Fraud and Accounts Payable: A Real World Example
I recently read an article about a woman who stole $57K from her former Massachusetts employer. While the amount stolen was not millions of dollars, I think the example of HOW she stole the money will be of interest to anyone in accounts payable.
This is an excerpt from the article in the UnionLeader (June 30, 2010).
Hogan allegedly schemed her former employer, a biopharmaceutical services company based in Waltham, Mass., by creating false entries into the company”s accounts payable system. She was employed there as an accounts payable clerk, says the release.
During a three-year period, Hogan allegedly entered her mother’s name into the company’s accounts payable system as a fraudulent vendor. According to authorities, on separate occasions between November 2002 and November 2005, she created false invoice entries that resulted in checks being made payable to her mother.
Nine checks totaling about $57,400 were deposited into a bank account held jointly by Hogan and her mother, according to the release. The money was then allegedly used by Hogan for personal bill payments and other personal use.
What I find most interesting about this example is how uncomplicated and unsophisticated the crime was. This person simply set her mother up as a vendor and then paid her. Not complicated. Do you have controls in place in your organization that would have stopped this fraud?
Let’s go through what controls this company should have had in place.
- Segregation of Duties. The person who creates a vendor should not be the same person who enters the invoice. This is basic Controls 101. Unfortunately, many companies are simply too small to have enough resource to properly segregate the duties. If you don’t have enough resource, you should generate a report of all new vendors that are added and have it reviewed by a manager on a regular basis.
- Approval of Checks. The amount stolen was $57,400 over nine checks. The average invoice size being approximately $6,300. That is a pretty big invoice amount. Many organizations require a manager to review larger dollar invoice amounts. I have seen the threshold start at $5K for some companies, while others start at $10K.
- Budgeting Review. The amount of the payment had to be charged to some general ledger account. Adequate review of G/L accounts is essential. In addition, there should be a review of G/L accounts that are questionable or odd. For example, there shouldn’t be any accounts payable distributions made to revenue accounts. If there are, those transactions should be reviewed.
- Review of all vendors created/modified. Many times organizations do not have enough staff to adequately segregate duties. If that is the case, then a manager should review all vendor creations and modifications.
- Tax ID number review. It is considered a best practice to get a tax ID number for every vendor master record that you create. What tax ID do you think the offender would have used if this company had such a policy? Most likely she would have used her own social security number. The fraud would have been identified through a simple match of vendor tax id to employee social security number. But let’s say the A/P clerk enters in an inaccurate TIN number. The best way to unearth this scenario is to use the IRS’s free TIN matching program. This matches the vendors name with the tax ID number to ensure they match.
This was a simple crime. By implementing the basic controls discussed above, this organization would have been able to identify this fraud long before it lost $57,400. Our solutions help companies identify this type and many other kinds of fraud. Fraud can occur within any organization and this example demonstrates that fraud doesn’t always have to be complex.
Do you have any control procedures in place that you would like to share that might stop this kind of fraud?
Thanks for reading.
Karl