For the past six months, Stephen Pedneault has been on a soapbox, decrying technology’s negative effects on the detection, prevention, and resolution of accounting and financial fraud. “When it comes to internal controls, we need to go back to basics,” he proclaims.
Not exactly a Luddite, Pedneault, a forensic accountant and investigator for 23 years, thinks the automation of controls isn’t itself the problem; instead, it’s the complacency with which executives have greeted it. (Pedneault will lead a workshop on fraud at the upcoming CFO Rising West Conference in Las Vegas, to be held October 24-27.)
One example of the problem stems from changes in how payroll-services vendors make client reports available, says Pedneault. Instead of dispatching couriers once a week with packages of papers for review, vendors may send CDs containing the reports — but executives tend to throw the CDs in their desk drawers without looking at their contents. Worse, says Pedneault, founder of Forensic Accounting Services in Glastonbury, Connecticut, many vendors put the reports online instead of mailing them, so that clients can print such things as check images anytime they need them. “The problem is, nobody prints them,” he says.
“I’ve got a crazy idea,” Pedneault tells CFO. “How about going online and printing [the statement or report] every month as if it were mailed to you — and actually looking at it?”
Ten or 15 years ago, he observes, frauds were caught more swiftly. In that less-automated time and in relatively small companies, one employee would be responsible for collecting and photocopying all the checks and recording them on a deposit slip before the funds were deposited in a bank. That employee would then give the income information to a colleague, who would post it in the company’s accounting records. Later, executives would receive a report derived from the records that said how much money was posted for the day. “The checks would go to the bank, and at the end of the day you’d match up three things: what came in, what got posted, and what got deposited,” says Pedneault.
It was hard to steal cash receipts, says Pedneault, because they wouldn’t be posted to the accounting records if a theft occurred. In the case of repeated thefts of a single customer’s payments, the customer’s balance would get noticeably bigger and older. Eventually, an executive following up on accounts receivable would see the gap and request customer payments. The customer would then offer proof that a payment was indeed made, and the fraud would be detected.
The presence of such basic controls enabled Pedneault recently to sniff out a “lapping scheme.” Named for its method of posting overlapping payments, the accounting fraud typically involves an employee’s theft of customer bill payments to a company. To cover up the theft, the employee enters the proceeds of the next incoming check into the accounting records as payment for the first bill. The employee then records the third incoming payment to cover up the second missing payment, and so on.
The reason Pedneault was able to unearth the scheme was that the company is a small one ($1 million to $2 million in annual revenues) that still makes photocopies of the checks its employees deposit in the bank every day, as well as keeps copies of the deposit slips. When the forensic accountant examined such copies, he found there was no record of the payments of a customer who always paid in cash.
A bank deposit slip filled out by the fraudster on behalf of the company indicated that the company may have received the missing cash, Pedneault notes. But by matching a check photocopy against the bank deposit slip, he was able to detect that the check was issued by a different customer than the one who paid in cash. “The [employee] skimmed the cash and then used other customers’ checks to cover up the theft of the skimmed cash,” he says. “If we didn’t have the deposit slip, I’m not sure how we would have proved anything.”