Old enough to know better?

Mary Ella Hixon, what are we to do with you?!?

The 91-year-old former mayor just pleaded guilty to stealing $201,000 from River Falls, in southern Alabama.

The judge sentenced Mary to 10 years in prison. However, luckily for Mary, he suspended the sentence due to her age. She will instead be placed on probation for five years.

All going well, at age 96, Mary will be free to do whatever 96-year-old people do, sleep I guess…

Did the judge make the right decision? Should age play a role in the sentencing of white-collar criminals?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

If you want to learn more about the “art” of interviewing fraud suspects, here is an interview that I gave on the subject. Let me know what you think…

CPE Link Blog

An interview with Paul McCormack, fraud investigator and educator…

How many fraud suspects have you interviewed in the course of your career as a certified fraud examiner?

After the first hundred, I actually stopped counting, but I’ve easily interviewed more than 500 people while investigating employee and third party fraud.

How is interviewing a fraud suspect different from the interrogations we see dramatized on TV?

The goals are very different. On TV, the actor-detective wants to force a confession. It makes for entertaining television. The goal of the interview in a private company is to encourage the employee to share information. Threatening him or her, with termination or legal action, isn’t appropriate or effective. In fact, there are legal risks to it. Tactics that may be appropriate for law enforcement can get you in trouble if you employ them as an interviewer in a corporation.

What qualities make a…

View original post 498 more words

Update: XM Radio Employee Sentenced to 15 Months

Photographer: Stephen McCormack

Photographer: Stephen McCormack

I have an update on a case that I previously discussed involving XM Radio. Valencia Person, an Accounts Payable coordinator just received a 15 month sentence for her role in the embezzlement.

The news article detailing her sentencing notes that Person agreed to a monetary judgment of $908,924. That doesn’t make much sense to me as the article later notes that Brenda Jones, her co-conspirator received $690,000 and Person received $125,000. May be there will be more information available when Jones is sentenced on August 16…

Now, I wonder how much the investigation cost to complete… I would hazard a guess that the total loss easily exceeds $1,000,000. Investing in prevention doesn’t seem so expensive after all, does it?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Bookkeeper plays “hide and seek” with company’s bank records

Source: Hyku

Bonnie Denning didn’t want the owners of Easy Picker Golf Products to see the company’s bank records, and now we know why! Over the course of less than 12 months, Denning alledegly embezzled $818,339.37 from the Lehigh Acres company using wire transfers, a debit card linked to the company’s accounts, and one check (I suspect that there will be more fraudulent checks uncovered in due time).

Here is a break down of the loss:

  • 60 Debit card transactions – $411,387.00 

Alledegly used to used to buy clothes, gas, electronic goods and home furniture.

  • 54 wire transactions – $358,885.50

Alledegly included $4,799.58 to purchase granite for Denning’s home and $29,160.00 associated with a drug rehabilitation program for a relative

  • 1 check – $5,295.76 for shutters for Denning’s home

Total loss – an eye popping $818,339!

Here are some lessons learned:

  1. Denning refused to turnover the company’s bank records to the owners. In fact, the owners had to request the statements directly from the bank! That is a GINORMOUS red flag. Never, I repeat never give your bookkeeper sole custody of your company’s bank records.
  2. The bank issued a debit card to Denning apparently without the knowledge of the owners. I’ll leave it up to the owners and the bank to decide who is at fault here; however, as I have said before, relying exclusively on your bank to prevent embezzlement is a losing proposition.
  3. Engaging a bookkeeper should never result in the the owners abandoning oversight of the financials. To the contrary, owners must stay engaged and ensure that the bookkeeper compiles the results in an accurate and efficient manner. Put simply, not paying attention can cost you dearly.

I sincerely hope that the Easy Picker Golf Product Company can survive this catastrophic loss. I can only imagine how the owners must feel.

As this case develops, I’ll keep you posted.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Interesting article: How CIOs Can Learn to Catch Insider Crime (with help from yours truly…)

I thought my readers might be interested in an article that CIO magazine just published on insider crime. A writer from CIO magazine interviewed me about a month or so ago and I am proud to say that I am quoted extensively throughout the article. Here is just one of my sound bites:

“I’ve yet to meet any C-level person who says, ‘I’m so proud that we have 500 people preventing fraud.’ It’s not what people want to put out there as a badge of honor. It’s a necessary evil.”

Please check out the full article. In my opinion, the writer did an excellent job discussing insider fraud from a number of angles.

I hope you enjoy the article. Please let me know what you think!

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Payroll and inventory fraud – are you next?

Apparently, there is quite a bit of money to be made from gourmet mushrooms (no, not that kind). So much so that Gino Silva and Steven Perei, both employees with D’Artagnan, a mushroom distributor set up their own company in direction competition with the employer.

Starting in December 2007, Silva and Perei made sales on behalf of their own company, Mediterra, then stole D’Artagnan’s inventory to complete the sale. To conceal the theft, Silva enlisted the help of D’Artagnan’s inventory control specialist to manipulate purchase order records and alter inventory records. This scheme was simple, yet quite brilliant – by using their employer’s inventory for their new company, top line sales essentially equaled bottom line profit. Why pay for inventory when someone else can foot the bill? The mushroom scheme lasted just over 12 months.

The mushroom scheme was not Gino Silva’s “first rodeo”. From 2005 to 2008, Silva was vice president of operations for Philips Accessories and Computer Peripherals. While working there he conspired with others to add “ghost” employees to the company’s payroll that ended up being paid approximately $1.2 million for nonexistent services (Ghost employees may be real people or fictitious but they do not work for the company).

Silva pleaded guilty to the payroll scheme in December 2008. In June 2009, he received a 27 month sentence and a restitution order for $843,414. In April 2011, Silva pleaded guilty to the mushroom scheme, and in March 2012 received a 28 month sentence, a year of supervised release and $71,179 in restitution for the mushroom scheme.

Silva committed two very different frauds and was eventually caught and sentenced twice. Is he a criminal mastermind? Certainly not, but he still managed to defraud two companies with relative ease. Will he commit a third fraud once he is released from prison? Who knows? But, the temptation may be too great… and this time, he probably knows how not to get caught!

I can tell you that there a literally thousands of companies that he could join and commit exactly the same frauds without being caught for at least a year. Is your company next?

Read more here

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

$2.7 million embezzled from Arizona National Guard

While members of the Arizona National Guard were in harm’s way, James Eugene Burnes, a retired Army colonel took care of business on the home front. Unfortunately, he put his personal business above the needs of the National Guard. Between May 2003 and August 2011, Burnes embezzled $2.7 million from the Arizona National Guard Family Emergency Fund and the Arizona National Guard Emergency Relief Fund.

Apparently, Burnes had fallen on hard times. Just three years after retiring from the Army on presumably a healthy pension, he began committing fraud in his new role as a resources manager for the Arizona Department of Emergency and Military Affairs. From all accounts, he had a gambling habit that needed to be fed. To cover his tracks – as so many perpetrators of fraud do – he created fake financial statements and audit statements.

Here is how he stole the money:

  • Withdrew $1.9 million in cash during 675 separate visits to the bank (He visited the bank as often as 20 times a month).
  • Wrote 169 checks totaling more than $400,000
  • Purchased 32 cashiers checks for more than $332,000
  • Authorized electronic transfers of $40,000

Management oversight was apparently lacking and numerous red flags were ignored. In fact, an employee within Burnes organization uncovered the fraud and shared the information with a supervisor. The fraud continued for another five months before the supervisor confronted Burnes and initiated a review of bank records which confirmed the fraud.

I am sure that the Arizona National Guard thought it was appropriate to trust “one of their own” – a retired Army Colonel. If only life were that simple… Burnes may have been an exemplary officer while on active duty, but as I have said before, even good people make mistakes. Burnes will found out soon how much he’ll have to pay for his mistake when he is sentenced later this year.

Trust too much, and employees may view it as a sign of weakness. Call me cynical, but if my experience has taught me anything, it is that organizations routinely place far too much trust in their employees. If you ever catch yourself saying that you trust your employees and they would never steal from you, it may already be too late. Trust me; I built my career as a fraud consultant based on employers trusting that their employees will never steal. Guess what? Fraud happens.

Learn more about the case here and here.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Have trade secrets, will travel…

We regularly hear from the U.S. government about the theft of intellectual property by Chinese companies and their government. This is just one of several examples that I have reviewed and analyzed in the past week. I am sure that there are many more attempts that go unreported.

In February 2012, Hanjuan Jin, a former software engineer for Motorola, Inc., was found guilty of stealing more than 1,000 electronic and paper documents from Motorola. Jin was caught by U.S. Customs while attempting to catch a one way flight to China. She had worked for Motorola since 1998. Why did she decide to steal Motorola’s trade secrets? Had she stolen intellectual property prior to 2007? We’ll probably never know…

The 2007 theft was not a “spur of the moment” decision. It had been in the planning phases for approximately a year.

In February 2006, Jin took a medical leave of absence. Between November 2006 and January 2007, Jin flew to China and worked for Sun Kaisens, a Chinese telecommunications company that developed products for the Chinese military. Jin had already spent June through November 2006, in China negotiating with Sun Kaisens. While working for Sun Kaisens, Jin was provided access to classified Chinese military documents.

In February 2007, the plan to steal trade secrets from Motorola kicked in to high gear:

  • February 15, Jin returned to the US from China.
  • February 22, she bought a one way ticket back to China.
  • February 23, she notified Motorola she wished to return to work.
  • She went back to work on February 26. Once back on the company’s premise, she accessed large volumes of proprietary documents during normal work hours as well as after hours. She was also observed leaving the building with various documents and possibly a laptop.
  • February 27, she volunteered for a layoff from Motorola.
  • February 28, Jin was caught trying to leave the country with over 1,000 electronic and paper documents belonging to Motorola. She also had a number of documents marked “secret” belonging to the Chinese military.

Interestingly, Jin was found her not guilty of three counts of economic espionage for the benefit of the People’s Republic of China and its military. She faces a maximum penalty of 10 years in prison on each count of stealing trade secrets.

Given Jin’s frequent trips to China, and the fact that the theft had been in the planning phases for 12 months, it is anyone’s guess regarding how much of Motorola’s intellectual property Sun Kaisens or the Chinese government were able to gain direct access to. Since Jin spent time in China prior to the theft attempting to convince Sun Kaisens to employ her, she likely shared information from memory. Also, since Jin had been employed with Motorola since 1998, it is possible that she had taken information over time in the event that a move to China was in her future.

This case underscores why it is important to protect your company’s trade secrets. Ask yourself the following questions:

  • Does your company have trade secrets? Can you list them?
  • How are they used within the business?
  • Where are they stored?
  • What has the company put in place to control and monitor access?
  • How would the company know that an employee is about to steal trade secrets?

There are a number of additional questions involving the alignment of people, processes and technology and the protection of trade secrets, but the questions above should generate sufficient food for thought.

Protecting trade secrets requires a multipronged approach. If there are any gaps in the approach, employees or third parties intent on stealing intellectual property will find them. Don’t believe me? Sanofi-Aventis also has experience dealing with Chinese foreign nationals and the theft of trade secrets. For more on that case, click here.

Arguably, the theft of intellectual property can do more damage to a company than the theft of cash. A company can earn more money to replace the money that was stolen, but once a trade secret is no longer “secret”, the damage is done. Many companies look to the legal system to punish the entity or individual that stole their trade secrets. Certainly, the courts can help. But if your organization cannot demonstrate that it took steps to appropriately protect its trade secrets, the courts may not look too kindly on your claim.

Be proactive! Invest the time and effort to protect your company’s intellectual property. Once your intellectual property is in stolen, you may be a company in name, but in reality, you are a shadow of your former self.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Who is to blame for $10.2 million embezzlement?

Just when you think you’ve heard it all…

This case involves the Pope, travel on corporate jets, the Superbowl, and a celebrity chef. In fact, it is so unusual that I had to include it in our proprietary global knowledge center (enter 8688JGT for 3 months free access). Since it is included in our database, we have already analyzed the case and provided a list of lessons learned. Before I share some of that information here, let’s learn about the fraud.

Patricia K. Smith, the former controller for Baierl Acura, pleaded guilty to taking $10.2 million from the dealership over a 7 year period. Smith moved money from the dealership’s business accounts to her personal account using over 800 Automated Clearing Housing (ACH) transfers. Smith then used the proceeds to fund the following expenses:

•    $1.8 million billed to American Express for private jet charters; travel to seven countries in Europe and four islands in the Caribbean

•    $44,500 for four club-level tickets along with full hospitality at Super Bowl XLV

•    $32,500 for a luncheon for six people prepared by Food Network star Ina Garten at her barn in East Hampton, NY

•    $5,000 for “The Vatican Package,” which included Mass in Papal Audience with VIP seating, air fare for four, VIP tour of the Vatican Museum with a private tour guide, and a private tour of the Sistine Chapel with family before it is open to the public

•    $2,500 for a Phantom of the Opera experience, including costume fitting, wig fitting, an escort onstage during the Hannibal Opera sequence, and four seats for the performance.

She also purchased the following assets which will be subject to forfeiture:

•    Four houses— three in Pennsylvania and one in Georgia

•    10 vehicles, including three Acuras, four Hondas, and a Mustang convertible (At least she remained loyal to Acura / Honda)

•    Stocks, jewelry, cash, gold coins and personal property, including flat-screen televisions, a mink coat and a baby grand piano.

I have my own thoughts on who is to blame, but I would like to hear your perspective before I weigh in. Please register your vote in the poll at the top of the article. I’ll share my thoughts in a subsequent blog post.

FBI Press release

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Post-mortem of a fraud – what small and large companies do differently

I believe that each instance of fraud provides companies with an opportunity to reassess their entire fraud defense. Some would call this continuous improvement; others would view it as a best practice. Whatever you call it, fraud defenses must be reviewed, tested and re engineered on a regular basis. Waiting for fraud to happen then scrambling to implement controls after the fact makes very little sense. In the airline industry it is called “Tombstone legislation” – someone has to die for changes to be made – only in this case it is small companies that are “dying”. Large companies live to fight another day. At least most of the time – even when the losses are in the millions…

Things to do on first day with new employer:

  • Turn up on time – check
  • Find desk and log in to computer – check
  • Figure out way to embezzle $1 million…

If the reports are to be believed, when Brenda L. Jones started working with Sirius XM Radio she almost immediately embarked on a fraud scheme that resulted in a seven figure loss.  A co-conspirator with the mysterious initials “VP” was not indicted (any guesses why they were not indicted?)

What makes this fraud particularly interesting is the size of the victim company. Sirius XM Radio is not a “Mom & Pop” company with limited resources to deploy in the fight against fraud. Yet, they suffered a huge loss. Had this fraud happened at a small company, it is highly likely that they would have been forced in to bankruptcy.

I am often asked to detail the size of company that I help fight fraud. My answer is small, medium and large – they all need help! Fraud happens at companies of all sizes and many of the best practices are applicable regardless of size.

  • Over the course of a year, fraud losses at a large company will typically exceed losses for a small company. But on a per incident basis, there is very little difference. To illustrate the point, take a look at the graph below from the Association of Certified Fraud Examiners 2010 Report to the Nations. There really isn’t that much of a difference between the median loss at a small company (less than 100 employees) and losses at companies with more than 100 employees. With that said, a $155,000 fraud at a small company can close the doors. A $164,000 fraud at a Fortune 500 company is a blip on the radar.

The biggest difference between how fraud is handled at small and large companies can be found in the post-mortem process:

  • Not surprisingly, the post-mortem at a large company is focused on preventing the fraud from happening again. Often, employees that failed to uncover the fraud are disciplined or terminated. If the company has an internal audit function, they are often asked to prepare a report that details the control failures and provide recommendations to avoid a similar fraud in the future. Management of the operation where the fraud took place is expected to implement, and subsequently own the changes to the internal control environment. Invariably, the fraud will receive a nickname and over time, the mere mention of the fraud will either silence a room or result in embarrassed chuckles. No one wants to see that fraud happen again.
  • The post-mortem at a small company is an entirely different matter. Instead of internal audit reviewing the situation and recommending improvements, the owner or senior executives normally dive in and do their best to understand what really happened. The entire company – not just the department where the fraud took place – is on tender hooks. They literally don’t know whether they will have a job next week. A law firm is normally involved in some shape or fashion and their mere presence sends concerned employees scurrying up and down the corridor looking for someone to tell them what is happening.

Quite simply, the stakes are not the same for large and small companies.

I believe that the post-mortem process at most companies is in need of an overhaul. Very rarely do small or large companies do anything more than deploy controls to stop exactly the same fraud that they just experienced from happening again. That’s understandable. “Scope creep”, “trying to boil the ocean’, “not trying to solve world hunger” are all euphemisms for don’t over engineer the solution.

I agree that it is important to solve the problem at hand. With that said, it is almost guaranteed that a company will experience more than one fraud in its lifetime. Subsequent frauds may duplicate a previous fraud, be a variation on a theme, or something entirely brand new. Will your company be ready?

As for Sirius XM Communications, I am sure the post-mortem process is over by now. I wonder what they did to stop a similar fraud from happening in the future? Anyone want to bet that they expanded the post-mortem process to include an assessment of fraud risk within the entire accounts payable department.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com