articles
Embezzlement: Are you at risk?©
By: Fred Bartz, Barry Strock, and Jack D. Harris, Ph.D.
Barry Strock Consulting Associates, Inc.
464 Pond Hill Rd
Rensselaerville, NY 12147
Tel: 518-797-3954 Fax: 518-797-5282
Email: Email Barry Strock
Website: www.strock.com
There is an unusual rash of embezzlement scandals. Newspapers report that governments and organizations small and large are at considerable risk to white collar crimes. Even regional educational organizations are vulnerable as evidenced by one NY BOCES in which $3 million dollars was supposedly taken to illegally enrich an individual�s pockets.
An employee in a small city was arrested for stealing $12,000. The more significant issue is that this former employee has now cast a cloud on all of the employees of the local government that everyone in City Hall is a crook. This is an unwarranted allegation.
How can managers, elected officials, and citizens help stop this dishonesty? Although technology could be the tool of modern embezzlers, there are many other questions that need to be asked and examined before focusing on the pure technology-related issues.
Without being cost-prohibitive, the large accounting firms cannot audit every transaction in every department of a government. This results in a limited sampling of accounting data, and the accounting audit sometimes does not often involve a careful and deliberate audit and analysis of process and cash controls of all of the many accounts processed throughout an organization. Surprisingly often found are what is commonly called, "cigar box" financial systems, wherein, there are no records, but just a box where money is deposited and withdrawn. One municipal water and village administration had literally a cigar-box and a yellow pad to record all transactions. All cash inputs went into the box, and all disbursements were paid out from the box. When asked how they reconciled the box, it was revealed that for 190 years there has always been money in the box, therefore, the books must be balanced. [Shockingly, this was actually discovered in a large village in New York State].
While many municipalities profess to follow GFOA and GAAP standards, too many of them have loose controls that make them subject to embezzlement and fraud. Some examples that we have witnessed: Checkbooks that are not accounted for in the general ledger, revenue receivers reconciling their own drawers, treasurers collecting cash, making their own deposits, and making their own journal entries, and payroll clerks printing checks and electronically signing them without careful oversight.
Of course, in each of these cases, deliberate accounting principles need to be applied. But the clever embezzler will require vigilance through more indirect methods of discovery. In what follows, we provide a list of several conditions that should raise warning flags, and several procedures that will discourage even the most vicious and persistent embezzler:
1. NEVER LET ANYONE IN THE ORGANIZATION NOT TAKE VACATIONS. It is common to see key financial processing people who are overworked and always having to postpone their vacations. For the health and happiness of the employee as well as the health and happiness of the organization, no one should become so indispensable to preclude them from taking vacations. Be sure the person who takes the required vacations does NOT tell everyone to leave his or her work undone until he or she returns. [This is a giant red flag that not only this person is the one person able to do the task at hand, but that there could be more to their control than just doing tasks]. This is a clear opportunity to let the fox have the keys to the chicken coop without establishing checks and balances. No one in an organization should be indispensable, especially the person with 25 years of experience. It is the obligation of management to ensure that no one person is the only person controlling money or posting of transactions. For example, it is ridiculous to allow the building permit staff to both issue building permits and then collect the money. Similarly, a single person in Parks and Recreation staff should not be permitted to both register people for classes and to collect the money.
2. WHOEVER AUTHORIZES DISBURSEMENT CANNOT RECONCILE. Whoever authorizes disbursement [i.e., writing checks, authorizing electronic transfers, transferring money, etc.] of any checking account, savings account, money market, or investment accounts cannot have the ability to reconcile their corresponding statements. In one case, a clerk was writing checks in varying amounts of about $2,000 each month to herself every month for hundreds of months [approximately, $2,000 per month for 240 months, equals $480,000 over 20 years]. When time came for her to reconcile the checkbooks, she would shred her canceled checks and show the books to be balanced. The culprits can be fiscal officers down to the lowest paid clerks -- no one is immune from the temptations of stealing.
3. ALWAYS HAVE A UNIVERSAL DOUBLE ENTRY ACCOUNTING OF ALL MONEYS COLLECTED. In one case there was a clerk in the water department who collected money from contractors who would dutifully mark the giant paper ledger indicating that the contractor had paid his tap fees or other fees. Unfortunately, no one ever reconciled the ledger with the money in the bank. This resulted in a one million dollar embezzlement over ten years.
4. LOOK FOR REVENUE PATTERNS. Someone should be checking for consistent and inconsistent patterns. For example, if on the average, parking tickets yield normally $30,000 in the month of April and the average revenue during one April were half that amount, then someone should be aware to ask why the revenues are so low. There may be logical reasons such as heavy snow fall or extensive street repairs, etc.
5. NOTHING IS TOO SMALL TO OVERLOOK. Governments are usually large revenue driven operations. What if an accountant were to tell the City Manager that the books were balanced to within 99.5% accuracy? One could think that may be good. But, if the accountant were auditing a $150 million dollar budget, then a .005% margin of error would yield a $75,000 opportunity for embezzlement for one year and $750,000 over ten years, and $1.5 million over twenty years. One and a half million dollar retirement fund is not bad for a twenty year employee who may believe that she/he has been underpaid and overworked for twenty years. [It is shocking to learn that many of these scoundrels are so arrogant that they take their millions and put them in auditable checking accounts, savings accounts and stocks.] We know of one city wherein the CPA from the accounting firm believed that .005% was not �materially significant� when dealing with a $150 million dollar budget.
6. MAKE A MODEL PUBLIC DENOUNCEMENT OF EVERY INFRACTION. A fiscal officer of a medium sized city was also the data processing manager, the purchasing and accounts payable guru, the payroll and the auditing manager. It was not surprising that this person was buying �X� million dollars a year in computers, but only had on hand, about 1/2 �X�. When the disclosures were made to the Mayor and City Council chairperson, they responded that they would change this person�s titles and make sure this possible embezzlement ceased. Since they did not prosecute the individual, they had immediately sent the grapevine message that they would condone irregular behavior. There must be a clear-cut SEPARATION OF DUTIES.
7. DON�T LET ANYONE BE THE ONLY PERSON TO KNOW SOMETHING. Sometimes there is only one person who knows how to do something. Look out for an employee or manager who insists that their duties or functions cannot be performed by or shared with others; hence, when they are out, or not present, their functions stop and resume only when they return. Look out when only one person knows how to prepare financial reports. Look out for long tenured employees who are overly protective or secretive of their work [i.e., with such statements as �this is my area, and you cannot be here�, �these reports are too complex for you to understand�, etc.] Look out for a person who frequently assumes financial duties in areas outside of their own work. No public entrusted entity should make themselves so vulnerable to let only one person be the only person who knows something. Unfortunately, in organizations [public or private or small or large] there are too many lazy people. I had worked in an organization where there were dozens of small tasks which required deliberate attention to detail. Since I was responsible for the final reporting of the information, for the sake of expedience, I slowly asked people if they would let me do their job. Over time I did the majority of all of the fiduciary and statistical tasks related to the management of a $100 million dollar operation. Fortunately, I had no larcenous tendencies, but, now as a consultant and working on the other side of the process, I realize that my innocent taking over of other people�s work made me into a prime candidate to do mischief.
8. ASSUME ANYONE IS OPEN TO DISHONESTY. With the every increasing pressures and stress at the workplace and at home, it is no surprise that some of the most outstanding people can be tempted and go astray. It may be that a twenty-five year employee who was the most honest and diligent employee for twenty years. However, the last five years could have been a short period in their life where stress forced them to be a wee-bit dishonest.
9. UNUSUAL AND EXPENSIVE PURCHASES. One example of this problem would be the $30,000 a year clerk who drives a Corvette and has a million dollar home. Some people believe that it is not the business of the employer to know how a person pays for expensive new toys. However, as a public servant, conspicuous purchases should raise the concern of any responsible official.
10. HOLD MANAGEMENT RESPONSIBLE. If a fiscal officer delegates tasks to a lower level employee, he/she should be equally held responsible for illegal acts perpetrated by the lower level employee. Delegation of tasks should not imply or result in delegation of all responsibility and accountability.
11. STATUS QUO. In one city a quarterly sale of surplus items and lost and found items. The person in charge of the operation was loading five bicycles into his car. When asked what he was doing, his reply was that it was the custom that anyone who works on the quarterly sale was entitled to take his/her choice of the best items. So the person received overtime for working on Saturday, plus free bikes. If this behavior is condoned, then where is the line of ethics?
12. ACCOUNTABILITY PROCEDURES MUST BE IN PLACE. Accountability procedures are a good first step in discouraging mischief. For example, when books of parking tickets are given to an officer, the officer must be accountable for every ticket in their book, and there must be an independent procedure to keep track of the tickets issued, voided, or in the collections process. Found in one police department were thousands of dollars in cash and personal checks stapled to parking tickets -- years worth of stapled monies! One does not need to be a rocket scientist to figure out what was happening, but, it was confusing to see the money and seven year old checks uncashed.
13. FORMATTED CHANGE ORDERS. In those governments where purchase orders are utilized, it is not uncommon that if there is a $1,000 limit afterwhich bidding is required, sometimes people get a $999 purchase order and have five $999 change orders. With one government, a formatted change order form was instituted wherein for the ten most common reasons for a change order, formatted boxes could be checked. Prior to this innovation, many people had scribbled unintelligibly the phony reasons for a change order. Subsequent to this innovation, change orders were reduced by 70%.
14. INDEPENDENT CONFIRMATION OF REVENUE AND EXPENDITURES. There must be an independent confirmation of revenues and expenditures. In one case the fiscal officer had been choosing the auditor each year. Since the fiscal officer was absconding with funds, it was curious how all of the other responsible auditors could never get to win the audit contract. Sometimes, it may be of value to consider an auditor of the auditor. It is always of value to look at the bank statements to verify that the money listed in the reports balances with the money the bank seems to have in their accounts.
15. REASONABLE EXPLANATIONS OF FAILURE TO MEET BUDGETED FINANCIAL OBJECTIVES [i.e. revenues or expenditures]. It should be a red flag if an individual refuses to give a reasonable -- and written -- explanation as to why revenue is either reduced or expenditures are increased. There should be routine analysis of revenue and expenditure projections with corresponding longitudinal statistical analysis of the past five years. It is especially valuable to have comparative line or column charts. Graphics permit quick and visual identification of significant aberrations. Look out if someone has hostile responses for requested information. It may be the person is just overworked or annoyed. However, it may also be that the person is covering up something. One fiscal officer refused to provide five years of historical data processing purchases. He tried every trick for procrastination that was possible. He even alleged that the consultant and the CPA were not sufficiently intelligent to understand his sophisticated financials. Fortunately, through surreptitious means, the records were uncovered, and the reasons for his behavior were plan to understand. He was a crook!
16. MAINTAIN RECORDS. If financial records management activities are being undertaken, it is important not to destroy possible evidence for a possible trial of money mismanagement.
17. INSIST ON TIMELY WRITTEN FINANCIAL REPORTS. It is imperative that management require timely and written financial reports, prepared by internal staff and/or external auditors. When individuals in an organization insist on verbal reports, a red flag should be raised. The timely factor is an interesting one. One city had a clerk that routinely had provided for detailed financial reports on the third day of the month, each month. Then, it was submitted on the ninth day of the month, and then on the twentieth of the month. Over time the reports were not being submitted monthly, but only nine months a year. The missing three months went into the clerk�s private accounts! There must be written reports and they must reconcile with monthly bank statements. If the money is not in the bank, then there is good reason to believe that it is missing!
18. MAKE SURE THAT REVENUES ARE CAPTURED WHEN PAID. All revenue entry, whether it be tax bill collection, receipting of licenses and fees, collection of utility payments and the like must be entered systematically into point of sale [POS] capture workstations utilized at the instant a taxpayer or customer pays money to any government employee. Petty cash should also be subject to cash controls that require daily reconciliation. Such workstations have the virtue of tracking every transaction, identifying the cashier and balancing the cash drawer, and check validation and receipting. This makes reconciliation of cash receipts an efficient process while protecting government from theft. The use of lock-box receipting prevents easy thievery by using receipting controls by agents such as banks, and controlling journal entry via ACH processing. In one municipality, the use of a video camera pointed at the cash stations significantly discouraged attempts to embezzle money during transactions.
19. VIRTUALLY ALL EXPENSE PAYMENTS SHOULD BE PROCESSED THROUGH COMPUTER CHECKS OR PROCESSED ELECTRONICALLY. Multiple checking accounts that are not accounted for regularly in the general ledger are a potential source of significant embezzlement. Modern computer-based accounting systems allow convenient printing of even single checks to a laser printer. With the exception of specific funds that require a separate cash account (such as an electric utility enterprise fund), as much as possible should be passed through a central cash account using due-to or due-from functionality to post transfer transactions from multiple funds. Funds-transfers can easily be accomplished through ACH processing and electronic transfer so that expense checking accounts such as payroll and accounts payable can be kept at zero balances until expenditures are approved and ready for payment.
20. CONTROL YOUR PASSWORDS. Technology provides for electronic signature without the use of a signature cartridge. The use of a secured PIN number to authorize check signing is a very weak link if someone discovers the signatories PIN number. This also impacts electronic approval of requisitions and purchase orders. A stolen PIN number can result in collusion between vendors and the corrupt employee. Thus, there should be vigilance by department heads, comptrollers, and managers that checks, purchase orders, and refunds are being released to properly authorized parties.
21. WATCH YOUR CHECK STOCK. Laser printers can transform plain paper stock into handsome purchase orders, invoices, and checks. Check stock can be an attractive tool for the embezzler. To discourage this behavior, build your controls into the check stock. One of our clients chose multiple security features to make its checks theft and tamper proof. They chose to use control paper that is not sold in the open market, an artificial watermark, faint diagonal lines on the back of the check to prevent cut and past, a �void� pantograph that revealed itself in a photocopy, chemically protected paper to prevent lifting the signature or amount, and an inventory number pre-printed on each check to discourage theft.
22. BE POSITIVE THAT YOUR CHECKS ARE BEING CASHED FOR THE AMOUNTS THAT YOU INTENDED. Positive payroll and positive payables prevents changes to check amounts that lead to fraud by notifying banks in advance of payroll or accounts payable cashing of the amounts that have been authorized for payment. Having check stock that is tamper-proof also discourages fraud, but a less vigilant bank employee may miss the telltale signs of tampering.
23. NICE GUYS MAY BE THE BAD GUYS. Ironically, the nasty people may be the good guys. Do not assume that nice people are good guys and nasty people are bad guys. Dishonest people may actually be so sweet and passive that no one would every think of them as criminals. If you were acting as a thief, would it be wise to be the old curmudgeon who is crusty and complaining or the nice helpful person? Don�t make any assumptions about people until there is evidence to suspect someone of some wrong-doing. Looks can be very deceiving.
24. REDUCE TEMPTATIONS. One municipality had two loyal and dedicated men who have been collecting money from the parking meters for at least two decades. Although these men earn slightly over the minimum wage, they are each literally carrying metal buckets each day brimming full of quarters, dimes and nickels -- totaling $20,000 per day, or about $1.3 million dollars a year. They men open each meter manually and empty the money into the into small metal buckets, after which they then empty the coins into a large metal trash can. Their next step is to take the money to the bank to count it themselves.
Although there is no allegation that either man is embezzling money, it is inappropriate for management to provide such temptation. If the City, with a population of about 100,000 residents, were to retrofit every parking meter to accommodate a lock-box form of collections wherein the money is never seen by the collectors, this would be most useful.
Many of the new parking meters can also utilize smart cards wherein patrons can pay in advance for so many minutes of parking and the balance is deducted from the smart cards. In this case management will be investing about $300,000 to retrofit the parking meters, which over a five year life cycle will net out to only $60,000 a year or 4.6% per year -- not a significant sum to manage the collection of $1.3 million dollars annually.
25. BLAME TECHNOLOGY. One of the clear advantages of technology is that most people, especially the mischievous, often project their dishonest character onto the possibilities of technology. Technology often is a weapon that permits un-earthing of mischievous deeds. However, technologists are the modern sleuths. Technologists too often become the technology gurus who �know-it-all�. They may say, �I will take care of it� or say �don�t worry, I will make sure the computer knows,� or they become the sole knowledge base of how information is captured and retrieved. Thus, at the time of bringing in technology innovations, be sure that non-technologists are managing the process and the security access codes. Also, be sure that fiscal detail-oriented bean counters are very involved in the set-up and the transfer to the new technology.
Very often we have found that utility conversions unearth the fact that customers have been erroneously charged for decades. The errors could be as major as wrong rates, to as minor as rounding of pennies each month. The people who are the trusted bean counters are too often discarded in the conversion process. This discarding could be a fatal blow. Many of these bean counters may be so fastidious that they are a pain. However, management, not the technologist, should determine whether the bean counter is trying to protect their old tedious task-based job, or whether this person has the legitimate concerns of their employer. Maintaining the integrity of the system is most critical to the survival of an organization.
When one realizes that all of the viable audit trials are linked to the little computer black box, it become clear that it is imperative someone in management must entrusted with:
- routine daily back-ups off site
- routine independent auditing of the system by outside auditors
- highest level security access to be shared with the CIO, CFO, and the CEO.
- defined steps to change security codes when a person leave the employ
- secure access of back-up data, source, and systems documentation
Never allow only the technology department or the finance department computer access to records. With a reasonable audit trail, upper management or their designated representative must have access to all financial records. Computers can encourage larcenous temptations. When we find that only the IS director can �really� secure all of the required information -- this is a giant red flag. The electronic database must be more secure than the paper databases and it must be [within the reasonable security clearances] fully accessible by key management professionals. Management cannot be at the mercy of the CIO, CFO, or any other individual who is the only person who both understands the system or who is the only one who knows how to get valid information.
In conclusion, good information management protects the fiscal health of a local government, and protects the integrity of its employees. The computer can be a vehicle for effective security controls, or it can be the gateway to an embezzler�s paradise. Computer software has yet to embed the intelligence wrought from a careful understanding of the weak management and human desire that can result in compromised work flow, sloppy cash handling, concealed transactions, and opaque rather than transparent financial reporting. A vigilant management that uses the computer as a tool to reinforce fiscal security will lead to citizen confidence in the accountability and integrity of local government.
Barry Strock is President of BSCA, Inc., co-author of THE MUNICIPAL COMPUTER SYSTEMS HANDBOOK, and consults and conducts workshops and seminars worldwide about management and technology issues..
Fred G. Bartz is Chief Fiscal Specialist for BSCA, Inc. Prior to working for BSCA, he was the Finance Director and Tax Collector for the City of Schenectady. He still volunteers his time in an advisory capacity to the Mayor. He also serves on several not-for-profit boards. His fiscal experience began in the Commercial Banking sector and includes certificates awarded by the American Institute of Banking.
Jack D. Harris, Ph.D. is National Director of BSCA, co-author of THE MUNICIPAL COMPUTER SYSTEMS HANDBOOK, and a Professor of Sociology. He is a Strategic Information Technology Consultant and an expert in management organization.
See BSCA Inc.'s Profile on Experts.com.
©Copyright 2005 - All Rights Reserved
DO NOT REPRODUCE WITHOUT WRITTEN PERMISSION BY AUTHOR.