaint alleged that two city council members contacted a city vendor requesting a bribe. The vendor, according to the complaint, had previously provided services to the city. But when the contract came up for renewal, the city officials sought monetary encouragement (also known as cash) to continue the arrangement.

Bribery in business
The vendor’s president, once aware of the proposed bribe, contacted the FBI, which in turn conducted the sting.
On the arranged date, the company CFO delivered $20,000 in cash to the city council members. The conversation was recorded as the payment was made. The arrests followed soon thereafter.

The bribe was unsuccessful in this case, but, all too often, the bad guys receive the cash, and the organization suffers. How?

Vendors usually don’t absorb the cost of the bribe. They pass the expense along to the organization in the form of increased invoice billings, or the vendor will, in some cases, provide substandard products or services. Either way, the organization suffers, and the villain walks away with cash or a free vacation or a free car or…well, you get the picture.

Bribery Control Weaknesses

Bribery in business increases as dishonest people lead. Organizations should vet each key employee before hiring, making sure the person has historically acted in an upright manner. (In the case above, the citizens must vote for ethical leaders.)

The city had no fraud hotline. The Association of Certified Fraud Examiners biennial survey has repeatedly shown that corruption is often unearthed by tips–often through a fraud hotline. What is a fraud hotline? It is any means that an organization provides its employees to report a potential theft. (See below.) Bribery can occur even when organizations have the best of controls, but hotlines are a key defense.

Entity’s-level controls such as a code of ethics are just as important as activity-level controls.

Bribery in Business: How to Lessen

Organizations can increase communications about potential theft by:

  • Providing a 24/7 phone number–it can be a 1-800 number (employees call and report any information anonymously)
  • Provide employees with an email address where they can report suspected fraud
  • Ask employees to report red flags (signs of fraud) to a designated person in your organization

To mitigate corruption, implement these controls (there are others, but these will help):

  • Require sealed bids that are opened in the presence of multiple people (mainly for larger purchases)
  • Implement a whistleblower program (include vendors)
  • Require announced periodic vendor audits
  • Implement a conflict of interest policy
  • Implement a bribery prevention policy (include gifts)
  • For significant construction contracts, monitor all phases of the project, including solicitation of bids, awarding of the bid, development of the contract, on-site construction, and related billing, and contract change orders (don’t trust the builder to do this for you).
Inflated invoices
Nov 15

Inflated Invoices: An Easy Way to Steal

By Charles Hall | Asset Misappropriation

Fraudsters can steal with inflated invoices. In the story below, you’ll see that a school maintenance director was able to take millions by doing so. Today, we look at how this scheme works and how you can prevent it.

Inflated Invoices

The school maintenance director, Derek Brown, purchases materials from two local hardware stores; also, the school contracts with a nearby electrical services company. Each of these businesses is owned by relatives of Derek. While the school board knows about the familial relationships, they are accustomed to the use of these vendors. After all, it’s been that way for years.

Inflated invoices
What the board doesn’t know is that Derek often receives inflated invoices from these related parties.
For example, if the school orders $30,000 of supplies, it receives an invoice for $45,000. Derek approves the purchase orders, the physical receipt of the goods, and the payment of the invoice. (At times, one of Derek’s assistants counts the physical goods received, but he is party to the fraud as well.) It’s easy for Derek to approve the overstated bills. 

Additionally, some of Derek’s business friends (persons doing business with the school) send invoices to the school for services never provided. He approves these payments as well. 

About once a month, the related-party vendors pay Derek 50% of the excess billings.

The above fraud example is based (partially) on an ongoing case involving the Floyd County Schools where millions were stolen.

Internal Control Weakness

The weakness lies in the lack of segregation of duties. Derek approves:

  • The purchase orders
  • The physical counts of goods or services received
  • The approval of the invoices

A contributing element is the school board going to sleep–these types of relationships should be vetted. If no other vendors are available–often the reason for using such local businesses–then additional scrutiny should be brought to bear upon the related payments.

Stopping Inflated Invoice Fraud

Segregate the duties, especially the purchase order approval. A conflict-of-interest policy should be adopted requiring all school officials and key administrative personnel to disclose questionable relationships. If key conflicts are not eliminated, the related activity should be subject to audit by an outside CPA or Certified Fraud Examiner.

Additional Fraud Prevention Assistance

If you work with local governments, you will find my fraud book useful in identifying and preventing fraud. See the book on Amazon by clicking the icon below.

 

double pay a vendor
Nov 14

How to Steal by Double Paying a Vendor

By Charles Hall | Asset Misappropriation

The Theft

Fraudsters can steal by double paying a vendor. In this article, I show you how duplicate payments sometimes end up in an employee’s pocket and how to prevent this fraud.

John, an accounts payable clerk, works for Zoom Inc. Last year, he accidentally sent two checks to the same company for the same invoice. To recover the second disbursement, John called the vendor, and they quickly returned the extra payment. While he was embarrassed about his mistake, he realized that had he not recovered the check, no one would have noticed.

double pay a vendor

Steal by Double Paying the Vendor

John has the itch to buy a new BMW. He saved some money, but he needs more–much more. Then he remembers the accidental double payment and has an epiphany. Yeah…that might work.

John intentionally pays the company’s vendor, River Merchants, twice for the same invoice of $47,540. The checks are signed electronically by computer, so no one is physically inspecting the checks or invoices. Liz, John’s coworker, mails all vendor payments. Consequently, he can’t steal the second check before mailing.

Liz mails the checks. The next day John calls River Merchants saying, “Sorry, but I just realized I sent two payments to you for the same invoice. Would you please return the second check? My address is…”

John receives the second check Monday morning. Now he converts the check to cash by opening a bank account in the name of River Merchants and depositing the check. John is the authorized check signer on the account, so he writes a check to himself. He’s soon cruising the boulevard in his new red Beemer.

The Weakness

No one is monitoring the accounts payable process. While the company did implement the policy of having a second person mail the checks, no one is reviewing check disbursements for double payments.

The Fix

Periodically download the check register to Excel; you only need the following columns:

  1. Vendor name
  2. Check number
  3. Invoice number
  4. Check amount (amount paid)

Sort the payments by vendor name; then scan the list for same amounts paid to the same vendor. If you see payments to the same vendor with the same invoice number and the same dollar amount, then dig deeper. (Accounts payable software should not allow the processing of two checks with the same invoice number–even so, some systems allow overrides; alternatively, the fraudster may bypass this restriction by altering the invoice number.) If it appears that a double payment has occurred, call the vendor to see if a refund has been issued.

Obviously, some payments to vendors should be for the same amount (such as rent)–these should be ignored for this test.

Sometimes, in performing this test, you will find double payments–made by mistake–that the vendor has not returned. The first time I did this test, I found such a payment for over $75,000.

More Fraud Prevention Tips

For more information about fraud prevention, check out my book on Amazon. Click the book icon below.

Fraudsters Writing Checks to Themselves
Nov 09

Fraudsters Writing Checks to Themselves: How to Understand It and Prevent It

By Charles Hall | Asset Misappropriation

The Theft

Fraudsters do write company checks to themselves. Today I tell you how they do so and how you can prevent this type of theft.

Randy Toms, a city accounting clerk, creates a manual check for $5,200 that is made out to himself and signs it with a signature stamp. (The stamp is used when the mayor is out of town.) Randy enters the transaction into the accounting system–using a journal entry–as a payment to Macon Hardware. The result: The general ledger reflects a payment to Macon Hardware, but the check is made out to Randy. Also, he codes the disbursement to an account with sufficient remaining budgetary balance. The subterfuge works since the expense accounts reflects appropriate vendor activity (a check to Macon Hardware), and expenses don’t exceed budget. Randy performs the monthly bank reconciliation, so he alone sees the cleared checks.

Given Randy’s success with the first check, he continues the fraud for several years.

(Here’s another twist to this type of theft. Some companies print their checks with the signature affixed, so the computer (in effect) signs the check. When this is true, some fraudsters will print the check to a legitimate vendor. Then they will destroy the check and write a manual check (from other company check stock) to themselves. In such cases, they are either authorized signers or they forge the signature.)

Fraudsters Writing Checks to Themselves

The Weakness

The following provides the perfect environment for this theft:

  1. The existence of the signature stamp
  2. The clerk posts journal entries without a second-person review (approval)
  3. The clerk reconciles the related bank account (ensuring that no one–other than Randy–sees the cleared checks)

As you can tell there is a lack of segregation of duties. Many small organizations are unable to segregate accounting duties since they have a limited number of employees. Even so, there are steps you can take to reduce the possibility of theft.

You may be thinking, “Wouldn’t the auditors catch this type of fraud?” Probably not. Auditors seldom compare cleared checks to supporting invoices. (If you’re an auditor, you may want to consider this potential theft in your fraud brainstorming sessions.)

The Fix

The fix includes the following:

  1. Get rid of the signature stamp
  2. Require second party approval of all journal entries
  3. Have someone other than the clerk reconcile the bank account (and review cleared checks)

Some governments or businesses have bank statements mailed to someone outside the accounting department such as the city mayor or business owner. This person opens the bank statement and performs a cursory review of the cleared checks–once done, the bank statement is routed to the accounting department. Since cleared checks are viewed by someone else, there is less of a chance that the accounting staff will write checks to themselves.

Converting company checks to cash
Nov 08

Converting Company Checks to Cash

By Charles Hall | Asset Misappropriation

The Theft: Converting Company Checks to Cash

In a recent post, we saw that John opens the mail and receipts checks made out to the City of Whoville. He was stealing cash by using the check-for-cash fraud scheme. That’s one way to steal.

But consider that converting company checks to cash—even without using a check-for-cash scheme—is possible. 

In this post, I show you how fraudsters turn company checks into cash.

Converting company checks to cashJohn can open a new bank account in the name of the city. Everyone in the community knows that John works in the city’s accounting department; so it appears perfectly normal for him to open a new bank account. John conveniently signs the signature card as the solely authorized signature. The name he uses for the bank account is Whoville Projects. So, the account name appears reasonable, and John has what he wants–a bank account for which he is the solely authorized signer.

John alone opens the mail. Now he steals checks made out to the city and deposits them into the Whoville Projects bank account (the new account is never set up in the city’s general ledger). Then John writes checks from his fraudulent bank account to anyone he chooses–including himself. (Rita Crundwell used an off-the-books checking account to steal $53 million dollars.)

Many companies incorrectly believe that fraudulent bank accounts can’t be opened in their name, especially if they are incorporated. Why? Because most banks ask for copies of company corporate documents. But consider that fraudsters can open a “doing business as” bank account in the name of ABC Company. Since the bank account is a personal (and not a corporate) bank account, the bank will not ask for corporate documentation.

Also, fake corporate documents can be created, if Susie wants to go the route of opening the bank account in the name of ABC Company, Inc.

The Internal Control Weakness

The fundamental weakness is John opens the mail and receipts the checks by himself. Also, this type of theft often occurs when no one is comparing revenues to budget or prior period amounts. A lack of security cameras allows John’s thefts to go undetected.

Fix the Control Weakness

Two people should be present when the mail is opened and receipted. Another alternative is to use a lockbox; that way, all checks go directly to the city’s bank rather than to the city.

The city should install security cameras and record all activity.

Periodically request a list of all accounts from the bank. Then see if each account is set up in the city’s general ledger.

1 32 33 34 35 36 41
>