Enemies Within

Asset misappropriation comes in many forms.

ometimes, the truth isn’t very pretty. Consider, for example, the American workforce. Although regarded by many as the finest in the world, it has a dark side. According to estimates, a third of American workers have stolen on the job. Many of these thefts are immaterial to the financial statements, but not all are—especially to small businesses.

Regardless of the amounts, CPAs are being asked to play an increasingly important role in helping organizations prevent and detect internal fraud and theft. Responding to these demands requires the auditor to have a thorough understanding of asset misappropriation. CPAs with unaudited clients can provide additional services by suggesting a periodic examination of the cash account only.

Although “internal theft” and “employee fraud” are commonly used, a more encompassing term is “asset misappropriation.” For our purposes, asset misappropriation means more than theft or embezzlement. An employee who wrongly uses company equipment (for example, computers and software) for his or her own personal benefit has not stolen the property, but has misappropriated it.

Employees—from executives to rank-and-file workers—can be very imaginative in the ways they scam their companies. But in a study of 2,608 cases of occupational fraud and abuse, we learned that asset misappropriation can be subdivided into specific types; the most prevalent are skimming and fraudulent disbursements.


Over the years, the asset misappropriation chart has become known as the “fraud tree” for its numerous branches. The tree’s trunk consists of two major asset types: cash, and inventory and all other assets. Crooked employees clearly favor misappropriating the former—nearly nine in 10 illegal schemes in the study involved the cash account.
The reasons should not be surprising: Cash is fungible, has a specific value and is easily transported. Inventory—except for consumer goods—has limited usefulness to a thief; an employee in a ball bearing plant can have a hard time converting the loot into cash. And of course, many business enterprises don’t have a physical inventory at all.

Source: “Report to the Nation,” 1996. Institute of Certified Fraud Examiners. See the full report at www.cfenet.com.


On the branches of the fraud tree are three main ways to embezzle cash: skimming, larceny and fraudulent disbursements. Skimming can be described as the removal of cash prior to its entry into the accounting system. Here are some examples:

The manager of a movie theater skimmed $30,000. During the theater’s slow times, when he thought he was not being observed, the manager would print a viewer’s ticket but keep it for himself and allow the customer to enter the movie without a ticket. Then during busy times, he would resell the tickets he had withheld and pocket the cash. The manager was caught by an alert employee who happened to pass by and saw what he was doing.

In a legendary story, the manager of a retail store with six cash registers brought in his own register and set it up in an empty checkout lane. All sales going through the seventh register went directly to the manager! Although you would think someone would notice, this scheme reputedly went undetected until a physical count showed huge inventory shortages.

A government mail-room employee skimmed more than $2 million in taxpayer refund checks that had been returned by the post office for bad addresses. The employee, with the help of several outside accomplices, was able to deposit the stolen checks into various banks and withdraw the proceeds. The scheme was uncovered when a taxpayer called about an overdue refund and found out that his check had already been cashed.

Larceny is the removal of cash from the organization after it has been entered into the accounting records. Most of these schemes are detected through bank reconciliations and cash counts. Larceny is therefore not one of employees’ favorite illicit methods; it accounted for only 3% of the cases in the study and 1% of the losses. Here are some examples of cash larceny:

A bookkeeping employee, responsible for posting accounts receivable in a small business, stole some of the cash payments but nonetheless posted the transaction to the company’s accounts-receivable detail. Within months, the theft had risen to more than $200,000, seriously depleting the business’s cash. When a bank reconciliation revealed a major discrepancy between the accounts-receivable detail and cash, the scheme was uncovered.

An employee in charge of taking the company’s money to the bank would regularly remove currency, then alter the company’s deposit slip to reflect the lower deposit amount. The worker, obviously not an accounting genius, didn’t realize the discrepancy would be discovered when sales and cash were reconciled.

Additional research of 732 fraudulent disbursement cases showed they can be subdivided into at least six specific types: check tampering, false register disbursements, billing schemes, payroll schemes, expense reimbursement schemes and other fraudulent disbursements. Following are a few common examples:

A purchasing agent for a major corporation set up a vendor file in his wife’s maiden name, then went on to approve more than $1 million in company payments to her. The supporting documentation consisted of the wife’s invoices for “consulting services” that were never rendered. A clerk in the purchasing department, suspicious of the agent’s recent purchase of a new boat and car, caught on to the scheme and turned him in.

The CEO of a small nonprofit agency stole $35,000 from its coffers by submitting “check requests” to the accounting department. The checks were made payable to outside bank accounts the CEO controlled. The accounting personnel, fearful of angering the boss, made out the checks and delivered them to him. One accounting clerk finally had enough and alerted the outside auditors, who confirmed the disbursements were not legitimate.

A worker for one company submitted an expense reimbursement for a trip he supposedly took for business purposes. Actually, he took his girlfriend to a bicycle rally and attempted to charge the expense to the company. One problem: On his itinerary, the worker listed the independent auditor who was examining his expense reimbursement as his traveling companion—not a smart move.

Employees who set up dummy companies for fraudulent disbursements often give clues to their activities. They will use their own initials for the company name, rent a post office box or mail drop to receive checks, or use a dummy company name and their own home address.


Regardless of the method or the asset involved, all asset misappropriation has the same effect on the books of account. Take the following actual case as an example:

Kay Lemon, a seemingly prim-and-proper grandmother, stole $416,000 from a small Nebraska lighting store where she had been employed for 20 years as a bookkeeper. Lemon spent three years in the Nebraska Women’s Correctional Institute after confessing that she’d been hitting the books for eight years and had blown all the loot on herself and her family.

Lemon’s crime is typical of the risk to small business: The lighting store’s CPA prepared only the company’s tax returns, so the business was not audited. Lemon also acted as the store’s “accounting department.” She made deposits, signed checks and reconciled the store’s bank account. Although any entry-level accountant could recognize this situation as an accident waiting to happen, the store’s owner did not.

After 12 years of unrelenting temptation, Lemon finally gave in. Thereafter, for years, she systematically stole money from the lighting store using the same method. She would make out a company check to herself (in her own true name), sign it and deposit the proceeds in her personal checking account.

To cover the theft, Lemon would do three simple things: First, she’d enter “void” on the check stub when she wrote the check to herself. Next, she would add the amount of the theft to the check stub when she paid for inventory. For example, if she took $5,000 and was paying a vendor $10,000, she would show $15,000 on the vendor’s check stub. That way, the cash account would always stay in balance. Finally, when the checks paid to Lemon were returned in the bank statement, she would tear them up and throw them in the trash.

In looking at Lemon’s inelegant scheme from an accounting perspective, one can see that she had her choice of three techniques to cover her tracks: false debits, omitted credits or forced balances.

Early Warning Signs of Cash Misappropriation

The three principle methods employees use to misappropriate cash can show up early in an organization’s books. CPAs should be alert to simple trends when determining a company’s risk of material embezzlement. Consider one or more of the following:

Decreasing cash to total current assets.
A decreasing ratio of cash to credit card sales.
Flat or declining sales with increasing cost of sales.
Increasing accounts receivable compared with cash.
Delayed posting of accounts-receivable payments.

Unexplained cash discrepancies.
Altered or forged deposit slips.
Customer billing and payment complaints.
Rising “in transit” deposits during bank reconciliations.

Fraudulent Disbursements
Increasing “soft” expenses (for example, consulting or advertising).
Employee home address matches a vendor’s address.
Vendor address is a post office box or mail drop.
Vendor name consists of initials or vague business purpose. (Employees often use their own initials when setting up dummy companies; for example, “JTW Enterprises”).
Excessive voided, missing or destroyed checks.


Lemon chose the most logical (and common) method for covering a cash embezzlement: the false debit. When Lemon credited the bank account for the checks she made out to herself, the corresponding debit was false. Still, from the standpoint of the accounting equation, the books were in balance.

Lemon and other embezzlers have two choices concerning the false debit: The transaction can be allocated to an asset account or an expense account. In Lemon’s case, she added her thefts to the inventory account--an asset. As we CPAs know, that false debit will stay on the books until some action is taken to remove it. In this situation, the lighting store’s inventory was overstated by $416,000 over eight years, as the store never performed a physical count of its inventory. As a result, when Lemon’s crime came to light, a huge writeoff was necessary, almost bankrupting the store.

A less obvious move would have been for Lemon to charge the false debit to an expense account, which is written off every year. It doesn’t matter what the expense is, although these are some favorites: advertising, legal expense, consulting fees and other “soft expenses.” Here, the expense for fraud gets written off annually. If the fraud perpetrator can conceal the fraud long enough for the account to be closed to profit and loss, he or she has gone a long way toward avoiding detection—at least on a current basis.


To understand how omitted credits affect the books, imagine Lemon had taken a different tack. Instead of writing checks to herself, she would instead intercept incoming cash receipts before they were posted. Presume further that Lemon would negotiate the checks by forging the endorsement of the lighting store, then endorsing her own name on the checks, subsequently depositing them in her checking account.

The net effect would have been that Lemon stole the debit (the cash) and omitted the credit (sales or accounts receivable); in short, she skimmed the money. This is known as an “off-book fraud,” as evidenced by the omission of the transaction from the accounting records altogether. If Lemon had skimmed from sales, there would be only indirect proof of her crime through falling revenue and/or rising costs. But if she had skimmed from accounts receivable, she would need to create a fictitious entry to credit the customers’ accounts; otherwise, the books would be out of balance.


Another technique to conceal asset misappropriation is not the best choice. Lemon could have attempted to force the balance of the bank accounts and inventory to cover herself. In that situation, she would have forced the bank reconciliation to equal the amount she was stealing by purposely misadding the transactions. But that technique requires constant attention. Unless the company has lots of cash, forcing the bank balance will eventually result in bounced checks. A simple proof of cash that’s routinely done in an audit will usually catch this scheme.

That’s not what happened to Lemon, though. She had a nervous breakdown because of the pressure from all those years of stealing and covering it up; she came forward and confessed. Her embezzlement points out one real benefit of an audit in a small business: Almost any degree of independent review by a CPA would have uncovered what Lemon was doing.

Embezzlements can be uncovered, but more importantly, people like Lemon will be much less likely to steal knowing a CPA will be scrutinizing their activities.

JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners, Austin, Texas. Mr. Wells’ article “So That’s Why They Call It a Pyramid Scheme” ( JofA Oct.00, page 91) has won the Lawler Award for best article in the JofA in 2000. His e-mail address is joe@cfenet.com .


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.