Mastering Internal Controls
and Fraud Prevention
American Institute of
Professional Bookkeepers
© American Institute of Professional Bookkeepers, 2010
Mastering Internal Controls and Fraud Prevention
Terminology
Helpful definitions
 Bribery—money or favors offered or
given to influence the conduct or views
of a person in a position of trust
 Consent decree—an agreement between
two parties sanctioned by the court
Example: A company or individual
consents (agrees) to stop questionable
practices without admitting guilt
Mastering Internal Controls and Fraud Prevention
Terminology
 Counterfeit—a copy of a valid license,
written authorization or legal tender
(money) intended to defraud
 Embezzling—misappropriation of another’s
property (almost always money) for
personal use in violation of trust
 Forgery—A false document, or a valid one
altered, with the intent to deceive—such
as an altered check or credit card
Mastering Internal Controls and Fraud Prevention
Terminology
 Fraud—intentional deception perpetrated
to secure unfair or unlawful gain
 Larceny—unlawfully taking something—
i.e., stealing. If the stolen item(s) are of
great value, such as a large amount of
money, it is grand larceny
 Prima facie evidence—evidence that
appears to be sufficient to establish facts
unless rebutted, such as a person found at
a murder scene holding a weapon
Mastering Internal Controls and Fraud Prevention
Terminology
 Subrogation—substitution of one entity or
person for another.
Example: Under subrogation, when an
employer discovers that a bonded
employee has embezzled funds, the
insurance company takes the place of the
employer to obtain return of the funds
Mastering Internal Controls and Fraud Prevention
Four Types of Noncash Theft
1. Unconcealed larceny
(theft of physical assets)
2. Falsified shipping or
receiving reports
3. Fraudulent shipments
4. Fraudulent write-offs
Mastering Internal Controls and Fraud Prevention
Unconcealed Larceny
Review: Larceny is unlawfully taking
something from another entity or person
 Why is unconcealed larceny not reported?






People assume that co-workers are honest
Loyalty to friends
Seeing the world as management vs. labor
Poor channels of communication
Personal involvement in the theft
Fear of job loss if the thief is a superior
Mastering Internal Controls and Fraud Prevention
Falsified Receiving/Shipping Reports
The most common kinds of theft:
 Receiving reports—normal goods are
reported as defective to cover up theft
 Shipping reports—goods are shipped to
a cohort’s home or business address
Example: The thief puts an accomplice’s
address on the shipping report
Retailer example: Same scheme—the goods
are then “returned” for cash
Mastering Internal Controls and Fraud Prevention
Fraudulent Write-offs
Fraudulent write-offs can take many forms:
 Forcing the reconciliation of accounts
Example: Stealing goods, then covering
up the theft with a journal entry, such as:
COGS
Inventory
XXX
XXX
 Altering inventory records
Example: The thief overstates the physical count
of goods on hand to match the altered records,
thus covering up the theft
Mastering Internal Controls and Fraud Prevention
Fraudulent Write-offs
 Creating a fictitious sales order
Example: The thief records a fictitious sale,
then covers up the unpaid order by debiting
the amount to:
 an overdue A/R, or
 Discounts and Allowances
 Bad Debt
 Inventory Shortage Expense
 Writing off good inventory as scrap, then
taking it home, or selling it and keeping
the cash, or giving it to an accomplice
Mastering Internal Controls and Fraud Prevention
When there is no centralized department
to receive and store merchandise
Mastering Internal Controls and Fraud Prevention
Red Flags of Inventory Theft
These include (see workbook pages 3-4):
 High levels of inventory shrinkage
 Frequent customer complaints about shipment
shortages
 Unsupported adjustments to perpetual
inventory records
 Excessive purchases of materials or
merchandise
 An unexplained increase in COGS as a
percentage of sales
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
1. Proper documentation, properly monitored
 Purchase orders, receiving reports, sales
orders, and shipping documents should be
pre-numbered and the numerical sequence
monitored
 Shipping documents should require a sales
order
 Paying an invoice should require supporting
documents—a purchase order and receiving
report
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
2. A system for storing and counting inventory:
 Periodic physical counts of all inventory
 Instructions on how to account for missing,
unused and voided tags
 A practical system for describing/identifying
inventory
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
3. Segregation of duties
 Different employees should be responsible
for authorization v. recordkeeping v. custody
of assets
Examples:
•
•
An employee authorized to initiate a purchase
order cannot record the purchase and cannot
receive the goods or pay the invoice
An employee working in the warehouse cannot
have authority to initiate a sales order and
cannot record incoming or outgoing inventory
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
3. Segregation of duties
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
4. Physical safeguards
 Lock up valuable inventory
 Restrict access to only authorized parties
 Consider adding cameras, guards and
electronic access logs
Mastering Internal Controls and Fraud Prevention
Five Inventory Internal Controls
5. Analytical reviews—periodic checks of:
 COGS as a percentage of Sales (is it higher?)
 Percentage gross margin [Sales – COGS] 
Sales (how does it compare to last period?)
 Inventory turnover rate [COGS  Avg. Inv.]
(how does it compare to last period?)
 Cost per unit (how does it compare to
previous periods?)
Mastering Internal Controls and Fraud Prevention
Which Employees May Steal?
Experience shows that the employees likely
to steal often:
 Express deep-seated resentment
 Have an inexplicably lavish lifestyle
 Have addictions (gambling, drugs, alcohol)
 Are overextended (indicated by frequent phone
calls from creditors)
Mastering Internal Controls and Fraud Prevention
Which Employees May Steal?
Pressure
Addictions
Opportunity
Poor internal
controls
Overextended
Justification
Perceived
mistreatment
Mastering Internal Controls and Fraud Prevention
How to Prevent Employee Theft
To prevent employee theft:
 Do not hire high-risk applicants
 Verify past employment
• Ask whether the person is eligible to be rehired
Obtain a candidate’s written consent before checking
 Check for criminal convictions
•
If Nexis or ChoicePoint does not have information,
go to the county courthouse and check the
criminal records in the criminal courts division
Mastering Internal Controls and Fraud Prevention
How to Prevent Employee Theft
 Require drug screening of applicants—and possibly
current employees
Consult a labor lawyer before implementing
 Check references—actually call each one
 Verify degrees, certifications and licenses
Mastering Internal Controls and Fraud Prevention
How to Prevent Employee Theft
 Perform internal audits and always include:





Expense reports
Purchasing records
Sales records
Cash accounts
Customer complaints
 Have the audit performed by someone who does
not handle the records audited
Mastering Internal Controls and Fraud Prevention
Protection Against Employee Theft
Theft insurance, fidelity bonds, covers:
 Routine theft and embezzlement
 Commercial bribery and stock fraud
 Lost earnings from theft of lists
Optional riders may cover losses from:
 Counterfeit paper currency/money orders
 Forgery (deposits, credit cards, computer)
Your company must prove that:
 Fraud was the cause of the losses claimed
 There is an identified suspect
Mastering Internal Controls and Fraud Prevention
Protection Against Employee Theft
The policy’s subrogation provision guarantees the
insurer:
 The right to sue the wrongdoer
 No interference with the right to sue
 No settlement without the insurer’s consent
Funds collected in excess of the policy amount are
paid to the insured (your firm)
Mastering Internal Controls and Fraud Prevention
Signs of Employee Theft
Typical signs of theft
 An A/R balance does not equal the sum of the
subsidiary A/R balances
 Slow collections or unusually high bad debt
write-offs
 Checking accounts do not reconcile
 Hard-copy files include copies, not originals
For a complete list, see workbook page 18
Mastering Internal Controls and Fraud Prevention
Fraud Controls in Very Small Firms
Controls for firms with 1 or 2 employees:
 Have tax and bank statements mailed to the
owner’s home
 Shuffle bank statement pages (to give the impression
that bank statements are reviewed)
 Involve the owner’s spouse




Spouses are less trusting of employees
Spouses are more curious about fraud
Spouse should attend the first internal controls meeting
If a spouse is replaced by an employee, beef up
controls
Mastering Internal Controls and Fraud Prevention
Check Fraud
The most common types:





Checks written on insufficient funds
Checks written on a closed account
Counterfeit checks
Forged checks from the employee’s company
Employee theft of vendor’s checks
Mastering Internal Controls and Fraud Prevention
Check Theft
The most common types:
 Checks or statements stolen (to order more with
the company image/logo)
 Check washing (payee and amount are erased
and new data inserted)
 Check stock with imprinted account data is
stolen
Mastering Internal Controls and Fraud Prevention
Check Fraud Schemes
The most common types:
 Check kiting
 Nonexistent funds are deposited, a check is written
on the account depositing the “funds” in another
bank, etc.
 Paperhangers
 Pass phony checks to distracted employees
requesting cash back
 Women with crying baby distracts employee
 Stop-payment orders
 Forged travelers’ checks—$100 common
Mastering Internal Controls and Fraud Prevention
Spotting Counterfeits
Signs that a check is counterfeit:
 A slick feel—because on color copies the print
is not raised as on genuine checks
 Lack of texture
 No watermark or micro printing or hologram
—even high-quality offset lithography may
lack one
Mastering Internal Controls and Fraud Prevention
New Check-Printing Technologies
New methods of printing help prevent fraud:
 Prismatic lithography—uses color patterns that
are difficult to separate (and hard to imitate)
 Scrambled indicia—uses a pattern of colored
dots that becomes a word when seen through a
colored filter
 Micro-line—uses a microscopic line of tiny letters
Mastering Internal Controls and Fraud Prevention
New Check-Printing Technologies
 Hologram—when a hologram on a check is
viewed from different angles, it changes
appearance and color
 Security seal on back—the seal becomes
visible when held up to the light
Mastering Internal Controls and Fraud Prevention
What to Look for
When reviewing cancelled company checks:
 Fan the checks to spot slightly different colors
 Investigate gaps in check numbering
 Investigate long-outstanding checks
 Investigate too many second endorsements
Mastering Internal Controls and Fraud Prevention
Employee Check Fraud
Employment taxes are a favorite target
 Ask the owner/spouse/outside bookkeeper to
check endorsements
 Be aware that an outside payroll service may
have a dishonest employee with access to
company financial data
For a complete list, see workbook pages 32
Mastering Internal Controls and Fraud Prevention
Customer Check Fraud
To prevent customer check fraud:
 Have a policy—e.g., employees must examine
each piece of customer ID, such as:
 Valid, signed driver’s license with recent photo
 A second photo ID (do not accept Social Security
cards, business cards, birth certificates, unsigned
credit cards)
 Use deterrents, such as
 The company check acceptance policy in plain view
 An electronic security system in plain view
Mastering Internal Controls and Fraud Prevention
Customer Check Fraud
Have a strict check acceptance policy
 Train employees on what to look for
 Have employees ask for additional ID or consult
supervisor if a customer is:
 Overly polite





Especially nervous
Aggressive
Hurried
Overly careful in signing a check
Tries to distract employee while writing check
Mastering Internal Controls and Fraud Prevention
Customer Check Fraud
Systems that help prevent fraud include:
 Bank verification, e.g., 900 numbers to call
 Shared information networks
 Check guarantors—typical charge, 1.5% –2.25%
Mastering Internal Controls and Fraud Prevention
Mastering Internal Controls and Fraud Prevention
Credit Card Fraud
To prevent fraud:
 Show employees
 How fraud schemes work
 How to spot counterfeit and forged credit
cards
 Establish a liaison with local law enforcement
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
The most common schemes are:
 Fraudulent advances or overpayments
 Using bad checks for advance payments on stolen
cards—then running up charges before the bad
check is discovered
 Shave and paste
 Shaving off the old letters/numbers on the card and
pasting on new ones
 De-emboss/re-emboss
 Flattening raised characters using heat and pressure,
then raising new characters with an embosser
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
 Counterfeit cards
 Cause the greatest losses
 Can be sophisticated
 Use a phony hologram
• Telltale sign: The hologram does not
change color when viewed from
different angles
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
 Credit card numbers—obtained through
fraudulent phone calls or mail order:
 “You have won a free trip—we must verify
your card number before sending it to you”
 “This is Visa. We have a report that your
card was stolen—please verify your card
number”
Mastering Internal Controls and Fraud Prevention
Schemes Using Lost or Stolen Cards
Other credit card fraud schemes:
 Sending out a false application for a credit card
to obtain personal data
 Intercepting a new card on route
 Obtaining a merchant number (by reading the
magnetic strip on a stolen card), then using this
number to obtain the balance on the card and
charging purchases to it (“skimming”).
For a complete list, see page 47 of your workbook.
Mastering Internal Controls and Fraud Prevention
Spotting Scams
Employees can be trained to:
 Spot customer behavior that may indicate
fraud (workbook page 48)
 Spot bad cards (page 49)
Mastering Internal Controls and Fraud Prevention
Checking a Visa Card
Ultraviolet-sensitive
dove is visible on the
face of the card when
placed under an
ultraviolet light.
The hologram , a flying
dove, should look threedimensional and seem to
move when the card is
tilted back and forth.
Embossed or printed
account number
must begin with “4.”
All digits must be
clear, even and of the
same size/shape. But
on a re-embossed
card, the numbers
may be fuzzy. Always
check the hologram
where it’s easier to
spot a re-embossed
number.
Visa logo should have
micro-printing around its
border. This printing is
barely readable without a
magnifying glass.
A four-digit number
must be printed
directly below the
account number and
match exactly the
first 4 digits of the
account number.
Both must begin
with “4.”
“Good thru” (or
“valid thru”). This
date, below the
account number, is
the card’s expiration
date. If today’s date
is later than this date,
the card has expired.
The flying “V” embossed
security character next to
the “Good Thru” date is
not a required security
feature and therefore
may not be on all cards.
Checking a MasterCard
1. The first four digits of the account number
must match the preprinted four-digit BIN
(bank identification number). All MasterCard
account numbers must start with “5.”
2. The last four digits of the account number
must match the four digits that appear on
the cardholder’s receipt.
3. The hologram, two globes with “MasterCard”
in the background, should look threedimensional. When rotated, the hologram
should reflect light and seem to move.
4. The stylized “MC” security feature has been
discontinued, but may continue to appear
on cards through June 01, 2010.
Checking a MasterCard
5. The signature panel has “MasterCard”
printed at a 45 angle in various colors.
Any tampering will smudge or erase some
of the letters. For swiped transactions,
compare the signature on the card with
the cardholder’s signature on the receipt.
6. On the signature panel, there are seven
digits—the first four must match the last
four of the account number. Slightly to
the right is a printed three-digit CVC2
(verification) number.
Checking an AMEX
1. The preprinted Identification Number (CID)
(verification number) is not embossed. It
should always appear above the account
number, on the right or left edge of the card.
2. All AMEX account numbers start with “3” in
clear, uniform, embossed numbers with the
same size and spacing. This number should
match the account number on the back of the
card—and the one on the printed receipt.
3. The centurion should be printed in the kind of
fine detail you see on U.S. currency When
viewed under ultraviolet light, the centurion
should be phosphorescent and you should see
the word “AMEX.”
4. Do not accept a card after its expiration date.
5. Only the person whose name is embossed on
the card may use it—no one else.
Checking an Amex Card
6. This statement gives American Express the
right to take possession of the card at any
time.
7. Some cards have a hologram of the American
Express image embedded in the magnetic
strip.
8. The signature panel should not be taped,
mutilated, erased or painted over. Check the
signature on the back of the card against the
one on the transaction receipt. If a customer
gives you an unsigned card, request a photo
ID with signature—then ask the customer to
sign the card and transaction receipt while
you hold the ID. (Check with management
before implementing this policy.)
Company Credit Cards
Certain policies can greatly reduce losses:
 No personal use unless authorized by company
 Employees must reimburse company for
personal charges promptly
 Unsubstantiated charges are deducted from pay
(consult a lawyer before implementing)
 Normal documentation must be submitted (not
just the charge slip)
 Stolen/lost cards must be reported within 3 days
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
Vendors cheat companies in many ways:
 Bribery
 Paying an employee to influence a purchase decision
 Inducing employees to act as vendor’s agent
• Employees have a legal obligation to act in the
employer’s best interests
• Employees must refrain from self-dealing or
using their position to further personal interests
at the employer’s expense
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
 Telemarketing fraud
 To prevent being scammed on advertising materials
• Check vendors with Better Business Bureau (BBB)
• Get customer references—ask for samples
• Do not be pressured into a purchase
• Get a contract with a small or no down payment
 To prevent being scammed on internet services:
• Shop around for access services and others
• Be suspicious of incredibly cheap offers
• Check terms
• Ask for free trials and samples of past work
• Consider local vendors (they rely on referrals)
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
 Paper and toner scams
 Do not remit payment until you know that your
company has received the items
 Designate one employee to be in charge of
ordering office supplies
 Beware of “last chance” offers
 Ask for a phone number and call it—if it is a
company, it should also have a switchboard
number with zeros—e.g., 555-5100
 If there is a dispute—put it in writing
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
 Loan scams
 Ask your company’s bank first—if it refuses, find
out what is needed to reverse the decision
 Be cautious of unsolicited offers—do not believe
loan ads regardless of credit problems
 Get all loan terms in writing before signing,
including payment schedule and interest rates
 Watch for red flags of a scam, such as:
• Upfront processing fees
• Application fees
• First-payment fees
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
 Buyers’ club scams
 Get details—be wary of upfront costs, such as a
welcome package for which you “just pay shipping
and handling”
 Comparison shop
 Be skeptical—just because the buyers’ club gives
you some financial data does not make it legitimate
 Watch for unauthorized charges—if you see one,
contact your credit card issuer immediately
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
Telemarketing scams law enforcement
 FTC laws enacted in 1995 require that:
 Salespeople must clearly identify themselves and
company by name and provide a phone number
 Vendors must provide certain services and
information before demanding payment
 Vendors may call only between 8 a.m. and 9 p.m.
 Vendors must provide details of the offer in “clear
and conspicuous” writing that is easy to understand
—before closing the sale
Mastering Internal Controls and Fraud Prevention
How Vendors Cheat You
Resources for checking out vendors:
 FBI lists of “Common Fraud Scams”
 Better Business Bureau (BBB) lists of companies
with customer complaints—and whether they
were resolved
 National Fraud Information Center (NFIC)
rankings of telemarketing, internet and other
frauds by frequency
 Federal Trade Commission (FTC)
Mastering Internal Controls and Fraud Prevention