Highlights of the article:
E-business has been a boon to international con artists, said Gene Smith, founding partner of Washington's Smith Brandon International, specializing in international investigative services.
Online global ventures, especially business-to-business ventures, must take into consideration the potential risks as well as rewards. A significant online sale can go sour after the product is delivered if the seller has not conducted appropriate background checks on the buyer, she said.
For the full article see below.
_________________________________________________
The window for wrongdoing was about 15 minutes a day. In that time, millions of dollars were stolen.
A large company issuing hundreds of cheques a day set up a computerized system to automatically authorize and sign the cheques. Once the cheques were processed, the electronic cheque requisition data was deleted from the database.
No cheque requisition audit trail existed beyond a 15-minute window, from the time the cheques were processed to the deletion of the requisition data.
A month or so after the cheque production system went live, an auditor detected a significant difference between the value of cheques required by the company and the value of cheques produced by the system. Thinking he had made a reconciliation error he double-checked his work. Then triple-checked it.
The difference ran into millions of dollars.
To figure out what was going on, the company called in a team of forensic accountants who discovered a network security hole through which a hacker had submitted cheque requisitions for unauthorized payments. These false requests were deleted shortly after the cheques were generated, so there was no audit trail.
The company revamped its network security, cheque reconciliation and audit procedures, but the unknown culprit—now very rich—was never apprehended. The fraud artist could have been an employee or an online hacker using a security hole to access the system.
Forensic accountants regularly unearth computer network, Internet and bank fraud, kickback and procurement schemes, theft of cash, products and intellectual property, and other nefarious schemes, said Tedd Avey, co-author of The CPA's Handbook of Fraud and Commercial Crime Prevention, and the Toronto based president of Kroll Consulting Group Worldwide, a multinational independent risk consulting and forensic accounting company.
Most companies have policies and procedures in place to minimize fraud but they also depend a great deal on trust. When trust is misplaced and policies are breached, companies are left scrambling to close barn doors after employees, managers or senior executives have escaped, saddlebags packed with illicitly gained booty.
Here's how one recent scam worked: Late at night, Clyde used a bank machine to deposit $250,000 in cheques. Early the next morning, Bonnie, a bank employee, cleared the cheques. Clyde wired the cleared funds to an offshore account. During a subsequent audit, management discovered the cheques were bogus.
The kicker? The bank had no way of identifying the employee who cleared the cheques. It's a large branch with dozens of employees, many of whom regularly clear funds. To compound matters, the cheques could have been cleared electronically over the bank's computer network, from any branch.
Called in to investigate, Avey's forensic accounting team discovered it was business process lapses and not any network security leaks, that enabled Bonnie and Clyde to rip off the bank. The bank opted to institute tighter controls over network access to cheque clearance levers and more detailed audits.
However, Bonnie and Clyde were never identified and the bank never recovered the money.
In the world of white-collar fraud, American companies and government agencies are bilked of an estimated US$600 billion annually, according to the association of Certified Fraud Examiners (http://www.acfe.com/), based in Austin, Tex.
Employees conduct about 60 per cent of internal fraud, middle management 30 per cent and senior executives and owners about 10 per cent, said Glen Harloff, a former RCMP fraud investigator and forensic accountant with LRTS Investigation in Toronto. Employee fraud costs about $50,000 per occurrence, while scams perpetrated by middle managers often hit $250,000.
However, fraud by owners and senior managers can net a lot more than that, as happened when the president of a manufacturing company stole more than $1,000,000 through contract procurement fraud.
Controlling the tendering and bidding process for a new addition, the president demanded and received kickbacks, Harloff said. Contractors recouped these illicit business expenses by inflating bids and the company paid dearly for the addition.
When he was with the RCMP, Harloff investigated a scheme where the vice-president of procurement ordered products through a shell company he owned, racking up close to $4,000,000 in illicit markups, all of which came off the bottom line of the company that employed him.
E-business has been a boon to international con artists, said Gene Smith, founding partner of Washington's Smith Brandon International, specializing in international investigative services.
Online global ventures, especially business-to-business ventures, must take into consideration the potential risks as well as rewards. A significant online sale can go sour after the product is delivered if the seller has not conducted appropriate background checks on the buyer, she said.
If a new client places an order through a Web site, how does the seller determine who the prospective buyer is, if he/she has the authority to place such an order and if the company has the ability to pay?
Companies have two options—proceed on faith or sort out potential transaction dilemmas and due diligence procedures before hanging their shingle in cyberspace.
On the upside, the Internet makes it easier for companies to conduct business in foreign countries and for companies to process credit checks on foreign companies.
For instance, companies like Dun & Bradstreet can help credit managers adapt to the new global reach of the Internet by providing background and credit information online or by e-mail, according to Scott Blakeley, partner with Blakeley & Blakeley, a creditors' rights firm in Irvine, Calif. The most dramatic effect on the Internet "is the shortening of the credit cycle," he said. Vendors are using the Internet to conduct background and credit checks on companies, cutting dramatically into the time required to approve credit and minimize fraud.
North American consumers were bilked of more than US$14 million online and through e-mail last year, according to the National Fraud Information Centre (www.fraud.org). Fake online auctions accounted for 90 per cent of the scams and the infamous Nigerian Money Offer scam accounted for four per cent of the total.
However, industry analysts peg the global value of computer-based business and consumer fraud at more than US$400 billion. More than 25 per cent of Fortune 500 companies are computer crime victims, and employees have perpetrated many of the crimes.
TOP THREE DRIVERS
Three factors are at the root of most internal frauds: opportunity, need and rationalization, Harloff said. If checks and balances are not up to snuff, or if one person has too much control, there is opportunity.
Need occurs if employees develop drug problems, get divorced or start living beyond their means. Employees who feel mistreated, underpaid or passed over for promotion often use perceived slights to rationalize illicit actions.
Rapidly growing companies are particularly susceptible to fraud as everyone is focused on growth and "nobody is keeping the house in order," said Avey, who witnessed a great deal of fraud during the dotcom boom, such as the controller who not only authorized and wrote cheques but also reconciled the books for a start-up company.
The controller wrote and cashed cheques payable to himself. The bank returned the cheques and the controller shredded them. Nobody was the wiser until an internal audit revealed the books were not balanced—to the tune of several hundred thousand dollars. It was impossible to discover who the missing cheques were payable to because the bank did not retain microfiche copies, Avey said.
The controller's impressive resume indicated that he had worked as a financial consultant for a two-year period. The background check revealed he did his financial consulting in jail, where he was serving time for cheque fraud.
CHECKING UP
To minimize workplace fraud, theft and other misdemeanours (such as harassment or violence), companies should screen prospective employees, said Matt Coveart, managing director of Kroll Background Screening Group in Toronto, a company which screens 500 to 800 candidates a day.
For less than $150, its work includes:
- Reference checks
- Employment verification (including unreported employment gaps)
- Education claims
- Credit checks (particularly of employees who handle cash or credit cards or enter customer homes)
- Criminal background checks.
While any company can pre-screen prospective employees, small and medium businesses often lack human resources staff. Managers are pulled away from the company's core business to screen candidates, Coveart said. In a hurry to get back to work, they might accept the candidate's word that she is a rocket scientist when in truth she can't fold a paper airplane.
Ending up with a lemon, new employers discover they cannot make lemonade. So they should fire these employees, said Connie Reeve, a partner with Blake, Cassels & Graydon, a national business law firm.
Reeve has seen courts overturn cases that seem to have obvious grounds for dismissal.
Take the example of the bank teller who stole $7,000 from her branch. The teller was caught, confessed and was summarily dismissed—no two-weeks notice, no severance package. So she sued the bank for wrongful dismissal.
The teller had a clean 25-year employment record, was remorseful and had a pathological addiction to video poker gambling, which is why she stole the money. The court ruled her gambling illness was protected by human rights legislation and the bank had to hire the teller back. If the bank had negotiated a settlement package with severance pay the dismissal would have stuck.
Pay a thief to leave? Welcome to the complex state of Canadian employment law, Reeve said, pointing out that employers in non-union shops rarely get stuck with dreadful employees, as long as they fork out appropriate severance pay.
So whether it's online or in-house, companies must take steps to minimize fraud and put measures in place to detect it when, not if, it occurs.