The Art of the Steal

4

[THE THIEF

AT THE NEXT DESK]

An auditor arrived for a routine review of the books at a foreign automotive company that had its offices in New Jersey. The office was one of those tall, angular buildings that seemed to be made entirely of glass. All morning, the man sifted through the voluminous records, matching invoices and payments, and everything seemed to be in good order. But there was one pattern that struck him as a little odd. There were quite a number of bills to replace windows—$600 for this window, $1,200 for that one, $800 for another. Was that normal? Was everyone who worked there a klutz? Well, he shrugged, the building was almost all glass. Glass cracks easily enough.

At lunchtime, he took a break and headed down to the company cafeteria. He selected a seat next to the windows so he could look out on the day. As he was munching on his sandwich, he happened to notice something that made him sit up straight: a date was stamped on the bottom left-hand corner of the glass that signified when the window had been put in. This one had been intact for years. He began to wonder. The auditor got up and proceeded to wander through the building, floor after floor, looking at nothing but windows and the little dates stamped on them. He couldn’t find a single one that had been replaced anytime recently.

The auditor confronted the head of maintenance with his findings, and, sure enough, the man was in cahoots with a glass maker in an ongoing embezzlement scheme. The glass maker sent invoices for “ghost” windows that the maintenance head approved. The company paid the bills, and the two of them split the proceeds. This had gone on undetected for a long time.

The maintenance head ended up being quietly fired. The only reason he wasn’t prosecuted was because the president of the company was paying him with company money to cut his lawn and do work on his house, and he didn’t want that getting out. Months later, when the auditor returned for his next audit, he happened to notice that the man was working at the building across the street. It was all glass.

A DUBIOUS DISTINCTION

There are a million ways that employees embezzle money from their employer, and to catch them it usually takes a stroke of luck like a keen-eyed auditor who happens to take his lunch by the window. And so it is small wonder that, at every imaginable type of business, from the corner deli, to the muffler shop, to the seafood restaurant, to the industrial parts maker, to the leaders of the Fortune 500, employee theft is escalating. Embezzlement has ranked as America’s No. 1 financial crime for more than thirty years, and I have no doubt that it will continue to hold that sorry distinction for many years to come. About a third of all the fraud that goes on in this country is embezzlement. Banks, for instance, lose five times more money to embezzlement than to armed robbery. Workplace larceny can be so devastating to the company that is victimized that almost a third of all bankruptcies are attributed to embezzlement.

The dimensions of the problem vastly exceed what the surveys indicate. Only about 10 percent of embezzlement cases ever get reported to the authorities. Many companies, leery of negative publicity, are loath to admit that they have been snookered by their own worker, and simply fire the employee and keep the incident under wraps. They just swallow the loss.

Embezzlement schemes can involve little thefts that run into the hundreds of dollars or large ones that run into the millions. No matter how small they are, they’re annoying to the victim. A toy store chain told me about a nimble little scam that had bedeviled one of its store managers. A cashier would peel off a UPC sticker from an inexpensive toy, something like a beanbag for $9.95. He’d stick it on the inside of his wrist. Then an accomplice would come to his register loaded up with forty- and fifty-dollar video games and other more expensive items. The cashier would pick up each of the purchases and swipe his wrist across the scanner while appearing to be swiping the product. So everything went through at $9.95. A sale that should have been hundreds of dollars was a fraction of that.

The main reason people steal is because of opportunity, followed by need and greed. One thing I always say is, if you make it easy for people to steal from you, they will. It’s a simple principle, but my years in the fraud business have proved to me that it holds true time and time again.

THE IRS IS YOUR FRIEND

Embezzlement fascinates me, because we know how to prevent it. For over one hundred years, the accounting tools have been in place. This is why we have auditors. This is why we conduct audits. This is why we have internal auditors. This is why we have due diligence. This is why we have best practices. This is why we have controls. This is why we have segregation of duties.

The problem today is, the bigger companies have become, the less controls they have. The more they merge with other companies, the fewer controls that stay in place. Accounting staffs that used to be six people are now one person. You can’t segregate duties with one person. If I have a bookkeeper who writes checks, signs checks, and reconciles checks for me, then it’s just a matter of time before I have a bookkeeper who steals from me. So today, we’ve taken all of those controls that we’ve learned in accounting for one hundred years and thrown them out the window.

Even if you catch an embezzler, don’t expect to get your money back. If you have an employee who stole $60,000 from you and you went to court and the employee pleaded guilty, he’ll get probation and there’s no restitution. You’re out $60,000, while he’s driving a brand-new car and living in a great house on the lake. There is one recourse. It’s rarely used, but it’s my favorite. If someone steals $60,000 from you, you can file a 1099 on that employee with the government. The 1099 is a wonderful tool. It gets you a write-off on your taxes of $60,000, and you may get as much as one-third of the money back from the IRS for reporting someone who failed to pay taxes on earned income, even if it was earned by theft. The IRS will go after the person, and it has the power to take his home, take his car, and garnish his wages, things that you don’t have the power to do even in a successful civil action. It’s always been my experience that the threat of a 1099 is far greater than the threat of a lawsuit or prosecution.

THE GUY NEXT DOOR

One thing to keep in mind is that the culprit is often the last person you would suspect. That’s the curious thing about embezzlement. It’s rarely the new worker who’s a total mystery to you. It’s not the guy with the shifty eyes and the sinister glare. Embezzlers are frequently some of the nicest people in the world. They’re the ones who sit at the next desk, who have lunch with you, who are in the adjacent pew at church on Sunday.

Far more often than not, the embezzler is the guy who’s been at the company forever and who you trust implicitly. That’s one of the reasons why embezzlements often persist for years without being detected. There was a recent case of a fifty-one-year-old woman that worked as a payroll and employee benefits administrator for a sizable Arizona plumbing company. She was very sociable, very well-liked, and very involved in the community. Everyone found it hard to believe when they discovered that over an eight-year period, she had embezzled nearly $2 million. Just about every week, she signed and cashed fraudulent insurance checks. She began her scheme practically the day she was hired. By the time she was caught, she was cashing checks at a rate of $40,000 a week.

Then there was the bookkeeper for a Manhattan magazine publisher. She was fifty-four, an esteemed senior employee, earning $150,000 a year. She decided to give herself a raise. She inserted her name as an additional payee in the books she kept. That gave her another $15,000 a year. Year after year, she added her name to more and more checks. After ten years had passed, she was receiving more than fifty checks, in amounts ranging between $15,000 and $75,000. Just like that, she was earning $1 million a year. By the time an audit finally caught her, she had embezzled something like $8.2 million.

Her lawyer claimed she had a psychological problem that compelled her to steal from the rich and give to the poor. It was pointed out that she sent much of the stolen funds to charities in the Philippines, where she was from. Perhaps. But she also happened to own expensive cars, homes in New Jersey, California, and Florida, real estate in the Philippines, and an entertainment and production company. So she was pretty charitable with herself.

ALL WORK AND NO PLAY

One of the weird things is, the harder someone works, the better the chance he could be an embezzler. Someone who never takes a vacation, stays late, comes in on weekends—that’s the person you have to wonder about. It may not be devotion to the company. It may be devotion to an embezzlement scheme. Often these schemes need daily, or at least weekly, maintenance to keep them from being detected. Any number of scams have come unraveled when the crook got sick and couldn’t get into work for several days. He can’t very well call up someone else at the office and say, “I’m under the weather, could you do me a favor and take care of covering my embezzlement scheme?”

Most embezzlement cases begin small. Everyone in his or her life has a desperate situation, whether it’s a child who’s sick, or an investment that went bad, or a gambling debt, and they need money. So they say to themselves, “I can take this ten thousand, and they’ll never know it. I’ll put it back as soon as I can.” But they never put it back, and ten becomes twenty, twenty becomes fifty, and fifty becomes a hundred thousand. Just like that, a small loss has snowballed into a large one. Greed and hunger change human character.

A common technique of embezzlers is known as “lapping” or check-kiting. It works like this: An employee with responsibility for recording payments will pocket a payment for an outstanding bill. He then covers the shortfall by applying part of a larger and later payment by a second customer to the incriminating invoice, thus “lapping” the two accounts. A payment from a third customer will then be used to cover the second account, and on and on. A skillfully done lapping scheme can keep the money flowing undetected for years, as long as the employee stays on top of it and doesn’t take time off. I heard about one guy who succeeded in lapping receipts for twenty-nine years, quite possibly a lapping record. He was basically a career lapper. He rarely took a day off, and his scam was only discovered when he no longer came in at all. He had reached retirement age.

A recent study by the Association of Certified Fraud Examiners offers an interesting picture of embezzlers. It found that fraud committed by managers was sixteen times greater than fraud by rank-and-file employees. Fraud losses caused by men were four times those caused by women. People sixty and older committed twenty-eight times the fraud committed by people twenty-five and under. The losses from workers with post-graduate degrees were five times as great as those caused by high school graduates.

When you think about it, this picture starts to make sense. In order to steal a lot of money from a company, you’ve got to be in a position of some power and trust. Otherwise, you don’t have access to the company’s assets. So that’s likely to be someone who’s well-educated and in a

senior position. It’s not often going to be some young person on a low rung.

ERODING ETHICS, GROWING ENTITLEMENT

It’s obvious to me that one of the key reasons that employee theft has gotten so pervasive is that ethical standards have fallen to appalling lows.

Back in the 1960s, if a company found out that an employee had embezzled some money, say ten thousand or twenty thousand dollars, he would be called into the head office and confronted with the crime. Under questioning, he would eventually break down, apologize profusely, and explain that he stole the money because his kid needed a heart operation. He would promise to pay back every cent.

By 1980, a bold new ethic had taken hold. This time, when an employee was caught stealing company funds, he would again be ushered into the head office. But his response would be completely different. He would launch into a diatribe about how he was entitled to take the money. He actually deserved it, he would insist, because the company paid him poorly, offered a vile healthcare plan, and didn’t in any way properly value him. He would practically expect his boss to thank him for taking the money.

By 1990, we reached yet another level of entitlement. When an employee was called in to account for his theft, he wouldn’t even bother with explanations or excuses. He would simply shrug his shoulders and say, “So what?”

It’s a pretty sad state of affairs, but it’s a reality. Another undeniable factor for taking at the office is economic envy. Top executives make so much more than ordinary workers, and there is so much publicity about all the millionaires created from stock options, that some workers rationalize that they deserve their cut. They don’t feel that there’s anything shameful about robbing the company. A cavalier attitude has taken hold.

SIZE DOESN’T MATTER

By now, I’ve seen just about every type of scam imaginable, and to my mind, embezzlement is the most difficult to detect. It’s a crime of stealth and subterfuge.

Here’s a case that typifies so many. There was this small company, doing about $1.7 million in revenues, with just seven employees. The company hired a temporary woman to come in and do some bookkeeping. They liked her well enough that they asked her if she’d like to work full-time. She did and was hired.

Every month, the bank that the company dealt with sent along the company’s statement to the president. He faithfully opened it, looked through the checks, and reconciled the account. Then he would tell the bookkeeper, “Here’s the statement. I’ve already gone through it, go ahead and post it.” In time, he came to trust the woman enough that he asked her to take care of this chore, which he never much cared for anyway. Fairly quickly, the woman realized that she was balancing the books, and the president didn’t even know how much money he had. Each month, she began to write herself a check for one thousand dollars. Sometimes, she wrote one for five thousand dollars, and she made some out for fifteen thousand dollars. She did this for a year and a half. She stole a total of $178,000 from the company.

Finally, she wrote a very large check, and the bank called the company to check on it. For several days in a row, the bookkeeper told the bank that the president wasn’t available. Suspicious, the bank officer called the president at home one night. He told him about the check and explained that he wanted to verify it. At this point, the president went through the books and discovered the losses. He prosecuted the secretary, but the bank said they weren’t responsible for replacing the stolen funds. The president protested that he would sue the bank, because these were forged checks and the bank should have caught the signatures. The bank explained that it didn’t examine checks for as little as $1,000. It would never have seen the signatures of most of the checks. And no one challenged the bank statements sent to the company.

I was asked to testify in the case, and I supported the bank. No bank looks at one-thousand-dollar checks. What’s more, the company president was negligent in not going over the statements himself, as he used to do. It was his mistake that allowed the loss to happen.

It’s very important to reconcile bank accounts promptly, and always within thirty days of when the statement was mailed. So many companies don’t bother to do it. I know there’s nothing interesting or fun about reconciling a bank statement. You’d rather read the Congressional Record. But it’s important to your financial health. If you fail to reconcile accounts, you’ve extended an open invitation to employees to embezzle, because they know their actions won’t be discovered for a long time, usually after they’ve resettled in Bermuda.

Unfortunately, that was a small company. A loss like that would probably be enough to bring it to the brink of bankruptcy. If you’re Delta Airlines and somebody rips you off for $250,000, you contact your insurance company and tell it that the bank refuses to cover your loss. The insurance company says, okay, here’s $150,000, your loss minus your $100,000 deductible. Then Delta takes the loss off of its taxes and ends up being shortchanged $50,000, which it can certainly absorb as part of its operating costs.

But if you own six dry cleaning stores, and an employee embezzles $50,000 and takes off with her boyfriend, the bank’s not going to give it to you and you’re through. The smaller you are, the more you need to worry about these things and be aware that embezzlement is prevalent, and it’s a real threat.

MAILROOM MAYHEM

The mailroom is where stealing frequently starts. For the criminally-inclined, a mailroom is as opportune a place as a bank vault. Much of the company’s money passes through there in the form of incoming and outgoing checks. Criminals frequently seek mailroom jobs for this reason.

A Fortune 500 company in Cleveland hired a twenty-four-year-old woman as an accounts processor in its mailroom. One of her jobs was to go get postage for the meters in the building. So she would walk in and ask to requisition a check. She would say it’s for the post office, two thousand five hundred dollars. Someone would sign out the check, called a Quick Check, and give it to her. It consisted of an original and two copies on a voucher. She would stick the check into an IBM typewriter and make it out to United States Post Office, two thousand five hundred dollars, and take the check in to an assistant controller, who would sign it and give it back to her. Then she would return to her office, pull the check apart, file the two onion-skin copies, and put the original back into the typewriter. Since she had a self-correcting typewriter, she would lift off the words “United States Post Office” and type her name on the check, her real name. She would deposit these checks, or cash them, at her bank. She did this for about four years. At the end of that time, she had taken $278,000 of the company’s money.

During those four years, no one questioned anything about these instances. Every month when the checks came back from the bank, she would go down the hall to the person who had received the incoming returned checks. She would tell her that she needed to see the checks, she was looking for one that her department wrote. She would take them into her office, remove the originals, and destroy them on a shredder. All the reconciliation for the company was done by the onion skins, not by the original checks, which matched.

Personally, I will not use a bank that won’t give me my canceled checks back. The big thing today is to give images of your checks. But only images of the front. Thus, I don’t see who endorsed the checks. How do I know someone didn’t forge a signature and cash it? How can I notify my bank in thirty days that a check was forged, if I never was allowed to see if it was forged? So I get the actual checks returned to me.

No one wondered why the young accounts processor had a new car almost every year, went to Jamaica three or four times a year on vacation, and always had new jewelry. When she was finally caught and admitted it, there were questions like, didn’t the company notice that it’s postage cost went up 300 percent? Wasn’t anyone the least bit suspicious that every month this woman had to look at the checks? As a matter of fact, when it was all said and done, only two checks were available for the court trial, because all the others had been destroyed in a shredder.

Embezzlers tend to be compulsive, and the money they steal they spend freely. Thus, one of the obvious giveaways that someone is stealing from you is that the employee starts living a suspiciously lavish lifestyle. When the mailroom worker drives up in a new Ferrari, you have to wonder. But it never fails to amaze me how often employers accept lame excuses for unorthodox spending. There was the case of the budget director for a California school district. He earned $76,000 a year. That’s not a bad living. But how could that be enough for the fur coats his wife started wearing? The fancy house they lived in? How did that pay for a Mercedes and a Rolls-Royce? Nobody who works for my school district drives a Rolls-Royce. When anyone wondered, he simply replied with a sly smile that outside investments paid for these frills. The real answer was he had managed to embezzle about $2 million by writing checks to himself out of an old health-insurance account that the other school administrators thought had been closed years before. He diverted money to that account from the district’s building programs, food services, and insurance rebates.

THE BURDEN IS ON YOU

I believe that companies have a moral obligation to their employees to have controls in place. It’s entirely unfair to put an employee in a position where it’s very easy for him or her to steal. People are people, and by not having controls, you’re basically putting up a sign that reads: “Steal from me. I’ll never know.” A study that was done a few years ago concluded that 10 percent of employees would steal all the time, another 10 percent would never steal, and the remaining 80 percent would steal given the right motive. That’s a scary survey. It’s telling a company it has to worry about 90 percent of its workforce.

So I think that if you don’t have temptations in place to begin with, you avoid a lot of problems. It can be simple things. One restaurant chain furnishes its workers with uniforms without pockets. It sounds silly, but it takes away temptation. My experience with embezzlement has led me to come up with a series of steps that I feel represent the best internal controls to deter theft, and I’d like to run through them.

The most important thing is to review your hiring procedures for permanent and temporary positions, so you keep people with dubious backgrounds out of your company. We have to get back to common business practices and good sense. In most of the embezzlement cases I get involved in, the employee who stole from the company also stole from the previous company he worked for. If the company had run a sound background check on that employee, then the loss would probably not have occurred. I believe trust is a good thing. I believe controls are better. I believe a preliminary employment application is best.

And you have to make phone calls, not just look at pieces of paper. I know that if I walked into a New York hospital tomorrow and applied for an internship, as long as I presented credentials, I doubt anyone would make a call. But as I told you in the last chapter, anyone can create credentials. When you check references, you need to pay particular attention to dates and time gaps in a resumé. What was going on then? Had the person been fired and unable to get another job? Was he in jail?

When you’re filling a position in a particularly sensitive area, think about hiring an outside firm to tackle a complete background check. Run a credit bureau report on that employee. Does he have a gambling problem, which would show up on a credit report? Is he deep in debt? Is he about to file for bankruptcy? These are the elementary things you should know about him before you allow him to handle your money. Call up the former employer. He may not be willing to tell you, “Oh yeah, that guy stole us blind and we had to fire him.” But you can ask, “Would you hire this employee again?” If he says, “No, we wouldn’t,” then that tells you there was an incident there.

I’m not saying you need to go to these extremes with everyone. If a guy is going to paint my building, as long as he can paint, I’m not too worried. But it’s got to be done with anyone who puts his fingers on your money and who regularly goes into secure areas. All the time, when I go into a secure room at a company where they keep their checks, I ask them who has access. And all the time, they say, “Oh, only three people, and we’ve checked them out twenty different ways and they have ID cards that have to be swiped.” I say, “What about the janitorial service?” “Oh yeah,” they reply, “they come in and clean.” Well, you’ve got to check out the janitor, too. When using temporary employees in financial areas, have them bonded. And rotate personnel in financially sensitive assignments on a regular basis.

VET YOUR VENDORS

You absolutely must protect the accounts payable and procurement functions by restricting access to the master file records of your vendors. Changing or adding new vendors should require supervisory approval and supporting documentation, because otherwise any employee can set up a company name and have the company start billing and getting paid off of accounts payable work. I was involved in a case in Atlanta, at a billion-dollar company, where a woman who had been there for three or four years set up a vendor file with her own initials. She called the company by those initials, WJK Inc., and then simply started billing the company for services and, of course, they were in the vendor file. And the company paid the bills. After about three years, more than $4 million was stolen.

Someone who’s independent of the buying and payment functions ought to review all new supplier entries. That review should always include a telephone call to the new supplier, and get that number from directory information to make sure it’s the real one. When you make the call, verify the name, address, and Federal tax ID number.

If you want to guard against payments to ghost employees that don’t exist, as well as improper changes in pay rates, you also have to restrict access to the personnel master file records. A supervisor ought to have to approve adding any new employees or changing anyone’s pay rate. Otherwise, you’re going to find yourself paying a dishonest worker five checks a week—or fifty. A fellow in the business office of the German Army regularly paid checks to a battalion that didn’t exist. He was the battalion, and he was just lucky he never got summoned into battle.

Another practice that should be carefully monitored is outsourcing. Businesses outsource so many things today, including accounts payable. How do you know the people you outsource to aren’t cheating you? One company outsourced its security detail; the guard firm assured the firm that it had checked out everyone. Well, they missed one guy. He had an arrest record for stalking. Fortunately, he didn’t stalk anyone in the company, but he did steal a bunch of laptop computers. So you’ve got to be careful, and I don’t believe in ever outsourcing accounts payable. You’re not saving a lot of money and you’re relinquishing control. You can outsource payroll, but not accounts payable.

YOU NEED MORE THAN BREADCRUMBS

A really basic thing to do is to create audit trails, but businesses have gotten away from this practice. Most companies create no records whatsoever. If you ask them, “Who authorized this change?” their answer is, “Gee, I don’t know.” Thieves aren’t going to suddenly have a moral awakening one day and turn themselves in. You need evidence of wrongdoing. That’s why audit trails were invented.

All access to master file records should be protected by a password and restricted by job function. Computer systems should then automatically create an audit trail of all changes made to those master records, including who made the change. A report of the changes should be printed and reviewed by someone independent of the employee who made the changes. This report is sometimes called an “access matrix.” Checking the access authority of each employee should be part of this review. Determine a standard “access profile” for each employee, and restrict the master file records to these employees. And immediately investigate any unusual or suspicious activity. Most computer systems are designed with audit trail capabilities, but companies rarely use them.

In one recent case, an accounts payable supervisor at a major manufacturer felt his mortgage was a little too large for his comfort. So he did a touch of editing in the master file that contained the company’s suppliers. Since he had no oversight, he could pretty much do as he pleased. He changed one of the vendor names to the name of his mortgage company, and edited in a reference to his loan number. Instead of his company sending a check to the supplier, it sent a sizable principal payment to the employee’s mortgage holder. What tripped him up was that mortgage companies generally won’t accept a large principal payment without specific written instructions. Since the guy wasn’t able to intercept the payment to include a written note, the mortgage company returned the check to the manufacturer and the fraud was uncovered. It would have been caught with an audit trail.

CHECKS AND BALANCES

It’s essential that you separate the accounts receivable and banking functions. Receipts and deposits must balance each day, and different people should perform these functions. Different groups should also process payments, disburse checks, and do bank reconciliations. If you don’t split up these duties, then a dishonest employee can issue a check to himself, or to a co-conspirator, remove the check from the bank statement, and alter the accounting records to hide the embezzlement.

No one person, no matter how much you trust him, should ever be in complete control of a transaction. I remember when bank loans, up to a certain limit, were issued on the say-so of one officer. Often, that officer could make loans of as much as one hundred thousand dollars. Say you’re a bank officer and I’m your college buddy. I come in and beg you that I’m desperate and need this loan. You say, “Okay, but I want something for myself.” So I give you a ten-thousand-dollar kickback and probably default on the loan. There’s a reason a committee now approves loans in banks. The same thing must happen in all businesses with all transactions.

I’ve spoken about how vulnerable companies are through their mailroom. It goes without saying that mailroom personnel must have absolutely clean backgrounds. And you need to put in internal safeguards to discourage theft of incoming or outgoing checks. So many companies that have been the victim of an altered payee-check scam have traced the source of the original checks to their own mailroom.

One important step is to replace your company name and address on disbursement envelopes with a simple post office box number. This box should be solely for returned checks. And you’ve got to segregate the processing of returned checks. Any checks that get returned should not be returned to the area that originally processed them. A person independent of the payment function should handle these and investigate why they were returned.

CHECK CHECKING

Company checks should be made secure by using some of the techniques I mentioned in the chapter on checks. All checks and cash equivalents, whether they’re preprinted or entirely blank, should be stored in a locked facility and only those employees who truly need access should have it. A physical inventory should be conducted at least once a quarter to account for every check. Zero amount checks and checks that have been canceled or voided should immediately be written or stamped “void” or “canceled” so they’re unusable. All canceled or voided checks that have a signature on them should have the signature removed. And someone other than the accounts payable processor who handled the original transaction should be responsible for accounting for all voided or canceled checks. Too often, checks that are to be canceled or voided are left lying in someone’s in-box, even though they’re still “live” checks. Employees aren’t dumb. They know that a replacement check was issued for the canceled or voided check, and so the canceled check won’t be missed if they take it.

An accounts payable department of a city office out West had the bad habit of throwing away any checks that had been crumpled by the printer. The checks weren’t voided. A member of the cleaning crew had his own habit, which was to rescue those checks from the trash, forge signatures, and cash them for increasingly large sums of money. The thefts weren’t discovered until the account was overdrawn and more than $1 million was gone. The city, it was discovered, hadn’t reconciled its accounts in more than a year.

All obsolete check stock should be shredded as soon as possible. Often, when bank accounts are closed or when highly secure check stock replaces old checks, boxes of the old checks are left unattended outside the locked cabinet where the new checks are stored. Some companies even store old checks on a pallet in a warehouse. Their rationale is that there’s no need to worry about checks drawn on an account that has been closed. Checks are checks. Even though an account has been closed, someone could steal the old checks and pass them on to an unsuspecting third party. And guess what? The company would be considered negligent and be held responsible for the loss.

I tell every company I visit, make sure you empty the laser printer tray of checks and return them to the locked storage area after every check run. All too frequently, unused checks from the last check run are left in the printer tray. Anyone could find them and use them. And change keys or entry codes periodically to prevent unauthorized access to all of your secure areas.

There was an apparel maker in the Northwest that lost a lot of money from forged company checks that an employee had stolen. The company was puzzled. It thought it had really tight controls. An audit firm was brought in and traced the problem to a handful of blank checks left lying on the printer.

SEND US A POSTCARD!

And don’t forget this one: make people take vacations, especially the ones who handle your money and financial records. Every employee has to be out of the office and without control over transactions for at least one week a year. Large embezzlement schemes, as I have already pointed out, often must be maintained daily, and key figures in the scheme will resist being away. And remember, most sophisticated embezzlement schemes are conducted by the long-tenured, trusted bookkeeper, controller, or chief financial officer. If any of them never takes a vacation, find out why.

As I’ve said before, nothing is foolproof. But I’m convinced that any company that follows these steps is removing a lot of temptation. Someone who wants to embezzle is probably going to apply for a job elsewhere, where the taking is easier.