clearly define the roles and
responsibilities of employees who sign
expense reports and those who process
the reports. That should
eliminate confusion about whether a
manager’s signature means that the
individual is authorizing the expenses as
reasonable business expenses or signifies
that the manager reviewed the report and
supporting detail and attests to the
validity of the expenses.
Travel and expense
transactions should be reviewed randomly
for evidence of compliance with
corporate policy, proper authorization and
approval and the overall reasonableness of
expenses. Internal auditors should also
conduct periodic reviews of the activities
of employees with the highest expense
Duties such as
signing expense reports and
monitoring/managing the budget should be
segregated. A fraudster given
both of those responsibilities can attempt
to bury questionable expenses in
Bethmara Kessler, CFE,
CISA, leads enterprise business risk
management for Limited Brands Inc. Her
e-mail address is
his is the story of how a travel and
expense report audit exposed a fraudster who
siphoned money from the fashion company where she
worked to fund her own lavish spending.
The fraudster, Bobbie Jean Donnelly, had taken
advantage of a lack of adequate controls over her
division’s budget and a lax system for reviewing
expenses. The company’s internal audit team
detected her crime by analyzing patterns in a
year’s worth of reports from employees with the
highest travel and expense bills.
was hired as an administrative assistant to the
manager of a Los Angeles-based design division for
a multibillion-dollar retail corporation. Based on
her strong performance, she was quickly promoted
to office manager for the division.
addition to managing her boss’s needs, she
supervised support personnel and prepared and
oversaw the design department’s budget. Her
manager gave her the responsibility to provide the
first level of expense report review. He relied on
her to ensure that the expenses were valid before
he signed them. On a few occasions, he even asked
her to sign the expense reports on his behalf.
Editor’s Note: This
article is an excerpt from Fraud
Casebook: Lessons From the Bad Side of
Business, a collection of case
studies edited by JofA
contributing editor Joseph T. Wells
and published in July by John Wiley
& Sons Inc. Identifying
characteristics, including the names of
individuals and organizations involved
in this case, have been changed or
business grew, management decided it was time to
build a traditional internal audit department.
That’s where I came in. My internal audit team was
conducting a routine travel and expense audit. We
developed an audit program designed to ensure that
employees were following the corporate travel and
expense policy and that adequate internal controls
for the processing and payment of expense reports
were in place and operating effectively.
The team assembled a sample of individuals and
transactions to test. The individuals were
selected from the population of employees who
submitted the highest dollar amounts over the
course of the year for reimbursement. The
transactions were selected randomly across the
total population of submitted expenses.
The approach and criteria used to audit the
individuals differed significantly from the
approach used to audit the transactions. The
transactions were reviewed for compliance with the
policy, proper authorization and approval, and
overall reasonableness of the expense. That work
yielded some audit exceptions—mostly small and
isolated—but no major surprises.
interesting results of the work came from the
review of individuals. We looked at the
reasonableness of the expenses based on the
employee’s role in the company and searched for
any patterns of activity that seemed unusual.
We quickly identified a group of individuals
who routinely submitted their American Express
bills for reimbursement instead of submitting
detailed receipts of individual expenses. A closer
look revealed that many employees were submitting
expenses twice. The bills began to show a
pattern—one month of charges, the next month a
late fee with old charges and new charges
combined. It didn’t take long for us to determine
that the activity was coming from one area of the
business—the design department. Several
individuals had devised very inventive ways of
submitting expenses for reimbursement.
some cases, employees submitted the same receipt
multiple times but altered the size of the tip and
total amount on each of the documents to make the
duplication less obvious.
I asked my lead
auditor to gather all the expense reports for
employees in that division. Several of the Los
Angeles-based employees routinely traveled to New
York on business and submitted New York City taxi
receipts for reimbursement, a legitimate expense.
Upon examination of the actual taxi receipts, we
noticed multiple receipts that appeared to come
from the same taxi on the same day. New York City
taxis are regulated and have electronic meters
that print receipts. The receipts all show the
taxi medallion number and the trip number. We
found multiple receipts had sequential trip
numbers from the same day. This seemed suspicious.
The time stamps had small gaps between the end
time of the receipt first in sequence, and the
start time of the receipt next in sequence.
The employee who had run up the highest
expenses was the office manager, Bobbie Jean
Donnelly. She had charged about $115,000 over the
previous year, while her manager had submitted
about $40,000 in expenses. It seemed strange that
Donnelly’s expenses would be so much higher than
I met with our general
counsel and informed him of what we had identified
in the audit. He agreed that we needed to conduct
a thorough investigation of the design team’s
expenses, especially Donnelly’s activities.
To search for red flags in the expense reports,
my lead auditor and I used data analysis software
to sift through the data. The software allowed us
to identify duplicate amounts and isolate the
expense reports that we needed to review in
The expense reports were on paper
and were voluminous, but we believed it would be
worthwhile to invest the time of some members of
our team to help build a database of the expense
detail to facilitate the review.
investment paid off. Without the software we would
never have identified that many of the expenses
submitted multiple times for reimbursement were
filed over the course of many months.
Tools that could be used to examine and parse
such data include IDEA Data Analysis Software,
Audit Command Language (ACL), Excel, Access, SQL,
SAS—generally any database or query software.
We separated the duplicates and, in some cases,
expenses that were submitted numerous times. We
found that Donnelly and four other design division
employees were routinely submitting expenses
multiple times for reimbursement. Our review
linked Donnelly to about $12,000 in false
expenses. But I had a nagging feeling about the
sheer amount of expenses she was submitting, so I
ran additional analyses on her expenses to
aggregate them by category.
surprised to see that the majority of her
purchases were samples, items that design team
members, who traveled extensively searching for
inspiration for new product lines, purchased as
part of their research and development. Using the
audit software, I extracted all travel-related
expenses Donnelly submitted to see if the sample
purchases correlated to trips that other design
team members took. I found that they did.
It also appeared that her manager had sent her
to Italy to recruit interns for the company.
Donnelly had submitted more than $6,000 in
expenses for this one-week trip. It seemed that
she had wined and dined the students at the finest
restaurants in Italy. In reality, there was no
recruiting trip. Those expenses coincided with a
vacation that Donnelly and her husband took to
Practical Tips ||
Never ask anyone in a business setting to
reproduce your signature on any kind of
document, even something as seemingly benign
as a birthday card. Such a request can
trigger claims that the individual was
authorized to sign documents for you and can
undercut your legal standing if the
individual forges your signature in the
course of a fraud.
FLAWS IN THE SYSTEM
The company’s expense reporting process
required individuals to describe the business
purpose of an expense and have their manager sign
off on the actual expense report. Donnelly’s boss
was amazed by how accurately Donnelly forged his
name on her fraudulent expense reports.
Given the nature of its work, the design
department’s budget was made up of broad estimates
of the types of expenses it would incur throughout
the year. Some projects were specifically
identified in the budgeting process, but there
were general categories described only as “other”
or “miscellaneous.” Donnelly used these general
categories to pad the budget in the planning
By signing the expense reports on
her manager’s behalf and monitoring
budget-to-actual variances each month, she could
submit her fraudulent expenses coded to a budget
line that was running below budget so that her
manager would never detect the activity.
The final tally of Donnelly’s fraud was
approximately $275,000 over two and a half years.
Almost 95% of her submitted expenses were false.
The biggest category of her fraudulent expenses
was samples, which she was not authorized to buy.
Donnelly’s manager recognized many of her expensed
purchases as items that she wore regularly to
work. Her purchases included a pair of $750 Jimmy
Choo shoes, $875 for a Hermès scarf and $1,250 for
a Prada wallet.
Donnelly and other design
department employees who had abused the expense
report system were terminated. Our investigation
was unable to determine if a link existed between
Donnelly’s actions and the travel and expense
fraud of other employees in the department.
The company’s general counsel and I took our
findings to the district attorney’s office, which
agreed to prosecute Donnelly. At first, she was
adamant about her innocence and refused to
consider a plea agreement. Donnelly’s manager and
I testified before a grand jury that indicted her.
Ultimately, she accepted a plea to a charge of
grand larceny, a felony that came with a sentence
of one to three years in prison. Donnelly served
approximately three months of that time in jail.
When the case was over, I worked with the
management team to recap the breakdowns in our
systems and examine the lessons learned. Some
changes the company made in the wake of the
Modifying travel and expense policies
to be more detailed with respect to supporting
documentation for expenses. The company now
requires original documentation and prohibits
credit card statements and photocopies. Such
requirements prevent employees from submitting
duplicate expenses for reimbursement.
The company also now requires all
employees to use a corporate credit card for
business expenses. This significantly reduces the
amount of expenses for which people claim to have
paid cash and reduces their ability to split the
credit card receipt from the detailed receipt and
submit both for reimbursement.
Both the internal audit team and the
travel and expense team within accounts payable
have expanded the use of audit software to
proactively look for warning signs of fraud in
T&E data. The T&E team also developed
auditing protocols to increase efficiency in
auditing T&E data. Quarterly, team members
separate big spenders from the rest of the
population to look for patterns that appear odd.
Weekly, they randomly select expense reports to
review against a set of audit criteria.
Auditing for Internal
Fraud, a CPE self-study course
Fraud and the Financial
Statement Audit: Auditor
Responsibilities , a CPE self-study
information or to make a purchase, go to
or call the Institute at 888-777-7077.
The Antifraud Resource Center, http://antifraud.aicpa.org
The Association of Certified Fraud
Examiners Fraud Resource Center, www.acfe.com/fraud/fraud.asp.