You are on page 1of 18

CHAPTER 5

COMPUTER FRAUD
Learning Objectives:
1. Explain the threats faced by modern information systems.
2. Define fraud and describe the process one follows to perpetuate a
fraud.
3. Discuss who perpetrates fraud and why it occurs, including the
pressures, opportunities, and rationalizations that are present in
most frauds.
4. Define computer fraud and discuss the different computer fraud
classifications.
5. Explain how to prevent and detect computer fraud and abuse.

Introduction
Our society has become increasingly dependent on accounting information
systems.
As system complexity and our dependence on systems increase, companies
face the growing risk of their systems being compromised.
A recent survey disclosed that
1. 67 percent of companies had a security breach
2. More than 45 percent were targeted by organized crime
3. 60 percent reported financial losses
The four types of threats a company faces are explained in Table 5-1 on
page 122.

AIS Threats
Four Types of Systems Threats:
1. Natural and political disasters
2. Software errors and equipment malfunctions
3. Unintentional acts
4. Intentional acts (computer crimes)
1. Natural and political disasters

Page 1 of 18

Fires, excessive heat, floods, earthquakes, high winds, war,


and attacks by terrorists

World Trade Center in New York City

Flood in Chicago

Heavy rains

Earthquakes in Los Angeles and San Francisco

Attacks on government information systems by foreign


countries, espionage agents, and terrorists

in Mississippi and Missouri Rivers

2. Software Errors and Equipment Malfunctions


Losses due to software bugs are at almost $60 billion a
year.
More than 60 percent of the companies studied had
significant software errors in the previous year. For
example,

Bugs in new tax accounting system were to blame for


Californias failure to collect $635 million in
business taxes.

There have been a number of massive power failures


that have left hundreds of thousands of people and
many businesses without power.

A software bug in Burger Kings software resulted in a


$4,334.33 debit card charge for four hamburgers. The
cashier accidentally keyed in the $4.33 charge twice.

3. Unintentional Acts
The Computing Technology Industry Association estimates that
human errors cause 80 percent of security problems.
Forrester Research estimates that employees unintentionally
create legal, regulatory, or financial risks in 25 percent
of their outbound e-mails.
Programmers make logic errors. Examples include the
following:

In Japan, a data entry clerk at Mizuho Securities


mistakenly keyed in a sale for 610,000 shares of J-Com
for 1 yen instead of the sale of 1 share for 610,000
yen. The error cost the company $250 million.

A bank programmer mistakenly calculated interest for


each month using 31 days. Resulted in more than
$100,000 in excess interest paid.

Page 2 of 18

An error in a Fannie Mae spreadsheet resulted in a


$1.2 billion misstatement of its earnings.

UPS lost a cardboard box with computer tapes


containing information, such as names, Social Security
numbers, account numbers, and payment histories on 3.9
million Citigroup customers.

Treasury Department mistake in interest rate 8.67


percent that should have been 6.87 percent. This was
caught before the checks were sent out; could have
resulted in overpayments of more than $14 million.
A data entry clerk at Giant Food mistake in quarterly
dividend $2.50 should be $0.25. Resulted in $10
million in excess dividends.

4. Intentional Acts (Computer Crimes)


The most frequent type of computer crime is fraud. This is
where the intent is to steal something of value.
The threat can also be in the form of sabotage, in which the
intent is to destroy or harm a system or some of its
components.
Information systems are increasingly vulnerable to attack.
In a recent three-year period, the number of networks that
were compromised rose 700 percent.
Example of security breaches, consider the case of
OpenTable, a restaurant reservation service that did not
design its cookie properly.
A cookie is data that Websites store on your computer.
The cookie identifies the Websites to your computer
and identifies you to the Website so you do not have
to log on each time you visit the site.
At OpenTable, the customer number stored in the
cookie was very easy to change.
An experienced programmer opened an account at
OpenTable and, in less than an hour, wrote a
program that cycled through all the customer
numbers and downloaded most of the companys
database.

INTRODUCTION TO FRAUD

Page 3 of 18

Fraud is any and all means a person uses to gain an unfair


advantage over another person. Legally, for an act to be
considered fraudulent there must be:
1. A false statement, representation, or disclosure
2. A material fact, which is something that induces a person to
act
3. An intent to deceive
4. A justifiable reliance; that is, the person relies on the
misrepresentation to take an action
5. An injury or loss suffered by the victim
Attempts to Estimate the Staggering Losses from Fraud:
1. The Association of Certified Fraud Examiners estimates total
fraud losses in the United States to be about $660 billion a
year.
2. Income-tax fraud (the difference between what taxpayers owe
and what they pay to the government) is estimated at well
over $350 billion dollars a year.
3. Fraud in the health-care industry is estimated to exceed
$100 billion a year.
75 to 90 percent of all computer crimes are perpetrated by
insiders.
Fraud perpetrators are also referred to as white-collar criminals.
Statement on Auditing Standards (SAS) No. 99:
Fraud takes two forms
1. Misappropriation of assets and
2. Fraudulent financial reporting

Misappropriation of Assets
Misappropriation of assets is often referred to as employee
fraud
A typical employee fraud has a number of important elements
or characteristics:
1. The fraud perpetrator must gain the trust or
confidence of the person or company being defrauded.
2. Instead of a weapon or physical force to commit a

Page 4 of 18

crime, fraud perpetrators use trickery, cunning, or


false or misleading information to obtain money or
assets.
3. They hide their tracks by falsifying records or other
information.
4. Few frauds are terminated voluntarily. Instead, the
fraud perpetrator continues due to need or greed.
Often, perpetrators begin to depend on the extra
income and get to a point where they cannot afford to
stop.
Other times they move to a higher lifestyle that
requires a greater amount of money.
Its at this point where they get braver, or should we
say more relaxed, where the perpetrator gets greedy
and starts stealing larger amounts of money; this is
where they normally get caught.
5. Fraud perpetrators spend their ill-gotten gains,
usually on an extravagant lifestyle. Rarely do they
save or invest the money they take. Some of these high
cost luxurious items include big homes, fancy cars,
gambling, or just a big spender type person.
6. Many perpetrators that become greedy not only start
taking greater amounts of money, but also take the
money more often.
7. As previously mentioned, perpetrators at some point
start getting braver and grow careless or
overconfident. This is the point where they can also
make a mistake and get caught.
8. The fraud perpetrator cannot get away with stealing
cash or property forever. At some point, although it
may take some time, they are going to get caught.
9. The most significant contributing factors in most
employee frauds are the absence of internal controls
or failure to enforce existing internal controls.
After all, if a person that is already dishonest in
his or her nature; if they find out the management is
not concerned about internal controls, then this makes
it very easy for them to become a fraud perpetrator
and start stealing cash or property.

Fraudulent Financial Reporting

Page 5 of 18

The Treadway Commission defined fraudulent financial


reporting as intentional or reckless conduct, whether by act
or omission, that results in materially misleading financial
statements.
The Treadway Commission studied 450 lawsuits against
auditors and found undetected fraud to be a factor in
half of them.
Some prime examples are Enron, WorldCom, Tyco,
Adelphia, HealthSouth, Global Crossing, and Xerox.
Executives cook the books, as they say, by fictitiously
inflating revenues, recognizing revenues before they are
earned, closing the books early (delaying current period
expenses to a later period), overstating inventories or
fixed assets, and concealing losses and liabilities.
The Treadway Commission recommended four actions to reduce
the possibility of fraudulent financial reporting:
1. Establish an organizational environment that
contributes to the integrity of the financial
reporting process.
2. Identify and understand the factors that lead to
fraudulent financial reporting.
3. Assess the risk of fraudulent financial reporting
within the company.
4. Design and implement internal controls to provide
reasonable assurance that fraudulent financial
reporting is prevented.
A study by the Association of Certified Fraud Examiners found that
misappropriation of assets by employees is more than 17 times more
likely than fraudulent financial reporting.
SAS No. 99: The Auditors Responsibility to Detect Fraud
SAS No. 99 requires auditors to:
1. Understand fraud.
2. Discuss the risks of material fraudulent
misstatements.
3. Obtain information.
4.
5.
6.
7.

Identify, assess, and respond to risks.


Evaluate the results of their audit tests.
Document and communicate findings.
Incorporate a technology focus.

Page 6 of 18

Who Perpetrates Fraud and Why It Occurs


Perpetrators of computer fraud tend to be younger and possess more
computer knowledge, experience, and skills.
Some hackers and computer fraud perpetrators are more motivated by
curiosity, a quest for knowledge, the desire to learn how things
work, and the challenge of beating the system.
Most have no previous criminal record.
Research
occur: a
referred
triangle

shows that three conditions are necessary for fraud to


pressure, an opportunity, and a rationalization. This is
to as the fraud triangle and is shown as the middle
in Figure 5-1 on page 127.

Pressures
A pressure is a persons incentive or motivation for
committing the fraud. The three common types of pressures
are 1) financial, emotional, and lifestyle, which is
summarized in Table 5-2 on page 127. Table 5-3 on page 128
provides the pressures that can lead to financial statement
fraud.

Opportunities
As shown in the opportunity triangle in Figure 5-1 on page
127, opportunity is the condition or situation that allows a
person or organization to do three things:
1. Commit the fraud
Most fraudulent financial reporting consists of the
overstatement of assets or revenues or the
understatement of liabilities, or the failure to
disclose information.
2. Conceal the fraud
A common and effective way to hide a theft is to
charge the stolen item to an expense account. For
example, charge supplies to an expense account when
they are initially purchased; before they are used.
This allows the perpetrator the opportunity to use
some of the supplies for personal benefit at the
expense of the company. These unused supplies should
have been recorded as an asset called Supplies until
they are used.
Another way to hide a decrease in assets is by
lapping. In a lapping scheme, the perpetrator steals
the cash or check that customer A mails in to pay its
accounts receivable. Funds received at a later date
from customer B are used to pay off customer As

Page 7 of 18

balance. Funds from customer C are used to pay off


customer B, and so forth.
In a kiting scheme, the perpetrator covers up a theft
by creating cash through the transfer of money between
banks. For example, suppose a fraud perpetrator opens
checking accounts in three banks, called bank A, B,
and C, and deposits $100 in each account. Then the
perpetrator creates cash by depositing a $1,000
check from bank A into bank B and then withdraws the
$1,000 from bank B. It takes two days for his check to
clear bank A. Because there are insufficient funds in
bank A to cover the $1,000 check, the perpetrator
deposits a $1,000 check from bank C to bank A before
his check to bank B clears bank A. Because bank C also
has insufficient funds, $1,000 must be deposited to
bank C before the check to bank A clears. The check to
bank C is written from bank B, which also has
insufficient funds. And the scheme continues. I have
also seen situations where kiting also includes credit
cards in with the use of checking accounts.

Page 8 of 18

3. Convert the Theft or Misrepresentation to Personal


Gain
In employee fraud, all fraud perpetrators go through
the conversion phase unless they steal actual cash
that can be spent or use the asset personally.
Table 5-4 on page 152 lists some of the more
frequently mentioned opportunities that permit
employee and financial statement fraud.
Opportunities for fraud often stem from internal
control factors.
A control feature many companies lack is a background
check on all potential employees.

Rationalizations
Rationalization allows perpetrators to justify their illegal
behavior.
A list of some of the rationalizations people use:
1. I am only borrowing the money (or asset) and will
repay my loan.
2. You would understand if you know how badly I needed
it.
3. What I did was not that serious.
4. It was for a good cause (the Robin Hood syndrome,
robbing from the rich to give to the poor).
5. I occupy a very important position of trust. I am
above the rules.
6. Everyone else is doing it, so it is not that wrong.
7. No one will ever know.
8. The company owes it to me, and I am taking no more
than is rightfully mine.

Computer Fraud
The U.S. Department of Justice defines computer fraud as any
illegal act for which knowledge of computer technology is
essential for its perpetration, investigation, or prosecution.
More specifically, computer fraud includes the following:
1. Unauthorized theft, use, access, modification, copying, and
destruction of software or data

Page 9 of 18

2. Theft of money by altering computer records


3. Theft of computer time
4. Theft or destruction of computer hardware
5. Use or the conspiracy to use computer resources to commit a
felony
6. Intent to illegally obtain information or tangible property
through the use of computers
The Association of the Certified Fraud Examiners provides the
general definition of computer fraud:
Any defalcation or embezzlement accomplished by tampering
with computer programs, data files, operations, equipment,
or media and resulting in losses sustained by the
organization whose computer system was manipulated.
Another definition of computer crime:
In a computer crime, the computer is involveddirectly or
indirectlyin committing the criminal act. Sabotage of
computer facilities is classified as a direct computer crime
and unauthorized access of stored data is an indirect
computer crime because the presence of the computer created
the environment for committing the crime.
The Rise in Computer Fraud
Computer systems are particularly vulnerable to computer crimes
for the following reasons:
1. Billions of characters of data are stored in company
databases. People who manage to break into these databases
can steal, destroy, or alter massive amounts of data in very
little time.
2. Organizations want employees, customers, and suppliers to
have access to their system. The number and variety of these
access points significantly increase the risks.
3. Computer programs only need to be changed or modified once
without permission for the system to operate improperly for
as long as the system is in use.
4. Modern systems utilize personal computers (PCs), which are
inherently more vulnerable to security risks. It is
difficult to control physical access to each networked PC.
In addition, PCs and their data can be lost, stolen, or
misplaced.
5. Computer systems face a number of unique challenges:
reliability (i.e., accuracy, completeness), equipment
failure, environmental dependency (i.e., power, damage from

Page 10 of 18

water or fire), vulnerability to electromagnetic


interference and interruption, eavesdropping, and
misrouting.
The increase in computer fraud schemes is due to some of the
following reasons:
1. Not everyone agrees on what constitutes computer fraud.
2. Many computer frauds go undetected.
The FBI estimated that only one percent of all computer
crime was detected; whereas others estimated it to be
between 5 and 20 percent.
3. A high percentage of uncovered frauds are not reported.
4. Many networks have a low level of security.
5. Many Internet pages give step-by-step instructions on how to
perpetrate computer crimes and abuses.
6. Law enforcement is unable to keep up with the growing number
of computer frauds.
7. The total dollar value of losses is difficult to calculate.
Computer Fraud Classifications
As shown in Figure 5-2 on page 132, one way to categorize computer
fraud is to use the data processing model: input, processor,
computer instructions, stored data, and output.
Input
The simplest and most common way to commit fraud is to alter
computer input. It requires little, if any computer skills.
Instead, perpetrators need only understand how the system
operates so they can cover their tracks.
To commit payroll fraud, perpetrators can enter data to
increase their salary, create a fictitious employee, or retain
a terminated employee on the records.
Example of input fraud, a New York bank employee changes the
company deposit slips to forged deposit slips. For three days
he deposited bank deposits in his personal account. Then he
disappeared and was not caught as he used an alias name.
There are more examples on pages 155 and 156.
Processor
Computer fraud can be committed through unauthorized system
use, including the theft of computer time and services.

Page 11 of 18

Example of processor fraud, employees of an insurance company


were running an illegal gambling Website. These employees hid
the computers under the floor.
There are more examples on page 156.
Computer Instructions
Computer fraud can be accomplished by tampering with the
software that processes company data.
Data
The greatest exposure in data fraud comes from employees with
access to the data.
The most frequent type of data fraud is the illegal use of
company data, typically by copying it, using it, or searching
it without permission.
For example, an employee using a small flash drive or an iPod
can steal large amounts of data and remove it without being
detected.
The following are some recent examples of stolen data:
1. The office manager of a Wall Street law firm found
information about prospective mergers and acquisitions in
the firms Word files. He sold the information to friends
and relatives, who made several million dollars trading the
securities illegally.
2. A 22-year old Kazakhstan man broke into Bloombergs network
and stole account information, including that of Michael
Bloomberg, the mayor of New York and the founder of the
financial news company. He demanded $200,000 in exchange for
not using or selling the information. He was arrested in
London when accepting the ransom.
3. A software engineer tried to steal Intels plans for a new
microprocessor. Because he could view but not copy or print
the manufacturing plans, he photographed them screen by
screen late at night in his office. One of Intels controls
was to notify security when the plans were viewed after
hours. He was caught photographing the plans.
4. Cyber-criminals used sophisticated hacking and identity
theft techniques to hack into seven major online brokerage
firm accounts. They sold the securities in those accounts
and used the cash to pump up the price of 15 low-priced,
thinly traded public companies they already owned. They then
dumped the 15 stocks in their personal accounts for huge
gains. E-trade lost $18 million and Ameritrade $4 million in
similar pump-and-dump schemes.
5. The U.S. Department of Veterans Affairs was sued because an
employee laptop that contained the records of 26.5 million

Page 12 of 18

veterans was stolen, exposing them all to identity theft.


Later, another laptop with the records of 38,000 people
disappeared from a subcontractors office.
Data can also be changed, damaged, destroyed, or defaced.
Data also can be lost due to negligence or carelessness.
Deleting files does not erase them. Even reformatting a hard
drive often does not erase files or wipe the drive clean.
Output
Computer output, displayed on monitors or printed on paper, can
be stolen or misused.
Fraud perpetrators can use computers and output devices to
forge authentic-looking outputs. For example, a company laserprinter could be used to prepare paychecks.

Preventing and Detecting Computer Fraud and Abuse


Table 5-5 on page 134 provides a summary of ways to prevent and detect
computer fraud.
1. Make fraud less likely to occur.
2. Increase the difficulty of committing fraud.
3. Improve detection methods.
4. Reduce fraud losses.
According to Gil Geis, president of the Association of Certified Fraud
Examiners, the Report to the Nation on Occupational Fraud and Abuse
represents the largest known privately funded study on this subject. A
total of 2,608 Certified Fraud Examiners (CFEs) contributed details of
actual fraud and abuse cases totaling $15 billion. The largest fraud
case in the study involves $2.5 billion; the smallest, $22. The 2 year
study concluded that the average firm loses more than $9 a day per
employee to fraud and abuse, that fraud and abuse costs U.S.
organizations more than $400 billion annually, and that the median loss
per case caused by males is about $185,000, by females, about $48,000.
Three-fourths of the fraud offenses are committed by college-educated
white males. The data indicate that about 58 percent of the reported
fraud and abuse cases were committed by nonmanagerial employees, 30
percent by managers, and 12 percent by owner/executives. Median losses
caused by executives were 16 times those of their employees. The victims
in this report are organizations. The most costly abuses occurred in
firms with less than 100 employees. Common violations include asset
misappropriation, corruption, false financial statements, false
overtime, petty theft and pilferage, use of company property for
personal benefit, and payroll and sick time abuses.

Page 13 of 18

The Association of CFEs, the body conducting the study, concluded that
most occupational fraud and abuse can be prevented and detected with
common sense and inexpensive solutions, mainly through use of so-called
soft controls. First, since regular audits are not designed specifically
for fraud and abuse, a CFE should be consulted to assess a firms unique
fraud risks and to design programs that cost-effectively reduce
exposures. Second, employees who view their managers as ethical and
honest are more inclined to emulate their behavior. Third, a written
code of conduct sets forth what the organization expects from its
employees. Fourth, sound human resource policies and practices should be
followed, such as checking employee references and conducting other prescreening procedures. Fifth, a hot line is highly desirable.
In this study, the majority of fraud and cases were discovered through
tips and complaints by fellow employees. Sixth, the firms unopened bank
statement should be reviewed at the highest possible level by a
responsible person uninvolved with the bank reconciliation. Finally, a
positive and open work environment should be created to reduce the
motivation of employees to commit fraud and abuse.
*Report to the Nation on Occupational Fraud and Abuse (Austin, Tex:
Association of Certified Fraud Examiners, 1996). p. 43

COMPUTER CRIME
At Omega Engineering*
A fired employee intentionally launched a logic bomb that permanently
caused irreparable damage to Omegas computer system by deleting all of
the firms software, inflicting $10 million in damages. Could it have
been prevented? Maybe! Could the damages and computer downtime have been
minimized through effective internal controls? Definitely. Thats the
assessment of control experts after the recent indictment of Timothy
Lloyd, the former chief computer network program designer and network
administrator at Omega Engineering in Bridgeport, N.J.
Omega is the classic situation of an inside hack attack, in this case a
logic bomb that detonates at a specified time. They are the most
difficult to defend against, said William Cook, a partner at Brinks,
Hofer, Gilson & Lione, a Chicago-based law firm. That is exactly what
happened, said Al DiFrancesco, Omegas director of human resources.
Three weeks after Lloyd was fired, our employees came to work and could
not boot their computers, he said.
Like many victimized businesses, Omega had thought it had implemented
reliable control mechanisms into its information systems. These control
mechanisms did lead back to Lloyd and resulted in his indictment,
Difrancesco said. Moreover, Omega canceled all of Lloyds access rights
and privileges on the date of his termination.
So what went wrong? For starters, besides being Omegas chief computer
network program designer, Lloyd was also the companys network
administrator. Thus he knew the ins and outs of the system and had all
the supervisory privileges to make network additions, changes, and
deletions. In the wake of the damage caused by the logic bomb, Omega has
installed state-of-the-art internal controls, and the firm will no
longer put all its eggs in one basket. It is making sure that duplicates

Page 14 of 18

of all database information, software code, and files are stored offsite.
*Adapted from Kim Girard, Ex-Employee Nabbed in $10M Hack Attack,
Computerworld, February 28, 1998 p. 6.
EMPLOYEE FRAUD SCHEMES
Cash
Cash is the focal point of most accounting entries. Cash, both on
deposit in banks and petty cash, can be misappropriated through many
different schemes. These schemes can be either on-book or off-book,
depending on where they occur. Generally, cash schemes are smaller than
other internal fraud schemes because companies have a tendency to have
comprehensive internal controls over cash and those internal controls
are adhered to. Cash fraud schemes follow general basic patterns,
including skimming, voids/under-rings, swapping checks for cash,
alteration of cash receipts tapes, fictitious refunds and discounts,
journal entries and kiting.
Skimming
Skimming involves removing cash from the entity before the cash is
recorded in the accounting system. This is an off-book scheme; receipt
of the cash is never reported to the entity. A related type of scheme is
to ring up a sale for less than the actual sale amount. (The difference
between the actual sale and the amount on the cash register tape can
then be diverted.) This is of particular concern in retail operations
(for example, fast food restaurants) where much of the daily sales are
in cash, and not by check or credit card.
EXAMPLE
According to an investigation, fare revenues on the Chicago
Transit Authoritys (CTA) rail system allegedly were
misappropriated by agency employees. The statistics indicate that
the thefts are not confined to the one station that originally was
suspected and that the fare-skimming by transit workers might have
been reduced by news of the investigation. In the four days after
reports of skimming surfaced, about $792,000 was turned in by
station agents system wide. In a similar Monday through Friday
period only $723,000 was turned in by station agents.
CTA officials estimated that a planned installation of a $38
million automated fare-collection system would eliminate $6.5
million annually in revenue shrinkage, mostly from employee
theft. At least 10 workers have been investigated, including nine
ticket agents and one supervisor or clerk. Early reports indicated
that agents pocketed money after recording transfer or monthly
passes as cash-paying customers passed through turnstiles.
Voids/Under-Rings
There are three basic voids/under-ring schemes. The first is to record a
sale/cash receipt and then void the same sale, thereby removing the cash

Page 15 of 18

from the register. The second, and more common variation, is to purchase
merchandise at unauthorized discounts. The third scheme, which is a
variation of the unauthorized discount, is to sell merchandise to a
friend or co-conspirator using the employees discount. The coconspirator then returns the merchandise for a full refund, disregarding
the original discount.
EXAMPLE
Roberta Fellerman, a former Ball State University employee, was
indicted on federal charges of stealing about $105,000 from the
schools bookstore operations. Fellerman was charged with stealing
the money over a thirty-three month period.
The thefts allegedly were from proceeds of the sales of books to
students who took Ball State courses through an off-campus
program at many cities around Indiana. Fellerman was in charge of
the sale of the books from the book store.
Fellerman was accused of altering records and taking currency from
a cash drawer. She was also charged with income tax violations for
failing to report the stolen money on her federal tax returns.
Swapping Checks for Cash
One common method where an employee can misappropriate cash is to
exchange his own check for cash in the cash register or cash drawer.
Periodically, a new check is written to replace the old check. This
process can be continued so that on any given day, there is a current
check for the cash removed. This is a form of unauthorized borrowing
from the company. Obviously, if it is the company policy that cash
drawers or registers are reconciled at the conclusion of each day and
turned over to a custodian, then this fraud scheme is less likely to be
committed. However, if personnel are allowed to keep their own cash
drawers and only remit the days receipts, then this method of
unauthorized borrowing will be more common.
EXAMPLE
Lisa Smith, a Garfield High School fiscal clerk at a central
treasurer function allegedly borrowed $2,400 by placing 23
personal checks in deposits which were made from various student
activities at decentralized locations. Ms. Smith placed a personal
check in each deposit as a method of keeping track of the amount
of money which had been borrowed. The transactions were
inappropriately delayed for up to 5 months.
Auditors detected the delayed transactions during an unannounced
cash count. On the day of the count, the fund custodian had only a
few hundred dollars in his bank account (confirmed by telephone
upon receipts of custodians authorization). When all 23 personal
checks were deposited in the districts account, several were
returned as NSF. After payday, all NSF checks subsequently cleared
the bank. The custodians employment with the district was
terminated.
Alteration of Cash Receipts Documentation

Page 16 of 18

A lack of segregation of duties can create an opportunity for an


employee to misappropriate company funds. For example, if the same
person is responsible for both collecting and depositing the cash
receipts, then this person has the opportunity to remove funds from the
business for his own personal use and conceal such theft through the
deposits. This is often the case in smaller organizations where there
are few personnel to divide the daily operations. A variation of this
scheme is to mutilate or destroy the cash receipts documentation so that
any attempt to reconcile the cash deposited with the cash receipts is
thwarted.
EXAMPLE
An elected county treasurer allegedly stole $62,400 over a three
year period from property tax receipts. Every other day, after
cash receipt transactions were batched and posted to the
subsidiary accounting records, the treasurer altered the total
cash receipts and the actual deposit. Therefore, the control
account and the deposit were equal but that total did not match
the total postings to the individual tax payers accounts. In each
of the three years, the difference between the control account
receivable and the summation of the individuals in the subsidiary
accounts was written off. These were unsupported accounting
adjustments.
Evidence was obtained by reconstructing the three years cash
receipts and matching the differences between the total cash
receipts, control account, and the individual (subsidiary)
accounts with the unsupported accounting adjustments.
Fictitious Refunds and Discounts
Fictitious refunds occur when an employee enters a transaction as if a
refund were given; however, no merchandise is returned, or no discount
is approved which substantiates the refund or discount. The employee
misappropriates funds equal to the fictitious refund or discount. This
scheme is most prevalent in the retail/merchandise industry; however, it
can occur in any operation in which a refund or discount is given.
EXAMPLE
Dora Malfrici, a former New York University student financial aid
official, was charged along with her husband Salvatore with
stealing $4.1 million. This was allegedly done by falsifying more
than a thousand tuition refund checks. The loss was described as
one of the largest embezzlements ever uncovered at a U.S.
university. The money was allegedly taken from the Tuition
Assistance Program, operated by the New York State Higher
Education Services Corporation to provide expenses money to needy
students. However, NYU officials assert that the funds came from a
University account, not from State money.
Malfricis job was to assure that students entitled to funds from
the Corporation received their checks. According to the U.S.
Attorney, she arranged for checks to be made out to hundreds of
legitimate NYU students who were not entitled to receive any

Page 17 of 18

funds. These students were kept unaware of this because the checks
were deposited into bank accounts in Manhattan and New Jersey that
allegedly were controlled by the Malfricis. These checks were made
over to Elizabeth Pappa before being deposited into accounts in
that name. Some other checks were made payable directly to Pappa.
The FBI was unable to locate Elizabeth Pappa and believes that
such a person never existed. Reportedly, the Malfricis spent
$785,000 of the funds in question on expensive jewelry and $85,000
of the money on Florida real estate.
Kiting
Kiting is the process whereby cash is recorded in more than one bank
account, but in reality, the cash is either nonexistent or is in
transit. Kiting schemes can be perpetrated using one bank and more than
one account or between several banks and several different accounts.
Although banks generally have a daily repot that indicates potential
kiting schemes, experience has shown that they are somewhat hesitant to
report the scheme until the balance in their customers accounts is
zero.
There is one important element to check kiting schemes: all kiting
schemes require banks to pay on unfunded deposits. This is not to say
that all payments on unfunded deposits are kiting schemes, but rather,
that all kiting schemes require payments be made on unfunded deposits.
In other words, if a bank allows its customers to withdraw funds on
deposits that the bank has not yet collected the cash, then kiting
schemes are possible. In todays environment where customers use wire
transfers, kiting schemes can be perpetrated very quickly and in very
large numbers.
EXAMPLE
Ronald W.P. Sylvia, 59, and his son-in-law, Philip L. Grandone,
33, both of Dartmouth, admitted to participating in a check-kiting
scheme that bilked the Bank of Boston out of $907,000. Grandone,
owner of two pharmacies in the New Bedford area, had cash-flow
problems when Sylvia, operator of two auto sales and leasing
businesses, offered to write a check to cover some of his son-inlaws operating expenses. Grandone repaid that $50,000 loan within
a few days, but borrowed again and again in every-increasing
amounts to bring fresh infusions of cash into his faltering
pharmacy businesses. An exchange of checks between Grandone and
Sylvia eventually occurred literally daily until Sylvias bank
caught on to the float scheme and froze Sylvias account.
Cut off from Sylvias supply of cash, Grandones account with the
Bank of Boston was left overdrawn by $907,000. Grandone was
ordered to make restitution to the Bank of Boston.

Page 18 of 18

You might also like