Stealing Funds for a Nest Egg
Article, Internal Auditor – August 2008
Insurance / Legal / Forensic Investigation
An executive assistant uses a corporate credit card, gift checks, and an online payment account to embezzle US $1.5 million. Paul Sutphen discusses how it happened and the lessons that can be learned.
At just 22 years old, Betty Collins landed her dream job as executive assistant to the president of Build Right, a regional home improvement company based in the Western United States. Build Right, a division of a large international corporation, planned to aggressively expand operations into other areas of the country and wanted only dynamic individuals on board. In her job interview, Collins came across as ambitious and eager to succeed; she displayed a willingness to work hard as a team player and to build a better life for herself and her family. She was exactly the type of person the company wanted to hire.
Build Right’s expansion plan was based on a simple philosophy: Build a good product, get in front of current and potential customers at every opportunity, and know the competition. The company sponsored booths at trade shows, attended industry conferences, and had morale-building events for its sales team, hosted locally and in exciting places such as Hawaii. This kind of exposure cost money, but Build Right was willing to make the investment.
Collins played an important role in making these events happen. She arranged travel plans, including airline and hotel reservations, and coordinated various activities that employees would enjoy. Collins was also responsible for reviewing the final bills and authorizing payment of amounts on the corporate American Express card. Company policy allowed Collins to self-approve disbursements of up to US $100,000 per month to American Express. When the total charges exceeded US $100,000, company policy required her to obtain approval from her supervisor, the president of the company, via a signature or e-mail authorizing the amount. Without this approval, accounts payable would reject the bill.
At month end, Collins prepared a marketing expense form recapping the American Express charges and sent the form, with the appropriate approval, and the payment coupon showing the amount due to accounts payable for payment. Accounts payable would verify that the amount of the payment coupon agreed to the total departmental expense allocation, determine if the required approval was obtained, post the allocated amounts to the appropriate general ledger account codes, and disburse payment to American Express. Electronic billing made it easy for Collins to obtain the vendor and charge information she needed to fill out the marketing expense form. Downloading the American Express bill into an Excel spreadsheet allowed her to quickly organize the data by vendor and expense, and allocate amounts to the appropriate account codes.
From time to time, when her own finances were tight, Collins would make a personal purchase with the corporate American Express card and pay Build Right back via a credit on her expense report. No one ever questioned this practice. Over time, Collins realized that no one ever asked to look at the charges detailed on the American Express bill, and her supervisor only looked at the marketing expense form that she prepared when the total bill exceeded US $100,000, which did not happen often. She also began to see Build Right as a large company with lots of money and rationalized that it would be okay to “forget” to credit her expense report for the occasional personal purchase. To make the accounting work out internally, all she needed to do was increase the billing amount from one of the company’s normal vendors within the electronic spreadsheet to match the amount of her personal charges. This would cause the American Express bill and marketing expense form to balance.
Sometimes Collins didn’t even have to manipulate the marketing expense form. This was the case when her personal purchase of airline tickets, hotels, and restaurant charges coincided with a large company function with similar charges. In this situation, she simply included her purchases with the legitimate ones.
The temptation became too great, though. Collins set off to find other ways to have the company pay for the things she wanted. Because Collins didn’t want to risk charging everything she bought for herself to the American Express card, she needed a way to obtain cash. She discovered that American Express gift checks would serve her purpose. Over a two-year period she purchased more than US $150,000 in gift checks to buy things for herself, family, and friends. However, the gift checks were somewhat limiting due to the set denominations, and the fact that she had to sign each gift check made her nervous.
Collins abandoned the gift check scheme when she learned she could set up a Pay Pal account and fund it from the American Express card. A Pay Pal account works like a bank account, making it easy to pay for purchases or withdraw cash. Just to be safe, she kept each transaction funding her Pay Pal account under US $10,000 so as not to arouse suspicion by regulatory organizations. Over a 10-month period, Collins’ Pay Pal scheme netted her almost US $800,000, which she used to remodel her home, pay off her mortgage, and set up a college fund for her child.
Collins decided it would be best not to let her supervisor know when the American Express bill exceeded US $100,000, for fear of exposing her activities. In the earlier months, when total charges exceeded US $100,000, Collins bypassed the approval process by forging her supervisor’s name on the approval form, but she didn’t think she was doing a good job with the forgery and feared she would be caught. She found a better way. The accounts payable department accepted approvals from her supervisor via e-mail. When her supervisor was out of the office, Collins accessed his computer and sent herself an “approval” e-mail to accompany the marketing expense form, then she deleted the sent e-mail.
In just under three years, Collins embezzled more than US $1.5 million from Build Right. The embezzlement was discovered when Build Right was contacted by an American Express agent to alert the company to questionable transactions involving Collins and Build Right’s corporate credit card. Internal auditors from Build Rights parent company were brought in to conduct an internal investigation of the questionable charges, which led to a forensic examination of Collins’ computer. The investigation by the internal auditors revealed that Collins altered the electronic version of the American Express billings before submitting them for payment. what appeared to be excessive expenditures by the marketing department of its Build Right division. Collins pled guilty to all charges against her and will serve time in prison.
Allowing employees to charge personal items on a company account is never a good idea. Not only does it lead to potential abuse, but it also creates additional bookkeeping work for the company to keep track of these transactions.
Employee self-approval of company-incurred expenses up to a certain amount is not unusual; however, Build Right’s US $100,000 threshold would be too high for most organizations. A lower threshold likely would have required more frequent approvals by Collins’ supervisor, but other shortcomings in internal controls such as accepting only the marketing expense form and payment coupon as support for the charges, and poor control over access to her supervisor’s computer still would have allowed her to develop a successful embezzlement scheme.
Having a supervisor inspect — or at least have the opportunity to inspect — billings, bank statements, and other relevant documentation before the responsible employee receives the information can help deter fraud. The employee will have less confidence to perpetrate a fraud if he or she doesn’t have full control over the data. Had Collins’ supervisor received the American Express bill before she saw it, she may not have made personal charges on the company account out of fear that her supervisor would notice them.
Collins was uncomfortable forging her supervisor’s approval signature, but that was remedied when she discovered she could access his computer when he was away to authorize charges. The power of e-mail has grown from simple communication to, as in this instance, an acceptable means to communicate approval for a large expenditure. Outside of high security environments, access to computer usage is difficult to control. In this instance email authorization for expenditures needs to be coupled with another form of control. Had Collin’s supervisor received a periodic report directly from accounts payable showing expenditure approvals, it would likely have deterred Collins from ever exceeding the $100,000 approval threshold, thereby at least reducing the amount she stole.
Given the lack of internal controls at the local level, this embezzlement might have continued unnoticed for longer than three years had the tip from American Express and the ensuing internal audit investigation not uncovered the defalcation scheme by Collins in the Build Right marketing department. Had the audit department maintained a stronger presence at the Build Right division, it would have established a “perception of detection” that may have deterred Collins from her fraudulent activities.
As appeared in Internal Auditor, August 2008.