The asset misappropriation schemes like skimming, larceny, register schemes, and cheque tampering—all require the scheme’s perpetrator to physically take cash or cheques from his employer. The next three sections will cover a different kind of asset misappropriation scheme, one which allows the perpetrator to misappropriate company funds without ever actually handling cash or cheques while at work. These schemes succeed by making a false claim for payment upon the victim organisation. This group consists of billing schemes (which attack the company’s purchasing function), payroll schemes, and expense reimbursement schemes. The most common of these is the billing scheme.
Billing schemes are a popular form of employee fraud mainly because they offer the prospect of large rewards. Since most businesses’ disbursements are made in the purchasing cycle, larger thefts can be hidden through false-billing schemes than through other kinds of fraudulent disbursements. There are three principal types of billing schemes: false invoicing via shell companies, false invoicing via nonaccomplice vendors, and personal purchases made with company funds.
Invoicing Via Shell Companies
Forming a Shell Company
Shell companies are business entities that typically have no physical presence (other than a mailing address), no employees, and generate little, if any, independent economic value. Shell companies are not necessarily illegal or legitimate, but for the purposes of this text we will assume that shell companies are formed for committing and concealing fraud. They might
be nothing more than a fabricated name and a PO Box that an employee uses to collect disbursements from false billings. However, since the cheques received will be made out in the shell company’s name, the perpetrator will normally also set up a bank account in his new company’s name so he can deposit and cash the fraudulent cheques. (See the “False Billings from Shell Companies” flowchart that follows.)
A person will probably have to present a bank with a certificate of incorporation or an assumed-name certificate in order to open a bank account for a shell company. These are documents that a company must obtain through the government. The documents can be forged, but it is more likely that the perpetrator will simply file the requisite paperwork and obtain legitimate documents from the relevant jurisdiction. This can usually be accomplished for a small fee, the cost of which will be more than offset by a successful fraud scheme.
If it is discovered that a vendor is falsely billing a company, investigators for the victim company might be able to identify the suspect company’s owner by reviewing its business registration filings, which are a matter of public record in many countries.
To avoid being detected through a records search, some perpetrators form their shell companies under another name. It is common, for instance, for employees to set up shell companies in the name of a spouse or other close relative. Male fraudsters often establish shell companies under their wives’ maiden names. An employee might also form the company under a completely fictitious name.
An employee used a colleague’s identification to form a shell vendor. The fraudster then proceeded to bill his employer for approximately $20,000 in false services. He deposited the resulting cheques in the shell company’s account and withdrew currency through an ATM.
Another issue involved in forming a shell company is the entity’s address—the place where fraudulent cheques will be collected. Often, an employee rents a PO Box and lists it as his shell company’s mailing address. Some employees list their home address instead. A comparison of employee addresses to vendor addresses might reveal shell companies in an accounts payable system.
A department head set up a dummy company using his residence as the mailing address. Over a two-year period, this man submitted over $250,000 worth of false invoices. Eventually, a newly hired clerk detected the scheme. The clerk was processing an invoice when she noticed that the vendor’s address was the same as her boss’s address. (By a lucky coincidence, the clerk had typed a personal letter for her boss earlier that day and remembered his address.) Had the department head used a PO Box instead of his home address on the invoices, his scheme might have continued indefinitely.
Employees often use their home addresses to collect fraudulent disbursements because many businesses are wary of sending cheques to vendors that have a PO Box for a mailing address. Other common collection sites for shell company schemes are the addresses of relatives, friends, or accomplices.
Submitting False Invoices
Once a shell company has been formed and a bank account has been opened, the corrupt employee begins billing his employer. Invoices can be easily generated on a personal computer. False invoices do not have to be of professional quality to generate fraudulent disbursements.
Self-Approval of Fraudulent Invoices
The difficulty in a shell company scheme is not usually in producing the invoices, but in getting the victim organisation to pay them. Authorisation for the fictitious purchase (and therefore payment of the bill) is the key. In a large percentage of shell company cases, the perpetrator is in a position to approve payment on the very invoices he is fraudulently submitting. The duties of preparing and approving vouchers should be separated to avoid this kind of scheme.
In companies where a proper separation of duties exists, the employee with approval authority sometimes creates fraudulent vouchers or purchase orders and forges the signature of the person who is in charge of preparing these documents. Then the perpetrator approves payment on the fraudulent vouchers he has generated. This makes it appear that two employees have signed off on the voucher as mandated by the victim organisation’s controls.
Not all companies require the completion of payment vouchers before they will issue cheques. In some enterprises, cheques are written based on less formal procedures, such as the submission of “cheque requests.” These requests simply list the payee’s name, the amount to be paid, and a brief narrative stating the reason for the cheque. Obviously, this is not a very sound procedure for preventing fraud. Dishonest employees have little trouble running shell company schemes in organisations that operate this way.
If an employee cannot authorise payments himself, the next best thing is if the person who has that authority is inattentive or overly trusting. Negligent supervisors are often targeted by unethical employees. In some cases, supervisors are attentive to the purchase orders they are asked to authorise, but they lack the technical knowledge to spot fraud as it is happening.
For instance, a manager or administrator might not completely understand the costs associated with upgrading computer software to modernise a work area. This manager will have to rely on his subordinates who have the necessary technical expertise to determine that costs are being kept in line. The subordinates might be able to take advantage of this situation to cause the company to overpay for the equipment required to upgrade the system.
Reliance on False Documents
When an employee does not have approval authority for purchases and does not have the benefit of a negligent supervisor, he must run his vouchers through the normal accounts payable process. The success of this kind of scheme depends on the apparent authenticity of the false voucher he creates. If the perpetrator can generate purchase orders and receiving reports that corroborate the information on the fraudulent invoice from his shell company, he can fool accounts payable into issuing a cheque.
Collusion is a type of fraud where two or more individuals agree to commit an act designed to deceive or gain an unfair advantage. Collusion among several employees is sometimes used to overcome well-designed internal controls. For example, in a company with proper separation of duties, the functions of purchasing goods or services, authorising the purchase, receiving the goods or services, and making the payment to the vendor should all be separated. If this process is strictly adhered to, it will be extremely difficult for any single employee to commit a false-billing scheme. But if several employees work together, they can overcome the internal controls of their employer.
A warehouse foreman and a parts-ordering clerk conspired to purchase approximately
$300,000 worth of nonexistent supplies. The clerk initiated the false transactions by obtaining approval to place orders for parts he claimed were needed. The orders were then sent to a vendor who, acting in conjunction with the two employee fraudsters, prepared false invoices that were sent to the victim company. Meanwhile, the warehouse foreman verified receipt of the fictitious shipments of incoming supplies. The perpetrators were therefore able to compile complete vouchers for the fraudulent purchases without overstepping their normal duties.
Even if all internal controls are observed, at some point a company must rely on its employees to be honest. One of the purposes of separating duties is to prevent any one person from having too much control over a particular business function. It provides a built- in monitoring mechanism where every person’s actions are in some way verified by another person. But if everyone is corrupt, even proper controls cannot prevent fraud.
Purchases of Services Rather than Goods
Most shell company schemes involve the purchase of services rather than goods. The primary reason for this is that services are not tangible. If an employee sets up a shell company to make fictitious sales of goods to his employer, these goods will obviously never arrive. By comparing its purchases to its inventory levels, the victim organisation might detect the fraud. It is much more difficult for the victim organisation to verify that the services were never rendered. For this reason, many employees involved in shell company schemes bill their employers for things like “consulting services.”
In most shell company schemes, victim organisations are billed for completely fictitious purchases of goods or services. However, there is a subcategory of shell company schemes in which actual goods or services are sold to the victim company. These are known as pass- through schemes.
Pass-through schemes are usually undertaken by employees in charge of purchasing on the victim company’s behalf. Instead of buying merchandise directly from a vendor, the employee sets up a shell company and purchases the merchandise through that fictitious entity. He then resells the merchandise to his employer from the shell company at an inflated price.
A department director was put in charge of purchasing computer equipment. Because of his expertise on the subject and his high standing within the company, he was unsupervised in this task. The director set up a shell company in another province and bought used computers through the shell company, and then turned around and sold them to his employer at a greatly exaggerated price. The money from the victim company’s first installment on the computers was used to pay the shell company’s debts to the real vendors. Subsequent payments were profits for the bogus company. The scheme cost the victim company more than $1 million.