911 Calls

Imagine.

You return from a vacation, happy, rested.  You enter your house  immediately recognizing that something is not right.  As you continue into your home you begin  to see the signs of an intruder.  A space on the desk…there was a computer monitor in that space when you left…what else did they take from you?  You make your way to the phone and you dial 911- for all you know they could still be there- and you leave the house until the police arrive.

They search the house, and inform you that it’s safe to return.  They advise you to create a list of what has been stolen so that you can  file a claim with your insurance company.  However, they let you know, your belongings will likely never be recovered.

“How did this happen?”,  you ask yourself out loud.  The policeman then tells you what you should have done to prevent the violation on your home and your sense of safety.  The entry point was a window with a lock that was not criminal proof.  The lights were set to timers that went on and off at the same time every night.  The ADT sign was just a sign, not a security system.  You cancelled your paper, but there were still throw aways that were delivered.  Your trash cans did not go out on trash day.  All signs of an empty house, an easy target.  And then he adds, “If people spent the energy to prevent their homes from looking empty up front, they could avoid losses and this sense of angst.”

Or, imagine this…

You’re walking down the stairs of your house, ready to start your day and you feel a “pang” in your chest.  A big pang.  And then this pain in your left arm.  You know the signs of a heart attack, but could this really be happening?  You aren’t even 60!  You feel clammy, sweaty…maybe if you just sit down it’ll pass?  But that “pang” hurts, so you make your way down the stairs to the phone and dial 911.

At the hospital they tell you you’ve suffered a minor heart attack, and your heart shows signs of damage.  You’ll recover, but major lifestyle changes are required if you want to really live.  You’ll have to lose that extra 40 pounds, cut out saturated fats, reduce your cholesterol, reduce your high blood pressure, etc.  Basically, you haven’t been paying attention and, while you’ll recover, you’ll never be the same as you would have been had you paid attention in the first place.

And finally, imagine this…

You are a small business owner.  You have only 4 or 5 employees, so it’s impossible to completely segregate their duties.  In any event, they are all like family.  You trust them implicitly.  But times are not as good as they used to be, and money is tight.  In an effort to lower expenses, you find yourself looking a little more closely at expenditures…and then you see it.  A little bit here, a little bit there…”Betty” your loyal employee who you trust implicitly has been stealing in incremental amounts that individually were so small but in the aggregate add up to a significant amount.

You make your “911” call- to a Certified Fraud Examiner.

Just like the homeowner, you feel violated…but worse since you know the perpetrator and you trusted them.  Just like the homeowner, you ask, “How did this happen?”.  The CFE tells you exactly what the policeman told the homeowner.  The cash is gone.  It won’t be recovered.  They will tell you exactly how it happened.  But, if the energy had been spent upfront on prevention you could have avoided the losses completely.

Just like the heart attack victim, you can’t believe that it is happening.

But believe it.

The 21012 Report to the Nations on Occupational Fraud and Abuse will be released in July.  Of note to the small business owner:

  • Occupational fraud is a significant threat to small businesses. The smallest organizations  suffered the largest median losses. These organizations typically employ fewer anti-fraud controls than their larger counterparts, which increases their vulnerability to fraud.
  • The presence of anti-fraud controls is notably correlated with significant decreases in the cost and duration of occupational fraud schemes. Victim organizations that had implemented any of 16 common anti-fraud controls experienced considerably lower losses and time-to-detection than organizations lacking these controls.
  • The longer a perpetrator has worked for an organization, the higher fraud losses tend to be.
  • Survey participants estimated that the typical organization loses 5% of its revenues to fraud each year.

Are you running your business like an emergency room or a 911 call?  Do you think it’s time to start paying attention to the strategies and choices that would eliminate those responses in the first place?  The starting place is having a true understanding of what internal controls are operating and effective in your organization.  You will not achieve your business objectives without a system in place that works.

Don’t dial 911…call me at 949-887-3820 and let’s talk about your internal controls!

Leave a comment

Filed under Uncategorized

So You Don’t Believe Fraud Could Happen in Your Business? Read On!

Let me introduce you to Ms. Evelyn Reynolds. 

Most likely you have not heard of her.  What makes Evelyn noteworthy is that she embezzled over $100,000 from a children’s charity for her own personal use over a period of less than 10 months.

No One Could Believe It- Not Her!

Evelyn was a loyal and faithful employee who worked directly for the COO of a prestigious non-profit organization in Chicago.  She had an excellent work ethic, went above and beyond the call of duty, she was viewed as a friend by her co-workers and a dependable employee by her supervisors.  She was honest and trustworthy and had terrific performance evaluations that reflected how highly she was regarded.

After she had worked for the non-profit for about a year, her personal life started to collapse.  She became divorced from her third husband,  which caused financial and emotional strain.  She was no longer able to provide for her kids as she had in the past.

As her stress mounted, she began to feel as if she was underpaid given how hard she worked for the organization, and she started to recognize small ways she could take from the non-profit without anyone knowing the difference.

She Recognized Weaknesses in Controls and Seized Opportunities

Because she was the assistant to the COO, she had access to petty cash, she was an authorized user of the organization’s credit card, she approved her own timecards, and more.

Small Amounts in Several Areas Added Up Over Time

 

  •   Because she worked directly for the COO, she was given the authority to approve her own time cards.  Each pay period she added a few hours.  Over the ten months, this amounted to $14,000.
  •   As the COO’s right hand person, Evelyn had the ability to request disbursements to needy families.  She created false applications and support for payments to her own children (who had different last names as she had remarried), diverting thousands of dollars directly to them.
  •   She was responsible for the accounting of unexpected donations and she had authorization to direct the bank to pay vendors directly.  She would deposit the money, simultaneously record a journal entry to reverse the deposit so that it would look like an error, and then direct the bank to transfer the funds to her account with       support that she fabricated to make it appear as if a vendor was being paid.
  •   Petty cash, her responsibility, was looted in the amount of $400.

How Could They Have Let This Happen?

Minimal Controls and even less supervision.  The organization was shocked because they truly believed that a fraud of this magnitude would never happen to them.

Could They Have Prevented This?

Simply put, strong internal controls that were monitored would have stopped Evelyn.  The key is to institute internal controls that provide reasonable assurance that fraud can be prevented or detected quickly.

What Happened to Evelyn?

Nothing really.  She was fired.  She had mailed some of the checks across state lines so she was charged with mail fraud.  But ultimately she did not serve jail time and she did not make restitution for her theft.

Which is a really great reason to make sure and do background checks on all employees, because Evelyn is on the job market!

3 Comments

Filed under Uncategorized

Scam Alert- Tell your Kids!

Microsoft has an alert out to watch for a scam targeting players of the game Call of Duty: Modern Warfare 2 on Xbox 360.

The hugely popular online game has a messaging system that is being used for “phishing attempts”.

Phishing messages are designed to steal your identity. They ask for personal data, or direct you to websites or phone numbers to call where they ask you to provide personal data. In this case, the messages are coming through the game’s messaging system so, unless you too are playing these games, the message is going to go to your kids!

What does a phishing message look like?

Phishing messages take a number of forms:

  • In this case it is likely to appear as if it is coming from Microsoft.
  • They might ask you to make a phone call. Phone phishing scams direct you to call a phone number where a person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data.
  • They might include official-looking logos and other identifying information taken directly from legitimate websites, and they might include convincing details about your personal history that scammers found on your social networking pages.
  • They might include links to spoofed websites where you are asked to enter personal information.

    But, you might be thinking, it’s my kid, what could he do?

    Well, my one of my sons just bought a Map Pack with a credit card so if he got a message telling him that he input his number wrong and to please call with a current card….he might be fooled!

    But, not anymore, because he’s been warned!  (and we took the entire box away but that’s another blog!)

Leave a comment

Filed under Phishing, Uncategorized

Really Bank of America?

Well, this is sort of a deviation from what I thought I was going to post, but it’s still relevant and since it happened only minutes ago very current!

I’m the Treasurer for a non-profit organization.  Today I received a message on my home phone from Bank of America, which is where our accounts are held.  This is the message:

“Hi.  This is Darren (no last name) from the Bank of America.  Some information that you reported on your W-9 bounced back to us and we need you to call and confirm your Federal Tax ID.  If you call and get a message you can leave the information on our answering machine.  Thank you, have a great day.”

Well, that’s an odd message.  We’ve been doing business with them forever, and we complete the same W-9 form every year.  In fact, I have only one W-9 and I’ve been sending the same one to all requestors all year and nobody else has called and said there were any problems.  Hmmmmm.

So, I look at the Caller ID.  It’s Out-of-Area.  That’s weird too because when they call to sell me a mortgage their name shows up (that’s how I know not to answer the phone!).  So, I call the number.  It’s a machine that does not say, “you’ve reached Bank of America” it says “you’ve reached the processing center…please input your account number so we can better serve you”.  Wow.

So, I input “0”, and someone picks up and she also does not introduce herself as a Bank of America employee.  I explain the message that I received and my complete disbelief that if this really was the Bank of America that anyone in the financial services industry would seriously be asking these questions over the phone or expecting that they would be responded to.

She explained that Bank of America acts as processors for other institutions and therefore they don’t say their name on the phone because someone could be calling who is a customer from another bank.

And then she asked me for my taxpayer identification number!  I explained that she would need to mail me the request, and that I had no intention of providing that information over the phone.

So, now I’ll wait for the letter in the mail!  And the scary thing is, I actually think that was a legitimate call from the Bank of America, and I can’t believe in these times that it was made!

Leave a comment

Filed under Uncategorized

Stolen Corporate Identity: What is It and Could It Happen to You?

Almost 100% of the time when I mention that I focus on Corporate Identity Theft and its prevention, I get a blank stare.

Everyone understands Personal Identity Theft.  That’s when someone gets your personal information and is able to execute transactions in your name, usually damaging your credit in the process.

We’ve all heard about people spending months trying to prove who they are, and who they are not.

With all the focus on individuals, however,  we are ignoring that a new thief has moved into town and he’s successfully targeting companies-he’s the Corporate Identity Thief!

Corporate Identities are being stolen, it’s a growing problem,  and it’s troubling how little owners, executives, attorneys and advisors know about it.  In order to prevent it, you need to know about it.

There are so many different ways to perpetrate corporate identity theft, and new scams being developed daily.  No matter the method,  the end the result is the same- loss of assets and loss of reputation.  It’s a very real problem and, until large and small businesses take an active role in protecting their identities, brands, and images, thieves will be on the lookout for opportunities to exploit those weaknesses.

This month I will be focusing on some of more common methods used to steal the identities of businesses and the controls that can be put into place to avert the risks to your assets and your reputation.

Leave a comment

Filed under Uncategorized

Be Wary of Emails Involving Financial Matters!

Recently a client forwarded me an email he had received from his bank informing him that, as he had requested, his password for making remote deposits had been changed.  The email contained  his new password.  He had forwarded the email to me without comment on a Sunday night.  I called him on Monday morning to let him know that I had received his email, and I asked him why he had changed his password.  He didn’t…he thought I had and that was why he had forwarded the email to me.  Well, I did not request the change either, so I asked him to to instruct the Accounts Receivable clerk to not make any deposits until I called the bank when they opened.
This email looked very real.  It had the bank’s logo and it was “signed” by a person from their corporate offices, not their local offices,  that I have had conversations with.  What was odd, however, was that although the email was dated 1/9/11, it was not received via email by my client until 3/12/11.
I called the local branch of the bank, spoke with the Operations’s Manager, and forwarded her the email.  Bottom-line, the email was not legitimate.  Since my client had not made any deposits using the new password and had no loss, I never did find out how the story ended.  But the moral of the story is that even very legitimate looking emails can be fraudulent so check them out carefully especially if they involve any financial matters!

1 Comment

Filed under Uncategorized