Fraud. It’s a word that sends shivers down the spine of many, especially those of us in the accounting world. Just when you think you’re savoring that perfect cup of morning coffee, the thought of fraud can leave a sour taste that lingers long after the last sip.
In an industry built on trust and precision, the shadow of deceit can feel particularly unsettling. But fear not—understanding and vigilance can turn that bitter brew into a recipe for resilience!
In this journey, we will explore the different types of fraud, showcasing each with compelling real-life examples and case studies. Our goal is to empower you with the knowledge and tools necessary to identify potential vulnerabilities in your business, helping you safeguard against the threat of fraudulent schemes.
Fake Vendors
Fraud Example: Creating fictitious vendors and processing payments to these nonexistent entities allows fraudsters to siphon money from the company without detection.
Case Study: FACC, a Chinese-owned aircraft parts manufacturer, is taking legal action against its former CEO and CFO, accusing them of insufficiently safeguarding the company against a cyber fraud that resulted in the loss of tens of millions of euros. According to an Austrian court, the company was deceived into transferring approximately 54 million euros ($61 million) to foreign accounts through a scheme known as "fake-president fraud". More details here.
Internal Control: Implement a vendor verification process where new vendors are thoroughly vetted and approved by multiple departments. Regularly audit vendor lists and transactions to ensure all vendors are legitimate and necessary. Using the Level Copilot notifies clients when a new vendor is added to QuickBooks Online.
Ghost Employees/Payroll Fraud
Fraud Example: Adding non-existent employees to the payroll and collecting their wages can inflate payroll expenses and divert funds to fraudsters. Manipulating payroll records to receive unearned wages or bonuses can inflate payroll costs.
Case Study: Transport Minister Fikile Mbalula announced that the Passenger Rail Agency of South Africa (PRASA) has launched a forensic investigation into "ghost employees" after failing to verify the existence of 3,000 staff members. These employees were flagged during PRASA's Project Ziveze, a staff verification initiative aimed at confirming the identity of all employees. As a result, the salaries of these unverified employees have been frozen. Read more here.
Internal Control: Conduct regular audits of the payroll system and require a separate department to verify the existence and employment status of all employees. Implement biometric systems for attendance to ensure physical presence. Use automated payroll systems that require dual approval for changes and conduct regular audits of payroll transactions.
Inflated Invoices and or Vendor Collusion
Fraud Example: Submitting inflated invoices from legitimate vendors and pocketing the difference can lead to significant financial losses and/or colluding with vendors to receive kickbacks in exchange for awarding contracts can lead to inflated costs and reduced quality.
Case Study: In MacNamara v. 2087850 Ontario Ltd. (Strathcona Construction), the plaintiff hired Strathcona and its owner Robert Koblinsky for a two-year renovation project costing over $6 million. After discovering a fraudulent invoicing scheme through an investigator, the plaintiff dismissed the defendants and pursued a civil fraud lawsuit. The court granted summary judgment, revealing numerous invoicing irregularities, such as inflated charges, double HST billing, and unsupported charges. Notably, Strathcona charged $12,500 for a subcontractor who was never retained and inflated another subcontractor's fee from $535,000 to $728,000. The court found Koblinsky personally liable for the fraud, emphasizing his complete control over Strathcona and its role in the fraudulent activities. Read more here.
Internal Control: Require detailed purchase orders and invoices to be reviewed and approved by multiple parties before payment. Use competitive bidding for large contracts to ensure fair pricing.
Duplicate Payments
Fraud Example: Paying the same invoice multiple times and diverting the extra payments to personal accounts can be a subtle yet effective form of fraud.
Case Study: A notable example of duplicate payment fraud involved the City of Dixon, Illinois. In this case, the city comptroller, Rita Crundwell, embezzled approximately $53 million over two decades. Part of her scheme included creating fake invoices and processing duplicate payments, which she then diverted into a secret bank account. Crundwell was able to manipulate the city's financial records to cover up the discrepancies, allowing the fraud to go undetected for years. This case underscores the importance of implementing strong internal controls and regular audits to prevent and detect duplicate payments and other fraudulent activities. Read more here.
Internal Control: Implement a system that flags duplicate invoices and requires secondary approval for any flagged transactions. Regularly reconcile accounts payable records with bank statements. The ‘Duplicate Expense Transaction’ in the Level Copilot would mitigate the risk of double payments to different vendors.
Unauthorized Access
Fraud Example: Employees accessing QuickBooks Online without proper authorization and making fraudulent changes can compromise financial integrity.
Case Study: A small business’s worst nightmare. Unauthorized access to their QuickBooks Online account led to $11,000 in employee payroll being redirected to fraudulent accounts. The hacker accessed the QuickBooks account, changed the bank details for payroll, and diverted the funds to scam accounts. The business owner was not notified of any suspicious activity or changes to account numbers, highlighting a significant security lapse. The incident prompted the owner to contact QuickBooks for assistance and to file a police report. This case underscores the importance of implementing strong security measures, such as two-factor authentication, to prevent unauthorized access to financial systems. Read more here.
Internal Control: Use role-based access controls and regularly review access logs. Implement two-factor authentication for sensitive systems.
Personal Expenses/Misusing Credit Cards
Fraud Example: Misclassifying personal expenses as business expenses can lead to inflated expense reports and financial discrepancies. Using company credit cards for personal purchases and hiding the expenses in QuickBooks can inflate company expenses.
Case Study: A real-life example of misclassifying personal expenses as business expenses occurred with Dennis Kozlowski, the former CEO of Tyco International. Kozlowski was found guilty of using company funds for personal expenses, which he misclassified as business-related. This included extravagant purchases such as a $6,000 shower curtain and a $2 million birthday party for his wife, disguised as a shareholder meeting. The fraudulent activities were part of a larger scheme that resulted in him and other executives embezzling millions from the company. This case highlights the importance of rigorous expense report audits and clear policies to distinguish personal and business expenses. Read more here.
Internal Control: Require detailed receipts and explanations for all expenses. Implement a review process where expenses are checked against company policies before reimbursement. Limit the number of company credit cards and require detailed monthly statements to be reviewed by a supervisor. "Transactions Missing Vendor/Customer Information" in the Level Copilot might catch some instances where personal expenses are entered without proper details.
Altered Transactions
Fraud Example: Modifying transaction amounts after they've been entered into QuickBooks to cover up theft can distort financial records.
Illustration: A long-time employee at a mid-sized retail company exploited their role in the accounting department to commit fraud. They modified transaction amounts in QuickBooks to cover up theft. The employee would regularly alter the amounts of vendor payments after they were entered, siphoning off the difference into a personal account. By adjusting the records, they made it appear as though all transactions were legitimate and balanced. This manipulation went unnoticed for several months until an internal audit revealed discrepancies between the bank statements and the recorded transactions in QuickBooks. The audit led to a thorough investigation, uncovering the fraudulent activities and resulting in the employee's termination and legal action against them. This case underscores the importance of regular audits and stringent internal controls to prevent and detect such fraudulent activities.
Internal Control: Establish an audit trail within accounting software that logs all changes to transactions, including who made the changes and when. "Transaction Voided" and "Transactions Deleted" alerts can help detect when transactions are being manipulated in the Level Copilot.
Conclusion: Strengthening Your Fraud Defense
Understanding the various forms of fraud that can threaten your business is the first step in building a robust defense. By recognizing the warning signs and implementing strong internal controls, you can significantly reduce the risk of falling victim to these deceptive schemes.
However, the fight against fraud is ongoing, and staying one step ahead requires continuous learning and vigilance.
Next week, we’ll take our exploration even further, delving into more real-world cases of fraud and examining the strategies that successful businesses use to mitigate these risks. From advanced detection methods to creating a culture of accountability, we’ll provide you with actionable insights to fortify your business against fraud.
Stay tuned as we continue to arm you with the knowledge and tools needed to protect your business, ensuring that fraud remains a bitter brew you never have to taste.