What If an Employer Writes Bad Payroll Checks

Document Sample
What If an Employer Writes Bad Payroll Checks Powered By Docstoc
					    Internal Investigations &
 Avoiding Investigation Pitfalls
                     Presented by

John H. Straub, CPA/CFF, CFE, CIA, CFFA
          Straub Forensic Consulting, LLC
       Forensic & Certified Public Accountants

Role of the Forensic Accountant
Fraud investigation risk
Fraud investigation process
Investigation case study
    Legal Elements of Fraud
 A material false statement or act
 made with knowledge it is false
 which is relied upon by victim
 who suffers damages as a result*

* Damages are not required for criminal
Why are few criminal complaints filed?

 Creates adverse publicity
 Investigations are expensive
 Can launch counter claims if prosecution
 is defective
 Offers opportunity for plea bargaining
 Raises burden of proof to ―beyond a
 reasonable doubt‖
 Disrupts pursuit of operational goals
               Civil vs. Criminal
– Prosecutor or grand jury determines if case will be
        Order of restitution
        Probation and or community service
– Plaintiff files lawsuit for recovery of losses
        Award damages
        Entry of an order or injunction for loser to engage in remedial
        Avoid future illegal acts
What is a forensic accountant?
Fraud investigations
Economic damages
Due diligence and M&A
Financial dispute resolution
Business valuations
Other non-traditional type engagements
         Types of Witnesses

Fact Witness

Expert Consultant

Expert Witness

Challenge Witness
    Expert Consultant Role
Authenticate altered or forged documents
Help retaining attorney w/discovery
Protect documents under ―work product
Ensure ―Expert Consultant‖ engagement
letter signed by retaining counsel
       Expert Witness Role
Ensure ―Expert Witness‖ engagement letter
signed by retaining counsel
Prepare Rule 26(a)2(b) report (Federal Courts)
Prepare and undergo opposing counsel’s
Analyze opposing expert’s report
Assist in Daubert Challenge if warranted
Analyze opposing expert’s testimony
Testify as expert witness—not advocate
―A man’s got to know his limitations.‖

                    Dirty Harry
                    (Magnum Force 1973)
         Are you qualified?
Operating within your expertise?
– Knowledge, skill, experience, training or
Are you independent?
Can you complete on time?
Can you provide testimony that is
     based on reliable and relevant facts
     the product of reliable principles and methods
     and apply principles & methods reliably to facts
 Will your testimony be allowed?
        ―RE: Methodology‖
Theory has been tested

Theory subject to peer review

Known or determinable error rate

General acceptance in scientific
      Daubert Challenge
Simple challenge—Judge ―Gatekeeper‖

Complicated challenge—Voir Dire
   Why challenge by opposing
Pushing for summary judgment
Perceives ―chink‖ in the armor
Expert’s testimony extremely critical to
Stalling for more time
    What if you fail the test?
Potential lawsuit by retaining attorney

Possible ―kiss of death‖ for forensic career

Judge may impose sanctions on attorney

Motion for Summary Judgment
  ―(Maverick)…you never, never
leave your wingman !!!‖

                    (Top Gun 1986)
   Other Pre-Trial Activities
Motions in limine
– Depositions
– Interrogatories
– Investigation analysis
     What is discoverable?
All facts must be disclosed
– Work Product Doctrine
    Forget if expert witness
Attorney-Client Privilege
    Between client and attorney
What is Subpoena ―Duces Tecum‖?
      Courtroom Activity
Opening statements
Direct examination
Summary statements
How do Deposition & Trial
  Testimony compare?
How should you communicate with
         jury or judge?
        Report Writing
Federal Rule of Civil Procedure
      Federal 26(a)2(b)
Statement of all opinions
Basis & reasons
Data considered and exhibits
Qualifications of expert witness
Listing of cases & publications
Signature by expert witness
  What should be on your CV?
  Do not provide a resume
  Possess only one current CV
  Be absolutely honest in all matters
  Eliminate inaccuracies
  Exclude unearned designations
  Do not exaggerate accomplishments

* Federal Rule 26 requires presentation of
  expert’s qualifications
       What if you mess up your
• Defamation
• Extortion
• False imprisonment / arrest
• Assault & battery
• Invasion of privacy
• Emotional distress
• Malicious prosecution
        Emotional Distress/Outrage
•    Plaintiff must prove defendant
    • Acted outrageously
        •   Intentional
        •   Reckless
    •    Highly offensive manner
    •    Probability of inflicting severe distress
•    Defenses/Prevention
    • Don’t gather immaterial personal information
    • Don’t threaten w/arrest
    • Don’t shout during interviews
    • Don’t make threatening gestures in interviews
               Malicious Prosecution
•       Investigation w/o probable cause & w/ malicious purpose
    •      Reckless disregard of the facts
    •      Specific ill-will directed at accused

•       Claim launched when proceedings go to favor of accused
    •      Not guilty verdict / charges dropped / probable cause defeated

•       Defenses & Avoidance
    •      Do not rush to sign criminal complaint
    •      Reasonably believe you have support for probable cause
    •      Do not press authorities to arrest suspect to make example
    •      Full disclosure by employer of all facts to authorities
    •      Investigate with due diligence
                Invasion of Privacy

•       Intrusion upon seclusion
    •    Review company policy on privacy issues
    •    Do not venture into areas of reasonable expectation
         of privacy
         •   Consider if employee has exclusive control
    •    Inception & scope of intrusion must be reasonable
         to investigation
    •    Search must be reasonably related in scope to
         Disclosure to Others

•   Is it necessary?
•   Is it for legitimate business purpose?
•   Will employee performance improve?
•   Do investigative facts support
•   Do benefits outweigh the risks?
    Ways to create a Pitfall
Accepting an engagement outside
Lying about qualifications
Performing as an advocate
Failing to screen retaining counsel or client
Allowing counsel to ―re-write‖ report
 Ways to create a Pitfall (cont.)

Not establishing ―Predication‖ (probable cause)
Failing to ―plan‖ the investigation
Not understanding fraud schemes
Designing inadequate investigative processes
Disrespecting the suspect
Wasting time on marginal/improbable theories
Ways to create a Pitfall (cont.)

Failing to maintain adequate workpapers
Accepting statements at face value
Not considering impact of internal
Not using technology to improve efficiency
& quality
– ACL, Time Map, Case Map, IDEA, Microsoft
  Project, etc.
Ways to create a Pitfall (cont.)

Rushing to judgment
Not interpreting results correctly
Not knowing when to end the investigation
Not lawfully executing the investigation
Launching info gathering prior to planning
Letting the client gain control
Ways to create a Pitfall (cont.)

Not requesting peer support when appropriate
Accepting too many cases at once—refer excess
Lacking capacity to accept the engagement
Failing to invest in training
Not managing client expectations
 – Making promises you can’t keep (ROI, time,
   cost, etc.)
 Ways to create a Pitfall (cont.)

Failing to verify data integrity
 – Selecting wrong data pop time periods
 – Analyzing reports instead of raw data
 – Not accounting for data totals
 – Not performing reliability/accuracy tests
 – Not checking for missing data
 – Misunderstanding data field definitions
 – Not gaining 3rd party input
Not applying systematic & sequential investigative
Ways to create a Pitfall (cont.)

Relying on false positives
 – Failing to seek independent verification
Missing CAATT opportunities
Failing to seek independent verification
Incorrectly deciphering data
Building incorrect logical relations
Disregarding legal aspects of data collection
          Video Clip # 1

The President & VP Human Resources
        Plan the Investigation
                   Goals (clip #1)
• Identify who is involved & why
  • Restricted investigation to suspect only

• Recover the $$$
  • Limited to only the locker

• Achieve greatest ROI
  • Did not even go there
• Discipline suspect
  • Sought to toss in jail & fire
               Objectives (clip #1)

•       Seek out accurate picture & scope
        of issue
    •    Did not address ―predication‖
    •    Did not plan to determine extent of fraud(s)
    •    Allowed anger/emotion to determine course
         of action
           Rushed to judgment & did not seek out truth
               Objectives (clip #1)
•       Gather relevant information
    •    Restricted investigation to locker search

    •    Failed to expand to other transactions in
         accounting system
    •    Failed to conduct witness interviews

    •    Did not consider investigation preparation
         in light of going to trial
                Objectives (clip #1)
•       Design process least disruptive
    •     Did not consider impact to staff—damage control

    •     Did not develop alternative plans
                Objectives (clip #1)
•       Ensure lawful execution
    •    Made no effort to check laws

    •    Malicious prosecution & invasion of privacy potential

         •   ―Make an example of him‖
         •   No apparent fraud policy in place
         •   Locker search--reasonable expectation of privacy?
         •   Called the suspect a ―criminal‖
                  Objectives (clip #1)
•       Provide fair & impartial execution
    •     Served role of Judge, jury & executioner

•       Include legal & experienced professionals
    •     Did not understand the investigation process
    •     Did not understand fraud schemes & extent
    •     Failed to obtain ―work product doctrine‖

•       Follow in-house rules on fraud investigation
    •     There were no rules
          Objectives (clip #1)

•   Do not appear to restrict suspect’s

    • Denied freedom of motion—False
    • Assault potential
 Video Clip # 2

The Interrogation
           Objectives (clip#2)
•   Follow steps sequentially &
    • Skipped witness/admin interviews
    • Failed to gather sufficient evidence
    • Did not validate evidence obtained
                 Objectives (clip#2)
•       Respect suspect
    •     Displayed hostility toward suspect
         •   ―Rubber hosed‖ w/coercive tactics
             –   Committed Extortion w/threats of prosecution
         •   Invited other counter claims

•       Follow up suspect’s explanations
    •     Disregarded reasonable alibi & explanations
         •   ―not his signature‖ & ―out of town‖ on that date
         •   Strengthens argument for claims-defamation, emotional
             distress, malicious prosecution & wrongful discharge
               Objectives (clip#2)

•       Get more than just a confession
    •     Warning--Suspects frequently lie about theft $ amt

•       Restrict dissemination of information
    •     Informed peers suspect had committed fraudulent
         • Defamation--potential (reputation)
         • Invasion of privacy-false light (emotional
Presume the case/investigation will
go to trial…

even though most civil cases don’t
make it past depositions…if that far.
Internal Auditor Fraud Responsibility
    (Practice Advisory 1210.A2-2)
To provide independent appraisal,
examination & evaluation to management
Exercise ―due professional care‖
– Possess sufficient knowledge of fraud
    No expectation for being a fraud expert
– Be alert to opportunities for fraud
– Evaluate need for additional investigation
– Notify appropriate authorities
Auditor Risk Assessment Responsibility
             under GAAS
 Auditors gain understanding of organization,
 environment & assess risk of material
 misstatement of financial statements
 Focus on areas of F/Ss w/greatest risk of
 material misstatement
 Generate appropriate audit procedures w/risks
 Provide less extensive procedures in areas of
 lower risk
External Auditor Responsibilities (GAAS) (cont.)

SAS 99 Consideration of Fraud in Financial Statement

SAS 104-111 Risk Assessment Standards

 – SAS 104 – Amendment to SAS 1

 – SAS 105 – Amendment to SAS 95

 – SAS 106 – Audit Evidence

 – SAS 107 – Audit Risk & Materiality in Conducting an Audit
External Auditor Responsibilities (GAAS) (cont.)

SAS 104-111 Risk Assessment Standards

 – SAS 108 – Planning & Supervision

 – SAS 109 – Understanding the Entity and Its Environment &
   Assessing the Risks of Material Misstatement

 – SAS 110 – Performing Audit Procedures in Response to
   Assessed Risks & Evaluating the Audit Evidence Obtained

 – SAS 111 – Amendment to Statement on Auditing Standards 39,
   Audit Sampling
External Auditor Responsibilities (cont.)

 SAS 104-111 Technical Practice Aids

 – 8200.16 – Examining Journal Entries

 – 8200.15 – Indentifying Significant Deficiencies

 – 8200.14 – Suggesting Improvements in I/C

 – 8200.13 – Documenting Internal Control

 – 8200.12 – Use of Walkthroughs

 – 8200.11 – Ineffective Controls
External Auditor Responsibilities (cont.)
 SAS 104-111 Technical Practice Aids

  – 8200.10 – Defaulting to Maximum Control Risk

  – 8200.09 – Assessing Inherent Risk

  – 8200.08 – Obtaining an Understanding of the Control

  – 8200.07 – Considering a Substantive Audit Strategy

  – 8200.06 – The Meaning of Expectation of the Operating
    Effectiveness of Controls

  – 8200.06 – Testing the Operating Effectiveness of Internal

TIMING--Reactive          Scheduled

FOCUS--Evidence      Compliance & Improvement

SAMPLING--Infrequent      Commonly used

LITIGATION—Pivotal        Rarely considered
    Investigation Characteristics

Unique             Outcomes depend on   Abandon “black
                   many variables       & white” thinking
                   Detection methods    Investigator
                   depend on the        Attributes:
Fluid/evolving &   situation
complex                                 •Trained

Objective driven   Time consuming       •Impartial
Process oriented   Expensive
What are the limitations of Internal Controls?

 Personnel may not be educated in controls
 Controls can be defeated by collusion
 Management can override controls
 Culture of the company can lessen
 Costs of controls can be prohibitive
 Controls can be ―too tight‖ demoralizing
    What is a fraud policy?
Definitions or statements of
– A fraud event & probable cause
– Management responsibilities
– Fraud team selection depending on situation
– Budget considerations & ROI (recovery)
– Communication & confidentiality processes
– Legal protections for suspect
– Punishment guidelines
How are schemes related?



      Conflicts         Mischaracterized
          of               Expenses
How are Schemes & Symptoms related?


         Expenses                       Schemes

              Duplicate           Fictitious
              Payments            Expenses
How are Schemes & Symptoms related


        Expenses                      Schemes
                       Unusual Ck

             Duplicate          Fictitious
             Payments           Expenses
Where can Fraud Occur?

             Sales &

Reporting                 Payment

Payroll &                Capital Acq
Personnel                & Repayment

   What is the Relative Complexity of

Check Register
Expense Reimbursement
Check Tampering
Financial Statement
   How do employees commit
     occupational fraud?

Scheme = Steal + Conceal + Convert

                                                     Red Flags
Red Flags
                       Red Flags

            Fraud Audit/Investigation is triggered
   Concealment Strategies
Creating false documents
Altering documents
Destroying documents
Engaging in collusive activity
Exercising management override
Burying transactions in
Creating complex transactions
Creating bogus vendors
     Conversion Strategies
Check endorsement
– Forgery & double endorsement
Unauthorized wire transfer
Unauthorized credit card use
Checks issued to shell companies
Checks issued for bogus purposes
Checks deposited to dormant bank
        Types of Red Flags
            ―The Trail‖
Missing pieces
Pieces that don’t make logical sense
Anomalous data that shows up as a trend
Restrictive elements
Unclear or vague pieces
     Fictitious Revenues ―Red Flags‖

Rapid growth compared to similar industry
Unusual profitability
Unusual growth in # of days sales in receivables
Significant transactions w/related parties
Complex/unusual JEs at year end
Cash flows inadequate in light of sales recorded
     Timing Differences ―Red Flags‖

Unusual decline in # days purchases in A/P
Rapid growth compared to similar industry
Unusual profitability
Unusual growth in # of days sales in receivables
Significant transactions w/related parties
Complex/unusual JEs at year end
Cash flows inadequate in light of sales recorded
    Concealed Liabilities ―Red Flags‖

Significant estimates of expenses or liabilities
are difficult to corroborate
CEO appears to have obsession with selecting
accounting principles applied to F/S
Relative to industry A/P appears to be
Allowances & other reserves are out of whack
with industry
    Improper Disclosure ―Red Flags‖

Ineffective board of directors
Dominating management
Ineffective communication
Low values displayed by management
Significant & unusually complex JEs
History of violations incurred w/regulators
Significant related party transactions
    Improper Asset Valuation ―Red Flags‖

Unusual change in fixed assets & depreciation
Rapid growth compared to similar industry
Unusual profitability
Non-financial management’s obsession over
accounting principles applied
Addition of assets while competitors are
reducing capital assets
  Transactional Anomalies ―Red Flags‖

Missing documents
Excessive or unexplained voids or credits
Duplicate payments
Altered documents
Increased past due accounts receivable
Complex journal entries
Shipments to parties not approved for credit
Securities held by unusual parties
Increased purchases of inventories
Increased write-offs of accounts receivable
         Critical Questions
What are the symptoms identified?
Who could commit a fraud?
Where are the opportunities / greatest risk for
What schemes could be launched based on
symptoms and risk?
What are the best detection methods?
Can the evidence be linked to the suspect?
What are ways to verify evidence?
                  Investigation Process

                                 FACT FINDING

                                                              ID data sources,
                                                            request & verify data,
Determine access to
                      Link I/C weakness    Develop fraud           and use
  assets, identify
                         & symptoms         most likely          appropriate
   symptoms &
                         to potential     scheme theories    detection methods
     assess I/C
                           schemes                             to test & verify

Manage client expectations

– Know your potential client
– Establish estimated Timing & cost
– Agree on Scope of the engagement
– Criminal/Civil & ―At will employees‖ options
– Standard of proof
– Potential for recoveries
                                        Recoveries --Occupational Fraud



  Freq of recoveries


                       20.00%                                                             Series1




                                  0%    1 - 25%   26 - 50%   51 - 75%   76 - 99%   100%
                                            Percent of losses recovered

                       Example:   37% of the cases reported “ZERO” dollars recovered.
Source: 2006 ACFE Report to the Nation

Manage client expectations (cont.)

– Describe complex nature of fraud schemes
– Explain investigation process/steps
– Consider prosecutor’s thresholds
– Impact of ―plea bargaining‖
– Consequences of not following the processes

Manage client expectations (cont.)
– Create written engagement contract
   Work product description--SCOPE
   Cooperation & assistance requirements
   Payment: retainer, late pmt provisions, etc
    – ―No good turn shall go unpunished.‖
   Use of estimates
   Escape clauses & termination of services

Manage client expectations (cont.)
– Create written engagement contract
   Dispute resolution
   Limitation of services/disclaimers
   Retention of documents
   Avoidance of conflicts of interest

Follow appropriate goals & objectives

– Goals: Identify suspects, achieve ROI, discipline
– Objectives (examples)
     Locate appropriate investigation team & resources
     Locate ―core‖ or most likely fraud scheme & pursue
     Gather all relevant info
     Provide fair & impartial execution
     Design least disruptive investigative methods
     Execute lawful investigation
          Fact Finding

Build knowledge & skill in appropriate
types of data gathering methods &
detection tools
Fact Finding—What is Evidence?

Evidence=Information that can prove or
disprove an assertion or fact

 – Indirect/circumstantial—evidence that proves a fact
   by means of inference (reasoning)

 – Direct—shows the existence of a fact w/o including
   any additional proof/fact

 – Incontrovertible—evidence so conclusive there can be
   no other truth
Fact Finding--How do you obtain



Fact Finding--Rules of Evidence
 Testimony by experts—702
 Basis of opinion by experts—703
 Opinion on ultimate issue—704
 Disclosure of facts or data—705
 Definition of relevant evidence—401
 Relevant evidence admissible—402
 Exclusion of evidence—403
Fact Finding--Hearsay Exceptions (most
Party admits to accuracy of statements
Business records
Prior consistent or inconsistent statement
Past recollection recorded (eg. Police
Spontaneous statement (―blurts out‖)
Dying statement
   Fact Finding—How do you
      preserve evidence?
Use document protectors
Do not alter documents or destroy
Number copies (Bates/Rogers stamp)
Establish chain of custody
Retain originals
Work with copies of originals
Lock in safe location
Use evidence logs/ledgers
Fact Finding--What evidence is
Legally obtained, preserved & handled
Materially contribute
 Fact Finding--What evidence is
Originals are primary
Copies secondary but acceptable when
– Originals destroyed or considered unavailable
Must be authenticated by
– Witness with personal knowledge
– ID of signature
No authentication required for admission if
– Public records
– Official government documents
– Notarized documents
Fact Finding “Detection Tools”

Interactions between operational functions
Common sized financial statements (vertical
Horizontal analysis (YR to YR)
Budgetary comparison & I/C compliance
Comparisons to similar sized industry
Ratio analyses
Fact Finding “Detection Tools”
        Ratio Analysis
Current ratio—billing & concealment of
Receivable turnover—fictitious sales
Collection ratio—fictitious A/R, larceny,
Inventory turnover—larceny (purchasing,
receiving, fake sales & shipping schemes)
Average # of days inventory in stock—larceny
Profit margin—fictitious sales, disbursement
  Fact Finding “Detection Tools”
      Investigative Software

CAATTs/Data mining/analysis process—ACL
 – Verify data integrity
 – Profile data
 – Isolate data
 – Reorder tables
 – Combine tables
   Fact Finding “Detection Tools”
        Verify Data Integrity

Examine table layout (data types & def.)
Check that all records are present (bounds)
Perform tests for errors (reliability) (ACL)
     Verify, Count, Total, Statistics, Gaps &
     Computed fields
     Other functions
Fact Finding “Detection Tools”
         Profile Data

Profile data to identify trends & anomalies (ACL)
–Benford Analysis
Fact Finding “Detection Tools”
         Isolate Data

Isolate the relevant data (ACL)
–Functions (86)
Fact Finding “Detection Tools”
       Combine Tables

Pool data from different tables as if single table

Fact Finding “Detection Tools”
        Reorder Tables

Clarify data meaning & prepare for subsequent
commands (ACL)
–Quick sort
What is a fraud risk assessment?
 Proactive ―Termite‖ inspection vs. reactive
 Fraud cost management (fraud risk tolerance)
 Process to determine
 – Where opportunities exist (I/C weaknesses)
 – What likely schemes could be launched
 – The potential $$ severity & greatest areas of risk for
 – How fraud could be concealed & assets converted
 – Who could potentially commit fraud
 – Best practices to detect most likely fraud scheme
 Part of the Anti-Fraud program
Chuck’s Responsibilities


       Human                                  Employee
      Resources                                Reimb

                                                  AR, Billing &
 Bookkeeping                                       Collections

Accounts Receivable Duties

                   Mail Receipts

  Writes Off A/R
                                   Deposit Ticket


    Compares                         Deposits
    To Budget                        Receipts

Accounts Payable Duties


                Accounts      Approved
                 Payable/      Vendor
              Disbursements     List

               Checks &
  Payroll Duties


                               W/H &
Time Sheets


   Posts                    Writes & Signs
Transactions                   Checks

                Sets up
Employee Reimbursement Duties

      Analyzes &
                     Employee       Writes & Signs
                   Reimbursement       Checks

                   Sends Payments
Treasury Function
                         Bank Stmts

Receives Bank                                    Manages
 Statements                                      Cashflow


        Signs Checks &                Invests Excess
         Makes Wires                      Cash
Bookkeeping Duties

 Approves     Bookkeeping       Post
Adjustments    Function     Disbursements

Any opportunities for fraud in A/R?

                       Mail Receipts

      Writes Off A/R
                                       Deposit Ticket


        Compares                         Deposits
        To Budget                        Receipts

What are some opportunities in AR (cont.)?

                             Open access to mail
                             No oversight / supervision
                             Unexpected receipts
                             Created deposit tickets
                             Made deposits at bank
                             Posted transactions to books
                             Reconciled bank statements
                             Generated journal entries
What AR schemes could be launched?

                        Mail Receipts

       Writes Off A/R
                                        Deposit Ticket


         Compares                         Deposits
         To Budget                        Receipts

Skimming-Theft of Incoming Checks
Objective: Intercept checks prior to posting to books

Steal (options)
 –   Fraudster intercepts incoming checks

Conceal (options)
 –   Unexpected checks (prime targets- refunds, referral fees, etc.) are not recorded on books *
 –   Regular sales are not recorded on books *
 –   Creates separate bank a/c in employer’s name
 –   Creates separate deposit slip & fails to record on books
 –   Destroys remittance advice & other documents

Convert (options)
 –   Deposits in dormant bank a/c of company or newly created account and withdraws by ATM,
     check or wire transfer
 –   Endorses owner’s or own name if authorized or forges signature (check tampering)
 –   Dual endorses check (check tampering if unauthorized)
 –   Alters payee on check (check tampering)
     Skimming-AR Write Off Schemes
Objective: Write off AR and collect off books

 –   Fraudster intercepts incoming checks
 –   AR declared uncollectible by fraudster *
 –   AR is taken off books *
 –   Bad debt is not turned over to collections *
 –   Creates separate bank a/c in employer’s name
 –   Creates separate deposit slip & fails to record on books
 –   Destroys remittance advice & other documents

Convert (options)
 –   Deposits in dormant bank a/c of company or newly created account and withdraws by ATM,
     check or wire transfer
 –   Endorses owner’s or own name if authorized or forges signature (check tampering)
 –   Dual endorses check (check tampering if unauthorized)
 –   Alters payee on check (check tampering)
         Skimming-Lapping Accounts
Objective: Intercept payments to AR and cover with other AR payments

 –   Fraudster intercepts incoming checks

Conceal (options)
 –   Covers payment on AR with payment from another AR customer (and so on and so on) *
 –   Creates separate bank a/c in employer’s name
 –   Creates separate deposit slip & fails to record on books
 –   Destroys remittance advice & other documents

Convert (options)
 –   Deposits in dormant bank a/c of company or newly created account and withdraws by ATM,
     check or wire transfer
 –   Endorses owner’s or own name if authorized or forges signature (check tampering)
 –   Dual endorses check (check tampering if unauthorized)
 –   Alters payee on check (check tampering)
What AR scheme has greatest $$ risk?
                    Incoming   Write-
Risk/Difficulty        Mail     Off     Lapping

Stealing               5         5         5
Concealing             4         2         0
Converting             5         5         5
Duration               4         2         0
Dollar Payoff          3         2         1

Gross Score            21       16        11
Skill & Situation
   Adjustment         (2)        0         0
Net Score              19       16        11
Sales appear good but cash is down
Sales are down but so is inventory
Physical inventory count does not match
Bookkeeper has an overly active interest
in sorting incoming mail
Bookkeeper’s lifestyle appears > means
Bookkeeper refuses to take an extended
Symptoms-Skimming (cont.)
Return of goods by customer shows no
sale was recorded—documents missing
Customer or bank discovers check payee
or endorsement was tampered
Customer complaints regarding account
Account statements are altered
Unsupported journal entries are
Focus in areas where symptoms can be found
Scrutinize complex journal entries
Compare lists of write-off AR to list held by collection
Perform ratio analyses
–   Collection ratio
–   Inventory turnover
–   Average # days inventory in stock
–   Profit margin
Make budget comparisons
Analyze A/R for increases and aging
Analyze complaints from customers
Require mandatory vacations of employees
Rotate job responsibilities
Segregate mail sorting, billing, collections, deposits,
check signing and authorization to write off AR from
Use restrictive endorsements on checks
Work with bank to isolate dual endorsed checks and not
cash checks written to order of company
Require more than one individual to review bank
Segregate customer complaint function from AR function
Any opportunities in A/P?


             Accounts      Approved
              Payable/      Vendor
           Disbursements     List

            Checks &
What are some opportunities in A/P? (cont.)

                             No approved vendor list
                             Access to incoming mail
                             Approved invoices
                             Wrote & signed checks
                             Mailed payments
                             No oversight
                             Posted transactions to books
                             Reconciled bank statements
What A/P schemes could be launched?


                   Accounts      Approved
                    Payable/      Vendor
                 Disbursements     List

                  Checks &
      Billing Scheme-Shell Company
Objective: Gain payment of bogus invoice through fictitious company

Steal (options)
 – Submits invoice to gain payment on goods/services that are
         Inflated in price
         Inferior in quality
Conceal (options)
 –   Creates fictitious company
 –   Creates bank account in name of fictitious company
 –   Creates bogus invoice & supporting documentation & mailing address
 –   Self-approves the invoice and check is issued
 –   Forges documents to gain approval/payment
 –   Acquires accomplice at any stage (collusion)
Convert (options)
 – Endorses check in name of fictitious company
 – Accesses funds through ATM or wire transfers
      Billing Scheme-Pay & Return
Objective: Intercept overpayment to legitimate vendor when returned
Steal (options)
– Requests check or 2nd check to be returned
– Requests overpayment on one check to be returned
– Intercepts returned checks
Conceal (options)
– Mishandles payment of legitimate vendor invoice
      Issues 2 checks (double pays) to vendor
      Inflates payment of invoice
Convert (options)
– Dual endorses or forge endorsement (check tampering)
– Alters payee (check tampering)
– Creates bank a/c using fictitious company name similar to
  employer’s company name (shell company/check tampering)
 Billing Scheme-Personal Purchase
Objective: Gain payment of invoice from legitimate
vendor for personal use goods/services

– Goods/services intercepted by fraudster
Conceal (options)
–   Creates bogus purchase order (forgery)
–   Approves purchase order (forgery)
–   Alters shipping information (forgery)
–   Acquires an accomplice (collusion)
– Keeps or returns goods for cash
   What A/P scheme has greatest $$ risk?
Risk/Difficulty   Shell Company   Pay & Return    Purchase

Stealing               5               4            2
Concealing             4               3            2
Converting             3               1            2
Duration               3               1            2
Dollar Payoff          5               2            3

Gross Score            20             11           11
Skill &
   Adjustment          (3)             0            0
Net Score              17             11           11
      Symptoms-Billing Schemes
Poor quality of goods or services
Price higher than usual or customary
Ordered goods or services never received
Calls to company are collected via voice mail
Quantity of goods or services abnormally high
Duplicate payments
Unusual endorsements on checks
Unusual vendor names or addresses
Unexplained variances in standard costs
Missing cancelled checks or out of sequence checks
Out of sequence purchase orders
     Detection-Billing Schemes

Review vendors & goods/services for
– Appropriate listing on approved vendor list
– Similar vendor names, but different addresses
  for invoice payment
– Addresses that match employees’
– Types of purchases
– Quality of goods/services
– Unusual unit prices & volume
– Relationships with employees
 Detection-Billing Schemes (cont.)

Account for all required documents &
– Track down explanations of missing receiving reports
– Compare receiving reports to POs, invoices and
– Reconcile vendor statements to recorded liabilities
– Perform periodic physical inventory counts to books
– Review for duplicate payment on invoices
– Compare purchase orders to receiving reports
– Review shipping documents for delivery location
 Detection-Billing Schemes (cont.)

Review for signs of check & purchase
order and receiving report tampering
Review for unusual coding of purchases
Review bank statements for unusual ATM
activity, wire transfers & other
Review credit cards for unusual purchases
and online payment activity
     Prevention-Billing Schemes

Maintain approved vendor list
– Perform due diligence on new vendors
– Adopt procedures for removal of vendors
– Segregate vendor list responsibility from purchasing
Segregate purchasing duties from authorization,
purchasing, receiving, shipping and accounting
Confirm that old or dormant bank accounts are
Prevention-Billing Schemes (cont.)

Compare and analyze purchases &
inventory levels
Secure blank and voided purchase orders
and account for sequence
Verify the validity of invoices with a PO
Box address
Scrutinize journal entries regarding
Check Tampering

                   Authorized Maker

                    Forged Maker

                  Concealed Checks

                    Altered Payee

                  Forged Endorsement
Check Tampering-Concealed Checks
Objective: Gain signature of bogus check in stack of legitimate checks
Steal (options)
 –   Steals blank checks
 –   Pressures subordinates with management override
 –   Uses counterfeit checks
Conceal (options)
 –   Slips bogus check into stack for authorized signer to process signature *
 –   Creates counterfeit checks
 –   Creates a shell company & writes checks to company
 –   Creates payee of choice (self or others)
 –   Writes checks to vendors for personal goods or services instead of for cash
 –   Creates bogus support (not effective if check written to self or other employee)
 –   Falsifies or changes payee on the check register if check written to different payee to conceal
     trail (QBs)
 –   Forces bank reconciliation & creates bogus JE to miscode & disguise transaction
 –   Acquires accomplice at any stage
Convert (options)
 –   Endorses check (if self or authorized maker of the shell company)
 –   Forges endorsement
 –   Dual endorses check
     Check Tampering-Altered Payee
Objective: Intercept issued check & change payee to desired payee
Steal (options)
 –   Intercepts issued check—returned or rerouted
 –   Pressures subordinates with management override
Conceal (options)
 –   Scratches out payee and substitutes payee name & changes ck register *
 –   Tacks additional information on payee name to create payee of choice *
 –   Uses erasable ink and makes changes to payee of choice *
 –   Alters checks payable to vendors for personal goods or services instead of for cash
 –   Creates a shell company & alters payee to shell company name
 –   Falsifies payee on check register or changes after ck altered (eg. Quickbooks)
 –   Destroys 2nd request for payment from vendors & issues another check to vendor by entering
     altered invoice to avoid detection by vendor complaints (duplicate payment)
 –   Creates bogus support (not effective if payee is self or other employee)
 –   Forces bank reconciliation & creates bogus JE to miscode & disguise transaction
 –   Acquires accomplice at any stage
Convert (options)
 –   Endorses check (if payee is self or authorized maker of shell company)
 –   Dual endorses check
 –   Forges endorsement
           Check Tampering-Forged
Objective: Intercept issued check & forge endorsement to convert to
personal use

Steal (options)
 – Intercepts issued check—returned or rerouted
 – Pressures subordinates with management override
Conceal (options)
 – Creates a shell company (similar name of payee) for deposit of forged
   endorsement checks *
 – Destroys 2nd request for payment from vendors & issues another check to vendor
   by entering altered invoice to avoid detection by vendor complaints (runs
   duplicate payment through AP)
 – Forces bank reconciliation & creates bogus JE to miscode & disguise transaction
 – Acquires accomplice at any stage
Convert (options)
 – Forges endorsement of authorized signatory *
     Symptoms-Check Tampering
Unusual payees or addresses
Cash advances w/o adequate support
Altered endorsements or dual endorsements
Missing checks—voided & blank
Altered payees or other signs on canceled checks
Duplicate check #s or counterfeit checks
Questionable deposit dates
Customer complaints regarding accuracy of their
Obvious forgeries on canceled checks
    Detection-Check Tampering (Bank
         Reconciliation Review)
Check accuracy of math calculation
Examine statement for alterations
Compare balance of reconciliation to books/general
Compare canceled checks for proper payee, amounts
and dates to check register
Examine canceled checks for unusual endorsement
Account for voided & blank checks
Look for gaps in check sequences & locate gaps
Sample supporting documentation of checks written for a
material amount
Prevention-Check Tampering-(cont.)

Purchase checks from reliable vendor
Destroy/shred unused checks from closed
Maintain security around check printer
Require passwords for check printing,
accounting & payroll systems
Use multiple check security features-multi-
chemical reactive paper, thermo-chromatic ink &
warning bands
Make electronic payments when possible & use
dual controls
Prevention-Check Tampering-(cont.)

Use repetitive wire templates
Use ACH debit Block
Use safe-hiring practices
Use approved vendor lists
Mail signed checks immediately
Report lost checks immediately
Secure blank checks and canceled checks
Prevention-Check Tampering (cont.)

Restrict ck signer’s access to records, receipts &
bank reconciliations
Segregate disbursement from bank
Limit # of check signers
Use pre-numbered purchase orders & secure
Limit dollars available in checking A/Cs
Keep check stock, cancelled checks, & check
order forms under lock & key
Use pre-numbered receiving reports & secure
Prevention-Check Tampering-Using Bank
           Assisted Controls

Work w/banks to establish maximum check
disbursement amounts
Utilize ZBAs
Use positive pay banking controls
Use reverse positive pay banking controls
Utilize electronic payment systems for large
vendor & financing payments-eliminate paper
where possible
Use lock boxes
Monitor account activity daily, if possible
What Ck Tampering Scheme has greatest $$ risk?
                     Forged    Concealed   Altered    Forged
Risk/Difficulty      Maker       Checks    Payee     Endorsement

Stealing              5            5         4          4
Concealing            4            5         2          2
Converting            4            4         4          2
Duration              4            4         3          2
Dollar Payoff         5            2         2          2

Gross Score          22           20         15         12
Skill &
   Adjustment         0            0         0          (1)
Net Score            22           20         15         11
      Federal Fraud Laws
Mail fraud
Wire fraud
Racketeer Influenced and Corrupt
Organizations (RICO)
False claims & statements
Identity theft and assumption deterrence
Fraud and related activity in connection
with computers
            Fraud Case Study

1)   Please read case study before class
2)   Please bring writing materials to assist in
     analyzing case

Shared By:
Description: What If an Employer Writes Bad Payroll Checks document sample