As fraud examiners, we often suggest that organizations develop formal written procedures for preventing and detecting fraud and communicating ethics policies. "Managing the Business Risks of Fraud," a joint publication of three associations, provides the blueprint for indispensable anti-fraud planning. Susan works as bookkeeper for a small organization. She and the assistant bookkeeper, Meredith, totally control the accounting function except authorization of transactions. Susan supplies information directly to the outside auditors, prepares QuickBooks®, and receives the unopened bank statements. The boss doesn't understand computers, and everyone knows it. This is a ticking time bomb.
Susan begins slowly. She writes herself a couple of checks and forges the boss' name. Then she gets greedy. After all, her paycheck is small, her boyfriend just moved out, and she has double the living expenses. Susan discovers it's easy to steal from her company; she just pretends in QuickBooks that the checks she writes to herself are sent to vendors. No one detects her improprieties.
Susan then decides no one would notice a few extra charges to the company credit card. She opts to switch from paper to electronic credit-card invoices so no one but she will see them, and no one will even know the vendors aren't real. Susan then electronically transfers company funds from its bank account to pay the monthly credit card bill. She steals $25,000 in six months.
Her schemes are working well, but she doesn't want to wreck a good thing by getting caught. So Susan quits and plans to use her new methods to siphon revenue at a different company. She doesn't realize that Meredith, the assistant bookkeeper, has been watching and learning Susan's fraud techniques.
After Susan leaves, Meredith is promoted to bookkeeper and she begins to steal using Susan's techniques. After only three months in her new position, Meredith has stolen approximately $10,000.
Lucky for the boss, it's now January and the credit card company issues its year-end summary in print because the statements for part of the year were sent on paper. Meredith is on vacation with her family in Orlando, Fla., when the statement arrives. The boss opens the annual credit card summary and can't believe his eyes. Our company helps him see the ongoing fraud, and he realizes that Meredith is actually using the credit card while vacationing in Orlando! If the company had fraud prevention or detection procedures already in place, it wouldn't have lost $35,000.
As fraud examiners, we advise our clients and organizations to construct a fraud-risk plan. But if personnel at all levels - the board of directors, the audit committee, all management, staff, and internal and external auditors - isn't closely involved with the inception of the plan, then it will become just another three-ring binder sitting on the shelf. And the organization will still be vulnerable to huge losses of money, morale and reputation.