In the first installment, we examined several ways that an employee could steal through the cash receipts process. We established that two components of the fraud triangle, pressure and rationalization, are almost impossible for an organization to mitigate because the situations that influence these components occur outside of the workplace. We noted that behind every fraud opportunity is a weak or non-existent control derived from excessive trust. Trust is necessary for all organizations to function efficiently, however, too much trust creates a relaxed control environment, which can be easily violated. There is no perfect solution to fraud, however organizations can proactively mitigate occurrence by establishing strong controls to address the final component of the Fraud Triangle: Opportunity.
In this edition, we will review internal procedures, identify the fraud opportunities, and consider some defenses against those fraud opportunities, specific to cash disbursements.
The Scenario: Mr. Liability has been the office manager and accountant for many years.
He handles all things financial including the entire payables function from invoicing to final payment.
Mr. Liability checks the mail and receives all electronic vendor invoices to his business email account. He matches the Invoices to the original purchase order and immediately entered into the accounting system.
Purchased goods are received into the warehouse building. If the vendor is new, Mr. Liability simply adds the vendor to the accounting software via the vendor list at the time of purchase. The vendor list continues to grow and includes many vendors that are no longer used.
Ms. Warehouse Manager provides Mr. Liability with an inventory tracking spreadsheet of the items received into the warehouse each month. Mr. Liability reconciles the spreadsheet to the vendor invoices and purchase orders he already entered into the accounting system before reconciling the bank account. Differences between the invoice and spreadsheet are communicated to Ms. Warehouse Manager, who personally verifies the items are in the warehouse.
Any other purchasing discrepancies are addressed by Mr. Liability, who contacts the vendors.
Mr. Liability, as a check signer, handles vendor payments every Friday using digital checks through the accounting system. Mr. Liability maintains a separate check stock in case of emergencies such as issues with the accounting system.
Mr. Liability reviews the status of the three largest vendors in his weekly meeting with the owner as the owner’s availability to review accounting information is limited.
Fraud Opportunities: The scenario above describes an environment ripe with fraud opportunities. Here is a basic breakdown:
Trust [with no verify] is an underlying factor in all internal fraud schemes. The longer an employee has worked at an organization, the greater the level of trust. Greater trust yields greater responsibility and control over financial dealings with minimal oversight. This environment sets the stage for fraud to occur.
Mr. Liability, as the only person performing the accounting function, has free reign over the Organization’s financial transactions. The owner rarely checks behind Mr. Liability because i) he handles all of those annoying accounting issues ii) works long hours every day with minimal time off, and iii) takes complete ownership of the organization’s finances so the owner can rest easy.
Ms. Warehouse Manager, who has also been with the organization for many years, has strong relationships with the warehouse employees. The owner appreciates her strong leadership skills and her efficiency which directly contribute to the organization's profits each year.
Mr. Liability, the trustworthy accountant, has full control over the purchasing process and the accounting system with limited oversight. He could easily:
make duplicate payments to current or inactive vendors and re-route payment to himself.
create fake vendors mimicking real ones OR use real vendors never removed from the approved vendor list. He could easily make fake purchases from those vendors to steal money from the organization.
purchase items from a ‘special’ vendor at inflated prices in exchange for vendor kickback payments [essentially bribes].
write a check to himself at any time using the emergency check stock.
hide any of these transactions using journal entries or other techniques to move the expenses into unmonitored or ambiguous accounts.
NOTE: A common technique to hide fraudulent activity is to book transactions to miscellaneous or consulting expense accounts. These are known as ‘soft expenses’ because they can be difficult to monitor and easy to justify.
Spreadsheet/document manipulation: without proper oversight, paper documents or spreadsheets can be easily manipulated. Examples are:
Ms. warehouse manager could easily steal inventory with or without Mr. Liability’s knowledge by manipulating the inventory tracking spreadsheet. Since all discrepancies identified by Mr. Liability are validated solely by Ms. warehouse manager, she could easily fabricate data either by altering the spreadsheet to match Mr. Liability’s documentation or 'addressing' any discrepancies herself without validation. She could then steal the inventory to keep for herself or resell.
Mr. Liability could steal inventory from the Organization by over-ordering items from a vendor, convincing Ms. warehouse manager that an error occurred on his end, booking an adjustment to cover his tracks, and steal the excess inventory.
Either person could manually manipulate numbers on a purchase order, sales receipt, or, with certain software, print a replacement document with different terms or contact information to steal inventory, money, or both from the organization.
Recommendations: Even with strong internal policies and controls, organizations should always have a “trust but verify” attitude, even with long-time, trustworthy employees. According to the 2020 Report to the Nations promulgated by the ACFE, 89% of all fraud cases reported were committed by individuals without a criminal record.
The perception of being caught is often the strongest control. This could be as easy as performing unpredictable checks and efficiency reviews of the warehouse and accounting departments. Integrate the 'trust but verify' mentality into the organization’s culture by applying it across all departments of the organization. This way all employees will embrace the change together and reduce non-compliance issues.
The accounting system should be monitored by someone with a solid understanding of the organization’s financial dealings and transactions. The following are some solutions to the vulnerabilities mentioned above that will increase segregation of duties and monitoring of Mr. Liability and Ms. warehouse manager:
Configure the accounting system to reject duplicate payments and have all errors logged and sent to someone outside of the accounting department to investigate, perhaps an owner or CEO.
Assign editing rights and approval of the vendor list to an owner or qualified individual. Require W-9 forms be completed and approved before adding new vendors. Research new vendors to make sure they exist as named and the contact information is accurate.
NOTE: A fake vendor's name usually resembles an actual vendor. However, if it is widely known that the vendor list is never reviewed or controlled by someone outside of accounting, a fraudster like Mr. Liability may be bold enough to use his own name or the name of a family member as the fake vendor for amusement.
Eliminate manual checks. Use electronic, prenumbered checks instead since they are harder to manipulate and easy to monitor. Having a separate physical check stock makes logical sense for emergencies, but that convenience comes with an elevated risk of fraud. Physical checks are difficult to track since they usually have different numerical sequence than digital checks from an accounting system and can be used out of order to increase confusion. Also, bank tellers are not trained (or properly incentivized) to examine check signatures close enough to catch discrepancies. Therefore, a fraudster can easily and successfully forge signatures on physical checks with minimal risk of exposure, even if the fraudster is not an approved check signer.
Where possible, segregate duties such as:
Payment initiation and approval: A great control to implement here is “positive pay” where a designated individual is sent a list of requested payments for a specified period by the financial institution processing the transactions. The individual must electronically approve the payment list before any payments are initiated. Most banks offer this service.
Processing vendor invoices & handling vendor discrepancies/complaints: If your organization receives paper invoices, have someone other than the individual entering accounting information check the mail and handle overdue notices. Consider assigning the investigation of vendor or customer issues to an officer, board member or a separate employee at the organization than the person responsible for recording or executing the transactions.
Preparation and review of the bank reconciliation: The bank reconciliation process is a simple way to combat financial fraud since most transactions run through a bank account. Assign someone other than the preparer to review the monthly bank reconciliation and bank statement carefully. This person should have sufficient knowledge of the organization's dealings to identify missing checks, strange vendor payments, customer receipts or transfers, or any uncleared activity on the bank reconciliation that is excessively old.
If this article raises any questions or concerns about your organization, please contact Shields Financial Services for a free consultation.
DISCLAIMER: This page and its contents are for general information and educational purposes only and posted by the author on an "as available" basis on behalf of Shields Financial Services. No specific legal, tax, investment, or other advice in any form is being offered to the reader by the author, or Shields Financial Services. By accessing this website, you implicitly agree that there is no existing client relationship between you and the author or Shields Financial Services without a prior, signed letter of engagement. The content on this website is never to be considered, or used as a substitute for, competent legal, tax, investment, or other advice from a suitably licensed professional, who has been advised of all pertinent facts and circumstances surrounding the reader’s unique individual and/or business circumstances.