Category Archives for "Asset Misappropriation"

Oct 05

A Fraudster’s Refuge: The Appalachian Trail

By Charles Hall | Asset Misappropriation

Some fraudsters funnel money into fraudulent bank accounts. Today, I show you how one controller did so and walked away with millions.

A Fraudster's Refuge: The Appalachian Trail

 

The Theft

In May 2015 James Hammes was arrested for the theft of $8.7 million from his former employer, G&P Pepsi-Cola Bottlers. After Mr. Hammes was confronted about the theft in February 2009, he left his home and hid on the Appalachian Trail, which runs from Georgia to Maine. Hammes assumed a hiking name of “Bismarck” and spent several years on the popular trail. Fellow hikers enjoyed Bismarck since he seemed to be one of them.

How the Funds Were Stolen

The FBI reported the following:

Court documents show that Hammes’ embezzlement began around 1998. As a controller, he was responsible for all financial accounting and internal controls for his division, including supervising accounts payable to several hundred outside vendors. He carried out the fraud by establishing a new bank account for an existing vendor at a different bank. He then deposited hefty payments to that vendor—often $100,000 at a time—in the phantom account that he alone controlled. He then could transfer money from the phantom account to his personal accounts.

“He knew how to cover his tracks by manipulating audits and ledger entries,” Jones said. “He got away with it for so long because he knew how to manipulate his subordinates and how not to raise accounting red flags.”

So, Hammes opened a fraudulent bank account at another bank (one the company did not use) and deposited vendor checks into that account. Then he transferred funds out of the fraudulent bank account to himself.  Since he opened the account, he was the authorized check signer. Simple but effective.

The Weakness

If extra payments were made to vendors (and it appears that occurred), then the company may not have been reviewing vendor payments. If appropriate controls are not in place, it’s easy for a fraudster to make fraudulent vendor payments without detection, especially if hundreds of monthly checks are processed.

Also, it appears the company may have lacked sufficient segregation of duties since Hammes was able to disburse extra vendor payments without detection.

The Fix

Periodically, review the total payments made to each vendor. For example, generate the total monthly payments made to XYZ Company. Then compare the monthly payments over a two to three year period. If payments dramatically increase, then someone within the company may be making additional payments and stealing those checks. Or there may a legitimate reason for the increase. Either way, it’s wise to review vendor payments for anomalies. 

You might also contact your company’s bank (and other local banks) and ask for a list of accounts in your company’s name. Then compare that list to your general ledger to see if the accounts match. If mismatches are present (there’s bank account listed but no corresponding account in the general ledger), follow up to see why.

Positive pay is another strong payables processing control.

$16 million stolen from bakery
May 27

How $16 Million was Stolen from a Bakery

By Charles Hall | Asset Misappropriation

Is it possible to steal over $16 million from a bakery? You bet. Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.

The Theft

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

  • $11 million on a Black American Express card
  • $1.2 million at Neiman Marcus in Dallas
  • 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
  • Wine collection (having an approximate value of $50,000)
  • Steinway electronic piano (having a value of $58,500)
  • 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
  • 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
  • And more…

How the money was stolen

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

$16 million was stolen from bakery

The Weakness that Led to the Theft

No one was comparing the cleared check payees to the general ledger. 

The Fix that Will Detect the Theft

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, require a second-person review of canceled checks.

Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.

May 15

Fraudulent Payments Without Being on the Signature Card

By Charles Hall | Asset Misappropriation

Today I show you how bookkeepers can make fraudulent payments without being on the signature card.

Auditors often focus on authorized check signers when considering who can fraudulently disburse funds. But might it be possible to make payments without being on the bank’s signature card? The answer is yes. 

fraudulent payments without being on the signature card

Courtesy of a DollarPhoto.com

Fraudulent Payments without Being on the Signature Card

Here are a few ways to disburse funds without being on a signature card:

  1. Forgery
  2. Unsigned checks
  3. Wire transfer 
  4. Electronic bill pay 
  5. Signing checks with accounting software 
  6. Use of a signature stamp

1. Forgery

Since banks don’t usually inspect checks as they clear, a forged check will normally clear the bank.

2. Unsigned Checks

Again, since banks don’t normally inspect checks as they are processed, an unsigned check can clear the bank. (I saw one just last month.)

3. Wire Transfer

Many times–at the client’s direction–banks wire money with just one person’s approval. One nonprofit administrator stole $6.9 million in less than an hour because of this control weakness. 

I have also seen small-town business bookkeepers drop by a local bank and ask them to wire money. Banks, desiring to help their client, sometimes do.

Businesses should use the controls offered by banks. Otherwise, they might be on the hook for fraudulent wires.

4. Electronic Bill Pay

Anyone with the right passwords can make electronic bill payments to themselves or anyone else.

5. Signing Checks with Accounting Software

This one scares me the most.

Many businesses, in an effort to expedite the disbursement process, have authorized signatures embedded in the payables software, enabling the payables clerk to make a payment to anyone. If the payables clerk has access to check stock (and they usually do), watch out. Even if a second person is normally involved in processing checks with automatic signatures, how easy is it for the clerk to go by in the evenings and make fraudulent payments? This danger increases if the payables clerk also reconciles the bank account. Why? No second person is reviewing the cleared checks.

6. Use of a Signature Stamp

I cringe every time I see a signature stamp. Why not just ask the authorized signer to just sign plenty of blank checks? (Yes, I am being facetious.)

Just last year I worked on a case where the bookkeeper wrote manual checks to herself but entered payments in the general ledger to legitimate vendors for the same amounts. Why? To mask the payments.

Recipe for Disbursement Fraud

Give anyone (1) the ability to sign checks, (2) access to blank check stock, and (3) the ability to make the bookkeeping entry, and you have the recipe for theft–particularly if that same person reconciles the bank statement or if the person reconciling the bank statement does not examine the payee on cleared checks. If you can’t segregate duties (there are too few employees), here’s how to lessen segregation of duties problems in two easy steps

How to Audit Accounts Payable

Click here for detailed information about how to audit accounts payable and expenses.

receipt fraud test for auditors
Apr 03

Three Powerful Receipt-Fraud Tests (for Auditors)

By Charles Hall | Asset Misappropriation

Today I provide three receipt-fraud tests for auditors. 

The audit standards require that we introduce elements of unpredictability. Additionally, it’s wise to perform fraud tests. But I find that auditors struggle with brainstorming (required by AU-C 240, Consideration of Fraud in a Financial Statement Audit) and developing fraud tests. That’s why I wrote Five Disbursement Fraud TestsIt’s also why I am providing this post.

So, let’s jump in. Here are three receipt-fraud tests.

receipt-fraud tests for auditors

Three Receipt-Fraud Tests

1. Test adjustments made to receivables

Why test?

Receipt clerks sometimes steal collected monies and write off (or write down) the related receivable. Why does the clerk adjust the receivable? So the customer doesn’t receive a second bill for the funds stolen. 

How to test?

Obtain a download of receivable adjustments for a period (e.g., two weeks) and see if they were duly authorized. Review the activity with someone outside the receivables area (e.g., CFO) who is familiar with procedures but who has no access to cash collections.

If there are multiple persons with the ability to adjust receivable accounts (quite common in hospitals), compare weekly or monthly adjustments made by each employee.

Agree receipts with bank deposits.

2. Confirm rebate (or similar type) checks

Why test?

When rebate checks are not sent to a central location (e.g., receipting department), the risk of theft increases. Rebate checks are often not recorded as a receivable, so the company may not be aware of the amounts to be received. Stealing unaccrued receivable checks is easy.

How to test?

Determine which vendors provide rebate checks (or similar non-sales payments). Send confirmations to the vendors and compare the confirmed amounts with activity in the general ledger.

Theft of rebate checks is more common in larger organizations (e.g., hospitals) where checks are sometimes received by various executives. The executive receives a check in the mail and keeps it for a while (in his desk drawer – in case someone asks for it). Once he sees that no one is paying attention, he steals and converts the check to cash.

3. Search for off-the-book thefts of receipts

Why test?

The fraudster may bill for services through the company accounting system or an alternative set of accounting records and personally collect the payments.

How to test?

Compare revenues with prior years and investigate significant variances. Alternatively, start with source documents and walk a sample of transactions to revenue recognition, billing, and collection.

Here are a few examples of actual off-the-book thefts:

Police Chief Steals Cash

An auditor detected a decrease in police-fine revenue in a small city while performing audit planning analytics. Upon digging deeper, he discovered the police chief had two receipt books, one for checks that were appropriately deposited and a second for cash going into his pocket. Sometimes, even Andy Griffith steals.

Hospital CFO Steals Cash

hospital CFO, while performing reorganization procedures, set up a new bank account specifically for deposit of electronic Medicaid remittances. He established himself as the authorized bank account check-signer.

The CFO never set up the bank account in the general ledger. As the Medicaid money was electronically deposited, the CFO transferred the funds to himself.  What was the money used for? A beautiful home on Mobile Bay, new cars, and gambling trips.

Another Receipt Fraud to Consider

Sometimes it’s not the front-desk receipt clerk that steals. Surprisingly, your receipt supervisor can be on the take. So, consider that receipt theft takes place up-front and in the back-office.

College aid theft
Feb 05

College Aid Official Funnels Student Funds of $4.1 Million to Herself

By Charles Hall | Asset Misappropriation

Theft from colleges happens more than we think. After all, aren’t these guardians tasked with looking after our children? Even in places where we expect unselfishness, sometimes there’s a bad apple. Today, we review a fraud involving a college aid official. 

The Theft

When I was a student at the University of Georgia, I needed every dollar I could find. I ate my share of cheap hamburgers and peanut butter sandwiches. In the summers, I scouted peanuts and cotton to make ends meet. So when I see a college aid official stealing student money, I wince.

theft from colleges

Picture is courtesy of AdobeStock.com

A New York college aid administrator used a simple scheme to steal $4.1 million of student aid funds. How? She made out financial aid checks to nonexistent students and then endorsed them over to the name of an alias. The administrator set up a bank account in the name of the alias and deposited the checks into the bank account, allowing her to convert the checks to cash.

How long did the theft go on? Over ten years. The fraudster stole most of the money in the last two years of the scheme. As is often the case, the thief became bolder over time. 

How many fraudulent checks did she issue? Over 1,000, each to a different student.

How was the fraudster caught? A change in the accounting system required cross-referencing of financial records.

The Weakness

No one was comparing the checks written to student admission files. Legitimate students have admission and other information that can be used to verify the students’ existence.

The Fix

A person other than the financial aid administrator should compare the student name on the check to student files to verify the existence of the student. If this control can’t be performed for each disbursement, it should be performed on a sample basis, and the persons creating and signing the checks should know their work is being monitored.

This test could be performed by someone in the financial aid office or by an external professional such as a CPA or a Certified Fraud Examiner.

The college can request from the bank the endorsement side of the cleared checks. If the back side of the checks are obtained, then the endorsements can be examined for appropriateness.

Banks Not Providing Cleared Checks

In an effort to save money, some banks don’t provide cleared checks to their clients. And very few banks (if any) provide the copies of the back side of checks. From a fraud prevention perspective, this is not good. Why? Because checks and endorsements can’t be inspected for potentially fraudulent activity. At least periodically, request some endorsements and test those on a sample basis. (The bank may require you to pay for these copies.) Additionally, as I said in another post, someone should be comparing cleared check payees to the general ledger–if not for every check, then at least on a sample basis.

Free Fraud Course

Click here for free ten-day fraud course.

 

1 2 3 7
>