Fraud

by

Fraud Prevention Tip: Think About the Financial Impact of Rare Events on Your Business

The smoothest kind of scam – and one of the hardest to detect – is what I call an off-book transaction.

Just a For Instance

An off-book transaction most often happens because something rare occurs at your business. Let’s say, for instance and hopefully not, that there’s an extraordinary event like a fire or a theft, and you go to the insurance company claiming $25,000 in damages and loss.

All goes well (at least in this regard), and the check is sent.

The check could have been sent to any number of people’s desks, but as this is a particularly unusual event that involves insurance, the check is sent to the CFO’s desk. Now, the CFO takes the check and deposits it – not into the company’s normal account – but into an account at a different bank under your company’s name. There’s now $25,000 sitting in a bank account in your company’s name, but only the CFO knows its there to control and spend.

How can he get away with this?

These extraordinary non-recurring items are things that an auditor would never know missed the books. Nobody knows to look for what isn’t missing.

And this doesn’t just happen with insurance checks. Off-book fraud happens with rebates, SPIFs (Sale Performance Incentive Plans), or other money that is rare enough that accountants and auditors don’t know to check the books for it.

The Rebate Way

Consider the idea of a pre-purchased rebate. One large printing company I turned around used to buy a lot of paper. In fact, it bought millions of dollars in paper annually (millions is an understatement). So a new paper manufacturer comes along and says that if this printing company signs a contract with them that begins with a $100,000 paper purchase, the manufacturer will give a one million dollar signing bonus.

The details of this contract are only known by one person who also knows that the million dollars should be looked for in the books later. Since he’s the only one who knows and he accepts the check, he’s able to do exactly what the CFO mentioned above could do: deposit and control it. Auditors don’t know to look for it, so they never find it.

I caught this case because I felt compelled to review a contract that represented such a large percentage of expenditures, and I wanted to know more about the deal, but for every huge case that is inevitably caught there are ten other $10,000 deals that get missed.

If I’m around a company long enough for things happening on an annual cycle to recur then I’m more likely to catch these things, but if I’m not then it’s up to people at the top to alert the auditors (and more than one of them, mind you) to be on the lookout for rare, one time or merely annual occurrences that could be slipping the books.

The way I often catch off-book transactions is by noting what I’m told by staff must absolutely be done or absolutely not be done; I always investigate what must or must not happen to see if something unsavory is going on. A good bit of the time, it is.

A Smooth Insurance Scam

For instance, I had a controller who would intentionally overpay insurance premiums. He was writing, periodically, a check for $10,000 or even $20,000 more than he needed to be. When the auditors came in, they would see regular checks to the insurance company and not think a thing of it. At best, they would spot check that this company was owed money, and the short answer was always yes.

The insurance company would later send a refund check to the company and the controller overpaying those checks would deposit the refunds into a dummy account at a different bank under the business’s name. Guess who was the only person who knew about this account and spent from it. Yep, that very same controller.

People will take advantage of what they know will be out of site out of mind, so I encourage you to watch the unusual with your own eyes and always follow it from start to finish.

What kinds of unusual transactions occur in your business? Did you check up on them?

20120325-185308.jpg

by

Fraud Prevention Tip: Match Your Purchase Orders Against Your Invoices Before Putting the Invoices in Your System

Let’s talk about Accounts Payable. We have a tendency to put certain processes on auto-pilot because it’s much easier that way, and accounts payable is one of those. It’s not because whoever is doing your payables isn’t paying attention – it’s because he or she is only one cog in the ordering wheel. She’s not counting incoming shipments and matching POs to packing slips at that point. She’s not the purchasing officer (in larger structures), so she’s just receiving and then paying invoices, which she likely presumes have already been accounted for. That’s not to say that there aren’t some processes in place to prevent this from being haphazard, but there is room for error and exploitation.

I recall a case in Jacksonville, Florida. The purchasing agent and the controller were working together on a little scheme. They worked for a company that was buying 100 railroad cars a month, each holding 20,000 gallons of oil. That’s 2 million gallons of oil annually, which is a pretty huge volume.

What the controller and purchasing agent figured out how to do was effectively double-invoice for one of these railroad cars filled with oil. They’d effectively divert a purchased car to one of their competitors willing to pay for a discounted car of oil. The company that ordered the car initially paid for the car in full when they received their invoice, and when this pair invoiced the competitor at a discounted rate, the competitor would split the cost of the invoice with them.

The people getting most ripped off in this case were not ones that the controller and purchasing agent worked for, but the companies they were unjustly invoicing.

This would have been caught much sooner had any of those companies been matching its delivery tickets and purchase orders before processing its invoices in its accounts payable system. Once an invoice is in the system it’s on auto-pilot, which is why you have to be sure that you’re checking all incoming shipments against purchase orders to make sure you’re paying for the right things.

That’s a good practice anyway, and most of the time you’re at worst just catching honest mistakes made by your vendors. Sometimes, though, you’ll find something like this and be really glad that you have a fraud control policy that entails checking purchase orders against incoming shipments and against invoices before putting them into your systems.

What’s your process for checking these things? Have you ever uncovered mistakes or worse?

20120325-174830.jpg

by

Fraud Prevention Tip: Regularly Monitor and Review Monetary Trends

In some ways this tip is similar to the tip about taking all shortages seriously, but I think that this is broader. If you dip into your Quickbooks or whatever software you use for your accounting, you’ll discover that there are hundreds of reports that your system can generate for you from the top view P&L and Balance Sheet to the nitty gritty item detail by customer.

Understanding your company’s KPIs – or Key Performance Indicators – is a great place to start when seeking the trends that matter to you. However, thinking generally about other numbers in your business, and regularly monitoring them, is a very important exercise.

The beauty of this tip is that you can determine how to run the necessary report you need and then have someone in the accounting department run and provide these reports daily, weekly or monthly, depending on the relevance, scope and immediacy of them. Chart the differences over the period of time in question, and you’ll notice a variety of fascinating things.

Let me tell you why at a high-end, couture dress manufacturer in New York, they should have been watching their scrap and the cost per dress of manufacturing.

In the world of couture, the profit per piece is generally quite high, especially at this particular dress manufacturer. What started to happen, though, as we later discovered, was that the production manager was taking the overrun of these $5,000 dresses and selling them to discount operations. As this started to work well, he would buy more materials and then write them off as scrap; to make them into dresses and sell them to discount retailers, though, he still had to run the plant which obviously costs money, too.

Had the CEO been receiving regular reports on the, for instance, scrap rate, then he would have noticed something out of whack much earlier and asked the plant manager to reevaluate his processes. Similarly, tracking manufacturing costs could have uncovered this fraudulent activity. As labor and material costs rose while revenue remained steady the CEO should have thought more carefully about the impact on his profit and why it was happening.

If you are making a widget day in and out and you know that the material is x and the labor is y, you need to watch the trends to make sure that the numbers are staying consistent (or inconsistent in your favor).

This applies to all relevant numbers in your business. Regularly monitor and review monetary trends.

Which trends do you monitor? How frequently?

20120325-174135.jpg

by

Fraud Prevention Tip: Always Poke Around Your Books

When companies start the CEO or business owner is the one signing all of the checks. That’s just the nature of a start up and a small business.

But after a company grows and other people – CFO, controller, auditor, etc. – are put into the position of check signer, the CEO or a majority shareholder should double-check what’s getting paid.

Just look at a ledger, the checkbook or Quickbooks and see where money is going. Ask questions about that money. How often are we paying for X? What does company Y supply us with? Poke around the books and ask questions.

Silly Expenses

Even if you don’t find fraud, you’ll likely discover unnecessary expenses. I would say the latter is in fact more common in these cases. The reason is that people in Accounts Payable aren’t always informed when a piece of leased equipment is sold or returned or when the paper supplier wasn’t just changed but the first supplier was canceled. That’s because a lot of payables and other bills are just put on autopilot. They’re not checked every month or even every year.

I can’t count the number of times I’ve gone through a company’s expenses line by line, questioning everything with the CEO and the check-signer, and found thousands – if not tens or even hundreds of thousands – worth of expenses being paid that didn’t need to be paid. What a difference that makes to the bottom line of any business, much less one that hasn’t turned a profit in two years.

In one notable case, this routine check uncovered some major fraud.

Un-Silly Fraud

We discovered the fraud while doing a sort in an Excel spreadsheet on all of our vendors’ addresses; we were just trying to figure out freight costs and where we could save money. What we stumbled upon were two vendor companies: one in California and one in Indiana. Each was doing business with a stationary store in Chattanooga, which is where our home office was.

It would have made sense that there were vendors in California and Indiana to attend to our subsidiaries, but what didn’t make sense is that we were sending checks to these companies at a PO Box in Chattanooga – which, I reiterate, is where our headquarters was.

It turns out that the controller had created dummy vendors, theoretically for our subsidiaries in California and Indiana, and he was cutting checks to these dummy vendors for random amounts between $50 and $100 to a PO Box in Chattanooga. He would then go collect all of these checks and cash them in the name of these dummy vendors.

That’s a series of very small transactions that an auditor would never find even if he regularly dipped 20% below his “check everything” number. As a result, over the course of ten years this controller stole over a million dollars.

And again, we only discovered this because the CEO and I were poking around in the books trying to come up with useful ways of extracting unique, money-saving information. What hit us was something suspicious, and that’s why I always encourage you to look into the suspicious.

Slightly Silly Fraud

Another time I was working on a book store that had switched who it was banking with and who held its credit cards. But one of the credit cards wasn’t canceled – a Discover Card – and because it was so routine to pay off this Discover Card, the controllers just kept paying it. No one asked and no one thought about it. As it happens, the guy whose card it was just paid off his entire mortgage on the company (until I got there).

Just do a routine check through all of your transactions and payments. You’re bound to find some juicy things in there.

How often do you poke around your books?

20120325-172804.jpg

by

Fraud Prevention Tip: Take All Shortages Seriously

In businesses with checkout counters and cash drawers, it can be very easy to just accept a standard over/under on drawer counts. A number of other places that involve balancing books will also allow this to be so. I’m the first to say that if you’re balancing out $100,000 in revenue and find that you’re $86 off, you might just want to let it go as the trouble of uncovering that $86 is not worth the $86.

But what if someone had stolen that $86? Then would you want to know and figure out what had happened? Arguably, that changes the value of the $86, since this is unlikely to be a one time thing, but a recurring and growing “expense.”

So let’s say that you have a drawer that’s off by $14 one day. No big deal – that can happen, especially at a place that does enough business in cash on each drawer.

But let’s say that happens at a big department store like a Macy’s 5 days in a row. That cashier is going to get fired for one of two reasons. Either a. he’s an idiot or b. he’s stealing.

But let’s not forget to consider hidden option c. someone else is stealing from him because he’s an idiot.

Many employees know that a drawer can be off $20 a day without raising a lot of suspicion, and so they use other people’s cash drawers when their friends come in to the store and give them $10 too much change. By rotating whose drawers they’re doing this from, it makes it very hard to catch them. Watch for patterns and consistencies, like who’s regularly working on days that there are higher than usual collective shortages, even if those shortages don’t appear on their drawers.

Don’t jump to conclusions. Just be vigilant and chart the specifics of any inadequate drawer counts.

Many companies grow lax because everything’s been fine with their counts, but don’t make the mistake of ignoring the systems you have in place. You put them there for a reason.

On some level, you’ll have to make a judgment call on this one depending on the percentage under and who has his or her hands in your cash and your books. This tip isn’t as stark-raving obvious as don’t rehire people who steal from you, but I do want you to take all shortages seriously all the same.

What shortages are considered acceptable at your business? How frequently does that happen and what do you do about it?

20120325-171758.jpg

by

Fraud Prevention Tip: Focus on Checks and Balances that are Rechecked and Rebalanced

I debated making this idea its own tip, as it may be more of a motif that just runs through darn near every one of my fraud tips and posts, but I opted to include it just to make sure that you heard me say it enough times.

Every good organization has checks and balances. The United States government has them via our well crafted Constitution and the division of governmental responsibilities into our legislative, executive and judicial branches. As we’re taught in school, those checks and balances are meant to prevent the abuse of power, which is exactly the same as preventing fraud.

Fraud is an abuse of the power placed in the hands of those you and your company – or the electorate – opt to trust. In most cases, that pertains in some fashion or another to stealing money, but all fraud comes down to an abuse of power.

In fraud cases, it’s rarely some elaborate conspiracy that I detect. It’s generally just one bad egg trying to get away with more than is written into his contract.

The reason I insist on checks and balances in a business and in all things pertaining to money and finances in a business is because checks and balances generally prevent fraud from happening (that is, they’re a psychological deterrent acting as part of an informal fraud policy) – or at least their presence detects fraud early enough to prevent it from being damaging and to fire any perpetrators (and if you’ve been listening to allow you to prosecute them and send them to jail).

Crooks are generally creative, or at least they have a knack for seeing the flaw in a system and subsequently exploiting that flaw. The more checks and balances, the fewer weaknesses and the less potential for fraud.

One of the protests I get to my insistance on additional checks and balances is that they require more personnel or better credentialed employees who are able to juggle these additional responsibilities. That is, checks and balances cost more money and take more time and neither of those, CEOs and managers claim, are available in spades.

But I suppose they have time to figure out where their missing money is going and why – and the money to lose in the first place?

Spend the money preventing fraud rather than on fraud, I say.

It’s like preventative care in medicine. The reason that we’re seeing the rise of PAs, or Physicians’ Assistants, in the medical field is that many of them are being trained to focus on preventative care rather than solely on treating illness and disease. The thinking goes, rather than go to your doctor when you’re already sick and get treated with medications, surgeries and, God forbid, chemotherapy, go to someone regularly and long before you’re sick who can teach you how to take healthful actions that will keep you healthy.

The former is incredibly expensive and pops up in huge and unmanageably complex bursts (hence the need for insurance), and the latter, while a more regular expense – like a utility bill or, say, a paycheck – will drastically reduce the need for any of those huge and expensive encounters or at least catch them so soon that they are not nearly as costly, disruptive or deadly.

So, take the preventative care attitude towards fraud and set in place as many checks and balances as you can think of. It always pays to prevent fraud.

What checks and balances do you have in place?

20120325-171143.jpg

by

Fraud Prevention Tip: Change the Standard by Which You Check Your Transactions

My last tip concerned reviewing the payroll, but anybody running a business knows that’s far from the only expense that fraudsters can tamper with.

Many companies have expense reports. Sometimes they come from traveling consultants or a sales force. Other times they’re the domain of local managers who take associates and leads out for meals and entertainment. Whatever it is, expense reports get handed into the appropriate department, reviewed by the person in charge, checked off and paid out.

However, what I’ve seen is that for every salesman and consultant who has his expense reports checked, there is someone whose expense reports are getting glossed over: C-level and other senior employees.

There are rarely checks and balances on these people. Sometimes the CFO is even writing his own checks – and that’s a problem. All systems require checks and balances – a theme you’re about to see resurface again and again over the course of these coming posts – and when it’s assumed that senior managers’ and officers’ expenses don’t require review you’re going to run into problems.

The CFO at a manufacturing company in Suwannee, GA knew that the golden audit number for an automatically reviewed expense was $5,000. Thus, he was writing himself tens of thousands of dollars in expense-related checks, each in the mid $4,000 range.

The mistake the company made was that these checks took two signatures but the senior person who was acting as the co-signor on these checks wasn’t double checking what he was signing. We found $180,000 worth of recent fraud. Lord knows what had been buried for ages.

The reason I suspected this was happening is because the CFO dragged his feet about getting us some of the information we wanted during our review process. That raised my concern about other issues he was and wasn’t sharing with me.

When I go into a company that’s losing money I always look at the expense reports of senior people, and when these two issues crossed I easily discovered what was happening.

Make sure that any check co-signor or anyone whose job it is to sign off on checks and expense reports understands the seriousness of what he or she is doing and doesn’t make the action a perfunctory one. You want people in those positions who ask questions, are naturally suspicious and who are willing to bring larger issues straight to the CEO.

Change the standard by which you check your transactions.

Auditors set their own level of what kinds of transactions to review and at what number (in this case, $5,000). Though auditors will occasionally spot check below that number, make sure they’re regularly peeking at any transaction above 80% of that number (in this case $4,000). I’ve found that to be, more or less, the sweet spot of those committing this kind of fraud.

What level do your auditors automatically check? What will you have them do now?

20120325-162646.jpg

by

Fraud Prevention Tip: Always Have Someone Double Check the Payroll

There are a number of good payroll services out there that will handle all of your payroll needs. All you do is enter employee hours or salaries into the system and – poof! – everybody gets paid on Friday.

Many businesses opt not to engage a service like this; perhaps they don’t like the technological integration, perhaps they like to keep things in house, or maybe they just don’t know such services exist. Whatever the reason for not contracting out one’s payroll, if you do payroll in house, make sure someone is double checking the work.

And that brings me to Aunt Tess.

Aunt Tess was a payroll clerk I once had the pleasure of encountering. She’d been working at the same company doing the payroll for over 25 years, and everybody loved Aunt Tess. After all, that’s why they all called her Aunt Tess.

Well, I suspected something fishy was going on when Aunt Tess came into work the day after an appendectomy to do the payroll. There she was, just handing out pay checks as if 18 hours earlier she hadn’t been split open unconscious on an operating table.

Really, Aunt Tess? Not even a day of recuperation?

I inquired and learned that in 25 years Aunt Tess had not missed one single payroll day. Not one. Does that strike you as bizarrely as it struck me?

At a big company, no one knows all the hourly people’s names, and this was a fact that Aunt Tess had been methodically exploiting for a quarter of a century.

As it turned out, she’d created a handful of specious hourly employees, whose concocted existence allowed her to steal between $75,000 and $100,000 a year. She’d just hand out checks, hold on to her unknown friends’, and deposit them into bank accounts that she controlled.

It was both elaborate and simple. Considering the love for Aunt Tess both from management above and employees all around, everyone was quite shocked to learn of this betrayal, and their inclination to forgive her is something we’ll explore in future tips.

But for now, I’ll leave you with a reminder of this tip: Always Have Someone Else Double Check the Payroll. You never want just one person doing your payroll.

Do you have just one person doing your payroll? What kind of check will you put in place now? Let us know in the comments below or ask questions if you need some suggestions.

20120325-161504.jpg

by

Fraud Prevention Tip: Keep Your Security Room Locked

When I prepped you for this series on fraud, I mentioned that some of the tips were going to seem a little obvious. This opening tip should seem head-slappingly “duh,” but you’ll have to believe that the example is nonetheless true.

I was working on a company in Dallas where all the surveillance equipment was kept in one room. Logical, right? But delightfully for those interested in doing wrong by the company, this so-called surveillance room was kept unlocked all the time.

That may be fine in these days of digital data automatically uploaded to secure servers and kept for months, but this was back in the days of video cassettes – a time when the data was in one place at one time and easily destroyed.

As you can imagine, this place had a theft problem. And after people would steal something, he would walk right into the surveillance room, change the tape or erase it; and sometimes before committing a crime the thief would just stop the VCR for the duration of his crime.

So, my Fraud Tip:

Keep Your Security Room Locked.

Do not let this happen to you! Having security equipment is great, but you have to secure the security equipment.

Is your security room kept locked or unlocked? If you don’t know, please go check right now.

by

Fraud Prevention Tip: Leverage the Value of an Informal Fraud Policy

We’ve been talking about fraud, and last week I asked you to create a fraud policy if you didn’t already have one. Pardon me for assuming that you don’t already have one but experience tells me you don’t. What you may find that what you do have, though, is an informal fraud policy – and you may not even know it.

Though I insist that an official, stated, written and shared Fraud Policy is important, I will be happy knowing that you also have an informal fraud policy.

An informal fraud policy is one that is implied by your actions and the state of things around your business – like security – but that is not directly stated. An informal policy is also known as a psychological fraud policy.

The Circuitous Route

I once ran a retail chain out of Delaware. The shrinkage was 5 or 6%, and when the company was doing 100 million dollars a year in business, we weren’t talking about an insignificant number here. That was about 6 million dollars a year of stolen goods.

Before I got there, when a cashier or sales associate was caught stealing the manager would have that person quietly taken into the back, loaded into a police car and inconspicuously taken to jail. But this is not Victorian England, and we need not be so discreet.

When I started running this operation and I caught someone stealing, I had multiple police officers parade them through the store in hand cuffs in a circuitous route. The police car would be out front lights swirling and sirens blaring, and the perpetrator would have tears coming out of his or her eyes. I wanted everyone to see, from employees to customers to management.

The Effects of the Roundabout Way

That policy resulted in a reduction of shrinkage by 50% in the first month. Over the course of the year that translated into three million dollars saved because people became far more terrified of the embarrassing consequences of getting caught stealing. They knew that I would take real and serious action against them and prosecute them for stealing.

Another example of a psychological fraud policy is a warehouse at which I had a ton of merchandise walking out the back door. All I did was stick a camera right outside that door, drill a hole in the wall and feed a little wire through. That camera and wire didn’t even go anywhere! They weren’t hooked up, but just putting it there scared everyone enough to stop stealing. Shrink declined immediately and dramatically.

Those are examples of informal and psychological fraud policies. Neither is stated in words on a sign, but they are actions that are regularly being taken agains those who are stealing and committing fraud, and employees understand the consequences of those actions.

Do you have an informal or psychological fraud policy at your business? If so, what is it and if not, what sorts of measures could you put in place to have one?