Page 417 - JoFA_2022
P. 417

FRAUD






                          5.  TJ authorized a payment on a fake invoice   a.  TJ provided his brother’s address instead of
                            that he submitted to his employer, a retailer,   his own.
                            for payment. The invoice was for a consulting   b.  TJ opened a bank account in his daugh-
                            service and provided all the appropriate   ter’s name.
                            information for processing and payment,   c.  TJ created a business with his family’s initials.
                            including wiring information and contact   d.  TJ charged for a consulting service.
                            information. However, the bank account for
                            the wiring instructions was created in his
                            daughter’s name, and the company name is
                            the initials of his children and spouse. The
                            listed address for the company is his brother’s
                            house on the other side of town. What is most
                            likely the first red flag of TJ’s scheme that an
                            auditor would notice?
                          ANSWERS
                          1. (c) A business email compromise scam. Business   2. (a) The invoice only lists a post office box ad-
                          email compromise (BEC) scams are among the   dress for contact. An invoice that offers a post office
                          costliest scams to which a company can fall victim.   box as the only point of contact should be viewed
                          BEC scams often begin with the criminals conduct-  suspiciously. A post office box can be a red flag of a
                          ing extensive background research and acquiring   shell company because of the ease with which one
                          the names and email addresses of senior manage-  can be acquired and the anonymity that it offers a
                          ment. Posing as a high-ranking executive or even   fraudster. It also fulfills the need to provide an address
                          the business owner, a fraudster then contacts the   to send payments to without indicating where one
                          employee in charge of billing to request a payment   lives. Employees fraudulently billing their employers,
                          be sent. Fraudsters rely on the employee’s loyalty   for example, might avoid having payments sent to
                          to the company and manufactured urgency to do   addresses directly connected to themselves.
                          as requested by their superior without confirming   The lack of additional contact information
                          the request through other means, such as a phone   should be questioned. While many legitimate
                          call or a separate email to the known address of the   businesses do use post office boxes, they will also
                          superior. Education and training are among the   list other means of contact, such as phone numbers,
                          most effective ways to prevent a BEC scam from   a website, an email address, and possibly a physical
                          deceiving employees.                      address for the company headquarters.
                            A fictitious vendor scheme is an internal billing   Any information should be verified, especially if
                          scheme conducted by an employee in which the   something appears off. The inclusion of this type of
                          employee creates a fraudulent invoice to be paid to a   information is to be expected and therefore is not
                          vendor that does not exist.               immediate cause for suspicion, even if the informa-
                            While a fictitious vendor provides an invoice   tion shows the vendor is from out of state.
                          for goods or services not rendered, a passthrough   Receiving an invoice from a former vendor with
                          scheme is one in which the employee purchases   expired information is not immediately a red flag,
                          goods from a legitimate vendor, sells the goods to   as it was once authenticated. An expired vendor
                          their employer at an increased price, and keeps the   should be reauthenticated and purchase orders
                          profit. The transaction has passed from the original   confirmed before any payments are resubmitted.
                          vendor, through the employee’s shell company, to
                          the employer.                             3. (b) Joshua checks every invoice and bill against
                            Electronic payment tampering involves the   the supporting documentation. If Joshua checks
                          manipulation of the organization’s outgoing elec-  all payables against the proper documentation to
                          tronic payment mechanisms, such as an automated   ensure the company is paying the correct vendors
                          clearinghouse, online bill payments, or wire transfers.   the correct amounts, he can avoid falling victim to a
                          Dishonest employees with bank account access can   scheme like Mickey’s.
                          log in and divert funds using these payment mecha-  Mickey might believe that Joshua will authorize
                          nisms to their own accounts or their own means.  payment on his personal credit card bill because he

         14    |   Journal of Accountancy                                                          October 2022
   412   413   414   415   416   417   418   419   420   421   422