Who is to blame for $10.2 million embezzlement?

Just when you think you’ve heard it all…

This case involves the Pope, travel on corporate jets, the Superbowl, and a celebrity chef. In fact, it is so unusual that I had to include it in our proprietary global knowledge center (enter 8688JGT for 3 months free access). Since it is included in our database, we have already analyzed the case and provided a list of lessons learned. Before I share some of that information here, let’s learn about the fraud.

Patricia K. Smith, the former controller for Baierl Acura, pleaded guilty to taking $10.2 million from the dealership over a 7 year period. Smith moved money from the dealership’s business accounts to her personal account using over 800 Automated Clearing Housing (ACH) transfers. Smith then used the proceeds to fund the following expenses:

•    $1.8 million billed to American Express for private jet charters; travel to seven countries in Europe and four islands in the Caribbean

•    $44,500 for four club-level tickets along with full hospitality at Super Bowl XLV

•    $32,500 for a luncheon for six people prepared by Food Network star Ina Garten at her barn in East Hampton, NY

•    $5,000 for “The Vatican Package,” which included Mass in Papal Audience with VIP seating, air fare for four, VIP tour of the Vatican Museum with a private tour guide, and a private tour of the Sistine Chapel with family before it is open to the public

•    $2,500 for a Phantom of the Opera experience, including costume fitting, wig fitting, an escort onstage during the Hannibal Opera sequence, and four seats for the performance.

She also purchased the following assets which will be subject to forfeiture:

•    Four houses— three in Pennsylvania and one in Georgia

•    10 vehicles, including three Acuras, four Hondas, and a Mustang convertible (At least she remained loyal to Acura / Honda)

•    Stocks, jewelry, cash, gold coins and personal property, including flat-screen televisions, a mink coat and a baby grand piano.

I have my own thoughts on who is to blame, but I would like to hear your perspective before I weigh in. Please register your vote in the poll at the top of the article. I’ll share my thoughts in a subsequent blog post.

FBI Press release

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Advertisements

Post-mortem of a fraud – what small and large companies do differently

I believe that each instance of fraud provides companies with an opportunity to reassess their entire fraud defense. Some would call this continuous improvement; others would view it as a best practice. Whatever you call it, fraud defenses must be reviewed, tested and re engineered on a regular basis. Waiting for fraud to happen then scrambling to implement controls after the fact makes very little sense. In the airline industry it is called “Tombstone legislation” – someone has to die for changes to be made – only in this case it is small companies that are “dying”. Large companies live to fight another day. At least most of the time – even when the losses are in the millions…

Things to do on first day with new employer:

  • Turn up on time – check
  • Find desk and log in to computer – check
  • Figure out way to embezzle $1 million…

If the reports are to be believed, when Brenda L. Jones started working with Sirius XM Radio she almost immediately embarked on a fraud scheme that resulted in a seven figure loss.  A co-conspirator with the mysterious initials “VP” was not indicted (any guesses why they were not indicted?)

What makes this fraud particularly interesting is the size of the victim company. Sirius XM Radio is not a “Mom & Pop” company with limited resources to deploy in the fight against fraud. Yet, they suffered a huge loss. Had this fraud happened at a small company, it is highly likely that they would have been forced in to bankruptcy.

I am often asked to detail the size of company that I help fight fraud. My answer is small, medium and large – they all need help! Fraud happens at companies of all sizes and many of the best practices are applicable regardless of size.

  • Over the course of a year, fraud losses at a large company will typically exceed losses for a small company. But on a per incident basis, there is very little difference. To illustrate the point, take a look at the graph below from the Association of Certified Fraud Examiners 2010 Report to the Nations. There really isn’t that much of a difference between the median loss at a small company (less than 100 employees) and losses at companies with more than 100 employees. With that said, a $155,000 fraud at a small company can close the doors. A $164,000 fraud at a Fortune 500 company is a blip on the radar.

The biggest difference between how fraud is handled at small and large companies can be found in the post-mortem process:

  • Not surprisingly, the post-mortem at a large company is focused on preventing the fraud from happening again. Often, employees that failed to uncover the fraud are disciplined or terminated. If the company has an internal audit function, they are often asked to prepare a report that details the control failures and provide recommendations to avoid a similar fraud in the future. Management of the operation where the fraud took place is expected to implement, and subsequently own the changes to the internal control environment. Invariably, the fraud will receive a nickname and over time, the mere mention of the fraud will either silence a room or result in embarrassed chuckles. No one wants to see that fraud happen again.
  • The post-mortem at a small company is an entirely different matter. Instead of internal audit reviewing the situation and recommending improvements, the owner or senior executives normally dive in and do their best to understand what really happened. The entire company – not just the department where the fraud took place – is on tender hooks. They literally don’t know whether they will have a job next week. A law firm is normally involved in some shape or fashion and their mere presence sends concerned employees scurrying up and down the corridor looking for someone to tell them what is happening.

Quite simply, the stakes are not the same for large and small companies.

I believe that the post-mortem process at most companies is in need of an overhaul. Very rarely do small or large companies do anything more than deploy controls to stop exactly the same fraud that they just experienced from happening again. That’s understandable. “Scope creep”, “trying to boil the ocean’, “not trying to solve world hunger” are all euphemisms for don’t over engineer the solution.

I agree that it is important to solve the problem at hand. With that said, it is almost guaranteed that a company will experience more than one fraud in its lifetime. Subsequent frauds may duplicate a previous fraud, be a variation on a theme, or something entirely brand new. Will your company be ready?

As for Sirius XM Communications, I am sure the post-mortem process is over by now. I wonder what they did to stop a similar fraud from happening in the future? Anyone want to bet that they expanded the post-mortem process to include an assessment of fraud risk within the entire accounts payable department.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

The confession – the “how” and “why” of employee fraud

“It is not the criminal things that are hardest to confess, but the ridiculous and the shameful.”

– Jean Jacques Rousseau, (1712-1778) Swiss political philosopher

The employee sitting across the table from me (we’ll call him Bob) looked like he was going to throw up. I didn’t feel any better. I had played this scene over in mind for weeks and hardly slept the night before.

Welcome to my first interview involving a fraud suspect. You can conduct as many “mock” interviews as you like, but until you are sitting face to face with an employee accused of fraud, you really have no clue what it feels like.

Bob clasped his hands together – almost in prayer – and stared directly at me with eyes that appeared on the verge of unloading tears. Below the table, his legs were bouncing at an alarming rate, so much so that the binders in front of me were slowly shuffling towards the edge of the table. It was time to begin…

“Do you know why you’re here?” I asked

“Yes” said Bob. “I did it. I took the money. Can I go home? I need to tell my wife”

Now what am I supposed to do? The employee had confessed without seeing one document. This is easy! Will they all go this smoothly? I composed myself and asked Bob to tell me what he meant. What money? How did he take it? He again asked to go home, but I encouraged him so share his side of the story and review the documents I had compiled. I convinced him that he needed to know what he had just confessed to doing.

We spent the next hour reviewing the investigation binder in detail. During that time, Bob explained how he embezzled over $100,000 from the company. I also shared the mistake he made that resulted in his undoing. At the end of the hour, Bob had explained how he had committed the fraud, but he had not shared why he had done so.

Knowing how the fraud took place is certainly important as employee and third-party fraud tends to follow “tried and tested” modus operandi. There are certainly variations on themes where a fraud includes a “wrinkle” or unusual element that is unique. With nearly 17+ years experience in this arena, I am still learning new and unusual ways to commit fraud. But don’t neglect the “why”… If you really want to make a difference, ask about the how and the why.

Never make any promises to entice the employee to provide the “why” (That can really create much bigger problems down the road). There are a number of tactics to help employees through this phase of the interview. I personally like the “5 Whys” approach.

Why did you take the money?”

“Lots of reasons. I don’t really want to tell you why.”

“It would really help if you did. I know this has been bothering you for a long time. Why take all that money? What made you take the first step?”

“I didn’t get promoted last year. I deserved it. I did all the work, and he (pointing to his supervisor seated in the far corner) took credit. For everything.”

“But why commit fraud, though? You might have been promoted this year”

Bob looked down and bit his bottom lip.

“I know other people took money and got away with it.”

“In this office?” I asked. “How do you know?”

“I know because I saw them. They gave me money to keep quiet. I shouldn’t have taken it. But then I wanted more.”

Why take the money? Why not tell someone about what you saw?”

“My kids need clothes and we just don’t have it. My wife hasn’t been able to find a job and we don’t have anyone to look after the kids anyway. The others were fired so I couldn’t get any more money from them.”

It turns out that 2 employees were fired six months prior for absenteeism. Upon further investigation, both had been involved in stealing inventory and selling it on eBay. Bob stumbled across the fraud and agreed to accept kickbacks to keep quiet.

Sometimes the “5 Whys” works. Other times, no matter how you ask the questions, the employee declines to share anything of value. In fact, I had one employee tell me that they needed the money, and then run out of the room! Not much you can do in that type of situation.

Remember: how fraud is committed is always important, but so is the why. Don’t neglect one over the other as understanding both can help your company prevent fraud. Take the time to learn from each fraud. After all, you’ve paid the entrance price; why not watch the entire movie?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com