Skip to main content Skip to main menu Skip to footer

Insider fraud

Insider fraud

Decrease Text Size Increase Text Size

Page Article

Check Tampering

In this scheme, the dishonest employee converts a company's funds by forging, altering, or stealing a check.  The following check tampering warning signs should trigger further investigation:
  • Voided or missing checks
  • Non-payroll checks made out to employees
  • Altered endorsements or dual endorsements
  • Returned checks with questionable endorsements
  • Duplicate checks
  • Questionable deposit dates
  • Cash advances
  • Customer complaints

Check Forgery

An employee forges a signature on a check made out to himself/herself or to someone else.
  • Forged Maker - The employee forges the signature of the person with check-signing authority. To accomplish this, the employee must have access to blank or unsigned checks.
  • Forged Endorsement - The employee intercepts a company check that is payable to another party, endorses the check using the payee's name, and, if necessary, provides a second endorsement. To conceal this act, the employee removes the original document from the bank statement, erases the second endorsement, or simply destroys the document. He or she then re-enters the original invoice for payment to the original vendor, often arranging for payment by a manual check.
  • Altered Payee - The employee inserts his or her name, the name of an accomplice, or the name of a fictitious entity on the payee line, and converts the check for personal use.
  • Altered Payment Amount - A check legitimately issued to the employee is altered to increase the amount of the payment.
  • Concealed Check - An employee prepares a fraudulent check and submits it, usually along with legitimate checks to an authorized maker, who signs it without proper review.

Payroll Fraud

In the case of payroll fraud, an employee causes his or her company to issue a payment by making false claims for compensation.
  • Ghost Employees - This term refers to someone on the payroll who doesn't actually work for the company. The ghost may be a recently departed employee, a made-up person, or a friend or relative of the dishonest employee.
  • Falsified Hours and Salary - Here, dishonest employees exaggerate the time they work in order to increase their compensation. Dishonest payroll clerks sometimes find internal control defects that permit them to adjust their own salaries. For a share of the extra money, a dishonest supervisor may approve an employee's falsified hours.
  • Commission Schemes - Salespeople and other similar workers can sometimes fraudulently increase their pay. These schemes depend on the employee's finding a way either to falsify the number of sales or to increase the commission rate.
  • False Injury Claims - Here, dishonest employees fake injuries in order to collect worker-compensation payments. Some employees even hold other full-time jobs while their employers pay them to stay home and recuperate. Dishonest physicians have earned millions by issuing false diagnoses for workers, who then kick back part of their benefits to the doctors.

Bribery and Kickbacks

Bribery is especially prevalent in purchasing transactions. In the typical case, a purchasing agent accepts kickbacks to favor a vendor selling goods or services to a company.

Bribes and kickbacks can be among the most difficult occupational frauds to detect because the illegal transfer of funds occurs outside the company's books. Nevertheless, three clues are present in most of these cases: 
  • The company increasingly favors one vendor, often to the exclusion of other qualified suppliers.
  • Purchases from questionable vendor tend to be made at above-market prices.
  • Dishonest purchasing agents sometimes maintain excessive lifestyles, conspicuously spending on such items as homes, cars, boats, clothing, or jewelry.
Red flags that may signal bribery or kickbacks:
    • Rising expenses for goods and services.
    • Rapidly increasing purchases from one vendor.
    • Excessive purchasing of goods or services
    • The same person approving new vendors and authorizing purchases.
    • Writing contracts to limit competition (e.g., sole-source contracts).
    • Repeated awarding of contracts to the same vendor by small margins.
    • Repeated awarding of contracts to the last-received bid.
    • Splitting one purchase into multiples to circumvent an approval process.
    • Paying above-market prices for goods or services.


Skimming schemes get their name from the fact that money is taken "off the top," as the cream is skimmed from milk. The main categories of skimming schemes are:
  • Unrecorded sales
  • Understated sales and receivables
  • Thefts of checks through the mail
  • Short-term skimming
  • Skimming, the most common form of cash misappropriation, is the removal of incoming funds before they can be recorded in the company's books. Skimming schemes leave no direct audit trail, and often the company is unaware that the cash was ever received. Any employee who comes in contact with cash can, in theory, skim money.
Skimming Warning Signs - No matter who skims money or how they do it, the accounting effect is the same: revenue is lower than it should be, while the cost of producing that revenue remains constant. Thus, employees should be alert to the following warning signs:
  • Decreasing cash to total current assets
  • Decreasing the ratio of cash to credit card sales
  • Flat or declining sales with the increasing cost of sales
  • Increasing accounts receivables compared with cash
  • Delayed posting of accounts receivable payments

Billing Schemes

Billing schemes are the most costly type of asset misappropriation. In a billing scheme, the company pays invoices that an employee fraudulently submits to obtain payments he or she is not entitled to receive.
  • Shell company schemes use a fake entity established by a dishonest employee to bill the company for goods or services it does not receive. The employee converts the payment to his or her own benefit.
  • Pass-through schemes use a shell company established by an employee to purchase goods or services for the company, which are then marked up and sold to the company through the shell. The employee converts the markup to his or her own benefit.
  • Pay-and-return schemes involve an employee purposely causing an overpayment to a legitimate vendor. When the vendor returns the overpayment to the company, the employee embezzles the refund.
  • Personal-purchase schemes involve an employee ordering personal merchandise and charging it to the company. Sometimes the employee keeps the merchandise; other times, he or she returns it for a cash refund. 
  • Procurement Fraud - This type of fraud includes schemes such as over-ordering products and then returning some and pocketing the refund, purchase order fraud where the employee sets up a phantom vendor account into which are paid fraudulent invoices or initiating the purchase of goods for personal use
  • Payment Fraud - This can include vendor fraud schemes as well as creating false customer accounts to generate false payments.
Billing Fraud Warning Signs
  • Invoices for unspecified consulting or other poorly defined services.
  • Unfamiliar vendors.
  • Vendors whose only address is a post-office box.
  • Vendors with company names consisting only of initials; many such companies are legitimate, but crooks commonly use this naming convention.
  • Rapidly increasing purchases from one vendor.
  • Vendor billings more than once a month.
  • Vendor addresses that match employee addresses.
  • Large billings broken into multiple smaller invoices for amounts low enough not to attract attention.
  • Internal control defects, such as allowing the same person to process payments and approve new vendors.

Non-Cash Misappropriations

Company assets can be misappropriated in one of two ways: they can be misused - "borrowed" - or stolen. Assets most often misused are company vehicles, company supplies and office equipment, including computers.

Computerized information and computer software may seem intangible, but they are valuable company assets. As with any other company property, they must be protected from misuse, theft, fraud, loss, and unauthorized use or disposal.

Misappropriation of computer space, time, or software includes:
  • Using a computer to create or run unauthorized jobs
  • Operating a computer in an unauthorized mode
  • Intentionally causing an operational failure
Non-Cash Misappropriations - Theft
Theft of company property is an even greater concern to companies than misuse. Losses from larceny of assets cost companies millions of dollars. The means range from simple larceny - An employee steals a product from a company, either by physically taking it or diverting it in some other way - to falsifying documents and ledgers.

Anyone who steals inventory causes inventory shrinkage; therefore, prevention demands that someone knowledgeable about the inventory and independent of the purchasing or warehousing sectors conduct periodic physical inspections of the inventory. All merchandise should be guarded and locked, with access limited to authorized personnel only.

Theft of Services - An employee misuses company services or company-funded services.

Cash Larceny

Cash larceny is the intentional removal of an employer's cash - currency, checks, or both. The funds may be obtained by forging a check, submitting a false invoice, or doctoring a timecard, among other illegal activities. The two principal types of cash larceny are thefts from deposits and register theft.

Unlike skimming schemes, this cash has already been recorded on the books. The key to preventing cash larceny schemes is adequate physical control over the custody of cash.

Warning signs of cash larceny include:
  • Unexplained cash discrepancies.
  • Altered or forged deposit slips.
  • Customer billing and payment complaints.
  • Rising "in-transit deposits" — that is, deposits that are made but not yet posted by the bank.
In retail environments where cash exchanges are common, this type of fraud covers simply:
  • Stealing cash.
  • Not registering a sale and pocketing the cash.
  • Return fraud (an employee colludes with someone else to return goods fraudulently for a refund).

Social Engineering

Fraud by non-employees (third parties) often begins with what is referred to as "social engineering" — the manipulation of an employee's natural human tendency to trust to allow a third party to gain unauthorized access to company resources.

At its simplest, it refers to the process a computer hacker would use to obtain an employee's network password, giving the hacker access to the company's network without having to break in. The hacker might then use this access to access confidential company information, steal employee identities or disrupt the company's systems or network.

To recognize a social engineering scheme, keep an eye out for a third-party caller's (or e-mailer's) refusal to provide contact information, rushing, name-dropping, intimidation, asking odd questions, and requesting forbidden information. Suspicious behavior should be reported to your supervisor.

Hackers and Social Engineering
A hacker is someone who uses a computer to gain unauthorized access to data. A clever hacker will use a variety of techniques, including one or more of the following to commit social engineering fraud:
  • Impersonating an authorized person online, by telephone, or even in person
  • Coaxing information such as passwords out of employees by preying on their trust, charming them, or flirting
  • Rigging the system and then offering to help "fix it" — and accessing passwords in the course of repairing the system they've rigged
  • Entering the work area and looking over people's shoulders to find out passwords
  • Sifting through unshredded documents in the trash
  • Offering sweepstakes requiring a password to enter, with the hope that the participant will use the same password used for network access

Expense Reimbursement Fraud

Also called expense fraud, this type of fraud includes:
  • Mischaracterized Expenses - Employees produce legitimate documentation for non-business-related transactions — e.g., taking a friend to dinner and charging it to the company as "business development."
  • Mischaracterized Expenses - Employees produce legitimate documentation for non-business-related transactions — e.g., taking a friend to dinner and charging it to the company as "business development."
  • Fictitious Expenses - Employees submit phony documentation for reimbursement — e.g., producing a fake hotel bill on a home computer.
  • Multiple Reimbursements - Employees copy invoices and resubmit them for payment more than once — e.g., copying a restaurant bill and claiming the cost again on next month's expense reimbursement.

Other types of insider fraud

  • Workers’ Compensation Fraud - In this type of fraud, an employee exaggerates injuries or a disability, invents injuries that did not occur, or attributes injuries that occurred outside of the work environment to work to receive compensation pay.  Employees also commit workers’ compensation fraud when they lie about their health or work status while receiving compensation.
  • Health Insurance Fraud - An employee conspires or colludes with health care providers to defraud an insurance company by submitting false or inflated receipts. An employee claims reimbursement for medical or health services not received.
  • Commission Fraud - An employee inflates sales numbers to receive higher commissions, falsifies sales that did not occur, or colludes with customers to record and collect commissions on falsified sales.
  • Personal Use of Company Vehicle - This is similar to theft of services, but involves the employee using a company vehicle (and often the company-issued credit card for fuel) for unauthorized personal activities.

To prevent and detect asset misappropriation:

  1. Conduct thorough background checks on new employees.
  2. Implement checks and balances.
  3. Separate the functions of the check preparer and check signer.
  4. Rotate duties of employees in accounts.
  5. Conduct random audits of company accounts.
  6. Don’t pay commission until goods are services have been delivered.
  7. Keep checks in a locked cabinet and destroy voided checks.
  8. Implement an anonymous ethics hotline to encourage employees to report wrongdoing.

Page Footer has no content