Category Archives: Fraud

Beyond the Hack (Some Tips on Protecting Yourself from Inside Fraud)

Share This on Linked In

Editor’s Note: This is Norman Katz’s second post as a regular contributor on Sourcing Innovation. Norman, who has published dozens of articles on the subject, is a supply chain fraud and supply chain risk expert and will be covering these topics in his new column, which is indexed and archived.

Let’s start by taking a look at a real-life fraud story:

An accounting clerk who worked for Broward County (FL) workforce development agency perpetrated fraud that enabled her to walk away with $2.4M. Let’s learn a little bit about our fraudster:

  • She had worked at this government agency for over 10 years
  • She was hired with a criminal background (multiple convictions) but lied on her application
  • She did not have more than a high school education
  • She did not make more than $32,000 per year
  • She was living, with her property-manager husband, in an $840,000 house, and owned another house plus several apartments

I want to be very clear that this fraud was not perpetrated by hacking the agency’s network infrastructure; these breaches get lots of airplay in the media typically because they are associated with stolen credit card information. This fraud did not require the use of viruses or other network penetration hacking techniques. This fraud did not require extensive technical knowledge or programming skills of any kind. This fraud was perpetrated from inside and within: inside the organization (by an employee) and within the protected network infrastructure.

How was this fraud perpetrated? The fraudster wrote checks to herself. Yes, that’s it. The accounting clerk simply wrote herself checks. The check amounts varied from $12,000 to $20,000 during the course of approximately 6 years.

(The fraud was discovered by a bank teller; fortunately for the agency, the fraudster banked at the same financial institution as the agency did. The agency’s management admitted that a failure — or rather, lack — of internal controls and monitoring enabled this employee to perpetrate the fraud.)

In fairness, this fraud likely found its way into the news because it was done at a government agency; there are plenty of serious frauds that occur at private and public companies that never see the light of day due to the reputation damage they could cause. As such, too many fraudsters are not prosecuted to keep the organization’s name out of the news spotlight; these perpetrators are simply let go and can move on to other organizations to exploit their gaps.

While it’s very important to protect your network infrastructure, too many companies fail to address risks from the inside. Reasons given for top management’s unwillingness to take a serious look at internal risks range from an assumed trust in their employees to a lack of belief that it could happen at “my company”.

When users have extended or unrestricted rights within a business software application, especially when such broad authority permits bypassing or exceeding controls, there is a (greater) chance of fraud perpetration. Typically, such employees are performing multiple tasks that would better be separated across multiple employees.

A good starting point would be to review your employee handbook. Does the employee handbook contain sections that educate the employee as to what is and is not acceptable behavior? Are the penalties for breaches of conduct clearly stated? (And is the organization willing to back up words with action?) I’m pretty certain that even if the employee handbook had included such information, this agency employee would still have perpetrated the fraud. But this is just a starting point on what needs to be a continuous journey to bring integrity into the workplace for people, operations, and software applications.

Norman Katz, Katzscan

Some Fraud Prevention Steps from Oversight Systems

Share This on Linked In

The Shared Services & Outsourcing Network recently ran an article on their “Q&A with Patrick Taylor of Oversight Systems” which covered some steps your organization can take to prevent fraud. Given that each incident of fraud costs you $441,000 on average, every bit of advice helps — especially since most fraud losses are internal in an average organization.


  • Clearly define your entry and reporting requirements.
    Make sure each transaction is verified with supporting documentation. No expense report without matching receipts, no payment without a verified invoice and matching goods receipt, and no large wire transfers without a contract and a (e-)paper trail.

  • Implement good controls that cannot be easily, or autonomously, overridden.
    Two or more approvals should be required for every payment that is off contract, that is for goods redirected to a non-standard location, or that is to a new vendor. The need for collusion reduces the risk of fraud.

  • Implement a continuous auditing system that examines every transaction.
    A system that examines, and re-examines, every transaction looking for unusual entries or unusual patterns is much more likely to find fraud than a random audit of the books. Are you going to detect all duplicate payments? Are you going to notice the same expense report submitted six months in a row? Are you going to notice six installment payments to a contract that was only supposed to have three if you don’t have immediate access to the contract? Are you going to notice repeated payments to the company of your employee’s brother for “miscellaneous services” that are a couple of months apart? Probably not … but an appropriately implemented transaction monitoring system that supports a range of user defined rules and a best-practice artificial intelligence will.

Slime in the Sunshine


Editor’s Note: This is Norman Katz’s first post as a regular contributor on Sourcing Innovation. (His previous guest posts are still archived.) Norman, who has published dozens of articles on the subject, is a supply chain fraud and supply chain risk expert and will be covering these topics in his new column. He recently started a newsletter, and past issues are archived on Katzscan.

Ah — the innocence of youth, now lost to me forever. When I consider what I know now and have experienced, would I be happier not knowing or am I glad I have a better understanding of how the world works and some of the directions it has gone? Well, if to be forewarned is to be forearmed, I’m happy for the insight, as it has allowed me to become quite proficient in fighting for my rights as a consumer against various product companies and such “untouchable” titans as the cable, telephone, power, mortgage, financial, and insurance companies I’ve be a customer of over the years who have attempted to perpetrate their own brands of fraud against me. I will not settle for poor customer service, and have found ways around those entities, complaining to “higher authorities” and getting noticeable results. I’m saddened that they’ve likely gotten away with it against lesser-experienced consumers who lack the knowledge and fortitude to stand up for their rights, as this seems to be more and more the norm for “customer service”.

I live in South Florida, which is considered to be the counties of Miami-Dade (major city: Miami), Broward (major city: Fort Lauderdale), and Palm Beach (major city: West Palm Beach). Sometimes Monroe County (major city: Key West) is included.

It’s pretty tough to get people from one county to drive to an event in another county unless they are already close to the county line. People from Palm Beach and Broward seem to bristle at being lumped into the “Miami” metropolitan classification, at least when it comes to some of the more glaring statistics about this area:

  • In 2006 & 2007, Miami was ranked # 1 in mortgage fraud; even in 2009, we’re holding our own in one of the top 5 spots nationally.
  • In 2007, Miami had the 2nd highest rate of foreclosures nationally, and we’re still holding our own as a top-five contender nationally here too.
  • In 2008, Miami was ranked # 1 in Medicare fraud, and I see no sign of us losing this ranking anytime soon.
  • In 2006 and 2007, Miami was ranked # 1 nationally for rudest drivers, and I see us holding this ranking for many years to come.

I recall a year or two after moving down here, the FBI indited the entire Miami city commission with fraud and criminal charges and all commissioners were removed from their positions. Even today, between all three counties, public servants — notably commissioners — or their spouses are being caught breaching ethical guidelines as well as laws, such as Florida’s Government “In The Sunshine” law which ensures that the public may inspect any state, county, and municipal record, and that providing access to these records is the responsibility of each individual agency, and that business must be conducted “in the sunshine” (not behind closed doors).

And now South Florida is in the running to add another notch to its national ranking belt: a leader in pain clinics which dispense oxycodone and other such pain medicines, dealing mostly in cash and offering doctors five and six-figure monthly incentives to write prescriptions, often dispensed from their own in-house pharmacies. On the up-side, this looks like it has increased the out-of-state tourist traffic, a boon during the sour economic times.

Is it any wonder why the subject of fraud interests me so much? I’m completely surrounded by it!

For years I wondered why South Florida seems like such a magnet for all these different kinds of frauds, bad behavior, and weird events that seemingly no other area in the country suffers from, and then I discovered the answer: Miami is — in fact — one of the corners of the famed Bermuda Triangle. Well … I can’t think of a better and more comprehensive explanation that that.

Norman Katz, Katzscan

Welcome to Sourcing Innovation, Norman.

$441,000 — That’s What Each Incident of Fraud Costs You!

According to a recent article in Industry Week on how you could “reduce misconduct by making ethics everyone’s business”, fraud costs organizations, on average, 7% of their annual revenue. Furthermore, a single incident of fraud in the manufacturing sector costs an average of $441,000 — a number that is higher than the financial services industry and the highest of any sector with a high incidence of fraud. In today’s economic climate, that’s 7% you can’t afford to lose.

That’s why you should take aggressive methods to combat fraud, and start by setting a positive, anti-fraud, tone at the top that makes ethics everyone’s business. Take a six sigma approach and deploy an anonymous company-wide reporting mechanism that allows every employee to report potential misconduct at any time without fear of reproach. And get an outside review by a fraud expert who can help you identify where fraud is most likely to occur in your supply chain and what steps you can take to prevent it. It will likely cost you a lot less than a single incidence of fraud would cost you.

How Internal Pressures Cause Supply Chain Fraud

The recent Katzscan newsletter had a good article on how internal pressures cause fraud. Noting that the failure of executive management to properly staff for key positions, train employees, enable employees to ask for (and receive!) help when they really do need it, and the creation unattainable benchmarks all contribute to pressures that can force an otherwise honest employee to commit fraud, it concludes that powerless to ask for help, because it is seen as a sign of weakness and could jeopardize their job, too many people are left to toil and are forced to commit fraud to satisfy outlandish demands out of fear of reprisal.

Well said. There’s pushing your employees to be their best and setting stretch goals … and then there’s just being unrealistically stupid. A 10% savings on raw material heavy categories where the market price of those raw materials has increased 30% since the last contract? Inspect 10% of inbound raw materials when the average is 7% and you won’t replace the two staff members who just left? Faster clearance at the ports when you won’t spring for the costs associated with C-TPAT certification? Dream on. Your employees have two choices: tell the truth and risk termination, or lie. And it only gets worse from there.

So think about what you’re doing the next time you ask for the unreasonable. Otherwise, you might unwittingly join Fox in Sox with Knox in stripes.