As businesses grow, the risk of theft increases. In this post, I offer ten powerful steps to reduce fraud.
Windows open. Curtains blowing. The sound of crickets and an occasional train in the distance. It was a simple childhood. It was my childhood. My mother parked her black Ford Falcon and left the keys in the ignition. The doors to our home were unlocked. We trusted our neighbors and they trusted us. And why would we not? We’d known each other forever.
But then one night at the dinner table, my father said, “someone stole Miss Gussie’s Chevy.” Unthinkable. Our innocence was broken, and soon my mother took precautionary measures. Each evening, after parking, she would place the car keys under the car seat. No need to take chances. We began to close the windows at night, but still, the back door was left unlocked in case my father needed to go out for a smoke.
A couple of months later, I overheard my mother whispering to my grandmother that a man slithered into Miss Kidd’s house in the dead of night and had taken valuables. Miss Kidd lived diagonally from our home, just a stone’s throw away. To think that someone just walked–unannounced–into the octogenarian’s home. How could this be?
Fear was palpable. Our neighborhood’s character shifted. No longer would Mom leave the keys in the car. No longer would we leave the windows open. No more cricket sounds. And my father even locked the back door.
Safely we would sleep, not because there were no threats, but because of protection.Continue reading
As auditors perform their fraud brainstorming, it helps to have ideas to consider. So today I provide you with 25 ways fraud happens.
25 Ways Fraud Happens
Here’s a list of common company thefts:
Collection clerk steals cash prior to recording it
Collection clerk steals cash after recording a customer receipt; he voids the receipt and adjusts (writes down) the customer’s account
Collection clerk places a personal check (for $5,000) in the cash drawer and takes an equivalent amount of cash; the clerk leaves the check in the drawer for months—in effect the clerk has an unauthorized loan
The cash collections supervisor steals cash after receiving funds from collection clerks but before the money is deposited; she adjusts the related bank reconciliation by the amount stolen
The person opening the mail steals checks before they are receipted; these amounts had not previously been recorded as a receivable
Employees steal capital assets (knowing that no one performs periodic inventories)
Employees use company credit cards for personal purchases but code the transactions as company expenses
Accounts payable clerks cut checks to themselves (or to an accomplice) but record the check as company expenses; the check signatures are forged
Accounts payable clerks establish fictitious vendors using their own addresses, a P.O. Box, or that of an accomplice; payments are made to the fictitious vendor and covered up with fictitious invoices; the checks are signed electronically as they are printed
Accounts payable employee intentionally double-pays an invoice, then requests that the vendor refund the extra payment (with the refund going directly to the payable clerk)—check is converted to personal use
Payroll personnel increase the pay rate—in the master pay rate file—for themselves or for friends working in the company
Payroll personnel pay themselves (or friends) twice for each payroll
Payroll personnel purposefully overpay withholding taxes and inflate the withholding amount on their own W-2, resulting a tax refund that includes the excess payments
Purchasing department personnel are bribed by a vendor; the vendor recoups the bribe costs by inflating its subsequent invoices
State, city, county elected officials are bribed; the vendor recoups the bribe costs by inflating its subsequent invoices
Vendors give favors (e.g., free vacations) to those with the power to buy—commonly called a gratuity; vendor recoups the cost of the favors by inflating its subsequent invoices
CEO orders accounts payable staff to make payments to himself (with an implied threat); payments are coded in a manner that hides the payment
Money is wired by the CFO to the CFO but is recorded as a legitimate expense using a journal entry
Money is wired to the CFO who then leaves the country without trying to cover up the theft
The CEO or CFO makes payments to someone who is threatening their life or is blackmailing them; the expense is coded as legitimate
A secret bank account is opened in the name of the business by the CFO but the sole authorized check signer is the CFO; checks are made from a legitimate business bank account to the secret bank account; the CFO writes checks to himself from the secret account
A sales person steals rebate checks that belong to the company; she deposits the checks into her personal bank account by writing “pay to the order of…” on the back of the check
The payables clerk writes a manual check to himself and then records the check with a journal entry that reflects a legitimate vendor
The CFO inflates revenue at year-end with fictitious journal entries; stock prices go up; the CFO sells personally-owned company stock, then the CFO reverses the year-end accruals
The inventory clerk steals stock and covers the theft by altering the inventory records
Fraud Brainstorming for Auditors
In performing your fraud brainstorming, consider printing out this list and seeing if any of these thefts are relevant to your audit.
Do you know how to prevent payroll fraud? Today we take a look at how you can protect your business.
Direct deposit of payroll checks can open the door to theft. Also when one person is in control of payroll processes, danger lurks.
Picture is courtesy of DollarPhotoClub.com
I was teaching a fraud prevention class this past Friday, and one of the participants, a school payroll clerk named Dawn, asked me to address how fraud might occur in her department. So I asked her a series of questions.
“Does your school use direct deposit?” She answered yes.
“Do you fully control the issuance of W-2s?” Dawn said yes.
“Who adds the direct deposit information to your payroll software?” She answered, “I do.”
“Can anyone else change the direct deposit file?” Her answer was no.
“Who controls the master pay rate file?” Here again, she was the only one who had rights to this payroll function.
Then I asked Dawn if she reconciles the bank statement. She said that Randy, a gentleman sitting in front of her, reconciles the account. I was also told that they have hundreds of employees.
How Can Dawn Steal?
I told the class that a person in Dawn’s position could steal in multiple ways. Here are a few:
She can leave a terminated employee on the payroll and change that person’s bank account number to her own, allowing her to receive all payroll payments for the discontinued staff member. Then, she can also alter the related W-2s to cover her tracks.
She can change the master pay rate of any employee, including herself.
She can inflate the hours worked for any employee.
Prevent Payroll Fraud
After pointing out the flaws in internal control, I asked the class how they would reduce these threats. Angela (another student) sang out: “Create transparency by allowing another person to review or see what the payroll clerk is doing.” (This made me smile since I had been preaching this idea all morning.)
To lessen the threat of fraud, always ask, “how can I create transparency?” The answer will almost always involve allowing another individual to monitor the work of the primary persons in the process. And I am not proposing that this observing person be present 24/7—just that she periodically review the activity of the primary person (e.g., payroll clerk).
The monitoring person can be someone that works with the entity or someone from the outside (e.g., external CPA). Here are sample fraud prevention measures for the above-described threats:
Download all the payroll records, including each employee and direct deposit bank account number; sort for identical bank account numbers (a same bank account number may mean that a terminated employee was left on the payroll, and their deposits are being routed to another person such as the payroll clerk)
Have someone (other than the payroll clerk) pull the payroll personnel files for twenty employees and then compare the authorized pay rates (in the personnel file) to the payroll master file(in the software); tell the payroll clerk that this procedure will occur with some frequency and will happen without notice
For hourly employees, have someone (other than the payroll clerk) pull the reported hours for two departments and review for appropriateness; inquire of the department head regarding any higher-than-normal hours
Examine the W-2s of the payroll personnel
Print a budget to actual salary report or a current year/prior year comparison of wages; provide the same to the governing body
Report findings from these procedures to the governing body; do this at least once per year (regularity makes the payroll personnel think twice about theft)
By the way, the payroll clerk was the only person with access to the payroll master file. This is not necessarily a bad thing. You want to limit the number of persons with access to payroll master file, but a second person should monitor the payroll clerk’s inputs into the payroll software.
Is it possible to steal over $16 million from a bakery? You bet. Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.
Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?
He used the funds in the following ways:
$11 million on a Black American Express card
$1.2 million at Neiman Marcus in Dallas
532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
Wine collection (having an approximate value of $50,000)
Steinway electronic piano (having a value of $58,500)
223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
How the money was stolen
You might think that stealing $16 million would require an elaborate scheme. But did it?
Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.
The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.
The Weakness that Led to the Theft
No one was comparing the cleared check payees to the general ledger.
The Fix that Will Detect the Theft
Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check.
Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.
If you desire a preventive control, require a second-person review of canceled checks.
Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.
Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.
What Happened to Sandy Jenkins?
Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.
Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.
Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.
In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?
The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.
Low-Cost Fraud Prevention
First, let’s look at low-cost fraud prevention options:
Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
Provide monthly budget to actual reports to mayor and council
Provide monthly overtime summaries to mayor and council
Do not allow Dale to sign checks
Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
Require Mayor Chester and Dale to authorize any wire transfers
Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
Don’t provide Dale with a credit card
If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment
Higher Cost Fraud Fraud Prevention
Now let’s examine some higher cost options (that are probably more effective):
Have an outside CPA or CFE map your internal control system and make system-design recommendations
Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
Install a security camera to record all of Dale’s collection and receipting activity
Purchase fidelity bond to cover elected officials and Dale
Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.
Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.
Additional Fraud Prevention Resources
Click here for a list of local government controls to consider.