HISTORY BEHIND THE FRAUD CASE
The owner of a chain of supply stores was enjoying his morning coffee while reviewing his monthly financial statements for each store. He noticed a month‐to‐month decline in the sales of one location. Later that day, the owner found the bank statements for the store and examined the last several months of deposits. Like gross receipts, there was a similar month‐to‐month decline in cash deposits. Overall, sales were down over 25 percent compared to the prior year. He tasked a programmer in the Information Technology (IT) department to extract daily sales, deposits, and edits to both accounts for the last 90 days. The IT programmer came back, concluding that receipts for many deposits appeared to have been decreased several hundred dollars per day.
In the subsequent fraud examination, photocopies of all deposit tickets for the last 90 days were requested from the bank and the IT department extracted daily sales records from the point‐of‐sale (POS) system for the same period. Tests were undertaken to access the validity of the initial data extraction of daily sales, deposits, and edits: (1) the actual daily sales per the point‐of‐sale records were vouched to the pre‐edit cash receipts in the IT extraction; and (2) the actual daily deposits as shown on the deposit tickets were vouched to the cash receipts on the initial data extraction (i.e., the daily post‐edit cash receipts). Then, the amount of the alleged larceny was calculated by subtracting the daily pre‐ and post‐edit totals.
Also common with small businesses, the internal controls over edits/adjusting journal entries were nonexistent. The owner, IT personnel, and store managers at each store could make edits/adjusting journal entries to accounting records, including sales. Of the three, the store managers could make edits without any monitoring.
Inexpensive, readily available, accounting packages have edit functions that can be fraudulently used if a company does not have adequate internal controls (i.e., separation of authorization, accounting, and asset custodian duties). After printing checks to the payee listed on the check, a fraudster can use the edit function to change the name of the payee and account. Vouching from the cash disbursements journal and the canceled check and/or bank statement will document the difference. Similarly, a fraudster can use the edit function to reduce the amount of cash receipts and deposit a lower amount (i.e., steal cash).
This case teaches you how to prepa a spreadsheet detailing original and edited transactions listed on an accounting record (e.g., data extraction from the adjustments and/or cash receipts journal). You will learn how to document the edits by vouching to the amount and date of the edited transactions to the supporting documents (e.g., deposit ticket and bank statement).
On April 2, 2016 (the day following the bank’s notification of overdrawn checks), Dr. Anderson reviewed the March 2016 details from her practice over breakfast and noted that deposited cash deposits did not match the cash receipts initially recorded in the Medatrix UltraScan Point of Sale (POS) system. She asked Teresa Padgett, an information technology specialist, to look up the original and edited cash receipt transactions recorded in Medatrix UltraScan for March 2016. Teresa found that Tonya Larsen, who has been the office manager since September 2015, had made a number of even‐dollar edits to the amount of cash receipts (e.g., $2,197.95 reduced to $1,697.95, a $500.00 reduction) and that the smaller edited amounts of cash were deposited days after actual receipt. Teresa Padgett told Dr. Anderson that she thought Tonya Larsen was stealing—altering deposits with different round dollar amounts (more than $1,000 a week). Time stamps on Tonya Larsen’s edits show when she changed the information. Every employee has a distinct ID and password that employees are not to share. Tonya Larsen’s ID is “203- Tonya.” According to Teresa Padgett, there appears to be a delay of several days between daily sales receipts and actual deposits and there appears to be a pattern of decreased deposits.
Teresa Padgett downloaded the edits to the cash receipts journal for the period September 1, 2015, through March 31, 2016, for further examination.
Alexander Z. Boone, Esq., the independent attorney hired by Southern Appalachian Insurance Company, added a review of the edits to the cash receipts journal to your examination of Anderson Internal Medicine’s employee dishonesty claim.
Before proceeding, read the documents in Chapter 7, section 7‐3, “Fraudulent Edits/Adjusting Journal Entries.” As you work the case, you will have to read and reread the documents to fully understand the evidence. As with the information analyzed and summarized from the bank statements, canceled checks, deposit slips, and so on, the results of this additional assignment will be used by the attorney. Your assignment (in general) is as follows:
- Schedule the provided data extraction [e.g., date and amount of the original transaction (e.g., cash before adjustment) and the date and amount of the edited transactions (e.g., cash after the adjustment)] and calculate the differences, if any, between the original and edited transactions.
- Vouch the deposit transactions listed on the schedule to the deposit slips and bank statement to verify the amount and date of cash actually deposited.
- Identify the individual and total number and dollars of irregularities.
3-2 HOW TO VOUCH/TRACE BETWEEN A SOURCE
DOCUMENT AND AN ACCOUNTING LEDGER, JOURNAL, OR ACTIVITY LOG
After reading this synopsis, you should be able to:
- Better understand how to verify data extracted from a ledger, journal (e.g., cash receipts journal), or activity log (e.g., edit or audit trail log).
- Vouch transactions in the ledger, journal, or activity log to the source document or, vice versa, trace the source document to the associated ledger, journal, or activity log.
Essential to detecting and documenting fraudulent accounting transactions is vouching/tracing between the applicable accounting ledger, journal, or activity (edit or audit trail) log and the source document.
If you want to determine whether a transaction is valid, you use a process called vouching. Vouching follows an item found in the accounting ledger, journal, or activity (edit or audit trail) log back to the source
document. Tracing is the reverse process, following a source document back to the originating document (ledger, journal, or activity log). In fraud examination, you will use both vouching and tracing.
In Anderson Internal Medicine (Case 2), you traced checks listed in the cash disbursements journal to the canceled checks and bank statements and found that the payee names on several checks did not match the payee names in the cash disbursements journal. You also traced debit card transactions listed on the bank statements back to the cash disbursements journal and found that those transactions were not listed in the accounting records.
Similarly, you can trace numbers and dates on deposit tickets and bank statements to the edit log, which tracks changes to cash deposits. You could also trace to the cash receipts journal; however, that would only show the post‐edit numbers—it would miss those deposits that were allegedly stolen. Also, you can trace transactions listed on the edit log (not the cash receipts journal) to the deposit tickets and bank statements. Pay close attention to deposit dates. Good internal controls require deposits to be made daily (as in the same day received) and intact (without withholding any of the deposit). If a company receives cash and checks, both should be deposited on the dates received.
3-3 EXERCISE—FRAUDULENT EDITS (OR AJE) (ANDERSON INTERNAL MEDICINE)
EXERCISE 1: INDIVIDUAL ASSIGNMENT
- Use the template titled “203‐Tonya Edits Template,” which is available on the companion website.
- Data extractions are often difficult to read. So, convert the data extraction to a more understandable Excel schedule. Start with the data contained in the extraction labeled “Data Extraction 203 Tonya Edits (Jan Feb Mar 2016).” Schedule the specific information [e.g., date and amount of the original transaction (e.g., cash before adjustment) and the date and amount of the edited transactions (e.g., cash after the adjustment)] into the template.
Calculate the differences, if any, between the original and edited transactions.
- Then, vouch the edited deposit transactions listed on the schedule to the deposit slips and bank statement provided with the second fraud case to verify the amount and date of cash actually deposited. Insert tick mark “√”. This will evidence that the edited deposit amounts on the schedule agree with both the deposit slips and bank statement.
- Identify the individual, monthly total number and dollars, grand total number and dollars of the irregularities. Was there a trend in average irregularity as well as monthly total number and dollars?
3-4 EXERCISE TEMPLATE
ANDERSON INTERNAL MEDICINE (EDITS/AJES),
I am attaching case 2 information
Case 2: Check Fraud, Debit Card Fraud, Cash Larceny
2-1 ANDERSON INTERNAL MEDICINE: PREPARING A BANK RECONCILIATION AND SPREADING/ANALYZING TRANSACTIONS ON MONTHLY STATEMENTS FROM FINANCIAL INSTITUTIONSLEARNING OBJECTIVE
After completing and discussing this case, you should be able to:
- Prepa a bank reconciliation between the bank records and company’s accounting records to determine the existence of unaccounted transactions that have not been recorded in the:
- Bank statements (but have been recorded in the company’s point‐ofsale [POS] computer program), deposits in transit (i.e., deposits recorded on the company’s books but not presented to the bank), and outstanding checks (i.e., checks recorded on the company’s books but not presented to the bank); and/or,
- Company’s accounting records (but may have been recorded in the bank statements), including unrecorded fees (e.g., insufficient funds charges, monthly account fees, and other debit memorandums) and
unrecorded income(e.g., interest earned and other credit memorandums).
- Enter into a spreadsheet debits and credits from financial institution monthly statements, identify the payee, maker, and endorsee on checks, read the transaction information on the back of checks, read the coding associated with debit (or ATM) card charges listed on the statements, read deposit slips, and then analyze the information.
- Vouch transactions on the monthly statements to accounting records (e.g., cash receipts and cash disbursement journals).
- Identify irregularities in payee, maker, and endorsee on checks, coding associated with debit (or ATM) card charges (e.g., when and where charged, timing) and the amount and type of deposits.
HISTORY BEHIND THE FRAUD CASE:
This is a combination of two fraud cases involving dental / medical practitioners. In one case, an oral surgeon arrived at his office on Monday morning and found that (1) his patient records had been shredded and (2) the passwords to access his computer dental accounting program and payroll accounting program had been changed. He called a forensic computer expert, who unlocked the computer only to find that the data had been wiped clean. A subsequent criminal background check found that the office manager had been convicted twice of fraud for thefts as a bookkeeper for two other businesses. In each case, the courts sentenced her to probation and restitution. It took one year to physically reconstruct the records and document substantial larceny and skimming. Local law enforcement eventually located her in another state and arranged to have her extradited to stand trial.
In the other fraud case, drug diversion agents arrested the office manager for attempting to use drug prescription pads taken from one of her doctors to obtain controlled painkillers. The agents conducted a physical inventory of the controlled substance locker at the doctors’ office and found material shortages of painkillers. A week later, checks started bouncing. The new office manager spent months documenting the extent of the frauds— additional payroll checks made payable to the former office manager, checks made to payable to various companies on behalf of the former office manager, obtaining and using an unauthorized ATM / Debit Card to obtain cash, groceries, and other goods at locations over 30 miles from the doctors’ office, and shorting cash from daily deposits. She pleaded guilty to the drug diversion charges.
As is common with small businesses, internal controls, particularly segregation of duties, were weak at both offices. Both former office managers had full custody of all assets, controlled all of the accounting duties, and authorized almost all receipts and disbursements, except for signing checks. They regularly fanned out checks during busy periods to get the doctors’ signatures. Both doctors seldom asked for or reviewed any documentation. In addition, the edit function of the accounting programs allowed the office managers to print checks made payable to whomever they wanted and then in the edit run to change the payee name and accounting classification. As a result, the payee names on the canceled checks and in the cash disbursement journals were different.
This case teaches you to prep: (1) a bank reconciliation and (2) a spreadsheet with transactions listed on monthly statements. You will also examine the front and back of checks, the coding associated with debit card transactions, deposit tickets, as well as vouch the checks and debit card transactions to the cash disbursements journal and the deposits to the cash receipts journal.
Bank reconciliations account for the differences between the month‐end balance shown on the financial institution statement and the corresponding total shown in the company’s books of record (i.e., cash and related accounts). Completion of the bank reconciliation requires a number of adjustments for timing differences and items found on the statement or books of record (e.g., checks or deposits listed on the books but yet to be received by the bank, and interest earned at the financial institution that has yet to be recorded on the books). When all adjustments have been made, there might still be a yet‐to‐be‐explained difference. When two or more bank reconciliations (e.g., prior and current reconciliation) result in large unaccounted‐for differences, the differences might be larceny, lapping, another type of cash fraud, or material accounting error. Such large unaccounted‐for differences require additional fraud examination work (e.g., interviewing those who handle cash, examination of individual receivable accounts, reviewing adjusting journal entries and account edits).
Monthly statements from financial institutions (e.g., bank, credit unions, savings and loan associations, and stock brokerage firms) offer a great deal of information, some of which reflects how the alleged fraudster or company spent its money (e.g., personal as opposed to business expenses). It can also detect such illegal activities as unauthorized use of debit (or ATM) cards, check kiting, money laundering, and so on.
Balances in the general ledger and trial balance accounts are not always what they seem. Through the following analyses, you will detect receipts and disbursements that do not agree with the cash receipts and disbursement journal descriptions, unauthorized use of debit cards, and the possibility of larceny.
Greg and Tonya Larsen are being investigated by law enforcement and Southern Appalachian Insurance Company, the company that insured Anderson Internal Medicine (AIM).
Early on Friday, April 1, 2016, the branch manager of the Bank of
Lawrenceville called Jennifer Anderson, MD, the CEO of Anderson Internal Medicine, to inform her that the medical practice’s checking account was overdrawn by $5,945.43. Late last night, the bank paid as a courtesy four charges that overdrew the account ($2,339.50, $2,501.66, $2,497.89, and $280.00). In addition, it returned four checks totaling $6,159.75 ($1,534.73, $1,783.83, $1,341.19, and $1,500.00). Dr. Anderson spoke with Tonya Larsen when she arrived. Tonya quickly performed a bank reconciliation and announced that the shortage was the result of several missing deposits because she had not deposited some receipts, which were in her credenza. Tonya promised to track down and deposit the missing deposits and personally cover the insufficient funds (NSF) charges. The two agreed to go over the books early on Monday morning. Tonya Larsen spent the remainder of the day in her office with her door closed and stayed behind after the last patient and all employees left for the day.
Dr. Anderson arrived early on Monday and went straight to Ms. Larsen’s desk. She found a wastebasket overflowing with shredded paper. She immediately went to the file room, where she found a giant trash bag also overflowing with shredded paper and empty patient file folders tossed haphazardly all around the file room. Dr. Anderson attempted to access the point‐of‐sale, accounting, and payroll systems, but could not get into either computer system—none of the passwords worked. She called in a forensic computer examiner, who successfully unlocked the computer, but found that much of the data on the hard drive had been erased. Over several days, he was able to un‐erase some of the data.
Late on Monday, a lawyer emailed Dr. Anderson and left a voice message on her personal cell phone that he represented Greg and Tonya Larsen and left instructions that no one was allowed to talk with either of them. Any inquiries that she or anyone else had MUST go through him.
AIM’s new office manager spent two weeks attempting to make sense out of the mess and file an employee dishonesty claim with Southern Appalachian Insurance Company. She found $260.00 in cash, $2,210.00 in patient and insurance company checks, and two business debit cards in Tonya Larsen’s file cabinet. She also confirmed that the ending balance in the cash account for the point‐of‐sale system was $901.47 in the general ledger. After getting a copy of an order form from the Bank of Lawrenceville, the new office manager discovered that Tonya Larsen obtained the two debit cards without the authorization of Dr. Anderson. She also obtained facsimiles of canceled and dishonored checks and deposit tickets for March 2016.
The special agents with the insurance company’s Special Investigative Unit (SIU) found that:
Tonya previously worked for Absolute Orthopedics, Marietta, Georgia, as the office manager. She resigned at the end of March 2015 after the practice started bouncing checks. Absolute Orthopedics’ CPA determined that over $30,000.00 was missing. The practice filed an employee dishonesty claim with its insurance company (not Southern Appalachian Insurance Company), but could not definitively determine who caused the loss. The case was referred to the Cobb County Sheriff’s Office. Their investigation is still open.
- AIM uses a point‐of‐sale (POS) computer program to record the cash receipts, debit card, credit card (e.g., AMEX, Discover, MasterCard, VISA), and insurance charges (e.g., Blue Cross Blue Shield, Medicare, Medicaid, Tricare) for patient services. Only the daily cash receipts are deposited to the checking account at Sharptop Bank. The deposits of subsequent settlement payments for credit card charges and insurance charges are deposited in a separate bank lock box that monitors charge transactions.
- Dr. Anderson owns a Lexus RX 350, which she finances with Sharptop Bank.
You have been retained by Alexander Z. Boone, Esq., the independent attorney hired by Southern Appalachian Insurance Company, to examine an employee dishonesty claim filed by Anderson Internal Medicine. You work under attorney‐client privilege (i.e., your work is not made available to opposing counsel until authorized by Alexander Boone).
Before proceeding, read the documents in Chapter 7, section 7‐2, “Anderson Internal Medicine.” As with the prior case, you will have to read and reread the documents to fully understand the evidence.
On your own, research how to prep a bank reconciliation. It can easily be found online. Study sections 2-3 and 2-4, How to Read Checks and Decode Debit Card Transactions and How to Spread and Analyze Check and Debit Card Transactions before conducting the specific requirements of this case.
The results of your assignment will be used by the attorney. Your assignment (in general) is, as follows:
- Determine the types of employee dishonestly frauds allegedly perpetrated by Tonya Larsen on Anderson Internal Medicine. Determine how the alleged fraud could have occurred at the medical practice (e.g., weak internal controls) and what Anderson Internal Medicine needs to do to deter future frauds.
- Determine the amount of verifiable loss from alleged employee dishonesty at Anderson Internal Medicine.
- Determine what additional steps need to be taken to examine the yet‐to‐bedetermined difference detected by the bank reconciliation.
- Prep a report and associated schedules using the sample report and schedules.
- Prep audiovisuals (e.g., charts, summary schedules, and/or graphs of your choice) to simplify these complex accounting issues.
The initial steps (see exercises) are to be completed individually. You may confer online about examination strategy, . In particular, each student is to perform the various fraud examination steps and submit their Excel working papers (e.g., schedules) for grades. These steps will be performed as a series of graded exercises designed to walk you through the process.
The finl exercise is a team project. Each team will submit a finl examination report addressed to the attorney for Southern Appalachian Insurance Company, accompanying set of schedules, and audiovisuals for a grade. Each team is to select a team leader, assign various tasks to each member of the team, and email a list of each student’s assignment. Pick your team leader wisely, as he/she is responsible for quality control and should not take on any additional tasks. The team leader makes sure that deliverables are received in a timely manner (i.e., schedules, audiovisuals, and report in that order) and proofreads the report before submission.
LOOK CLOSER AT REPEATING DEBIT CARD TRANSACTIONS AT BIG BOX STORES AND CHAIN GROCERY STORES
If you examine checking accounts of persons suspected of money laundering and find small, repeating debit card transactions (say $25 to $75) at big‐box stores or chain grocery stores, you might be witnessing the 5 percent fee charged by customer service for loading prepaid cards valued from $500 to $1,500. Similarly, large dollar transactions at grocery stores (say $1,575 or $2,337) may not be for groceries. Yes, persons might spend $400 or more for the monthly groceries, but not $2,337. Something else is transpiring. You might be witnessing the conversion of cash to stored value cards for shipment outside the United States. What is a 5 percent fee to a fraudster if they can convert it to an easily transportable medium that does not come under the U.S. Treasury Cash Transaction Regulations (CTR). Explore those transactions further. Call or visit the big‐box store or chain grocery store and get their policies concerning converting cash to stored value cards. Also, inquire about the store’s retention of electronic records of these transactions, which can be obtained by subpoena. Some stores also have video cameras that surveil customer service.