more-arw search

Internal Fraud: A Case Study in Recovering from Disaster, Part 1

This is the tale of the kind of fraud disaster that keeps CFOs up at night--and makes CEOs physically ill. This is the kind of fraud disaster that shutters the victim company most of the time. Like most internal frauds it was also completely preventable, though that is a topic for another article. Fortunately, the company was able to recover - painfully, expensively, and over a much longer period of time than anyone would like - and this article will talk about what happened and the action steps necessary for recovery.

The Disaster in the Making

The victim company provided diesel fleet repair services to the tune of about $5 million per year. The sole owner not only knew how to fix trucks, but also how to provide road service and emergency service, which spare parts to stock and which to order as needed, and how to train junior mechanics into quality employees. What he didn't know how to do was manage the financial side of his company. His underlying vulnerability was severe dyslexia, and he was unable to manage even small amounts of reading. He could not read any dense text or anything with lots of numbers - like bank statements or reports out of QuickBooks.

He had been frustrated over the years with several office managers and CFOs who he felt had taken advantage of him. He eventually hired a middle-aged woman as an office manager who was a good fit for the environment of the repair shop. She quickly became indispensable to the owner. He confided in her that he couldn't read or write well, and she volunteered to become a signer on the bank accounts and the primary contact person on all office accounts - taxes, vendors and the like. She controlled all passwords, all records, and took over hiring as well.

The first two people she hired were her adult daughter in purchasing and her boyfriend as a senior mechanic. Periodically, her son also worked for the company as a parts runner when he was on college breaks. She convinced the owner to add her daughter to the company credit card to facilitate purchasing from vendors, and also quietly gave company cards to both her boyfriend and her son.

For approximately one year, the office manager had unfettered, unsupervised access to the money and a truly remarkable degree of control over other assets of the business. She began diverting money for personal purposes in the first month she had control over the bank accounts. She paid personal expenses like her mortgage, property taxes, cell phone bills for the family, and most medical bills with company funds. She doubled her salary immediately, and routinely overpaid her daughter and boyfriend. She continued to pay her son for 7 months after he quit, but paid it under her social security number so he could avoid child support. Altogether, approximately $400,000 left the business in this way, while another $400,000 of checks were cashed that could not be matched to company expenses and were presumed stolen.

Disaster Strikes

The branch manager of the company's bank was starting to get suspicious. She had a couple of conversations with the office manager that didn't quite jibe, and the office manager and her daughter were cashing checks for between $1,000 and $5,000 daily - supposedly to buy parts COD. The branch manager called the office looking for the owner twice that week, and both times the office manager had demurred on his availability. On Thursday, the bank refused to cash a check for $10,000. By that Friday, the office manager knew her theft was about to be revealed. She took decisive action.

She quickly packed all of the office records - customer invoices, vendor files, corporate documents, insurance policies, employee files...everything - into boxes and brazenly put them in her truck. When asked, she told the owner that she was taking old records to storage to make room in the office. Next, she had retained copies of customer credit cards and she ran all of them through the credit card machine, one after another, and all for $10,000. That activity tripped a fraud trigger at the merchant services end, and the credit card service was locked. It didn't put any money in her pocket, but it effectively blocked the company's ability to collect revenue, 98% of which was done with credit cards. Lastly, she took the computer with the QuickBooks file as well as the backup drive, and drove away into the sunset.

The Crisis Phase

The client was referred by the Financial Crimes Unit of the local police department the following Monday after the owner got a call from the bank that he had no funds and that the payroll checks issued that Friday were bouncing. My staff person and I arrived by noon to complete chaos. The owner was in a state of shock, and every new discovery of the extent of her sabotage added fuel to the fire. The employees were uncertain what had happened, scared they wouldn't be able to pay their rent in the short term or have jobs in the long term. Stories and speculation abounded. Tempers were short, not only of company personnel but of customers who needed their trucks back on the road and vendors who needed payment for parts. The owner knew at that point that he had no cash in bank, but discovering that the merchant services account was locked and that he couldn't generate any replacement cash was devastating.

Where to begin?

I asked for everyone to take a break for an hour and go get some lunch. It became quiet enough for the owner to think for a few minutes. We determined that the only surviving computer records were on the shop floor computer, which was the source for invoicing. We formed an initial plan to restore 90 days of records immediately and get cash in the door. Fraud investigation was secondary to keeping the doors open and retaining customers.

When the employees returned, we had a staff meeting to reassure them that everything possible would be done to save the business. We informed them of the plan in generalities, and asked for their help in pulling together to get through the next few weeks. I asked them to come to me if they had any information that would help the police find the office manager or her daughter or boyfriend, none of whom showed up for work that Monday (no surprise there).

That afternoon, we hired an IT provider to set up a new computer with QuickBooks. The company's CPA brought over the prior year backup of the accounting file so we didn't have to enter as many customers, vendors, or employees. The bank started copying three months of statements, deposit records and check copies. We wrote a letter to the vendors and customers explaining what had happened, and asked them to provide us with copies of the company's invoices or purchase orders. The owner called the customers personally while the former parts supervisor came out of retirement to help with vendor calls.

It took two full weeks of 16 hour days to enter all the data we had available. The customers were cooperative on the one hand with arriving back at an agreed balance due, but struggled with having to cut checks for payment instead of merchant cards. This was especially true for the military and school district contracts. The owner set up fresh bank accounts at a new bank, and it was unclear when they would get merchant services set up. In fact, it took two full years as no company would service the account after the fraud citing a 'history of poor internal controls.' True enough, but paralyzing to the victim company.

A trusting CEO, a duplicitous office manager and her accomplices...a nightmare that happens all too frequently. Solid, ongoing financial management was key to this business surviving.

Next: After fraud is discovered, specific steps to recovery