Assignment 9c - Personal Pages Index
advertisement
ACCT341, Chapter 9, Reference 9c Assignment 9c 1. Read the article below entitled “Lapping It Up” by Joseph Wells. (A) Define lapping. (B) Why do virtually all lapping schemes eventually reveal themselves? (C) In the story, what were the: (1) incentives/pressure to commit the fraud. (2) opportunities to commit fraud (i.e. which controls were weak) (D) How was Nelson punished? 2. Read the article below entitled “. . . And One For Me” by Joseph Wells. (A) Define skimming. Give an example. (B) What are the three principal skimming targets? (C) In the story, what were the: (1) incentives/pressure to commit the fraud. (2) opportunities to commit fraud (i.e. which controls were weak) (D) How was Roger punished? 3. Read the article below entitled “Billing Schemes, Part 1: Shell Companies That Don’t Deliver” by Joseph Wells. (A) What steps need to be taken to create a “shell” company? (B) What are four billing ploys used by employees to cheat an employer? (C) In the story, what were the: (1) incentives/pressure to commit the fraud. (2) opportunities to commit fraud (i.e. which controls were weak) (D) What ended up happening to Stanley? 4. Read the article below entitled “Billing Schemes, Part 2: Pass-Throughs” by Joseph Wells. (A) In the story, what were the: (1) incentives/pressure to commit the fraud. (2) opportunities to commit fraud (i.e. which controls were weak) (B) What ended up happening to Lincoln? 5. Read the article below entitled “Billing Schemes, Part 3: Pay-and-Return Invoice” by Joseph Wells. (A) In the story, what were the: (1) incentives/pressure to commit the fraud. (2) opportunities to commit fraud (i.e. which controls were weak) (B) What ended up happening to Veronica? (C) How effective are hot lines? What are three kinds? 6. Read the article below entitled “Billing Schemes, Part 4: Personal Purchase” by Joseph Wells. (A) In the story, what were the: (1) incentives/pressure to commit the fraud. (2) opportunities to commit fraud (i.e. which controls were weak) (B) Approximately what percent of employees who commit fraud did so at previous jobs? Journal of Accountancy A skimming method doomed to failure over time. Lapping It Up BY JOSEPH T. WELLS elson, a computer programmer for a financial institution in New Orleans, sat across the desk from his boss. Nelson flinched when the boss told him the news that he, an 11-year company veteran, was in trouble with the home office in Dallas because of irresponsible behavior. More than a year ago, Nelson had accepted a promotion requiring a transfer to New Orleans from Dallas. The company extended him a $15,000 bridge loan, temporary funds to cover moving and household expenses. Nelson never paid back the loan, however, even after repeated requests to do so. Unbeknownst to the company, Nelson had been in serious hock for years. He and his wife just couldn’t seem to control their spending. With creditors hounding him, Nelson had taken the $15,000 and paid some of his most pressing debts. Now, with the boss facing him, he didn’t know what excuse to use this time for not paying back the company. But the boss was beyond being mollified with any more excuses. “Nelson,” he said, “the company has made it pretty clear: If you don’t get this debt taken care of, it’s going to cost you your job. Do you understand?” Nelson understood. Necessity being the mother of invention, Nelson concocted a plan made possible only by an internal control deficiency at the company big enough to drive a truck through: unrestricted access to “live” data (read: customer accounts). Even as the bank’s chief programmer, Nelson never should have had access to such data, but he did. That could have been because he was the principal architect of the entire computer system. Skimming Schemes Comparison of median losses Source: Occupational Fraud and Abuse, by Joseph T. Wells, Obsidian Publishing Co., 1997. The first step of Nelson’s plan involved opening a savings account at the bank under someone else’s name. In this case, he chose the ID of his own elderly, infirm uncle. Once the account was active, Nelson set about reprogramming the bank’s computers to accommodate a highly complex and seemingly foolproof lapping scheme. Because Nelson needed $15,000 all at once, he easily located a customer checking account with a large balance. But since he knew a funds transfer would create a record on the customer’s statement, he removed the funds from the “ending balance” field on the statement itself. He transferred the money to the uncle’s account, over which he had signature authority. Nelson debited the uncle’s account and credited his own, using the proceeds to pay his bills. The bank’s computers were programmed to print account statements throughout the month (for example, customer A’s statement mailed on the first day of the month, customer B’s on the second and the last one on the 30th). That being the case, Nelson figured he would have use of the funds for 29 days—no more. So he programmed the computer to simply “roll” the $15,000 through the ending balance field on other checking accounts according to a predetermined schedule. Nelson’s plan, in effect, was to let the money bounce throughout the computer program until he could legitimately repay his “loan.” Alas, this method was too easy for Nelson, and therefore too tempting. He rationalized that the bank wouldn’t find out or even miss the cash. So he continued to “loan” himself more money to pay off other pressing obligations. When the amount ballooned to $150,000 and involved thousands of customer checking accounts, Nelson’s ingenious 29-day computer program failed to reverse some transactions in time to avoid detection. In his haste, he forgot there were only 28 days in February. Customers started pouring into the bank with statements in hand showing a major discrepancy: Their ending balances last month were different from the beginning balances this month—a mathematical impossibility. Although Nelson initially blamed the problem on a programming error, he finally confessed to his boss what happened. He had always planned to pay the money back, Nelson promised solemnly, but he was at a loss to explain exactly how he could do that. Ever the nice guy, Nelson helped the authorities gather the evidence to convict him of embezzlement. It’s a good thing he did, too. Chasing down every single transaction would have been extremely time-consuming. Nelson’s cooperation got him only 15 months as a guest of the Louisiana penal system. ROBBING PETER BUT FORGETTING TO PAY PAUL If Nelson had been anything other than a rank amateur, he never would have picked lapping as the scheme of choice for covering cash thefts. Although he managed to lap customer checking accounts for about nine months—no small chore—Nelson’s plan was probably doomed from the outset. That’s because lapping almost always goes beyond robbing Peter to pay Paul. Once the first attempt is successful, lapping tends to increase at exponential rates. Now, the fraudster has to steal from other customers. Then, there are many accounts to keep track of. Therein lies the fraudster’s pact with the devil: The more lapping occurs, the greater the chance of making a mistake. That’s exactly what happened to Nelson. In his case, even his “move-the-money-around” program couldn’t keep track of the thousands of transactions. So when an accounting student once asked me the best way to detect lapping schemes, I couldn’t help myself: “Time,” I replied, only partially in jest. “In time, lapping schemes will invariably reveal themselves.” A LIST OF SINS Because of Nelson’s sins, a lot of people in his company suffered. The boss lost a valuable computer programmer and long-term employee. Since the prosecution of Nelson drew headlines, the bank lost credibility with some of its customers, likely costing it many multiples of the $150,000 he stole. Nelson’s coworkers at the bank suffered a loss of morale. Management was embarrassed. Nelson’s family had to ask for public assistance while he was imprisoned. But Nelson wasn’t the only one at fault in this case. Take, for example, the bank’s upper management. It is ultimately responsible for the flawed system of internal control that permitted Nelson to commit his crime in the first place. Not only were there computer system problems, but the bank never should have allowed Nelson to open an account using the identification of a relative 40 years his senior. And management did not recognize the signs of a financially strapped employee. Had someone done so, the company might have sought an alternative to forcing Nelson into a tight corner; desperate people do desperate things. Many large companies, for example, provide financial counseling to troubled debtors. The bank’s external auditors should have detected the fact that Nelson could both program and modify customer accounts—a serious deficiency. The internal auditors should have spotted the glaring control weakness long before that. TURNING WATER INTO WINE To the bank’s credit, it decided to do something positive after Nelson’s fall from grace. First, it closed the internal-control hole. Second, the company appointed an ombudsman to counsel employees in times of stress—financial and otherwise. Most important, it implemented companywide antifraud training to sensitize its managers and employees to not only how workers commit fraud, but why they do it in the first place. When putting together its employee video-training program, the bank went looking for an expert to talk about the fraud problem. It found one: From behind prison walls, Nelson—now full of remorse—volunteered. He looked directly at the camera and, through the tears, told his own story. The Lap Trap Lapping is the fraudster’s version of “robbing Peter to pay Paul” skimming. It is the extraction of money from one account to cover shortages in another account. For example, a fraudster steals the payment intended for customer A’s account. When a payment is received from customer B, the thief credits it to A’s account. And when customer C pays, that money is credited to B. Repeated many times, lapping is difficult for the dishonest employee to keep track of. As a result, almost all lapping schemes quickly reveal themselves. All material cash misappropriations send telltale signs: reduced cash combined with increased expenses and/or decreased revenue (see “Enemies Within,” JofA, Dec.01, page 31). Most lapping occurs because of inadequate control over incoming payments. Following are some classic “red flags” of lapping: Excessive billing errors. Slowing accounts receivable turnover. Excessive writeoffs of accounts receivable. Delays in posting customer payments. Accounts receivable detail doesn’t agree with general ledger. A trend of decreasing payments on accounts receivable. Customer complaints. 2002 Joseph T. Wells JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners, Austin, Texas. Mr. Wells’ article “So That’s Why They Call It a Pyramid Scheme” (JofA Oct.00, page 91) won the Lawler Award for best article in the JofA in 2000. His e-mail address is joe@cfenet.com. Journal of Accountancy Skimming is by far the most popular method for stealing an organization’s cash. … And One for Me BY JOSEPH T. WELLS oger had worked hard to earn his CPA. He had big dreams—he had planned to use his newfound financial expertise after college to build a fortune. But 10 years later, here he was, stuck as the controller for a midsize soft drink bottler and distributor in the South, going nowhere fast. It wasn’t fair, Roger reasoned. Besides, he thought his boss was ignorant and didn’t have a fraction of Roger’s accounting knowledge. A beverage company generates a lot of currency, and Roger’s primary responsibility was to keep track of it. The cash came from three principal sources: customer payments on accounts receivable, direct sales to customers (supermarkets) and vending machine collections. Payments on account usually came through the mail, while customer sales and vending machine currency was collected by route salesmen. No matter where the cash came from, it all arrived on Roger’s desk daily. He was the last person to see the money before it was deposited in the bank. At the end of one particularly distressing day, Roger noticed a deposit slip with a math error: There was exactly $1,000 more in cash than reflected on the deposit. At first irritated at the notion of having to correct the mistake, Roger stopped and smiled. And then he put 50 twenty-dollar bills in the top of his desk drawer, locked it, went home and didn’t look back. Two years and $475,000 later, Roger still didn’t feel good about his job, he hated working in this company, and he despised the boss more than ever. For Roger, being able to skim money had been no real challenge. He thought the boss should have noticed the glaring internal control deficiency in the operation and that his controller had unrestricted access to cash since he had unrestricted access to the books. On top of that, the company wasn’t audited. But so it is with many small to midsize businesses. Roger’s skimming scheme was the essence of simplicity. The daily bank deposits that arrived on his desk had already been prepared by a bookkeeper. Attached to the deposit slip was documentation in two forms: The bookkeeper prepared a list of payments on accounts receivable and each route salesman prepared a deposit for the cash he had collected. Roger left the accounts receivable alone. But for the route deposits (cash sales) he kept a handy supply of blank forms in his desk. After everyone went home, Roger simply removed cash from one of the route deposits and prepared a new form showing the lower deposit amount. Then he’d throw away the deposit slip prepared by the bookkeeper and fill out another in his own handwriting. In an effort to avoid detection, Roger rotated the route salesman he shorted and he took cash on an irregular basis. His scheme seemed to be working. But despite all of that money, Roger still had a serious attitude problem. Source: Reprinted from “Occupational Fraud and Abuse,” by Joseph T. Wells. Obsidian Publishing Co., 1997. The boss noticed how screwy Roger had been acting for months. Things weren’t getting done. Financial statements were late. Tax returns were overdue. Roger had not conducted a serious inventory in a year. He was missing more and more work. When the boss would point out all these problems, Roger would just glare at his desk. But in one final fit of anger, the boss fired Roger—effective on Friday. The following Monday, the boss called his CPAs for some temporary help until Roger could be replaced. By that afternoon, one of the CPAs spotted a journal entry of just over $380,000 made by Roger the previous Friday: He debited cost of sales and credited the same amount to inventory. Roger described the reason for the journal as, “To adjust inventory to actual value.” That one journal entry wiped out half the bottling company’s profits. Prevention and Detection Skimming, the single most common form of cash misappropriation, occurs when employees of organizations steal incoming funds. The term comes from the fact that money is taken off the top, the same way cream is skimmed from milk. By understanding the basics, auditors can more easily recognize skimming schemes. There are three principal skimming targets: revenue, refunds and accounts receivable Revenue or sales skimming is by far the most popular method, accounting for two-thirds of the incidents and preferred by the crooked employee because the other two schemes require alteration of the books and records to avoid immediate detection. Since any employee who comes in contact with cash can, in theory, skim money, the usual suspects are salespeople, cashiers, mail clerks, bookkeepers and accountants. But be aware that top executives, who can easily override controls, also skim. When they do, the losses are invariably large. Regardless of who skims money or the method used, the accounting effect is the same: Revenue will be lower than it should be but the cost of producing that revenue will remain constant. Therefore, be alert to the following indicators. The greater the number of indicators, the greater the risk that skimming is occurring: Flat or declining revenue. Increasing cost of sales. Excessive or increasing inventory shrinkage. Ratio of cash sales to credit card sales decreasing. Ratio of cash sales to total sales decreasing. Ratio of gross sales to net sales increasing. Discrepancies between customer receipt and company receipt. Customer complaints and inquiries. Forged, missing or altered refund documents. It was a pretty simple matter for the CPAs to unravel the scheme. First, they conducted a complete physical inventory of the operation. Next, they examined—by hand—every deposit slip for a three-year period. They located over a hundred bank deposit slips seemingly prepared in Roger’s own handwriting. Then, the CPAs traced the bank deposits to their corresponding route deposits. In each case, at least one route deposit was prepared in Roger’s writing. Finally, they pulled the deliverymen’s copies of their original route deposits. In each and every case, the copy of the original route deposit was higher than the forged copy by exact multiples of $1,000. The CPAs’ report helped prosecutors convict Roger of embezzlement. Roger had used the proceeds of his thefts in the classic manner: a new car, a better lifestyle and frequent trips to Las Vegas. Roger’s trial defense was twofold: First, he’d won quite a bit of money gambling, and second, anyone could have taken the money. He was unable to explain the stupid journal entry he made on his last day of work. Perhaps he had a compelling need to be precise. Because he was a first-time offender, Roger didn’t do any jail time, but he now owes Uncle Sam about $1.4 million. The boss learned a very important lesson about the value of independent oversight. Although the size of the business did not justify a full audit, the CPAs convinced the boss to do three simple things: First, separate the accounting functions from cash handling; that becomes especially important if the CFO is in a position to seriously abuse the trust placed in him or her. Second, hire an independent contractor on an annual basis to take a complete inventory. Finally, have a CPA review the company’s bank statements on a regular basis. JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners, Austin, Texas. Mr. Wells’ article “So That’s Why They Call It a Pyramid Scheme” (JofA Oct.00, page 91) has won the Lawler Award for best article in the JofA in 2000. His e-mail address is joe@cfenet.com. Journal of Accountancy These scams are among the most costly asset misappropriations. Billing Schemes, Part 1: Shell Companies That Don’t Deliver BY JOSEPH T. WELLS This is the first article in a four-part series on identifying false invoices and their issuers. This and next month’s columns focus on billing schemes that involve shell companies. Articles in the September and October issues explain how to detect and prevent two scams that use other, completely different phony-bill strategies. s he left the county clerk’s office, Stanley, a creative writer at a large advertising firm, gazed at the paper he’d just obtained and smiled to himself. For $35, it was easily the best investment he had ever made. Stanley pocketed the document and drove straight to his bank. Less than 30 minutes after presenting the paper to an official, he opened a business account in the name of SRJ Enterprises—a title that reflected his initials. The simple document—known as a fictitious-name or DBA (doing business as) certificate—was the key to his grand plan to defraud his employer. Such documents, available for a modest cost at any county courthouse, allow a person to do business under a different name. Many small business owners choose to obtain an assumedname certificate instead of incorporating, which can cost thousands of dollars. For example, if Bob Black wanted to open Bob’s Body Shop, all he would have to do is go to the courthouse, fill out a simple form and pay a small fee for a document he could use to open a bank account. Voila! He’d be in business. In this study of an actual case, CPAs will learn the first of two ways employees use shell companies to defraud organizations. Moreover, auditors will learn how to set up effective internal controls to prevent these costly occupational crimes. EASY AS 1-2-3 Maybe starting a business was what Stanley had in mind when he established SJR Enterprises, maybe not. But, fiddling with his wedding ring when he opened the bank account with a $100 cash deposit, Stanley said his “business” was located at what was actually the home address of his girlfriend, Phoebe, a disgruntled colleague from his employer’s accounting department. Ways to Cheat an Employer In billing schemes a company pays invoices an employee fraudulently submits to obtain payments he or she is not entitled to receive. There are four major types of such ploys, which are by far the most expensive asset misappropriations. Shell company schemes use a fake entity established by a dishonest employee to bill a On one occasion Stanley had told company for goods or services Phoebe of his latest brainstorm: it does not receive. The If he submitted phony invoices to employee converts the payment the company they worked for, to his or her own benefit. she could get them approved and paid. It didn’t take them long to Pass-through schemes use a conclude there was little risk of shell company established by getting caught, especially if they an employee to purchase goods discreetly saved their illicit gains or services for the employer, in a local bank and later used which are then marked up and them to start new lives sold to the employer through elsewhere. the shell. The employee converts the mark-up to his or SMOOTH SAILING her own benefit. Implementing the scheme was simple. On his home computer Pay-and-return schemes Stanley printed an invoice under involve an employee purposely the name of SJR Enterprises. causing an overpayment to a Following Phoebe’s instructions, legitimate vendor. When the he billed their employer $4,900 vendor returns the overpayment for “services performed under to the company, the employee contract 15-822,” a description embezzles the refund. similar to that found on many other invoices. Phoebe had Personal-purchase schemes chosen that amount because the consist of an employee’s company rarely scrutinized ordering personal merchandise invoices for amounts less than and charging it to the company. $5,000. She then created a “new In some instances, the crook vendor” file and phony keeps the merchandise; other documents to go with it. Once times, he or she returns it for a SJR Enterprises was recorded in cash refund. the computer as a vendor, Phoebe simply put the SJR invoice into a stack of much larger invoices for approval and payment. Right from the start, their plan worked flawlessly. In fact, the scheme worked so well Phoebe and Stanley tried it again—and again and again. Ultimately, they bilked the company out of almost $700,000 in cash over two years. To Stanley and Phoebe, it was a lot of money. But as far as the company’s total revenues were concerned, it was insignificant. As long as they didn’t get too greedy, Stanley and Phoebe could have gone on billing their $100 million advertising agency indefinitely. But soon two people would foil Stanley and Phoebe’s plans—Vivian, Stanley’s wife, and Dennis, the advertising agency’s internal auditor. Fake Billing: It’s Not Small Change Source: Occupational Fraud and Abuse, by Joseph T. Wells, Obsidian Publishing Co., Inc., 1997. SUSPICIONS GROW Vivian had known for some time Stanley was being unfaithful. He displayed the classic signs: a lack of interest in her, late “meetings” at the office, vague business trips on the weekend. But Vivian knew there was more. For the last two years, Stanley had ceded control of their joint checking account to her and no longer asked for spending money. Vivian considered the possibility that Stanley was stealing from his company. Where else would he get money? If Stanley was embezzling funds to support a girlfriend, that would be the last straw, Vivian thought. In a fit of anger, she called Dennis, whom she had met several times at company social functions. Dennis, who was also a CPA, listened carefully to Vivian’s sketchy evidence and said he would look into it. After her call, Dennis gave the matter some thought and reasoned that if Stanley was stealing company money, he most likely was engaged in some sort of fraudulent disbursement scheme. Since Stanley didn’t work with the company’s money himself, Dennis figured he would need an accomplice who did. And that person would have left a paper trail of phony records. The challenge would be to find the bogus paperwork among all the company’s legitimate transactions. CRACKING THE SHELL Acting on the fraudulent disbursement theory, Dennis took three separate steps to uncover the billing scheme. First, he examined the company’s line-item costs over a five-year period, looking for anomalies. This revealed a small uptick in consulting expenses, which led him to the second step: a detailed examination of vendors. The billings from SJR Enterprises stood out like a sore thumb. Phoebe had put SJR on the books as a vendor nearly 24 months earlier. Since that time, its billings had increased in both frequency and amount. Dennis correctly reasoned that consultants generally don’t bill more than once a month, nor do they normally quadruple their billings in one year’s time. He also noted that some SJR invoices weren’t folded and wondered whether that meant they hadn’t even been mailed. Furthermore, SJR Enterprises wasn’t in the phone book. The third and final step in Dennis’s plan was to compare vendor addresses with employees’ home addresses. Bingo! Dennis knew he had found Stanley’s accomplice. Before consulting legal counsel, Dennis went to the courthouse and obtained a copy of Stanley’s assumed-name certificate—a document of public record. One look at it removed any doubt that Stanley and SJR Enterprises were one and the same. Red Flags Signs of billing schemes include Invoices for unspecified consulting or other poorly defined services. Unfamiliar vendors. Vendors that have only a postoffice-box address. Vendors with company names consisting only of initials. Many such companies are legitimate, but crooks commonly use this naming convention. Rapidly increasing purchases from one vendor. Vendor billings more than once a month. Vendor addresses that match employee addresses. Large billings broken into multiple smaller invoices, each of which is for an amount that will not attract attention. Internal control deficiencies such as allowing a person who processes payments to approve new vendors. Upon reviewing the evidence, the company’s lawyer didn’t need much convincing. He gave Dennis the go-ahead to confront Phoebe and Stanley. They both confessed and returned their nest egg—practically all of the $700,000 they’d stolen. Due to the magnitude of their crime, the pair faced jail time, but—because they were first-time offenders—the judge sentenced them to probation. The story doesn’t end there, though: Both Phoebe and Vivian dumped Stanley. And today, menially employed, he lives in a cramped garage apartment. Alone, he wonders where he went wrong, both morally and strategically. But Dennis, the internal auditor, knows where he erred and realizes he should’ve seen the connection between the internal control deficiency that allowed Phoebe to add new vendors and the small increase in consulting expenses. “Soft” billings—for consulting, advertising and similar services—are ripe targets for this kind of fraud because they typically describe functions that are difficult to quantify, which makes it harder to assess their validity. Simple procedures might have prevented this scheme. A credit check on SJR Enterprises would have revealed this shell company had no history. And looking in the phone book would have shown there was no listing for the bogus enterprise. Plus, comparing vendor addresses with home addresses of employees before approving new vendors would have drawn attention to SJR immediately. In retrospect, Dennis considers himself lucky. Unlike most fraud cases, the company got most of its money back. Dennis also learned how to prevent future billing schemes. But he feels especially fortunate to still have his job. JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners in Austin, Texas, and professor of fraud examination at the University of Texas. Mr. Wells’ article, “So That’s Why They Call It a Pyramid Scheme” (JofA, Oct.00, page 91), won the Lawler Award for the best article in the JofA in 2000. His e-mail address is joe@cfenet.com. Journal of Accountancy Auditors should scrutinize steep fluctuations in the cost of goods sold. Billing Schemes, Part 2: Pass-Throughs BY JOSEPH T. WELLS This is the second article in a four-part series on identifying false invoices and their issuers. July’s and August’s columns focus on billing schemes involving shell companies criminals set up to facilitate fraud. Articles in the September and October issues will explain how to detect and prevent two scams that employ other, completely different phonybill strategies. This month’s case study shows auditors and CPAs how to recognize the pass-through billing schemes crooked purchasing agents and others sometimes use to illegally line their pockets. en, a recent accounting graduate, was on his first real auditing assignment at a West Virginia manufacturer of prepackaged cement. Because Ben was a rookie, his supervisors naturally assigned him tasks they didn’t want to perform. That explains why he was standing atop one of the company’s seven huge cement silos on the morning of December 31, his teeth chattering in the cold wind as he observed employees taking inventory. As workers sounded, or measured, each silo’s contents, Ben watched dutifully and then double-checked every measurement they made. Later that day, he reported the inventory tallies to Julia, his audit supervisor, and vouched for their accuracy. But on January 3, Julia called Ben into her office to talk about the cement manufacturer’s expenditures for raw materials; they were much higher than in previous periods. MAKING SENSE OF THE NUMBERS How to Sniff Out Phony Vendors CPAs can help prevent false billing schemes by establishing good controls over their employer’s or their clients’ vendor-approval processes. Ensure those involved in purchasing cannot approve “Are you sure these inventory counts are correct?” Julia asked. “The client’s total spending on raw materials soared last year. So, I expected a roughly proportionate increase in inventory. But the numbers you reported are only slightly different from the prior period’s.” vendors. Before approving a new vendor, evaluate its legitimacy by Obtaining its corporate records and other relevant documents. Checking its credit rating. Ben nodded affirmatively, but hoped he had not made any kind Confirming that it is listed in of egregious error. He was telephone directories. mindful of his lack of experience and had been careful, gazing into Contacting its references from each silo and confirming every clients and others. sounding. Julia frowned. “Well, if the ending inventory is correct, then we need to look at what the client is paying to manufacture cement. Maybe the unit cost of raw materials has gone up sharply. Let’s go talk to the client’s purchasing department.” Soon Ben and Julia were sitting across a desk from Lincoln, the manufacturer’s chief purchasing agent. He confirmed the cost of limestone—a key ingredient in cement—had jumped nearly 50% in the last year. As they were about to leave, Lincoln volunteered something that caught Julia’s attention: “I don’t know why the price increased so much last year, but it’s probably temporary.” As soon as the two auditors were out of earshot, Julia pulled Ben aside. “Something’s fishy about this,” she said. “If anyone in the company should know why the cost of limestone has jumped so Being particularly cautious about a vendor with a postoffice-box address or a name composed entirely of initials. Determining whether its business address matches any employee’s home address. Once the company approves a new vendor, the CPA should closely monitor the account by Watching for increases in the amount or frequency of billings. Observing variances from budgets or projections. Comparing its prices with those charged by other sources. much, it’s Lincoln. And since he didn’t know why the price went up, how could he know it’ll go down?” SIFTING FOR CLUES All weekend, Ben and the rest of the audit staff pored over the company’s limestone purchase invoices. By Sunday night, they had a pretty good picture of what was happening. For one thing, about a year ago, Lincoln had personally authorized the addition of a new limestone supplier—Majors and Co.—to the company’s list of approved vendors. The audit’s documentation also reflected that—within just a few months—Majors had become the company’s sole source of limestone, at prices approximately 50% higher than the company had been paying elsewhere. Close-Up on False Billing Source: Occupational Fraud and Abuse, by Joseph T. Wells, Obsidian Publishing Co. Inc., 1997. Julia came right to the point: “I think we might find Lincoln is connected to Majors and Co., which may be buying limestone from someone else, marking up the price and reselling it to the cement company.” On Monday morning, carrying a large stack of invoices from Majors and Co., Julia met with the company president, who listened to what she had to say. After a few minutes, the president said: “I wonder if Lincoln is trying to get back at us. About a year ago, the board of directors passed him over for a promotion to vice-president.” POURING THE FOUNDATION OF A CASE Julia, a CPA and certified fraud examiner, explained to the president how she could expand the current audit to detect any fraudulent business practices or transactions. The president quickly authorized the additional work. As proper evidence-gathering procedures require, the audit team collected every original invoice from Majors and Co. along with the vendor file showing Lincoln’s approvals. The team prepared a log describing each document and its source. They photocopied them and stored the duplicates at their offices. Next, Julia assigned Ben to take a close look at Lincoln’s personnel file. In it he discovered a name that stood out like neon: Linda Majors—Lincoln’s wife. Other members of the team turned up even more evidence: Majors and Co. was legally incorporated, and related documents from the Secretary of State’s office bore the signatures of both Linda Majors and Lincoln as corporate officers. Finally, the team obtained price quotes from five nearby limestone suppliers. On average Majors and Co. charged 60 percent more than its competitors. Julia was satisfied she had enough documentary evidence to prove the existence of a pass-through billing scheme. COMING CLEAN Julia arranged a face-to-face meeting with Lincoln that began with an exchange of pleasantries. As Ben watched, Julia posed carefully constructed, point-blank questions. (For examples, see ‘“Why Ask?’ You Ask,” JofA, Sep.01, page 88.) She also showed Lincoln a copy of Majors and Co.’s articles of incorporation, which bore his name and signature. Lincoln’s face fell. For a few minutes he acted as if he didn’t understand, but gradually he admitted everything, encouraged by Julia’s low-key technique. Not once did she show any disapproval of Lincoln or what he had done. Instead, Julia was personable and professional throughout the two-hour interview, allowing Lincoln to present his side of the story. In this unthreatening setting, Lincoln told a classic tale of revenge, revealing all the details of his pass-thorough billing scheme and why he set it up. Sure enough, the whole thing started about 18 months ago when Lincoln realized the company wasn’t going to promote him to vice-president. He saw this as a betrayal of his more than 10 years of service. Like many purchasing agents, he was a constant target for temptation—vendors made it no secret they’d be glad to pay him under the table for favorable consideration when the company awarded business contracts—but he had never accepted. LESSONS LEARNED AND IGNORED Ben’s participation in this audit and investigation taught him never to judge the significance of current findings without examining prior-period results and looking for suspicious changes that could indicate fraud. But the client company was interested only in getting its money back. In just over a year, Lincoln’s “take” had been a cool $1.3 million, which he had saved to finance a new business for himself. In exchange for his returning it all, the company agreed—against Julia’s advice—not to prosecute Lincoln. Even worse, the company kept quiet about his transgression, enabling him to move up to a better job—ironically, as chief purchasing agent for a limestone vendor. JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners in Austin, Texas, and professor of fraud examination at the University of Texas. Mr. Wells’ article, “So That’s Why They Call It a Pyramid Scheme” (JofA, Oct.00, page 91), won the Lawler Award for the best article in the JofA in 2000. His e-mail address is joe@cfenet.com. Journal of Accountancy Anonymous tips are an important source of information on employee theft. Billing Schemes, Part 3: Pay-and-Return Invoicing BY JOSEPH T. WELLS This is the third article in a four-part series on identifying false invoices and their issuers. It explains the pay-and-return billing scheme, in which an employee creates an overpayment to a vendor and pockets the subsequent refund. The other stories focus on shell companies (See JofA, Jul.02, page 76 or www.icpa.org/pubs/jofa/jul2002/wells.htm), pass-through billing schemes (See JofA, Aug.02, page 72 or www.aicpa.org/pubs/jofa/aug2002/wells.htm) and personal purchase schemes, which will be the subject of “The Fraud Beat” in October. philosopher once said the road to hell is paved with good intentions. As all fraud examiners know, given the right circumstances—for example, a personal financial crisis coupled with weak internal controls on the job—many otherwise law-abiding employees will rationalize their way into stealing from the companies they work for. The following case study illustrates such a situation and shows how CPAs can protect their clients and employers from pay-and-return billing scams. This particular ruse shouldn’t have lasted as long as it did; a simple, inexpensive service could’ve stopped it much earlier. NO WAY OUT As Veronica, an accounting clerk at a dental supply wholesaler, hung up the phone, her cheeks reddened with anger and embarrassment. She knew her coworkers at the dozen or so desks nearby had heard everything—as usual. This call had been from yet another of her husband’s many frustrated creditors, who demanded money she didn’t have. The outstanding debts arose from a business that was operated strictly by her spouse, not her. But as Veronica knew so well, in the community property state where she and Les lived, his debts were her debts, too. When Veronica married Les eight years ago, he had been a fast-talking hustler. But success had eluded him; one after another his business ventures failed. Then, three years ago, to get a fresh start, the couple filed for personal bankruptcy. Yet, somehow, they again had gotten over their heads in debt. This time, though, because you can declare bankruptcy only once every seven years, they became desperate. AN APPARENT IMPROVEMENT In the office, Veronica’s colleague, Jenny, had tried not to eavesdrop. But the low partition between their cubicles ensured she would hear most, if not all, of the calls Veronica received from creditors. Since Jenny knew her friend was in trouble, she wasn’t surprised when Veronica time and again shared her tale of financial woe. But as the months passed, Veronica simply stopped talking about her debts. A DIFFICULT CHOICE More than a year later, Jenny accidentally discovered why Veronica was silent on the subject. At the end of one workday, when no one else was around, Jenny clearly saw Veronica slip a vendor check into her purse. Now it began to make sense: Veronica was stealing from the company. Jenny was incensed and couldn’t think of anything else for several days. Still, the thought of turning in Veronica made her ill. But after being with the company nearly 10 years, Jenny had a personal stake in it. However, she reasoned, if Veronica kept stealing, it would only worsen her problems, so Jenny decided to report her friend anonymously. First she thought of phoning her boss but realized he’d recognize her voice. Then it hit her: She would call the company’s CPA firm; they surely would want to know about this, and they wouldn’t know who she was. Calling from a pay phone, Jenny was questioned by a manager at the firm. “How do you know she’s stealing?” he demanded. “Because I saw her,” Jenny replied defensively. “And who are you?” the manager wanted to know. The conversation ended when Jenny refused to identify herself. The manager said: “You tell me you witnessed a theft, but you won’t say who you are. You could be anybody. I can’t take this further unless I have more evidence.” Jenny refused to say anything more and hung up. Jenny never confronted Veronica with what she knew, but she wanted no more to do with her. Although Jenny saw Veronica steal another check about six months later, she clenched her teeth and kept her mouth shut. That is until several weeks later when Claude, a CPA recently hired as the company’s internal auditor, invited her into his office. ON THE TRAIL TO DISCOVERY With records in his cubbyhole office already piled high around him, Claude explained to Jenny that—as part of his new responsibilities—he was meeting with a number of employees to get their opinions on the company’s accounting operation. During his discussion with Jenny, Claude wanted to focus on fraud by company employees. So he introduced the subject by asking her if she had known one of the company’s purchasing agents took several hundred thousand dollars in kickbacks to award favorable manufacturing contracts. Jenny said everyone in the company had heard the rumor. To avoid publicity, the company had decided not to prosecute. It also hired Claude to help prevent such future incidents. Finally, he got to the point. “Has anyone in the company ever asked you to do something that you thought was illegal or unethical?” Jenny didn’t have to think long about that. “No,” she said quickly. Then Claude asked, “Do you suspect anyone in the company is committing fraud?” Jenny sat silently for a moment. “Should I tell him what I know?” she wondered. Looking at Jenny’s face, Claude didn’t need to hear an answer. He knew something was wrong and started digging further. Although Jenny said nothing more, Claude immediately reviewed Jenny’s job functions and those of the accounting clerks who worked with her. He found nothing unusual until he came to Veronica’s job description, which was disturbing: Her primary responsibility was processing invoices for payment, but she also handled the occasional overpayment received in the mail. This was clearly a breach of security that needed prompt attention. Claude’s subsequent investigation revealed that Veronica was processing certain invoices twice. When confronted, she seemed relieved and confessed everything, admitting her favorite target was her employer’s largest supplier, a dental appliance manufacturer that printed its simple invoices in black ink on plain paper. When strapped for money, Veronica said, she’d make a copy of the manufacturer’s invoice before stamping the original. The two were almost indistinguishable. Then she’d process the first invoice, send it on for approval, and process the invoice again a few days later using the copy she’d made. To further disguise her scheme, Veronica always put the copied invoice in a stack of others waiting to be processed for payment. The company would pay the bill twice. When the supplier realized the overpayment, it sent a refund check that landed on Veronica’s desk. She in turn slipped the extra check into her purse and later turned it over to Les, who forged her company’s endorsement with a specially made rubber stamp and deposited the check in his business account. In less than two years, Veronica had embezzled more than a quarter-million dollars. True to form, she saved her husband from jail by claiming the whole scheme was her idea. But because Veronica was a first-time offender, she got several years’ probation and served only six months in a halfway house. BETTER LATE THAN NEVER Claude took some basic steps to prevent such fraud in the future. First, he instructed the accounting department to be on the lookout for copies of original invoices. Poor quality duplicates can be detected with the naked eye, but some reproductions are good enough to escape all but the most detailed inspection. So, as an added safeguard, Claude installed controls that would warn him if the accounting department tried to process the same invoice amount and/or number twice. This required nothing more than adding an automated procedure to the invoice payment system. Before printing a check, the system would scan previous payments to see whether any were issued for the same bill. If questionable items turned up, Claude would review them and determine how to proceed. Second, he reassigned the responsibility for depositing refund checks to a staff member who didn’t deal with invoices, thus separating critical job functions and correcting a serious control deficiency. Finally, because some of the most valuable information on suspected employee crime comes from workers concerned about reprisals, Claude established a telephone hot line (see “What’s So Hot About Hot Lines?”) so employees can report suspicions promptly without fear for their personal safety or job security. He also recommended that management instruct the CPA firm to accept and immediately inform the company of all calls and reports of suspected fraud. What’s So Hot About Hot Lines? From the search for the Unabomber to the Enron inquiry, investigators have found “inside” information from family members and coworkers to be especially valuable. One way to obtain tips from such knowledgeable sources is to establish telephone “hot lines” that are convenient and guarantee callers’ anonymity. To encourage their use, hot lines must let callers furnish information without fear of reprisal. Since many employees who want to report misdeeds may be afraid—for fear of discovery—to call a hot line at work, such services must be available 24 hours a day. Although callers report a wide variety of petty grievances, one simple fact remains: Some crimes are not discovered any other way. There are three types of hot lines. Full-time, in-house. The most expensive and effective hot lines are staffed—around the clock—by live personnel who can answer the caller’s questions and concerns. Usually only the largest companies maintain full-time hot lines. Third-party providers. Many third parties provide hot line services that are available at all times. When an individual calls to make a report, the provider takes down the information and relays it to the client company. Although this type of service is less expensive than an in-house version, the employer—not the service provider—is responsible for informing employees of its availability and contact information. Part-time, in-house. Many companies have a tip line answered by company employees—usually in the internal audit or security departments—during working hours. At other times, callers are able to leave a voice-mail message. Although inexpensive, this method is not as effective as the other two types of hot line because— as explained above—it isn’t sufficiently confidential and doesn’t give callers a chance to ask questions before they give information. JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners in Austin, Texas, and professor of fraud examination at the University of Texas. Mr. Wells’ article, “So That’s Why It's Called a Pyramid Scheme” (JofA, Oct.00, page 91), won the Lawler Award for the best article in the JofA in 2000. His e-mail address is joe@cfenet.com. Journal of Accountancy Maintain your standards on routine business tasks or suffer the consequences. Billing Schemes, Part 4: Personal Purchases BY JOSEPH T. WELLS This is the final installment in a four-part series on identifying false invoices and their issuers. The July and August columns focused on billing schemes involving shell companies criminals set up to facilitate fraud. Articles in this issue and September explain how to detect and prevent two scams that employ other, completely different phony-bill strategies. This month’s case study shows CPAs the far-reaching consequences of not setting up controls in a business to detect and prevent seemingly immaterial frauds. ost business owners enjoy their leadership role. But wearing the boss’s hat means shouldering diverse responsibilities, and many entrepreneurs don’t have time to manage human resources and other important administrative functions. So they often hire someone to do these jobs for them. If at first all goes well, the boss may no longer check to see if his or her managers follow proper supervisory procedures. That’s when trouble brews. The following case study isn’t just for auditors, but rather for the thousands of CPAs heading their own businesses, occupying other management positions or advising businessowner clients. It demonstrates how “immaterial” fraud—especially in small organizations—can have companywide consequences. How Crooks Help Themselves to Company Funds Some employees can’t resist temptation and use their employers’ money to buy things for themselves. They do it in one or more of four ways. THE PERFECT APPLICANT? A Midwestern CPA firm with about 50 full-time employees needed someone to run office errands. Deidre, a member of its bookkeeping staff, thought she knew the ideal candidate: a Fraudulently authorizing invoices by an appropriate party. In many occupational fraud cases, the culprit’s duties include authorizing purchases, and his or her conscience is the only young man named Mark, who lived in her apartment complex. So she recommended him control in place. for an employment interview during which he Falsifying documents to obtain appeared bright, energetic and sincere— everything the firm wanted. Gladys, the partner authorization. If the fraudster is not the authorizer of invoices, he or she often will in charge, hired him on the spot. forge a supervisor’s approval signature on purchase requisitions and other documents. Altering legitimate purchase orders. In some cases, a crooked employee alters a legitimate purchase order, increasing the quantity of merchandise requested. When the goods arrive, the employee takes the excess items or returns them for a refund. Misusing company credit cards. If a company has weak controls over the use of credit cards, some employees take advantage and buy everything from fuel for their automobiles to furniture for their homes. The following Monday Mark began work enthusiastically: He hand-delivered urgent documents, used the company car to pick up visitors arriving from out of town and shopped for miscellaneous office supplies and groceries. The weeks passed swiftly as Mark got better at his job. Management even trusted him with making bank deposits, and after six months of exemplary performance, he received a positive evaluation and a modest raise. CLAY FEET REVEALED One day, as Mark’s first anniversary neared, his good start came to a bad end. On the way back from picking up supplies at the supermarket, he stowed some of them in his car before bringing the rest to the office. But unfortunately for Mark, the firm’s receptionist saw what he had done and promptly informed the office manager, Harriett. Given the firm’s lax purchase approval procedures, Mark had had no trouble using company funds to buy things for himself. Each time he made a list of necessary supplies and prepared to go shopping, Harriet issued Mark a blank, signed check. When he returned, Mark submitted the receipt for his purchases. Because the office supplies and groceries weren’t particularly expensive, Harriett rarely examined the cash-register tapes— a fact that hadn’t escaped Mark’s Source: Occupational Fraud and Abuse, by attention. After the receptionist’s visit, Joseph T. Wells, Obsidian Publishing Co. Inc., though, Harriett scanned several of 1997. Mark’s receipts. She was shocked to discover that in addition to items for the office, Mark had been buying beer, cigarettes and other personal items without reimbursing the firm for them. Taking a deep breath, Harriet reported the embarrassing facts to Gladys, who didn’t take the news well. Individually, Mark’s thefts weren’t material, but they would force Gladys to make a difficult decision. Although she couldn’t just reprimand Mark, she hesitated to fire him. And yet it was important to set an example that would deter other employees from committing fraud. THE TRUTH HURTS The choice turned out to be clearer than Gladys expected, but it still was painful. After glancing at Mark’s personnel file, she summoned him to her office and closed the door. When he was seated she said she needed his help on a problem. Gladys paused and looked Mark right in the eye. “What would you do if you were the boss and you learned a valuable employee was stealing from the firm?” she asked. Mark’s gaze wandered around the room. He frowned and said in a low voice, “I guess I’d call him in and ask him about it.” After five minutes of patient questioning, Gladys got Mark to confess. When she asked for a motive, he said the stolen items “weren’t expensive” and the company could “easily afford them.” Hearing this casual admission, Gladys resisted an urge to shout at Mark in frustration. “We all liked and trusted this young man,” Gladys thought. “He’s been a good employee in every other way—he has a near-perfect attendance record, gets along well with everyone and makes a good impression on clients.” But Gladys knew retaining Mark would set a dangerous legal precedent. If she let one thieving employee stay and in the future fired another for similar misdeeds, the firm would be vulnerable to a wrongful discharge suit. It was clear Mark had to go. Gladys’s eyes moved again to Mark’s personnel file, open on her desk, with his employment application on top. She noticed Mark previously had worked for a nearby computer manufacturer. On a hunch, she asked, “What would your former employer say if I called and asked why you left?” She was struck by Mark’s curious reply: “I didn’t do it.” As she said “I’m terminating you immediately for stealing from the company, Mark,” she realized it mattered more to her than it did to him. How to Prevent and Detect Personal Purchases Ensure company policy clearly prohibits all personal purchases with company funds. Do not permit the same employee to originate purchases and approve them. Separate the invoice approval function from the payment and receiving function. Before leaving the boss’s office, Mark admitted the computer maker also had fired him for stealing. Gladys silently cursed herself for not instructing the Establish maximum purchasing staff to put Mark through a normal preemployment limits for each employee. background check. Instead, she had trusted Deidre’s judgment and recommendation. At the time Install controls to detect multiple it seemed reasonable; Deidre had been with the purchases just below employees’ company for more than four years and was an approval limits. outstanding employee. Establish procedures to routinely check for deliveries of companyordered goods to external addresses. And look for matches between invoice delivery addresses and employees’ home addresses. Examine shipment receiving reports for merchandise ordered and paid for but not delivered. Check invoices for vendors that are not usually associated with the company’s business. For example, it would be suspicious for a manufacturer to order goods from a department store. Routinely examine individual employees’ buying habits, looking for increases in the amount or frequency of purchases. Carefully control access to, and purchases that are made from, company credit cards. Be especially alert to purchases in round amounts, which might indicate false or inappropriate charges. Gladys knew that in today’s litigious environment, Mark’s previous employer probably would not have revealed the true reason for his departure, even if her firm had asked. But the computer manufacturer’s HR manager probably would have admitted he would not rehire Mark, and that would have been a red flag. ONE MISTAKE, MANY CONSEQUENCES Minutes after finishing with Mark, the boss called in Deidre, who, having heard the rumor quickly spreading through the office, was in tears and revealed—to Gladys’s growing anxiety—she and Mark had been dating for months. When questioned, Deidre admitted she knew Mark was pilfering groceries and said she had encouraged him to stop. But Mark continued stealing, and Deidre said she couldn’t bring herself to turn him in. Dazed, Gladys wondered if she’d checked her own brains at the door the day the firm hired Mark without knowing more about him. But she gritted her teeth and fired Deidre, too, for her ethical lapse. But what of Gladys’s managerial error? The price for the firm’s slack cost controls and failure to follow appropriate hiring procedures was significant: Although Mark’s thefts were petty, two workers lost their jobs. Deidre had been next in line to head the bookkeeping department. Furthermore, although Deidre’s coworkers knew why she was leaving, her popularity did not diminish and a blue mood pervaded her team for weeks. Gladys learned the hard way how a good employee’s departure under bad circumstances can foster low morale that, along with the cost of training replacements, burdens a firm with avoidable difficulties. The moral? When it comes to fraud, do sweat the small stuff. Checking References Approximately 7% of employees who commit fraud did so at previous jobs, according to the Association of Certified Fraud Examiners’ 2002 Report to the Nation on Occupational Fraud and Abuse. To avoid hiring these high-risk workers, consider the following recommendations. On the company’s employment application form, request information on all jobs held in the last seven years or longer. Look for chronological gaps on an employee’s application, which may indicate he or she wants to avoid disclosing information about a particular position held or a criminal conviction. Confirm all employment-history information. If possible, interview the applicant’s immediate supervisor. Fearful of employee litigation, most organizations will provide only basic information. But often they will reveal whether they would rehire the employee—a valuable indication of the circumstances under which he or she left the company. JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners in Austin, Texas, and professor of fraud examination at the University of Texas. Mr. Wells’ article, “ So That’s Why It's Called a Pyramid Scheme ” ( JofA , Oct.00, page 91), won the Lawler Award for the best article in the JofA in 2000. His e-mail address is joe@cfenet.com .
