Lack of Internal Controls Impacts Two Companies Caught in Fraud Scheme

Tina and Russell Wipff were recently indicted for felony theft in Lubbock, Texas for allegedly stealing $500,000 from the Lubbock Independent School District over an eight-year period.  As a Certified Fraud Examiner (CFE) and Certified Public Accountant (CPA), this fraud scheme stood out to me because it involves circumventing internal controls of both the school district and the couple’s employer Sodexo, which has been a landscape and facilities contractor of the school district for over 20 years.

The  couple allegedly purchased supplies, electronics and grounds-keeping equipment on behalf of the school district, with costs reimbursed by Sodexo; however, the equipment was sold on eBay and the money was pocketed. There are a variety of internal controls that may have effectively prevented or resulted in earlier detection of these occupational fraud and fraudulent billing schemes.

Occupational Fraud

According to the Association of Certified Fraud Examiners (ACFE), employees who steal inventory often are highly trusted within their organizations, warranting easy-access to secure areas and possibly keys for after-hours access.[A]  A sampling of typical internal controls that may have thwarted these losses at the contractor, Sodexo, include:

  • Monitor purchases.  There should be at least two levels of approval for capital expenditures.  That way, the receipt of purchased products would be anticipated by others within an organization, lessening the risk of diversions from purported uses.
  • Limit access to supplies/inventory.  Restricting unauthorized access to the users of certain equipment would be another way to discourage diversions (assumed to be part of Sodexo’s responsibility).
  • Physical inventory and invoice tracing.  Periodically, equipment purchase records should be compared with physical inventory records to ensure that accountability for expended funds.  Since these schemes spanned over an eight-year period, annual physical inventories may have been adequate to detect the misappropriations (assumed to be part of Sodexo’s responsibility).
  • Compare budgets.  Budgetary control is a useful tool for schemes that are reliant on over-purchasing.  In this instance, concealment of the thefts would have been easier because the equipment costs were most likely reimbursed by the school district, resulting in no net cost to Sodexco, along with an apparent lack of accountability for purchases.
  • Analytical review of sales invoices. Fraud indicators may become immediately clear from review of details.  Here, Tina Wipff was purchasing and selling electronic items such as graphing calculators and smartphones. Were those purchases relevant to services performed for the school district?  Likewise, were the purchases reimbursable by the school district, or overhead expenditures of the contractor?

 

Fraudulent Billing Scheme

According to the Association of Certified Fraud Examiners, in purchasing schemes, the fraudster buys something with an organization’s money, then takes the purchased item for himself or converts it into cash.[B]  In this case, although the fraudster couple was employed by Sodexo, the ultimate victim sustaining losses was the school district.

The pertinent issues here are whether billings from Sodexo were in accordance with the underlying contract, and whether the school district was receiving value for its disbursements.  A sampling of typical internal controls at the school district that may have thwarted these losses include:

Receipt of goods and services.  There should be a monitoring process in place to ensure the receipt of good and services, prior to payment of the vendor invoices.  Typically, invoices would be matched up with receipt acknowledgement from within an organization, to minimize the risk of overpayment.

Analysis of purchases.  Budgets should be used for monitoring purchases, including approvals by responsible parties.  Periodically (monthly or quarterly), actual expenditures should be compared with budgeted amounts, with variances analyzed and explained.

Purchase requisitions.  Oftentimes, purchases may be effectively managed by using a purchase requisition process, whereby purchases are not made without approval by appropriate department heads.  In this instance, losses may have been eliminated or at least minimized, if approval from within the school district was required before purchases were made in order to establish a base-level of accountability.

Approval of payment.  Details of invoices from the contractor should be thoroughly analyzed and understood by the school district prior to payment, and be supported by receipt acknowledgement from within the organization.  Here, it is clear that the substance underlying disbursements by Sodexo were not fully understood, possibly because the true nature of costs being paid were sufficiently hidden on the Sodexo invoices.

 

Concluding Comments

Sound internal controls help mitigate the risks of loss, whether from internal or external sources.  As this case illustrates, additional vulnerabilities are created when significant functions and responsibilities are transferred to outsiders.  Those vulnerabilities create “hidden” risks that should be understood with the help of a CFE who can help implement additional control procedures within your company.

Mike Rosten is a Principal at Piercy Bowler Taylor & Kern CPAs and Business Advisors. You can reach him at mrosten@pbtk.com.


[A] Wells, Joseph T., Corporate Fraud Handbook, John Wiley & Sons, Inc. 2004, Hoboken, NJ, p. 253.

[B] Wells, Joseph T., Corporate Fraud Handbook, John Wiley & Sons, Inc. 2004, Hoboken, NJ, p. 194.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s