Category Archives for "Fraud"

$16 million stolen from bakery
Feb 20

Collin Street Bakery Fraud: $16 Million

By Charles Hall | Asset Misappropriation

Sandy Jenkins, a controller, stole $16 million from the Collin Street Bakery. You read that right. A bakery.

Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.

The Collin Street Bakery Fraud

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

  • $11 million on a Black American Express card
  • $1.2 million at Neiman Marcus in Dallas
  • 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
  • Wine collection (having an approximate value of $50,000)
  • Steinway electronic piano (having a value of $58,500)
  • 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
  • 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
  • And more…

How the money was stolen from Collin Street Bakery

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

Collin Street Bakery

The Weakness that Led to the Collin Street Bakery Theft

No one was comparing the cleared check payees to the general ledger. (The Collin Street Bakery is not the only business that has suffered from this type of fraud; see my previous article titled Fraudsters Writing Checks to Themselves.)

The Fix that Will Detect the Theft

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, require a second-person review of canceled checks.

Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.

In March 2019, Sandy Jenkins passed away in a federal prison.

Fruitecake Movie

You may be familiar with the movie Catch Me If You Can which chronicled the exploits of Frank Abagnale, one of the most brilliant cons of all time. Now, there is a new movie about another: Sandy Jenkins. 

 

Related party transaction
Dec 22

Related Party Transactions: Fraud

By Charles Hall | Auditing , Financial Statement Fraud , Fraud

Related party transactions can be a means to fraudulent financial reporting. Yet, auditors often don't detect the financial statement manipulation, leading to audit failure. This article explains how to understand and find fraudulent related party transactions. 

Related party transaction

Related Party Transaction

What is a related-party transaction?

It’s a transaction between two parties that have a close association. For example, two commonly owned businesses sell services or goods to one another. In another example, a business buys property from a board member or from the owner. 

Normal Related Party Transactions

Related party transactions are typical and often expected. For example, a business might rent real estate from a commonly owned entity. In such an arrangement, the rental rate can be at fair value. So if a company pays for twelve months' rent at a standard rate, everything is fine. No manipulation is occurring. 

Reason for Related Party Fraud

But in some cases, companies use related party transactions to deceive financial statement readers. Why? Because the business is not performing as well as desired, or maybe the company is not in compliance with debt covenants. (Noncompliance can trigger a call for repayment, or the loan can become a current liability based on accounting standards.) 

Fraudulent Increase in Net Income

Imagine this scene. It's December 15th, and management is reviewing its annual financial results. The CEO and CFO receive substantial bonuses if the company's net profit is over $10 million. At present, it looks as if the business is just short, with an expected net income of $9.7 million. They need another $300,000. 

So they develop a related party transaction whereby a commonly owned company pays their business $350,000 for bogus reasons--what auditors call a transaction outside the normal course of business. Since the CEO and CFO also manage the related entity, they control the accounting for both entities.  

Management performs the trick on December 27th, and soon they are toasting drinks in the back room. The bonus enables the CEO to buy his wife a new Tesla and the CFO to take a one-month trip to Europe. And it was so easy. 

In considering related party transactions, know that they are more likely with smaller entities, especially when one person owns several entities. So you'll want to know if associated businesses are making payments or loans to commonly owned companies.

Related Party Audit Procedures

As you begin your audit, request a list of all related-party transactions. Also, pay attention to such activity in the company's minutes. Additionally, electronically search company receipts, payments, and journal entry descriptions using the related party names. Then investigate any abnormal transactions outside the normal course of business, especially if they involve round-dollar amounts (e.g., $350,000). 

In performing your fraud inquires, ask about related party transactions and if any unusual transactions occurred during the year (or after the year-end). And make sure you interview persons responsible for initiating, approving, or recording transactions. In other words, inquire of the CEO and CFO, but also ask questions of others such as the cash receipts or the accounts payable supervisor. The CEO and CFO might hide the bogus transaction, but, hopefully, the cash receipts supervisor will not. 

As you can tell in the above example, you want to be aware of incentives for fraud, such as bonuses or the need to comply with debt covenants. 

Does It Make Sense?

If you see an unusual transaction, request supporting information to determine its legitimacy. I once saw a $5 million transaction at year-end, and when I asked for support, the journal entry said, "for prior services provided." You might receive some mumbo jumbo explanation for such a payment. But know this: vague reasons usually imply fraudulent activity. 

So, see if the economics make sense. Would a company pay that much for the services or products received? If not, you may need to propose an audit entry to correct the misstatement. 

Representation Letter

And, by the way, having the client sign a management representation letter saying the transaction is legitimate does not absolve the auditor. Either the payment is economically supportable, or it is not. 

Fraudulent Decrease in Net Income

Strangely, some companies desire to deflate their earnings. For example, maybe the company has had an unusually good year and wants to defer some net income for the future. So it is possible that related party payments are made to decrease earnings, and then the company might receive the same amount in the future from the related entity.  The result: expenses in the current year and revenue in the subsequent year. Again, we as auditors need to understand the goals and incentives of the company to understand how and why fraud might occur. 

Related Party Disclosures

Even if related party transactions are legitimate, businesses are required to disclose them. The related party disclosure should include the reason the other entity is a related party and the amount of the transactions. 

Financial Statement Fraud

The easiest way to fraudulently report financial activity--at least in my opinion--is to post deceptive journal entries. Those can be created without the use of related parties. For example, an entity might fraudulently debit receivables and credit revenue for $350,000. No revenue is earned but the entry is made anyway. 

The second easiest way—explained in this article—is fraudulent related party transactions. 

Either method can magically create millions in fraudulent revenue. So be on guard as you consider the possibility of transactions outside the normal course of business. 

Make sure you:

  1. Obtain a list of related parties
  2. Review minutes for related party activity
  3. Search records electronically for related party names
  4. Inquire of management and others about related party activity

See AU-C 550 Related Parties for AICPA guidance. 

Fraud prevention
Nov 25

Providing Fraud Prevention Services to Compilation Clients

By Charles Hall | Fraud

This post discusses CPAs providing fraud prevention services to compilation clients. If you haven’t done so in the past, it could be a new revenue stream for your firm. 

Fraud prevention

The Greater Risk for Your Client

How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.

What is the greater risk for your client?

  • Financial statements are misstated or
  • A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business

You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.

I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?

It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.

When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.

Defining Your Compilation Service

Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.

  1. Do you obtain a signed compilation engagement letter?
  2. Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?

These two actions lessen your risk.

If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment. 

Fraud Prevention and Compilation Services 

Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.

Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you don’t have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners

If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.

I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)

In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)

Fraud Prevention Services Create Risk

But doesn’t providing fraud prevention services create additional risks for the CPA?

Yes.

Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say. 

If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.

CPA Independence

Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.

If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look at Definitive Guide to Compilation Engagements

Agree or Disagree?

What do you think about offering fraud prevention services to compilation clients?

You can learn more about white-collar crime here.

fictitious vendor fraud
Oct 13

Fictitious Vendor Fraud: How to Prevent It

By Charles Hall | Asset Misappropriation , Fraud , Local Governments

Twenty-four percent of governmental frauds are billing schemes such as fictitious vendor theft, so says the Association of Certified Fraud Examiners. Fictitious vendor fraud is usually committed by a person with the ability to establish new vendors in the accounting system (often the accounts payable clerk). If you are going to prevent this fraud, you need to know how it works. 

Fictitious Vendor Fraud

First, the clerk creates the fictitious vendor in the accounts payable system using his own address (or that of an accomplice). Alternatively, he may use a personal P.O. box (which is more common). Second, the clerk creates fictitious vendor invoices to support the payments; often, these invoices are for services rather than for a physical product. Since no shipped asset will be received by the government, it’s easier to conceal the fraud. Finally, the accounts payable clerk issues the vendor checks: since the fictitious vendor check address is that of the accounting clerk, the check is mailed directly to the fraudster (or his accomplice).

Here’s an example of how this fraud might happen.

Accounts Payable Clerk Fraud

John, the accounts payable clerk, sets up the fictitious vendor, Rutland Consulting, and keys his (John’s) address (P.O. Box 798, Atlanta, Georgia, 99890) into the vendor master file. To save time, the city has elected to have all checks signed electronically by the computerized system, so printed checks have signatures on them, and it just so happens that John prints all checks. John records an accounts payable amount of $53,322 to Rutland Consulting. 

To conceal the fraud, John creates a fictitious consulting services invoice from Rutland Consulting (especially designed for the auditors), and he codes the expense to an account which has plenty of remaining budgetary appropriation. Now John prints and mails the checks (including the fictitious vendor check).

Two days later John picks up his check at his P.O. box. John has opened a bank account for—you guessed it—Rutland Consulting; he is the only authorized check signer for the account. After depositing the city-issued check to the Rutland Consulting checking account, he writes checks to himself. Soon John’s friends are impressed with his shiny new bass boat.

Other Fraudulent Disbursement Schemes

While reading about John’s fraud, you may be thinking, “Not a problem in my government. Our checks are physically signed.” Consider, however, that signed checks can be created by:

  • Forging signatures on manual checks
  • Signing checks with signature stamps

The fraudster might also, in another twist to this scheme, just wire the money electronically and record the transaction with a journal entry. If the fraudster can get a fake vendor added to the payables system and create a signed check or wire funds, then the fictitious vendor scheme becomes a possibility.

Banks generally do not visually inspect checks as they clear (how could they, given the volume of daily checks?), so a forged signature will usually suffice. John’s theft described above becomes easier if he also reconciles the related bank statement—no second pair of eyes will inspect the cleared checks.

Department Head Fraud 

City or county department heads can also use a fictitious vendor scheme if they can submit believable new-vendor documentation. Many governments do not verify the existence of new vendors; therefore, a department head can merely send a fake invoice to the payables clerk and receive payment.

Oftentimes when an accounts payable clerk receives an invoice, he will add the new vendor to the accounts payable master file without verifying that the vendor is real. Since department heads often code and approve invoices (by writing the expense account number on the invoice and initialing the same), the payment will be recorded in an account of the department head’s choice.

Again, such invoices are usually for services (e.g., electrical repair)—that way, the accounts payable department is not waiting for receiving documents (e.g., packing slips) before payment is made.

fictitious vendor fraud

Fictitious Vendor Fraud Factors

The fictitious vendor fraud hinges on three factors: 

  1. Getting the fictitious vendor added to the accounts payable vendor list (along with the false address)
  2. Getting the payment made (either by controlling the whole payment process or by having the authority to approve disbursements)
  3. Getting the payment posted to an account where its presence goes unnoticed

Lessen Fictitious Vendor Threat

To mitigate the risk of fictitious vendors, do the following:

  • Require vendors to provide a physical address (even if payments are to be mailed to a P.O. box)
  • Require the accounts payable clerk to verify the existence of the new vendor (by calling the vendor or googling the vendor’s address)
  • Have someone outside of accounts payable (e.g., controller) review new vendors added
  • Segregate duties (namely the ability to add new vendors and the power to authorize payments); have at least two persons involved in processing all payables
  • Have someone other than an accounts payable person reconcile the bank statement and require that that person compare the payee on cleared checks to the general ledger; if this suggestion is not viable, periodically review all cleared checks for a month and review the payees on the checks
  • Periodically review the list of vendors in your accounts payable system

While this is not a comprehensive article about fictitious vendor fraud, hopefully it will prompt you to consider whether your internal controls are sufficient in relation to this threat.

Learn More About Fraud

For more information about fraud prevention, check out my book: The Little Book of Local Government Fraud Prevention.

Local Government Fraud Prevention

Available on Amazon in Kindle and paperback formats

Expense fraud
Aug 08

Expense Fraud: An Honest Theft

By Charles Hall | Asset Misappropriation

Honest people steal. Nice, innocent looking people take money that’s not theirs. How? One way is expense fraud.

The Honest Person’s Fraud

Expense fraud is one of the most common frauds. While the damage is usually low, this theft is pervasive in most businesses.

Expense fraud

I teach a college Bible study, and in it, I sometimes talk about “acceptable sins,” things like gossip, impatience, anger. My point is they are all issues and not acceptable, but we like to pawn them off as being okay–especially when it’s me that’s angry.

Likewise, expense report fraud is often viewed as acceptable, at least when it’s within bounds. But we all know fraud is fraud. The taking of something that does not belong to us is theft. But, I must say, it is so human to fudge on expense reports. We think things like: If I drove 355 miles, isn’t it okay to round up to 375? After all, I forgot to turn on my distance gauge until I was at least three miles out of town. Such rationalizations are easy to come by.

It always amazes me that executives–making six figures–are willing to jeopardize their positions for a few measly dollars. But C-suite employees commit expense report fraud just like new-hires. You might remember the Health and Human Services Secretary once resigned over questions about travel. While the Secretary was not accused of expense report fraud, it’s an example of how powerful people can abuse the use of travel privileges and, in this case, cost his employer (the federal government) money.

So how do people inflate their expense reports?

  • Inflating mileage
  • Filing the same receipt multiple times
  • Asking for advances and then requesting a second payment after returning from the trip
  • Submitting receipts of a nonemployee (e.g., spouse)
  • Submitting hotel reservation printouts (with projected cost) but not spending the night there

The Control Weakness

Usually, the weakness is that no one is properly reviewing the expense reports. Also, the company may not appropriately communicate the penalties (what happens when fraud is detected) for false reporting.

Correcting the Control Weakness

Create a written expense report policy that all employees sign, acknowledging their agreement to abide by the guidance.

The person reviewing the expense reports should be trained. He needs to know what is acceptable–and what is not. And most importantly, the person reviewing expense reports must be supported by the leadership of the entity–he has to know that the CEO or board chair has his back. (It’s difficult to stand up to high-level employees unless the reviewer knows the leader supports him.)

See a list of my other fraud-related articles.

1 2 3 10
>