10 Million Embezzlement Exposed Preventable
Mar 17, 2009
I recently read where a California bookkeeper was charged with grand theft and embezzlement to the tune of nearly $10 million. As a highly-educated recovering perfectionist who understands a thing or two about advanced financial technology solutions, I'm not sure I could even pull this off. Really.
But here's my question--actually, several of them: 1) Did stakeholders read the financials each month? 2) Did stakeholders closely monitor gross profit and all the COGS accounts? 3) Were book to physical inventories done regularly? 4) Did someone beyond this bookkeeper review the bank statements before recons were completed? 5) Were budgets and/or forecasts performed then compared to actual results regularly?
My suspicion is that none of the above have a 'yes' answer. If the simple controls addressed in my questions are applied, then this theft is either greatly minimized or the theft never happens.
After reading about this theft, I wanted to know if some of my partners agreed with me. I asked them two questions: Could this theft have been prevented? What could have stopped this theft? Here are those responses.
Many businesses are familiar with the roles of the Controller and the CPA. Owners are frequently unaware that another role is necessary. The CFO serves as the eyes and ears of the owner. If the CFO is performing analytic reviews of the company's records, the weekly $25,000 would likely be noticed. In addition, if the CFO is performing or reviewing the bank reconciliation, unusual payees would also be noticed. This situation definitely should have been caught well before six years elapsed. Sometimes, having a CFO deters the would-be thief and the embezzlement never happens.
I believe this could have been prevented by sound financial controls. One of the basic tenants of sound controls is that, whenever practical, it is wise to have different people reconciling bank accounts, approving payments and writing checks. Where were the checks and balances that prevent a single individual from being able to have so much person autonomy? With numbers this large, it also seems to me that the company should have been engaged in a more thorough review or audit by an independent CPA. It seems very likely to me that an audit would have uncovered a recurring disbursement of $25K each week.
For this situation to take place, this CFO had to be able to approve the amount for payment, generate a check or bank transfer, sign the check and then reconcile the bank account; that's simply too much temptation for many people. You need to limit opportunity through the use of better checks and balances by inserting other individuals into this cycle; more eyes reviewing transactions means less opportunity and less temptation and fewer losses.
This is almost a textbook case of a person most likely to commit fraud. 60% of fraud is committed by one person, generally aged 36-50. The older the person, the larger the fraud. The fraudster generally has no criminal or employment misbehavior record. In most cases, the fraud goes undetected for years.
The large red flags in this case are a person living beyond their means, addictive behavior (shoes) and apparent unwillingness to share duties. Other behavior was probably apparent but not mentioned in the article.
The two most effective ways to deter fraud are to institute surprise audits and to have someone take over the duties periodically by enforcing job rotation and mandatory vacations. Of course a B2B CFO is the perfect person to assist a small to mid sized business to enact the most effective ways to combat fraud.
I appreciate the comments above from Karen, Michael, and John. Additionally, my friend Jerry Mills, the founder and CEO of our firm has a great chapter on this subject in his book The Danger Zone. The chapter is called Who is Watching the Controller?
Nail down those internal controls, and theft such as the above can be significantly curtailed if not eliminated.