Is nothing sacred?

I guess not. Eleanor Zapanta allegedly stole $712,000 from the Center for Spiritual Living by, wait for it…writing 250 unauthorized checks.

If your organization uses checks in any way, shape, or form, be very, very careful. Zapanta’s fraud allegedly took place over six years. The church only has an annual budget of $1.2 million. Assuming that the money was stolen at the same rate each year, that’s just under $120,000 per year, or 10% of the annual budget, lost to fraud. Normally, a check fraud starts small and grows until it is discovered, but you get the point – the church lost a huge percentage of its budget from just one fraud scheme.

Given the information shared in the original news story, let’s see what we can learn or infer:

1. Church business managers should never be left to their own devices. Someone in the organization needs to review their work on a regular basis. Fraud thrives on secrecy, lack of oversight, and misplaced trust.

2. Check stock must be locked in a file cabinet or safe when not in use, and it should only be accessible when two individuals are present. I know – it feels like overkill, but consider the losses associated with just the check frauds that I have discussed on this blog. I have many, many more check frauds stored and analyzed in our global case studies database. Check fraud can easily cost well over $500,000, and it is almost 100% avoidable.

3. Don’t rely on your bank to stop embezzlement. Most banks do quite well at detecting and preventing check fraud perpetrated by third parties. Embezzlement, or fraud committed by an insider with access to checks, however, is a different matter. How exactly should a bank uncover an embezzlement if the checks are signed by an authorized signatory?

4. Reconcile your organization’s bank statements on a daily basis. As part of that reconciliation process, ensure that checks issued have the appropriate supporting documentation such as invoices, purchase orders, etc. Checks should also have two signatures when appropriate and pertain to business-related expenses. Checks made out to individuals or payees that appear unfamiliar should receive additional scrutiny.

There are additional lessons learned, but that’s enough to start the ball rolling. What additional measures would you recommend?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Advertisements

“I’m as mad as hell, and I’m not going to take this anymore!”

Regular readers of this blog will know that many of the fraud losses I discuss here are largely avoidable. Well, my business partner and I have decided to do something about it. Today, we launched Consult-OnLine, an online platform that provides fraud and intellectual property theft prevention services for small- & medium-sized companies.

Why now, and why online?

Quite simply, the number of fraud cases involving small-and medium-sized companies is staggering. SMEs need help, and they need it fast. They are often overlooked by traditional consulting firms as too small to purchase services – or worse, the companies suffer in silence and do their best to muddle through without the assistance of a fraud expert. The most common reason for not engaging a fraud consultant is cost. Small companies can’t afford to pay the hourly rates and expenses that traditional firms charge. They are also genuinely concerned that once a fraud consultant enters their office, they will have a hard time convincing them to leave.

Believe it or not, other firms have offered professional services online before. One in particular was phenomenally successful, but for a number of reasons they shut the site down. We strongly believe that professional services can be delivered online. In fact, we built an innovative platform to do exactly that.

In addition, over the last three months, we have developed a proprietary database that contains analysis of fraud cases from the news. There are so many lessons to be learned from fraud at other companies. We thought it made sense to build a database that companies could access and use to learn how to avoid a similar fraud at their company. I have over 16 years of fraud experience, yet even I am amazed at the number of six- and seven-figure fraud cases that we have gathered from around the world. We are absolutely convinced that the database will “open eyes” and help companies dramatically reduce their fraud risk.

So, I am mad that small- and medium-sized companies coffers are being raided by fraudsters with impunity. AND my firm is prepared to do something about it.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

5 facts about fraud that most companies learn the hard way

Source: Soldiers Media Center

Fraud happens. Often. Here are just five facts that companies learn the hard way when fraud occurs:

Fact #1 – Fraud does not happen on the company’s timetable.

Revenues are up. Revenues are down. It doesn’t matter. The company could be experiencing the best of times or the worst of times. The fraudster doesn’t care. All he or she wants is money. Fraud will happen on the fraudster’s timetable. He or she decides if, when, how much, and how often. If the company has countermeasures in place, the fraud may be prevented or the losses kept to a minimum. With little or no countermeasures in place, however, watch out.

Fact #2 – Fraud scares people, especially senior executives.

When I meet with clients, I often tell them that fraud is a small word with big implications. In my experience, senior executives are most often apathetic when it comes to discussions regarding fraud. That is, until they are made aware of an actual fraud taking place on their watch. Then they become exceptionally nervous and spend a great deal of energy worrying about what will happen. They don’t know what they don’t know, and that makes them nervous, sometimes angry, and generally apprehensive about the future. Is this my fault? Will I be blamed? How much money will we lose? Will we get it back?

Fact #3 – Fraud prevention is an afterthought in most companies.

When meeting with a new client, we want to gain a sense of the overall maturity of their efforts to prevent, detect, and investigate fraud. Below is a small selection of the questions that we typically ask:

  • Do you have an employee hotline? How do you measure its effectiveness?
  • Do you have a fraud case management database? If so, when was the last time the information was used to develop proactive countermeasures?
  • What controls do you have in place to prevent and detect fraud? Who “owns” control development, deployment, and testing?
  • What policies and procedures do you have in place to ensure that employees are unable to steal your company’s intellectual property? When was the last time someone tested their effectiveness?
  • How often does fraud take place in your industry?
  • Have you incorporated “lessons learned” from fraud at other companies?
  • Who is responsible for fraud prevention, detection, and investigation within your organization? If separate departments, how often do they meet to share intelligence?

Very rarely will senior executives answer these questions without providing some potential areas for improvement. Most often, they struggle to answer at least one or two of the questions, which can lead to some uncomfortable silences and pained expressions. That’s OK. We know that fraud prevention is an afterthought. It shouldn’t be, but it is. Most companies don’t think about fraud until it happens or they narrowly avoid taking a loss. I personally want to change that. There is no reason that companies need to experience the vast majority of employee and third-party fraud. A company will never be fraud free, but it can certainly make it much more difficult for fraud to happen.

Fact #4 – Fraud investigations are easy to screw up.

Investigating fraud, particularly employee fraud, is much more complicated than it appears. Employees have rights, and lots of them (as they should). If in the course of an investigation a company violates those rights, the “hunter” can become the “hunted.”

Let’s consider a real-world example.

Local law enforcement thinks that one of your employees, Bob, is involved in drug trafficking. Your internal audit department is also investigating Bob. They plan to talk with him next week regarding some missing inventory. A detective from local law enforcement wants internal audit to ask a couple of questions that would help him with the drug investigation. In fact, the detective really wants to be in the room during the meeting. Helping law enforcement is a good idea, right? We might need them to help go after Bob for the inventory we think he has stolen. Would we screw up the investigation by helping law enforcement? How? We’ve already sent an email to the detective detailing the inventory theft. The detective agrees – this guy is a criminal!

(Hint: this investigation is destined for failure.)

Screw up an investigation, and you may be forced to rehire the employee that allegedly committed fraud as well as pay lost earnings and possibly even a fine. Trust me, it happens.

Fact #5 – Fraud losses are rarely recovered.

We’d like to think that law enforcement can reach out and claw back the proceeds from a fraud whenever needed. The truth is that most of the time, the proceeds are long gone. Fraud schemes typically last a median of 18 months. During that time, your company’s money is burning a hole in the pocket of the fraudster. They want to buy goods and services, pay down debt, stop foreclosure, share their good fortune with family and friends, etc. The last thing they want to do is deposit the money in their bank account and watch it gather interest (although in very rare circumstances, this does happen).

Notwithstanding the fact that fraudsters want to spend the proceeds, the truth is that law enforcement is often unable or unwilling to help companies recover fraud losses. Law enforcement is overstretched. At the local level, detectives in small cities are assigned all manner of cases, from petty theft to murder. In larger jurisdictions, detectives have an overwhelming case backlog that is closely tracked by their superiors. Financial crimes can be extremely complicated and time consuming to investigate, especially if the detective does not have a financial background. Detectives need to close cases – quickly. At the federal level, the bar is even higher. A six-figure loss may be devastating for your company, but it may barely raise the eyebrow of an FBI special agent in a large metropolitan area. With no connection to organized crime, drugs, or terrorism, the case file may be shelved and forgotten.

I strongly support law enforcement and have worked with some very talented local, state, and federal agents. However, we really can’t expect them to pursue every fraud that hits their desk. Let’s be honest; why should we expect law enforcement to help recover losses when so many of them could have been easily avoided?

If you have additional “facts” that you would like to share, please feel free to add a comment.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

You’ll never understand fraud in my industry

“It is way too complicated for anyone outside the industry to understand. Fraud in our industry is just… well… complicated!”

– Senior Executive at XYZ company

I won’t disclose the name of the company, but the preceding statement was made by a Vice President of Internal Audit during a discussion about fraud within his company. I failed to convince the VP that the 80/20 rule applied. I believed, and still do, that 80% of the fraud schemes they experienced could be found in other industries, with the remaining 20% being industry specific. He believed the exact opposite, that 20% were common to other companies and that 80% were industry specific. I lost the argument (it was really a friendly exchange).

What I didn’t have available at the time was access to a database of previous fraud cases from within his industry. I do now. We have created a proprietary database that includes hundreds, soon to be thousands, of fraud cases from around the world. Here is an example of just one case in the database involving healthcare.

Ronald A. McFarland of Pennsylvania received a 37-month sentence for his role in embezzling $2.46 million from Rosewood and Oaktree Cancer Care. McFarland was the president of Verimed, a third-party billing company. Rosewood and Oaktree engaged Verimed to bill for outpatient radiation treatment programs for cancer patients.  So how did McFarland commit fraud? Very, very complicated (I jest). He billed for services, then kept the money he received. He then made fraudulent accounting entries to cover his tracks.

Could this type of fraud happen in your industry? Sure it could! The healthcare industry uses third-party billing companies a great deal due to the complexity and length of time it takes to collect from insurance plans. But you don’t have to be in healthcare to experience a loss of this type. If your company relies on a third party to bill and/or collect amounts due your company, the potential is there.

I do agree that fraud within certain industry segments is exceptionally complicated, hence my earlier statement that 20% of fraud is specific to an industry. But when you remove the industry and truly analyze the fraud modus operandi, the other 80% starts to come into focus. Regardless of industry, fraudsters want your money in whatever form they can take it (cash preferably!).

If I have learned anything from my career in fraud, it is that history repeats itself again, and again, and again. Certainly, fraud schemes that are specific to your industry must be understood to prevent losses. However, don’t believe your “own press.” Fraud within your industry is not so unique that you can’t learn from other industries. You’d be amazed at the similarities across industries. Trust me.

So next time someone says fraud is so complicated in their industry that you’ll never understand it, take the time to politely challenge their statement. You may have much more in common than you both realize!

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com