Fraud Prevention Tip: Think About the Financial Impact of Rare Events on Your Business

The smoothest kind of scam – and one of the hardest to detect – is what I call an off-book transaction.

Just a For Instance

An off-book transaction most often happens because something rare occurs at your business. Let’s say, for instance and hopefully not, that there’s an extraordinary event like a fire or a theft, and you go to the insurance company claiming $25,000 in damages and loss.

All goes well (at least in this regard), and the check is sent.

The check could have been sent to any number of people’s desks, but as this is a particularly unusual event that involves insurance, the check is sent to the CFO’s desk. Now, the CFO takes the check and deposits it – not into the company’s normal account – but into an account at a different bank under your company’s name. There’s now $25,000 sitting in a bank account in your company’s name, but only the CFO knows its there to control and spend.

How can he get away with this?

These extraordinary non-recurring items are things that an auditor would never know missed the books. Nobody knows to look for what isn’t missing.

And this doesn’t just happen with insurance checks. Off-book fraud happens with rebates, SPIFs (Sale Performance Incentive Plans), or other money that is rare enough that accountants and auditors don’t know to check the books for it.

The Rebate Way

Consider the idea of a pre-purchased rebate. One large printing company I turned around used to buy a lot of paper. In fact, it bought millions of dollars in paper annually (millions is an understatement). So a new paper manufacturer comes along and says that if this printing company signs a contract with them that begins with a $100,000 paper purchase, the manufacturer will give a one million dollar signing bonus.

The details of this contract are only known by one person who also knows that the million dollars should be looked for in the books later. Since he’s the only one who knows and he accepts the check, he’s able to do exactly what the CFO mentioned above could do: deposit and control it. Auditors don’t know to look for it, so they never find it.

I caught this case because I felt compelled to review a contract that represented such a large percentage of expenditures, and I wanted to know more about the deal, but for every huge case that is inevitably caught there are ten other $10,000 deals that get missed.

If I’m around a company long enough for things happening on an annual cycle to recur then I’m more likely to catch these things, but if I’m not then it’s up to people at the top to alert the auditors (and more than one of them, mind you) to be on the lookout for rare, one time or merely annual occurrences that could be slipping the books.

The way I often catch off-book transactions is by noting what I’m told by staff must absolutely be done or absolutely not be done; I always investigate what must or must not happen to see if something unsavory is going on. A good bit of the time, it is.

A Smooth Insurance Scam

For instance, I had a controller who would intentionally overpay insurance premiums. He was writing, periodically, a check for $10,000 or even $20,000 more than he needed to be. When the auditors came in, they would see regular checks to the insurance company and not think a thing of it. At best, they would spot check that this company was owed money, and the short answer was always yes.

The insurance company would later send a refund check to the company and the controller overpaying those checks would deposit the refunds into a dummy account at a different bank under the business’s name. Guess who was the only person who knew about this account and spent from it. Yep, that very same controller.

People will take advantage of what they know will be out of site out of mind, so I encourage you to watch the unusual with your own eyes and always follow it from start to finish.

What kinds of unusual transactions occur in your business? Did you check up on them?


Fraud Prevention Tip: Match Your Purchase Orders Against Your Invoices Before Putting the Invoices in Your System

Let’s talk about Accounts Payable. We have a tendency to put certain processes on auto-pilot because it’s much easier that way, and accounts payable is one of those. It’s not because whoever is doing your payables isn’t paying attention – it’s because he or she is only one cog in the ordering wheel. She’s not counting incoming shipments and matching POs to packing slips at that point. She’s not the purchasing officer (in larger structures), so she’s just receiving and then paying invoices, which she likely presumes have already been accounted for. That’s not to say that there aren’t some processes in place to prevent this from being haphazard, but there is room for error and exploitation.

I recall a case in Jacksonville, Florida. The purchasing agent and the controller were working together on a little scheme. They worked for a company that was buying 100 railroad cars a month, each holding 20,000 gallons of oil. That’s 2 million gallons of oil annually, which is a pretty huge volume.

What the controller and purchasing agent figured out how to do was effectively double-invoice for one of these railroad cars filled with oil. They’d effectively divert a purchased car to one of their competitors willing to pay for a discounted car of oil. The company that ordered the car initially paid for the car in full when they received their invoice, and when this pair invoiced the competitor at a discounted rate, the competitor would split the cost of the invoice with them.

The people getting most ripped off in this case were not ones that the controller and purchasing agent worked for, but the companies they were unjustly invoicing.

This would have been caught much sooner had any of those companies been matching its delivery tickets and purchase orders before processing its invoices in its accounts payable system. Once an invoice is in the system it’s on auto-pilot, which is why you have to be sure that you’re checking all incoming shipments against purchase orders to make sure you’re paying for the right things.

That’s a good practice anyway, and most of the time you’re at worst just catching honest mistakes made by your vendors. Sometimes, though, you’ll find something like this and be really glad that you have a fraud control policy that entails checking purchase orders against incoming shipments and against invoices before putting them into your systems.

What’s your process for checking these things? Have you ever uncovered mistakes or worse?


Fraud Prevention Tip: Always Poke Around Your Books

When companies start the CEO or business owner is the one signing all of the checks. That’s just the nature of a start up and a small business.

But after a company grows and other people – CFO, controller, auditor, etc. – are put into the position of check signer, the CEO or a majority shareholder should double-check what’s getting paid.

Just look at a ledger, the checkbook or Quickbooks and see where money is going. Ask questions about that money. How often are we paying for X? What does company Y supply us with? Poke around the books and ask questions.

Silly Expenses

Even if you don’t find fraud, you’ll likely discover unnecessary expenses. I would say the latter is in fact more common in these cases. The reason is that people in Accounts Payable aren’t always informed when a piece of leased equipment is sold or returned or when the paper supplier wasn’t just changed but the first supplier was canceled. That’s because a lot of payables and other bills are just put on autopilot. They’re not checked every month or even every year.

I can’t count the number of times I’ve gone through a company’s expenses line by line, questioning everything with the CEO and the check-signer, and found thousands – if not tens or even hundreds of thousands – worth of expenses being paid that didn’t need to be paid. What a difference that makes to the bottom line of any business, much less one that hasn’t turned a profit in two years.

In one notable case, this routine check uncovered some major fraud.

Un-Silly Fraud

We discovered the fraud while doing a sort in an Excel spreadsheet on all of our vendors’ addresses; we were just trying to figure out freight costs and where we could save money. What we stumbled upon were two vendor companies: one in California and one in Indiana. Each was doing business with a stationary store in Chattanooga, which is where our home office was.

It would have made sense that there were vendors in California and Indiana to attend to our subsidiaries, but what didn’t make sense is that we were sending checks to these companies at a PO Box in Chattanooga – which, I reiterate, is where our headquarters was.

It turns out that the controller had created dummy vendors, theoretically for our subsidiaries in California and Indiana, and he was cutting checks to these dummy vendors for random amounts between $50 and $100 to a PO Box in Chattanooga. He would then go collect all of these checks and cash them in the name of these dummy vendors.

That’s a series of very small transactions that an auditor would never find even if he regularly dipped 20% below his “check everything” number. As a result, over the course of ten years this controller stole over a million dollars.

And again, we only discovered this because the CEO and I were poking around in the books trying to come up with useful ways of extracting unique, money-saving information. What hit us was something suspicious, and that’s why I always encourage you to look into the suspicious.

Slightly Silly Fraud

Another time I was working on a book store that had switched who it was banking with and who held its credit cards. But one of the credit cards wasn’t canceled – a Discover Card – and because it was so routine to pay off this Discover Card, the controllers just kept paying it. No one asked and no one thought about it. As it happens, the guy whose card it was just paid off his entire mortgage on the company (until I got there).

Just do a routine check through all of your transactions and payments. You’re bound to find some juicy things in there.

How often do you poke around your books?


If You Don’t Sweat the Small Stuff, It May Come Back to Haunt You

Do you remember that book, Don’t Sweat the Small Stuff: And Everything in Life is the Small Stuff?

I can appreciate the life philosophy, I really can, but let me tell you: in business, everything that’s small could become big if you don’t pay attention. If I have a cut on my finger and I ignore it and don’t put Neosporin and a Band-Aid on it, my finger could get infected and need amputating (gross). I’m not saying it’s common, but it could happen.

A leader, especially in hard times, needs to make sure he doesn’t overlook the small stuff.

Once, I was installed as CEO of a company, and I relied quite heavily on the CFO who’d been with the company a long time. I listened to his assumptions and projections. However, I never checked up on his assumptions or double checked the formulas in his spreadsheets. It just all seemed like little stuff.

Unfortunately, midway through the turnaround, the numbers headed south and the bankers got upset. As it turned out, the CFO knew about these mistakes and what was likely to happen.

Making mistakes is not a problem. Not admitting one’s mistakes and sharing this kind of knowledge with me is a problem. When I found out the CFO had known about these mistakes and never raised his hand, I fired him immediately. These were small things whose impact could have been mitigated a few months earlier, but at this point, I had to go crawling to the bank for an extra million dollars. Fortunately, they were pleased with my decision to fire the CFO.

The controller who had actually been prevented from checking the numbers earlier became the new CFO, and we emerged from bankruptcy.

As a CEO you have to rely on people, but you also have to trust your instincts, question assumptions and double check the world around you. It’s hard to rely on one person. I did so because it was the quickest way to move forward, but I learned from my mistake, and now I go through budgets line by line and question all assumptions, projections and spreadsheets. I take care of the small stuff (without sweating it) in order to keep it from turning into big stuff.

Many CEOs blindly listen to others without question because they need answers and they need them fast, but as a CEO it’s your job to ask twice and then thrice. Take care of your business by taking care of everything, big and small.

“If the Alligators are Biting, It’s Too Late to Drain the Swamp”

You may have heard this saying before:

“If the alligators are biting it’s too late to drain the swamp.”

Keep this in mind while running your business. Doing so can affect not only profitability but also your very survival.

Here are a few examples of when the alligators start biting:

1. Consider the sales manager who is not producing what you’ve come to expect from him; you notice a decline in sales and even a disruption to the team. He should either be refocused or fired. Now your revenue and profits are down. If he handled your largest accounts and the competition has now stolen them from your company, you’ve been bit by alligators.

2. Your CFO is constantly late with financial statements, and the bank is growing concerned. You then discover after months of frustration that he has personal problems that have affected his performance.  Now the bank is concerned about your ability to run your business. You’ve been bit by alligators.

3. The classic survival story involves fraud. Almost half – thats 50% – of our clients have encountered some kind of fraudulent situation. When the CFO/controller has been systematically stealing, the bank’s knee-jerk reaction can leave you scrambling to find another bank. That’s not so easy in this economic climate. You’ve been bit by alligators, and your company may be devoured.

The key here is to put safe guards in place with the assistance of your auditors. Don’t let the CFO set the testing limits above the limit he’s stealing. Let your auditors run the process. Also, as the CEO or key manager, you should periodically sign every check for a month that would normally be a “one signature” check handled by the CFO/Controller. This control is one great way to start draining the swamp.

How to Avoid Being Bitten by Alligators?

Be proactive instead of reactive. Drain the swamp before the alligators take up residence and start chomping.

As your company grows and you start delegating work, make sure that you keep yourself embedded in enough of the processes to have proper control. Don’t delegate and forget.

If you have auditing processes, don’t stick to limitations (e.g. we’ll look at all transactions over $5000). Mix things up and be unpredictable, so that no one can take advantage of your complacency or your routines.

Ask a lot of questions of your key people. Learn about your cash flow, your payables, and your company’s projections. Don’t believe what you’re told. Follow up on the details and have an auditor check out those projections. That’s prudent business practice.

I’m not suggesting that you don’t trust your CFO or that you don’t believe anyone. I’m just saying you need to question what’s happening and check up on things for yourself.

This may not be draining the swamp, but it is keeping the water level down. This is being proactive – not reactive – and it will always cost you less time and money.

Until next time, don’t get bit by the alligators.