Years ago, a CPA firm I worked for was conducting an annual audit of a local township. The audit partner had developed such a warm relationship with the elderly township treasurer, it was sort of like going to grandma's house for Sunday dinner.
When our firm discovered that this nice lady had been skimming the township's tax roll, a genuine feeling of disbelief overcame the audit staff.
How could someone so trustworthy do something like this?
We later learned that she and her husband had mounting medical bills that were not covered by insurance, and she was too ashamed to ask for help. Because she was in a position of trust and had unlimited access to township resources, it was all too easy for her to solve her financial problems herself.
Skimming of an organization's revenues is, by far, the most common method of asset misappropriation and is one of the easiest frauds to commit since it often requires little manipulation of the accounting records, especially if cash is skimmed.
Organizations such as retail stores and nonprofit organizations, which tend to transact a lot of business in cash, are particularly vulnerable. If a single employee has access to cash and the accounting records, and he or she works in an environment with weak internal controls, an open door to fraud is easily available. It can also be very difficult to detect the fraud, especially if the fraudster steals small amounts at a steady rate and covers what few tracks exist.
Most other asset misappropriations fall under the other main category of occupational fraud: stealing assets to which the employer already has access and of which the existence can be verified. If fraudsters desire to steal in this case they will need to work hard to cover their tracks, but the payoff can be substantial.
Occupational fraud can include the elimination of customer accounts, fictitious customer write-offs, check-for-cash substitution schemes and opening concealed bank accounts - using the company's name and Federal ID number - into which customer checks, made payable to the company, can be deposited.
One particularly clever fraud in recent years - involving accounts receivable - was the theft of approximately $1.6 million by Walt Pavlo, a former manager of billings and collections at MCI/WorldCom.
Pavlo and his friend, a non-MCI employee, set up a dummy company comprised of "European investors." After Mr. Pavlo, wearing his MCI hat, applied heavy pressure on certain delinquent corporate customers to pay their large balances owed to MCI, the associate would approach these same MCI corporate customers - "the target company" - to express his company's desire to invest in telecommunications companies like the target company. However, they wanted the large debt owed to MCI to be dealt with before meaningful conversations could continue. For a fee, the dummy company would work with MCI to get the receivable written off.
In a typical case, a $2 million dollar receivable would be written off by Mr. Pavlo while he and his associate would execute a promissory note between his dummy company and the target company for $250,000. Once auditors noticed the mysterious journal entries and started asking tough questions, the game was over. In January 2001 Mr. Pavlo received a 41-month sentence in Federal prison for wire fraud, money laundering and obstruction of justice.
Another very common fraud is phony vendor invoicing, which is almost always an inside job. If a company does not have proper mechanisms to control disbursements, it's very possible that a phony vendor (i.e. one of your accountants) may be submitting false invoices to the company, hoping management is too busy to notice. Perhaps the accountant knows there is no preapproved vendor list, or he or she is acutely aware of the poor segregation of duties within the company, and little to no oversight exists from another accountant or CPA firm.
Other common examples of asset misappropriation include cash larceny, fraudulent employee reimbursements, travel and entertainment expense abuses, ghost employees, payroll fraud, check tampering, use of "suspense" or "uncategorized" general ledger accounts, register disbursement schemes and noncash misappropriation schemes.
New Statements on Auditing Standards, or SAS, now require auditors, as part of an audit of financial statements, to make preliminary assessments of various risks that relate to the chance that fraud may exist within an organization, and tailor the audit programs based on these specific assessments.
While many in the financial community believe these new standards provide more assurance than ever, such assurance can never be absolute. In my next article, I will discuss what level of assurance an audit does provide that fraud does not exist as well as what other methods management can employ to help prevent and detect fraud within the organization.
This article was originally published in the Boulder County Business Report in July of 2008.