Fraud Schemes: Payables (#247)
/In this podcast episode, we discuss fraud schemes related to accounts payable. Key points made are noted below.
The Stolen Check Scam
A business can lose a lot of money if it doesn’t keep tight control over its payables, because there are several ways for employees to redirect cash through the payables system. One of the easiest scams is for an employee to steal unused company check stock and write a check to himself. Or, since a bank reconciliation will spot the employee’s name on the check, to write a check to a business that’s owned by the employee. If the name of the party being paid is generic enough, no one may question the payment. Still, these amounts tend to be on the smaller side, in order to avoid notice.
Another element needed to make a stolen check scam work is access to the signature stamp being used to sign checks, or the perpetrator may just have a good ability to counterfeit the signature of an authorized signer. This problem can be stopped fairly easily. You have to lock up the check stock in one location, and lock up the signature stamp in another location – otherwise, if someone can break into a single location, he’s hit the jackpot, because he can steal checks and sign them with a valid signature stamp. Of course, the controller can’t leave the keys to these locations sitting in her desk drawer – which is all too common. In short, you need to exercise some prudence.
The Concealed Check Scam
A slightly more clever approach to the same fraud is the concealed check scam. This involves creating a check through the payables system, with a reasonable amount of fake supporting documentation. Then insert the check into a stack of other checks that need to be signed, and give the stack to the authorized check signer. If the signer has a reputation for signing anything without question, it should be easy to get a valid signature on the check, which the clerk can then cash. Obviously, blocking this fraud requires the check signer to be diligent in reviewing supporting documentation for checks. But sometimes even the best check signer is in a hurry, and blasts through a pile of checks without looking too closely at what’s being signed.
And furthermore, if the perpetrator creates supporting documentation that’s convincing enough, the check signer may fall for it and sign the check anyways. Even worse, the check signer may get used to seeing the same supplier name appear in the stack of checks, and will continue to sign off on these checks – which means that the concealed check scam actually gets easier through repetition.
The Duplicate Payment Scam
There are some additional variations. One approach is to create two payments to a supplier “by mistake” for the same invoice, then issue one to the supplier to cover the actual supplier invoice, and cash the other check into an account that’s in the name of the supplier, but which is owned by the payables clerk. This approach is a bit limited, since there’s a good chance someone will spot a large number of duplicate payments after a while.
The Intercepted Check Scam
Another approach is to fake a supplier invoice from a real supplier and cut a check to pay for that invoice. The check signer will be taken in by the name of the supplier, and so is more likely to sign the check. The payables clerk then intercepts the signed check and deposits it into an account that’s in the name of the supplier, but which is owned by the payables clerk.
You can mitigate these types of fraud by not allowing the payables clerk access to signed checks. Instead, they’re mailed as soon as they’re signed. This is not a good solution in a small business, where there aren’t enough employees to properly segregate responsibilities.
These kinds of fraud are an even worse problem when the person engaging in the fraud is an authorized check signer, such as an in-charge bookkeeper or a controller. This person obviously has access to the check stock, and no one will question the checks being issued. The situation is especially bad if the person sets up fake suppliers, so that she can submit fake invoices, and then signs the checks to pay for her own invoices. This class of fraud can involve some major losses, so the basic rule is to keep check signing authority out of the accounting department.
Expense Report Fraud
And then we have expense report fraud. There are so many ways for an employee to file an expense report that contains false expenses. When the company reimburses the employee for an expense report, the employee is essentially stealing funds. So here are some ways to pad an expense report.
You can make multiple copies of a receipt, and submit these extra receipts in successive expense reports, so that one expenditure is reimbursed multiple times. A variation is to submit several different types of support for the same expense in successive expense reports. For example, you could submit the itemized detail for a hotel room on one expense report and the credit card receipt for the room on the next report. Another approach is to charge an item to the company credit card and then claim reimbursement for it on your own expense report, using the purchase receipt.
And there are plenty of other ways to mess with an expense report. For example, you could characterize a personal expenditure as company business, and run it through the expense report. Or, adjust the amount on a receipt to make it larger, and then submit a photocopy instead of the original that’s deliberately fuzzy, so no one can detect the change. Or to be really artistic, create entirely fake documentation, with an official-looking form and a fake company logo. This last approach is not worth the effort unless you’re going for a really large reimbursement.
But, we’re not done yet. You could enroll in a class at a local college and submit the receipt for reimbursement – and then cancel the class and get a refund. Or, if you’re on an extended business trip, submit grocery store receipts for your grocery purchases – and then collect grocery receipts from other shoppers, and submit those receipts, too. By the way, I saw an audit manager do that one. For an easy reimbursement upgrade, try overstating the number of miles actually traveled on company business, and get reimbursed for the larger amount. Or, if you’re taking a cab ride, ask for a blank receipt from the cab driver, and fill it in with whatever number you want.
I’m not trying to turn this episode into a how-to guide for how to steal from your company – but you can see how easy it can be, especially with expense reports. Now let’s turn it around and look at the situation from the perspective of the company. How do you keep employees from padding their expense reports? It might seem like the only option is to view every expense report with deep suspicion, and spend an hour or so digging through each one – but that’s not very practical. A better option is to conduct an occasional in-depth review of an expense report. If you find something dubious, then that employee’s prior expense reports are all examined in detail. In addition, that person is flagged in the system as a problem employee, so that all future expense reports are subjected to a detailed audit. Of course, at some point you fire these people.
Another possibility is to make employees use a company credit card or a corporate travel agency, so that the company directly pays for all travel expenses. This eliminates most reimbursements, though it’s still possible for someone to run personal expenditures through the company card.