Category Archives for "Asset Misappropriation"

Wire Fraud Transfer
Nov 04

Wire Transfer Fraud: Prevent It

By Charles Hall | Asset Misappropriation

The Theft: Wire Transfer Fraud

In one of the simplest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to a private Austrian account. In this post, I’ll show you how wire transfer fraud occurs and how to prevent it.

Wire Fraud Transfer

Stealing a Cool $6.9 Million

The nonprofit administrator originated with the wire with a fax, taking less than an hour. Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. 

The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned in her husband. He later came back to the states of his own volition. I guess, after a few boat rides down the Danube, he missed his family. Did he go to jail? Yes.

The Internal Control Weakness

The nonprofit entity did not establish appropriate controls over cash wire transfers. One person (by himself) could move funds.

Preventing Wire Transfer Fraud

The fix for this weakness is to require (at least) two persons to consummate all wire transfers.  

As you think about wire transfers, consider that they can originate with:

  • Faxes,
  • Phone calls,
  • Personal visits to banks, and
  • Computers

Determine how your bank handles wire transfers, and craft your internal controls accordingly.

Prevention Steps

Organizations should do the following to mitigate wire transfer fraud:

  • Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  • Require two persons to consummate all wire transfers to external parties (an essential control in my opinion)
  • If the wire transfer request is made with a phone or fax, require the bank to call your organization back before the wire transfer is consummated
  • The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are required to make wire transfers)
  • Restrict bank accounts so that wire transfers can be made only to bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  • Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  • Require sufficient documentation for all wire transfer journal entries; require a second-person review of these entries
  • Consider using a dedicated computer for all wire transfers; do not use this machine for any other purpose (malware is often picked up by computers as users visit tainted websites)
  • Use all bank-provided wire transfer controls
  • Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

If you’re an auditor, consider–as you audit cash–whether these controls are in place.

As you can see, wire transfer fraud can be extremely damaging. Consider whether you have sufficient controls to prevent this theft. 

Skimming cash payments
Nov 02

Skimming Cash Payments: Prevent It

By Charles Hall | Asset Misappropriation

Skimming cash payments is a common theft, especially if receipting controls are lax. Here’s how the theft occurs and how you can prevent it.

The Theft: Skimming Cash Payments

Your cash clerk is skimming cash as it comes across the counter. He does so by:

  1. Not issuing a cash receipt, or
  2. By using a second cash receipts book

Theft of cash

In the first instance, the clerk knows which customers expect a receipt and which ones don’t. By not issuing a receipt he (the clerk) can put the cash in his pocket and–at the end of the day–walk out the door. He is careful to write off any related receivable (making an adjustment in the accounting system to reduce the customer’s receivable balance). As a result, the customer receives no bill for nonpayment. The clerk knows that no one–such as a supervisor–monitors receivable adjustments. Also, the business has no security camera.

In the second instance, the clerk has two physical receipt books, one for checks and one for cash (though everyone in the business thinks he has just one). The checks are deposited by the clerk into the business’ checking account and the cash is stolen. The customer receives a receipt whether he pays by check or cash and is unaware of the two receipt books. Again, the collections clerk writes off–by making an entry in the receivable software–the customer receivable. The result? The customer has a $0 balance and the clerk skims the cash.

The Internal Control Weakness

In the first instance (no receipt is issued), no one is monitoring the adjustments to the receivable accounts. And no one is tracking the receipt books issued (or being used). Also, the business has not installed a security camera to record the theft of funds by the clerk.

In the second instance (use of two receipt books), again, no one is monitoring the adjustments to the customer receivable accounts. And, again, there is no camera to record the use of the second receipt book.

Prevention of Cash Skimming

Have someone, such as a supervisor in the collections department or the controller outside the department, monitor daily adjustments to customer receivable accounts. The clerk should know that his receivables work (including any adjustments to receivables accounts) is being monitored. If the business is small, the owner should request a daily or weekly printout of all adjustments to the receivable accounts.

Install a camera to record all actions of your cash collection clerks.

These simple steps will greatly reduce the threat of clerks skimming cash payments.

Dangers of a Trusted Bookkeeper
Jul 10

The Dangers of a Trusted Bookkeeper

By Charles Hall | Asset Misappropriation

Many small businesses experience great harm because they do not understand the dangers of a trusted bookkeeper. This article explains why.

The Dangers of a Trusted Bookkeeper

So your company has a wonderful bookkeeper, Joan Hardison. Just last week you told your banker, “Joan is so good, I don’t have to even think about my bookkeeping.” But does your trust create potential dangers–some that might be significant?

Dangers of a Trusted Bookkeeper

Bookkeeping Password

Is Joan the only person with the password to your bookkeeping software? If yes, why? Oh, she’s trustworthy. I see. But can she control when she dies?

If Joan is hit by a bus and passes from this earth, can you access your bookkeeping information?

If your company has years of bookkeeping information and Joan is the only person with the password, then you may lose it all. Yes, you have the printed copies of your financial statements, but the details of your financial life may be lost forever. 

Intentional Destruction of Bookkeeping Information

Here’s another threat. Joan becomes angry.

Well, now she intentionally destroys your financial records. In some systems, this is as simple as hitting a delete key. So provide the bookkeeping password to an additional person such as the business owner (if the system does not allow for multiple users). If a bookkeeper leaves, remove that person from the system as soon as possible. Sabotage is an ugly thing. 

Also, consider the potential for harm if your bookkeeper is the administrator in your bookkeeping software. He or she controls who gets in and who can’t. It may be wise to make someone other than the bookkeeper the administrator, or–if the system allows–set up two administrators. Main point: Don’t allow one person (the bookkeeper) to control everything.

Additionally, back up your data, or use a cloud service that does this for you. 

The Threat of Theft

Oh, and here’s one more danger: Theft.

Many small businesses trust their bookkeeper too much, not reviewing what the person does. This is a recipe for fraud.

If your bookkeeper prints your checks, then she can write checks to herself, can she not? And if she alone reconciles the bank statement, then you really have a problem. She may be the only person that sees cleared checks. If you’re the business owner, you may be thinking, “But I’m the only authorized check signer.” Good luck with that. I’ve seen plenty of forged checks.

As I tell my clients, “Trust your mother but cut the deck.”

Too many small business owners fail to review the work of their bookkeepers, and these businesses often are not audited. Since the bookkeeper knows no one is watching (and that no one will), it’s easy to steal. What’s the solution?

While not a silver bullet, have the bank statements mailed to the small business owner (or someone other than the bookkeeper). Have this person open the bank statements and review the cleared checks. Thereafter, provide the bank statement to the bookkeeper. This simple step can save you. Now, the bookkeeper knows someone is paying attention, and your risk of theft is diminished. 

Summary

So, if you have a trusted bookkeeper, great! But you still need to do the following:

  • Provide the bookkeeping password to more than one person
  • Backup your bookkeeping information
  • Have your bank statements mailed to someone other than the bookkeeper

Go ahead. Lessen the dangers of a trusted bookkeeper. You’ll sleep better.

Click here for more articles about white-collar crime.

Theft of government property
Jun 29

Theft of Government Property: Stealing Tax Money

By Charles Hall | Asset Misappropriation

Theft of government property happens. Cash. Equipment. Vehicles. Inventory. You name it. Today, we take a look at how one elected governmental official took a substantial amount of cash.

Theft of Government Property

Some twenty years ago, I was working on an audit of a county tax commissioner’s office. We were noticing differences in the receipts and the cash collections.

Theft of government property
So one day I walk into the Tax Commissioner’s office. As I step in, I see several thousand dollars of cash laying on her desk. So, I remarked to her, “Haven’t made a deposit lately?” She laughed and said, “No, I’ve been too busy lately.”

I thought to myself, “Strange. She knows we’re here for the annual audit, and she has all this undeposited cash in open view. It’s as though she has no fear.”

The next day a gentleman comes into the room where we (the auditors) were working and whispers to me, “The Commissioner has a cocaine habit.” I did not know the fellow, so I wondered if the assertion had any merit. Regardless, this was shaping up to be an interesting audit.

The Damages

Our audit disclosed unaccounted-for funds of over $300,000 in the year one. Year two, the differences continued and exceeded $500,000. After three years, the unaccounted-for amount was in the $800,000 range.

Why was she not removed? Tax Commissioners are elected in Georgia, so the only person that could remove her was the governor. The local county commissioners could not dismiss her.

Finally, the FBI was brought in. But even they could not prove who was stealing the money. Why? The tax office had two cash drawers and eight clerks. All eight worked out of both drawers. So when cash went missing, you could not pin the differences on any one person.

In addition, the books were a disaster, postings were willy-nilly. There was no rhyme or reason–what I call “designed smoke.” The smoke covers up theft of government property.

The tax commissioner eventually went to prison for tax evasion. She made the mistake of depositing some of the stolen cash into her personal bank account, and the Feds were able to prove she had not reported the income.

Control Weakness Allowing Theft of Government Property

The primary weakness was the lack of design in the collection process. Two or more people should never work from one cash drawer. Deposits were not timely made (and in many cases, not made at all). And then the books (mainly the tax digest) was not appropriately posted as collections were received.

So, let’s see how to lessen theft of government property.

Fixing the Control Weakness

The primary fix was to remove the tax commissioner.

Next, each cash drawer should be assigned to only one person at a time.

Cash receipts should be written and the tax digest should be posted as tax payments are received.

Finally, deposits should be made daily.

altered check payees
May 18

Altered Checks: A Fraud Scheme

By Charles Hall | Asset Misappropriation

Some fraudsters steal money with altered check payees.

As a kid I once threw a match in a half-gallon of gasoline—just to see what would happen. I quickly found out. In a panic, I kicked the gas container—a plastic milk jug—several times, thinking this would somehow kill the fire. But just the opposite happened. And when my father found out, something else was on fire.

Some accounting weaknesses create unintended consequences. Show me an accounting clerk who (1) can sign checks (whether by hand, with a signature stamp, or with a computer-generated signature), (2) posts transactions to the accounting system, and (3) reconciles the bank account, and I will show you another combustible situation. Here’s how one city clerk created her own blaze.

Altered Check Example

Using the city’s signature stamp, the clerk signed handwritten checks made out to herself; however, when the payee name was entered into the general ledger (with a journal entry), another name was used—usually that of a legitimate vendor.

altered check payees

 

For example, Susie, the clerk, created manual checks made out to herself and signed them with the signature stamp. But the check payee was entered into the accounting system as Macon Hardware (for example). Also, she allocated the disbursements to accounts with sufficient remaining budgetary balances. The subterfuge worked as the expense accounts reflected appropriate vendor activity and expenses stayed within the budgetary appropriations. No red flags.

The accounting clerk, when confronted with evidence of her deception, responded, “I don’t know why I did it, I didn’t need the money.” We do a disservice to accounting employees when we make it so easy to steal. Given human nature, we should do what we can to limit the temptation.

How?

Controls to Lessen Check Fraud

First, if possible, segregate the disbursement duties so that only one person performs each of the following:

• Creating checks
• Signing checks
• Reconciling bank statements
• Entering checks into the general ledger

If you can’t segregate duties, have someone (the Mayor, a non-accounting employee, or an outside CPA) review cleared checks for appropriateness.

Secondly, have a second person approve all journal entries. False journal entries can used to hide theft. With sleight of hand, the city clerk made improper journal entries such as:

                                                Dr.                 Cr.

Supply Expense              $5,234

Cash                                                        $5,234

 

The check was made out to Susie, but the transaction was, in this example, coded as a supply expense paid to Macon Hardware. You can lessen the risk of fraud by preventing improper journal entries.

Thirdly, restrict access to check stock. It’s wise to keep blank check stock locked up until needed.

Finally, limit who can sign checks, and deep-six the signature stamp.

A Fraud Test for Auditors

Here’s a word to external auditors looking for a fraud test idea (or those just looking for check fraud): Consider testing a random sample of cleared checks by agreeing them to related invoices.

Work from the cleared check to the invoice. It is best for the auditor to pull the invoices from the invoice file; if you ask someone in accounting to pull the invoices, that person might create fictitious invoices to support your list (not hard to do these days). If the payee has been altered, you will, in many cases, not find a corresponding invoice. Pay particular attention to checks with company employees on the payee line.

Click here for more white-collar crime examples.

1 4 5 6
>