Lessons from a Chinese Restaurant
Yesterday my wife and I dined at our favorite Chinese restaurant. We love the establishment. Nearly everything on the menu is cooked in a dish-specific sauce. The food presentation is lovely. The wait staff are pleasant. And once a week the restaurant stocks a dinner buffet that’s to die for. The lines can get a little long but the food is worth the wait. The buffet includes about twenty dishes and although a few dishes appear week after week the rest of the buffet dishes vary from week to week. My wife and I try to get there at least once a month.
And yesterday, for the first time I noticed that the owners had set up a hand-sanitizer dispenser immediately inside the front door. Perhaps the owners placed it there a while ago and I never paid attention to it. But that doesn’t matter. Its presence got me to thinking about being cautious. That’s exactly what the owners were doing: being cautious.
After being seated and having finished a cup of hot and sour soup I approached the buffet and for the first time really “noticed” the clear cough shields just above the food trays. They’ve been there as long as I’ve been going to this restaurant but it was another reminder of the precautions the owners had taken (although in this case the precautions were likely mandated by the board of health).
Then, as I left the buffet area with a plateful of food I grabbed a pair of chopsticks as I always do. And for the first time really “noticed” that Chinese restaurants no longer wash and reuse chopsticks as they do with flatware. Now all chopsticks are individually wrapped, used by one and only one customer and then disposed of. Although this, too, may be mandated it’s just another sign of the precautions taken by restaurants to protect the health and well-being of their clients.
“Caution” is also an important word when dealing with a business’ financials. TraceTech Solutions, LLC was formed to provide business owners with a precautionary option that had never been available. TraceTech provides a second pair of eyes on a business’ books. We leverage the power of IT to look for nearly-inevitable bookkeeping errors and the occasional possibility of theft.
TraceTech doesn’t believe that most bookkeepers intentionally make bookkeeping errors. But the fact is that bookkeeping is a manual, detail-oriented task often performed by multi-tasking administrators. Errors creep into books and sometimes never come out. Errors that can skew financials reports. Errors that can stymie people who try to make sense of the numbers.
And then, occasionally a dishonest bookkeeper will intentionally enter errors. Or enter valid but fraudulent transactions. The results can range from mildly annoying to catastrophic.
Either way, the operative word for owners is “caution”. This blog site has always provided its readers with simple and effective precautionary tools that can reduce the risk of financial theft and reporting error. We encourage our readers to learn from our past blog posts. A little caution can go a long, long way to saving a business.
a
Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services. Learn more about TraceTech’s services here: TraceTech Solutions website.
How Heavy is a Ghost?
Last week a sales executive I know contacted me and asked if might be able to substitute for her at an upcoming networking group meeting.
Networking groups (for those who don’t know about them) are forums for businessmen and businesswomen to get to know each other and exchange ideas and referrals. In one segment of a typical networking group meeting every attendee has the floor for one or two minutes to tell the other group members about the product or service that they provide to their customers and clients.
Anyway, after I told Meaghan that I’d gladly represent her at the meeting she sent me the text of the message that she wanted to pass on to the group. Part of the message was that her employer, Solex Payroll (www.solexpayroll.com), can typically slash a business’ payroll costs by 30%-50%.
Believe it or not, the statement made me jealous – just because it contained a real, honest-to-goodness, verifiable statistic. A statistic that Solex Payroll could back up if asked.
I wish I were that lucky. No one, and I mean NO ONE, has any reliable statistics about workplace fraud.
Not that statisticians haven’t tried. There are, in fact, published statistics about workplace fraud. But all of those statistics are based on reported fraud losses. The “gotcha” is that no one knows the percentage of workplace frauds that aren‘t reported. Worse: investigations that uncover workplace fraud may fail to uncover all the schemes that are being used. And worse still: investigations that do not uncover fraud may miss frauds that are actually there.
So trying to determine the scope of the workplace fraud problem is akin to trying to weigh a ghost. In order to measure something you need to be able to “encapsulate” it. That can’t be done with workplace fraud.
Statistics can send a powerful message, though. So when I address a large group I always have the group generate “local” statistics about workplace fraud. It usually opens a lot of eyes and drops a lot of jaws.
A few months ago, for example, I presented a workplace fraud webinar to B2B CFO, a nationwide organization of part-time CFOs (www.b2bcfo.com). Prior to the webinar I had asked the members about their personal experiences with workplace fraud. I presented the results of this informal survey in the first few webinar slides. Here they are:
- 57% of responders personally knew a business that had been defrauded of over $20,000
- 66% of the known perpetrators were either executives or on the accounting staff
- 61% of the known perpetrators had been with the business for three or more years
- 65% of the responders felt that the losses were either “major” or had seriously impacted the business
As I pointed out the to the attendees, as shocking as the results seem these numbers are typical for groups that I speak to.
So how much does the ghost weigh? Darned if I know. But it’s probably heavier than most business executives believe. And ignoring the ghost can come back and haunt you.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions, LLC provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech Solutions’ services here: TraceTech Solutions website.
Signature Service
One of the two signatures of Abrahan Lincoln below is genuine. I penned the other one after about two minutes of practice. I won’t tell you which is which. It doesn’t matter. The point is that it’s simple to forge a signature.
Many business owners believe that since they sign every check (or believe they do) there’s no way that a back-office employee can steal the business’ money.
Sadly, they’re mistaken. Although signing every check is a deterrent, signature-forging is so easy (as evidenced above) that a bookkeeper or an office manager could sign anything in the owner’s name – checks, credit card applications, bank account applications – and most people who examine the signature would be unable to tell that the signature was forged.
Forgery is a common fraud scheme. The amount of money that businesses have lost to forgeries is mind-boggling. Here’s a recent example:
Wisconsin Kitchen Mart’s owner Nancy Rossman recently discovered that over a five-year period her trusted bookkeeper had written and cashed 79 unauthorized checks payable to the bookkeeper’s husband. The bookkeeper simply forged the signatures of Rossman or Rossman’s husband and business co-owner Jeffrey on the checks.
The checks totaled $49,268 in 2006, $182,560 in 2007, $172,044 in 2008 and $213,560 in 2009. To avoid detection the bookkeeper recorded the checks as having been written to legitimate Wisconsin Kitchen Mart vendors. You can read the story here: Retail Establishment Embezzlement Story.
One reason why thefts such as these go undiscovered for years is that no one – other than perhaps the perpetrator – is looking to see who checks are actually made out to.
Preventing forgeries like these can be difficult. But deterring and detecting them often requires just a few minutes a month to look over bank statements.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
You Are Who You Aren’t
Not very long ago I visited my former employer, a Massachusetts accounting firm. There were some obvious changes. A locked door now prevented any visitor, including me, from walking past the receptionist’s desk. And I had to be escorted throughout my entire stay. It’s unfortunate but identity theft has reached a point where these types of measures are necessary.
Data privacy laws are designed to prevent intruders from stealing personal information. They cannot, though, prevent insiders from doing the same. As I walked through the premises I couldn’t help but think that every tax return being prepared contains information that could be used for identity theft. The entire set of the firm’s returns could be written to one flash drive and taken out of the building in a pocket. And how many HR reports contain sensitive employee data? The entire lot of them could fit onto one CD.
A payroll manager in California air freight office recently used her access to personal information to steal $480,000 – in less than a year and a half – from her employer. She stole a former employee’s identity and added that employee as a co-owner of her credit union account. That done, she authorized payments to be made to that former employee – which went directly into that account. All it took was some numbers – and a lack of oversight. You can read the U.S. Department of Justice report here.
The Information Age has provided us with unimagined opportunities (witness this blog, which you could not have been reading just ten years ago) both good and bad. Countering the bad requires more than locked doors and escorts. It requires vigilance. The work of any employee with the ability and/or authority to disburse a business’ money should be monitored closely. As trustworthy as the vast majority of employees are, one bad apple can cause a $480,00 bad hair day.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
Overriding Concerns
As long as there are financial controls, there will be employees who override them. Score a point for the bad guys.
The Association of Certified Fraud Examiners’ 2010 Report to the Nations on Occupational Fraud and Abuse makes the following observation:
“In more than 19% of the cases [of the surveyed fraud reports], internal controls were in place but were overridden by the perpetrator or perpetrators in order to commit and conceal the fraud.”
Here’s the rub. Implement lax controls, and vigilance is necessary. Implement strong controls…and vigilance is necessary. That’s the way it is. Dishonest employees with motive and opportunity will find weaknesses in financial controls and exploit them.
Recently, the former general manager of Putnam Lexus in Redwood City, CA was sentenced to four years in prison for stealing over $800,000 from his employer. You can read the story here.
His was an unsophisticated scheme: the GM had the office manager cut checks to the GM after telling the office manager that the owner had approved the checks. A simple override of a good control.
Vigilance prevented the scheme from doing even more damage. The dealership’s owner uncovered the scheme while reviewing the company’s books. But had the scheme been less aggressive ($100,000 a month is pretty noticeable, ya think?), it might still be going on.
TraceTech provides business owners with cost-effective services that can help to expose schemes like this – and many others – before the owner is even are of them. Please contact us for more information.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
Diverging Interests
“Conjecture:” a guess usually inferred from perceived truths.
Conjectures are an integral step to solving problems. They can often provide enlightening insights – even when they’re incorrect. As an example, consider the following three sentences, extracted from a press release issued by a New Jersey County Prosecutor’s office:
“[name deleted] was the accounts payable clerk for Lynnes Nissan in Bloomfield when it was determined that money was being stolen from the company and that the theft was carried out by an employee. It was determined she was not depositing all the cash she received from the parts and service department into the company bank account.” “Throughout 2007 and 2008 she stole $545,000 from her employer.”
Half a million dollars in two years. No matter how you look at it, that’s quite an aggressive theft.
Let’s start conjecturing.
Conjecture: No one outside the cash flow loop was regularly reconciling cash receipts with cash deposits. Had that happened, this theft would not have gone undetected for two years.
Conjecture: The clerk knew that no one outside the cash flow loop was regularly reconciling cash receipts with cash deposits. After all, she was able to steal half a million dollars before her scheme was detected. Experts say that most frauds require motive, rationalization and opportunity. The three sentences in this example suggest neither a motive nor any kind of rationalization. However, the opportunity was clearly present.
Conjecture: The clerk concealed the theft by “toying” with deposits to make it difficult to trace the receipts. For example, she might have split receipts among multiple accounts. Or she might have delayed depositing some receipts. So had someone tried to reconcile daily receipts with daily deposits, they would have found the going difficult.
Fact: Regardless of day-to-day variances, over a longer term the sum of cash receipts should closely track the sum of cash deposits. That suggests a different approach to detecting this type of embezzlement scheme. Rather than (and perhaps in addition to) reconciling daily receipts with daily deposits, businesses should reconcile longer-term cash receipts with cash deposits. Depending on the business, that might be a weekly reconciliation. Or a monthly reconciliation. Regardless, if over the long term, total cash receipts diverge from total cash deposits, find the cause.
Fact: TraceTech examines daily and long-term cash receipts vs. cash deposits as part of its Fraud Checkup service.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
Spotting the Needles in the Haystack
Some cash fraud schemes never get off the ground. Others “soar” and never get detected at all. Many factors determine the outcome of a cash theft scheme (which is the most common type of scheme in small and mid-size businesses), including how much was stolen and how the theft was concealed. Here’s a description of a scheme that went undetected for over seven years:
The victim of this scheme was Caliber Motors, a California auto dealership. The perpetrator was a long-time, trusted contracts clerk, responsible for writing checks to customers who traded in their old vehicles.
Between June 19, 2000, and Aug. 13, 2007, this contracts clerk wrote 144 fraudulent checks totaling more than one million dollars to her sister-in-law and her sister-in-law’s husband. You can read the news story here.
The theft was probably easy to conceal. During those seven years she likely wrote thousands of legitimate checks. Even if the dealership’s owners and managers had done the due diligence of examining every bank statement to see who actually got paid, the fact that there were so few fraudulent checks written over the seven-year duration made it difficult for any manual procedure to detect such a scheme.
Technology, however, provides a cost-effective way to do the search as part of a normal financial control regimen. TraceTech performs just this kind of search.
The news reports don’t specify how this theft was concealed, if indeed it was concealed at all. But it’s easy to imagine some possibilities.
For example, the clerk might have recorded the checks exactly as written, with or without forged authorizations. If that were her modis operandi, then periodically generating a list of payees and the total amount of payments might have uncovered the scheme early. TraceTech provides its clients with such a summary.
In another scenario she might have written the checks out to her sister-in-law and her sister-in-law’s husband but recorded the check payees as various other people, again with or without forged authorizations. Periodically generating a report of discrepancies between the bank statements and the ledgers might have uncovered the scheme. TraceTech provides its clients with such a report.
If the clerk used either option, it’s not surprising that the scheme went undetected for as long as it did; a typical bank reconciliation, internal audit or external audit would have likely missed it. The bookkeeper who reconciles bank statements has little reason to examine actual payees if the amounts in the statement and the ledger agree. And internal audits and external audits typically examine too few samples to spot the proverbial needles in the haystack.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
A Property Manager’s Property Loss
The website of Reno, Nevada’s NevDex Properties states that they provide their tenants with a first-class environment and a management team they can trust.
Obviously, NevDex values the trust they’ve built between themselves and their clients. Trust is essential to a business’ success. Trust is also essential between a business’ management and the business’ employees. But as Nevdex discovered, “blind trust” can be disastrous.
The culprit in this case was NevDex’s long-time office manager. For over six years she clandestinely wrote checks to herself., and was recently sentenced to 20 years in prison for stealing over $400,000 from her employer. The prosecuting attorney said of her , “The victims trusted [her] both personally and professionally which enabled her to steal from them on nearly a daily basis for at least six years”.
Greed. That’s what led her to steal the money. She used the stolen funds to pay for shopping sprees, trips, a $41,000 horse trailer and a down payment on a motorcycle shop. You can read the entire story here.
For six years, Nevdex was blind to the theft. The office manager’s assistant finally noticed something amiss and informed the owners. Two points are worth noting:
- The office manager confidently understood how much she could steal without being noticed. It happened to NevDex and it could happen in almost any business. An employee familiar with the business’ financial controls can not only circumvent them but they understand precisely how far they can go without being noticed.
- No one was looking. The office manager in this case blamed the cash problems on a weak economy. Blind trust allowed NevDex’s office manager to steal money for six years.
Trust…but Verify. Three words that every small business owner with an accounting staff should heed. Had NevDex’s owners taken a little extra time every month to scan bank statements and see who NevDex was actually paying, they might never have been victimized. Every business owner can, and should, make this process a regular part of examining the monthly financials.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
Credit Crunch
Most innovations have a yin and a yang – a good side and a bad side. Typically the good side appears well before the bad side makes its first appearance.
So it was (and is) with credit cards. They made their debut about seventy years ago. Imagine what a pleasure it must have been to be one of the first to pay for a restaurant meal with plastic (actually the first cards were cardboard – the plastic innovation came later). For many years only the good side of credit cards was visible. Problems started appearing when the cards became a near-universal means of purchase. Credit card fraud became (and still is) a huge issue which, in turn, helped to spawn the identity theft problem.
Within businesses, credit card fraud frequently takes the form of credit card abuse – specifically using business cards to make personal purchases (and having the business pay for those personal purchases, of course). Dishonest employees can take advantage of any trust the owners and management offers them. Depending on the level of trust, putting a corporate credit card in the hands of a dishonest employee can have the same effect as handing the employees bundles of cash and failing to oversee how the cash is spent.
Take, for example, the administrative assistant who worked at Alza, a California pharmaceutical research and development company. Between February 2007 and October 2007 (that’s only eight months, folks!) she fraudulently charged over $328,000 in personal expenses on an Alza corporate credit card, including paying for a 1968 Ford Mustang and 1969 Chevrolet Camaro automobile, the restoration of those automobiles, cosmetic surgery, a Hawaii and Tahiti cruise vacation, a granite kitchen countertop, a residential air-conditioning unit, and American Express gift cards. Maybe she even paid for a restaurant meal or two. You can read the Department of Justice’s press release about the theft here.
Trust in a business’ employees is a necessary part of a small business’ success. But the fact is that there are dishonest employees out there, so “Trust but Verify” should also be a necessary part of that success. Once a dishonest employee obtains company credit card information, they cannot be prevented from abusing that information. An owner’s only viable alternative is to stopping credit card misuse is to examine every card statement every month to verify that the credit cards are not being used to pay for an employee’s personal expenses.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
In It for the Ride
Two years ago my neighbor needed some masonry work done. He got a contractor’s phone number from an ad placed in one of the advertising periodicals received by every suburban home in the U.S.; the ones that reserve some space for phrases like “Your source for the best service providers” and “Our advertisers just want to give you outstanding service”. The contractor arrived promptly to estimate the job and he and my neighbor agreed to a price. A few days later the contractor showed up with a load of bricks, built half of a staircase, and was never heard from again.
The biggest damage was done to my neighbor’s wallet. He’d learned that vetting a contractor (or any other vendor) is worth the time and effort.
The lesson applies equally well to business. Bringing in new vendors is an important way to improve selection, reduce cost and improve your customers’ satisfaction. It’s also a way for dishonest employees to sneak in under the radar and get the business to pay for services and products that never existed and were never delivered.
Take, for example, the scheme perpetrated by the former Executive Director of ATN, a non-profit agency that provided transportation to tourists in Anaheim, CA. She had the authority to hire vendors for ATN. And I’m guessing that most of the vendors she hired were completely legitimate. But one wasn’t. That was “Advanced Transportation Services”. She created the company. She was its only employee. And in a little over a year, her bogus company invoiced ATN for $118, 875 of non-existent services. You can read the Justice Department’s report here.
Vetting vendors isn’t difficult – and is most effective when someone other than the initiator does it. A phone call, a look in the yellow pages (especially now that yellow pages for the entire country are online), a look at manta.com and getting references from other customers are simple tasks. The extra time and effort could save a business tens or even hundreds of thousands of dollars. That’s a pretty good insurance policy.
a
The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them. Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently. If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.
TraceTech Solutions provides small businesses with unique low-cost fraud monitoring and detection services. Learn more about TraceTech’s services here: TraceTech Solutions website.
