| MOLLY, THE ASSISTANT, Molly treasurer at
| |
| | authority over the credit card function.
|
| XYZ Corp. in Miami, opened an e-mail from
| |
| | He managed the corporate credit cards,
|
| a former colleague who no longer worked
| |
| | reviewed the delinquent accounts, had
|
| for the organization. The e-mail read:
| |
| | access to the employee statements, and
|
| "Hi Molly, there should be a refund of
| |
| | dealt with the bank's account managers.
|
| $716 on my old corporate Visa card from
| |
| | No one reviewed his work. As soon as
|
| the IP Conference. I paid for, but did
| |
| | accounts payable walked the checks down
|
| not attend, the conference and did not
| |
| | to his office, he had all he needed to
|
| turn in the charge to XYZ for
| |
| | perpetrate the fraud.The second breakdown
|
| reimbursement. Can you have Visa issue a
| |
| | was that the accounts payable clerk
|
| refund check to me? Thanks very much for
| |
| | walked the checks over to Jerry. Although
|
| your help."The e-mail was from Jerry, a
| |
| | not necessarily right, it is
|
| former XYZ executive who had been Molly's
| |
| | understandable that accounts payable
|
| boss at one time. The message seemed
| |
| | would not have the time to audit Jerry's
|
| innocuous enough. Jerry had legitimately
| |
| | delinquency list. After all, accounts
|
| charged a business conference to his
| |
| | payable was processing more than 1,000
|
| corporate credit card, but he had
| |
| | checks per week with a staff of six.
|
| canceled his registration because he left
| |
| | However, it was unacceptable for the
|
| the company. Therefore, he was due a
| |
| | clerk to deliver the check directly to
|
| refund.It would have been very easy for
| |
| | Jerry. The check should have gone from
|
| Molly to trust her former boss and get
| |
| | accounts payable to the vendor. The
|
| him the refund. Instead, because
| |
| | vendor invoice--or delinquency data in
|
| something didn't seem quite right, she
| |
| | this case--should have contained all of
|
| chose to check on whether XYZ had already
| |
| | the pertinent information to allow
|
| reimbursed Jerry for the conference.To
| |
| | accounts payable to appropriately route
|
| make this determination, Molly accessed
| |
| | the check.XYZ decided to report Jerry to
|
| Jerry's corporate credit card records
| |
| | law enforcement. Although $88,000 is not
|
| online and retrieved his expense reports
| |
| | a significant amount of money for a $1
|
| from the accounts payable file room. The
| |
| | billion company, and the legal fees and
|
| expense reports confirmed that Jerry had
| |
| | other costs might be high, the company
|
| not expensed the conference fee, but when
| |
| | wanted to demonstrate to its employees
|
| Molly looked at his credit card
| |
| | that it would not tolerate fraud and
|
| statement, she saw a couple of odd
| |
| | would hold perpetrators accountable.
|
| items.First, the most recent statement
| |
| | Decisive and timely action such as this
|
| indicated that the former XYZ executive
| |
| | is critical to maintaining a sound
|
| had made four payments to his credit card
| |
| | control environment.Not everyone is as
|
| in one month. Second, the statement was
| |
| | diligent as Molly. The lesson she applied
|
| two pages long, and Molly knew that Jerry
| |
| | is an important one to teach operations
|
| rarely traveled for business. She scanned
| |
| | personnel: Take the time to check
|
| the charges and noted that most of them
| |
| | anything that doesn't seem right. Because
|
| were from local vendors. In addition,
| |
| | she spent a few minutes performing due
|
| none of the items looked like business
| |
| | diligence, Molly uncovered an $88,000
|
| charges. The charges included dinners at
| |
| | fraud.Several symptoms may have flagged
|
| local restaurants, department and grocery
| |
| | the fraud. If internal auditing had been
|
| store charges, and airline tickets for
| |
| | testing the employee credit card charges,
|
| Jerry and his wife that Molly knew were
| |
| | simply identifying the top 25 corporate
|
| for their recent vacation.Out of
| |
| | card users and reviewing their charges
|
| curiosity, Molly queried the company's
| |
| | would have flagged Jerry. Travel
|
| checks online to see if any of the
| |
| | reimbursements of $88,000 in one year
|
| payments made on Jerry's Visa account
| |
| | covers a lot of travel. Testing the
|
| matched the dollar amounts of checks
| |
| | accounts of the people with the most
|
| written by XYZ. Sure enough, she found
| |
| | posted credits would have similarly
|
| that all four payments made to Jerry's
| |
| | flagged Jerry. Also, Jerry averaged three
|
| credit card that month equaled amounts on
| |
| | payments a month on his credit card over
|
| checks that the company had written to
| |
| | the course of a year, an unusual pattern
|
| Visa. Molly increased the scope of her
| |
| | that, if identified, should have been
|
| search and observed that every payment
| |
| | investigated.Testing the top 25 corporate
|
| posted to Jerry's corporate credit card
| |
| | credit card users and searching for
|
| over the previous 12 months was from a
| |
| | unusual patterns are the staples of any
|
| check written by the company. She also
| |
| | audit program that contains tests
|
| noticed that of the $88,000 in charges on
| |
| | designed to uncover fraud.LESSONS
|
| Jerry's card over that time frame, none
| |
| | LEARNED* Employees should take the extra
|
| was for business expenses.Molly printed
| |
| | step. If employees are presented with a
|
| copies of all of the checks and noted
| |
| | transaction that they do not completely
|
| that, although Visa was listed as the
| |
| | understand, they should do what was going
|
| payee on all of them, Jerry's corporate
| |
| | on so that it became clear to everyone
|
| credit card account number was
| |
| | that XYZ would not treat fraud lightly.
|
| handwritten on each check. Molly
| |
| | what it takes to understand the
|
| approached the director of internal
| |
| | transaction. Molly was one of the
|
| auditing as well as Jerry's former
| |
| | custodians of the organization's cash, so
|
| manager and requested an investigation
| |
| | when someone asked for money from the
|
| into the matter.While working for XYZ,
| |
| | company, even a trusted former boss, it
|
| Jerry was in charge of making sure that
| |
| | was important for her to understand the
|
| the organization paid delinquent balances
| |
| | nature of the transaction.* Segregate
|
| on the corporate credit cards of people
| |
| | duties. This is a concept that is drilled
|
| who had left the company. XYZ had an
| |
| | into the brains of internal auditors ad
|
| arrangement with the credit card company
| |
| | nauseam, but it is not necessarily
|
| that it would guarantee payment for
| |
| | communicated as often to operational
|
| certain employees if those employees did
| |
| | management. The organization's head
|
| not pay the balances on their accounts.
| |
| | treasurer, to whom Jerry reported, was an
|
| Once a month, Jerry would provide
| |
| | ex-auditor and ex-controller, and
|
| accounts payable with a list of
| |
| | therefore should have been aware of this
|
| delinquent accounts on guaranteed cards,
| |
| | control concept. However, during the
|
| and accounts payable would cut the check
| |
| | course of business, when times are good
|
| to the credit card company.However, on
| |
| | and everyone is busy, it is easy to
|
| the bottom of every check request in
| |
| | overlook the fundamentals. Jerry had too
|
| Jerry's last year of employment, he had
| |
| | much control, and because accounts
|
| written, "Please deliver the check to
| |
| | payable trusted him, the clerks did not
|
| me." Typically, accounts payable would
| |
| | adhere to their own processes and send
|
| mail the check directly to the credit
| |
| | the check directly to the third party.*
|
| card company, but because accounts
| |
| | Act quickly and decisively. Jerry was a
|
| payable knew that Jerry maintained a
| |
| | long-time employee of" XYZ, and he was
|
| relationship with the credit card
| |
| | well-liked in the organization. It would
|
| company, they adhered to his request and
| |
| | have been easy for the company to ask
|
| delivered the checks to him. When Jerry
| |
| | Jerry to pay the money back and call it
|
| received a check, he would write his own
| |
| | even. How ever, management and the board
|
| account number on the check, and the bank
| |
| | called for a full investigation, led by
|
| would apply the payment to Jerry's credit
| |
| | the internal audit group that included
|
| card.Jerry did not need to make sure that
| |
| | outside consultants, legal counsel, and
|
| the delinquent credit card owners listed
| |
| | the district attorney. Management also
|
| on his spreadsheet paid their balances,
| |
| | decided to not keep it quiet; they let
|
| because he had fabricated the delinquency
| |
| | the finance and accounting organizations
|
| list that he provided to accounts
| |
| | know what was going on so that it became
|
| payable. In many cases, the employees
| |
| | clear to everyone that XYZ would not
|
| with the so-called delinquent balances
| |
| | treat fraud lightly.* Thieves can get
|
| had left the organization long before,
| |
| | greedy. In this case, Jerry had already
|
| and they had paid their balances in full
| |
| | left the company. His fraud might have
|
| before departing.So, where were the
| |
| | gone undetected if he had not returned
|
| control breakdowns? First, Jerry had sole
| |
| | for one last $716!
|
