Is Your Company Ripe For Embezzlement?

Three rip-offs and steps you can take to safeguard your assets.

em bez zle (em-bez l, im-) tr.v.-zled, -zling, -zles. To take (money or property) for one’s own use in violation of a trust. Old French, to do away with, destroy) em bez zle ment n. em bez zler n.

Bogus Check Nets 3K Every Month

The comptroller of a small business ordered a supply of consecutively numbered checks from the check printer. A few weeks later, she called the printer and said that a temporary agency employee the company had hired to destroy old files had mistakenly destroyed the checks just received. The controller then ordered a new set of identically numbered checks, and the printer obliged.

The controller now had in her possession two sets of identical checks. One set remained at the company’s offices, and the other set she took home. At the same time, the controller copied the company’s check processing software. This enabled her to run off on her home computer checks identical to the checks run at the office.

Every month, the controller made out a company check in the amount of $3,000, payable to herself, using her home computer. She noted the check number and cashed the check accordingly.

When she ran the legitimate business check at the office, she was careful to run off the identically numbered check, also for $3,000, but this check was made payable to the U.S. Postal Service and charged to postage expense in the business’ records. The U.S. Postal Service had never billed the company for this expense, and the check was never mailed.

When the controller received the company’s bank statement, she simply destroyed the check made out to herself and replaced it with the identically numbered check made out to the U.S. Postal Service. If you would inspect the U.S. Postal Service check, there would be no indication that it was never cashed by the post office, as the check was endorsed with the actual post office’s endorsement stamp by a friend who worked at the post office. The controller had even been careful to stamp the back of the check with a bank’s cancellation stamp supplied to her by a friend who worked at the local bank.

The company’s file copy of the bogus post office check was even backed up with an actual post office receipt supplied to her by the same friend who worked at the post office.

This embezzlement had been going on for years.

Annual $15,000 Bonus

A company’s bookkeeper prepared the payroll checks every week. At the same time, she prepared the federal withholding tax check for Social Security, Medicare and federal income tax withheld from employees. The checks were routinely signed by the chief executive officer and another staff member. The payroll checks were distributed to employees, and the tax check was sent to the Internal Revenue Service.

Every week the check sent to the IRS was approximately $300 too much, and the overpayment was always the result of transposition errors, which are difficult to detect. For example, if the actual tax liability due IRS was $1,140, the check was made payable in the amount of $1,410.

As is typical of a bookkeeper’s responsibility, the individual prepared the quarterly and annual payroll tax returns, including W-2s. The real payroll tax records were kept at her home, and fraudulent records were kept at the office.

At the end of the year, the extra $15,000 sent to the IRS was added to federal income taxes withheld on the bookkeeper’s W-2. When she filed her personal tax return, she received an annual $15,000 bonus courtesy of the U.S. Treasury, and never signed a check.

This embezzlement had been going on for years.

$35,000 Retirement “Gift”

A company’s bookkeeper was going to retire in two years. Her husband had already retired and started a small retirement business called the Paper Clip Delivery Service. He would take a business office supply order, shop for the best prices, and pick up the supplies for a $25 service fee. He had one client: his wife’s employer.

As checks were received by the business, they were deposited into the company’s savings account to maximize interest revenues. When checks were disbursed, cash was transferred from the savings account to the checking account accordingly and in an amount sufficient to ensure that company checks would clear the bank.

On March 5 of her retirement year, the bookkeeper presented a bank transfer slip to the company’s CEO transferring $35,000 from savings to checking to cover that week’s checks. This was routine business. The CEO and another responsible staff employee signed the bank’s transfer slip. Instead of transferring the money, however, the bookkeeper put the signed transfer slip into her purse.

The bookkeeper retired on August 5, one week after completing the July financial statements, bank reconciliations and so forth. After her retirement party, she told the CEO that there was one unpaid $25 invoice due her husband, and asked if he would mind signing the check. The $25 check was signed by the CEO and another employee.

The bookkeeper went to the company’s bank that afternoon to say goodbye to the bank tellers she had been dealing with for years. Prior to going to the bank, however, she took out the $35,000 bank transfer slip dated March 5 and easily converted the month from a three to an eight and transferred $35,000 into the checking account.

She then went to the bank where her husband’s Paper Clip Delivery Service account was serviced. The $25 check payable to her husband’s business was written with an erasable-ink pen. She simply erased the $25 figure and changed it to $35,000 and deposited it into her husband’s business account. The money was withdrawn the following week when the company’s check cleared the bank system.

Because she had just received the bank statements and completed the bank reconciliations, she knew that the earliest anyone could possibly discover the embezzlement would be in several weeks when the new bank statements would be received and the account reconciled.

She had several weeks to cover her tracks. And she did.

How to Avoid Embezzlement

The embezzlements you have just read about actually happened. What did the three unrelated incidents have in common?

• Each embezzler was an employee above suspicion.
• Each company was not audited by an independent certified public accounting (CPA) firm.

As these incidents attest, it is human nature to place individuals in positions of trust who have the appearance of loyalty and trustworthiness. Yet to safeguard itself, the company must reduce the opportunity for employee dishonesty.

While accurate financial statements are obviously important, the internal control review conducted as part of an annual audit by an independent CPA firm is the only way a company can be assured that cash and other business assets are protected. Each of the embezzlements could have been avoided if the company had an effective internal control system.

The two basic types of internal control systems are controls over checks received and controls over check disbursements. Here are several steps to consider taking when establishing such systems.

Controls Over Checks Received

Give serious consideration to taking advantage of a bank’s lockbox service. In a lockbox arrangement, the company gives customers return envelopes with their invoices. The company’s name appears on the return envelope, but the address is actually the bank’s post office box. The bank deposits the checks for the company and mails the deposit slip and supporting documentation to the company’s headquarters. This is the best internal control available over checks received, as company employees never come into contact with the original check.

Obviously, even if a lockbox system is employed, some checks will continue to be mailed directly to the company’s office. When checks are received, they should be endorsed by whoever opens the mail before the checks are sent to accounting. Additionally, the endorsement stamp should spell out the full name of the company and include the bank name and account number.

For example:
For Deposit Only
The LMNOP Company, Inc.
Third American Bank
Account #784983

It is extremely unusual for anyone to tamper with an endorsed check, because it is so obvious.
Never give original checks to the department that generated the revenue. It is too easy to set up fraudulent bank accounts. Endorsed checks, and endorsed checks only, should be sent directly to accounting. If for some reason another department needs the checks, copies of the checks will be sufficient.

Controls over Check Disbursements

Always require two signatures on checks; accounting personnel should never be check signers. Additionally, the two individuals signing a check should not be associated with approving an invoice for payment. The more individuals involved with processing a check for payment, the less likely an embezzlement will occur, because collusion would be necessary.

Never hand write the check amount. Always use a check imprinting machine or computer-protected checks, or type the amounts if necessary. It is too easy to tamper with handwritten checks.

Do not have bank statements sent directly to accounting. All bank statements, but particularly the checking account statement, should be sent directly to the chief executive officer.

It is the responsibility of the chief executive officer to review the statements before accounting receives them. Simply review the statements and checks and if anything looks unusual, such as an unfamiliar vendor, investigate it by asking for the supporting documentation. If nothing looks unusual, pull a few checks at random and ask for the supporting documentation anyway.

Have a copy of the bank reconciliation distributed with the monthly internal financial statements. Ensure that reconciled balances agree with the financial statements. Pay attention to and investigate old checks that fail to clear the bank.

If the companies that experienced the three embezzlements described earlier had had these controls in effect, all three embezzlements could have been avoided. As this article points out, some basic internal control measures can be easily and quickly implemented. A more exhaustive evaluation of internal controls is part of the annual audit process. When auditors suggest internal control improvements and changes, take them seriously.

Uncovering the Schemes

Curious as to how the three embezzlements were discovered?

In the situation involving the bogus U.S. Postal Service checks, the chief executive officer implemented the policy of reviewing the checking account statement before sending it to accounting. She didn’t advise the controller of the change, and when reviewing the first statement, she noticed a $3,000 check payable to the controller.

Before confronting the controller, she enlisted the help of the company’s new accounting firm, which pulled several checks payable to the U.S. Postal Service from old bank statements. The firm asked the bank for its copy of these checks and discovered that several of the bank’s copies of checks made payable to the U.S. Postal Service were actually made payable to the controller. The company pressed charges, and the controller is in prison.

The embezzlements involving the excess income tax payments and changing the check from $25 to $35,000 were actually done by the same person. The embezzler and her husband purchased a recreation vehicle with the money and toured the United States.

Again, because of her precise timing, the embezzlement wasn’t discovered until six weeks after she left the company. Her replacement discovered the $35,000 check when she reconciled the August bank statement sometime in the month of September.

Because they had neither an address nor a telephone number, it took authorities years to find them. When they were finally located, the couple was convicted but never served time because of advancing age. Instead, the court ordered a restitution program and house arrest.

Gases and Welding Distributors Association
Meet the Author
Edward J. McMillan is a certified public accountant with McMillan & Associates in Lothian, Maryland. This article originally appeared in Association Management magazine. Used with permission.