WHITE-COLLAR CR ME
com
YOUR SECRET WEAPON IN THE WAR ON FRAUD
IN THE NEWS
Big Four Firm in the
Crosshairs of the Law in
Alleged Lehman Financial
Reporting Fraud
T he Wall Street Journal calls it
“the most sweeping allega-
tions against an accounting firm
in nearly a decade.”
New York State Attorney
General Andrew Cuomo is accus-
ing accounting giant Ernst &
Young of helping defunct Lehman
Brothers to falsify its financial
reporting through use of the so-
called Repo 105 financial transac-
tions that generated widespread
media coverage in early 2010.
While it collected more than
$150 million in audit fees from
Lehman between 2001 and the
time it collapsed in September
2008, E&Y advised Lehman on the
use of Repo 105s to remove some
$50 billion from Lehman’s balance
sheet in order to falsely embellish
the financial performance of the
firm while it was rapidly slipping
toward collapse.
New York’s lawsuit: “E&Y
‘directly facilitated’ an accounting
sleight of hand that burnished the
securities firm’s balance sheet.”
Ernst & Young said in a state-
ment that there was “no factual or
legal basis” to bring a claim
against the firm, and that it would
vigorously defend against the
claims in Cuomo’s lawsuit. Only
time will tell.
White-Collar Crime Fighter
source: The Wall Street Journal.
IN THIS ISSUE
•INTERNAL CONTROLS
Are you still neglecting the
basic anti-fraud controls? ......3
•REPORTING MATTERS
Accounting restatements are
flying under the radar............ 4
•OPERATIONAL FRAUD
Essentials for prevention....... 5
•THE CON’S LATEST PLOY
Law-enforcement successes
from around the country........ 7
FIGHTER www.wccfighter.
VOLUME 12 NO.12
DECEMBER 2010
Zabihollah Rezaee, PhD, University of Memphis and
Richard Riley, PhD, West Virginia University
The Role of the Internal Auditor in
Detection and Investigation of
Financial Statement Fraud
he role of internal auditors in But what are the specific best prac-
T detecting, preventing and investi- tices for internal audit in these key areas
gating financial statement fraud that support the organization’s fraud-risk
has been—and continues to be—a topic mitigation efforts? Here is a listing of
of contention among accounting profes- such practices:
sionals, anti-fraud professionals, manage- •Schedule meetings between the
ment and legal staff. However, the over- chief internal auditor and the audit
all trend is toward increased responsibil- committee regarding the financial
ity on the part of internal reporting process.
auditors for detecting The IIA document did lay out •Organize close
fraud and supporting clear measures that internal cooperation and
management in enhanc- auditors must take to assist coordination of
ing anti-fraud controls. management in mitigating its the work of exter-
The most clear-cut indi- risk of being a victim of fraud. nal auditors with
cation of this came with internal auditors
the publication in 2009 by the Institute of through an integrated audit planning
Internal Auditors (IIA) of its Practice process consisting of the exchange of
Guide entitled Internal Auditing and audit plans, programs, findings and
Fraud. Though it did not focus specifical- reports.
ly on the issue of financial statement •Require that internal auditors
fraud, the IIA document did lay out clear report their audit findings related to
measures that internal auditors must take financial statement preparation to
to assist management in mitigating its risk the board and the audit committee—
of being a victim of fraud. especially when there are red flags of
fraud.
TARGETING REPORTING FRAUD •Regularly assess the adequacy
The Practice Guide is largely the prod- and effectiveness of the organiza-
uct of virtually uniform concurrence tion’s internal controls over financial
within the profession with the notion reporting (ICFR).
that the internal audit function involves •Evaluate the quality of the finan-
assisting management with critical cial reporting process—including a
issues pertaining to financial reporting, review of annual and quarterly state-
and internal controls that impact finan- ments— with a specific focus on finding
cial reporting. Key examples... fraud indicators.
•Risk management process •Participate with the audit com-
•Internal control systems mittee and the organization’s exter-
•Financial reporting process nal auditors in reviewing manage-
•Anti-fraud programs and practices ment’s discretionary decisions, judg-
aimed at ensuring the integrity of finan- ment, selection and accounting princi-
cial reporting. ples related to preparing financial state-
 WHITE-COLLAR CRIME FIGHTER

ments. Helpful: SAIS 3 clearly states that

•Perform risk assessments of the internal auditors have three key respon-
White-CollarCrime
financial reporting process by exam- sibilities regarding fraud investigation: FIGHTER
•Determine whether adequate and Editor
ining specific risks and anti-fraud Peter Goldmann, MSc, CFE
controls meant to mitigate the risks. effective internal controls are in place Consulting Editor
Note: This duty is spelled out in the to discover fraud. Jane Y. Kusic
IIA’s 2009 Practice Guide which goes a •Design audit procedures to discover Managing Editor
step further to state that internal audi- similar occurrence of prior-occurring Juliann Lutinski
tors “may assist manage- financial statement Senior Contributing Editor
ment in establishing The Standard includes precise frauds in the future. David Simpson
effective fraud preven- language on what the internal •Obtain adequate Associate Editor
Barbara Wohler
tion measures by know- auditor’s responsibilities should knowledge of investi-
Design & Art Direction
ing the organization’s be for detecting fraud. gating similar fraud. Ray Holland, Holland Design & Publishing
strengths and weakness- But SAIS 3 doesn’t
es and providing consult- stop there. The Panel of Advisers
ing expertise.” Standard includes precise language on Credit Card Fraud
what the internal auditor’s responsibili- Tom Mahoney, Merchant 911.org
LONG-STANDING STANDARD ties should be for detecting fraud: Forensic Accounting
Important: One of the clearest sets of •Obtain sufficient knowledge and Stephen A. Pedneault, Forensic
guidelines on internal audit’s role in pro- understanding of fraud to be able to iden- Accounting Services, LLC
tecting the organization against fraud tify conditions that may indicate the Fraud and Cyber-Law
goes back to 1985 with the IIA’s publica- existence of red flags that fraud might Patricia S. Eyres, Esq., Litigation
Management & Training Services Inc.
tion of Statement of Internal Audit have occurred.
Corporate Fraud Investigation
Standards No.3 (SAIS 3). •Study and assess corporate structure R.A. (Andy) Wilson, Wilson & Turner
to identify opportunities for committing Incorporated
financial statement fraud. Corporate Integrity and
“DETECTING AND PREVENTING •Evaluate choices made by fraud- Compliance
Martin Biegelman, Microsoft Corporation
FRAUD IN TODAY’S sters in perpetrating financial state- Securities Fraud
ment fraud …and determine whether G.W. “Bill” McDonald, Investment and
HIGH-CRIME CLIMATE" those choices represent potential red Financial Fraud Consultant
SIGN UP NOW FOR THE NEW 2011 flags of future fraud and if so, how to Prosecution
adjust internal controls to eliminate the Phil Parrott, Deputy District Attorney
SERIES FROM AUDITNET Denver District Attorney’s Office,
opportunities. Economic Crime Unit
AND FRAUDAWARE •Inform the appropriate individuals Computer and Internet Investigation
in the organization when signs of poten- Donald Allison, Senior Consultant,
G et Expert Advice on how to stay
a step ahead of fraudsters with
proven tactics and techniques.
tial financial statement fraud are identi-
fied. (It is then management’s responsi-
Stroz Friedberg LLC
Fraud Auditing
bility to determine if a full-fledged fraud Tommie W. Singleton, PhD
After completing this carefully University of Alabama at Birmingham
investigation is warranted.)
designed series of 12 high-impact White-Collar Crime Fighter (ISSN 1523-
0821) is published monthly by White-Collar
Webinars featuring the anti-fraud ANTI-FRAUD PRACTICES AND Crime 101, LLC, 213 Ramapoo Rd.,
profession’s top experts, your audi- TECHNIQUES Ridgefield, CT 06877. www.wccfighter.com.
tors, investigators, accounting staff, On a day-to-day basis, the effective- Subscription cost: $295/yr. Canada, $345.
financial personnel, compliance offi- Copyright © 2010 by White Collar Crime
ness of internal audit in reducing the 101, LLC. No part may be reproduced with-
cers and senior management teams organization’s exposure to financial out express permission of the publisher.
will have a unique body of knowl- statement fraud comes down to a set
edge, skills and abilities to launch of very specific risk-mitigation prac- Mission Statement
highly effective initiatives that beat tices that fall into six key areas... White-Collar Crime Fighter provides
fraudsters at their own games— Area #1: Basic practices of an information of maximum practical value
affordably and efficiently. effective internal audit group: to organizations and individuals involved
in all facets of investigating, detecting
Sign up now for this unique series •Report to the audit committee or and preventing economic crime.
of learning sessions that gets right to function in a way that affirms its inde- This community includes law internal
the brass tacks of using your organi- pendence with regard to potential finan- auditors…fraud examiners…regulatory
zation’s resources to safeguard its cial statement fraud. officials…corporate security profession-
financial, intellectual and physical •Obtain training on conducting a als…senior executives…private investi-
fraud risk assessment and stay informed gators…and many more.
assets from the growing army of
of current fraud schemes and detec- The editors of White-Collar Crime
fraudsters. Fighter strive to gather and compile the
For full details, dates, CPE credits tion/deterrence methods. most useful and timely information on
and registration options, PLUS •Become proficient in identifying red economic crime issues.
VALUABLE FREE BONUSES please flags of financial statement fraud. Comments, suggestions and ques-
visit http:/www.auditnet.org/FAST •Apply professional skepticism to all tions are welcome. Please fax us at
audit exercises. 203-431-6054, or E-mail us at edi
2011.htm tor@wccfighter.com. Visit us on the
Area #2: Practices related to eval- Internet at www.wccfighter.com.
2

uating and improving the organi-
zation’s anti-fraud measures:
•Assess fraud risks by evaluating
management’s fraud risk assessment.
•Assess the organization’s culture
to verify and, as necessary, enhance
the effectiveness of:
Written policies specifying ethical
behavior and prohibited/unethical
conduct.
Transaction approval processes.
Whistleblower hotline(s).
Communication about financial
statement fraud incidents—as well as
detection and prevention measures to
the board, top management, managers,
supervisors and line employees.
Area #3: Practices for measuring
the organization’s ethical culture:
•Assess the likelihood that employ-
ees who observe suspected or actual
financial fraud will report it.
•Evaluate management’s posture
regarding whistleblowers—with focus
on the degree to which management
would or wouldn’t retaliate against
them. Propose corrective measures as
needed.
Area #4: Practices for evaluat-
ing the organization’s fraud detec-
tion activities:
•Review the hotline’s design and
processes for effectiveness. Implement
corrective measures as needed.
•Regularly evaluate/audit the specif-
ic design and implementation proce-
dures of management’s internal con-
trols over financial reporting fraud.
Area #5: Practices for projecting
a “perception of detection” by:
•Communicating to management
and employees throughout the orga-
nization that internal audit is looking
for fraud...welcomes tips and is pre-
pared to ask tough questions of man-
agement in the event that financial
statement fraud is suspected.
Area #6: Practices for conduct-
ing timely investigations of allega-
tions and suspicions of financial
statement fraud.
White-Collar Crime Fighter sources:
•Zabihollah Rezaee, PhD, CPA, CFE, CIA,
CGFM, CMA,Thompson-Hill Chair of Excellence
and Professor of Accountancy, University of
Memphis.
•Richard Riley, PhD, CPA, CFE, Louis F.
Tanner Distinguished Professor of Public
Accounting, West Virginia University.
Professors Rezaee and Riley are coauthors of
Financial Statement Fraud, Prevention and
Detection, 2nd Edition (Riley), on which this
article is based.
WHITE-COLLAR CRIME FIGHTER
INTERNAL CONTROL ESSENTIALS
In an Era of Widespread
and Costly Fraud:
Are You Still Neglecting Basic
Anti-Fraud Controls?
irginia Lee Uy was hired in 2002
V as a “billing clerk” at Hudd
Distribution Services Inc., a
warehousing and trans-shipping com-
pany in Sumner, WA, near Seattle and
serving shipping customers in the US
and Canada.
The company was acquired by
Maersk Line of Copenhagen, one of the
largest ocean shipping companies in
the world. Maersk, which owned a
company in the same business as Hudd,
Maersk Distribution Systems Inc.,
acquired Hudd in 1997 and the name of
the combined firms became Maersk
Distribution Systems Inc. (MDSI).
According to court documents,
everything went fine with Virginia Lee
for the first four years of her employ-
ment at MDSI.
But then Virginia Lee began stealing:
The required payment procedure at
MDSI was for Virginia Lee to receive all
vendor invoices and send them on to
the appropriate employees who had
placed orders for the corresponding
invoiced goods or services. The
employees’ supervisors were required
to approve check requests. The
employees were then required to initi-
ate and obtain supervisor approval of
check requests to facilitate vendor pay-
ment. Virginia collected all approved
invoices and check requests and sent
them on to Maersk Accounting HQ in
NC for payment. Often, according to
Agent Wills’ affidavit, legitimate pay-
ments were sent directly to the ven-
dors. However, transactions that were
part of Virginia Lee’s fraud scheme
were sent back to Virginia Lee via
FedEx, ostensibly so that she could for-
ward the payments on to their legiti-
mate recipients.
Details: Between June 2006 and
June 2009 Virginia Lee:
•Created phony invoices appearing
to be from legitimate or phony ven-
dors.
•Created phony check request forms
to go with the phony invoices.
•Copied and pasted one of her own
supervisors’ signatures onto the phony
request forms.
•Had checks issued by Maersk
accounting headquarters in Charlotte,
NC, delivered to her via FedEx for for-
warding to the legitimate vendor.
•Stole the checks, whited out the
payee names and put her own name on
the payee lines of the FedEx-ed checks;
endorsed them and deposited them
into one of three different accounts
(including her account which was des-
ignated for direct deposit of her payroll
checks).
•Submitted phony invoices and check
requests to Maersk’s North Carolina
headquarters that were duplicates of
legitimate payments already processed
and paid to vendors. This resulted in an
overpayment to legitimate vendors. The
vendors subsequently issued refund
checks to MDSI’s office where, of
course, Virginia Lee received them.
•Altered the payee names and
endorsed the refund checks and
deposited them into one of her person-
al bank accounts.
THE DAMAGE
•Virginia’s fraud schemes contin-
ued for 37 months and involved the
fraudulent use of some 40 different
vendor names. The schemes were dis-
covered when one of the vendors
spotted a cancelled check that had
been altered and called MDSI man-
agement to report it.
•A total of 85 checks totaling
$188,600 were fraudulently generat-
Continued on pg. 4
3
 WHITE-COLLAR CRIME FIGHTER

Continued from page 3

REPORTING MATTERS
ed and converted.
•A total of 31 vendor checks for
refunds totaling $75,000 were altered
“STEALTH” RESTATEMENTS and fraudulently converted.
INTERNAL CONTROLS: WHAT
Accounting Aberrations Flying COULD HAVE PREVENTED THIS?
Under the Radar Lesson: Management of some large
organizations continue to underesti-
mate the cost of fraud despite the
ccounting restatements have panies must file with the SEC to

A been a common by-product announce major events that sharehold-

of financial reporting—and ers should know about.”
accounting fraud—for decades. Problem: While, in the majority of
increased media and law enforcement
focus on corporate crime, the imple-
mentation of new mandatory anti-
fraud auditing standards by the
Fortunately, the frequency of restate- restatements, some combination of Institute of Internal Auditors and
ments overall has declined substan- these procedures is followed, because increasingly stringent oversight of
tially from a high of 1,796 in 2006. restatements tend to tarnish a compa- external audit firms by the Public
Analysts at Audit Analytics, a financial ny’s reputation even if no fraud was Company Accounting Oversight Board
research firm, point to less stringent involved, management sometimes has (PCAOB).
SEC reporting rules Accounting restatements have incentives to obfus- Important: The Virginia Lee frauds
and improved inter- cate the way in which are sobering examples of how organiza-
been a common by-product of
nal controls over they disclose restate- tions continue to run accounts payable
financial reporting financial reporting—and ments. and other financial operations with min-
(ICFR) as possible accounting fraud—for decades. Stealth restatements imal—or even no—anti-fraud controls.
reasons for the decline. are the answer for many companies.
Problem: Restatements are by no They are “released” when management THE PARADOX: PREVENTION IS
means a thing of the past. In 2009 ignores SEC requirements and chooses CHEAP AND EASY
there were 674 restatements. Expense to just amend a prior report or to tuck Related lesson: It is often extreme-
recording, accounts receivable and the restatement into a not-so-readily- ly easy to prevent fraudsters like
revenue recognition were the prima- noticeable section of a scheduled annu- Virginia Lee from ripping off their
ry issues involved in 14%, 12% and al or quarterly report. employers… which in turn teaches us
10% respectively of all restatements in And there are plenty of them: that it is incredibly easy to prevent sim-
2009. Fortunately, many, if not most According to Audit Analytics, despite ilar frauds that are going on right now.
such restatements are not fraud relat- the overall decline in restatements, Here are some of the basic anti-
ed. But the problem is that it’s often stealth restatements make up approxi- fraud controls that readers of this and
difficult to tell whether they are or mately one-half of the total. other fraud prevention publication
they aren’t. have been hearing about—and urg-
THE FRAUD FACTOR ing organizations to adopt for years:
UNDER THE RADAR Important: As indicated, not all •Segregation of duties. Virginia
So-called “stealth restatements” con- stealth restatements are created to should not have been allowed to send
stitute a subset of all restatements obscure fraud in the company. Nor, check requests/invoices to North
that may be flying under the radars of according to one forensic accountant Carolina headquarters. This should
financial statement users due to the experienced in analyzing stealth restate- have been done by one or more of her
obscure manner in which they are ments, is it even possible to definitely supervisors (she had three) only after
disclosed. determine if fraud is a factor in manage- review and confirmation of the legiti-
Key: Under current regulatory ment’s decision not to file an 8-K. macy of the payments.
guidelines for disclosing restate- However, the high proportion of In addition, headquarters should not
ments, a company can disclose a revenue recognition-related restate- have been allowed to accede to
restatement in several ways: 1) press ments suggests that fraud is at least Virginia Lee’s request to have vendor
release…2) Form 8-K…3) amended sometimes an underlying motive for checks sent to her for forwarding on to
periodic reports (10-K/A or 10-Q/A) “going stealth,” as many revenue the legitimate payees.
…and 4) periodic financial reports recognition improprieties are, of •Supervisor review of vendor
(10-K or 10-Q). course, highly illegal. accounts. Had one of Virginia Lee’s
Example: A company that restates supervisors or one of the company’s
its prior year financial information White-Collar Crime Fighter sources: accountants or auditors done a routine
•“2009 Financial Restatements: A Nine Year
could issue a press release disclosing Comparison,” Audit Analytics, www.auditanalyt examination of accounts payable
the restatement…file a Form 8-K ics.com. records, they would have easily
…and in conjunction with the 8-K, •“‘Stealth’ Restatements: An Issue Requiring noticed that certain vendors were
file any relevant amended periodic Attention,” by Kevin Hee, PhD, and Leon Chan, receiving unusual numbers of “pay-
PhD, assistant professors in the Charles W. ments” starting in 2006 (the first year
returns that cover the restatement Lamden School of Accountancy at San Diego
period. Form 8-K is, according to SEC State University, San Diego, CA, CPA Journal, of Virginia’s scheme).
language, “...the ‘current report’ com- April 2010. Continued on page 5

4
 ºWHITE-COLLAR CRIME FIGHTER

Continued from page 4 OPERATIONAL FRAUD

In addition, new vendors should be Ron Schwartz, Deloitte Financial Advisory Services LLP
authenticated by a staff member other
than the one(s) responsible for process-
ing invoices or approving payments.
•Vendor master file access con-
trol, review and “cleansing.”
PROCUREMENT FRAUD
Organizations must implement tight
controls over who has access to the
Detection and Prevention
vendor master file and for which spe-
cific purposes. Had Maersk’ s account-
ing or audit staff conducted regular
Essentials
vendor “cleansing,” it may have noticed
the existence of phony vendor names
or dormant vendor accounts that
Virginia Lee might have created and
stopped using.
•“NPO/NP.” Maersk evidently did ase study #1: A whistleblower at flags of possible fraud such as relation-
not have a “No PO/No Payment” policy.
According to the court documents,
MDSI only required invoices and
employee check requests. This pro-
C at large manufacturer reported to
the company’s internal audit
department that an employee in the pro-
curement department was colluding with
ships between employees and ven-
dors…such red flags include anomalies
in the pattern of purchasing, as well as
numerous other signs of procurement-
vides a tempting opportunity to steal related fraud including kickbacks,
a vendor to bill the company for security
to anyone with the inclination to do so.
services that were never rendered. bribery and billing schemes.
•Dual signatures on checks. Had
Internal audit’s subsequent investi- Problem: Organizations tend to instill
Maersk implemented and enforced
gation revealed several large round dol- a certain amount of trust in their employ-
such a policy, it is possible that at
lar invoices billed for security at events ees to operate efficiently. In the procure-
some point before 2009, one of the
that the company never held. The ven- ment function, key employees are entrust-
authorized signatories would have
dor admitted in an interview with an ed with access to vendor selection, the
reviewed a payment’s documentation
investigator that some of the invoices vendor master file, accounts payable files,
and discovered suspicious details.
were in fact fictitious while other invoice approval and purchase orders.All
•Bank statement review. Regular
invoices were for legitimate services of these elements of the procurement
bank statement review by a supervi-
ordered by the company. This scheme process provide potential opportunities
sor, accounting staff member or
lasted several years and cost the com- to commit fraudulent activity such as bid
accounts payable manager would have
pany hundreds of thousands of dollars rigging, false billing schemes, kickbacks
caught whited-out and otherwise
before the whistleblower, who also and conflicts of interest.
altered cancelled checks at a very early
worked in procurement, spoke up. In today’s sluggish economy, reduc-
stage in Virginia Lee’s fraud scheme.
Case study #2: An analysis of pur- tions in resources due to layoffs often
•Awareness training and hotline
chases by the maintenance department compromise segregation of duties, cre-
management. Employees should be
of a large company revealed that the ating new opportunities for dishonest
trained to recognize the red flags of
price paid for various supplies was behavior. In addition, more and more
fraud and continuously encouraged to
twice and sometimes three times that of employees are feeling increased finan-
report suspicious activity via the orga-
“market” value. An investigation cial pressure as well as justification for
nization’s confidential hotline.
revealed a financial connection committing frauds of many kinds,
CONCLUSION between the vendor and the mainte- especially procurement schemes.
At a time when organizations are nance department procurement officer. If dishonest procurement employees
being stung by costly frauds such as feel increased pressure to perform or
those involving deception by securities IMPORTANT LESSONS produce results, and if an organization
firms on Wall Street, and some of the These two real life examples have a simultaneously lacks appropriate con-
nation’s biggest banks are being called common thread. Both companies had trols and segregation of duties, these
to answer for the widespread use of controls in place such as segregation of employees will be able to identify ripe
fraudulent lending practices and other duties and supervisor approval. Yet in opportunities to abuse their procure-
financial crimes, it is more important both cases, the controls were overrid- ment roles by committing fraud.
than ever that basic business practices den by either collusion or abuse of Common frauds by procurement
be scrutinized for fraud risk and revised approval authorities. employees:
to defend against costly yet remarkably Key: Learning from the investigative •Kickbacks. Kickbacks involve the
basic crimes of opportunity such as process that uncovered the techniques giving or receiving of anything of
those committed by Virginia Lee Uy. used to perpetrate the frauds, and value to influence a business decision.
Moreover, to remain competitive employing similar investigative tech- Kickbacks may be undisclosed pay-
and profitable, focusing on the funda- niques to assess procurement activity ments made by vendors to employees
mentals of fraud control is more on a periodic, proactive basis can be in return for favorable treatment, such
urgent than ever. extremely helpful in identifying red Continued on page 6

5
 WHITE-COLLAR CRIME FIGHTER

Continued from page 5

as bid rigging or inside bidding infor-
FRAUD-FIGHTERS’ mation. The vendor may also
approach an employee about submit-
NEED-TO-KNOW ting or approving invoices for goods
or services that were never received,
HOT LINE in exchange for a kickback.
Kickbacks are often cash pay-
ments, but they can also be in a form
that is more difficult to detect, such as
Fraudster Is Just a Nice Word for Cybercriminal payments on personal loans or credit
card bills, transfers of property or

F raud prevention mistake: Thinking that hackers and other cyber-criminals

are a separate and distinct group from fraudsters. Today, technology is indis-
pensable to conventional fraudsters, which means organizations must begin
vehicles at less than fair market value,
lavish vacations or a hidden interest
in the vendor’s business.
attacking their fraud risk problem by including technology-based frauds in those •Conflicts of interest. If an
efforts. employee has an interest in the finan-
Details: Top information/computer security experts gather annually at major cial well-being of a vendor, a conflict of
conferences sponsored by such respected organizations as RSA, Gartner and Black interest could exist. This may take the
Hat to stay up on the technologies and techniques used by criminals to defeat form of being a part-owner in the ven-
cybersecurity. But they don’t talk a lot about fraud—yet. dor company, or knowing someone
Key: Internet fraud is not so different from traditional IT security that it close, such as a spouse or family mem-
requires a different set of technologies and professionals to defend against it. ber, who works for the vendor and can
Hackers analyze systems to find backdoors that you didn’t know were there, while receive rewards for business the
fraudsters use the front door in ways that you never intended. employee provides.
Key question now: Who in the organization “owns” fraud prevention? More and more employees are
Examples: feeling increased financial pressure
•Large Internet retailers are fairly sophisticated in their anti-fraud measures. as well as justification for commit-
Most have a department devoted to controlling Web fraud with a budget, analysts ting procurement schemes
and tools assigned to deciding whether to accept, reject or review a Web transac-
tion—typically a credit card purchase. RED FLAGS
•Newer Web businesses that facilitate social connections online like dating and As is widely understood—but not
casual gaming are quickly getting up to speed on fraud as it infiltrates their busi- widely practiced—fraud detection
ness, putting their customers and their brands at risk. generally works better when every-
Bottom line: More and more fraud is the by-product of stolen or lost data one in the organization is trained to
and identity-related cyber-crimes. Fraudsters are cyber-criminals and vice recognize red flags that point to pos-
versa. sible fraud. In the purchasing func-
How do the bad guys get your identity? The way they’ve been doing it for years: tion, such red flags include:
They take over your computer with malicious software, steal personal data in bulk •Expenditures that do not make eco-
nomic sense (dollar amount and timing).
by penetrating IT security systems or look over your shoulder at Starbucks while
•Orders that are consistently made
you’re typing…and they even go through your trash.
from one vendor without inquiring with
White-Collar Crime Fighter source:
Tom Grubb, Vice President of Marketing, ThreatMetrix, a provider of online fraud prevention soft-
other vendors for comparison purposes.
ware, writing at SecurityWeek.com, www.securityweek.com. •Costs of goods or services that are
higher than those of competing vendors.
•Poor documentation for expendi-
tures.
Disturbing Findings About Cyber-crime •One-time payments to vendors (such
as those not officially set up and cleared
n its latest study of the frequency and cost of the main types of computer
I and Internet crime against organizations, the respected Ponemon Institute
reports that cyber-attacks by malicious insiders account for the second-high-
through accounts payable).
•Large round-dollar payments.
•Sudden unexplained replacement of
est annualized cost among seven major categories—led only by viruses and long-time vendors.
worms.
DETECTION METHODS
Added surprise: While, as expected, Web-based cyber-crimes are the most Data analysis is one of the most
damaging, costing an average $143,000 per incident, attacks by employees are effective techniques for identifying
not far behind—costing an average of $100,300 per incident. red flags of purchasing fraud.
Phishing attacks, by contrast, where companies have poured massive Example: Analyzing your vendor
amounts of resources in hopes of minimizing their risk of victimization, now master file, payroll database, and
cost only $35,000 per incident. accounts payable database can help
White-Collar Crime Fighter source: identify potential undisclosed relation-
First Annual Cost of Cyber Crime Study, Benchmark Study of U.S. Companies, by Ponemon ships between employees and vendors
Institute, Traverse City, MI, www.ponemon.org. Continued on page 7

6

Continued from page 6
and such red flags as:
•Common bank account, address, and
phone numbers between vendors and
employees that may indicate a potential
conflict of interest.
•Duplicate invoices with the same
supplier.
•Invoices from different suppliers
with the same dollar amount, date and
invoice number.
Data analysis can also provide valu-
able trend data, such as the number of
invoices from suppliers over time,
unusual invoice number sequencing,
and dollars spent for goods and ser-
vices purchased from a particular ven-
dor. This can assist with answering the
question, “does the dollar amount and
timing of purchases from a particular
vendor make sense?”
ADDITIONAL ANTI-FRAUD TOOLS
In addition to data analysis, some
commonly used investigative tech-
niques can also be used to help iden-
tify anomalies in purchasing:
•Employee interviews. Inter -
viewers sometimes find that employ-
ees have information about potential
inappropriate relationships between
employees and vendors or are suspi-
cious about certain transactions.
Interviews at all levels within the com-
pany can provide insight into daily
procurement operations and can
reveal fraud risks which may be other-
wise unknown to the organization.
•Background checks can provide
information about the employment
history, integrity and reputation of
selected individuals and entities.
Example: A small amount of time
and money spent performing a back-
ground investigation, such as Secretary
of State records searches, might reveal
suspicious connections between
employees and vendors. Additionally, it
can provide history on vendors’ perfor-
mance, legal proceedings and other rele-
vant information.
•Electronic discovery, such as
extracting and analyzing E-mail files, can
identify any questionable correspon-
dence between vendors and employees
using an organization’s computers.
Key: These tools may be used
proactively by the organization to
help identify potential fraudulent
activity before significant financial
losses are incurred.
White-Collar Crime Fighter source:
Ron Schwartz, Partner, Forensic & Dispute
Services, Deloitte Financial Advisory Services
LLP. Ron can be reached at
rschwartz@deloitte.com.
WHITE-COLLAR CRIME FIGHTER
THE
CON’S LATEST PLOY...
From White-Collar Crime Fighter’s files
of new scam, scheme and scandal reports
San Jose, CA
W hitest of white-show law
firms under the gun for con-
cealing alleged multi-million dol-
lar client fraud. The elite New York
City-based law firm, Simpson Thacher
& Bartlett LLP, has been battling a legal
assault against it for allegedly allowing
the CEO of one of its client companies
to loot the organization and flee the
country following the perpetration of a
major fraud scheme.
Background: In August, Judge Mary
Jo Levinger of the Santa Clara Superior
Court rejected a request by Simpson to
dismiss charges of malpractice, breach
of fiduciary duty and unfair competi-
tion made against the law firm by its
former client, PrediWave Corporation.
In March, the California high-tech com-
pany filed an amended complaint alleg-
ing that Simpson Thacher lawyers
concealed a massive fraud from
PrediWave’s board of directors and
allowed the company’s former CEO to
flee the US with tens of millions of dol-
lars in ill-gotten funds.
Simpson Thacher’s objection to the
charges was subsequently overruled by
the Santa Clara Superior Court, thus
further setting back the law firm’s
efforts to prevent PrediWave’s claims
from proceeding forward to trial.
Key: PrediWave’s complaint out-
lines how Simpson Thacher allegedly
hired investigators who uncovered a
massive fraud scheme being perpetrat-
ed by former PrediWave chief execu-
tive officer, Jianping “Tony” Qu. But
rather than disclose their findings to
the company’s board of directors,
Simpson Thacher attorneys allegedly
chose to conceal these facts and,
according to court documents,
obstructed an investigation into Qu’s
actions by members of PrediWave’s
board.
Qu is reported to have fled the
United States in 2006 after transferring
more than $40 million in corporate
funds to a bank account in Japan. As a
result of Qu’s fraudulent conduct,
PrediWave was hit by a $2.8 billion
judgment against it. Qu remains an
international fugitive.
The allegations contained in the
latest PrediWave complaint include:
•Simpson Thacher attorneys be-
came aware by December 1, 2004, that
Qu was directing PrediWave’s pur-
chase of tens of millions of dollars of
memory chips from a shell corpora-
tion whose profits were pocketed by
Qu.
•Simpson Thacher uncovered evi-
dence showing that delivery records
and price quotes from a non-existent
Chinese company were falsified,
while the memory chips themselves
were purchased from a tech firm
operating only a few miles from
PrediWave’s Fremont headquarters.
•“Tony” Qu was paid a $25 million
bonus in January 2005 while Simpson
Thacher took no action regarding the
evidence it had gathered about his
allegedly illegal activities.
•Attorneys for Simpson Thacher
filed a lawsuit in May 2004 preventing
two PrediWave directors from review-
ing company documents and pursu-
ing an investigation that would have
revealed Qu’s fraudulent actions.
•In 2005, Simpson Thacher retained
a private investigation firm, not for the
purpose of exposing Qu’s actions, but
rather to determine the probability of
the fraud going public. Simpson
Thacher inexplicably never disclosed
the results of that investigation to
PrediWave’s board of directors.
•While serving as PrediWave’s
counsel for only a little over a year,
Simpson Thacher billed over $16 mil-
lion in legal fees. At the same time, Qu
was receiving approximately $25 mil-
lion in annual bonuses from a compa-
ny that had recorded no sales and no
7
 WHITE-COLLAR CRIME FIGHTER

profits.
•PrediWave is seeking over $100
million in restitution and disgorgement
of all legal fees paid by PrediWave to
Simpson Thacher.
Latest episode: California Court of
Appeals Justice Patricia Bamatre –
Manoukian in late November affirmed
the denial of Simpson Thacher’s
motion in a malicious prosecution law-
suit brought by former PrediWave out-
side director Jimmy Li.
This is the latest in the six-year
string of adverse rulings against the
law firm, which is facing charges of
massive fraud leveled by its former
client PrediWave. Li’s malicious prose-
cution lawsuit has been deemed a
“related case” to the PrediWave fraud
case by the Santa Clara Superior Court,
where both cases are currently pro-
ceeding.
Salt Lake City, UT
T rucking company hits speed
bump when employee helps
himself to $1.3 million. Nathan
Kapp was arrested by federal marshals
on one count of mail fraud and four
counts of money laundering.
If convicted, Kapp could be sen-
tenced to a maximum of 20 years in
federal prison on the mail fraud charge
and as much as 10 years each on the
money laundering charges.
Details: According to the indict-
ment, that Kapp was controller for the
recruiting, training and safe-driving
department of the large privately
owned trucking company, C.R.
England. The company, based in Salt
Lake City, has a training arm with cam-
puses in Utah, California, Texas and
Indiana. Kapp was in charge of collect-
ing trainees’ payments—often made in
cash—and reconciling the revenue
with receipts he was responsible for
giving to trainees. Kapp was supposed
to place copies of the receipts and the
cash in a lockbox. Cash from campuses
outside Utah was sent, along with
copies of receipts, to Kapp at the Salt
Lake City headquarters.
Kapp allegedly deposited between
$5,000 and $10,000 weekly into a per-
sonal bank account from cash received
from students at the educational facili-
ties operated by the trucking firm.
From January 2007 until recently, he
allegedly deposited about $1.3 million.
The indictment alleges that Kapp
used the stolen funds to buy a $48,000
Lexus, to make a down payment on a
home and to make payments to a con-
tractor who specializes in high-end
concrete work, resulting in the money
laundering charges.
San Antonio, TX
V eteran employees end careers
at construction company after
perpetrating seven-year kickback
scheme. The Supervisor of Material
Managers at now-defunct Zachry
Corporation, Lee Mann, ended his 21-
year career at Zachry by getting
caught for his role in a $10 million
kickback scheme.
Details: Lee, together with three
subordinates, colluded with a group of
outside vendors in orchestrating a
false billing scheme whereby the out-
side vendors would receive fraudu-
lently inflated purchase orders from
Mann and deliver only portions of the
orders.
Specifically, Mann and his co-con-
spirators would consult with David
Reitman, head of construction prod-
ucts supplier, Mill and Safety Supply
Company (MSS) and sole owner of the
shell company, Louisiana Marine and
Industrial Supplies Company. After the
consultation, Mann and his collabora-
tors would submit inflated requisition
orders to Zachry’s purchasing depart-
ment. Upon approval of the requisi-
tion orders, Mann would tell Reitman
how much product was actually need-
ed by Zachry.
Mill would have the needed amount
delivered, but would submit invoices
to Mann for the full amount of the
bogus PO. Mann would have the
invoice approved and Mann would
be issued a check by Zachry’s
accounts payable department. The
excess money received would then be
split among Reitman, Mann and the
other co-conspirators.
The concealment: To help cover

WHITE-COLLAR CR ME
Your Secret Weapon in the War on Fraud
FIGHTER
up the fraud, Mann and his co-conspir-
ators created phony packing slips
falsely indicating that Zachry had
received the full amount of merchan-
YES! I want to save $100 on a one-year subscription to WHITE-COLLAR CRIME dise indicated on the requisition order
FIGHTER! By subscribing now, I’ll get the money-saving introductory subscription rate of and purchase order. He then entered
$150. That’s $100 off the regular subscription price of $250! into the company’s records that the
Plus, send me—for FREE—The new book, Detecting and Preventing Fraud in full amount requisitioned had been
Accounts Payable. This is a $50 value—yours absolutely FREE with your subscrip- received, though it had not been.
tion to White-Collar Crime Fighter! Reitman then paid Mann and his
Payment enclosed (or) Charge my Visa Mastercard AMEX Discover Bill me associates a kickback from the amount
paid by Zachry’s for undelivered
Card # Expiration date
goods.
Signature
COMING SOON IN
Name White-Collar Crime Fighter…
• Detecting and preventing manage-
Affiliation
ment override of internal controls
Address • Using data analysis to detect
fraud
City State Z ip
• Information security strategies for
Call 1-800-440-2261…Or Fax this order form to: 203-431-6054 non-technical decision-makers
Or subscribe on-line at www.wccfighter.com.
Or mail this form and your check to: White-Collar Crime Fighter, 213 Ramapoo Rd., Ridgefield, • Locating hidden assets in fraud
CT 06877. You can contact White-Collar Crime Fighter by E-Mail: subscribe@wccfighter.com cases