Do you go to church? Have you ever been to a church? I’m not asking because I’m worried about your soul. Have you ever wondered what happens to the collection that is taken during the service? You should find out. If you tithe, do you carefully check your record of tithes against the statement sent to you by your church? If not, you need to start.
Case Studies: The Fraud Triangle and the South Carolina Hospitality Association
The fraud triangle is a model that is frequently used to illustrate the factors that can cause someone to commit occupational (workplace) fraud. Most occupational fraud isn’t committed by seasoned or experienced criminals. It is rather an issue of three factors: opportunity, pressure, and rationalization.
THE METHADONE CLINIC THAT WAS.
If the objective of this newsletter series is achieved (and assuming you read my newsletters BEFORE you delete them) you will all become so fraud -savvy I will eventually write myself out of a job. Maybe I should think this over.
I realize that your business probably doesn’t have the type of problem illustrated by this case. However, if you know someone who might benefit from this information, please forward this newsletter to them.
THE METHADONE CLINIC THAT WAS.
This story was donated by a contact in law enforcement.
I’m not going to assume that you know what a methadone clinic is. According to Wikipedia, “A methadone clinic is a clinic which has been established for the dispensing of methadone, a schedule II narcotic analgesic, to those who abuse heroin and other opiates.” I’m not going to be a smart-ass and say that the business-type is the first red flag. We would assume that the employees of said clinic don’t necessarily have the motivation to obtain funds illegally. But there are all sorts of motivations — a topic for another newsletter.
THE FRAUD
The only front office employee at this clinic was receiving payments from patients and diverting some of the cash to his wallet. When patients came in, their name, patient number, service date and time would be logged into the accounting system. The perp (I love cop-speak) would delete the patient visit and payment from the accounting system and pocket the cash. There were so many procedural no-no’s found in this situation my head spun. In fact, I think the only thing that was right was the mission of the clinic.
RED FLAGS
The first actual red flag probably wasn’t considered a red flag, it may have even seemed a blessing: the clinic’s patients only paid in cash. And what business is going to say “Sorry! Your cash isn’t accepted here because one of our employees might steal it “? Cash is cash is cash and when a business accepts cash as a payment there needs to be extra accountability. The red flag? CASH. Why do mail order companies ask you to not send cash in the mail? Because eventually, someone is going to open the envelope. You fill in the blanks. It’s CASH!
Cash can be the cheapest form of currency for a business because it incurs no processing fees, NSF, or collection fees. But it can be a pain because it’s impossible to track and therefore, it’s easy to steal (NOOOOO, you think, not MY employees!) There’s no electronic record, check number, or copy in the bank vault. When a business takes in a lot of cash payments, it must have additional checks ( pun intended) and balances. For instance, don’t let the same person collect the cash AND enter the payment into the accounting system. An employee who handles cash probably shouldn’t have log-in credentials for the accounting system.
The other red flag? Doses dispensed > income. The owner noticed that methadone doses dispensed were plentiful but income was not. This might have been a “notice” in hindsight. My details here are a little sketchy. But the owner either noticed the inconsistency and didn’t act, or he noticed it after the fraud was uncovered. Either way, SHAME ON HIM for either 1) looking and not acting; or 2) not looking; or 3) looking AND NOT KNOWING WHAT HE WAS LOOKING AT. No excuse. Sheeeesh.
DEFINING MOMENT (for the perp)
One of the patients called in after his visit and asked for a receipt for his payment. He must have talked to someone other than the perp (who probably took the day off to spend his money). They couldn’t find a record of the payment. They couldn’t find record of the service in the accounting system. For all I know, they couldn’t find the patient’s name in the accounting system. But the pharmacy had a record of the methadone being dispensed.
BIG BLACK HOLES (i.e. , CAUSES)
I could write an encyclopedia on how this could have been prevented. I’m sure the detectives who actually investigated this case DID school the owner. The basics, since we don’t have time for everything:
- They didn’t separate duties;
- They didn’t carefully check behind an employee that had too much responsibility;
- They weren’t smart about assigning log-in credentials. Every employee doesn’t necessarily need access to the accounting system. NO ONE should be able to delete records;
- They didn’t understand the controls available in their accounting software. They used QuickBooks but they didn’t use it well;
- Someone wasn’t paying attention;
- No meaningful account analysis was being performed;
- Did they run an employee background check? I don’t know. It may have helped.
THE FALLOUT
This little not-for-profit clinic paid the ultimate price: it lost $73,000 and had to close its doors. I don’t know what happened to the perp. But even if he was arrested, prosecuted and found guilty, I’m sure he eventually got another job (or will). Does your business run background checks on employees?
‘Til next month…..
Case Studies: Fraud, Forensics, and other Random Felonies, Flaps, and Five-FInger Discounts.
The best way to protect yourself from crime is to learn the lessons of other victims.
That’s what I hope to do in a monthly newsletter which will focus on case studies. The cases will be actual frauds or cases of intentional regulatory non-compliance. In each one I will look at what happened, what the red flags were, how the frauds were uncovered, and what the fallout was. The names will be changed to protect the innocent. Seriously, the victim. Many of the frauds in our case studies could have easily been prevented. And as much as I’d love to throw the perpetrator under the proverbial bus, I don’t want to name names when illustrating the stupidity, in some cases, naivete, of the victims.
Before I start analyzing case studies, I’m going to explain the most common red flags of fraud. Some of the red flags are no-brainers but are still repeatedly overlooked by management and business owners for all sorts of reasons.
- Employee lifestyle changes. If the minimum-wage mail room clerk drives to work in a new Bugatti, it’s time for an audit.
- Employee with significant credit problems. Are debt collectors showing up to see an employee? Yikes! Use discretion, but listen to the talk around the water cooler.
- Refusal to take a vacation. And you thought the bookkeeper was really dedicated, or had no life. There’s a reason banks require their employees to take week-long (or longer) vacations.
- Lack of separation of duties. This is difficult for very small businesses. But should your secretary (or anyone, really) be opening the mail, posting customer payments, taking the deposit to the bank, reconciling the bank statement, answering phone calls, making collection calls, or any two of the above? The same goes for inventory.
- Management (or a manager) operates “fast and loose” with rules, details, procedures, etc. and gets away with it.
- Unreconciled bank statements. Or unusual reconciling entries: something other than outstanding checks. But take a close look at outstanding deposits. Yes, last Thursday’s deposit really should be on the bank statement that was printed four days later.
I could go on and on. But you get the idea and if you don’t unsubscribe from my newsletter, you’ll learn a lot more. Even better, forward it to someone you think may need a “heads up.”
Sed purus sem, scelerisque ac rhoncus eget, porttitor nec odio. Lorem ipsum dolor sit amet.