Fraud Education: An Asset Misappropriation Scheme
February 12, 2020
Auditors have the opportunity to provide training to educate management on risks, controls, and fraud to help prevent and deter fraudulent activities.
As auditors, we have the opportunity to advise management and recommend internal controls to help safeguard an organization’s assets. The audit committee, senior leadership, and management view internal audit as trusted advisors to assess risks and provide independent feedback on an organization’s internal control environment. Auditors have the opportunity to provide training to educate management on risks, controls, and fraud to help prevent and deter fraudulent activities. This article is a case study about an asset misappropriation fraud scheme that occurred at the University of Missouri.
An asset misappropriation scheme occurs when the perpetrator steals or misuses an organization’s assets. One popular type of asset misappropriation scheme is a cash scheme, which includes fraudulent disbursements. A billing scheme is a common type of fraudulent disbursement and occurs when the perpetrator makes a false claim to the organization for payment. The three principle types of billing schemes are shell company schemes, false invoicing involving existing vendors, and personal purchases made with the organization’s funds.
Event: A University of Missouri employee committed various billing schemes against the university’s purchasing function. The employee engaged in false invoicing through three shell companies that the employee owned and made personal purchases using a university credit card. The employee used the embezzled funds to gamble at area casinos, purchase cars and other luxury items, buy home appliances, remodel a home, take vacations, and pay off bills.
Outcome: The employee was fired after university officials discovered the personal expenses incurred on the procurement credit card. The case was investigated by the Federal Bureau of Investigation and the Missouri State Highway Patrol. The U.S. Attorney’s Office prosecuted the former employee, who was later convicted in federal court for embezzling more than $781,000 over a 13-year period. The former employee pleaded guilty to one count of mail fraud and one count of credit card fraud. The court ordered the former employee to pay $781,000 in restitution and serve a sentence of four years in federal prison. (The United States Attorney's Office Western District of Missouri, 2016.)
The Fraud Triangle
The three elements of the Fraud Triangle are opportunity, pressure, and rationalization. All three of these elements must be present for fraud to occur; however, as these elements appear in varying degrees, the likelihood of fraud being committed increases.
Opportunity: The employee had the clear opportunity to commit fraud due to insufficient internal controls and a lack of segregation of duties. Without opportunity, fraud generally cannot occur without collusion.
- Lack of Segregation of Duties - The employee’s responsibilities included receiving bills, paying bills, performing various accounting duties, payroll, scheduling meetings, and organizing staff. As such, the employee was able to approve fraudulent invoices and bills to authorize payments for her shell companies, which were then deposited into her personal bank account.
- Lack of Accountability and Oversight - The employee was successful in using her university credit card for approximately $146,144 in personal expenses due to a lack of financial accountability and oversight. The absence of adequate employee supervision for many years and frequent changes in leadership resulted in ineffective reviews of fiscal activity.
Pressure: Individuals experience different types of pressures depending on their motivation, which is their reason to commit fraud. External pressures include having significant liabilities, a habit that may require ongoing funding, or an expectation to live a better lifestyle. Internal pressures include dissatisfaction with their job or a pressure to perform. Identifying an individual’s pressure to commit fraud can be more difficult to find as compared to the opportunity. In this case study, the university employee could have had an expectation for a better lifestyle as shown in the employee’s procurement card luxurious personal purchases. Alternatively, the employee used the procurement card to gamble at casinos and pay off bills, which may indicate a pressure to commit fraud due to having those liabilities. In many cases, the initial pressure to commit fraud is due to a financial hardship, but then changes to greed once the financial hardship has been resolved.
Rationalization: Rationalization for committing fraud is typically synonymous with justifying the fraud as being acceptable. Rationalization is often harder to identify than pressure, as this is the fraudster’s frame of mind. Some examples of rationalization may include the thought of borrowing the money and paying it back at a later time, the justification that the organization will not notice/need the missing money, or the fraudster’s chance of being caught is nearly impossible.
Fraud Deterrence and Enhancing Internal Controls
An organization has the most control over the “opportunity” to commit fraud. As such, internal audit has the opportunity to provide value-added services by recommending internal controls to management to reduce the risk of fraud. Some areas for organizations to consider to help deter fraud include:
- Conflict of Interest Disclosure - An organization should establish a process for employees to complete an annual conflict of interest statement.
- Conflict of Interest Policy - Senior leadership should periodically review the current conflict of interest policy to ensure it addresses relevant risks, including corruption.
- Conflict of Interest Training - Conflict of interest training should be provided to new employees and periodic refresher trainings should be required for relevant employees.
- Fraud Training - An organization should provide fraud training to appropriate employees, including activities that are deemed unacceptable by the organization, associated potential disciplinary actions, and possible restitution.
- Procurement Card - A supervisor, or assigned designee, should complete an expense report review, which includes purchases on a procurement card or out-of-pocket expenses. The organization’s purchasing function or internal audit department should conduct audits of procurement cards and out-of-pocket transactions to identify fraudulent and inappropriate purchases.
- Report Suspected Fraud - Employees should feel comfortable reporting suspected fraud to their supervisor, the internal audit department, or the organization’s hotline. The hotline, administered by an independent party (i.e., third party or internal audit), should be promoted to employees so they are made aware to report any suspicious activity.
- Review and Oversight - A review of expenditures for goods and services should be conducted. Additional reviews or approvals should occur for purchases over certain dollar thresholds.
- Risk Assessment - Management, in conjunction with internal audit, should collaborate during the audit planning process to identify areas of highest risk to an organization and to review and establish internal controls. In addition, internal audit should consider the possibility and impact of fraud while conducting audits.
- Segregation of Duties - Separation of duties should be established for approving transactions, recording transactions, and custody of assets. If a segregation of duties conflict exists, management should establish a monitoring and oversight process with the assistance of the appropriate department (e.g., Procurement, Accounting, Internal Audit) to reduce the risk of fraud.
- Vendor List Review - An organization’s designated department should compare employees’ names, addresses, tax identification numbers (TIN), and other information with those of vendors to identify potential conflicts of interest or fraudulent vendors.
Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning.
About the Author
Salvador Rodriguez, MBA, MS, CFE, CIA, CRMA, CCSA, CGAP, CISA, CICA, CCEP is a Director of Internal Audit at a private company. He is the former Senior Internal Auditor for Cal State LA University and has over 13 years of audit experience that includes higher education in the California State University System and Ernst & Young LLP. He can be reached at [email protected]
Fraud Education: An Asset Misappropriation Scheme