Occupational fraud doesn’t always translate to hard cash leaking out of the company’s bank account. This article from the Rochester Democrat & Chronicle discusses an ongoing case about the alleged employee theft of over $2 million worth of diabetes test strips, illustrating how noncash fraud can be very lucrative in the right circumstances.
First of all, for a noncash fraud scheme like this to work, there has to be a market for the stolen goods. If the product is too bulky or can only be sold to a limited group of buyers, the risks of this type of fraud reduce. However, the risks don’t necessarily go away.
In this case, authorities state the alleged offender was able to procure medical supplies and had identified a handful of buyers to complete the cycle. When considering your internal control plan, the “street value” of a company‘s product needs to be considered in the risk assessment process. Inventory that carries a greater street value needs to have a more robust internal control plan.
Secondly, more often than not, the perpetrator needs access to the receiving department. This article mentions that the alleged offender “intercepted” the medical supplies. Ideally, the roles of purchasing and receiving should never overlap. Those roles align too well and provide the perpetrator both the opportunity to gain access to the inventory and the potential to cover it up.
The article also illustrates some very effective detection techniques that can and should be deployed to combat against this risk.
Clearly, the data analysis being performed by a function/department in the company was key. The company knew that the volume of diabetes test strips was far too great for their needs. They also knew that the orders of the test strips came from one secure user ID. The article isn’t clear on whether the company came to know these facts during the scheme or after the fact, but regardless, data analysis of key functions within a company is an extremely effective fraud detection tool. A simple report of purchased quantity by SKU would highlight unusually large volumes of purchases. That, coupled with a query to understand the sales of that same SKU, far less than the purchases, would shine a bright light on this issue.
It also seems likely to me that the company distributed some fraud training materials on things to look out for. After the internal audit system flagged the strip purchases, an employee was directed to look for inventory discrepancies. The article mentions that an employee noticed a box without a company logo on it, which appeared unusual. They also noticed it was purchased from a company they didn’t use very much, if at all, which was also unusual. Lastly, they noticed the return address matched the accused employee; again, this was unusual. Fraud training materials are critical to share with the front-line workforce. They are the ones in a position to notice this type of behavior.
Fraud is not an ordinary part of a business’s operations. By its nature, it is unusual and creates unusual pieces of data. The job of an internal control architect is to construct a series of controls that help the business identify and resolve unusual observations. You have to start with an informed approach based on a tailored assessment of the unique risks facing the business. Once that assessment is in place, the controls needed will start to align from there.
© Clark Nuber PS and Focus on Fraud, 2019. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.