Homework Question - Prepare an analysis of a casefrom Chapter 5, page # 121, '' A Wolf In Sheeps Clothing '' (no more than 2 or 3 pages, double spaced). And give an answer on following:

• - A summary of the fact situation for the case
• - A description of the financial process or system procedures used, if necessary.
• - A description of the fraudulent activity, what went wrong and how it was discovered
• -Actions taken and internal controls recommended to correct the situation.

(Attached PDF book, Case study is on page 121 , Chapter 5. )

Wells c05.tex V2 - November 10, 2007 11:08 A.M. Check Tampering Schemes Asset Misappropriation Corruption Illegal Gratuities Economic Extortion Fraudulent Statements Conflicts of Interest Bribery Purchases Schemes Invoice Kickbacks Sales Schemes Bid Rigging Timing Differences Internal Documents Other Other Fictitious Revenues External Documents Financial Asset/Revenue Overstatements Nonfinancial Asset/Revenue Understatements Employment Credentials Concealed Liabilities & Expenses Improper Disclosures Improper Asset Valuations Cash Larceny Skimming Misuse Of Cash on Hand Sales Receivables From the Deposit Unrecorded Write-off Schemes Understated Other Fraudulent Disbursements Inventory and All Other Assets Larceny Asset Req. & Transfers Refunds & Other False Sales & Shipping Purchasing & Receiving Lapping Schemes Check Tampering Unconcealed Larceny Unconcealed Billing Schemes Payroll Schemes Expense Reimbursement Schemes Check Tampering Register Disbursements Shell Company Ghost Employees Mischaracterized Expenses Forged Maker False Voids Non-Accomplice Vendor Commission Schemes Overstated Expenses Forged Endorsement False Refunds Personal Purchases Workers Compensation Fictitious Expenses Altered Payee Falsified Wages Multiple Reimbursements Concealed Checks Authorized Maker Forged Maker Forged Endorsement Altered Payee Concealed Checks Authorized Maker EXHIBIT 5-1 Page 120 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHAPTER 5 CHECK TAMPERING LEARNING OBJECTIVES After studying this chapter, you should be able to: 5-1 Define check tampering. 5-2 Understand the five principal categories of check tampering. 5-3 Detail the means by which employees fraudulently obtain company checks. 5-4 Understand how forged signatures are created on blank check stock. 5-5 Be familiar with the methods identified in this chapter for preventing and detecting forged maker schemes. 5-6 Differentiate between forged maker and forged endorsement schemes. 5-7 Detail the methods employees use to intercept outgoing checks before they are delivered to the intended payee. 5-8 Be able to discuss methods that can be used to prevent and detect the theft and/or alteration of outgoing company checks. 5-9 Understand how authorized maker schemes work and why they are especially difficult to prevent. 5-10 Understand how check tampering is hidden in a company's accounting records. 5-11 Be familiar with proactive audit tests that can be used to detect check tampering. CASE STUDY: A WOLF IN SHEEP'S CLOTHING Melissa Robinson was a devoted wife with two adorable children. She was very active at her children's school and had been known as a charitable person, giving both her time and money to various organizations throughout the community. She spent a good portion of her time working for a worldwide charitable organization chapter in Nashville as the executive secretary. In fact, her fellow employees and club members perceived Robinson's donation of time and hard work as nothing less than a godsend. \"Even if somebody had told [the board of directors] that this lady was stealing,\" recalls certified fraud examiner and CPA David Mensel, who is also a member of the organization, \"they would have said 'Impossible, she'd never do it.'\" Several names have been changed to preserve anonymity. However, all these accolades could not obscure one cold fact: Melissa Robinson was a thief. Unfortunately, as executive secretary, she was one of two people in the organization allowed to sign checks on its bank accounts. As a result, the club was bilked out of more than $60,000 over five years, until club members put an end to Robinson's scam. The Nashville chapter of the organization was very much like other charitable entitiesthey would engage in fundraising activities, such as selling peanuts or candy bars on street corners around the holiday seasons. Although a percentage came in check form, most of the fundraising revenue was naturally cash. \"There was no oversight in those currency collections,\" says Mensel. \"If I had gone out on a collecting route, I'd come back with a bag of money and drop it on the secretary's desk and be gone.\" 121 Page 121 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 122 CHAPTER 5 CHECK TAMPERING Mensel suspects that Robinson stole far more than the $60,800 that the audit team ultimately established, because the amount of currency that flowed through her office was undocumented. \"It is just a supposition, given her behavior with the checking accounts,\" Mensel explains. \"As well, we saw a basic decline in collections from some activities that the organization had been involved in for many years.\" Robinson's fraudulent activities were made possible by the relaxed operations of the Nashville chapter's board of directors. The organization's charter mandated that an independent audit be performed annually. However, during Robinson's tenure as executive secretary, not one yearly audit was completed. Mensel describes the board of directors during that tenure as \"lackadaisical.\" Robinson arrived at the executive secretary's desk through hard work. Starting in 1985, she was one of the most dedicated employees the company had, giving as much time as she could to help out. Once she earned the executive secretary position, Robinson apparently began pilfering from the organization's three bank accounts a little at a time. Although the accounts required two signatures per check, Robinson was able to write checks to herself and others by signing her own name and forging the second signature. Mensel says she would usually write a check to herself or to cash and record the transaction in the organization's books as a check to a legitimate source. If anyone glanced at the books, they would see plenty of hotels and office supply stores, names that were expected to show up in the ledger. \"The club meetings were regularly held in a hotel in town or at one of these executive meeting clubs,\" Mensel recalls, \"and those bills would run from two to four thousand dollars a month. The executive secretary would . . . post in the checkbook that she had paid the hotel, but the actual check would be made out to someone else.\" Mensel also remembers that Robinson repeatedly refused to convert her manual checking system into the elaborate computer system the organization wanted her to use. \"Now we know why,\" says Mensel. Mensel and another associate were very involved in a fundraising operation when Robinson began her reign as executive secretary. Mensel observed that whenever he asked for any financial information from Robinson, she would stonewall him or make excuses. Mensel became suspicious and took the matter up with the board of directors. But when he told the board that he thought it was very peculiar that he couldn't get much financial data from Robinson, the board quite definitely sided with the executive secretary. \"The officers of the board essentially jumped down my throat, told me I was wrong and that I was being unreasonable,\" Mensel says. \"And since I had no substantiation, just a bad feeling . . . I let it pass.\" Mensel felt that the current treasurer was personally offended by his inquiry, as though he were suggesting that the treasurer was not doing his job properly. The treasurer acted defensively and did not check into Robinson's dealings. As a result, the organization, which Mensel describes as previously \"financially very sound,\" began to feel some financial strain. There simply wasn't as much money to run the organization as in the past, and it was at this point Robinson made what was perhaps her most ingenious maneuver. She convinced the board of directors that because the organization was experiencing some economic troubles, they ought to close the office space rented out for the executive secretary. This office was considered the financial center of the organization. Supposedly out of the goodness of her heart, Robinson told the board members that she would be happy to relinquish her precious space and run the financial matters of the club from her home. The board members agreed. This allowed Robinson to carry out her embezzlement in small doses; Mensel recalls that Robinson wrote several checks for only $200 to $300. All this time, the board did nothing to impede Robinson's progress, even when she would not divulge financial information on request. When she came to club meetings, board members would sometimes ask her for information about the finances or ask to look at her books. Robinson would apologize and explain that she had forgotten them. However, during the last year of the embezzlement, a new group of officers was elected, including a new treasurer. The first thing the treasurer did was ask Robinson for the books. Robinson repeatedly denied his requests, until the new chapter president went to Robinson's house and demanded them. \"[The president] stood on her doorstep until she gave the books to him. He said he wouldn't leave until she gave them to him,\" Mensel recalls. \"Once [the board] got their hands on the books . . . they could see that something was very definitely wrong.\" In comparing the books with many of the returned checks, the organization could immediately see that not only had some checks been altered or forged, but also many of the checks were simply missing. At that point, the board of directors assigned Mensel and two other club members, one a CPA, to investigate Robinson's alleged wrongdoings. As Mensel and the other audit committee members looked at the checks, they realized that Robinson hardly attempted to cover up her scams at all. \"She did physically erase some checks and sometimes even used White-Out to rewrite the name of the payee that was in the checkbook after the check had cleared,\" Mensel laughs. \"But of course, on the back of the check was her name, as the depositor of the check.\" The peculiar thing, in Mensel's mind, was the varying nature of Robinson's check writing. Although Mensel says several of the checks were written to casinos such as the Trump Taj Mahal and weekend getaway spots like the Mountain View Chalet, many more of the checks were written to other charities and the school Robinson's children attended. She apparently didn't use the embezzled moneys to substantially improve her lifestyle, which Mensel describes as \"a Page 122 Wells c05.tex V2 - November 10, 2007 11:08 A.M. OVERVIEW very standard middle-class life here in Nashville. She and her husband were not wealthy people by any means.\" Robinson was immediately excused from her executive secretary position. She was indicted by a grand jury and was tried and found guilty. She was ordered to pay restitution to the club and its insurance company. At last notice, she was still paying back the money. The court will \"wipe her slate clean\" when she completes her restitution. 123 Robinson appeared to be one of the most dedicated volunteers in a charitable organization, giving of her time and efforts. The workers around her praised her generosity and work ethic yet all the while she was stealing from them. If there is a lesson to be learned here, it is that audit functions are in place for a reason and should never be overlooked. Unfortunately for the charitable organization, they were reminded of this lesson the hard way. OVERVIEW The story of Melissa Robinson is an example of one of the most common forms of fraudulent disbursement, the check tampering scheme. Check tampering occurs when an employee converts an organization's funds by either (1) fraudulently preparing a check drawn on the organization's account for his own benefit, or (2) intercepting a check drawn on the organization's account that is intended for a third party and converting that check to his own bene- fit. Remember, check tampering is a form of fraudulent disbursement and applies only to checks drawn on the victim organization's bank accounts. If the perpetrator steals an incoming check from a customer that is payable to the victim organization, then this theft will be classified as skimming or cash larceny, depending on whether the check was recorded before it was stolen. Check Tampering Data from the ACFE 2006 National Fraud Survey Check tampering, as we have stated, is a form of fraudulent disbursement in which the perpetrator converts an organization's funds by forging or altering a check drawn on one of the organization's bank accounts, or steals a check the organization has legitimately issued to another payee. Among fraudulent disbursement cases in the 2006 study, 26 percent involved check tampering. (See Exhibit 5-2.) This ranked check tampering as the Billing 43.6% Expense Reimbursement 29.9% Check Tampering 26.2% Payroll Register Disbursement 0% EXHIBIT 5-2 20.3% 2.7% 10% 20% 30% 40% 50% 2006 National Fraud Survey : Frequency of Fraudulent Disbursementsa a The sum of these percentages exceeds 100 percent because some cases involved multiple fraud schemes that fell into more than one category. Page 123 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 124 CHAPTER 5 CHECK TAMPERING $130,000 Billing $120,000 Check Tampering $50,000 Payroll Register Disbursement $26,000 Expense Reimbursement $25,000 $0 EXHIBIT 5-3 $20,000 $40,000 $60,000 $80,000 $100,000 $120,000 $140,000 2006 National Fraud Survey : Median Loss of Fraudulent Disbursements third most common form of fraudulent disbursement in both studies, behind billing and expense reimbursement schemes. As shown in Exhibit 5-3, the median loss due to check tampering schemes in the 2006 survey was $120,000, making it the second most expensive of the fraudulent disbursement schemes, on average. CHECK TAMPERING SCHEMES Check tampering is unique among fraudulent disbursements because it is the one group of schemes in which the perpetrator physically prepares the fraudulent check. In most fraudulent disbursement schemes, the culprit generates a payment to himself by submitting some false document to the victim company such as an invoice or a timecard. The false document represents a claim for payment and causes the victim company to issue a check that the perpetrator then converts. These frauds essentially amount to trickery; the perpetrator fools the company into handing over its money. Check tampering schemes are fundamentally different. In these frauds the perpetrator takes physical control of a check and makes it payable to himself through one of several methods. Check tampering schemes depend on factors such as access to the company checkbook, access to bank statements, and the ability to forge signatures or alter other information on the face of the check. There are five principal methods used to commit check tampering: 1. 2. 3. 4. 5. Forged maker schemes Forged endorsement schemes Altered payee schemes Concealed check schemes Authorized maker schemes Forged Maker Schemes The legal definition of forgery includes not only the signing of another person's name to a document (such as a check) with a fraudulent intent, but also the fraudulent alteration of a genuine instrument.1 This definition is so broad that it would encompass all check tampering schemes, so we have narrowed the term to fit our needs. Because we are Page 124 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 125 interested in distinguishing the various methods used by individuals to tamper with checks, we will constrain the concept of \"forgeries\" to those cases in which an individual signs another person's name on a check. The person who signs a check is known as the \"maker\" of the check. A forged maker scheme, then, may be defined as a check tampering scheme in which an employee misappropriates a check and fraudulently affixes the signature of an authorized maker thereon (see Exhibit 5-4). Frauds that involve other types of check tampering, such as the alteration of the payee or the changing of the dollar amount, are classified separately. As one might expect, forged check schemes are usually committed by employees who lack signature authority on company accounts. Melissa Robinson's case is something of an exception because, although she did have signature authority, her organization's checks required two signatures. Robinson therefore had to forge another person's signature. In order to forge a check, an employee must have access to a blank check, he must be able to produce a convincing forgery of an authorized signature, and he must be able to conceal his crime. If the fraudster cannot hide his crime from his employer, his scheme is sure to be shortlived. Concealment is a universal problem in check tampering schemes; the methods used are basically the same for all categories of check tampering. Therefore, concealment issues will be discussed as a group at the end of the chapter. Obtaining the Check Employees with Access to Company Checks One cannot forge a company check unless one first possesses a company check. The first hurdle that a fraudster must overcome in committing a forgery scheme is to figure out how to get his hands on a blank check. Most forgery schemes are committed by accounts payable clerks, office managers, bookkeepers, or other employees whose duties typically include the preparation of company checks. Like Melissa Robinson, these are people who have access to a company's check stock on a regular basis and are therefore in the best position to steal blank checks. If an employee spends his workday preparing checks on behalf of his company, and if that employee has some personal financial difficulty, it takes only a small leap in logic (and a big leap in ethics) to see that his financial troubles can be solved by writing fraudulent checks for his own benefit. Time and again we see that employees tailor their fraud to the circumstances of their jobs. It stands to reason that those who work around the checkbook would be prone to committing forgery schemes. Employees Lacking Access to Company Checks If the perpetrator does not have access to the check stock through her work duties, she will have to find other means of misappropriating a check. The way a person steals a check depends largely on how blank checks are handled within a particular company. In some circumstances checks are poorly guarded, left in unattended areas where anyone can get to them. In other companies the checkbook may be kept in a restricted area, but the perpetrator may have obtained a key or combination to this area, or may know where an employee with access to the checks keeps his own copy of the key or combination. An accomplice may provide blank checks for the fraudster in return for a portion of the stolen funds. Perhaps a secretary sees the checkbook left on a manager's desk or a custodian comes across blank checks in an unlocked desk drawer. In some companies, checks are computer generated. When this is the case an employee who knows the password that allows checks to be prepared and issued may be able to obtain as many unsigned checks as he desires. There are an unlimited number of Page 125 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 126 CHAPTER 5 CHECK TAMPERING Employee steals an unsigned check Has access to Obtains check checks through from job duties accomplice Computergenerated checksunauthorized password use Access to blank checks not restricted Void checks not mutilated Produce counterfeit checks Other Employee prepares the fraudulent check Payable to himself Payable to his own business Payable to a fictitious person or company Payable to cash Payable to an accomplice Payable to a vendor (personal purchases) Employee forges the signature of an authorized maker Free-hand forgery Mechanical check signers NO Computergenerated signature Photocopy authorized signature Other Record check as "void" Other Is the check recorded in the disbursements journal? YES To expense account To current vendor in accounts payable To asset account The fraudulent check is endorsed (in the name of the payee) and converted Employee endorses in his name Employee Accomplice Employee forges endorses/splits endorses in endorsement of proceeds with fictitious name a third party employee Other Postconversion concealment Remove canceled check from bank statement EXHIBIT 5-4 Alter canceled check-insert legitimate payee Forged Maker Schemes Force the reconciliation Unconcealed Other Other Page 126 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 127 ways to steal a check, each dependent on the way in which a particular company guards its blank checks. A fraudster may also be able to obtain a blank check when the company fails to properly dispose of unused checks. In Case 669, for example, a company used voided checks to line up the printer that ran payroll checks. These voided checks were not mutilated. A payroll clerk collected the voided checks after the printer was aligned and used them to issue herself extra disbursements through the payroll account. Producing Counterfeit Checks In more sophisticated forgery schemes, the perpetrator may produce counterfeit check stock with the organization's bank account number on the counterfeit checks. These counterfeit checks can be practically indistinguishable from the company's legitimate stock. In Case 1460, for example, the perpetrator had an accomplice who worked for a professional check-printing company and who printed blank checks for the bank account of the perpetrator's employer. The perpetrator then wrote over $100,000 worth of forgeries on these counterfeit checks. Safeguarding the Organization's Check Stock Organizations should take steps to safeguard their check stock and proactively seek out stolen and forged checks. These goals can be achieved through a number of relatively simple prevention and detection techniques that may avert a very large fraud scheme. Obviously, blank checks should be maintained under lock and key and access should be severely limited to those whose duties include check preparation. (If checks are computer generated, access to the code or password that allows issuance of checks should likewise be restricted.) Boxes of blank checks should be sealed with security tape to make it obvious when a new box has been opened, and on a periodic basis, someone independent of the check preparation function should verify the security of unused checks. Organizations should also promptly destroy any voided checks. These checks, if carelessly discarded, may be stolen and forged by employees. The type of paper a check is printed on can sometimes help distinguish a legitimate check from a counterfeit. Organizations should print their checks on watermark paper supplied by a company independent of its check printer. (This will prevent a dishonest employee of the printer from using the company's watermarked paper.) Security threads or other markers can also be incorporated to help verify that company checks are legitimate. If an organization uses high-quality, distinctly marked paper for its checks, counterfeits will be easier to detect. In addition, it is a good idea to periodically rotate check printers and/or check stock to help make counterfeits stand out. There are certain indicators that organizations can look for to help spot stolen or forged checks. Obviously, as stated above, if checks are noticed missing or if there are signs of tampering with unused check stock, this is a clear indicator of theft. In addition, out-of-sequence checks or duplicate check numbers that show up on an organization's bank statement may signal theft. When employees steal blank checks, they will often take them from the bottom of the box with the hope that the missing check will not be noticed for some time. When these checks are converted, they should be noted as out-of-sequence on the bank statement. Employees who reconcile the statement should be trained to look for this red flag. Similarly, counterfeit checks often have numbers either that are completely out of sequence or that duplicate numbers of checks that were already issued. Employees who steal blank checks often do so after hours because there are fewer people around to witness the theft. As a matter of practice, at the start of each business day, organizations should reconcile the first check in the checkbook to the last check written on the previous day. If there is a gap, it should be promptly investigated. Page 127 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 128 CHAPTER 5 CHECK TAMPERING To Whom Is the Check Made Payable? Payable to the Perpetrator Once a blank check has been obtained, the fraudster must decide to whom it should be made payable. He can write the check to anyone, though in most instances forged checks are payable to the perpetrator himself so that they are easier to convert. A check made payable to a third person, or to a fictitious person or business, may be difficult to convert without false identification. The tendency to make forged checks payable to oneself seems to be a result of fraudsters' laziness rather than a decision based on the successful operation of their schemes. Checks payable to an employee are obviously more likely to be recognized as fraudulent than checks made out to other persons or entities. If the fraudster owns his own business or has established a shell company, he will usually write fraudulent checks to these entities rather than himself. When the payee on a forged check is a \"vendor\" rather than an employee of the victim company, the checks are not as obviously fraudulent on their faces. At the same time, these checks are easy to convert because the fraudster owns the entity to which the checks are payable. Payable to an Accomplice If a fraudster is working with an accomplice, she can make the forged check payable to that person. The accomplice then cashes the check and splits the money with the employee-fraudster. Because the check is payable to the accomplice in her true identity, it is easily converted. An additional benefit to using an accomplice is that a canceled check payable to a third-party accomplice is not as likely to raise suspicion as a canceled check to an employee. The obvious drawback to using an accomplice in a scheme is that the employee-fraudster usually has to share the proceeds of the scheme. In some circumstances, however, the accomplice may be unaware that she is involved in a fraud. An example of how this can occur was found in Case 729, in which a bookkeeper wrote several fraudulent checks on company accounts, then convinced a friend to allow her to deposit the checks in the friend's account. The fraudster claimed the money was revenue from a side business she owned and the subterfuge was necessary to prevent creditors from seizing the funds. After the checks were deposited, the friend withdrew the money and gave it to the fraudster. Payable to ''Cash'' The fraudster may also write checks payable to \"cash\" in order to avoid listing himself as the payee. Checks made payable to cash, however, must still be endorsed. The fraudster will have to sign his own name or forge the name of another in order to convert the check. In addition, checks payable to \"cash\" are usually viewed more skeptically than checks payable to persons or businesses. Payable to a Vendor The employee who forges company checks may do so not to obtain currency, but to purchase goods or services for his own benefit. When this is the case, forged checks are made payable to third-party vendors who are uninvolved in the fraud. For instance, we saw in the case study at the beginning of this chapter how several of Melissa Robinson's checks were written to casinos and hotels, apparently for personal vacations. Forging the Signature After the employee has obtained and prepared a blank check, he must forge an authorized signature in order to convert the check. The most obvious method, and the one that comes to mind when we think of the word forgery, is to simply take pen in hand and sign the name of an authorized maker. Page 128 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 129 Free-Hand Forgery The difficulty a fraudster encounters when physically signing the authorized maker's name is in creating a reasonable approximation of the true signature. If the forgery appears authentic, the perpetrator will probably have no problem cashing the check. In truth, the forged signature may not have to be particularly accurate. Many organizations do not verify the signatures on cancelled checks when they reconcile their bank statements, so even a poorly forged signature may go unnoticed. Photocopied Forgeries To guarantee an accurate forgery, some employees make photocopies of legitimate signatures and affix them to company checks. The fraudster is thus assured that the signature appears authentic. This method was used by a bookkeeper in Case 2514 to steal over $100,000 from her employer. Using her boss's business correspondence and the company Xerox machine, she made transparencies of his signature. These transparencies were then placed in the copy machine so that when she ran checks through the machine the boss's signature was copied onto the maker line of the check. The bookkeeper now had a signed check in hand. She made the fraudulent checks payable to herself, but falsified the check register so that the checks appeared to have been written to legitimate payees. Automatic Check-Signing Instruments Companies that issue a large number of checks sometimes utilize automatic check-signing instruments in lieu of signing each check by hand. Automated signatures are either produced with manual instruments like signature stamps or they are printed by computer. Obviously, a fraudster who gains access to an automatic check-signing instrument will have no trouble forging the signatures of authorized makers. Even the most rudimentary control procedures should severely limit access to these instruments. Nevertheless, several of the forged maker schemes the ACFE reviewed were accomplished through use of a signature stamp. In Case 838, for instance, a fiscal officer maintained a set of manual checks that were unknown to other persons in the company. The company used an automated check signer and the custodian of the signer let the officer have uncontrolled access to it. Using the manual checks and the company's check signer, the fiscal officer was able to write over $90,000 worth of fraudulent checks to himself over a period of approximately four years. The same principle applies to computer-generated signatures. Access to the password or program that prints signed checks should be restricted, specifically excluding those who prepare checks and those who reconcile the bank statement. The fraudster in Case 2342, for example, was in charge of preparing checks. The fraudster managed to obtain the issuance password from her boss, then used this password to issue checks to a company she owned on the side. She was able to bilk her employer out of approximately $100,000 using this method. The beauty of automated check signers, from the fraudster's perspective, is that they produce perfect forgeries. Nothing about the physical appearance of the check will indicate that it is fraudulent. Of course, forged checks are written for illegitimate purposes, so they may be detectable when the bank statement is reconciled or when accounts are reviewed. The ways in which fraudsters avoid detection through these measures will be discussed later in this chapter. Preventing and Detecting Forged Maker Schemes Obviously, a key to preventing forgeries is to maintain a strict set of procedures for the handling of outgoing checks, which includes safeguarding blank check stock, establishing rules for custody of checks that have been prepared but not signed, and separating the duties of check preparation and check signing. Organizations should establish a restrictive list of authorized check Page 129 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 130 CHAPTER 5 CHECK TAMPERING signers and see to it that checks that have been prepared are safeguarded until they are presented to these signatories. To the extent possible, organizations should rotate authorized check signers and keep track of who is approved to sign checks during a given period. Rotating this duty can help prevent abuse by an authorized signatory, but also if a canceled check shows a signature from the wrong signer for the date of the disbursement, this could indicate fraud. Also, on a periodic basis an organization should have authorized check signers verify their signatures on returned checks or another employee should be required to spot-check signatures against an established signature file. In organizations that use a signature stamp, access to the stamp should be strictly limited and a custodian should maintain a log of who uses the signature stamp, and at what time. If it is suspected that someone is misusing the signature stamp, temporarily suspend use of the stamp and instruct the bank to honor only checks with original signatures. Miscoding Fraudulent Checks Miscoding a check is actually a form of concealment, a means of hiding the fraudulent nature of the check. We will discuss the ways fraudsters code their forged checks in the concealment section at the end of this chapter. It should be noted here, however, that miscoding is typically used as a concealment method only by those employees with access to the checkbook. If a forged maker scheme is undertaken by an employee without access to the checkbook, she usually makes no entry whatsoever in the disbursements journal. Converting the Check In order to convert the forged check, the perpetrator must endorse it. The endorsement is typically made in the name of the payee on the check. Since identification is generally required when one seeks to convert a check, the fraudster usually needs fake identification if he forges checks to real or fictitious third persons. As discussed earlier, checks payable to \"cash\" require the endorsement of the person converting them. Without fake ID, the fraudster will likely have to endorse these checks in his own name. Obviously an employee's endorsement on a canceled check is a red flag. Forged Endorsement Schemes Forged endorsement frauds are those check tampering schemes in which an employee intercepts a company check intended for a third party and converts the check by signing the third party's name on the endorsement line of the check (see Exhibit 5-5). In some instances the fraudster also signs his own name as a second endorser. The term forged endorsement schemes would seem to imply that these frauds should be categorized along with the forged maker schemes discussed in the previous section. It is true that both kinds of fraud involve the false signing of another person's name on a check, but there are certain distinctions that cause forged endorsement schemes to be categorized here rather than with the other forgeries. In classifying fraud types, we look to the heart of the scheme. What is the crucial point in the commission of the crime? In a forged maker scheme, the perpetrator is normally working with a blank check. The trick to this kind of scheme is in gaining access to blank checks and producing a signature that appears authentic. In a forged endorsement scheme, on the other hand, the perpetrator is tampering with a check that has already been written, so the issues involved in the fraud are different. The key to these schemes is obtaining the checks after they are signed but before they Page 130 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 131 Employee obtains signed check payable to another person Duties involve delivery of signed checks Signed checks not properly protected Requests signed check be returned to him Takes check returned to company Changes delivery address for check Other Employee forges payee's endorsement YES Is employee able to convert check without identification? NO YES Does employee have false identification in payee's name? NO Employee endorses in own name below forged endorsement (dual endorsement) Check is converted Concealment From the victim company (employer) Remove dualendorsed checks from bank statement Erase second endorsement (employee's signature) Destroy/falsify check delivery forms From the intended recipient of the stolen check Other Reenter recipient's claim for payment (e.g., invoice) Issue manual check to recipient Other EXHIBIT 5-5 Forged Endorsement Schemes are properly delivered. If this is accomplished, the actual forging of the endorsement is somewhat secondary. A fraudster's main dilemma in a forged endorsement case is gaining access to a check after it has been written and signed. The fraudster must either steal the check between the point where it is signed and the point where it is delivered, or he must reroute the check, causing it to be mailed to a location where he can retrieve it. The manner used to steal a check depends largely on the way the company handles outgoing disbursements. Anyone who is allowed to handle signed checks may be in a good position to intercept them. Page 131 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 132 CHAPTER 5 CHECK TAMPERING Intercepting Checks before Delivery Employees Involved in Delivery of Checks Obviously, the employees in the best position to intercept signed checks are those whose duties include the handling and delivery of signed checks. The most obvious example would be a mailroom employee who opens outgoing mail containing signed checks and steals the checks. Other personnel with access to outgoing checks might include accounts payable employees, payroll clerks, secretaries, and so forth. Poor Control of Signed Checks Unfortunately, fraudsters are often able to intercept signed checks because of poor internal controls. For instance, in Case 1000, signed checks were left overnight on the desks of some employees because processing on the checks was not complete. One of the janitors on the overnight cleaning crew found these checks and took them, forged the endorsements of the payees, and cashed them at a liquor store. Another example of poor observance of internal controls appeared in Case 933. In this scheme a high-level manager with authority to disburse employee benefits instructed accounts payable personnel to return signed benefits checks to him instead of immediately delivering them to their intended recipients. These instructions were not questioned despite the fact that they presented a clear violation of the separation-of-duties concept due to the manager's level of authority within the company. The perpetrator simply took the checks that were returned to him and deposited them into his personal bank account, forging the endorsements of the intended payees. Case 933 represents what seems to be the most common breakdown of controls in forged endorsement frauds. We have seen repeated occurrences of signed checks being returned to the employee who prepared the check. This typically occurs when a supervisor signs a check and hands it back to the clerk or secretary who presented it to the supervisor; it is done either through negligence or because the employee is highly trusted and thought to be above theft. Adequate internal controls should prevent the person who prepares company disbursements from having access to signed checks. This separation of duties is elemental; its purpose is to break the disbursement chain so that no one person controls the entire payment process. Theft of Returned Checks Another way to obtain signed checks is to steal checks that have been mailed, but have been returned to the victim company for some reason such as an incorrect address. Employees with access to incoming mail may be able to intercept these returned checks from the mail and convert them by forging the endorsement of the intended payee. In Case 2288, for example, a manager took and converted approximately $130,000 worth of checks that were returned due to noncurrent addresses. (He also stole outgoing checks, cashed them, and then declared them lost.) The fraudster was well known at his bank and was able to convert the checks by claiming that he was doing it as a favor to the real payees, who were \"too busy to come to the bank.\" The fraudster was able to continue with his scheme because the nature of his company's business was such that the recipients of the misdelivered checks were often not aware that the victim company owed them money. Therefore, they did not complain when their checks failed to arrive. In addition, the perpetrator had complete control over the bank reconciliation, so he could issue new checks to those payees who did complain, then \"force\" the reconciliation, making it appear that the bank balance and book balance matched when in fact they did not. Stealing returned checks is obviously not as common as other methods for intercepting checks, and it is more difficult for a fraudster to plan Page 132 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 133 and carry out on a long-term basis. However, it is also very difficult to detect and can lead to large-scale fraud, as the previous case illustrates. Rerouting the Delivery of Checks The other way an employee can go about misappropriating a signed check is to alter the address to which the check is to be mailed. The check either is delivered to a place where the fraudster can retrieve it, or is purposely misaddressed so that he can steal it when it is returned as discussed above. As we have said before, proper separation of duties should preclude anyone who prepares disbursements from being involved in their delivery. Nevertheless, this control is often overlooked, allowing the person who prepares a check to address and mail it as well. In some instances where proper controls are in place, fraudsters are still able to cause the misdelivery of checks. In Case 1470, for instance, the fraudster was a clerk in the customer service department of a mortgage company where her duties included changing the mailing addresses of property owners. She was assigned a password that gave her access to make address changes. The clerk was transferred to a new department where one of her duties was the issuance of checks to property owners. Unfortunately, her supervisor forgot to cancel her old password. When the clerk realized this oversight, she would request a check for a certain property owner, then sign onto the system with her old password and change the address of that property owner. The check would be sent to her. The next day the employee would use her old password to reenter the system and replace the proper address so that there would be no record of where the check had been sent. This fraudster's scheme resulted in a loss of over $250,000 to the victim company. Converting the Stolen Check Once the check has been intercepted, the perpetrator can cash it by forging the payee's signature, hence the term forged endorsement scheme. Depending on where he tries to cash the check, the perpetrator may or may not need fake identification at this stage. As we alluded to earlier, many fraudsters cash their stolen checks at places where they are not required to show an ID. If a fraudster is required to show identification in order to cash his stolen check, and if he does not have a fake ID in the payee's name, he may use a dual endorsement to cash or deposit the check. In other words, the fraudster forges the payee's signature as though the payee had transferred the check to him, then the fraudster endorses the check in his own name and converts it. When the bank statement is reconciled, double endorsements on checks should always raise suspicions, particularly when the second signer is an employee of the company. Preventing and Detecting the Theft of Outgoing Company Checks It is very important that the functions of cutting checks, signing checks, and delivering checks be separated. If a check preparer is also allowed to have custody of signed checks, it is easy to commit check tampering. The individual can draft a check for a fraudulent purpose, wait for it to be signed, and simply pocket it. However, if the individual knows he or she will not see the check again after it has been signed, then that person is less likely to attempt this kind of scheme because of the diminished perceived opportunity for success. In addition to establishing controls designed to prevent the theft of outgoing checks, organizations should train their employees to look for this kind of scheme and should establish routine procedures designed to help detect it if and when it does occur. These proactive detection techniques are generally not very complicated and do not require sophisticated procedures or investigative methods; all that is required is that an organization devote a minimal amount of time to routinely checking for thefts. Page 133 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 134 CHAPTER 5 CHECK TAMPERING If an employee steals a check payable to a vendor and does not issue a replacement, the vendor will almost certainly complain about the nonpayment. This is the point at which most forged endorsement schemes should be detected. Every organization should have a structure in place to handle both vendor and customer complaints. All complaints should be investigated by someone independent of the payables function so that the fraudster will not be able to cover her own tracks. When a complaint regarding nonpayment is received, it should be a relatively simple matter to track the missing check and identify when it was converted, and by whom. As a proactive measure, it may be advisableparticularly in organizations where check theft has been a problemto have independent personnel randomly contact vendors to confirm receipt of payments. As was previously discussed, some employees who steal outgoing checks will cause a replacement check to be issued so that the vendor will not complain. In order to detect these schemes, an organization's accounting system should be set up to detect duplicate payments. Paid vouchers should immediately be stamped \"paid\" and computerized systems should automatically flag duplicate invoice numbers. In addition, payables reports sorted by payee and amount should be periodically generated in order to detect duplicates when invoice numbers have been altered for the second check. Instead of stealing checks on the company premises, some employees will cause them to be misdelivered by changing the mailing address of the intended recipient in the organization's payables system. For this reason, authority to make changes to vendor records should be restricted, and the organization's accounting system should automatically track who makes changes to vendor records. This will make it easier to identify the perpetrator if an outgoing check is stolen. Periodically, a report listing all changes to vendor addresses, payment amounts, payees, and so on can be generated to determine if there have been an inordinate amount of changes, especially where a vendor's address is temporarily changed when a check is issued, then restored after the check has been mailed. To convert an intercepted check, the perpetrator may have to use a dual endorsement. Any canceled checks with more than one endorsement should be investigated, as should any nonpayroll check that an employee has endorsed. The employee or employees who reconcile the bank statement should be required to review the backs of canceled checks for suspicious endorsements as a matter of course. Another procedure that all organizations should have in place is to chart the date of mailing for every outgoing check. In the event that a signed check is stolen, the date of mailing can be compared to work records of mailroom personnel and other employees who have contact with outgoing checks to determine a list of possible suspects. Finally, organizations should consider installing surveillance cameras in their mailrooms. Mailroom personnel are in a good position to steal outgoing checks, and also to skim incoming revenues or merchandise shipments. If a theft is discovered, security camera tapes may help identify the wrongdoer. More importantly, the presence of surveillance cameras can help deter employees from stealing. Altered Payee Schemes The second type of intercepted check scheme is the altered payee scheme. This is a type of check tampering fraud in which an employee intercepts a company check intended for a third party and alters the payee designation so that the check can be converted by the employee or an accomplice (see Exhibit 5-6). The fraudster inserts his own name, the name of a fictitious entity, or some other name on the payee line of the check. Altering the payee designation eliminates many of the problems associated with converting the check that would be encountered in a forged endorsement fraud. The alteration essentially Page 134 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES Did the perpetrator prepare the check before it was signed? YES Payable to legitimate payee (erasable ink) 135 Payee left blank NO Coded to a legitimate payee Employee obtains signature from authorized maker Signed check is returned to preparer Employee obtains a signed check Duties involve delivery of signed checks Requests Signed checks signed check be not properly returned to him protected Takes check that was returned to company Changes delivery address for check Employee inserts new name as payee on check Erase payee name (check prepared in erasable ink) Accounts "Tack on" Overwrite Blank checkpayable list information to existing name insert false altered to existing payee (e.g., white out) name include false name name Endorse in name of new payee and convert check Postconversion concealment Remove canceled check from bank statement End Re-alter the check-insert legitimate payee NO Force the reconciliation Destroy/falsify check delivery forms Was check intended for legitimate payee? YES Reenter recipient's claim for payment (e.g., invoice) EXHIBIT 5-6 Altered Payee Schemes Issue manual check to recipient Other Other Other Other Page 135 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 136 CHAPTER 5 CHECK TAMPERING makes the check payable to the fraudster (or an accomplice), so there is no need to forge an endorsement and no need to obtain false identification. The fraudster or his accomplice can endorse the check in his own name and convert it. Of course, if canceled checks are reviewed during reconciliation of the bank statement, a check made payable to an employee is likely to cause suspicion, especially if the alteration to the payee designation is obvious. This is the main obstacle that must be overcome by fraudsters in altered payee schemes. Altering Checks Prepared by Others: Inserting a New Payee The method used to alter the payee designation on a check depends largely on how that check is prepared and intercepted. (Incidentally, the amount of the check may also be altered at the same time and by the same method as the payee designation.) Checks prepared by others can be intercepted by any of the methods discussed in the forged endorsements section above. When the fraudster intercepts a check that has been prepared by someone else, there are basically two methods that may be employed. The first is to insert the false payee's name in place of the true payee's. This is usually done by rather unsophisticated means. The true name might be scratched out with a pen or covered up with correction fluid. Another name is then entered on the payee designation. These kinds of alterations are usually simple to detect. A more intricate method occurs when the perpetrator of the fraud enters the accounts payable system and changes the names of payees, which occurred in Case 1112. An accounts payable employee in this case was so trusted that her manager allowed her to use his computer password in his absence. The password permitted access to the accounts payable address file. This employee waited until the manager was absent, then selected a legitimate vendor with whom her company did a lot of business. She held up the vendor's invoices for the day, and after work used the manager's log-on code to change the vendor name and address to that of a fictitious company. The new name and address were run through the accounts payable cycle with an old invoice number, causing a fraudulent check to be issued. The victim company had an automated duplicate invoice test, but the fraudster circumvented it by substituting \"1\" for I and \"0\" (zero) for capital O. The next day, the employee would replace the true vendor's name and address, and mutilate the check register so that the check payable to the fictitious vendor was concealed. Approximately $300,000 in false checks were issued using this method. Altering Checks Prepared by Others: ''Tacking On'' The other method that can be used by fraudsters to alter checks prepared by others is \"tacking on\" additional letters or words to the end of the real payee designation. This rather unusual approach to check tampering occurred in Case 153, in which an employee took checks payable to \"ABC\" company and altered them to read \"A.B. Collins.\" She then deposited these checks in an account that had been established in the name of A.B. Collins. The simple inclusion of a filler line after the payee designation would have prevented the loss of over $60,000 in this case. In addition to altering the payee designation, the amount of the check can be altered by tacking on extra numbers if the person preparing the check is careless and leaves space for extra numbers in the \"amount\" portion of the check. Altering Checks Prepared by the Fraudster: Erasable Ink When the fraudster prepares the check that is to be altered, the schemes tend to be a bit more sophisticated. The reason for this is obvious: When the perpetrator is able to prepare the check himself, he can prepare it with the thought of how the payee designation will be altered. But if Page 136 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 137 the perpetrator is preparing the check, why not make the check payable to himself or an accomplice to begin with? In order to get an authorized maker to sign the check, the fraudster must make it appear that the check is made out to a legitimate payee. Only after a legitimate signature is obtained does the fraudster in an altered payee scheme set about tampering with the check. One of the most common ways to prepare a check for alteration is to write or type the payee's name (and possibly the amount) in erasable ink. After the check is signed by an authorized maker, the perpetrator retrieves the check, erases the payee's name, and inserts his own. One example of this type of fraud was found in Case 2212, in which a bookkeeper typed out small checks to a local supplier and had the owner of the company sign them. The bookkeeper then used her erasing typewriter to lift the payee designation and amount from the check. She entered her own name as the payee and raised the amount precipitously. For instance, the owner might sign a $10 check that later became a $10,000 check. These checks were entered in the disbursements journal as payments for aggregate inventory to the company's largest supplier, who received several large checks each month. The bookkeeper stole over $300,000 from her employer in this scheme. The same type of fraud can be undertaken using an erasable pen. In some cases fraudsters have even obtained signatures on checks written in pencil. We have already discussed how, with a proper separation of duties, a person who prepares a check should not be permitted to handle the check after it has been signed. Nevertheless, this is exactly what happens in most altered payee schemes. When fraudsters prepare checks with the intent of altering them later, those fraudsters obviously have a plan for reobtaining the checks once they have been signed. Usually, the fraudster knows that there is no effective separation of controls in place. He knows that the maker of the check will return it to him. Altering Checks Prepared by the Fraudster: Blank Checks The most egregious example of poor controls in the handling of signed checks is one in which the perpetrator prepares a check, leaves the payee designation blank, and submits it to an authorized maker who signs the check and returns it to the employee. Obviously, it is quite easy for the fraudster to designate himself or an accomplice as the payee when this line has been left blank. Common sense tells us that one should not give a signed, blank check to another person. Nevertheless, this happened in several cases in our study, usually when the fraudster was a long-time, trusted employee. In Case 1616, for example, an employee gained the confidence of the owner of his company, whom he convinced to sign blank checks for office use while the owner was out of town. The employee would then fill in his own name as the payee on one of the checks, cash it, and alter the check when it was returned along with the bank statement. The owner's blind trust in his employee cost him nearly $200,000. Converting Altered Checks As with all other types of fraudulent checks, conversion is accomplished by endorsing the checks in the name of the payee. Conversion of fraudulent checks has already been discussed in previous sections and will not be reexamined here. Preventing and Detecting the Alteration of Company Checks Most successful altered payee schemes occur when the person who prepares checks also has access to those checks after they have been signed. As with all forms of check tampering, altered payee schemes can usually be prevented by separating the duties of check preparation, signing, and delivery. It is also critical that the duty of reconciling the bank statement be Page 137 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 138 CHAPTER 5 CHECK TAMPERING separated from other check-preparation functions. Altered payee schemes should be very simple to detect during reconciliation, simply because the name and/or amount on the fraudulent check will not match the entry in the books or the support for the check. In almost all successful altered payee schemes, the perpetrator was able to prepare checks and reconcile the bank statement. In addition to diligently matching all bank statement items to canceled checks, organizations might consider the use of carbon copy checks. Even if these instruments are altered after they have been cut, the copy will still reflect the intended payee and amount. Another simple method is to require that all checks be drafted in permanent ink to prevent schemes in which the payee and amount are erased and rewritten after a check is signed. Concealed Check Schemes Another scheme that requires a significant breakdown in controls and common sense is the concealed check scheme. These are check tampering frauds in which an employee prepares a fraudulent check and submits it along with legitimate checks to an authorized maker who signs it without a proper review (see Exhibit 5-7). Although not nearly as common as the other check tampering methods, it is worth mentioning for its simplicity, its uniqueness, and the ease with which it could be prevented. The perpetrator of a concealed check scheme is almost always a person responsible for preparing checks. The steps involved in a concealed check scheme are similar to those in a forged maker scheme, except for the way in which the employee gets the fraudulent check signed. These schemes work as follows: The perpetrator prepares a check made out to himself, an accomplice, a fictitious person, and so on. Instead of forging the signature of an authorized maker, the employee takes the check to the authorized maker, usually concealed in a stack of legitimate checks awaiting signatures. The checks are typically delivered to the signer during a busy time of day when he is rushed and will be less likely to pay close attention to them. Generally, the checks are fanned out on the signer's desk so that the signature lines are exposed but the names of the payees are concealed. If a particular authorized maker is known to be inattentive, the checks are given to him. The maker signs the checks quickly and without adequate review. Because he is busy or generally inattentive or both, he simply does not look at what he is signing. He does not demand to see supporting documentation for the checks, and does nothing to verify their legitimacy. Once the checks have been signed they are returned to the employee, who removes his check and converts it. This appears to be one of the methods used by Ernie Philips in the case study at the end of this chapter. Philips slipped several checks payable to himself into a stack of company checks, then took them to the operations manager, who was designated to sign checks when the business's owner was out of town. The operations manager apparently did not check the names of the payees and unknowingly signed several company checks to Philips. A similar example of the concealed check method took place in Case 2474, where a bookkeeper took advantage of the owner of her company by inserting checks payable to herself into batches of checks given to the owner for signature. The owner simply never looked at whom he was paying when he signed the checks. The perpetrator of a concealed check scheme banks on the inattentiveness of the check signer. If the signer were to review the checks he was signing, he would certainly discover the fraud. It should be noted that the fraudster in these cases could make the fraudulent check payable to an accomplice, a fictitious person, or a fictitious business Page 138 Wells c05.tex V2 - November 10, 2007 11:08 A.M. CHECK TAMPERING SCHEMES 139 Employee prepares a fraudulent check Payable to himself Payable to a Payable to his real or fictitious own business third person NO Payable to cash Payable to an accomplice Payable to a vendor (personal purchases) Record check as "void" Other Other Is the check recorded in the disbursements journal? YES To expense account To current vendor in accounts payable To asset account Inserts the check in a stack of legitimate checks and delivers it to an authorized maker The check is signed without proper review Employee removes the fraudulent check, endorses it and converts it Employee endorses in his name Employee endorses in fictitious name Accomplice Employee forges endorses/splits endorsement of proceeds with a third party employee Other Postconversion concealment Remove Alter canceled canceled check-insert check from bank legitimate payee statement EXHIBIT 5-7 Force the reconciliation Unconcealed Other Concealed Check Schemes instead of payable to himself. This is more common and certainly a lot less dangerous for the employee (but not nearly as exciting). Authorized Maker Schemes The final check tampering scheme, the authorized maker scheme, may be the most difficult to defend against. An authorized maker scheme is a type of check tampering fraud Page 139 Wells c05.tex V2 - November 10, 2007 11:08 A.M. 140 CHAPTER 5 CHECK TAMPERING Authorized maker prepares and signs company check Payable to himself Payable to a Payable to his fictitious person own business or company NO Payable to cash Payable to an accomplice Payable to a vendor (personal purchases) Record check as "void" Other Other Is the check recorded in the disbursements journal? YES To expense account To current vendor in accounts payable To asset account The fraudulent check is endorsed (in the name of the payee) and converted Employee endorses in his name Employee endorses in fictitious name Employee forges endorsement of a third party Accomplice endorses/ splits proceeds with employee Other Postconversion concealment Remove canceled check from bank statement EXHIBIT 5-8 Alter canceled Force the check-insert reconciliation legitimate payee Unconcealed False expense vouchers Other Authorized Maker Schemes in which an employee with signature authority on a company account writes fraudulent checks for his own benefit and signs his own name as the maker (see Exhibit 5-8). The perpetrator in these schemes can write and sign fraudulent checks without assistance. He does not have to alter a pre-prepared instrument or forge the maker's signature. Overriding Controls through Intimidation When a person is authorized to sign company checks, preparing the checks is easy. The employee simply writes and signs the instruments the same way he would with any legitimate check. In most situations, check signers are owners, offi