Studler Doyle – Editor

Opportunity, Not Gender, Matters

Mary, Dr. Martin’s “second wife”, worked as the doctor’s office manager for thirty years. Mary knew Dr. Martin’s habits. She managed the practice, had access to company and personal credit cards, performed banking and even picked up Dr. Martin’s dry cleaning. A trusted employee, Mary was efficient. Mary was nice. But Mary was a thief – stealing more than $500,000 from Dr. Martin over a period of years.
Inaccurate Labels

There is a new trend of labels describing the individuals who steal from employers. For years, there was an economic differential of white-collar and blue-collar criminals says Kelly Paxton in Catch Her If You Can: Pink-Collar Criminals in Fraud Magazine’s November/December 2016 issue. Such historical labels were, at best, misleading labels about who steals from employers. An improper class bias implies individuals with higher levels of education steal from employees – which is flat out wrong. No matter a person’s position, there is an opportunity to steal from employers.

In 1989, Dr. Kathleen Daly referenced gender and varieties of white-collar crime. Dr. Daly labeled theft by “lower to mid-level office women – bookkeepers, office managers, accountants and clerks” as pink-collar criminals. This reference and label is similar to describing Agatha Christie as the leading female crime writer. That description sells Christie short. She is the highest-selling crime writer of all time, selling over two billion copies of her books.
The Trends

In actuality, women have been stealing at a lower severity per occurrence because they have had less access to monies and power than men. Call it the glass ceiling of embezzlement. In recent years, the severity of crime by women has increased because women’s responsibilities have increased. According to Gregory Millman’s Wall Street Journal article Wages of Fraud Lower for Women, a 2015 report by Hiscox found women masterminded over 60% of frauds against employers in 2014, but embezzled a median of only $242,000, about 30% less than men. Women perpetrated three-quarters of payroll frauds, with a median loss of $300,000. Men executed two-thirds of vendor frauds, where the median loss was about double. Adding a fictitious vendor requires someone in a higher authority position, which is usually a male. Women aren’t necessarily bad crooks – they just historically have had less opportunity.

[easy-tweet tweet=”Women have been stealing at a lower severity per occurrence because they have had less access to monies and power than men” via=”no” hashtags=”sdccpa”]
The Fraud Triangle

Individuals allegedly steal based on the Fraud Triangle of opportunity, pressure and relationships. However, we know people steal cash, assets and inventory. Individuals do not steal liabilities. Thus, what individuals steal and how much they steal from their employers is based on their opportunities, their positions and their duties in a job. Labels such as white-collar, blue-collar and pink-color provide little to no value in preventing or mitigating employees from stealing from employers.

What makes a difference is internal controls and opportunities.

Recent Ruling: Medidata Solutions, Inc. v. Federal Ins. Co.

The case Medidata Solutions, Inc. v. Federal Ins. Co. involved a fraudulent impersonation scheme and an alleged entry into the insured’s computer system. The case involved a series of events seen all too often. The court’s ruling presents a peek into the intricacies of analyzing coverage in traditional computer fraud claims. It is important to understand the difference between loss resulting from social engineering schemes and computer hacking. Losses involving social engineering do not require a hacker gaining unauthorized access.
The Timeline of Unfortunate Events

Summer of 2014 –Medidata notified its financial department of a possible acquisition. Medidata instructed personnel “to be prepared to assist with significant transactions on an urgent basis.”
A few months later, a Medidata employee received an email purporting to be from Medidata’s president stating Medidata was finalizing an acquisition and an attorney would be contacting the employee. The following events occurred in succession:
The employee received a call from an individual purporting to be the attorney providing instructions for the wire transfer.
The employee explained an email from the president was necessary to request a transfer and the employee would need approval of two other persons.
The employee and the two other persons received an email from the person purporting to be the president with instruction regarding the transfer.
The employee and the other two parties each took steps to approve the wire transfer.
A few days later, a second wire request was received. One of the individuals noted suspicious indicators in the “Reply to” field. Medidata discovered the president did not request the wire transfers.
Medidata sought coverage under funds transfer fraud and computer fraud.

The Arguments

Federal argued that no coverage existed under computer fraud as there had been no hacking – the fraudulent emails were sent to an open inbox that was capable of receiving emails from the public. Federal argued there had been no “change to data elements” because the emails did not cause any fraudulent change to Medidata’s computer system. Federal further argued that the “emails did not require access to Medidata’s computer system, a manipulation of those computers, or input of fraudulent information.”
The Findings

The Medidata court found the requirement of an unauthorized entry had occurred. Although no hacking had occurred, the court found the fraudsters had introduced harmful code on the transmitted emails that caused the Google server during processing to mask the fraudster’s true email to that of the insured’s president. The court found a direct loss.
The Medidata court further found coverage under funds transfer fraud on grounds Medidata’s accounts payable personnel would not have initiated the wire transfer “but for” the third parties’ manipulation of the emails.
Actions to Take

The question of a scheme involving social engineering and hacking or entry into a computer system presents a challenge to analyzing traditional computer crime coverages. Suggested steps to prevent social engineering loss may include policies requiring the following:

Multiple-person sign off.
Training for request to change account information.
A designated call-back number.
Limit employees’ social media posting.
Educate employees about schemes.
Centralized email address to which employees direct their suspicious emails.
Internal communication informing employees of an established “tell” so employees can ensure emails received from managers are legitimate.

Local Versus Global Brand for Auditing Firms

On March 8, 2017, the Wall Street Journal published an article about KPMG being under fire for scandals in the U.S., South Africa, and the U.K. Although KPMG does face trouble on three fronts, the scandals involve three legally separate firms:

KPMG, LLP, a New York-based U.S. partnership, is dealing with the indictment of former partners on charges they helped steal secret regulatory information.
KPMG’s local affiliate in South Africa faces a criminal complaint and scrutiny overs its ties to a politically connected family.
KPMG’s London-based firm is under regulatory investigation over its auditing of a construction company, Carillion PLC, which collapsed in January 2018.

The Big Four

The Big Four accounting firms (KPMG, Deloitte Touche Tohmatsu, PricewaterhouseCoopers and Ernst & Young) promote themselves as unified entities – each with one global brand. Although this implies common leadership and a single standard of quality, they are organized very differently. Each firm is actually a network of independent firms in approximately 150 countries. Global umbrella organizations head each network. Overall strategy and the overseeing of the brand is set with input from the member firms. The member firms perform the audits and have latitude over how they conduct their business. They aren’t obligated to or responsible for each other. The network arose because accounting firms wanted to expand and serve multinational clients but did so through independent local affiliates because each country has its own licensing and training requirements.
Local Affiliates

Critics say local audit affiliates are more likely to produce flawed work, potentially affecting the network’s multinational clients. Recently, in the U.S., the Public Company Accounting Oversight Board starting requiring accounting firms with U.S.-traded clients to start disclosing when affiliates work with them on a company’s audit. Since 2016, the PCAOB has reached disciplinary settlements over allegations involving Deloitte affiliates in multiple countries and Ernst & Young’s Indonesian affiliate.

The setup can limit what the global firms can do to in the event of “bad-apple” affiliates, although it helps protect their networks and U.S. partners from liability. “You’ve got personnel and technology crossing borders all the time,” says Jim Peterson, author of a book about the Big Four firms. In the event of trouble, “they do everything they can to firewall the problem.”
Investigations

Deloitte faces regulatory investigations in South Africa and the Netherlands over the client Steinhoff International Holdings. Regulators in India have suspended PwC’s affiliate from auditing companies for two years due to lack of fraud detection. KPMG has fired five employees U.S. employees over the information-stealing scandal and says there was no criminal wrongdoing in South Africa. KPMG also contends the audits were conducted appropriately in the U.K.

The global organization may seek to rein in the local affiliate because of the brand-name risk, but the local firm’s independence and ownership means the network has limited ability to crack down, presenting challenges. The only choice may be to expel the local affiliate from the network – the so called “death penalty” that prevents the global network from doing business in that country until it finds a new affiliate.
Court Rulings

The structure helps firms contain liability from problem audits, but some U.S. court rulings have suggested the global networks can be held responsible. “They all function as one firm,” says Steven Thomas, an attorney specializing in suits against accounting firms. “The only time you hear ‘Well, we’re not all KPMG’ is when they get sued.”

A U.S. investor who suffers a loss in a foreign country with accounting issues can’t easily hold the U.S. auditor responsible, even though they are part of the same network and the U.S. firm may have assisted with the audit. The new PCAOB requirement to disclose other firms contributing to a company’s audit may give investors a better understanding of how the networks operate.

Is it Fraud? 4 Reasons for Inventory Loss Claims

When a business files an inventory loss claim, we often jump to the conclusion fraud is the cause of the loss. But fraud it isn’t always the reason behind the missing items.

Several variables make it difficult to measure inventory accurately: complex production processes, varied accounting methods, and the sheer volume of items. As a result, many companies experience inventory shrinkage or a discrepancy between recorded inventory and actual inventory.

Determining the Cause

One common reason for inventory shortages is that companies miscalculate the amount of inventory used. For example, the owners of an ice cream shop might think they can dip 100 cones in a can of chocolate. In actuality, they only dipped 95 cones out of the last can and 85 cones from the can before that. Unless the shop keeps historical data on its chocolate usage, its inventory count likely won’t be accurate.

Many other shortages are accounted for by data entry and human errors, including coding items incorrectly, paying a vendor invoice twice, or overshipping to customers. An analysis of a company’s books and its physical inventory will often reveal the problem.

Often inventory discrepancies are the result of simple, honest mistakes. However, fraudulent schemes also abound. One scheme involves “ghost inventory,” whereby an employee pays for fictitious orders that are never delivered. Other schemes involve falsifying physical inventory quantities, including consigned inventory in total values, and failing to write down obsolete inventory.

Investigating the Claim

Before investigating a claim, ask the company to explain its recording methods so you can note anything unusual. Some companies use a periodic system where they record inventory changes at the end of an accounting period. Others use a perpetual system, recording changes continuously. Watch for any abnormal inventory shrinkage or a pattern of shrinkage in one department or location.

Other red flags to look for include inventory turnover slowing, inventory increasing faster than sales, and shipping costs decreasing compared to inventory volume. Changes to gross profit margins or the gross profit divided by sales are another reason for suspicion. An unusually high figure could indicate overstated inventory, while a low margin may indicate inventory theft. Unusual bookkeeping entries, such as round figures or credits in the purchases section, can also signal something is amiss.

Room for Improvement

When working with companies to resolve their loss claims, encourage them to improve their reporting. Inventory management software, which tracks average turnover, top-selling items and other critical information, can help businesses get a handle on their books.

Reducing inventory is another way to minimize claims as well as cut inventory-related costs. Many companies realize savings by adopting Just-In-Time inventory management practices, where they order materials as needed instead of hanging onto them for months. Tighter controls are another important deterrent against inventory losses. Companies should ensure the person recording a transaction isn’t same person who processes it and limit asset access to necessary employees.

Whether a company’s loss claim is the result of a pilfering employee or just sloppy data entry, understanding how the organization’s inventory works and ensuring it is recorded accurately can help avoid similar issues in the future.

Advanced Inventory Concepts

A company files a claim contending a warehouse manager stole $450,000.00 in inventory. The manager, a long-time employee, was trusted with keys and alarm codes. He was able to enter the warehouse after hours and remove pallets of product. The company contends the theft occurred over a 12-year period.

When confronted with an inventory loss claim, what do we do to test the reasonableness of missing inventory?

The Rate of Theft

A common, core concept involves evaluating an employee’s theft over a period of time. The frequency and severity of the rate of theft and amount of theft increases over time. Our analysis includes the following basic premises:

Employees do not initially steal at the onset of their employment.
Employee theft often starts with an error or with taking a small amount.
Employees may realize the error or small amount was not noticed by management.
Employees continue to steal in small amounts.
As employees become addicted to the extra monies, the amount stolen increases in frequency and severity.
The frequency and severity continue to increase until the employee theft is discovered.
Sometimes employees want to be discovered. They could have quit stealing and their theft would not have been discovered.
The day and week of discovery probably represents the greatest severity of theft by the employee in a particular period.

Verifying the Reasonableness

There are a multitude of ways to verify the reasonableness of the amount of theft. One way is based on the Triangulation Method.

The concept of the Triangulation Method is measuring the amount of misappropriated inventory or monies when there is a lack of alternative information and alternative variables. The rate of increase in frequency and severity is similar to the area of a triangle. Based on the variables of the triangle, the amount of theft can be tested for reasonableness. A triangle consists of base times height at 1/2.

The base represents the period of time. The periods can be days, weeks, months, or years.

The height represents the amount stolen in a period, which is equivalent to the units of time utilized in the decided base line.

Putting the Method to Work

For example, an employee is seen on video at a gas station stealing lottery tickets. The employee is caught with 100 lottery tickets in the last week of employment. The employee worked for 30 weeks. We want to measure the period of theft in weeks. The units in the height and base need to be equivalent.

The triangulation is depicted as follows:

The employee is assumed to start at stealing zero tickets when employed and continues increasing the number of tickets stolen. The calculation amount stolen is the area of the triangle, thereby utilizing the triangulation method:

½ (Base x Height) = ½ (30 x 100) = $1,500.00

Utilizing the basic geometry concepts of the area of a triangle, an alternative method can be used to estimate the amount of monies or inventory missing.