8

Rating ? Qualities ?
Applicable
Innovative

Buy book or audiobook

Policies & Procedures to Prevent

Fraud and Embezzlement
Guidance, Internal Controls, and Investigation
Edward J. McMillan • Wiley © 2006 • 308 pages

Management / Risk Management

Manufacturing / Supply Chains
Corporate Finance / Controlling

Take-Aways
• When embezzlers get caught, it is usually by accident.
• Whistleblowers get credit for catching 30% of fraud, but U.S. law does not protect every whistleblower.
• Routine audits do not seek fraud. They intend to provide “reasonable assurance” that your books have no
misstatements due to irregular activities.
• When fraud happens, the perpetrator is usually someone you’d never suspect.
• An employee who embezzles is often someone obsessive, someone who has been passed over for a
promotion or someone with a luxurious lifestyle.
• When you suspect an embezzler, line up solid evidence to avoid a lawsuit.
• Carefully preserve all possible evidence and seek the help of a forensic accountant.
• Take steps to prevent fraud from harming your company: Monitor checks, have staffers sign “Condition
of Employment” agreements, and be alert to payroll “ghosts.”
• Protect yourself from identify theft.
• Due to the huge volume of checks presented daily, banks cannot match signatures against the original
signature cards.

1 of 6

LoginContext[cu=7893981,ssoId=4288689,asp=7044,subs=14,free=0,lo=es,co=PE] 2022-09-12 18:14:37 CEST

 Recommendation
This basic, informative book exactly addresses its title topic. Edward McMillan delivers straightforward
advice for companies of all sizes. He also offers individuals advice on avoiding identity theft. McMillan
covers everything from case histories to the details of hiring agreements, and how to fire an employee who
commits fraud. Each chapter contains recommendations, sample documents, key points and checklists. The
book also provides 119 pages of useful sample documents relating to internal controls to help you prevent
this widespread, costly crime. getAbstract recommends McMillan’s practical guide to anyone concerned
about corporate – and personal – security.

Summary

The Ugly Reality

Fraud can happen in any business. And when it does, the criminal usually is someone you’d never suspect.
Embezzlers can be any age, rank or race, and either gender. They carry out their crimes for any number of
reasons, although their fellow workers generally don’t know their motives, which can include drug abuse,
gambling, dire financial need or mere thrills. The typical embezzler is “compulsive, was denied a promotion,
has an expensive lifestyle or never takes a vacation.” Fraudulent behavior is often tied to need, opportunity
and a contrived rationale for undertaking the theft.

“Corporate fraud and scandal are real threats to business today...No business, large or
small, is immune.”

Take the CEO who approved his own credit-card statements. When outside auditors discovered that he
regularly charged a few thousand dollars a month at a particular eatery, they requested help from the
restaurant’s management. A few weeks later, the restaurant’s executives reported their findings: whenever
the CEO ate there, the same assistant manager, his girlfriend, served him. The CEO would leave thousand-
dollar tips, which the woman redirected to her bank account. The corporation discovered the fraud when an
outside accountant expressed his discomfort with its credit-card reconciliation process. It seems the CEO
had never given the staff access to the details behind the credit-card statements; the outside audit team
found out why.

“Fraud losses are devastating – but they are also highly avoidable.”

In another creative embezzling scam, a bookkeeper made it look like everything was fine while she
committed fraud for decades. The nonprofit organization’s bank mailed its statements to the CEO’s house,
where he reviewed them. Since he was the only person authorized to sign checks, the proper controls
seemed to be in place. The CEO looked at the payroll checks, signed them and distributed them. But at
the same time, the bookkeeper prepared a request for payroll taxes (Social Security, Medicare and income
tax withholding). She asked the CEO to sign the deposit coupon. The CEO routinely reviewed his bank
statements and saw that the cancelled checks had cleared the IRS, but no one checked the bookkeeper’s
math, so she routinely sent the IRS an extra $300 per pay period. At the end of the year, the bookkeeper
claimed the year’s overpayments (more than $15,000) on her personal tax return as income tax that her

www.getabstract.com
2 of 6

LoginContext[cu=7893981,ssoId=4288689,asp=7044,subs=14,free=0,lo=es,co=PE] 2022-09-12 18:14:37 CEST

 employer had withheld. When the IRS processed that claim, she received a refund for the entire amount.
When investigators discovered the fraud, she had been doing it for 25 years.

“Most fraud is discovered by accident...due to unanticipated work interruptions, and not

during the course of a CPA financial audit.”

Accident or happenstance usually trip and unveil embezzlers. They aren’t generally caught by formal audits,
which uncover only 2% of fraud cases. Sheer luck accounts for the apprehension of 50% of the perpetrators.
Internal audits catch 18% of fraud. Whistleblowers, who get credit for catching 30% of fraud, should be
protected from company retaliation as part of your firm’s stated policy. The U.S. Sarbanes-Oxley Act of 2002
sometimes protects whistleblowers but “it currently does not apply to nonpublic businesses or nonprofit
organizations.” This law delegates additional fraud-prevention responsibilities duties to CEOs, CFOs,
controllers, treasurers, payroll clerks, and security and accounts-payable staff members.

Embezzlers with Partners

Embezzlers sometimes work with third parties. In one case, a CEO noticed that her name had been forged
on a check. Suspicious, she did not notify her controller, but instead went to an outside fraud consultant. The
investigation determined that the bank was cashing the firm’s checks in the correct amounts, but that the
payee’s name had been changed on some of them. In this case, the altered checks looked like routine, large
payments to the post office. On some, however, the office copy of the checks showed the post office as the
payee – but the bank’s copies were payable directly to the controller.

“Most internal embezzlement schemes involve someone assigned to the accounting

function.”

The controller could carry out this scam because she had two identical sets of company checks, duplicated
right down to the check numbers. She would fill out checks accurately and have the CEO (the only person
with check-approval powers) sign them. Then, on a home computer with the same check-writing software
she used at the office, she would write new checks with her name as payee. She forged the CEO’s signature
and deposited the checks. While many people assume banks will catch forgeries, actually banks cannot
routinely check individual signatures. The CPAs who performed routine audits at this company missed the
forgeries because the embezzler had a rubber stamp made with the correct clearinghouse routing numbers.
When the authorities finally closed the case, they discovered that the controller and her accomplice had
embezzled millions of dollars. Both received prison terms.

“Collusion is much more likely to occur among family members than among unrelated
employees.”

Unfortunately, accounting-department personnel carry out most insider embezzlement, because they have
opportunities to commit crimes: They order and write checks, receive and reconcile bank statements, and
prepare payrolls. They can even time their crimes. Often they commit fraud after the auditors finish one
year’s audit and before they return to begin another.

www.getabstract.com
3 of 6

LoginContext[cu=7893981,ssoId=4288689,asp=7044,subs=14,free=0,lo=es,co=PE] 2022-09-12 18:14:37 CEST

 “In our litigious society, it is becoming increasingly difficult to get an honest reference
from previous employers.”

An outside audit is not designed to discover fraud, as embezzlers may well understand. Rather, its purpose
is to provide “reasonable assurance” that your company’s books have no material misstatements as a
result of irregular activities. To help restore the public’s confidence in auditors and to uncover inaccurate
financial statements, the accounting profession issued the Statement of Auditing Standard No. 99, entitled
“Consideration of Fraud in a Financial Statement Audit.” While this rule does not hold auditors responsible
for detecting fraud, it imposes some new duties upon them to encourage clients to strengthen their internal
fraud-prevention controls.

How to Prevent Fraud

Fraud comes in many forms, but you can take steps to prevent it. First, be alert to danger signals, such as
double sets of checks or copied checks. Easily available software can scan checks and, given the right paper,
print duplicates of the originals. This same software lets users change certain fields. In one case, thieves took
an uncashed $20,000 check from a company and made multiple copies. They deposited the fake checks in
various states under the company’s name. When the checks cleared, the thieves withdrew $220,000 from
their array of fake accounts.

“Too much trust, poor internal controls, lack of supervision by supervisors, no financial
audit by independent CPAs, and the like, all create opportunity for fraud.”

Keep an eye out for ghost payroll names and ghost vendors. “Ghost” employee schemes can continue for
long periods if the organizer does not become too greedy. Your company can prevent anyone from drawing
a salary under the name of a nonexistent worker by verifying Social Security numbers, requiring direct
deposits or varying which staffer hands out payroll checks. Warning signs of payroll ghosts include checks
with few deductions and checks that are not cashed at banks. Similarly, ghost suppliers are hard to contact,
and often use post-office boxes or strange invoice numbers.

“Most embezzlements [occurred] between the time the auditors concluded their field work
for one year and return to start their field work for the subsequent year.”

Postage abuse can happen whenever the person who controls the postage meter changes the amount
of postal credit in the machine. To prevent it, give the postmaster a letter stating that no employee can
purchase postal money orders with company checks or receive any refunds – particularly not cash refunds –
for meter overpayments. Other fraud-prevention measures include:

• Make sure people outside the finance office see checks and bank statements – The most
secure method is to send statements and cancelled checks to a secure mailbox accessible only to the
internal audit committee and the CEO.
• Verify signatures on checks – Forging signatures is easy; due to the huge volume of checks
presented daily, banks cannot match them against original signature cards. The bank does not have this
responsibility; your company does.

www.getabstract.com
4 of 6

LoginContext[cu=7893981,ssoId=4288689,asp=7044,subs=14,free=0,lo=es,co=PE] 2022-09-12 18:14:37 CEST

 • Know the CPA’s responsibilities – When CPAs conduct routine audits, they are not seeking
evidence of fraud. Even when CPAs discover fraud, they often have no obligation to contact outside
authorities about the problem
• Review your fidelity bond – Is it up-to-date? Does it cover officers and directors? Is the amount
sufficient to cover losses or meet other obligations?

Taking Action

If your company seems to have been victimized by fraud, take these steps:

• Do not immediately accuse an individual of fraud – Wait until you have specific, solid evidence.
Being wrong carries huge downsides, including a possible defamation lawsuit.
• Contact an employment-law attorney – Find someone familiar with state and federal employment
laws. Terminating an employee for fraud often involves legal measures.
• Get the right CPA – Hire someone with experience in forensic accounting and fraud. This is important,
since you may need this professional to testify in court or to work with your insurance claim.
• Protect the evidence – Your entire case will be jeopardized if your original documents get lost or
destroyed.
• Keep a detailed record – Takes notes when you meet with the CPA and other involved personnel.
Fraud cases take years to get to court and notes are crucial in building a case.
• Review your fidelity bond – Find out what steps you must take and when. Be careful to review the
deadlines on filing claims.
• Have staffers sign a “Condition of Employment” agreement – This specifies individual duties
and obligations, and outlines when termination is appropriate. Such agreements often explain what will
happen in case of a fraud investigation.
• Don’t meet with a possible perpetrator in his or her office – Use a manager’s office or
conference room. The person’s office may contain evidence that could be destroyed. To preserve any
possible evidence, have two other staffers retrieve the person’s belongings and change the password on
the office computer.
• When discussing termination, always have a witness – If you are firing a woman, have another
woman in the room. If you are firing a man, the witness should be another man.

“Consider having the independent CPA pay a surprise visit...during the ‘window of
opportunity’ for embezzlement.”

Prosecuting someone for fraud often requires the skills of a forensic accountant. These specialists are
prepared to go to trial and appear as expert witnesses. Most are also CPAs, and many are Certified Fraud
Examiners (CFEs). Forensic accountants also perform investigations. While traditional accountants also can
be expert witnesses, they may lack forensic credentials.

Beware of Identity Theft

Identity theft is expensive and disruptive. Beware of it and protect yourself. Technology, such as personal
computers and camera-equipped cell phones, makes life easier for identity thieves. In one case, a man

www.getabstract.com
5 of 6

LoginContext[cu=7893981,ssoId=4288689,asp=7044,subs=14,free=0,lo=es,co=PE] 2022-09-12 18:14:37 CEST

 deposited his payroll check at his local bank unaware that the man standing next to him speaking on a
cell phone was surreptitiously using the phone’s built-in camera to take photos of his deposit slip. The slip
contained his name, address, account number and signature. The thief also photographed his paycheck,
which contained more information. By the time the man finished making his deposit, the thief had plenty of
important personal data. The thief created false identification papers and ordered new deposit slips. Using
the same bank teller, he made a few small deposits. Since he knew when the real account owner got paid, he
entered the bank after the man deposited his payroll check and calmly inquired about his account balance.
He then withdrew about $10,000.

“In the real world of embezzlement, the perpetrators rarely fit the stereotypical image of
someone capable of concocting and carrying out fraud schemes. Rather, they are almost
always someone above suspicion!”

Identity thieves can create havoc once they have your personal information. They can access your credit and
debit cards, take out auto loans, obtain new credit cards in your name, file for bankruptcy in your name and
give your name to police when they are arrested.

While identity theft is becoming more common, you can protect yourself. First, don’t use the mailbox in
front of your house to mail bills, credit-card payments or anything that includes personal information.
Thieves often steal mail directly from such unlocked boxes. Consider renting a post office box for added
security. Shred pre-approved credit card and loan applications. Don’t print your full name on your personal
checks; use an initial instead of your first name. Never print your Social Security or driver’s license number
on a check.

“You can never be sure of what is going on in someone's personal life, and desperate
people are capable of taking desperate action.”

If you write many checks, use an old-fashioned mechanical check imprinter, which makes it almost
impossible to alter the documents. Ask your bank if it has a Positive Pay service, a plan that requires
separate notification from you before the bank pays your checks. To avoid alterations, write checks with a gel
pen, which thieves cannot alter.

About the Author

Edward J. McMillan, CPA, CAE, is an experienced fraud examiner. He teaches fraud-prevention courses
to professional organizations and regularly speaks on this topic.

Did you like this summary?

Buy book or audiobook
http://getab.li/6571

This document is restricted to the personal use of IRVIN LUIS LLAVE ANGULO (irvin.llave@institutoemprendedores.pe)
getAbstract maintains complete editorial responsibility for all parts of this review. All rights reserved. No part of this review may be reproduced or
transmitted in any form or by any means – electronic, photocopying or otherwise – without prior written permission of getAbstract AG (Switzerland).

6 of 6

LoginContext[cu=7893981,ssoId=4288689,asp=7044,subs=14,free=0,lo=es,co=PE] 2022-09-12 18:14:37 CEST