An employee forges a signature on a check made out to himself/herself or to someone else.
In the case of payroll fraud, an employee causes his or her company to issue a payment by making false claims for compensation.
Skimming schemes get their name from the fact that money is taken "off the top," as the cream is skimmed from milk. The main categories of skimming schemes are:
- Unrecorded sales
- Understated sales and receivables
- Thefts of checks through the mail
- Short-term skimming
- Skimming, the most common form of cash misappropriation, is the removal of incoming funds before they can be recorded in the company's books. Skimming schemes leave no direct audit trail, and often the company is unaware that the cash was ever received. Any employee who comes in contact with cash can, in theory, skim money.
Skimming Warning Signs - No matter who skims money or how they do it, the accounting effect is the same: revenue is lower than it should be, while the cost of producing that revenue remains constant. Thus, employees should be alert to the following warning signs:
- Decreasing cash to total current assets
- Decreasing the ratio of cash to credit card sales
- Flat or declining sales with the increasing cost of sales
- Increasing accounts receivables compared with cash
- Delayed posting of accounts receivable payments
Billing schemes are the most costly type of asset misappropriation. In a billing scheme, the company pays invoices that an employee fraudulently submits to obtain payments he or she is not entitled to receive.
- Shell company schemes use a fake entity established by a dishonest employee to bill the company for goods or services it does not receive. The employee converts the payment to his or her own benefit.
- Pass-through schemes use a shell company established by an employee to purchase goods or services for the company, which are then marked up and sold to the company through the shell. The employee converts the markup to his or her own benefit.
- Pay-and-return schemes involve an employee purposely causing an overpayment to a legitimate vendor. When the vendor returns the overpayment to the company, the employee embezzles the refund.
- Personal-purchase schemes involve an employee ordering personal merchandise and charging it to the company. Sometimes the employee keeps the merchandise; other times, he or she returns it for a cash refund.
Procurement Fraud - This type of fraud includes schemes such as over-ordering products and then returning some and pocketing the refund, purchase order fraud where the employee sets up a phantom vendor account into which are paid fraudulent invoices or initiating the purchase of goods for personal use
Payment Fraud - This can include vendor fraud schemes as well as creating false customer accounts to generate false payments.
Billing Fraud Warning Signs
- Invoices for unspecified consulting or other poorly defined services.
- Unfamiliar vendors.
- Vendors whose only address is a post-office box.
- Vendors with company names consisting only of initials; many such companies are legitimate, but crooks commonly use this naming convention.
- Rapidly increasing purchases from one vendor.
- Vendor billings more than once a month.
- Vendor addresses that match employee addresses.
- Large billings broken into multiple smaller invoices for amounts low enough not to attract attention.
- Internal control defects, such as allowing the same person to process payments and approve new vendors.
Company assets can be misappropriated in one of two ways: they can be misused - "borrowed" - or stolen. Assets most often misused are company vehicles, company supplies and office equipment, including computers.
Computerized information and computer software may seem intangible, but they are valuable company assets. As with any other company property, they must be protected from misuse, theft, fraud, loss, and unauthorized use or disposal.
Misappropriation of computer space, time, or software includes:
- Using a computer to create or run unauthorized jobs
- Operating a computer in an unauthorized mode
- Intentionally causing an operational failure
Non-Cash Misappropriations - Theft
Theft of company property is an even greater concern to companies than misuse. Losses from larceny of assets cost companies millions of dollars. The means range from simple larceny - An employee steals a product from a company, either by physically taking it or diverting it in some other way - to falsifying documents and ledgers.
Anyone who steals inventory causes inventory shrinkage; therefore, prevention demands that someone knowledgeable about the inventory and independent of the purchasing or warehousing sectors conduct periodic physical inspections of the inventory. All merchandise should be guarded and locked, with access limited to authorized personnel only.
Theft of Services - An employee misuses company services or company-funded services.
Cash larceny is the intentional removal of an employer's cash - currency, checks, or both. The funds may be obtained by forging a check, submitting a false invoice, or doctoring a timecard, among other illegal activities. The two principal types of cash larceny are thefts from deposits and register theft.
Unlike skimming schemes, this cash has already been recorded on the books. The key to preventing cash larceny schemes is adequate physical control over the custody of cash.
Warning signs of cash larceny include:
- Unexplained cash discrepancies.
- Altered or forged deposit slips.
- Customer billing and payment complaints.
- Rising "in-transit deposits" — that is, deposits that are made but not yet posted by the bank.
In retail environments where cash exchanges are common, this type of fraud covers simply:
- Stealing cash.
- Not registering a sale and pocketing the cash.
- Return fraud (an employee colludes with someone else to return goods fraudulently for a refund).
Fraud by non-employees (third parties) often begins with what is referred to as "social engineering" — the manipulation of an employee's natural human tendency to trust to allow a third party to gain unauthorized access to company resources.
At its simplest, it refers to the process a computer hacker would use to obtain an employee's network password, giving the hacker access to the company's network without having to break in. The hacker might then use this access to access confidential company information, steal employee identities or disrupt the company's systems or network.
To recognize a social engineering scheme, keep an eye out for a third-party caller's (or e-mailer's) refusal to provide contact information, rushing, name-dropping, intimidation, asking odd questions, and requesting forbidden information. Suspicious behavior should be reported to your supervisor.
Hackers and Social Engineering
A hacker is someone who uses a computer to gain unauthorized access to data. A clever hacker will use a variety of techniques, including one or more of the following to commit social engineering fraud:
- Impersonating an authorized person online, by telephone, or even in person
- Coaxing information such as passwords out of employees by preying on their trust, charming them, or flirting
- Rigging the system and then offering to help "fix it" — and accessing passwords in the course of repairing the system they've rigged
- Entering the work area and looking over people's shoulders to find out passwords
- Sifting through unshredded documents in the trash
- Offering sweepstakes requiring a password to enter, with the hope that the participant will use the same password used for network access