Longtime City Employee "Punks" The City and Its AP Department
Article, AP Journal Online – May 2009
Insurance / Legal / Forensic Investigation
A trusted long time employee uses the system to embezzle funds over a period of years. Paul Sutphen details how this was accomplished and steps that can be taken to act as a deterrent to fraudulent behavior.
Abbey Simpson had been a City employee for over thirty years. Although her career was mostly centered in the Finance Department, Abbey’s position eventually evolved into a dual hybrid role of both Assistant Finance Director and Human Resource Administrator, which she functioned in for the ten years prior to her retirement.
Abbey’s responsibilities during this period included supplying financial information for and participating in the City’s budgeting process, reconciling the Human Resources’ bank account, and being a signatory for check disbursements. In her last full year of employment with the City, Abbey earned a salary of $85,000. In addition to this already lucrative salary, during the last eight years of her employment Abbey also disbursed $1.3 million to herself.
How did Abbey position herself with a City job with such liberal salaries and disbursements? Being privy to “all the right sources” due to her hybrid role enabled Abbey to embezzle the $1.3 million. Had internal controls addressed the changes in Abbey’s role, perhaps they would have taken notice of the equation for certain disaster.
Abbey used a simple check payee substitution scheme to commit this fraud. Her scheme was successful because of one main factor: as her hybrid position evolved, the established internal controls did not address the change. The amount of the embezzlement escalated each year – the first year she stole $97,000, and during her final year of employment she stole $188,000.
Business as Usual
The normal practice to fund employee medical and retirement benefit plan expenses was through payroll. Twice monthly, Abbey prepared a batch of benefits payables to be approved by her supervisor. Once approved, the batch was sent to payroll for payment. Payroll accepted the Human Resource supervisor’s approval to disburse the entire batch; the underlying support for each disbursement was not sent to payroll as that information was maintained in Human Resources and was available for inspection.
Occasionally it was necessary to issue a single disbursement outside of the batch run. This was referred to as issuing a “manual check,” and would occur for numerous reasons, (e.g. a new employee starts work, change in employee status, etc.).
Abbey’s duties as Assistant Finance Director included preparing the supporting documentation for issuance of a manual check for her supervisor to review. Upon approval, her supervisor would take the next sequentially numbered check from the check stock, fill in the date, payee, amount, and mail the check to the payee. The carbonized check copy with the payment support would then be routed to Accounts Payable where it would be coded to payroll in the system. In her supervisor’s absence, Abbey was authorized to assume certain duties, including the issuance of manual checks through Accounts Payable, but only when the payment due date was near.
Abbey developed a simple scheme that allowed her to exploit the system. When her supervisor was scheduled to be out of the office, Abbey would often fabricate the need for a manual check. She did this by pulling together bits and pieces of recent payment support used for legitimate checks from the batch payment runs that her supervisor had previously approved, and she was careful to select supporting documents with payment due dates that were near.
Once the fabricated support was assembled, Abbey obtained a numbered check from the locked file for which she had a key. Abbey followed the protocol carefully as with a legitimate manual check process, typing in the date, payee and amount, and then sending the carbonized copy with the supporting payment documents to Accounts Payable for posting. The date and amount Abbey filled in on the check copy were accurate; however, since she wanted to deposit this check into her own account, Abbey slipped a piece of paper over the payee space on the check and typed in a legitimate payee name. The legitimate payee name was imprinted onto the check copy via the carbonized paper and the slip of paper on the face of the check made it so the payee line on the check itself was left blank.
Next, Abbey typed in her own name as the payee. She would then deposit the check into her personal bank account. The next month when the bank statement arrived she would intercept the bogus checks, erase her name as payee and type in the payee name to match the Accounts Payable copy. The check was filed away and if someone were to take a cursory look at the Accounts Payable listing, the cancelled check, and the Accounts Payable check copy, everything would appear to match up.
After several years of meticulously altering the bogus checks to remove her name and substitute a false payee name, Abbey realized that no one ever looked at the filed materials. Eventually she would simply file away the checks without bothering to alter the payee name.
The Internal Control Problems
As noted earlier, Abbey had been with the City for thirty years, and over that period she gained the trust of many, and learned much about how the system worked. Her position as Assistant Financial Director involved her in the budgeting process whereby she provided actual and expected payroll and benefits data to the committee that made recommendations to the City council for budget approvals. Furthermore, Abbey was aware of the approved amount for each year’s budget, and she had a pretty good idea of the actual amount that would be needed. This information provided Abbey with a likely range in value that was available for her to steal.
Abbey was also authorized to originate manual check payments, and she was an authorized “second signature” check signer. The first signature was via a stamp that she had access to whenever she wanted.
Lastly, Abbey had the responsibility to reconcile the bank statements. This was something Abbey had done for many years with the City. She enjoyed this task and, as her job description evolved, she retained this responsibility by request. As a side note, Abbey’s sister was the Finance Director. It is worth noting here that while her sister was not involved in any of Abbey’s financial misdeeds, Abbey was likely given some preference with her job responsibilities because of this relationship.
Given her various job responsibilities, Abbey had the perfect opportunity to steal and cover it up, with little in the way of checks and balances to detect her fraudulent activity.
The Slip Up
How Abbey got caught was an astounding oversight on her part. Abbey didn’t deposit the last check she wrote to herself until two days after she retired! This check was discovered during a bank reconciliation by the clerk who took over that responsibility from Abbey after she retired.
This one slip up turned a simple, well planned and executed scheme into a conviction for Abbey. It is ironic that the City’s lack of meaningful audit reviews is probably the reason Abbey let her guard down and became careless, which is the likely reason she got caught in the end. Abbey has been convicted of fraud and is presently awaiting sentencing.
The obvious internal control shortcoming was the lack of segregation of Abbey’s duties. When the same person who initiates a disbursement is also a check signer, has access to blank checks and the primary signature stamp, and also has the responsibility to reconcile the bank statement, there is little in the way of functioning internal control safeguards that would detect unlawful activities.
This lack of segregation of duties came about over many years as Abbey’s job description and responsibilities evolved. The internal controls that were at one time very effective did not evolve as Abbey’s role evolved. Nepotism, as evidenced by her sister's position as Finance Director, also likely played a part in the break down of internal controls.
Even with the described situation there is one potentially effective deterrent that could have been implemented; the generation of a simple report by Accounts Payable listing the manual checks issued. This type of report provided periodically to Abbey’s supervisor would have presented an opportunity for the supervisor to review manual checks that were issued on dates she was away, possibly leading to an investigation on her part. More importantly, had such a report been generated with Abbey’s knowledge, that in itself may have served as a sufficient deterrent to make Abby think twice about pursuing her career of crime.
Stop the Heist: Four Steps to Protect Your Business
Segregation of duties is a highly effective deterrent to fraud – now and again consider how recent changes to authority may have eroded this critical internal control.
- Deviations in normal procedure that allow a subordinate to temporarily execute a superior’s authority, especially when a hurry-up situation is the cause, should periodically be authenticated back to the original authority.
- Watch for subtle and infrequent shifts in normal procedure which may evolve into an acceptable normal procedure.
- Perform analytical reviews to search for emerging patterns and/or increased frequency of authority delegation. This may lead to identifying the need to revise internal controls.
Paul C. Sutphen, CPA/CFF, CFE, is a Partner in the Seattle office of the international forensic accounting firm, RGL Forensics. Mr. Sutphen has 30 years of investigative accounting experience, focusing his practice on the investigation of commercial insurance claims including fidelity, intellectual property and product liability claims, and providing forensic accounting services to attorneys. He may be reached at firstname.lastname@example.org.
As appeared in AP Journal Online, May 2009.