Chapter 4 Billing Schemes Review Questions 4-1 What are the five categories of fraudulent disbursements, and where did billing schemes rank in terms of frequency and cost in the 2009 Global Fraud ¬Survey? Answer: The five categories of fraudulent disbursements are: billing schemes, check ¬tampering schemes, payroll schemes, expense reimbursement schemes, and register disbursement schemes. Among these categories, billing schemes were most commonly reported. Fifty-two percent of fraudulent disbursements in the survey involved billing fraud. Billing schemes were the second most costly form of fraudulent disbursement, with a reported median loss of $128,000. 4-2 How is the term “billing schemes” defined, and what are the three categories of billing schemes covered in this chapter? Answer: Billing schemes are frauds in which a perpetrator causes the victim organization to issue a fraudulent payment by submitting invoices for fictitious goods or ¬services, inflated invoices, or invoices for personal purchases. The three categories of billing schemes are: shell company schemes, non-accomplice vendor schemes, and personal ¬purchases schemes. 4-3 What is the purpose of a shell company and how is it normally formed? Answer: A shell company is a fictitious entity established for the purpose of committing fraud. It may be nothing more than a fictitious name and a post office box that the employee uses to collect disbursements from false billings. Since checks ¬received will be payable to the shell company, the fraudster will normally set up a bank account in the name of the fictitious company, listing himself as the authorized signer on the account. 4-4 There are four ways in which fraudulent invoices are approved for payment. What are they? Answer: Fraudulent invoices are approved for payment by self-approval, by a rubber stamp supervisor, or through the normal internal control system by reliance on the authenticity of the false voucher the fraudster creates. In addition, collusion among several employees can overcome even well-designed internal controls and can enable fraudsters to obtain approval on bogus invoices. 4-5 Why does collusion among ¬employees in the purchasing process make it very difficult to detect billing schemes? Answer: One of the main purposes of a well-defined internal control system is to separate the duties of individuals who are involved in the purchasing process in order to prevent any one person from having too much control over a particular business function. It provides a built-in monitoring mechanism in which each person’s actions are verified by another person. But, if everyone in this process works together to ¬create fraudulent voucher documents, then billing schemes will be very difficult to ¬detect. 4-6 Why do most shell company schemes involve the purchase of services rather than goods? Answer: Services are intangible, which makes it more ¬difficult for the victimized company to verify whether they were ever actually delivered by a vendor. If a billing scheme involves fictitious goods, the defrauded company may be able to detect the fraud by comparing its purchases to inventory ¬levels, but this comparison will not identify the purchase of nonexistent services. 4-7 What is a pass-through scheme and how does it differ from a typical shell company billing scheme? Answer: In a typical shell company scheme, the perpetrator bills the victim organization for fictitious goods and services. In a pass-through scheme, on the other hand, the perpetrator ¬actually provides real goods and services. Pass-through schemes are usually undertaken by employees in charge of purchasing on behalf of the victim company. Instead of buying merchandise directly from a vendor, the employee sets up a shell company and purchases the merchandise through that fictitious entity. He then resells the merchandise to his employer from the shell company at an inflated price, thereby making an unauthorized profit on the transaction. 4-8 What is a pay-and-return scheme? List three examples of how this type of fraud can be committed. Answer: In a pay-and-return scheme, an employee intentionally mishandles payments to a vendor and then steals the ¬excess payment when it is returned by the vendor. Generally, the perpetrator either double-pays an invoice, intentionally makes a vendor payment for an excess amount, or sends a payment to the wrong vendor. In all cases, the perpetrator then contacts the non-accomplice vendor, explains that a “mistake” was made, and asks the vendor to return the excess payment to her attention. When the overpayment is returned, the fraudster steals it. 4-9 How does an employee use a non-accomplice vendor’s invoice to generate a fraudulent ¬payment? Answer: Typically, the fraudster either prepares a fake ¬vendor invoice and submits it to his company for payment or reruns an invoice that already has been paid. After his company ¬prepares a check for payment, the perpetrator intercepts the check ¬before it is sent out or has an accomplice do the same after the check arrives at the vendor’s place of business. ¬Alternatively, he could alter the vendor’s address or electronic payment information in the payables and online banking system so that the check is delivered to the fraudster or an accomplice. In addition to the preceding examples, an employee can generate fraudulent payments using a non-accomplice vendor invoice by committing a pay-and-return scheme, as was ¬discussed in the preceding question. 4-10 How does an employee make personal purchases on company credit cards, purchasing cards, or running charge accounts? Answer: Instead of running false invoices through accounts payable, some employees make personal purchases on ¬company credit cards, purchasing cards, or running charge accounts with vendors. An employee with a company credit card or purchasing card can buy an item merely by signing his name (or forging someone else’s) at the time of purchase. Some companies keep open charge accounts with vendors with whom they do regular business. Office ¬supply companies are a good example of this kind of vendor. Purchases on charge accounts may require a signature or other form of authorization from a designated company -representative. Obviously, that representative is in a position to buy personal items on the company account. Other employees might do the same by forging the signature of an authorized person at the time of a fraudulent purchase. In some ¬informal settings, purchases can be verified by as little as a phone call. Discussion Issues 4-1 In the case study of Cheryl Brown, the administrative assistant at a Southeastern medical school, what type of billing scheme did she commit? Answer: Cheryl committed a shell company scheme. She and an outside accomplice created a shell company and bilked her employer out of thousands of dollars through the use of fake invoices. 4-2 Explain how separation of duties contributes to the prevention and detection of billing schemes. Answer: By enforcing a rigid separation of duties in the ¬purchasing process, an organization can significantly limit its ¬exposure to billing schemes. Segregating the purchasing process into four basic functions—purchasing, approval of purchase, receipt of goods, and cash disbursement—can prevent most forms of billing fraud. This is because most billing schemes succeed only when an individual has control over two or more of these functions. If these duties are strictly segregated, it will be very difficult for an employee to commit most forms of billing fraud. 4-3 List and explain at least four proactive audit tests that could be performed to help detect a shell company scheme. Answer: Examples of tests that can be used to detect a shell company scheme include the following. Vendors lacking -certain identifying information such as a telephone number or tax ID can be extracted from the vendor master file for ¬investigation. Similarly, the vendor master file can be matched to the employee master file for duplicate telephone numbers, ¬addresses, and so on. The invoice payment file can be searched for vendors who had multiple invoices just below established -review limits—a possible sign of an attempt to circumvent ¬management review of bogus invoices. The vendor master file can also be matched to the invoice payment file to identify ¬payments to any unapproved vendors. There are several other tests ¬identified in this chapter that could also be used. 4-4 What are some of the ways shell company invoices can be identified? Answer: Auditors, accounting personnel, and other employees should be trained to identify red flags relating to fraudulent ¬invoices. One common red flag is a lack of details such as a telephone, fax, tax identification, or invoice number. ¬Another common red flag is an invoice that lacks detailed ¬descriptions of items ordered. Lastly, using a mail drop or ¬residential address may also indicate a billing fraud scheme. All of these red flags should be investigated. 4-5 Sharon Forsyth worked in the purchasing department of a retail store. She was in charge of ordering merchandise inventory and various supplies for the organization. She purchased merchandise through a fictitious shell company and then resold it to her employer at an inflated price. What is the name of this type of fraud? Answer: This type of fraud is called a pass-through billing scheme and is a subcategory of shell company schemes in which actual goods or services are sold to the victim company. 4-6 Karen Martinis was responsible for opening mail, processing vendor claims, and authorizing payments. She was involved in a scheme in which she either double-paid vendor invoices, paid the wrong vendors, or ¬overpaid the right vendors. What type of billing scheme is being described in this case? Answer: This is a pay-and-return billing scheme involving non-accomplices. In a pay-and-return billing scheme the perpetrator does not prepare fake invoices and submit them to the victim company. Instead, she intentionally mishandles vendor payments that are owed to a legitimate vendor. The perpetrator then requests that the vendor send a check for the amount owed back to the victim company. 4-7 What type of internal controls can be used to help prevent pay-and-return billing schemes? Answer: As with most billing frauds, pay-and-return schemes can be mostly prevented if the duties of the purchasing, authorizing, and payment functions are separated and if invoices are matched to purchase orders before payments are made. Also, incoming mail should never be delivered directly to an employee, but rather opened at a centralized point with all incoming checks being properly recorded. Organizations should also instruct their banks not to cash checks made payable to the company. In some cases, employees attempt to conceal the theft of returned checks by running targeted invoices through the payables system a ¬second time so that the intended recipient of a stolen check still gets paid. An effective duplicate checking system can help prevent this type of scheme and make it easier to detect a pay-and-return fraud. 4-8 In terms of classifying frauds under the Fraud Tree system, how does a scheme in which an employee fraudulently orders merchandise for his personal use differ from a scheme in which an employee steals merchandise from his company’s warehouse? Answer: Even though both schemes involve an employee ¬taking merchandise, the first scheme is classified as a billing scheme, whereas the second is classified as a theft of inventory (as will be discussed in Chapter 9). This is because when a person steals inventory from a warehouse, he is stealing an asset that the victim organization needs, that it has on hand for a particular reason. The harm to the victim company is not only the cost of the stolen asset, which will have to be replaced, but also the loss of the asset itself. In contrast, when an employee fraudulently buys merchandise with company funds, the asset he acquires is superfluous. The perpetrator causes the victim company to order and pay for an item which it does not really need, so the only damage to the victim organization is the money lost in purchasing the particular item. The victim organization suffers no harm in the loss of the asset that was purchased, because the victim had never designated a need for that asset in the first place. Chapter 5 Check Tampering Review Questions 5-1 Assume there are two thefts of checks at ABC Company. In the first case, an employee steals an outgoing check that is drawn on ABC’s account, and is payable to “D. Jones.” The perpetrator forges the endorsement of “D. Jones” and cashes the check. In the second case, an ¬employee steals an incoming check from “D. Jones” that is payable to ABC Company. The employee fraudulently ¬endorses the check and cashes it. Which of these schemes would be classified as check tampering? Why? Answer: Only the first scheme would be classified as check tampering, because check tampering is a form of fraudulent disbursement, and the first scheme involved a disbursement of the victim organization’s funds, whereas the second scheme did not. Check tampering applies only to checks drawn on the victim organization’s accounts. If an employee steals an incoming check that is payable to the victim organization, then this theft will be classified as either skimming or cash larceny, depending on whether the check was recorded by ABC Company ¬before it was stolen or afterward. 5-2 There are five principal categories of check tampering frauds. What are they? Answer: The five principal categories of check tampering are: (1) forged maker schemes, (2) forged endorsement schemes, (3) altered payee schemes, (4) concealed check schemes, and (5) authorized maker schemes. 5-3 What are the methods discussed in this chapter by which fraudsters gain access to blank company checks as part of a forged maker scheme? Answer: Most forged maker schemes are committed by ¬employees whose duties include the preparation of company checks, so in most cases the fraudster has legitimate access to blank check stock. When an employee does not have access to blank checks through his job duties, he may be able to steal checks that are not properly safeguarded. For example, a company’s checkbook or blank check stock might be stored in an open, unlocked area that is not always supervised. The perpetrator might also obtain a key or combination to a restricted area where checks are stored. When check stock is properly safeguarded and the fraudster does not have access, he might be able to obtain blank checks from another employee who does have legitimate access, typically in return for a portion of the stolen funds. If unused checks are not properly disposed of after they have been voided, an employee may be able to use them in a forged maker scheme. Finally, a fraudster might ¬produce counterfeit check stock and use this to draw funds from the organization’s accounts. 5-4 Perpetrators of check tampering schemes must obtain a signature on the check. What are methods used to affix a signature to the check? Answer: The perpetrator can simply write an authorized ¬person’s name on the check. A more elaborate method is to create a legitimate signature on a transparency and use it to place a signature on blank checks. Some companies use signature stamps or computerized signatures that a perpetrator can gain access to. The perpetrator may be an authorized signer and will simply sign a check himself. Finally, he may hide a tampered check in a group of legitimate checks and present them for signing by an authorized signer. 5-5 How can the type of paper on which an organization’s checks are printed be a factor in ¬preventing and detecting forged maker schemes? Answer: The type of paper a check is printed on can sometimes help distinguish a legitimate check from a counterfeit. ¬Organizations should print their checks on watermark paper supplied by a company independent of its check printer. (This will prevent a dishonest employee of the printer from using the company’s watermarked paper). Security threads or other ¬markers can also be incorporated to help verify that company checks are legitimate. If an organization uses high-quality, distinctly marked paper for its checks, counterfeits will be easier to ¬detect. In addition, it is a good idea to periodically rotate check printers and/or check stock to help make counterfeits stand out. 5-6 What are the differences ¬between a forged maker and a forged endorsement scheme? Answer: A forged maker scheme is one in which an employee misappropriates a check and fraudulently affixes the signature of a legitimate check signer to authorize disbursement of funds. In a forged endorsement scheme, the employee intercepts a signed company check intended for a third party and fraudulently endorses the check in order to obtain the funds that were intended for someone else. An important distinction is that the two schemes attack an organization’s control structure at different points. A forged maker scheme typically involves the falsification of a blank check. The key to this kind of scheme, from the fraudster’s perspective, is in obtaining a blank check, producing a signature that appears to be authentic, and in some cases, recording the check in such a way that the fraud will not be detected. In a forged endorsement scheme, by contrast, the perpetrator is working with a check that has already been prepared, so the ¬issues are different. Instead of gaining access to blank check stock, the perpetrator must find a way to gain access to a check after it has been signed but before it has been delivered. Typically, this means the fraudster must steal the check before it is sent out in the mail, although in some cases the fraudster might alter the mailing address of a legitimate payee. From a concealment standpoint, forged endorsement schemes present different challenges than forged maker schemes. In a forged endorsement scheme, the stolen check was intended for a real payee, so the perpetrator must be ¬concerned with the probability that the intended payee will complain about not receiving the check that has been stolen. In a forged maker scheme this is not generally a concern ¬because the check is originally written for a fraudulent ¬purpose; there is no legitimate payee. 5-7 What are some methods of ¬intercepting a check intended for a third party? Answer: A perpetrator may be an employee authorized to mail or deliver a check but who diverts it for his own benefit. Checks that are signed but are left unattended instead of being immediately mailed can be stolen by a fraudster. Checks that are returned because they could not be delivered to the addressee could be intercepted or a perpetrator could change the address of a legitimate payee to his own address prior to mailing. After a check has been intercepted, the payee name can be altered by adding a second payee to the payee line, or the perpetrator can use erasable ink to prepare the check, then change the payee (and amount) on the check after it has been signed. 5-8 What is an authorized maker scheme, and why are these frauds especially difficult to prevent through normal internal controls? Answer: An authorized maker scheme is a type of check ¬tampering fraud in which an employee with signature authority on a company account writes fraudulent checks for his own benefit and signs his own name as the maker. The perpetrator in these schemes can write and sign fraudulent checks without assistance. He does not have to alter a pre-prepared instrument or forge the maker’s signature. This may be the most difficult form of check tampering to defend against because in most cases check signers are ¬owners, officers, or otherwise high-ranking employees, and thus have or can obtain access to all the blank checks they need. Even if a company’s control structure ostensibly ¬prohibits check signers from handling blank checks, the perpetrator ¬typically has enough influence and authority to override this control. 5-9 How can a perpetrator conceal check tampering activity from others in the organization? Answer: If the perpetrator is responsible for bank reconciliations he can remove fraudulent canceled checks, mark fraudulent checks as void on the reconciliation, force balance the ¬reconciliation, or physically alter the bank statement to conceal the fraudulent checks. If a fraudster has committed an altered payee scheme, he might re-alter the canceled checks during the reconciliation (by inserting the name of the intended payee and the proper amount) so that they correspond to the disbursements journal. The fraudster can also falsify disbursement journals, hide the tampered disbursements in an account where they are unlikely to draw attention, or falsify supporting documents to make the bogus checks appear legitimate. In forged endorsement or altered payee schemes, which involve the theft of ¬outgoing checks intended for a third party, the fraudster may reissue the intercepted checks to avoid having the intended payee complain to others in the organization. 5-10 There are ¬several duties that should be segregated among employees to minimize the opportunity for check tampering. List these -duties. Answer: Duties that should be segregated among employees include: (1) check cutting and posting, (2) check signing, (3) check delivery, and (4) bank statement reconciliations. 5-11 What measures can companies can take to prevent and detect fraudulent electronic payments? Answer: Companies can best defend against fraudulent electronic payments through a combination of solid internal controls and bank security services. Separation of duties (e.g., segregating duties for creating, approving, and releasing wires) is one of the most important internal controls for preventing and detecting electronic payments fraud. Other essential internal controls include segregation of bank accounts (e.g., using separate accounts for paper and electronic transactions), daily account monitoring and reconciliation, and management and protection of user access and account information. Bank security services that can help business account holders mitigate electronic payment fraud include ACH blocks and filters, positive pay for ACH, multi-factor authentication tools, dual authorization, transaction limits, and software access restrictions. Discussion Issues 5-1 In the case study of Melissa Robinson, she was able to steal over $60,000 from her employer. Why was she able to commit her fraud without detection? Answer: Melissa Robinson was given check signing authority and sole control of the bookkeeping function. She was given large amounts of cash that were not verified by a second -person. External audits that may have uncovered the fraud were never completed. In addition, she was not challenged when she failed to allow others access to the books and records and failed to provide financial information. 5-2 Assume you are a new hire in the accounting department of an organization. One of your responsibilities is the reconciliation of the operating ¬account. After the end of the month you are given a copy of the bank statement and the canceled checks and instructed to perform your reconciliation. You notice there are some faint markings on a portion of the bank statement that could be ¬alterations. What steps would you take in performing the ¬reconciliation? Answer: The first oddity that should be noticed is that you were given a copy of the bank statement, not the original. This is an indication that the bank statement may have been manipulated. This is further evidenced by the faint markings noted on the copy. These could be from tape, correction fluid, or some other method used to hide the True data on the original bank statement. You should add the individual items on the statement and reconcile the totals to the amounts reported on the bank statement (e.g., add deposits and compare the total to the “total deposit” amount on the bank statement). Each canceled check should be compared to the bank statement to ensure all canceled checks reported on the statement are included with the statement. A request should also be made to review the original bank statement and determine why you were given only a copy. A review of the age of reconciling items should be made and any old or unusual items investigated. A comparison should be made between each canceled check and the corresponding ¬listing in the check register and the account to which it was posted. Finally, a review of endorsements may be prudent. 5-3 If a fraudster does not have ¬legitimate access to check stock, he must obtain access to the check stock in order to commit a forged maker scheme. What are some ways blank checks can be fraudulently obtained and what measures could an organization take to prevent this from occurring? Answer: Blank check stock may be poorly protected by those who have legitimate access. Organizations should make sure that the blank checks are always under lock and key and that the key is closely guarded. Computer-generated check stock should also be safeguarded. Employers should allow access to computerized check-writing applications by password only and change the password on a frequent basis. Finally, these internal controls should be tested on a periodic basis to ensure they are properly working. 5-4 Access to an organization’s funds can be gained through counterfeiting the organization’s check stock. What types of controls would help detect a counterfeit check? Answer: The use of watermark paper or paper with security threads would help identify counterfeit checks. Use of multiple types of check stock and check printers that are periodically rotated would also help identify counterfeits as would a search for out-of-sequence or duplicate check numbers on bank reconciliations. 5-5 Checks can be forged by several methods: free-hand forgeries, photocopies of ¬legitimate signatures, and by obtaining access to an automatic check-signing mechanism. What are some controls an organization could institute to minimize the chance a forgery will occur? Answer: A list of authorized check signers should be prepared and a rotation schedule for signers set up. Canceled checks should then be reviewed each period to ensure the correct signer’s name appears on each check. A periodic ¬comparison of the authorized signer’s signature should be made with canceled checks to spot obvious forgeries. Finally, access to any automatic check-signing mechanisms should be severely ¬restricted and the related internal controls tested on a surprise basis to ensure the internal controls are being followed by ¬employees. 5-6 Forged endorsement schemes and altered payee schemes both involve the theft of outgoing checks that are intended for third parties for some legitimate purpose (e.g., a check payable to a vendor for services rendered). In this respect, these schemes differ from other forms of check tampering, in which the check is usually drafted by the perpetrator for a fraudulent purpose. Discuss how this distinction affects the way in which forged endorsement and altered payee schemes must be concealed. Answer: When an employee steals an outgoing check that was intended for a third party, this creates a concealment problem because the third party presumably expects the check and will in all likelihood complain if it is not received. Therefore, a fraudster who engages in a forged endorsement or altered payee scheme must often find a way to issue a check to the -intended recipient to cover for the stolen payment. This is not a necessary step in other types of check tampering, such as a forged maker scheme, because in these cases the stolen check was originally written for a fraudulent purpose; it has no ¬intended payee other than the fraudster. In addition, when a fraudster attempts to convert a stolen check that was payable to a third party, this may leave clues that will later have to be concealed. For example, in an altered payee scheme, the fraudster inserts his name (or that of an accomplice) onto the payee line of the check. This information will not match the check register and should be a red flag. Therefore, the perpetrator may have to re-alter the canceled check (by replacing the original information) when it is ¬returned with the bank statement. If a fraudster uses a dual endorsement to convert a check as part of a forged endorsement scheme, the second ¬endorsement (in the name of an employee) would be a clear red flag of fraud. The perpetrator may have to destroy the ¬canceled check to prevent detection. 5-7 In altered payee schemes, the perpetrator changes the name of the intended third party and negotiates the check himself. This can be done by adding a second payee or changing the original payee’s name. What is the best method for detecting this type of fraud? Answer: The best way to detect an altered payee scheme is to include as part of the bank reconciliation process a comparison of canceled checks to the check register to ensure both payees are identical. Implied in this statement is the understanding that the person who performs the reconciliation must be independent of the check-cutting process. Most altered payee schemes are successful only when the perpetrator is in charge of reconciling the bank statement. 5-8 In the Ernie Philips case, $109,000 was stolen through check tampering. How was this scheme accomplished and what could management have done differently to prevent the scheme from occurring? Answer: Ernie wrote unauthorized checks, forged the authorized signers’ names, and then manipulated the bank statements to hide the disbursements. He also obtained access to the signature stamp and included unauthorized checks with ¬legitimate checks when submitting them for signing. Finally, he used his position of authority to deflect questioning about unidentified disbursements. Mr. Sell had implemented some good internal controls but Ernie did not respect them. For example, Ernie fraudulently obtained bank statements after being warned by Mr. Sell that he was not to receive or review them. This procedure should not have been tolerated in-house, and the bank should not have been permitted to send bank statements directly to Ernie in the first place (this kind of change should have required Sell’s authorization). A stronger control over comparing checks presented for signing to supporting documentation and a stronger control over the signature stamp could have been implemented. If the organization had required Sell to spot-check his signature on canceled checks, it is possible some of Ernie’s forgeries could have been detected. Chapter 6 Payroll Schemes Review Questions 6-1 According to this chapter, what are the three main categories of payroll fraud? Answer: A payroll scheme is an occupational fraud in which a person who works for an organization causes that organization to issue a payment by a making false claim for compensation. There are three main categories of payroll fraud: ghost employee schemes, falsified hours and salary schemes, and commission schemes. 6-2 In terms of median losses, which is larger: billing schemes or payroll schemes? Can you offer a possible explanation? Answer: According to the statistics from the 2009 Global Fraud Survey, billing schemes have larger median losses than payroll schemes. One possible explanation is that -disbursements to vendors are typically larger than those to ¬employees; therefore, it would be easier to conceal a large fraudulent ¬disbursement by concealing it as a payment to a vendor. 6-3 What is a “ghost employee”? Answer: The term ghost employee refers to someone on the payroll who does not actually work for the victim company. The ghost employee may be a fictitious person or a real individual who simply does not work for the victim employer. When the ghost is a real person, he or she is often a friend or relative of the perpetrator. In some cases the ghost employee is an ¬accomplice of the fraudster who cashes the fraudulent ¬paychecks and splits the money with the perpetrator. 6-4 There are four steps that must be completed in order for a ghost employee scheme to be ¬successful. What are they? Answer: The four steps to making a ghost employee scheme work are: (1) adding the ghost to the victim company’s payroll records, (2) collecting and maintaining timekeeping and wage information, (3) issuing a company payroll check to the ghost, and (4) delivering the ghost’s check to the perpetrator or his or her accomplice. 6-5 Within a given organization, who is the individual most likely to add ghost employees to the payroll system? Answer: Regardless of how the hiring of new employees is handled within a business, it is the person or persons with the authority to add new employees to the company’s records who are in the best position to put ghosts on the ¬payroll. 6-6 The key to a falsified hours scheme in a manual system is for the perpetrator to obtain -authorization for the falsified timecard. There were four methods identified in this chapter by which employees achieved this. What were they? Answer: The four ways an employee can obtain authorization for a falsified timecard are: (1) forging a supervisor’s signature on a fraudulent timecard, (2) colluding with a supervisor, (3) relying on a “rubber stamp” supervisor to approve the ¬timecard without review, and (4) altering a timecard after it has been ¬approved by a supervisor. 6-7 What is meant by the term “rubber stamp” supervisor and how are these individuals utilized in a payroll fraud scheme? Answer: The term rubber stamp supervisor refers to a ¬manager who approves timecards without reviewing their ¬accuracy. This is a very serious breach in controls, because the role of the manager in verifying hours worked and authorizing timecards is critical to preventing and detecting payroll fraud. Obviously, rubber stamp supervisors play a part in payroll fraud in the sense that they fail to detect crimes that are otherwise ¬detectable. In addition, the fact that a manager is known to ¬approve timecards without reviewing them may provide the perceived opportunity that convinces an employee to attempt a payroll fraud scheme. 6-8 List at least three tests that could be performed to detect falsified hours and salary schemes. Answer: Several tests were discussed in this chapter, -including the following: •Comparisons of overtime expenses by employee and by ¬department •Comparisons of payroll expenses to budget projections or prior year totals on a company-wide and departmental basis •Exception reports showing any employee whose compensation has increased from the prior period by a dispropor¬tionately large percentage •Verification of payroll taxes to federal tax forms •Comparison of net payroll to payroll checks issued In addition to the preceding, several proactive audit tests were recommended at the end of the chapter. 6-9 There are two ways that an ¬employee working on commission can fraudulently increase his pay. What are they? Answer: A commissioned employee’s wages are based on two factors, the amount of sales he generates and the percentage of those sales he is paid. In other words, there are two ways an employee on commission can fraudulently increase his pay: (1) falsify the amount of sales made (either by creating ¬fictitious sales or by overstating the amount of legitimate sales), or (2) increase his rate of commission. Discussion Issues 6-1 List and explain at least three computer-aided audit tests that can be used to detect a ghost employee scheme. Answer: There are several suggested tests listed at the end of this chapter. For example, a comparison of payroll data files to human resource data files could be performed to look for differences. Employees that show up on the payroll register but not in the employee master file should be verified. Another possible test is to extract all employee payments with no -deductions or taxes withheld from the payroll register. These types of payments are more prone to fraud and are often ¬associated with ghost employee schemes. The payroll register can also be matched against the employee master file to extract employees with no name, no employee number, no social ¬security number, or whose payment dates occur after their ¬termination dates. All of these conditions would be consistent with a ghost employee scheme. 6-2 The ability to add ghost employees to a company’s payroll system is often the ¬result of a breakdown in internal controls. What internal ¬controls prevent an individual from adding fictitious ¬employees to payroll records? Answer: The most effective method of preventing an ¬individual from adding fictitious employees to a company’s payroll records is to segregate duties for payroll preparation, disbursement, distribution, and payroll account reconciliation. As long as these duties are separated, it is very difficult for a single ¬individual to add ghosts to the payroll system. 6-3 In the case study of Jerry Harkanell (“Say Cheese!”), what internal controls could have prevented the falsification of his timesheet? Answer: Harkanell should not have been allowed to deliver the signed timesheets to the payroll department. Additionally, procedures should have required him to complete his timesheet using permanent ink, rather than pencil (which can be erased). 6-4 In terms of preventing payroll fraud, why is it important for hiring and wage rate changes to be administered through a centralized and independent human resources department? Answer: There are several ways in which a centralized human resources department can help to prevent payroll fraud. By having all hiring be conducted through its human resources department, an organization can limit its exposure to ghost employee schemes. This control would prevent a rogue manager from adding ghosts to her staff and pocketing their paychecks. ¬Absent ¬collusion, a human resources employee would also not be able to add a ghost, because there would be no line manager to ¬approve the ghost’s timecards, and therefore payroll would not issue a check to the ghost. The human resources department and the line manager would act as independent checks on one another. In addition, if all wage rate changes must be independently administered through human resources, this would tend to prevent an employee from falsely obtaining an increase in his wage rate or salary, and it would prevent a payroll ¬employee from overpaying himself. Absent collusion with a human resources employee, these individuals would be ¬unable to authorize the increase. 6-5 If you suspect a salesperson is inflating his commissions, what would you do to determine if this were occurring? Answer: If a salesperson is suspected of inflating his commissions, an examiner should compare the salesperson’s commissions to those of other salespeople and to his sales figures to determine whether there is an appropriate correlation. Rates at which the salesperson is paid should be determined and verified with personnel or other company records. Proper segregation of ¬duties should also be confirmed. 6-6 Beta is one of 10 salespeople working for ABC Company. Over a given period, 15 percent of Beta’s sales are uncollectable, as opposed to an average of 3 percent for the rest of the department. Explain how this fact could be related to a commission scheme by Beta. Answer: Commissions are a form of compensation calculated as a percentage of the amount of sales a salesperson generates; therefore, one of the ways a salesperson could create -fraudulent commission payments for himself is by overstating the amount of sales he generates. As was explained in this chapter, one way employees falsify the amount of sales they make is by creating fictitious sales to nonexistent customers. The ¬employee collects the commission on the sales but no ¬payment is ever made by the “customer.” The receivables ¬associated with these fake sales age and eventually are written off as uncollectible. Solution Manual for Principles of Fraud Examination 9780470646298, 9781118922347 Joseph T. Wells
Close