Stealing Cash with a Smile

The Affable Courier Who Pocketed $250,000

July/August 2010

ByBy Kenneth C. Citarella, J.D., CFE, and Mindy Eisenberg-Stark, CFE, CPA

Fraudsters pay close attention to how systems work in a business. That's how they find their opportunities to steal. The story of how a successful medical practice lost at least $250,000 in an employee embezzlement scheme illustrates that when internal controls fail, the devil might indeed be lurking in the details.

Here are the details of a classic "from the deposit" cash theft scheme from the Occupational Fraud and Abuse Classification System - the ACFE's "Fraud Tree." (See the 2010 "Report to the Nations.")

Westchester Medical Associates (WMA) was a nine-physician, five-office medical practice in Westchester County, N.Y. Its offices, which provided a wide array of services, were managed from an executive office at a separate location. The practice worked hard to apply good internal controls consistently in each office. All personnel clearly understood WMA's straightforward money-handling procedures. (All the names of businesses and individuals are fictitious to protect the privacy of the victimized practice.)

CONTROL PROCEDURES FOR PATIENT CO-PAYS

In any medical office, income arrives in two ways: payments made by a patient at the time of service (often an insurance company co-pay) and payments from insurance companies, government programs, and other third-party payers. This article will focus on how a single omission in internal controls made possible a serious embezzlement that went undetected for years.

Every WMA office handled patient co-pays according to the same prescribed procedures. The receptionist recorded each patient's visit in a spiral notebook. The date and office designation was written on the top of each page in the notebook. There were columns for the patient's name, the time of arrival, the physician to be seen, the patient's insurance carrier, the amount of the co-pay, and how the co-pay was tendered. This record was called the daily co-pay log. Cash, checks, and credit cards were accepted. At the end of the day, at least two people double-checked that every patient's visit had been recorded properly. The staff also verified the amount and type of each co-payment tendered. Totals for cash, check, and credit card co-pays were entered at the bottom of each sheet, along with a grand total and the initials of both verifiers.

After the day's receipts were tallied, the page was photocopied and that copy and all cash and checks received that day were placed in a clasped manila envelope and secured in a locked drawer. Credit card payments were handled electronically, so those weren't included in the envelope.

A WMA-employed courier would collect the envelopes at each office every morning - or sometimes every other day depending on the patient volume - and take the proceeds to the bank. When this courier arrived at each office, the receptionist would open the locked drawer and remove the clasped envelope. Together they would recount the entries on the page and verify that the correct amounts of checks and cash were present in the envelope. The courier then would prepare the bank deposit ticket, using blank forms from the bank. With the bank deposit ticket filled out, the courier would remove the customer copy of the form and attach it to the copy of the daily co-pay log, and these documents were sent to the executive office for filing.

At first blush, WMA's procedures appeared reasonably secure. But appearances can be deceiving.

THE PROBLEMATIC COURIER

When WMA first contacted the Westchester County District Attorney's Office about a concern, the practice had just fired its courier, Charlie Smith. Charlie, a well-liked employee, had started out at WMA as an insurance company negotiator. If WMA didn't agree with a third-party payer's settlement offer, Charlie would try to secure a more favorable resolution. A few times when WMA's previous courier was on vacation, Charlie had offered to help out. When that courier resigned, Charlie volunteered for the position, got the job, and added those responsibilities to his existing role as a negotiator. He had been serving as WMA's courier for about three years when another employee uncovered his scam.

THE SCAM

When Charlie had stepped up as a substitute courier, he had observed something about the practice's operations that no one else at WMA realized. As mentioned before, the executive office received copies of the bank deposit tickets for each office. WMA also received monthly bank statements showing all the deposits made during the month including how much money was deposited by the courier each time he went to the bank with the co-payments. Neither the office management nor WMA's accounting firm ever reconciled these independently created records. Charlie realized that WMA's failure to identify a readily available internal control was his opportunity to steal.

Once he became the practice's official courier, Charlie followed all the procedures for verifying the cash and checks received at each office. He dutifully received the clasped envelopes from the receptionists, recounted the receipts with them and completed the bank deposit tickets, leaving the customer copies attached to the copies of the daily co-pay logs. But then he exploited the weak link in the system: Charlie never deposited the cash; those funds went into his pocket. He simply completed a new bank deposit ticket at the bank that reflected only the amount of the checks. These he deposited into the WMA account. Charlie then destroyed the customer copies of the falsified deposit tickets that the bank had stamped as received. Safe in the knowledge that no one would compare the bank statements with the daily co-pay logs, Charlie pocketed all of the co-pay cash, totaling at least $250,000, for three years. The exact amount of the theft was never determined.

THE SCAM EXPOSED

Despite some telltale signs in Charlie's behavior, his fraud lasted a considerable length of time before it was discovered. Whenever someone at WMA had a birthday, Charlie would buy lunch for the entire staff. He rarely took time off. If he knew he would be out, he would argue against having someone else act as the bank courier, claiming he would handle it upon his return.

As time passed, another employee began to distrust Charlie's generosity with gifts and his insistence on being the sole courier. Only with the most reluctant approval of management was she permitted to search Charlie's desk one day when he was out of the office. She discovered several genuine bank deposit slips, which included both cash and check payments, that Charlie had neglected to destroy. His scheme unraveled.

ACCOUNTING SYSTEM FAILURES

The accounting firm's insufficient reconciliation of the bank statements against internal records was a glaring deficiency in the system. In comparing the monthly bank statements to WMA's checking account records, WMA was only able to discern that the amounts deposited and drawn on the checking account were properly recorded by both the bank and WMA. If the accountants had bothered to go back a little further to the daily co-pay logs and compare those with the bank's statements, another story would have unfolded.

The accountants made an assumption that the deposit amounts shown on the bank statements were the correct amounts to be deposited. This is a classic example of the difference between ordinary accounting and preventive or deterrent forensic auditing, which accepts nothing at face value and tests the facts behind every reported transaction. The accountants left their client's income streams unprotected for years. If even once during a three-year period they had asked for records backing up the deposited amounts shown in the bank statements, the scheme would have been detected.

Moreover, we as investigators wondered how it was possible for the accountants to not notice the almost total absence of cash deposits once Charlie became the courier. The banking statements gave separate totals for cash and check deposits every month. Cash deposits had appeared every month during the tenure of the prior courier but only extremely rarely during Charlie's time in that job.

How the accounting firm understood its duties with WMA is a matter of speculation that we didn't pursue in the course of the investigation. The firm's frightening ignorance of WMA's operations made the accountants' "expertise" irrelevant to the investigation.

To make matters worse, WMA's accounting system made it impossible to calculate the extent of the larceny. Theoretically, the patient records should contain accurate information on what co-pays were paid for each visit. Yet, sometimes patients paid an incorrect amount - usually too much. And those errors wouldn't be detected until the insurance settlement payments arrived. When these situations occurred, the patients were given credit for the excess payment. Those credits, however, were recorded in the accounting system as if they were new payments from the patient.

For example, suppose a patient paid a $30 co-pay on June 1. In July, her insurance company makes a settlement payment indicating she should have paid a $20 co-pay. WMA now has $10 more than it should have, which should be credited to the benefit of the patient's account. So WMA would record that extra $10 in the accounting system as new money received from the patient in July. The $30 co-pay effectively became a $40 co-pay to give the patient the $10 credit.

By design, the WMA accounting system failed to properly record what actually had transpired, and it had incorrect totals for patient co-pays. The business' accounting system would never be in harmony with its co-pay logs. Thus, the WMA accounting system couldn't provide an accurate record of the co-pays received. Had the accounting system at least recorded patient payments correctly, the size of the larceny could have been calculated by comparing actual co-pay receipts with the counter deposits at the bank. (Third-party payer settlement checks were almost exclusively electronic credits, so they didn't present a complication.)

We were left with the arduous task of collecting and totaling by hand all the co-pay logs from each office for the time that Charlie was the courier. The one saving grace was that the bank statements separated monthly totals for cash and checks, and all the cash totals were zero, except for a handful of days that Charlie was out and a substitute courier made the deposits. Of course, numerous daily co-pay logs were missing from the records - in some cases, several months' worth were missing from some of the smaller offices.

BOTTOM LINE

Charlie was indicted for grand larceny and pleaded guilty. (He was only sentenced to probation and restitution.) Whether WMA or its accounting firm learned the many lessons taught by Charlie is unknown, because what happens after a criminal prosecution isn't often something to which a prosecutor's office is privy. But, in retrospect, there were no surprises in this case.

Accounting systems need to track money accurately. How much money has come in and from what sources - including any adjustments - must be more than arithmetically correct. The accounting system must make financial sense and reflect actual business operations. It should be a source of information, not just a collection of numbers.

Internal and external financial records that track the same business activities must be reconciled regularly to detect and deter fraud. As often happens with embezzlement schemes, the failure to reconcile these records leaves the integrity of a company's financial operations dependent on one person. Considering the effort WMA required of its employees to accurately record the receipt of patient co-pays, this gross oversight of not reconciling records was all the more striking. WMA assumed that the work of the receptionists taking co-pays required verification, but somehow the business didn't assume that the courier's role needed checks and balances. As happens all too often, assumptions made about systems and people who handle an organization's money proved costly.

Ken Citarella, J.D., CFE, was deputy chief of the investigations division of the Westchester County District Attorney's Office and prosecuted this case. He's now in private practice in Westchester County as a CFE and is of counsel to the law firm of Meiselman Denlea Packman Carton and Eberz PC.

Mindy Eisenberg-Stark, CPA, has a private accounting practice in Westchester County and provides forensic accounting services to the district attorney's office.

The Association of Certified Fraud Examiners assumes sole copyright of any article published onwww.fraud-magazine.comor follows a policy of exclusive publication

Kindly assist in coming up with the following:

A brief summary of the case

What allowed the fraud to happen

Who were the victims

Changes that should happen after the fraud (change in controls)

Outcome of the case (court results, convictions, settlements, etc.)