A Narrative discussion on impressions from a small collection of embezzlement cases from 2012
There are 151 records in the database. But there is one duplicate and another where the same person stole from 2 different companies in the $1 million and over group. There is also one record from the country of the Netherlands – the largest, at $24 million. Let’s eliminate the pure dupe and the $24 million outlier, leaving 149 records.
For some ease of analysis, I’ll break the records into three sections:
17 records $1 million and over
62 records $100,000 to $1 Million
70 records Under $100,000
Let’s look at each group individually.
17 records $1 million and over
Represented in this group, as one might expect, is a higher concentration of senior management – CEOs, Vice Presidents, Controllers, etc. But there are plenty of lowly bookkeepers represented here, too. There is also a good cross section of business types here: – retail stores, auto dealership, church, medical, contractors and construction, manufacturer, property manager.
The perpetrators range from 38 years old to 65 and 67 years old. These must represent the good years for embezzlers.
5 of the schemes were complex, but 12 were absurdly simple – forging signatures on company checks, misusing company credit cards and electronic transfers of company funds into personal accounts.
The first question that comes to my mind is, how could the owners have failed to notice the missing funds? Is between 1 and 10 million dollars really so immaterial that it’s not noticed? I think a big part of the answer is that everyone of these embezzlers was a trusted employee and had enough control over the company financial records that they were able to cover up the thefts with fraudulent accounting entries. I think trust trumped internal controls in these and most of the other cases to point where segregation of duties was woefully inadequate. I would also like to know where the independent CPA firm was in all of this. There is little or no discussion of that anywhere. What was the quality of that work? I bet few if any of the firms underwent a formal audit, and this allows the CPA firm to hide behind professional standards as to what degree they were responsible for examining the internal control environment. In my opinion, the standards are not very rigorous. But for a company or organization of the size represented here, I would think an accounting Review would be standard, as a basis for the tax return or as a requirement for bank loans.
During the busy day-to-day operations of an active company, the owner understandably turns over the administrative duties of accounting and cash management to a key employee. And many successful and profitable business owners are not accountants and may not really know their way around a monthly set of income statements, balance sheets and cash flow statements. They may very well not have adequate time allotted for a regular financial review every month. A crook who is determined can hide in the weeds for a good long time. What can be done to minimize the risk?
How about creating a highly detailed budget at least once a year in a process that requires the owner to examine as many detailed accounts and account relationships as possible, and then reporting actual vs. budget each month? This only works if the budget includes both income statement and balance sheet, because it is exceedingly easy to conceal fraud if the balance sheet remains unexamined. And once a year is probably more realistic in terms of getting the complete and undivided attention of the owner than an in-depth monthly review. I think most small to medium sized businesses could significantly improve internal controls and resistance to fraud by developing and nurturing a robust budget process.
62 records $100,000 to $1 Million
18 are non-profit organizations – 30%
5 are schools
3 are churches
36 are a mixed cross section of organizations from law firm to rock band.
These seem to be smaller organizations and less likely to feel that they have the resources for a large or complex system of segregation of duties or internal control checks and balances. On the other hand, in many cases, the scheme went on for years. These organizations convinced themselves that they couldn’t afford the extra cost of implementing some simple controls, but they could afford to let someone steal thousands of dollars on a continuous basis. The phrase penny wise and pound foolish comes to mind.
In 24 of the 62 cases, either the exact words “wrote checks to him/herself” or essentially that same description were used to describe the nature of the embezzlement scheme. How much more simple can it get?
Now look at the percentage of non-profit victims. To me, it’s staggering. I think this reflects a flawed tendency of non-profit organizations to promote trust and good intentions to falsely represent an internal control. Feel free to disagree but I won’t change my mind.
70 records Under $100,000
16 of these are under $10,000 and could be considered petty crimes. Let’s do the math. Take a supermarket cashier who skims $10 a day from the till 5 days a week, and this goes on for 4 years before the cashier is caught red handed. With 2 weeks vacation a year, I come up with $10,000. It is often shocking to the perpetrator when they are caught, just how much money the thefts have accumulated to.
In the group of $10,000 and above, the non-profit sector is again well represented with 18 records, or 25% of the total. An additional 13 are schools, municipalities or other government. All together, that’s 45% of the total. To me, that starts to be alarming. In my mind, strong, sound internal control policies and practices are no different than insurance against loss. Companies will spend thousands of dollars on all sorts of insurance coverage, but balk at spending anything similar for a comprehensive internal control review conducted by a professional.
Here again, there is absolutely no sophistication involved in some of these schemes.
- “As the company’s bookkeeper, she is accused of writing out checks to “cash” and then pocketing the money, resulting in her taking about $35,000,”
- “In most instances he took money by writing checks to himself through the company’s QuickBooks checking program, printed the checks and then went back into the program and replaced his name on the check with the name of a vendor.”
- “Wrote checks from those accounts, which she cashed for money orders.”
However, in a number of cases, the perpetrator used more creative thinking skills than the majority of the cases in the $100,000 – $1,000,000 category.
- “Ms. Holdren admitted to fabricating and inflating all competitors bids to ensure Valley Metro would have to pay more than the true costs associated with the project. Following Valley Metro’s acceptance of the bids, Ms. Holdren submitted falsified invoices related to the bids that included inflated and nonexistent shipping costs.”
- “Holland also placed an ad on Craigslist and moved a new tenant into a unit without notifying other THC officials, then set up a post office box to collect a total of $18,000 in rent from that tenant.”
- “Reeves allegedly wrote up orders for returned merchandise and applied the proceeds to two of her personal credit cards. She’s further accused of stealing cash and then making up nonexistent returns to ensure that the store’s tills balanced.”
For those faced with resistance to trying to implement or strengthen internal controls because “We trust our employees,” I suggest structuring your rationale from the following perspective related to sharing passwords:
The prohibition to sharing passwords is a basic and standard internal control around the world. One of its primary purposes is to protect OTHER employees from inappropriate suspicion in the event that account is used for inappropriate purposes. This is similar in concept to the requirement that each cashier use their own cash drawer instead of a shared cash register drawer. If 2 people share a cash drawer, and one steals, they both come under suspicion. The employer owes its employees a duty to see that their employees cannot be falsely accused of inappropriate conduct.
If a password is shared, the person who knows another’s password now becomes automatically suspect whenever that user’s account is used for inappropriate, illegal or unethical purposes. One of the 2 WILL be falsely accused of the violation. If the matter is not resolved, they BOTH will remain under the cloud of suspicion. That is a BAD result.
Internal controls are not implemented because you don’t trust your employees, they are implemented to protect your honest employees.
This small sample of cases reinforces for me that virtually anyone and everyone will steal if given enough of an opportunity and even a small chance of getting away with the crime.
bad checks, cash skimming, dishonest cashiers, embezzlement, Employee Theft, fraud, fraud theft embezzlement internal controls small buisiness, Internal Audit, internal controls, purchasing fraud, quickbooks, retail theft, segregation of duties, small business accounting, theft, Vendor fraud, Vendor Theft, write off