A nonprofit organization raising funds for 9/11 victims was implicated in a cash skimming scheme. Despite significant cash sales, financial records showed minimal revenue, prompting an investigation following an anonymous tip.
Investigators uncovered discrepancies in vendor records, multiple entity names used for purchases, and a second set of financial records, revealing significant unreported income. Corporate officers were prosecuted for personal use of funds.
The case highlights the vulnerability of cash-based operations to skimming, where funds are stolen before being recorded, leaving no direct audit trail.
Effective detection required forensic reconstruction of financial statements and collaboration with law enforcement to seize evidence.
The Fraud Tree classifies occupational frauds by method, aiding antifraud professionals in identifying common perpetration techniques and organizational vulnerabilities.
This chapter focuses on cash theft at entry points and noncash asset misappropriations, emphasizing detection and prevention.
The chapter is divided into six modules, each with specific learning objectives to enhance understanding of fraud schemes and antifraud measures:
Module 1: Cash skimming
Module 2: Accounts receivable skimming
Module 3: Cash larceny
Module 4: Noncash asset misappropriation
Module 5: Inventory issues
Module 6: Fraudulent documentation
Skimming involves stealing cash before it is recorded, making it an "off-book" fraud with no direct audit trail. It can occur at any cash entry point, involving employees like salespeople or mailroom staff.
Sales skimming, the simplest form, involves not recording sales and pocketing customer payments.
Techniques include unrecorded sales, cash register manipulation (e.g., "no sale" entries, lifting printer ribbons), after-hours sales, and off-site skimming by unsupervised employees.
Concealment often involves destroying records or exploiting inventory shrinkage attributed to other causes.
Effective oversight, such as management presence, video surveillance, and customer receipt policies, reduces skimming opportunities.
Data analytics can identify anomalous transactions, such as excessive voids or unusual sales patterns.
Receivables skimming is more complex than sales skimming due to expected payments and customer records. Fraudsters steal checks or cash and manipulate accounts to conceal the theft.
A case study illustrates a clerk manipulating accounts receivable through improper write-offs, costing the company $2 million in uncollectible balances.
Common methods include lapping (misapplying payments), force balancing, stolen or altered statements, fraudulent write-offs or discounts, debiting wrong accounts, and destroying records.
Lapping requires meticulous record-keeping, often leading to a second set of books.
Segregation of duties, regular bank reconciliations, and independent verification of deposits prevent receivables skimming.
Data analytics, such as summarizing write-offs or tracking dormant account activity, aids detection. Mandatory vacations and supervisory approvals for adjustments are effective controls.
Cash larceny involves stealing cash after it is recorded, distinguishing it from skimming. It requires concealment to avoid detection through cash register or bank reconciliations.
The module aims to describe larceny activities and their concealment methods.
Perpetrators may manipulate point-of-sale records, void transactions, or alter cash counts to hide theft.
Concealment often involves falsifying records or exploiting system weaknesses, such as manual overrides.
Strong internal controls, including segregation of duties and regular audits, deter larceny.
Monitoring cash register activity and customer feedback helps detect discrepancies.
Noncash misappropriations include asset misuse, unconcealed larceny, asset requisitions and transfers, purchasing and receiving schemes, and fraudulent shipments.
Examples include employees stealing inventory during off-hours or using fake sales to misappropriate goods with accomplices.
Fraudsters exploit access to assets, falsify transfer documents, or manipulate receiving reports (e.g., marking shipments as short).
Concealment involves creating false sales or writing off assets as scrap to account for missing inventory.
Segregation of duties, physical security (e.g., locked storage, access logs), and regular inventory counts prevent theft.
Data analytics, such as matching shipping addresses to employee records, detect fraudulent shipments.
Inventory shrinkage, the unaccounted reduction in inventory, is a key indicator of theft. Fraudsters aim to conceal shrinkage to avoid detection.
Shrinkage can result from employee theft, shoplifting, or procedural issues, requiring careful investigation.
Techniques include altering perpetual or physical inventory records, creating fictitious sales, writing off assets, or physically padding inventory (e.g., stacking empty boxes).
A case study describes employees constructing a fake inventory facade to hide $1 million in missing product.
Regular physical inventory counts by independent staff and reconciling perpetual records detect shrinkage.
Trend analysis on scrap designations or reorder rates identifies potential theft.
Fraudsters use falsified documents (e.g., packing slips, receiving reports) to facilitate and conceal noncash thefts.
The module emphasizes recognizing concealment efforts and using data analytics to detect anomalies.
Segregation of duties in purchasing, receiving, and payment functions prevents fraudulent manipulations.
Matching packing slips to approved purchase orders and reconciling inventory balances to general ledgers ensure accuracy.
Data analytics techniques include identifying shipments to employee addresses, detecting duplicate inventory listings, or flagging obsolete inventory with reorder points.
Regular reviews of system access logs for segregation of duties violations enhance detection.