Category Archives for "Asset Misappropriation"

Fraudster’s refuge
Apr 17

Fake Bank Accounts and the Appalachian Trail

By Charles Hall | Asset Misappropriation

Some fraudsters funnel money into fake bank accounts. Today, I show you how one controller did so and walked away with millions—and then hid on the Appalachian Trail.

Fake bank accounts

Fake Bank Account

In May 2015 James Hammes was arrested for the theft of $8.7 million from his former employer, G&P Pepsi-Cola Bottlers. After Mr. Hammes was confronted about the theft in February 2009, he left his home and hid on the Appalachian Trail, which runs from Georgia to Maine. Hammes assumed a hiking name of “Bismarck” and spent several years on the popular trail. Fellow hikers enjoyed Bismarck since he seemed to be one of them.

So how did he steal the money?

How the Funds Were Stolen

The FBI reported the following:

Court documents show that Hammes’ embezzlement began around 1998. As a controller, he was responsible for all financial accounting and internal controls for his division, including supervising accounts payable to several hundred outside vendors. He carried out the fraud by establishing a new bank account for an existing vendor at a different bank. He then deposited hefty payments to that vendor—often $100,000 at a time—in the phantom account that he alone controlled. He then could transfer money from the phantom account to his personal accounts.

“He knew how to cover his tracks by manipulating audits and ledger entries,” Jones said. “He got away with it for so long because he knew how to manipulate his subordinates and how not to raise accounting red flags.”

So, Hammes opened a fraudulent bank account at a bank that the vendor did not use and deposited vendor checks into that account. Then he transferred funds out of the fraudulent bank account to himself. Since he opened the account, he was the authorized check signer. Simple but effective.

You may be wondering how the theft could occur so long without detection.

Vendor Payment Controls Lacking

If extra payments were made to vendors (and it appears that occurred), then the company may not have been reviewing vendor payments. If appropriate controls are not in place, it’s easy for a fraudster to make fraudulent vendor payments without detection, especially if hundreds of monthly checks are processed.

Also, it appears the company may have lacked sufficient segregation of duties since Hammes was able to disburse extra vendor payments without detection.

Vendor Payment Controls

Periodically, review the total payments made to each vendor. For example, generate the total monthly payments made to XYZ Company. Then compare the monthly payments over a two to three year period. If payments increase greatly, then someone within the company may be making additional payments and stealing those checks. Or there may a legitimate reason for the increase. Either way, it’s wise to review vendor payments for anomalies. 

Another test you can perform is to look for multiple addresses for the same vendor. There may be legitimate reasons for more than one address, but you want to create a list of vendor addresses and verify that they are appropriate. The same is true for electronic vendor payments: see if there are multiple bank accounts you are wiring payments to. Then determine if these are appropriate. Additionally, obtain the physical address of each vendor and determine if the company is real. Do not accept P.O. Box addresses for verification purposes; again, you need to know if the company exists. (See my article Fictitious Vendor Fraud: Preventing It.)

If your company pays hundreds of vendors, you may want your internal audit (or external auditors) to periodically test vendor payments for appropriateness. Tell your payables personnel this will be done from time to time on a surprise basis. This will help keep them honest.

Maybe with these controls, you can prevent payments to fake bank accounts and keep your employees off the Appalachian Trail.

For more information about auditing payables, see my article Auditing Accounts Payable and Expenses: A Guide.

Fictitious Vendor Transfer
Oct 03

Fictitious Vendor Fraud: Preventing It

By Charles Hall | Asset Misappropriation

Fictitious vendor fraud is one of the most dangerous ways employees steal. Today we look at how this theft works and how to prevent it. I’ll conclude with a video explanation of fictitious vendor fraud.

The Theft

Your accounts payable director (Susie Jones) sets up a fictitious vendor: ABC Project Management. Susie keys the new vendor into the payables system using her sister’s—Joan Albert—personal home address. (The payables director is the only person tasked with reviewing new vendors.) Susie also creates fictitious consulting invoices to support payments made to ABC Project Management.

Fictitious Vendor Transfer

The computer signs the checks. Therefore, no one reviews the invoice prior to physically signing a check. Joan receives the signed checks through the mail.

Joan opens a bank account in the name of ABC Project Management. She is the sole authorized signer. She deposits the ABC Project Management checks into the new bank account. Then, she writes checks—from the ABC Project Management bank account—to herself and Susie.

The Weakness

What’s the weakness? Susie is the only person reviewing new vendors for appropriateness. No one outside of the accounts payable department is performing periodic reviews of the vendor files.

The Fix

If possible, have the company’s computer system automatically email Susie and the controller (a person outside of the accounts payable department) each time a new vendor is added. The email should provide the name and address of each new vendor, and the name of the person that made the addition.

Require the accounts payable department to archive vendor verification documentation such as:

  • Google search for the business
  • Google search using the vendor address (Google often provides a picture of the location)
  • Phone call made by an accounts payable employee to the new vendor
  • Physical visit to the vendor’s business

Additionally, the company can also compare payroll addresses to vendor addresses using software packages such as IDEA or ACL. (Sometimes an employee will use their personal address in a vendor fraud such as the one above, rather than that of an accomplice such as a sister.)

Also, ask an outside CPA or Certified Fraud Examiner to sample and verify selected vendors. Accounts payable personnel are less likely to steal when you consistently perform such tests.

For more information, read my article about auditing accounts payable.

Explanation of Fictitious Vendor Fraud

$16 million stolen from bakery
Jul 01

Collin Street Bakery Suffers $16 Million Fraud

By Charles Hall | Asset Misappropriation

Sandy Jenkins, a controller, stole $16 million from the Collin Street Bakery. You read that right. A bakery.

Today I show you how large sums of money can be taken from a small business with one simple fraud scheme.

The Collin Street Bakery Theft

Sandy Jenkins, the controller of Collin Street Bakery in Corsicana, Texas, made off with more than just fruitcakes. He took over $16 million, so says the FBI. And what did Mr. Jenkins do with the money?

He used the funds in the following ways:

  • $11 million on a Black American Express card
  • $1.2 million at Neiman Marcus in Dallas
  • 532 luxury items, including 41 bracelets, 15 pairs of cufflinks, 21 pairs of earrings, 16 furs, 61 handbags, 45 necklaces, 9 sets of pearls, 55 rings, and 98 watches (having an approximate value of $3.5 million)
  • Wine collection (having an approximate value of $50,000)
  • Steinway electronic piano (having a value of $58,500)
  • 223 trips on private jets (primarily Santa Fe, New Mexico; Aspen, Colorado; and Napa, California, among other places), with a total cost that exceeded $3.3 million
  • 38 vehicles, including many Lexus automobiles, a Mercedes Benz, a Bentley, and a Porsche
  • And more…

How the money was stolen

You might think that stealing $16 million would require an elaborate scheme. But did it? 

Here’s an example of his method: Jenkins would print a check to his personal credit card company, but he would void the check in the accounting system. (He still had the printed check.) Then, he would generate a second check for the same amount to a legitimate vendor, but the second check was never mailed. Next, Jenkins would send the first check to his credit card company.

The result: Jenkins’ credit card was paid, but the general ledger reflected a payment to an appropriate vendor.

Collin Street Bakery

The Weakness that Led to the Collin Street Bakery Theft

No one was comparing the cleared check payees to the general ledger. (The Collin Street Bakery is not the only business that has suffered from this type of fraud; see my previous article titled Fraudsters Writing Checks to Themselves. And another article tells other ways employees steal without being on the signature card.)

The Fix that Will Detect the Theft

Someone other than those who create checks should reconcile the bank statements to the general ledger. As they do, they should compare the cleared check payees to the vendor name in the accounting system. Some businesses have hundreds (or even thousands of checks) clearing monthly. Therefore, they may not desire to examine every cleared check. 

Alternatively, the business could periodically sample the cleared checks, comparing the cleared checks to the vendor payments in the general ledger. The persons creating checks should know that this test work will be performed. Doing so creates the camera effect. When people know their actions (in this case, the creation of checks) will be examined, they act differently–they are much less likely to steal.

If you desire a preventive control, require a second-person review of canceled checks.

Additionally, someone should be reviewing the profit margins of the company, comparing the ratios with prior periods.

Lastly, when segregation of duties is not possible, have the bank statements mailed to someone outside the accounting department such as an owner. That person should review the cleared checks before providing them to the accounting department. Alternatively, provide online access to the reviewing person. The reviewer should examine the cleared checks and provide documentation of his or her examination to the accounting department.

What Happened to Sandy Jenkins?

Sandy Jenkins was sentenced by U.S. District Judge Ed Kinkeade to serve a total of 120 months in federal prison. His wife, Kay Jenkins also pleaded guilty to one count of conspiracy to commit money laundering. Ms. Jenkins was sentenced to five years of probation.

In March 2019, Sandy Jenkins passed away in a federal prison.

Forthcoming Movie

You may be familiar with the movie Catch Me If You Can which chronicled the exploits of Frank Abagnale, one of the most brilliant cons of all time. Now, it appears there will be a new movie about another: Sandy Jenkins. 

receipt fraud test for auditors
May 08

Three Receipt Fraud Tests

By Charles Hall | Asset Misappropriation

Today I provide three receipt-fraud tests for auditors. 

The audit standards require that we introduce elements of unpredictability. Additionally, it’s wise to perform fraud tests. But I find that auditors struggle with brainstorming (required by AU-C 240, Consideration of Fraud in a Financial Statement Audit) and developing fraud tests. That’s why I wrote Five Disbursement Fraud TestsIt’s also why I am providing this post.

So, let’s jump in. Here are three receipt-fraud tests.

receipt-fraud tests for auditors

Three Receipt-Fraud Tests

1. Test adjustments made to receivables

Why test?

Receipt clerks sometimes steal collected monies and write off (or write down) the related receivable. Why does the clerk adjust the receivable? So the customer doesn’t receive a second bill for the funds stolen. 

How to test?

Obtain a download of receivable adjustments for a period (e.g., two weeks) and see if they were duly authorized. Review the activity with someone outside the receivables area (e.g., CFO) who is familiar with procedures but who has no access to cash collections.

If there are multiple persons with the ability to adjust receivable accounts (quite common in hospitals), compare weekly or monthly adjustments made by each employee.

Agree receipts with bank deposits.

2. Confirm rebate (or similar type) checks

Why test?

When rebate checks are not sent to a central location (e.g., receipting department), the risk of theft increases. Rebate checks are often not recorded as a receivable, so the company may not be aware of the amounts to be received. Stealing unaccrued receivable checks is easy.

How to test?

Determine which vendors provide rebate checks (or similar non-sales payments). Send confirmations to the vendors and compare the confirmed amounts with activity in the general ledger.

Theft of rebate checks is more common in larger organizations (e.g., hospitals) where checks are sometimes received by various executives. The executive receives a check in the mail and keeps it for a while (in his desk drawer – in case someone asks for it). Once he sees that no one is paying attention, he steals and converts the check to cash.

3. Search for off-the-book thefts of receipts

Why test?

The fraudster may bill for services through the company accounting system or an alternative set of accounting records and personally collect the payments.

How to test?

Compare revenues with prior years and investigate significant variances. Alternatively, start with source documents and walk a sample of transactions to revenue recognition, billing, and collection.

Here are a few examples of actual off-the-book thefts:

Police Chief Steals Cash

An auditor detected a decrease in police-fine revenue in a small city while performing audit planning analytics. Upon digging deeper, he discovered the police chief had two receipt books, one for checks that were appropriately deposited and a second for cash going into his pocket. Sometimes, even Andy Griffith steals.

Hospital CFO Steals Cash

hospital CFO, while performing reorganization procedures, set up a new bank account specifically for deposit of electronic Medicaid remittances. He established himself as the authorized bank account check-signer.

The CFO never set up the bank account in the general ledger. As the Medicaid money was electronically deposited, the CFO transferred the funds to himself.  What was the money used for? A beautiful home on Mobile Bay, new cars, and gambling trips.

Another Receipt Fraud to Consider

Sometimes it’s not the front-desk receipt clerk that steals. Surprisingly, your receipt supervisor can be on the take. So, consider that receipt theft takes place up-front and in the back-office.

College theft
Feb 05

College Theft of Funds: Official Steals $4.1 Million

By Charles Hall | Asset Misappropriation

College theft happens more than we think. After all, aren’t these guardians tasked with looking after our children? Even in places where we expect unselfishness, sometimes there’s a bad apple. Today, we review a theft of funds involving a college aid official. 

College Theft

When I was a student at the University of Georgia, I needed every dollar I could find. I ate my share of cheap hamburgers and peanut butter sandwiches. In the summers, I scouted peanuts and cotton to make ends meet. So when I see a college aid official stealing student money, I wince. College theft hurts the needy.

College theft

A New York college aid administrator used a simple scheme to steal $4.1 million of student aid funds. How? She made out financial aid checks to nonexistent students and then endorsed them over to the name of an alias. The administrator set up a bank account in the name of the alias and deposited the checks into the bank account, allowing her to convert the checks to cash.

How long did the theft go on? Over ten years. The fraudster stole most of the money in the last two years of the scheme. As is often the case, the thief became bolder over time. 

How many fraudulent checks did she issue? Over 1,000, each to a different student.

How was the fraudster caught? A change in the accounting system required cross-referencing of financial records.

College Theft of Funds Control Weaknesses

No one was comparing the checks written to student admission files. Legitimate students have admission and other information that can be used to verify the students’ existence.

So let’s see how to reduce college theft.

Decreasing College Theft

A person other than the financial aid administrator should compare the student name on the check to student files to verify the existence of the student. If this control can’t be performed for each disbursement, it should be performed on a sample basis, and the persons creating and signing the checks should know their work is being monitored.

This test could be performed by someone in the financial aid office or by an external professional such as a CPA or a Certified Fraud Examiner.

The college can request from the bank the endorsement side of the cleared checks. If the back side of the checks are obtained, then the endorsements can be examined for appropriateness.

Banks Not Providing Cleared Checks

In an effort to save money, some banks don’t provide cleared checks to their clients. And very few banks (if any) provide the copies of the back side of checks. From a fraud prevention perspective, this is not good. Why? Because checks and endorsements can’t be inspected for potentially fraudulent activity. At least periodically, request some endorsements and test those on a sample basis. (The bank may require you to pay for these copies.) Additionally, as I said in another post, someone should be comparing cleared check payees to the general ledger–if not for every check, then at least on a sample basis.

Free Fraud Course

Click here for free ten-day fraud course.

1 2 3 6
>