Category Archives: Norman Katz

Organizational Versus Occupational Fraud

Share This on Linked In

Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his new column in the archive.

When do you draw the line between a person (or persons) being guilty of fraud versus the entire organization? The latter seems pretty sweeping, implying that every employee was guilty of perpetrating fraud; this is not the case, however.

Operational fraud — such as frauds that happen in the internal/external supply chain operations — can be divided into two basic classifications of fraud: organizational versus occupational.

When a person or persons commit occupational fraud, they have used their positions or roles to facilitate the perpetration of the fraud. A cashier who takes money from the till, an accounting person who falsifies deposits and pockets some cash, a buyer who accepts gifts, brides, or kickbacks for steering business to one supplier versus another, etc., are all examples of occupational fraud. Contractors and service providers can be guilty of occupational fraud, such as the attorney or technology consultant who submits bills for hours not worked. There is an implied trusted relationship that the person breaches in their less-than-trustworthy conduct.

When, at the highest levels of an organization, senior management (typically officers, but sometimes members of the board of directors) are guilty of perpetrating fraud via the use of the enterprise itself, in whole or in part, this is organizational fraud. What’s so unfortunate about organizational fraud is that many times honest employees in specific occupations are often left to suffer, such as when the organization folds. (Examples include Arthur Andersen, WorldCom, and Enron.)

Senior management and directors bear the burden of responsibility in their positions to set the right examples for the organization’s code of conduct. This is part of good governance for public companies as outlined in the COSO Sarbanes-Oxley compliance framework, but it is certainly applicable to private companies and government agencies alike.

The Sentencing Reform Act of 1984 provides guidelines for the penalties assigned to both individuals and organizations guilty of crimes. In brief, the penalties are assessed as follows:

(1) The greatest of the following:
  (a) A base fine from an offense level table;
  (b) The monetary gain to the organization;
  (c) The loss suffered due to the intentional, knowingly reckless, behavior by the organization. (2) Application of a fine multiplier based on such factors as cooperation versus obstruction of justice, history of bad behavior, and whether the organization self-reported and accepted blame and responsibility.

In the tainted pet food scandal that hit the United States, melamine was added in China to the base ingredients to boost the tested protein levels and cover-up quality problems. A public official (an inspector) and an employee of the manufacturing company (a buyer, I believe) were both involved in the fraud: they used their occupations to perpetrate the fraud, which involved payoffs.

The pet food was then shipped from China to Canada where it was canned for distribution into the United States under various brand names. If, in the US or Canada, the corporate philosophy was to either not bother with quality assurance testing or not adequately fund quality assurance testingn (thus rendering it ineffective), in order to reduce cost-of-goods-sold and boost profits, this is, in my opinion, organizational fraud as perpetrated by the canning company in Canada and the US distributors.

Another good example is children’s toys in regards to the use of lead paint and design flaws which, even when manufactured to the specifications, represented a hazard.

The lesson here is very simple: You can outsource manufacturing, but you can’t outsource responsibility.

Norman Katz, Katzscan

The Troubled Triangle — How an Economic Recession Can Increase Fraud

Share This on Linked In

Editor’s Note: This post is from regular contributor Norman Katz, Sourcing Innovation’s resident expert on supply chain fraud and supply chain risk. Catch up on his new column in the archive.

In the 1950’s, Donald Cressey, a sociologist and criminologist, created the theory of the Fraud Triangle. In brief, Cressey stated that there are three components that must all come together for the commission of a fraud to occur. (This is akin to a “three-legged stool” theory.)

First, there must be pressure. A person can feel pressure from a variety of internal and external sources, such as a desire to excel, jealousy, family needs, drug or gambling addictions, etc.

Second, there must be opportunity. If a person senses that he/she can get away with something, or is otherwise enabled to do something, opportunity is present.

Third, there must be rationalization. A person will think through why an act of fraud should or should not be performed and “talk themselves into” the belief that the fraud should be perpetrated, often using skewed logic which seems justifiable to the person.

Now, let’s relate Cressey’s Fraud Triangle to the troubled economic times we are in. Organizations are slashing payrolls and laying off personnel by the hundreds and thousands. While this may satisfy financial analysts and Wall Street, are these moves being thought out strategically in terms of security and good governance integrity? Let’s explore this.

For the remaining employees, I’d imagine that these folks are under a lot of pressure, having to pick up extra work loads that their now laid-off compatriots once did. With work loads increased, bonuses cut, existing payrolls held or reduced, and the worry of whether they will be in the next round of cuts should their organization survive at all, there’s a lot of pressure on the shoulders of these individuals. Combine this with outside-the-job pressures such as family needs, an unemployed spouse, kids in college, medical care, etc. and you’ve got quite the boiling tea kettle ready to blow.

With their job responsibilities increased to cover for dismissed colleagues, an employee will likely need more business software application rights and roles to accomplish the new expanded set of tasks. By increasing application rights and roles, a single employee could in fact be given enough authority to perpetrate fraud. (Remember our friend the accounting clerk who I mentioned in a previous post?) Job cuts often result in decreased monitoring and controls, overall leaving an employee with ample opportunity to commit fraud.

Now, with pressure building and opportunity soaring, what’s left to reign in the otherwise honest employee from perpetrating fraud? It is our morals, ethics, values, and principles. And when these fail – when the forces of pressure and opportunity become so great that they eclipse this final protective barrier, there is a good likelihood that fraud will be perpetrated.

For public companies that must comply with Sarbanes-Oxley laws and ensure good governance to protect their financial statements from materially significant impacts, are the corporate cuts leaving them exposed to even more risk from fraud than before? (Private companies and government agencies face the same risk exposure too.)

Have you had to cover for colleagues that were let go? Are there more gaps and less controls now than before? Are you one of the many who was made redundant and know that your absence has created or widened a gap where fraud can now foster and grow? Let’s hear from you.

Norman Katz, Katzscan

The Pressure To Commit Fraud

Share This on Linked In


Editor’s Note: This is Norman Katz’s third post as a regular contributor on Sourcing Innovation. Norman, who has published dozens of articles on the subject, is a supply chain fraud and supply chain risk expert and will be covering these topics in his new column, which is indexed and archived here.

A friend and collaborator, Doug Ross, a corporate integrity consultant among other talents, asked me to write an article on supply chain fraud that he would send to his contact base. He wanted to see what the reaction was to this subject and what nerves would be struck. And oh boy – did we strike a nerve and get a reaction!

In the article I wrote about how an otherwise honest employee could be forced to commit fraud due to organizational pressure when faced with what I describe as a variation on the response (by humans and animals alike) to an adverse situation. When facing danger there is a choice: fight or flight. When an organization pressures an otherwise honest employee to commit fraud or lose their job, the employee has a choice: fraud or flight – commit the fraud (which will contradict their ethics, morals, and values), or suffer from flight (be fired or be forced to quit their job). And when flight is not an option – when losing one’s job is not possible – the only response left is to commit the fraud to save oneself. Not much of a choice, is it?

Doug forwarded me the response from one of his contacts: this person is in mid-to-high level management at a $6B per year corporation. Let’s call him Sam.

Sam fired back at us with both barrels: He found the topic of fraud to be disgusting, and the suggestion in the article I wrote that an otherwise honest employee could be forced to commit fraud by his/her employer was something out of the realm of possibility. The insinuation that such a situation could even exist was repulsive to Sam, let alone that an employee would cave in and commit the fraud.

Quite frankly readers, I had trouble sitting for the next day or two as I had felt that we had been severely spanked. And my name was attached to the article when Doug sent it out! So much for my sterling reputation!

A few days later, Doug forwarded another e-mail from Sam, this one in a completely different tone.

Sam had some time to think, and one of the first things he did was to offer an apology for his prior response. In thinking this through, Sam openly admitted that if he were forced to make a decision between providing for this family – food, shelter, comfort – and committing a fraud that was forced upon him, he would commit the fraud to protect his family’s well-being and lifestyle.

Wow – what a turnaround.

What does this tell us about Sam’s ethics, morals, and values? They are right on track where they should be. Sam is an honest person of integrity who cares deeply for his family. Sam is a provider, a husband, and a father. Sam is a protector of the persons he loves.

So readers, if this scenario had actually played out in Sam’s workplace, who would be responsible for perpetrating the fraud: Sam or his employer? What would you do in a similar situation: would you commit the fraud or leave the company? Does the current economic recession – with record levels of unemployment and few jobs available – alter the choice you would make in an otherwise robust economy?

I look forward to your responses.

Norman Katz, Katzscan

Beyond the Hack (Some Tips on Protecting Yourself from Inside Fraud)

Share This on Linked In

Editor’s Note: This is Norman Katz‘s second post as a regular contributor on Sourcing Innovation. Norman, who has published dozens of articles on the subject, is a supply chain fraud and supply chain risk expert and will be covering these topics in his new column, which is indexed and archived here.

Let’s start by taking a look at a real-life fraud story:

An accounting clerk who worked for Broward County (FL) workforce development agency perpetrated fraud that enabled her to walk away with $2.4M. Let’s learn a little bit about our fraudster:

  • She had worked at this government agency for over 10 years
  • She was hired with a criminal background (multiple convictions) but lied on her application
  • She did not have more than a high school education
  • She did not make more than $32,000 per year
  • She was living, with her property-manager husband, in an $840,000 house, and owned another house plus several apartments

I want to be very clear that this fraud was not perpetrated by hacking the agency’s network infrastructure; these breaches get lots of airplay in the media typically because they are associated with stolen credit card information. This fraud did not require the use of viruses or other network penetration hacking techniques. This fraud did not require extensive technical knowledge or programming skills of any kind. This fraud was perpetrated from inside and within: inside the organization (by an employee) and within the protected network infrastructure.

How was this fraud perpetrated? The fraudster wrote checks to herself. Yes, that’s it. The accounting clerk simply wrote herself checks. The check amounts varied from $12,000 to $20,000 during the course of approximately 6 years.

(The fraud was discovered by a bank teller; fortunately for the agency, the fraudster banked at the same financial institution as the agency did. The agency’s management admitted that a failure — or rather, lack — of internal controls and monitoring enabled this employee to perpetrate the fraud.)

In fairness, this fraud likely found its way into the news because it was done at a government agency; there are plenty of serious frauds that occur at private and public companies that never see the light of day due to the reputation damage they could cause. As such, too many fraudsters are not prosecuted to keep the organization’s name out of the news spotlight; these perpetrators are simply let go and can move on to other organizations to exploit their gaps.

While it’s very important to protect your network infrastructure, too many companies fail to address risks from the inside. Reasons given for top management’s unwillingness to take a serious look at internal risks range from an assumed trust in their employees to a lack of belief that it could happen at “my company”.

When users have extended or unrestricted rights within a business software application, especially when such broad authority permits bypassing or exceeding controls, there is a (greater) chance of fraud perpetration. Typically, such employees are performing multiple tasks that would better be separated across multiple employees.

A good starting point would be to review your employee handbook. Does the employee handbook contain sections that educate the employee as to what is and is not acceptable behavior? Are the penalties for breaches of conduct clearly stated? (And is the organization willing to back up words with action?) I’m pretty certain that even if the employee handbook had included such information, this agency employee would still have perpetrated the fraud. But this is just a starting point on what needs to be a continuous journey to bring integrity into the workplace for people, operations, and software applications.

Norman Katz, Katzscan

Slime in the Sunshine


Editor’s Note: This is Norman Katz‘s first post as a regular contributor on Sourcing Innovation. (His previous guest posts are still archived.) Norman, who has published dozens of articles on the subject, is a supply chain fraud and supply chain risk expert and will be covering these topics in his new column. He recently started a newsletter, and past issues are archived.

Ah — the innocence of youth, now lost to me forever. When I consider what I know now and have experienced, would I be happier not knowing or am I glad I have a better understanding of how the world works and some of the directions it has gone? Well, if to be forewarned is to be forearmed, I’m happy for the insight, as it has allowed me to become quite proficient in fighting for my rights as a consumer against various product companies and such “untouchable” titans as the cable, telephone, power, mortgage, financial, and insurance companies I’ve be a customer of over the years who have attempted to perpetrate their own brands of fraud against me. I will not settle for poor customer service, and have found ways around those entities, complaining to “higher authorities” and getting noticeable results. I’m saddened that they’ve likely gotten away with it against lesser-experienced consumers who lack the knowledge and fortitude to stand up for their rights, as this seems to be more and more the norm for “customer service”.

I live in South Florida, which is considered to be the counties of Miami-Dade (major city: Miami), Broward (major city: Fort Lauderdale), and Palm Beach (major city: West Palm Beach). Sometimes Monroe County (major city: Key West) is included.

It’s pretty tough to get people from one county to drive to an event in another county unless they are already close to the county line. People from Palm Beach and Broward seem to bristle at being lumped into the “Miami” metropolitan classification, at least when it comes to some of the more glaring statistics about this area:

  • In 2006 & 2007, Miami was ranked # 1 in mortgage fraud; even in 2009, we’re holding our own in one of the top 5 spots nationally.
  • In 2007, Miami had the 2nd highest rate of foreclosures nationally, and we’re still holding our own as a top-five contender nationally here too.
  • In 2008, Miami was ranked # 1 in Medicare fraud, and I see no sign of us losing this ranking anytime soon.
  • In 2006 and 2007, Miami was ranked # 1 nationally for rudest drivers, and I see us holding this ranking for many years to come.

I recall a year or two after moving down here, the FBI indited the entire Miami city commission with fraud and criminal charges and all commissioners were removed from their positions. Even today, between all three counties, public servants — notably commissioners — or their spouses are being caught breaching ethical guidelines as well as laws, such as Florida’s Government “In The Sunshine” law which ensures that the public may inspect any state, county, and municipal record, and that providing access to these records is the responsibility of each individual agency, and that business must be conducted “in the sunshine” (not behind closed doors).

And now South Florida is in the running to add another notch to its national ranking belt: a leader in pain clinics which dispense oxycodone and other such pain medicines, dealing mostly in cash and offering doctors five and six-figure monthly incentives to write prescriptions, often dispensed from their own in-house pharmacies. On the up-side, this looks like it has increased the out-of-state tourist traffic, a boon during the sour economic times.

Is it any wonder why the subject of fraud interests me so much? I’m completely surrounded by it!

For years I wondered why South Florida seems like such a magnet for all these different kinds of frauds, bad behavior, and weird events that seemingly no other area in the country suffers from, and then I discovered the answer: Miami is — in fact — one of the corners of the famed Bermuda Triangle. Well … I can’t think of a better and more comprehensive explanation that that.

Norman Katz, Katzscan

Welcome to Sourcing Innovation, Norman.