On July 16, 2018, Thomas Scott Taylor was sentenced to 18 months in prison and ordered to pay restitution in the amount of $492,689 for his role in embezzling from his employer, IntelliSurvey Inc. Taylor admitted to unlawfully accessing a protected database in order to access unredeemed Amazon gift cards for his own personal gain.
Taylor admitted to knowing that IntelliSurvey purchased and maintained a set of Amazon gift cards for use in rewarding survey participants. Taylor accessed the protected database to identify the gift cards that had not been redeemed by individuals and credited them to his personal Amazon account. This scheme continued for nearly six years, and resulted in him obtaining a total of $492,689. This was used to make approximately 3,300 personal purchases through Amazon.
This is a perfect example of why it is important for companies to review their internal controls and processes to identify areas where there may be a risk of both fraud and material misstatement. Any operations related to the access to, or collection and payment of cash and revenue should always be considered high risk areas. It is critical that employers ensure the risks associated with these areas are considered and risk is reduced through the design and implementation of proper controls.
When analyzing the risk of fraud, it is difficult for employers to identify the financial or emotional motivations that may exist. It is also difficult to know how they may rationalize fraudulent action as a result of those pressures.
It is much easier for an employer to identify potential opportunities an employee may have to commit fraud and the risk that it may happen. Once identified, it is important that employers establish a network of controls that would mitigate the risk and remove the opportunities. This can be done internally or through the use of external auditors and advisors.
When designing and implementing a system of controls surrounding any area of a business, one of the most critical concepts is to ensure there is an appropriate “segregation of duties.” Ensuring that multiple people are involved in any one process, and that there are appropriate systems of checks and balances being performed by different individuals, can reduce the likelihood that one person would have the opportunity to commit fraud on their own.
Segregation of duties also includes limiting the access of individuals within the company’s systems to only the areas needed for them to perform their duties. In the case described above, it became apparent that IntelliSurvey had failed to limit Taylor’s access to certain systems which were not required for his role. This ultimately created an opportunity for him to commit fraud.
By ensuring that the controls put in place will create an appropriate segregation of duties, companies are able to limit the opportunity a single individual may have to commit fraud. There remains the possibility that multiple individuals work together to circumvent these controls. But that’s a separate discussion on the risks of collusion, and a story for another day.