Category Archives for "Fraud"

Jul 21

Disbursement Fraud Audit Tests: Five Powerful Ideas

By Charles Hall | Auditing , Fraud

Are you looking for disbursement fraud audit tests? Here’s your article.

You are leading the audit team discussion concerning disbursements, and a staff member asks, “Why don’t we ever perform fraud tests? It seems like we never introduce elements of unpredictability.”

You respond by saying, “Yes, I know the audit standards require unpredictable tests, but I’m not sure what else to do. Any fresh ideas?”

The staff member sheepishly responds, “I’m not sure.”

And you are thinking, “What can we do?”

disbursement fraud audit tests

Picture from AdobeStock.com

Five Disbursement Fraud Audit Tests

Here are five disbursement fraud tests that you can perform in most any audit.

1. Test for duplicate payments

Why test for duplicate payments?

Theft may occur as the accounts payable clerk generates the same check twice, stealing and converting the second check to cash. The second check may be created in a separate check batch, a week or two later. This threat increases if (1) checks are signed electronically or (2) the check-signer does not normally examine supporting documentation and the payee name.

How can you test for duplicate payments?

Obtain a download of the full check register in Excel. Sort by dollar amount and vendor name. Then investigate same-dollar payments with same-vendor names above a certain threshold (e.g., $25,000).

2. Review the accounts payable vendor file for similar names

Why test for similar vendor names?

Fictitious vendor names may mimic real vendor names (e.g., ABC Company is the real vendor name while the fictitious name is ABC Co.). Additionally, the home address of the accounts payable clerk is assigned to the fake vendor (alternatively, P.O. boxes might be used).

The check-signer will probably not recognize the payee name as fictitious.

How can you test for similar vendor names?

Obtain a download of all vendor names in Excel. Sort by name and visually compare any vendors with similar names. Investigate any near-matches.

3. Check for fictitious vendors

Why test for fictitious vendors?

The accounts payable clerk may add a fictitious vendor. What address will be entered for the fictitious vendor? You guessed it: the payable clerk’s home address (or P.O. Box).

Pay particular attention to new vendors that provide services (e.g., consulting) rather than physical products (e.g., inventory). Physical products leave audit trails; services, less so.

How can you test for fictitious vendors?

Obtain a download in Excel of new vendors and their addresses for a period of time (e.g., month or quarter). Google the business addresses to check for validity. If necessary, call the vendor. Or ask someone familiar with vendors to review the list (preferably someone without vendor set-up capabilities).

4. Compare vendor and payroll addresses

Why compare vendor and payroll addresses?

Those with vendor-setup ability can create fictitious vendors associated with their own home address. If you compare all addresses in the vendor file with addresses in the payroll file, you may find a match. (Careful – sometimes the match is legitimate, such as travel checks being processed through accounts payable.) Investigate any suspicious matches.

How can you test for the same vendor and payroll addresses?

Obtain a download in Excel of (1) vendor names and addresses and (2) payroll names and addresses. Merge the two files; sort the addresses and visually inspect for matches.

5. Scan all checks for proper signatures and payees

Why test checks for proper signatures and payees?

Fraudsters will forge signatures or complete checks with improper payees such as themselves.

How can you test for proper signatures and payees?

Pick a period of time (e.g., two months), obtain the related bank statements, and scan the checks for appropriate signatures and payees. Also, consider scanning endorsements (if available).

Your Ideas

Those are a few of my ideas. Please share yours.

Need additional ideas regarding how fraud might occur. Check out my post: 25 Ways Fraud Happens.

My fraud book provides more insights into why fraud occurs, how to detect it, and–most importantly–how to prevent it. Check it out on Amazon by clicking here. The book focuses on local government fraud, but most of the information is equally applicable to small businesses.

$16 million stolen from bakery
Jul 01

How $16 Million was Stolen from a Bakery

By Charles Hall | Asset Misappropriation

$16 million was stolen from a bakery. You read that right.

Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.

The Theft

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

  • $11 million on a Black American Express card
  • $1.2 million at Neiman Marcus in Dallas
  • 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
  • Wine collection (having an approximate value of $50,000)
  • Steinway electronic piano (having a value of $58,500)
  • 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
  • 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
  • And more…

How the money was stolen

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

$16 million was stolen from bakery

The Weakness that Led to the Theft

No one was comparing the cleared check payees to the general ledger. 

The Fix that Will Detect the Theft

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, require a second-person review of canceled checks.

Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.

In March 2019, Sandy Jenkins passed away in a federal prison.

Forthcoming Movie

You may be familiar with the movie Catch Me If You Can which chronicled the exploits of Frank Abagnale, one of the most brilliant cons of all time. Now, it appears there will be a new movie about another: Sandy Jenkins. 

backdoor payroll theft
May 16

Backdoor Payroll Theft of Withholdings

By Charles Hall | Asset Misappropriation

Backdoor payroll theft is not common, but it is a real threat. Many auditors are unaware of this possibility. So they don’t look for it. In this article, I explain how the theft occurs.

Backdoor Payroll Theft

Gertrude, the payroll clerk, intentionally overpays company state withholding taxes by $25,000. She then amends her own W–2 so that it includes the excess payment (the $25,000 is added to her state withholding total). Once Gertrude files her personal state tax return, she receives an extra $25,000. In effect, she is using the state government as a funnel for theft.

In this business, Gertrude processes payroll and files all related payroll tax reporting information. Additionally, she makes payroll withholding payments and records payroll entries in the general ledger. Not uncommon in a small entity. Also, no second person reviews the W-2s before they are mailed.

backdoor payroll theft

The Weakness

One person is performing all payroll functions, so her actions are not visible to anyone else. Also, no second person is reviewing the W-2s before they are mailed.

The Fix

Have someone outside the payroll department review and mail the W-2s. Or add an additional person in payroll to create additional segregation of duties.

More Information About Auditing Payroll

See my article titled Auditing Payroll: The Why and How Guide. I provide information about payroll walkthroughs, risk assessment, and substantive procedures. So check it out.

receipt fraud test for auditors
May 08

Three Receipt-Fraud Tests (for Auditors)

By Charles Hall | Asset Misappropriation

Today I provide three receipt-fraud tests for auditors. 

The audit standards require that we introduce elements of unpredictability. Additionally, it’s wise to perform fraud tests. But I find that auditors struggle with brainstorming (required by AU-C 240, Consideration of Fraud in a Financial Statement Audit) and developing fraud tests. That’s why I wrote Five Disbursement Fraud TestsIt’s also why I am providing this post.

So, let’s jump in. Here are three receipt-fraud tests.

receipt-fraud tests for auditors

Three Receipt-Fraud Tests

1. Test adjustments made to receivables

Why test?

Receipt clerks sometimes steal collected monies and write off (or write down) the related receivable. Why does the clerk adjust the receivable? So the customer doesn’t receive a second bill for the funds stolen. 

How to test?

Obtain a download of receivable adjustments for a period (e.g., two weeks) and see if they were duly authorized. Review the activity with someone outside the receivables area (e.g., CFO) who is familiar with procedures but who has no access to cash collections.

If there are multiple persons with the ability to adjust receivable accounts (quite common in hospitals), compare weekly or monthly adjustments made by each employee.

Agree receipts with bank deposits.

2. Confirm rebate (or similar type) checks

Why test?

When rebate checks are not sent to a central location (e.g., receipting department), the risk of theft increases. Rebate checks are often not recorded as a receivable, so the company may not be aware of the amounts to be received. Stealing unaccrued receivable checks is easy.

How to test?

Determine which vendors provide rebate checks (or similar non-sales payments). Send confirmations to the vendors and compare the confirmed amounts with activity in the general ledger.

Theft of rebate checks is more common in larger organizations (e.g., hospitals) where checks are sometimes received by various executives. The executive receives a check in the mail and keeps it for a while (in his desk drawer – in case someone asks for it). Once he sees that no one is paying attention, he steals and converts the check to cash.

3. Search for off-the-book thefts of receipts

Why test?

The fraudster may bill for services through the company accounting system or an alternative set of accounting records and personally collect the payments.

How to test?

Compare revenues with prior years and investigate significant variances. Alternatively, start with source documents and walk a sample of transactions to revenue recognition, billing, and collection.

Here are a few examples of actual off-the-book thefts:

Police Chief Steals Cash

An auditor detected a decrease in police-fine revenue in a small city while performing audit planning analytics. Upon digging deeper, he discovered the police chief had two receipt books, one for checks that were appropriately deposited and a second for cash going into his pocket. Sometimes, even Andy Griffith steals.

Hospital CFO Steals Cash

hospital CFO, while performing reorganization procedures, set up a new bank account specifically for deposit of electronic Medicaid remittances. He established himself as the authorized bank account check-signer.

The CFO never set up the bank account in the general ledger. As the Medicaid money was electronically deposited, the CFO transferred the funds to himself.  What was the money used for? A beautiful home on Mobile Bay, new cars, and gambling trips.

Another Receipt Fraud to Consider

Sometimes it’s not the front-desk receipt clerk that steals. Surprisingly, your receipt supervisor can be on the take. So, consider that receipt theft takes place up-front and in the back-office.

how to audit property
Mar 28

City Manager Pockets Cash from the Sale of Excess Property

By Charles Hall | Asset Misappropriation

The Theft

Is it possible to convert large pieces of excess property to cash–all without anyone knowing? Apparently yes.

Two men, Alfred Ketzler (the city manager) and Alfred Fabian, were found guilty of wire fraud and theft from the city of Tanana, Alaska.

Illegal sales of government property

Picture is courtesy of AdobeStock.com

Department of Justice Indictment Press Release

So what happened?

First, the Department of Justice stated “Ketzler would acquire surplus federal property that was stored at several different locations without notifying the mayor of Tanana or the city council for the city of Tanana of the federal excess and surplus property obtained on behalf of the city of Tanana.”

The Department of Justice went on to say “that Fabian, for his part, would transport federal excess and surplus property obtained on behalf of the city of Tanana to storage locations in and around Fairbanks, Alaska, including his own residence.”

Finally, the indictment stated that once the excess property was received, Ketzler would sell the equipment to individuals and businesses, telling them the property belonged to the City of Tanana. He asked that the checks be made out to him personally. The indictment continued by saying Ketzler would deposit the checks in his personal account and make payments to Fabian.

The indictment stated that the men received approximately $122,000 in illegal funds.

The property sold included:

  • Trucks
  • Fork Lifts
  • Bulldozers
  • Other industrial equipment

Department of Justice Sentencing Press Release

A June 2014 Department of Justice press release stated:

Anchorage, Alaska – U.S. Attorney Karen L. Loeffler announced today that two Fairbanks men were sentenced on Friday, June 6, 2014, in federal court in Fairbanks after being found guilty of wire fraud and theft from a local government receiving federal funds.

Alfred Richard Ketzler, Jr., also known as “Bear” Ketzler, 57, of Fairbanks, Alaska, was sentenced to 16 months in prison to be followed by two years of supervised release by Chief U.S. District Court Judge Ralph R. Beistline. Ketzler pled guilty in March 2014. Ketzler has already paid restitution to the City of Tanana in the amount of $116,500.

Alfred McQuestion Fabian, 62, of Fairbanks, Alaska, was sentenced to six months in prison to be followed by two years of supervised release by Chief U.S. District Court Judge Ralph R. Beistline. Fabian pled guilty in March 2014.

The Weakness

The city may have had appropriate inventory controls (the DOJ press releases did not say). Most noteworthy, this case appears to reflect a circumvention of controls. The city manager had the power and ability to consummate transactions that were (apparently) not recorded on the city’s records. The indictment states that Ketzler did not provide the city with appropriate notice of the receipt and sale of the excess property. Also the payments received were not recorded on the city’s books.

The Fix

Organizations should do all they can in the hiring process to bring people in that are honest. How? Background checks and the calling of references are critical.

It is imperative that all property be included in inventory—as soon as title transfers to the city. And, obviously, all payments should be made to the city (in this case) and not to individuals. A receipt should be issued to the payor that details the reason for the payment, the amount, and who made it.

1 2 3 10
>