revista antifraude

7/27/2019 revista Antifraude

1/76

Vol. 27, No. 1, January/February 2012

A P U B L I C A T I O N O F T H E A S S O C I A T I O N O F C E R T I F I E D F R A U D E X A M I N E R S

THE

Tell-Tale SignsofDeceptionPLUS Fraud in Houses of Worship,PG. 18 Collegiate Athletics Fraud,PG. 24 Overachieving Fraud,PG. 36 Data Breaches, Part 3,PG. 40


2/76

If Every Employee and SupplierDisplayed Model Behavior

ACFE 2010. All Rights Res

In a perfect business world, every employee and third-party supplier would display model business behavior, and there

would be little need for anti-fraud programs. But, in the real business world, occupational fraud and abuse are prevalent.

So, businesses must implement anti-fraud programs to protect themselves from financial, legal and reputational harm.

Tips are the leading source of fraud detection and fraud hotlines are a leading source of tips. So, turn to EthicsLine,

the official hotline of the ACFE.

The EthicsLine package includes:

Hotline (telephone, web, mobile) for report intake

Case Management (web and mobile) for online

investigation management

Analytics for tracking and trending Communications Campaign Materialsto communicate

when and how to report observed business misconduct

EthicsLine is now powered by Global Compliance

888-782-4769 [email protected] www.EthicsLine.com

* 2010 ACFE Report to the Nations on Occupational Fraud and Abuse

Where a fraud hotline was in

place, the average duration of

a fraud scheme was reduced by

7 months, and the median loss

was reduced by 59%.*


3/76

1

JANUARY/FEBRUARY 2012 | VOLUME 27 | NO. 1

30 The 10 Tell-Tale Signs of DeceptionThe Words Reveal

By Paul M. Clikeman, Ph.D., CFE

Suspects and witnesses often reveal more than they

intend through their choices of words. Here are waysto detect possible deception in written and oralstatements.

COVER STORY

FEATURED ARTICLES

Fraud in Houses of WorshipWhat Believers Do Not Want to Believe

By Robert M. Cornell, Ph.D., CMA, EducatorAssociate; Carol B. Johnson, Ph.D., EducatorAssociate; and Janelle Rogers Hutchinson

Houses of worship are particularly vulnerable to fraud,

but most feel they are impervious. The authors providereasons why churches feel so bulletproof and seven

practical steps fraud examiners can use to help

churches stop fraud in its tracks.

Fraud in Collegiate AthleticsWhen Major League MoneyMeets Little League ControlsBy Herbert W. Snyder, Ph.D., CFE; andDavid OBryan, Ph.D., CFE, CPA, CMA

A major, multimillion sports ticket fraud at the

University of Kansas highlights how CFEs can help

convince administrators and boards to reassert control

over their athletics departments. The answer could beindependent oversight.

18

24


4/76

2 Fraud-Magazine.com

Overachieving Fraud Wolvesin Sheeps ClothingTargeting Top-Performing EmployeesGaming the Bonus System

By Jeffrey Horner, CFE, CRCMP

Follow this CFE consultant as he uncovers top collection

reps at a business call center who inflated their

performances for more money and job advancement.

Breaking Breach Secrecy, Part 3Analysis Shows Entities LackStrong Data Protection Programs

By Rober t E. Holt freter, Ph.D., CFE, CICA; andAdrian Harrington

The authors analysis of data-breach statistics shows

that organizations poorly protect personal data. Pos-

sible solution: U.S. federal rules for guidance in devel-

oping comprehensive data protection programs.

36

40

COLUMNS & DEPARTMENTS

4 From the President & CEO Suppor ting Our International Chapters

By James D. Ratley, CFE

6 Digital Fingerprints Anything You Say Can and

Will be Used Against You! By Jean-Franois Legault

8 Frauds Finer Points Using an Organizations Credit

to Commit Fraud, Part 1 By Joseph R. Dervaes, CFE, ACFE Fellow, CIA

12 Fraud EDge Get Involved in Higher Education:

Opportunities for CFEs in Educating

Future Fraud Fighters By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D.,

CFE, CPA; and Gary Weber, Ph.D. Edited by RichardDick A. Riley, Ph.D., CFE, CPA

16 FraudBasics Check 21 Can Make Fraud Easier: Be Alert to Changes in Technology By Linda Lee Larson, DBA, CFE, CPA, CISA

52 Case in Point He Milked it For All it Was Worth: A Dairy Farm Bankruptcy Fraud

By Roger W. Stone, CFE

56 Taking Back the ID

Fraudsters Claiming Victims ViaPayday Loan and LinkedIn ScamsBy Robert E. Holtfreter, Ph.D., CFE, CICA

58 Global Fraud Focus Chinese Stock Investment Fraud? Separating Fact from Fiction By Tim Harvey, CFE, JP; and Richard Hurley, Ph.D.,

J.D., CFE, CPA

60 Meet the Staff

Improving Members LivesBy Cora Bullock; Photo by Christi Thornton-Hranicky, CFE

62 ACFE News

70 CPE Quiz Earn CPE Toward Renewing Your CFE Credential.


5/76

January/February 2012 3

EDITORIAL ADVISORY COMMITTEEJonathan E. Turner, CFE, CII, chair; Larry Adams,CFE, CPA, CIA, CISA, CQA, CSP, CCP; EmmanuelA. Appiah, MBA, CPA, CFE; Richard Brody, Ph.D.,CFE, CPA; Jean-Pierre Bruderer, Ph.D., CFE; Je imyJ. Cano, Ph.D., CFE, CAS; Linda Chase, CPA, CFE;Franklin Davenport, CFE; David J. Clements, CFE;Craig Ehlen, Ph.D., CFE, CPA; Ellen Fischer, CFE,

CIA; Peter D. Goldmann; Allan F. Greggo, CFE, CPP;Robert Holtfreter, Ph.D., CFE; Peter Hughes, Ph.D.,MBA, CFE, CIA, CPA; Cheryl Hyder, CFE, CPA,CVA; Robert Kardell, CFE, CPA; Thomas CheneyLawson, CFE, CIA; Philip C. Levi, CFE, CPA, FCA;Larry Marks, CFE, CISA, PMP, CISSP, CSTE; MichaelA. Pearson, D.B.A., CFE, CPA, CMA; MarilynPeterson, CFE, CCA; Laura M. Preston, CFE; HerbertSnyder, Ph.D., CFE; Scott Strain, CFE; Karen ForrestTurner, Ph.D., Educator Associate

2011-2012 BOARD OF REGENTSJohnnie R. Bejarano, DBA, CFE, CPA; Lt. Col. RobertJ. Blair, CFE, CGFM; Cynthia Cooper, CFE, CISA;Bruce Dorris, J.D., CFE, CVA, CPA; Joseph L. Ford,CFE; John Warren, J.D., CFE

Fraud Magazine(ISSN 1553-6645) is published bimonthlyby the Association of Certified Fraud Examiners, 716 WestAvenue, Austin, TX 78701-2727, USA 2012 All rightsreserved. Periodical Postage Paid at Austin, TX 78701and at additional mailing offices.

POSTMASTER:Please send address changes to:

Fraud MagazineACFE World Headquarters The Gregor Building716 West Avenue Austin, TX 78701-2727, USA

(800) 245-3321 +1 (512) 478-9000Fax: +1 (512) 478-9297

Subscriptions:ACFE members: annual membership duesinclude $20 for a one-year subscription. Non-membersinU.S.: one year, $55. All others: one year, $75. Member-ship information can be obtained by visiting ACFE.comor by calling (800) 245-3321, or +1(512) 478-9000.Change of address notices and subscriptions should bedirected to Fraud Magazine. Although Fraud Magazinemay be quoted with proper attribution, no portion ofthis publication may be reproduced unless written per-mission has been obtained from the editor. The viewsexpressed in Fraud Magazine are those of the authorsand might not reflect the official policies of the Associa-tion of Certified Fraud Examiners. The editors assumeno responsibility for unsolicited manuscripts but willconsider all submissions. Contributors guidelines areavailable at Fraud-Magazine.com. Fraud Magazine is adouble-blind, peer-reviewed publication.

To order printed or electronic reprints, visitfraud-magazine.com/reprint-request.aspx or

email [email protected].

ADVERTISING COORDINATORRoss Pry

(800) 245-3321 [email protected]

Association of Certified Fraud Examiners, ACFE, Certified FraudExaminer (CFE), the ACFE Seal and Fraud Magazineare trade-marks owned by the Association of Certified Fraud Examiners Inc.

Dick Carozza

Editor-in-chief

Cora Bullock

Assistant Editor

Katie FordContributing Editor

Helen Pryor

Art Director

Aimee Jost

Circulation Manager

Mark Scott, J.D., CFELegal Editor

Journal of the Association of Certified Fraud Examiners

Volume 27, No. 1, January/February 2012

John D. Gill, J.D., CFE

Publisher

23rd Annual Fraud & Exhibition

Advanced Fraud Examination

Techniques

Auditing for Internal Fraud

CFE Exam Review Course

Conducting Internal Investigation

Contract and Procurement Fraud

NEW! Data Analytics

Digital Forensics Tools &

Techniques

Financial Institution Fraud

Financial Statement Fraud

Fraud Prevention

Fraud Related Compliance

NEW! Fraud Risk Management

Healthcare Fraud

Interviewing Techniques for Auditors

Introduction to Digital Forensics

Investigating Conflicts of Interest

Investigating on the Internet

Legal Elements of a Fraud

Examination

Money Laundering: Tracing Illicit

Funds

Mortgage Fraud

Principles of Fraud Examination

Professional Interviewing Skills

UPCOMING CONFERENCES

2012 ACFE EuropeanFraud Conference

TRAININGEVENTSRegister at ACFE.com/Training

UPCOMING COURSES

COMBO EVENT

SAVE $100by registering for both events!


6/76


t the end of October and beginning of November, I

spent a whirlwind two weeks attending our Asia-

Pac Conference in Singapore and meeting with

our chapters in Singapore, Jakarta, Hong Kong,Shanghai, Beijing and Mexico City. I thor-

oughly enjoyed getting to know many of you and learning about

your unique fraud-related issues.

HOPPING CONTINENTS

International chapter members put Southern hospitality to

shame. Everywhere I went I met extremely gracious people who

did everything they could for us. My job was to listen carefullyto their suggestions for improving our services.

The first stop was to vibrant and beautiful Singapore my

first visit and also the first time the city has hosted our 2011

Asia-Pacific Fraud Conference (formerly known as the ACFEPacific-Rim Fraud Conference). Nearly 200 attendees net-

worked and attended workshops and panel discussions. (Please

see page 68 for more on this exciting conference.)I enjoyed meeting Gatot Trihargo, CFE, president of the In-

donesia Chapter (established in 2002), who provided the same

generous hospitality I encountered with other chapters. He was

appreciative of the ACFEs effort to send me there. I presented

to nearly 80 members and public- and private-sector guests.Chapter activity has become very intense since 2010, by

us conducting monthly discussions/workshops for the members

and other practitioners, Trihargo said. The chapter also suc-

cessfully conducted two annual congresses and seminars in 2010and 2011, which gathered more than 200 participants for each

session, with both domestic and international speakers.

After Jakarta, I jetted off to Hong Kong, with its exotic mix

of the old and new., Were excited that the ACFE is turning itsattention to Asia, said Hong Kong chapter president Penny Sui-Ping Fung, CFE. Jims visit to Hong Kong no doubt has helped

to reinforce this message and reminded people of the role of pro-

fessional fraud examiners in a robust and sustainable economy.Prof. Yiu Wai Andy Kwok, CFE, vice president of the Shang-

hai Chapter and also president of the Beijing Chapter, called my

visit a stunning pleasure. He had this to say about Chinas grow-

ing pains: Chinas high growth rates have encouraged foreign

investment, which have in turn helped fund Chinas incredible

growth, he said. However, such large capital inflows are bound

to give way to sector imbalances and fraudulent behavior.

I told the attendees at the first Corporate Anti-Fraud Semi-

nar in China, how fraud can occur in any industry and at any

level. I also gave suggestions on how CFEs can advise their cli-ents in their battles against fraud, including setting the proper

tone at the top. Mr. Ratley mentioned that anti-fraud measures

do not get proper attention since they cost money while the

benefits cannot be seen in a short-term period, Kwok said. Asa consequence, most companies are not willing to make any

expenditure regarding this issue. However, establishing efficient

and effective anti-fraud mechanisms will generate huge benefits

from the long-term perspective.The ACFE is striving to do all it can to help our interna-

tional chapters grow and thrive. We are excited to announce our

plan to open a regional call center in Singapore and host a CFE

Exam Review Course there March 26 - 29. Chapters, acting as

local ACFE representatives, provide continued support for mem-bers worldwide through networking opportunities, CPE training,

leadership development and promoting local fraud awareness.

As always, please let me know how we can help you

support our all-important mission. (And please check out

Fraud-Magazine.com/LetterFromthePresident for more photos.)

James D. Ratley, CFE, President and CEO of the Association ofCertified Fraud Examiners, can be reached at: [email protected].

From thePRESIDENT AND CEO By James D. Ratley, CFE

Supporting OurInternational Chapters

A


7/76


8/76


uring an investigation, we scour the web and

social networks for employment backgrounds,contacts, education history, past behaviorand so on. However, we should be concernedabout information we are posting that the bad

guys can use against us.Arthur Hulnick, a former CIA officer, estimates that open-

source intelligence (a form of intelligence collection manage-ment that involves finding, selecting and acquiring informationfrom publicly available sources) accounts for as much as 80percent of the entire intelligence database. (See Sailing theSea of OSINT in the Information Age, by Stephen C. Merca-do, http://tinyurl.com/2sj5vy.) This is possible, in part, becauseorganizations and their employees freely publish information

online they probably should keep to themselves. And thoseloose lips can lead to outright fraud. (Also see NATO OpenSource Intelligence Reader, http://tinyurl.com/7crt7ug.)

JOB POSTINGS

Before you continue reading this, look at your organiza-tions job postings and ask, What are we telling thecompetition about us?

Imagine a software company with a strong presence inAsia Pacific that posts a public job offer for a sales managerin North America. What are they telling the competition?Think of the recruiting process in your organization and howlong it can take to staff a position. Is that enough time for the

competition to adjust to the arrival of this new sales manager?Your competitors find or infer from your job postings

the technologies your organization uses, expansion into newareas and territories, market growth, change in structure,structural growth, etc.

What does this mean for fraud examiners? Make sureyou run proper background checks on potential hires! Why?Because some job descriptions are so detailed that someonewishing to be hired for fraudulent purposes can customizehis or her rsum. I just worked a case in which a candidate

found a company he believed would be a good target and

redesigned his rsum to boost his employment chances. Thecompany hired him, and he then proceeded to steal intellec-tual property during his employment.

WEB 2.0 AND SOCIAL NETWORKS

Employees are likely to reveal valuable information to the

competition on professional or personal networking sites.Fraudsters can make conclusions about a companys expan-sion by studying comments about new connections and

relationships plus repeated trips to a city or country.Through investigations, I have found nurses sharing

concerns about care in neo-natal intensive care units, law en-forcement personnel sharing sensitive assignments and sales

managers claiming their stakes on new territories. Profes-sional social networking sites tell the world about new hiresand those who are leaving employers.

Employees posting information online is nothing new.

In one case I worked nearly 12 years ago, a call-center

employee leaked sensitive information on a web forum. This

employee, who was privy to upcoming promotions offered

by a telecommunication provider, would repost information

online prior to a promotion launch. The companys call cen-

ter then would be flooded with requests for promotions and

packages that did not exist yet.

Did this employee access highly sensitive documents?Did he gain access to someones email account? No. He sim-ply reposted information he learned in training sessions. We

had a difficult time tracking him down because back then wedid not log everything. Even today, we find organizations thatdo not store online access information, which would allow

them to adequately investigate leaks.

MARKETING DOCUMENTATION

Documents that an organization provides its clients to market

its services often end up in competitors hands. Find ways to

Anything You Say Can andWill Be Used Against You!

By Jean-FranoisLegault

Digital FingerprintsA Closer Look at Technology and Fraud

D


9/76


securely communicate information that you

do not want the competition obtaining.I was involved in a recent case in

which a competitor was able to reverse-

engineer a product (take it apart and

analyze it) by simply using the informationin product brochures and documenta-

tion. Imagine your competition not only

knowing your products but how you are

manufacturing them. That is a serious lossof competitive advantage!

I have also been involved in cases in

which individuals used marketing infor-mation to create fake companies to try todefraud possible clients. The schemes were

simple: reuse information to make the com-

panies look legitimate, solicit clients, get

paid and then never deliver anything.

AS AN EXPERT WITNESS

Whatever you write, post and/or commu-

nicate may allow you to build eminenceas an expert. However, opposing counsel

could also use that public information to try

to disqualify you as an expert or to cross-

examine you in court.

AS AN INVESTIGATOR

Open-source intelligence can help you

discover valuable information about play-

ers in an investigation. In one case, I found

some undocumented aliens involved in

a fraud scheme because they gave some

prime evidence via their social media pro-

files, including their geographic locations.

In another example, we tracked down

vehicles purchased with embezzled funds

simply based on suspects photos that hadbeen posted online.

When I begin a background investiga-

tion into a company, one of the first things I

do is seek information through press releases

and trade publications. Companies love to

tell the world about what they are doing

right. However, the competition will always

seek out this valuable market intelligence.

If you want to know more aboutleveraging business intelligence techniques

in your fraud examinations, I strongly

encourage you to check out anything

fellow ACFE faculty member CynthiaHetherington teaches.

WHAT TO DO

So do you cut yourself off from the world

and go off grid? Absolutely not. But makesure your organizations policies strictly

control information that its employees can

release through all open-source channelsbut especially online. When it comes tosocial media, establish a think before you

post mentality.

Jean-Franois Legaultis a senior managerwith Deloittes Forensic & Dispute Services

practice in Montreal. Canada. His email

address is: [email protected].

Digital FingerprintsA Closer Look at Technology and Fraud

I was involved in a recent

case in which a competitor

was able to reverse-engineer

a product (take it apart and

analyze it) by simply using

the information in product

brochures and documenta-

tion.Imagine your competi-tion not only knowing your

products but how you are

manufacturing them. That is

a serious loss of competitive

advantage!

Google search directives will add

power to your searches.

Searching for a specific phrase

using quotations:

find this specific phrase

Searching a specific domain or

website:

site:targetdomain.com or

site:www.targetdomain.com

Searching for specific file type: filetype:extension

You can use the minus sign (-) as an

exclusion operator. For example, you

can use this search directive to exclude

a specific website from your search:

-site:www.excludeddomain.com

Here are some Google searches

that you can run against yourself to see

what could be available to fraudster.

Finding PowerPoint documents on

your site:

site:www.yoursite.com filetype:ppt

site:www.yoursite.com filetype:pptx

Finding Word documents on your

site:

site:www.yoursite.com filetype:doc site:www.yoursite.com filetype:docx

Finding confidential documents on

your site:

site:www.yoursite.com confidential

site:www.yoursite.com not fordistribution

Use These Queries to Examine Your Online Exposure


10/76


raud by using an organizations credit is a type of

fictitious expense scheme. In the ACFEs fraud tree,

the crime is a subset of fraudulent disbursements,which is a subset of cash schemes.

There are many types of fraud involving an employees

use of the organizations credit to purchase assets (i.e., goods

and services) for personal benefit. Unauthorized use of theorganizations general credit cards, purchasing credit cards,

travel credit cards or business charge accounts are some of the

most common fraud schemes I have encountered during my

career. Unscrupulous employees cause victim organizationsto order and pay for assets they do not really need. Obviously,

the damage to a victim organization is the money lost inpurchasing these unnecessary items.

The individuals who commit these crimes are usually

responsible for approving and processing transactions for pay-

ment. They may rely on the inexperience of their supervisors

(or their organizations governing bodies) to unknowinglyprocess their fraudulent transactions in the disbursement

cycle. Victimized organizations then issue checks for un-

authorized business purposes, and the wayward employees

receive personal benefits.We begin this three-part series with employee abuses of

general organization credit cards.

GENERAL ORGANIZATION CREDIT CARDS

Commercial banks issue credit cards to organizations (andindividuals) to aid them in conducting official business.

Banks and organizations enter into agreements specifying the

terms of use for the credit cards. Some banks charge an an-

nual fee; others do not. Banks make their money for process-ing your transactions by charging a fee to vendors who accept

the cards and by charging you an interest rate on the unpaid

account balance when the full amount due is not paid each

month. The primary responsibility for charges on these credit

cards rests with the organizations.

THE BUSINESS OF CREDIT CARDS

An organization that authorizes company credit cards for its

employees use should maintain formal logs of all cards issuedand require all employees to sign agreements stating that they

have received a copy of the organizations usage policies and

have been trained on the proper procedures for using the cards.

These agreements provide the foundation that employees un-derstand that they can use the cards for official business only.

Written company policies should require employeetraining, prohibit cash advances, restrict purchases of un-

authorized items (such as alcohol), require receipts for allcharge transactions and specify disciplinary actions for any

unauthorized or personal use of the cards. Organizations

never should pay for employee charges shown on the banks

monthly statement without accompanying receipts. It is thedescriptions of the items shown on the receipts that deter-

mine if the expenses are for official business purposes.

UNAUTHORIZED CARDS

Employees who have stolen company credit cards or who

have obtained unauthorized company credit cards throughother means (such as ordering them directly from banks

without approval) will circumvent organizations incomingmail to snag the monthly credit card statements. They usually

make personal payments on the credit card account balances

to conceal their unauthorized purchases.

However, if employees submit unauthorized expensesfor payment by their companies, management and audi-

tors will have at least some documents they can review to

Using an OrganizationsCredit to Commit FraudPart 1

By Joseph R. Dervaes,CFE, ACFE Fellow, CIA

Frauds Finer PointsCase History Applications

F


11/76



detect fraud. While the supporting documents for credit cardpayments should include the statement and all purchase re-

ceipts, fraudsters who choose this latter process usually onlysubmit statements for payment purposes. In many cases, theirsupervisors or the governing bodies of the organizations mayunknowingly approve these fraudulent payments.

Employees may periodically use an organizations creditcard for unauthorized purposes or personal benefit, but man-agers who are assigned to monitor the credit card programcan resolve these minor infractions promptly according topolicies and procedures.

Companies should publicize employee disciplinary ac-tions in their internal publications to deter future problems.Unfortunately, even this method is not fraud-proof becauseoften the very managers who are charged with monitor-

ing the system are the ones who abuse it. These individualsmay be able to hide their unauthorized activities from otheremployees and their supervisors, but most of the time theyshould not be able to conceal their actions from organi-zations governing bodies and their internal or externalauditors. However, when their misdeeds are detected, thefraudsters usually attempt to get organizations to pay frommonthly credit card statements by indicating that receipts forindividual transactions were not available or were inadver-tently misplaced or lost.

Case No. 1 Personal use of an authorizedgeneral organization credit cardIn the November/December 2009 Frauds Finer Points, Idiscussed a credit card case that involved missing support-ing documents. This concept emphasized why organizationsshould never pay the balance due on monthly credit cardstatements without seeing the supporting receipts for thepurchases first.

Sarah was the clerk-treasurer responsible for processingall of the citys disbursement transactions, including all pur-chases on its credit card. The city first detected irregularitiesin accounts receivable and contacted its external auditor toinvestigate the case.

The subsequent audit detected multiple fraud schemes,

which totaled $49,894.88 in losses over 2 years. Theseschemes included payroll fraud, accounts receivable fraud,municipal court revenue fraud, unauthorized use of the citysbusiness charge account and overpayments to a cleaningcontractor. The clerk-treasurer performed many tasks in avariety of functions at the city, and no one monitored herwork to ensure the citys expectations were being met.

The clerk-treasurer purchased $5,319.16 in assets forpersonal benefit using the citys credit card. I detected this

scheme by scanning the citys disbursement files to deter-mine other risks. I quickly noted that the city was making

its monthly credit card payments using only the statements.There were very few purchase receipts available for reviewand audit. For example, credit card purchases from a localcomputer store were almost always missing from the files. Icontacted the citys computer consultant who was responsi-ble for all information technology issues. However, he wasntaware of any official purchases from the computer store.

A computer store representative faxed documents tome that showed Sarah had signed for a computer, monitor,software and games on many occasions through the period ofthis loss. City staff members conducted a search of city hallbut were unable to locate any of these assets.

Sarah had made all credit card payments on time, but

she had destroyed all the supporting documents that listedthe details of the purchases from the computer store. Shehoped that retaining only the monthly credit card statementson file for the citys governing body and its external auditorswould be sufficient to conceal her irregular activities. Shewas wrong. The governing body did not notice this irregu-larity, but her fraud did not escape the watchful eye of theexternal auditors. In my experience dealing with fraud casesin state agencies and local governments in the state of Wash-ington, governing bodies rarely detect fraud in the transac-tions they are reviewing and approving, primarily because noone took the time to properly train them for this task.

The clerk-treasurer demanded a trial to resolve the is-sues in this case. She hired a prominent regional lawyer forher defense and agreed to a bench trial. (There was no jury.)After all the evidence was heard during a week of testimony,the judge rendered a guilty verdict in the case and orderedSarah to make restitution of the loss amount, plus auditcosts. He also sentenced her to three months in a work-release program.

Case No. 2 Personal use of an unauthorizedgeneral organization credit cardA small water district in the state of Washington had threeemployees, operated on an annual budget of $466,000 and

served approximately 1,000 customers. Jackson, the officemanager, was responsible for practically all financial opera-tions; his supervisor, the district superintendent, did notmonitor his work. These are the two most common internalcontrol weaknesses I have found in small organizations.

While Jackson had no prior criminal history, he appar-ently came to work for the district with ill intentions. Hesent a memorandum on official letterhead to the districtsbank shortly after being hired requesting that the bank issue


12/76


a credit card in the districts name and assign it to him. Thecredit limit on the card was initially set at $5,000, but Jack-son subsequently sent a facsimile to the bank one month laterrequesting an increase to $20,000. Of course, the districtsgoverning body did not authorize either of these requests.Later, when the case was under investigation, the districtstated that someone had forged the authorizing signatures onthe documents.

As the office manager, Jackson was responsible for open-ing the mail and processing invoices for payment. Thus, hewas able to remove the monthly bank credit card statementsfrom the incoming mail before anyone else saw them. One of

the interesting facts of this case is that Jackson did not submitany of the credit card statements to the district superinten-dent or the governing body for approval or payment. Perhaps

Jackson was not quite bold enough. While it would havebeen prudent to do so, Jackson did not make any personalpayments to the bank on the card balance either. Becauseneither the organization nor Jackson made any payments onthe credit card balance, the monthly expenses and interestcharges continually increased until the balance became delin-quent and approached the credit limit on the card.

Jackson misappropriated $19,454.84 from the districtin 3 months, with $18,284.03 of this amount representinghis unauthorized use of the districts credit card for personalbenefit. Personal charges included the purchase of a usedpickup truck, frequent stays at a motel while traveling to hisfavorite casino, thousands of dollars in cash advances at thecasino, Internet and telephone use and other miscellaneouspurchases. Jackson also misappropriated $1,170.81 in utilityrevenue from the district.

The district first detected irregularities in its checkingaccount and petty cash fund and requested an external audit.

Jackson was placed on administrative leave and subsequentlyterminated for a wide variety of managerial shortcomings.Shortly thereafter, the district received a monthly statementfor the unauthorized credit card. In a plea-bargaining agree-

ment, the court ordered Jackson to make restitution for theloss amount plus audit costs. It also sentenced him to lessthan one year in county jail for this crime.

Case No. 3 More personal use via an unauthorizedcredit card

James, the chief of a small fire district in the state of Wash-ington, obtained an unauthorized credit card in the districtsname. He circumvented the districts internal controls by

intercepting the mail, removing the monthly credit cardstatement and making personal payments on the account toconceal his unauthorized purchases. He basically used thedistricts credit card as his own by charging $7,797 in personalpurchases for more than a year. He used the card to makeunauthorized cash advances and also incurred finance chargeswhen he did not make monthly payments on time.

When the district finally discovered the unauthorizedcard, there was a $1,599 unpaid balance on the account.The district found out about the card while making a changein signatories on all of its bank accounts after the fire chiefresigned for unrelated personal reasons. The chief reimbursed

the district for this amount when questioned about theunauthorized purchases on the credit card. The district paidthe balance due on the account and canceled the credit card.The county prosecutor declined to criminally prosecute thecase because the district had been made whole.

LESSONS LEARNEDLet us review some of the finer points of fraud detection fromthese general organization credit card fraud schemes.Organizations should:

Establish written policies and procedures for credit card useand train their employees to ensure they use the cards only

for official business purposes. Always obtain purchase receipts from employees and never

pay bills using only the monthly credit card statements.

Properly train employees and governing bodies on theauthorization and approval procedures for alldisbursements.

Appropriately segregate employee duties and periodicallymonitor the work of key employees to ensure itsexpectations are being met.

Once fraud examiners detect fraud, they should assesswhat else is at risk of loss within an organization.

MORE CREDIT CARD MISUSEIn part two of this series, we will discuss the use of purchasingcredit cards and travel credit cards. Stay tuned.

Regent Emeritus Joseph R. Dervaes, CFE, CIA, ACFE

Fellow, is retired after more than 42 years of government service.

He is the president of the ACFEs Pacific Northwest Chapter. Hisemail address is: [email protected].



13/76

2012 CFE Exam Prep Course

How the course works:

The program provides typical exam questions, in-

forms you whether your answer is correct, provides a

detailed explanation of the correct answer and offers

an alternative study reference where you can learn

more about the topic.

The CFE Exam Prep Coursefocuses on the four

testing areas of the CFE Exam:

Legal Elements

Fraud Prevention and Deterrence

Financial Transactions

Fraud Investigation

Create a personalized study plan tailored to your individual strengths

and weaknesses with an optional 100 question Pre-Assessment

Pick the sections and topics most relevant to your exam preparation

by creating custom review sessions

Learn more from your Practice Exam sessions by reviewing the ques-

tions you missed, anything your results by subsection and tracking

your progress over time

Focus on the areas where you need the most work with enhanced

review of results and progress by exam section, subsection and topic

Stay on track to earning your CFE credential by measuring your

progress towards your target dates for certification and using helpful

checklists within the Prep Course software

The CFE Exam Prep CourseAllows You To:

The2012 CFE Exam Prep Toolkitis Also AvailableIncluding the CFE Exam Prep Course, Fraud Examiners Manual

(Printed Edition), Corporate Fraud Handbookand theEncyclopedia

of Fraud(CD-ROM), the CFE Exam Prep Toolkitincludes valuable

materials to aid in your CFE Exam preparation.

Visit ACFE.com/Prep to order your copy today

Arm yourself with the most effective tool

available to help you pass the CFE Exam.


14/76


By Gerhard Barone, Ph.D.; Sara Melendy, Ph.D., CFE, CPA; and GaryWeber, Ph.D. Edited by Richard Dick A. Riley, Ph.D., CFE, CPA

tudents at the collegiate level learn best about

business through a combination of theory andpractice. College professors are well equipped to

present the theory side of a particular topic, but

they frequently look to business professionals

who have hands-on, practical experience to help applythose theories to real-world situations. This teaching method

works especially well in anti-fraud education, in which fraud

cases, whether real or fictitious, can help bring to life the

fraud theories and procedures introduced in the classroom.However, it is not quite so clear exactly how to struc-

ture the interactions between CFEs and higher education to

encourage this method of learning. Many CFEs, for example,believe that the only way to participate in collegiate fraudeducation is to lead a class lecture based on their fraud expe-

riences, which could not be further from the truth.

In this column, we identify and explain a variety of ways

in which CFEs can foster and develop mutually beneficial rela-tionships with college faculty and students to help educate and

prepare future anti-fraud and forensic accounting professionals.

INVITE FACULTY AND STUDENTS TO LOCAL FRAUD CONFERENCES

One of the easiest and least time-consuming ways for CFEs to

get involved with higher education is to invite college faculty

and students to attend local fraud conferences. Spokane

ACFE Chapter member Lenore Romney, CPA, CFE, CVA,has invited both students and faculty to attend the local

ACFE conference for the past few years.

The chapter leaders recognize that more can be accom-

plished in the fight against fraud if professionals from differ-ent disciplines network with each other. We see the chapter

as being an ideal facilitator for such a network, Romney said.

Conferences typically provide numerous and varied

opportunities through which students and faculty can learn

about both actual instances of fraud, as well as the work of

CFE professionals. Kris Ryan, a student at Gonzaga Univer-sity who has attended the local ACFE conference for the past

two years, can attest to this.

Both years that I attended the conference, a wide range

of topics was offered, including health care fraud, a critiqueof software that helps businesses protect themselves against

fraud, gang activity (which is surprisingly more correlated

to the fraud problem than I would have thought), mortgagefraud and different fraud topics covered by local law enforce-

ment and the FBI, Ryan said.

I found all of the topics interesting and also learned

fraud detection and investigation skills that I could put to useimmediately, she said.

Since graduation, Ryan has gone on to earn her CFE

credential and has joined the fraud-fighter ranks.

BECOME A PROFESSIONAL MENTOR TO STUDENTS

Professors at Gonzaga University frequently refer students

who have an interest in forensic accounting to local CFEs for

advice on potential career paths, professional certifications, in-

terviewing and networking. Students benefit directly from thewisdom and experience these mentors have gained from many

years of work in fraud and forensic accounting. Mentors also

share their knowledge of the skills and abilities necessary to be

successful in the forensic accounting profession. These inter-actions also are great networking opportunities for students.

Many universities also have formal mentoring programs

through which students are matched with professional men-tors based on factors such as field of study, geographic prefer-

ence and gender. These more formal relationships span the

majority of a students time in college, which allow mentors to

help identify curriculum paths, internship opportunities andemployment opportunities when the student nears graduation.

Get Involved in Higher EducationOpportunities for CFEs in EducatingFuture Fraud Fighters

Fraud EDgeA Forum for Fraud-Fighting Faculty in Higher Ed

S


15/76


A more interactive albeit more time-intensive

method of mentoring students is for CFEs to arrange and

coordinate student internships with their employers. Stu-dents participating in these internships benefit not only from

professional workplace mentoring but also from working in

actual forensic accounting situations.

ASSIST WITH CASE STUDIES AND RESEARCH PAPERS

Higher-education faculty are always searching for case stud-

ies with the richness of detail, ambiguity and issues that are

similar to those that students will encounter in their profes-

sional careers. Faculty and highly experienced CFEs jointly

produce the most detailed, complex cases.

Cindy Durtschi, Ph.D., associate professor at DePaul

University, invites CFEs to help in the classroom in several

ways. She recently had a full-time forensic accountant helpher judge student case presentations.

The students presented their work from the view of the

prosecution, and then the CFE showed them how some-

one working for the defense would have responded to their

cases, Durtschi says. It was a wonderfully enriching experi-

ence for the students.

Durtschi also had a local CFE help her with a fraud case

she developed. The CFE provided her with encouragement,

valuable feedback and suggestions that improved the case.

CFEs also frequently partner with faculty on forensic

accounting research papers. Frank Perri, J.D., CFE, CPA, has

co-authored several research papers with Rich Brody, Ph.D.,CFE, an associate professor at the University of New Mexico.

They have written on topics ranging from the relationship

between workplace violence and fraud to identification of

organizational weaknesses at the Securities and Exchange

Commission. These partnerships between academics and

professionals foster balanced approaches to research and

ensure that publications are valuable not only for academics,

but also for practitioners who can use the results in the field.

COORDINATE FORENSIC ACCOUNTING INVESTIGATIONS

Romney and Marie Rice, CFE, CIA, CICA, president of the

Spokane ACFE Chapter, assist students at Gonzaga Univer-

sity as part of their Justice for Fraud Victims Project. (Seethe July/August 2011 Fraud EDge.) Through a cooperative

partnership with law enforcement and local CFEs, Gonzaga

students provide free fraud examination services to small

businesses or nonprofit organizations that have been victims

of fraud. The students gain experience while simultaneously

giving back to their communities.

Last year, Romney worked with students on a case that

eventually led to the projects first conviction.

Working all semester with my student team waspersonally rewarding, she says. My team of students was

incredibly bright and diligent and really took ownership inour investigation. They were like sponges soaking up the

practical knowledge I was trying to share with them in onlyone semesters time together. I was proud of my teams effort

the day they gave their final class presentation, the day I

submitted our report to law enforcement and especially the

day I was notified that charges were filed.Obtaining a guilty plea and restitution within a year of

submitting our case was the icing on the cake, she says.

Romney and Rice play a number of critical roles in this

class by:

1. Assisting the students in developing theories of how the

fraud may have occurred.

2. Helping the students develop a plan for determining how

to test those theories.

3. Providing weekly guidance to students as their

investigations progress.

4. Reviewing the final report that students complete at the

end of the term and that law enforcement may use toprosecute the fraud.

5. Serving as expert witnesses if a case goes to trial.

Reaching out to help local organizations with poten-

tially fraudulent situations is a noble idea with obvious

benefits, but usually the largest obstacle is that college faculty

members often lack required specific training for competentforensic accounting investigations. Faculty also often lack

contacts with those in communities who are most likely to

refer cases, such as law enforcement and prosecuting attor-

neys. CFEs often have such connections and, thus, can refer

cases and supervise the investigations.

SERVE AS AN ADJUNCT INSTRUCTOR OR GUEST SPEAKER

CFEs who want a more substantive role in higher education

can pursue teaching courses as adjunct instructors. Adjunct

instructors typically teach one or two courses during a semes-

ter, but they do not have other academic commitments, such

as research or service, to the institution. Colleges frequently

seek professionals, like CFEs, to teach more specializedcourses, such as forensic accounting, because full-time faculty

often do not have this expertise.

Not long after she began mentoring, Gonzaga University

approached CFE mentor Rice to see if she was interested in

teaching a fraud examination class as an adjunct instructor.

She jumped at the chance.

It had been my long-term goal to adjunct, and I was

thrilled by the prospect, Rice said.



16/76


She has taught three courses over the past two years and

has enjoyed the experience. She sees many benefits to havingprofessionals, like CFEs, in the classroom.

As a student, I always appreciated the professors who

had both real-world and research experience. CFEs are for-

tunate in that we have so many stories and experiences thatcan help shape our future anti-fraud professionals.

CFEs considering this option should be aware that the

weekly time commitment is somewhat greater than the time

teaching in the classroom. Adjunct instructors also will spendseveral hours each week planning lectures, grading student

work and answering emails from students. In addition, most

colleges expect adjunct instructors to be available on cam-pus for an hour or two each week to meet with students andanswer questions.

CFEs who cannot commit to teach an entire course can

serve as guest speakers. This may involve preparing a short

case study or other relevant topical material and leading aclass in a discussion of the material. Departments and

instructors are generally receptive to such arrangements,

provided there is a good match between the course goals

and the proposed topic.Guest speaking opportunities for CFEs are not limited to

forensic accounting courses. For example, CFEs could present

internal control cases to an accounting information systems

class. They also could discuss evidentiary or legal aspects ofCFE work in criminal justice or psychology classes. Given

the diversity and complexity of fraudulent activities and the

motivations of those who commit fraud, there are many other

disciplines in which CFEs could provide valuable insightsand enrich the classroom experience.

FOSTERING STUDENT INTEREST

The ACFE Handbook and Guidelines for Local Chapters en-courages close relationships with schools and universities to

foster student interest in the fraud-fighting profession. CFEs

unique skill sets and training create multiple opportunities

across college campuses. We have described a number ofways that CFEs have participated in higher education. Inter-

ested CFEs should contact program directors or chairpersons

at nearby colleges. Universities, and especially business

schools, are always looking for adjunct instructors and guestspeakers with practical experience. Students love to hear

from professionals who can describe their field experiences

and how they can pursue careers in specialty fields, such as

forensic accounting.

Rice wants to see more CFEs in college classrooms.

As professionals, we need to strive to make the anti-fraud movement more real for students, who often believe

they will never encounter a fraudster or become a victim of

fraud, Rice said.

Matching the expertise and interest of CFEs with the

needs of higher education can result in relationships that are

enriching and rewarding for all parties involved.

Gerhard Barone, Ph.D., is an assistant professor of accounting

at Gonzaga University. He teaches classes in financial

accounting and accounting information systems. His email

address is: [email protected].

Sara Melendy, Ph.D., CFE, CPA, is an associate professor of

accounting at Gonzaga University. She teaches auditing and fraud

examination, including a hands-on laboratory called the Justice

for Fraud Victims Project. Her email address is:

[email protected].

Gary Weber, Ph.D., is an associate professor of accounting and

coordinator of accounting programs/director of the master of

accountancy program at Gonzaga University. His email address

is: [email protected].

Richard Dick A. Riley Jr., Ph.D., CFE, CPA, is aLouis F. Tanner distinguished professor of public accounting in

the College of Business and Economics at West Virginia

University in Morgantown. He is chair of the ACFE Higher

Education Advisory Committee and the vice president of

operations and research for the Institute for Fraud Prevention.

His email address is: [email protected]. Riley

served as editor on this column.


Given the diversity and complexity of fraudulent

activities and the motivations of those who commit

fraud, there are many other disciplines in which

CFEs could provide valuable insights and enrich

the classroom experience.


17/76

REGISTER NOW

Fraudsters are continually creating, perfecting an

executing new schemes. Gain the knowledge you

need to stay one step ahead.

Join anti-fraud professionals in London for the

2012 ACFE European Fraud Conference to

exchange insights and develop cutting-edge skills

in the global fight against fraud. In addition to

informative sessions offering practical techniques

and tips, youll network with leaders of Europes

anti-fraud community and earn up 23 CPE

credits.

Register online at ACFE.com/Europea

by 24 February to SAVE GBP 10

2012 ACFE EuropeanFraud Conference

London 25-27 March 201The Cumberland Hotel

James D. Ratley, CFEPresident and CEO,

Association of Certified

Fraud Examiners

Stephen HarrisonChief Executive

National Fraud Authority

FEATURED KEYNOTE SPEAKERS


18/76


FraudBasics

ob, an internal auditor for ABC Company, is con-

ducting a routine cash receipts controls review.The procedure calls for the days checks to be

deposited remotely in a company bank account

daily. Susan, the clerk who processes customer

checks, had gone home sick on Monday. Before she left, she

completed the remote deposit procedure, which involves

scanning each check and electronically sending those scans

to the bank. Then she put the checks she had just scanned in

her work-in-process file and went home, intending to proper-

ly file them away the next day. Unfortunately, when Betty

who had done Susans job years ago was assigned to cover

Susans desk on Tuesday, she came across the previous days

checks. Without asking anyone, Betty prepared a depositslip as she had done in the past and took the checks to

the nearby bank branch and made the deposit. When Susan

came in on Wednesday, she noticed that the stack of checks

she had processed on Monday were not where she had put

them and immediately asked Betty where they were. Oops ...

The checks had been deposited twice. They immediately con-

tacted the bank. The bank manager explained that the banks

duplicate check detecting software had caught the error and

that all was well. If the bank had not had the duplicate check

software working properly or if Susan and Betty had conspired

to modify the original paper checks before re-depositing them,

the bank could have been liable for some big bucks. This ficti-

tious example could easily have happened.Banking industry experts report that check processing

is moving rapidly away from the traditional paper methods

and toward the processing of electronic images of checks. Asof August 2011, almost 70 percent of all institutions are now

receiving check images, according to CheckImage Central.

(See www.checkimagecentral.org.) With the implementation

in 2004 of the Check Clearing for the 21st Century Act, orCheck 21, auditors and CFEs cannot afford to ignore the new

risks and challenges associated with processing of increasingly

larger volumes of electronic check images.Even with so many more consumers and businesses pay-

ing their bills electronically, checks are still the standard for

many. The major impetus for banks moving to check images

is that electronic processing costs much less than paper check

processing. Historically, paper processing had been a cumber-

some procedure that required physically moving millions of

paper checks through the banking system.

Before Check 21 processing, when a person deposited

a paper check in his bank, that person would be credited

for the amount of the deposit. Then, at the end of the day,

the bank would sort that days processed paper checks and

forward them to the Federal Reserve or another check-clearing entity where the checks would be cleared. The

paper checks then would be sorted and sent back to the banks

the checks were drawn on (and in some cases returned to the

check writer). Grounded planes following the terrorist attacks

of 9/11 caused major delays in check processing and brought

increased awareness to antiquated paper-check procedures.

A number of electronic payment processing technologies are

now in wide use, including Check 21 technology.

Under Check 21 processing, paper checks are scanned,

and the images are used to process the checks. Alternatively,

banks that desire to continue receiving and processing paper

checks may print and process copies of the images, called sub-stitute checks. The substitute checks are the legal equivalent

of the original checks and can be used to document payments

in the same way that cancelled scanned checks would.

Although compliance with Check 21 is not manda-

tory, most banks are expected to invest in check imaging

technology eventually to take advantage of the projected

costs savings. So far, the adoption from paper to digital has

been slower than expected as the banking world upgrades its

Check 21 Can Make Fraud EasierBe Alert to Changes in Check-Imaging Technology

By Linda Lee Larson,DBA, CFE, CPA,CISA

B


19/76


FraudBasics

technology for image processing. The underlying cause ofthe delay has been the significant investment in the technol-

ogy required to both create and process check images andsubstitute checks. Sources in the banking world in 2004estimated a cost of $1.5 billion to $2.5 billion to fully imple-ment Check 21 technology in the U.S. [See The DominoEffect of Check 21, by J.D. (Denny) Carreker, http://tinyurl.com/7yuxjrc.] The Federal Reserve expects that the use ofsubstitute checks should decline as more banks have thetechnological capability to process check images directly.

THE CRUX OF THE PROBLEM

Check truncation the process of digitally scanning paperchecks greatly increases the chances of a check beingprocessed twice, either accidentally or fraudulently. Dupli-

cate check processing occurs when a business uses remoteprocessing to scan incoming checks and also drops the paperchecks off at a bank branch. The branch then forwards thepaper check to the Federal Reserve to be processed. Thus, asin the opening case, checks can be processed twice.

Before Check 21, duplicate check processing rarely hap-pened. However,American Bankermagazine now estimatesthat duplicate check processing is a $500 million problem,which accounts for about half of the total check fraud in theU.S. (See Seeing Double, by Glen Fest inAmerican Banker,

Nov. 1, 2010, http://tinyurl.com/7dkt8jx.)Whether done by accident or fraudulently, duplicate

check processing is becoming increasingly more expensive

to weed out.Many believe that the new technology createsa unique opportunity for fraudsters. The problem is expectedto increase as the remote deposit capture continues, especial-ly as consumers are using smartphones to capture deposits.(That has to be the subject of another column.)

The banking industry, recognizing this problem, hasdeveloped software to identify checks that are depositedtwice, but it is not foolproof. It tends to create false positivesbecause the software only identifies checks that are identicalin amount and payee. Complicating the situation further iswhen fraudsters get involved and change the payee and/orthe amount of the check. The duplicate identification soft-ware is not designed to identify this type of fraudulent check.

Reformed con man Frank Abagnale has said that banksare generally liable for ordinary care, according to U.S.Uniform Commercial Code (UCC) 4-103, and the bank thataccepts a fraudulent check paper or electronic image isliable for any losses. Therefore, the banking industry has areal stake in doing what it can to reduce these losses. (SeeUCC provisions at http://tinyurl.com/725p8zv and CheckFraud: A National Epidemic, by Frank Abagnale,New Jer-sey CPA, May/June 2010.) This is where CFEs can help.

High-tech fraudsters are always looking for new waysto access and manipulate digitized information. Basically,substitute checks may be altered, counterfeited, duplicatedand/or created from scratch. If a payment is in question, only

the substitute check image can be accessed. The result is thatproving alterations and forgeries becomes even more difficultbecause many of the traditional security features so evidenton paper checks are lost when the originals are scanned inthe clearing process. In addition, with no actual cancelledpaper checks to examine, evidence of counterfeiting, forgeryand alterations (such as fingerprints) are not available for theauditor or CFE.

Systems controls need to be in place and working prop-erly to prevent unauthorized persons from accessing elec-tronic check processing data and to protect private customerinformation. CFEs can help implement these controls. Also,CFEs must keep current on changes in check-imaging technol-

ogy and auditing electronic payment controls. Multiple lines ofdefense are needed to prevent problems. CFEs need to monitor

controls to prevent/detect duplicate check processing.

VIGILANT WATCHDOGS

Electronic check processing technologies may make checkfraud crimes harder to prove, especially if a jury is involved.It is important that consumers, businesses and banks areaware of the possible risks and take appropriate steps toprotect themselves and their sensitive data. Electronic checkprocessing is here to stay, and auditors and CFEs need tobe ready to meet the challenges. Unless the watchdogs are

vigilant, the community has to deal with increasingly moresophisticated fraudsters trying to commit electronic checkfraud using altered substitute checks or check images.

Linda Lee Larson, DBA, CFE, CPA, CISA, is

an associate professor of accounting at Central Washington

University Lynnwood Center in Lynnwood, Wash. Her

email address is: [email protected].

Before Check 21, duplicate check processing

rarely happened. However, American Bankermagazine now estimates that duplicate check pro-

cessing is a $500 million problem, which accounts

for about half of the total check fraud in the U.S.


20/76


raud InFraud InHouses Of WorshipHouses Of Worship

What BelieversDO NOTWant to

BELIEVEBy Robert M. Cornell, Ph.D., CMA, Educator Associate; Carol B. Johnson,Ph.D., Educator Associate; and Janelle Rogers Hutchinson

Cara Bresette-Yates/iStockphoto


21/76


n accounting professor who teaches a fraud investigation class re-

cently told a story about a student in her class who approachedher for help on a personal project. The students church had

asked the student to attempt to determine the dollar amount of damages

in a recent embezzlement. The perpetrator, a former church secretary, had

been defrauding the 200-member church for 18 months by writing herselfduplicate paychecks, stealing cash from donation deposits and taking out

credit card accounts in the church name, among other schemes.

The church discovered the fraud when the secretary was called away

for a family emergency, and the previously inattentive manager receiveda phone call about an unpaid credit card bill. The manager did not know

the credit card existed. Because the church had not segregated employee

duties, the secretary had free rein over all aspects of church finances: she

kept the books, paid all the bills, handled cash receipts, managed the pay-roll, issued paychecks and reconciled the bank account. The sky was the

limit for her fraud. A simple search of public records would have revealed

that the secretary was in financial trouble a serious red flag for fraud.

But the church did not conduct that search until it was too late.The professor was not surprised by such a common scheme. However,

she was taken aback when she opened the students work file to reviewthe case. She recognized the name of the perpetrator as a secretary in her

church and confirmed this identity by questioning the student investiga-tor. Internal controls in the professors church were a bit better it had

segregated some accounting duties but were still insufficient. In fact,

internal controls were bad enough that no one could ever know if the

secretary stole from the professors church.It was quite common for people to drop cash and checks by the

church office during the week and leave them with the secretary for use

in special funds, such as one to aid local homeless people. It would have

been easy for the secretary to simply pocket some of the funds, and noone would have been the wiser. The secretary eventually resigned; it is

unknown if she stole from the professors church during her tenure there.

She was replaced with another secretary who had her own financial prob-lems her home was in foreclosure within six months of taking the job.

The professor advised church officials that they needed to improve

internal controls, but the staff members believed that no one would ever

do such a thing here. Indeed, fraud examiners who deal with finances,

fraud and internal controls in houses of worship may be labeled over-reacting conspiracy theorists when they tell church staffs they may have

fraudsters in their midst. However, fraud examiners know that houses of

Houses of worshipare particularly vulnerable tofraud, but most feel they are impervious. The authors

provide reasons why churches feel so bulletproof and

seven practical steps fraud examiners can use to help

churches stop fraud in its tracks.

A


22/76


FRAUD IN HOUSES OF WORSHIP

worship churches, synagogues, temples, mosques etc. areamong the most vulnerable entities.

WHY are CHURCHES SO VULNERABLEWHY are CHURCHES SO VULNERABLE?Churches typically emphasize the importance of good acts anddeeds, so we might expect their tone at the top would protect

them from fraud. Not so. A variety of factors lead to the op-posite situation. Donald Cresseys research on the fraud triangleshowed that pressure, opportunity and rationalization are pres-ent in almost all frauds. (See pages 10 through 14 of Occupa-tional Fraud and Abuse, by Dr. Joseph T. Wells, CFE, CPA.)However, some forms of these three elements are more preva-lent in houses of worship.

PRESSURES AND RATIONALIZATIONPRESSURES AND RATIONALIZATIONIn many cases, ministers, secretaries and other staff members inhouses of worship are expected to work long hours on pauperswages for the love of a deity, while mingling with the wealthi-

est of society. These working conditions can create resentment,desperation and rationalization, such as they owed it to me.Church staff and volunteers can also face financial prob-

lems from feeding vices and addictions. A pastor or church mem-ber with a serious vice likely will feel that any resulting financialpressure is highly non-shareable. Cressey emphasized that thenon-shareable aspect of a pressure made it a particular impetusfor fraud.

OPPORTUNITYOPPORTUNITYChurches might be the poster child for fraud opportunity for avariety of reasons. First, they tend to be small organizations. TheACFEs 2010 Report to the Nations found that fraud happens

most frequently in entities with less than 100 employees acategory that would include most houses of worship. Becauseof their small size, churches tend not to be willing or able tohire professionals who have significant financial expertise or areknowledgeable about internal controls. Also, by default, smallorganizations find it difficult to adequately segregate duties orinstall independent checks.

Secondly, trust among employees and volunteers fuelschurch engines. Unfortunately, church cultures foster the beliefthat trust is an adequate control a fallacy that can create af-finity frauds, such as the $78 million fraud that Daren Palmer, apillar of his church, perpetrated against members. (http://tinyurl.com/4xae883) Because of the tight-knit culture, it is commonfor churches to hire family members and close friends, whichincreases opportunities for collusion.

Also, churches often do not create the perception of con-sequences that is necessary to deter fraud. History and humannature show that when a fraud does occur in a church, staffmembers often hide the crime so they will not upset membersand other potential donors. In the opening case of the embez-zling church secretary, the fraud at the first church was neverpublicized or prosecuted because a close relative of the secretary

was a significant donor to the church and a powerful member ofthe church board. In addition, U.S. nonprofits generally are nottightly regulated. State attorneys general and the Internal Reve-nue Service (IRS) are the only entities in a position to provide regu-

latory oversight to churches. Attorneys general are typically preoc-

cupied with other issues. And churches are exempt from the rule

that nonprofits must file informational tax returns with the IRS. Soonly parent denominations, church governing boards and possibly

church members are likely to be privy to financial information.

DO THEY REALLY BELIEVE IT CANNOTDO THEY REALLY BELIEVE IT CANNOTHAPPEN IN THEIR CHURCHHAPPEN IN THEIR CHURCH?To get a feel for churches perceived fraud invincibility, we in-terviewed individuals who provided financial oversight in 132U.S. houses of worship. Our survey included a broad varietyof denominations (primarily Christian) of differing member-ships, annual budgets and numbers of employees. Membershipsranged from 25 to 37,500, with an average of 1,168 and a medi-

an of 425. Annual budgets ranged from $10,000 to $30 million,with an average budget of $1,089,045 and a median budget of$430,000. Figure 1 illustrates the distribution of church bud-gets. Most of these churches had at least a few paid employees,and some were affiliated with national or international denomi-nations providing some oversight role.

Fraud had indeed reared its ugly head with 13.4 percent ofthe church leaders acknowledging they had experienced a fraud

in their organizations within the previous five years. The esti-mated sizes of the frauds ranged from a few dollars to $35,000.We suspect that the actual frequency and dollar amount of fraudwere seriously underreported for two reasons.

First, our interviews indicated that churches generallylacked proper internal accounting controls, including segrega-tion of duties, and that even if those controls were in place, thechurches did not consistently follow them. The reported levelsof controls in most of these institutions were so poor that theyprobably harbored many undetected frauds. For example, most ofthe churches we surveyed did not separate record keeping from as-

36%$0 $250,000

17%$250,000 $500,000

12%$500,000 $750,000

7%$750,000 $1 million

28%Over $1 million

Figure 1: Budget Range of Churches Surveyed


23/76



set custody, particularly with respect

to the payment of expenses. Also,

in most cases, the same person whowrote the checks also reconciled the

bank statements. Figure 2 illustrates

the frequency of various control vio-

lations that we found in churches.The second reason we suspect

underreporting is that it is likely

that some interviewees were un-

willing to admit frauds, or their

churches did not tell them about

discovered crimes. Ministers and

church elders are accustomed to

holding the sins of their flocks

close to the chest, and this empha-

sis on confidentiality may prevail

even in the case of white-collar

sins. The cloak of secrecy may mean that the right hand doesnot know what the left hand is doing within the church. Also, in

the same way that those who have been scammed are often too

embarrassed to admit their victimhood, church ministers and oth-

er financial leaders may be hesitant to reveal their vulnerability.

We asked interview participants how vulnerable they

thought their organizations were to employees or members il-

legal or unethical financial actions. Despite generally poor levels

of controls, none of the respondents even those in organi-

zations that had experienced fraud felt their organizations

were extremely vulnerable. Almost a fourth said they were not

vulnerable at all to fraud, and nearly two-thirds said they were

only slightly vulnerable. Table 1 on page 22 presents the percep-tions of vulnerability to fraud within churches that experienced

a fraud within the last five years and those that had no report-

ed fraud over the same period. Overall, most believed that it

wasnt going to happen here.

WHY DO THEY FEEL SO BULLETPROOFWHY DO THEY FEEL SO BULLETPROOF?The lack of a realistic perception of vulnerability is driven by

several psychological mechanisms including overconfidence, ig-

noring base rates and confirmation biases.

Overconfidence

Overconfidence is a particularly difficult psychological barrier

to overcome, even among those with high levels of education.

Psychologists and economists, who have studied the overconfi-

dence phenomenon since the 1960s, find that this mindset re-

sults from two factors. One might be called the Lake Wobegon

effect (from Garrison Keillors A Prairie Home Companion):

we all think we are above average.1Secondly, we tend to have

an illusion of control over circumstances.2The combination of

these two factors leads to unrealistic optimism. Researchers findthat people are more overconfident when they are faced with

difficult or very difficult tasks. The hard-easy effect suggeststhat they are more vulnerable to fraud when 1) it is difficult toassess the likelihood of fraud, and 2) they lack the skills to ap-propriately safeguard their most valuable assets.

Ignoring Base Rates

Cognitive researchers find that even when people are provided

information on the likelihood of fraud, they tend to ignore

base rates. (A base rate can be defined as the average num-

ber of times an event occurs divided by the average number of

times on which it mightoccur.) Consequently, if we were to tell

a group of church leaders that 20 percent of all houses of wor-

ship (a hypothetical number) are likely to be victims of fraud

within the next five years, their over-optimism will lead almost

all of them to conclude that they will notbe victims of fraud.

In other words, people tend to place themselves into the group

that is not affected by frauds instead of accurately assessing if

their particular situation is more reflective of the group that

will experience a fraud.

Confirmation Bias

Auditors and fraud examiners do not tend to conclude that as-

sets are safe unless they have assessed the quality of the controls

in place. The average Joe, however, suffers from a confirma-

tion bias. In other words, Joe will rely too much on confirm-

ing evidence, such as we have never had a fraud before. At

the same time, he will dismiss contradictory arguments, such as

we do not have adequate controls in place. This bias increases

with the amount and strength of confirming evidence. It will

decrease with contradictory evidence but at a much slower rate.3

Walt Pavlo, the perpetrator of a multi-million dollar fraud

at MCI and WorldCom, expressed confirmation bias well. At the

Oklahoma State University 2008 Financial Reporting Conference,

he was asked where the auditors were while he was committing his

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

No checking references

No criminal background checks

Related parties on board of directors

Same person deposits receipts andreconciles bank statements

No financial expert on board

No term limits for financial volunteers

Same person records anddeposits receipts

No credit checks for employees

No required vacations

No surprise audits

Figure 2: Control Problems in Churches

87%

80%

78%

72%

67%

51%

48%

47%

20%

13%


24/76

22


crime, which involved overstatement of receivables. His response:

No one wants to question good news. In the for-profit world, the

evidence has shown that excessively high revenues are a much big-

ger red flag for fraud than excessively low revenues.

HOW TO H LPHOW TO HELPBased on our survey findings and observations, we offer sevensteps fraud examiners can take to help churches avoid fraud:

1. Freely lend your expertise to small nonprofits and churchboards to help them understand and implement the conceptof separation of duties and independent checks.

2. Help them understand that checks are cash only morevulnerable. You could explain this by saying, If someonesteals a $1 bill from you, the most they have stolen is $1. Ifthey steal a $1 check from you and then add a few zeroes,they have stolen much more.

3. Combat overconfidence through education and training.Church boards must understand that trust is never an effec-tive internal control.

4. To achieve adequate perception of detection and conse-

quences, encourage church boards to be open and forth-coming about problems and consequences and to prosecutewhen appropriate. Such prosecutions could have preventedthe secretary in our opening story from moving to the nextchurch to possibly do the same thing.

5. While churches may be in the business of bringing the goodnews, it is a good idea to remind them that at least when itcomes to financial affairs, they should always question newsthat is too good to be true.

6. Church leaders are becoming aware of the need (and some-times the legal requirement) to conduct background checksto specifically find sex-related crimes. Help them understand

that they also can use criminal and credit checks to protectthe churchs financial assets and help ensure that donorswishes are honored by applying donor funds to good deeds,rather than using them to feather the fraudsters pockets.

7. While we have a psychological tendency to ignore base rates,we tend to respond to stories. These stories help bring the

reality home; so share stories about church frauds. And if youare feeling really brave, leave a few copies of Fraud Magazinein the church library.

Individuals who contribute to religious institutions or othernonprofits do so with the intent that their sacrifices will help theinstitution and/or the parties it serves. Fraud examiners can helpthese institutions ensure good stewardship over these resourcesand prevent the unintended distribution of resources to the pock-ets of fraudsters. An essential element of providing this help in-volves convincing them that yes, it can happen here.

Robert M. Cornell, Ph.D., CMA, ACFE EducatorAssociate, is an assistant professor of accounting in the OklahomaState University Spears School of Business. His email address is:[email protected].

Carol B. Johnson, Ph.D., ACFE Educator Associate, is theMasters of Science coordinator and Wilton T. Anderson Professorof Accounting in the Oklahoma State University Spears School ofBusiness. Her email address is: [email protected].

Janelle Rogers Hutchinsonis a Masters in Accounting studentat Oklahoma State University. Her email address is:

[email protected].

1Alicke, M. D., & Govorun, O. (2005). The better-than-averageeffect. In M. D. Alicke, D. Dunning & J. Krueger (Eds.), The self insocial judgment. 85-106. New York: Psychology Press.2Gino, F., Sharek, Z., & Moore, D. A. (2011). Keeping the illusionof control under control: Ceilings, floors, and imperfect calibration.Organizational Behavior & Human Decision Processes, 114, 104-114.3Juslin, P., Winman, A., & Olsson, H. (2000). Naive empiricism anddogmatism in confidence research: A critical examination of the hard-easy effect. Psychological Review, 107, 384-396.

Fraud Occurredin Last 5 Years

Perception of Vulnerability to Fraud

Not VulnerableSlightly

VulnerableVulnerable Very Vulnerable

ExtremelyVulnerable

Grand Total

Yes 24% 53% 17% 6% 0% 100%

No 25% 66% 6% 3% 0% 100%

Total 24% 64% 9% 3% 0% 100%

Table 1

Help them understand

that checks are cash

only more vulnerable.

Sue Colvil/iStockphoto


25/76


Example 1

A husband and wife served as treasurer and assistant treasurer

in a small church in North Carolina. When their business began

failing, they stole several thousand dollars from the church by

simply writing checks to themselves over a three-year period. The

fraud was discovered when a contractor complained that he had

not been paid for work on the church property. (http://tinyurl.

com/2e2gm2w)

Example 2

Three unrelated individuals who served as office manager, facilities

manager and a volunteer in a California church colluded to steal

$500,000 from the church coffers to fund extravagant lifestyles.

The threesome carried out their thefts by issuing fraudulent checks

and making inappropriate use of credit cards. The theft was discov-

ered when the church pastor became suspicious and reported the

theft to the finance committee. (http://tinyurl.com/66cqchg)

Example 3

The pastor of a large Ohio church commingled funds, laundered

money, tampered with records, forged documents and sold 19

acres of church land to steal more than $1 million from his church

and cover his tracks. The proceeds were used to buy cars, a boat,

a pool and hair treatments in addition to funding private-school

tuition for his children. When a church employee reported that

funds were missing, it took two years to investigate the crime before

charges were filed. (http://tinyurl.com/6dpnvch)

Example 4

The business manager of an Oklahoma church was accused of

embezzling $140,000 to pay her personal expenses. The alleged

theft was discovered when the bank notified the church of an over-

drawn account. The suspect said she could not have stolen that

much money because the church was audited every year.

(http://tinyurl.com/6bpqblr)

It Can Happen in Your Neighborhood

Theres so much to learn in order to be an effective fraud fighter where do

you start? Right here, withPrinciples of Fraud Examination. This course is the

foundation of the ACFEs curriculum and is recommended for all anti-fraud

professionals. Whatever industry or area of specialization you end up in, you

will benefit from a solid understanding of the fundamentals of the four key

areas of fraud examination:

Fraud Prevention and Deterrence Legal Elements of Fraud

Fraudulent Financial Transactions

Fraud Investigation

Solid Fundamentals for All Anti-Fraud Professionals

Learn from the experts at

Principles of Fraud ExaminationAustin, TX | April 30 - May 3, 2012

Build your anti-fraud career on a solid foundation

register online at ACFE.com/POFE by March 30 to save an additional $200!


26/76

A major, multimillion sports ticket fraud at the University of Kansashighlights how CFEs can help convince administrators and boardsto reassert control over their athletics departments. The answercould be independent oversight.

By Herbert W. Snyder, Ph.D., CFE; and David OBryan, Ph.D., CFE, CPA, CMA


27/76

n June 30, 2009, David Freeman pleaded guilty to

conspiracy to commit bank fraud as part of a federal

bribery case. Anxious to please the judge prior to

his sentencing, he provided investigators with in-formation about theft and resale of football and basketball

tickets at the University of Kansas (KU). Freeman fingered

two individuals, one of whom was exonerated while the

other proved to be central to the case.Freeman had his sentence reduced from 24 to 18months, which his attorney said was an inadequate re-ward for the information he had provided, according toDeveloper source in KU ticket scandal, by Steve Fry,in The Topeka Capital-Journal, April 22, 2010. (http://tinyurl.com/24wwss9)

Federal authorities contacted KU officials in late 2009.Under increasing pressure, KU announced in March 2010that it had retained the services of the Wichita office ofFoulston Siefkin LLP to conduct an internal investigation.Assisted by a forensic accounting firm, Foulston Siefkinfound that six employees had conspired to improperly sell

or use approximately 20,000 KU athletic tickets mostlyto basketball games, including the Final Four tournament from 2005 through 2010. The sales amounted to morethan $1 million at face value and could range as high as$3 million at market value. Even worse, the investigatorswere unable to determine how many of the tickets weresold directly to brokers because the employees disguisedthese distributions into categories with limited account-ability, such as complimentary tickets, according to Uni-versity of Kansas athletic tickets scam losses may reach$3M, in the Kansas City Business Journal, May 26, 2010.(http://tinyurl.com/3nvaf76)

The investigation did not examine years prior to 2005

because the athletics department did not retain those re-

cords. The investigation of KUs ticket sales and fundrais-

ing operations by federal authorities continued throughout2010 and 2011.

KUs internal investigation, which was released May 26,

2010, implicated the associate athletic director for develop-

ment, the associate athletic director for the ticket office, theassistant athletic director for development, the assistant ath-

letic director for sales and marketing, the assistant athletic

director for ticket operations and the husband of the associ-

ate athletic director for the ticket office who had been work-ing for KU as a paid consultant.

WHAT ACTUALLY HAPPENED?

The accused allegedly abused the complimentary ticket

policies of the university in three ways:First, official policy allowed for certain athletic office

employees to receive two complimentary tickets for each

athletic event provided they would not resell them. In-

stead, the athletic department routinely gave each of these

employees more than two tickets for each event and tacitlypermitted, if not overtly encouraged, reselling.

Second, the development/fundraising arm of the ath-

letic office was permitted to use complimentary tickets tocultivate relationships with prospective donors. However,

these officials helped themselves to many more complimen-

tary tickets than they could have reasonably ne