The Fraud Diamond in Action

The Fraud Triangle, an industry standard when it comes to explaining how fraud schemes are perpetuated, has a new companion – the Fraud Diamond. The diamond adds a fourth point to the picture – in addition to the elements of incentive, opportunity, and rationalization we find a fourth:  the person’s ability/skill level. Intuitively, it would seem a natural assumption that in order to pull off a fraud scheme, the person must have certain skills like financial knowledge, ability to handle stress, or familiarity with computer programs.  While the diamond is not currently the industry standard, it is an interesting concept to consider during fraud investigations.

Examining a specific fraud scheme will help illustrate, in general terms, the fraud diamond concept.  When evaluating an organization’s internal control structure, monitoring exposure to risk-of-loss, or investigating fraud, keep in mind the knowledge, skills and abilities of those individuals with access, since they are the ones who may perpetrate fraud schemes.

Theoretical Case Study: The Overqualified Bank Teller

A bank teller working for a branch of a national bank is often bored at work. He is a smart young man who feels overqualified for his job and he completes his tasks quickly. He has a lot of time to think and his mind wanders to ins and outs of the banking industry. He thinks he spots loopholes where the bank could make improvements in security, but instead of offering suggestions he decides to test his theory to see if he could beat the bank’s systems. It is simply the thought of, “I think I can do this, so I am going to try.” His incentive is merely the challenge of beating the system, not necessarily the overt decision to commit fraud.

He notices that there are very small amounts of money – a fraction of a penny up to one penny – that are rounded off on transactions. The customer never notices or comments on these small amounts being rounded off. He sees an opportunity in the weakness of the bank’s system. He could accumulate these fractions of a cent, and over time they could become a large sum.

He opens up a fictional account and develops a computerized system to move the fractions of a cent into that account for all the customers he works with during the day. In his mind he isn’t stealing from the customers because they don’t realize the rounding is occurring anyway, and plus, the bank itself is insured by the FDIC. His rationale is that since everyone is protected, no one gets hurt. He is watching this bank account increase day by day for months at a time.  The scheme is worth the risk in the end because he is proving that he is smart enough to work the program, plus he is not getting caught.

The bank teller’s capabilities tie directly into his incentive in this case – he just wanted to see if he could pull off the scam against the bank and if he had the skills needed to make it happen. Once he found out that he did in fact have these abilities, the accomplishment wasn’t enough. Now it was about staying calm and collected while his bank account’s balance increased – could he pull that off? The risk was not enough to make him stop because he was testing his abilities yet again.  A person who commits fraud often has an overactive ego that lets him believe he is above being caught and has figured out the system to his benefit. Ultimately, his personality traits and his technical skills with the computer were the skills required to execute this particular fraud scheme.

Did the skills lead to the fraud? Is the fraud diamond on its way to being the new standard in fraud investigations? That has yet to be determined, but it is safe to say that knowledge, skills and abilities are definitely part of the overall picture.  Consulting with a Certified Fraud Examiner might be the best way to increase your awareness of the risks specific employees may bring to your organization.

Mike Rosten is a Principal at Piercy Bowler Taylor & Kern CPAs and Business Advisors. You can reach him at mrosten@pbtk.com.

Advertisements

Embezzlement Case at Water Company Demonstrates Financial Negligence

The former General Manager (GM) of the Box Springs Mutual Water Authority in Moreno Valley, California was recently charged with embezzling $784,175 over a 19 month period. She made $42,000 a year – the average $41,000 monthly loss to the water company equaling nearly the amount of her annual salary.  She used the proceeds from her embezzlement scheme to pay for various vacations and cruises, and to fund her gambling habit at local casinos.  She also admitted to investigators that she used a company ATM card that she issued to herself, in addition to falsifying financial statements that were submitted to the board of directors.

Moreno Valley Police Department reports show that a prior employee had previously reported embezzlement at the company on two separate occasions, but the board of directors did not want to conduct an investigation and took no action. The red flags were obvious, it would seem, yet ignored.

Business owners studying this situation can learn how to better demonstrate increased awareness and diligence within their own companies when it comes to potential internal fraud schemes. Management should respond promptly to employee tips and implement sound internal controls in order to minimize the risks of misappropriation. Here are ways a business can create an effective operating environment through internal controls:

  • Segregation of duties.  The GM had complete control of Box Spring’s finances. Single employees should not be responsible for an entire accounting cycle (e.g. approve invoices, prepare checks, sign checks, post checks, and reconcile the bank account). If there aren’t enough staff to divide the responsibilities, make sure effective review procedures are in place.
  • Need for oversight and audits.  A bookkeeping service that had discovered missing money in 2008 stopped providing its services in 2009, coinciding with Sutton’s promotion to GM.  Where were the auditors?  If a surprise audit had occurred at any time, it most likely would have caught this embezzlement.  Warning employees that a surprise audit may occur from time to time is also a good deterrent, since they would fear getting caught.
  • Monitor bank statements and reconciliations.  In this case, the disbursements process was compromised by the GM.  A simple comparison of activity on the bank statements and reconciliations would likely have revealed the magnitude of funds being withdrawn via ATM, and how they were being recorded in the accounting records.  That monitoring would not have been labor intensive, and should have been possible using existing personnel, or even a member of the board of directors.
  • Perform a fraud checkup yearly.  According to the Association of Certified Fraud Examiners (ACFE), the average fraud goes on for 18 months or more before it is caught.  Since this fraud went on for almost two years, a yearly fraud checkup may have discovered the theft.  Contact a CFE for a fraud checkup checklist, or click here.
  • Create levels of accountability.  Too much trust is oftentimes placed in high level officials and long-term employees.  Employees at all levels of an organization need supervision and accountability. Since the GM had complete control of the finances, it appears that she could have caused even greater losses than were realized.
  • Look for red flags.  The GM would not have been able to hide her vacations where she would have to miss work, or her gambling habit, since others could see her gambling at the local casinos.  Further, increased spending and a more lavish lifestyle should have caused red flags warranting the attention of others.  Gambling or other addictions may contribute to the rational for theft, and provide the motive for taking money to cover debts or expenses.
  • Establish a third-party hotline.  Using a third-party hotline to report suspicious activity offers a level of anonymity, making employees more likely to blow the whistle on fraudulent activity.  With all of the flagrant spending of the GM, someone at the water company probably noticed a problem.  And, if there had a third-party hotline, it is likely that a warning would have been received.

According to the ACFE, a typical organization loses an estimated five percent of annual revenue to fraud.  Box Springs was already losing money, so being defrauded out of $784,175 would have been devastating to its financial position.  The significance of losses at Box Springs is an illustration of what can happen when you don’t have effective internal controls in place.  With five percent of annual revenues lost to fraud every year, coupled with the funds needed to address the aftermath, any resources devoted by organizations to the deterrence of fraud would be a prudent investment.  This would include calling on the professional services of a CFE, who would possess the requisite specialized skills and knowledge in this area.

Mike Rosten is a Principal at Piercy Bowler Taylor & Kern CPAs and Business Advisors. You can reach him at mrosten@pbtk.com. Emily Long, CFE is an auditor/forensic analyst with the firm and can be reached at elong@pbtk.com. For more information on forensic accounting, visit http://www.pbtk.com/forensic_accounting.asp.

From a Seed to a Deep Rooted Problem: How Fraud Starts in a Company

Occupational fraud, crimes committed by employees against their employers, is often perpetrated by some of the most trusted people within the company.  Company owners say they feel betrayed and are even personally hurt when they learn of the employee’s theft because they trusted the worker implicitly, giving them access to sensitive information and financial documents. All too often, it is these employees who are the most susceptible to the lure of fraud because they have the access that other employees would never get.

But what turns a person from an employee collecting a paycheck to one who feels justified in stealing from the company to pad their bank accounts? It starts as a small thought, a seed in their mind about how they need extra money for a pressing matter, and it grows into a deeply rooted lifestyle that cannot be stopped until they are caught.

Though you may be loath to consider the possibility, here is an example of how this may happen with one of your own trusted employees:

  1. A Seed is Planted – Your bookkeeper is upside down in her home with an adjustable loan that just recently increased. She is having a hard time making the mortgage payment each month and the recession has handed her an additional blow – her husband was recently laid off from his engineering job. She just needs $500 a month to cover the new mortgage amount and she has access to the bank accounts through her job. She thinks “what if” and imagines moving funds to cover her bills until her husband can find work.
  1. The Idea Sprouts – Since she is in charge of keeping all of the accounting records – payroll, reconciling the bank statements, making deposits and paying the bills – there is no one who will notice if she “borrows” a little money. Besides, business is good and she has worked for the company for more than five years. She has earned a bonus. The seed in her mind becomes a plan.
  1. The Plan Grows – To test her plan, she “borrows” $50 from petty cash to make a minimum payment on her credit card. When no one notices for several weeks, she makes another payment, this time with a company check. She again waits a week or more for discovery and when no one says anything, she becomes more confident in her ability to continue to siphon off funds for her personal use.
  1. The Schemer Puts Down Roots – Since no one seems to have noticed her activities, she decides to give herself a permanent “raise” on her paycheck. She reports payroll and reconciles the bank statements. This lack of internal checks and balances allows her to operate freely and she now has a regular bi-monthly increase to help pay for her bills. She becomes accustomed to this extra money, and it eventually turns into a permanent “raise,” even after her husband lands a new job.

In a matter of months, a simple idea planted by dire need has grown into a fully developed occupational fraud scheme. Improved internal controls, a financial audit, fraud examination or a tip from another employee could help uncover the fraud. Contact a Certified Fraud Examiner (CFE) for a fraud check-up that you can apply to your business today.

Tricia J. Cook is a senior forensic analyst with the forensic accounting and litigation services department at Piercy Bowler Taylor & Kern CPAs. She sifts through financial transactions to resolve allegations or evaluate suspicions, interpreting that transactional data and then organizing that information into easy to understand reports for use by counsel, or for presentation in a court-of-law.  She can be reached at tcook@pbtk.com or 702-384-1120. 

Top 10 Scams of 2011

The National Consumers League (NCL) recently released its top 10 scams of 2011 and bonus prizes and sweepstakes have taken over the number one spot, while the family/friend imposter or the “grandfather scam is new to the Top 10 list.

Top 10 scams of 2011:

  1. Prizes, sweepstakes and fake free gifts
  2. Fake check scams
  3. Internet scams for general merchandise
  4. Phishing and spoofing
  5. Advance fee loans and “credit arrangers”
  6. Scholarships and grants
  7. Friendship and sweetheart swindles
  8. Nigerian money offers (not prizes)
  9. Family or friend imposters
  10. Fraudulent Internet auctions

Click here to read the full article from the NCL.

Global Smartphone Boom Poses Huge Internet Fraud Threat to Consumers

By Michele Neubert, NBC News, and Alastair Jamieson, msnbc.com

LONDON – Rapidly increasing global ownership of smartphones and tablets will expose consumers and governments to much higher risks of Internet fraud and hacking, according to an expert.

Martin Sadler, director of the Cloud and Security Lab at HP in Bristol, England, said the expected rise in the number of electronic devices — connecting billions more people to the Internet — would make cyberattacks more likely.

Click here for the full article.