How fraud in the cash receipt cycle occurs in an organization depends largely on the nature of the business and how the cash cycle operates. Unlike the expenditure cycle, the mechanics of the fraud scheme will vary by organization. For simplicity, the term “cash receipts” is used to refer to incoming funds that are currency, customer checks, wire transfers, and credit cards. There are specific fraud schemes related to cash receipts exclusively. Typically, the schemes occur with cash receipts before recording sales, after initial recording sales, and from non revenue sources.
Typically, schemes involving the embezzlement of cash receipts are known as skimming schemes. In a fraud risk assessment, auditors will start with the inherent fraud schemes as I describe in this post and then think about how and where each scheme could occur in the organization. Follow on…
Cash Receipts Embezzlement Before Recording Sales
As I have mentioned on the preface, the embezzlement of cash receipts fraud scheme is referred to as a skimming scheme. The fraud occurs by the theft of incoming customer payments or of non-revenue cash receipts before the funds are deposited and recorded in the accounting records. The scheme requires an individual to receive the funds and avoid the accountability controls. The concealment strategy to hide the theft varies by the nature of the incoming funds and the perpetrator’s responsibilities and authority.
The typical concealment strategies are:
- No one will miss the funds – In a retail environment, there is no record of the sales transaction or the theft if the cashier diverts the customer payment without recording the sale in the cash register.
- Controlling the communication with the customer – A life insurance agent or investment advisor receives funds directly from a customer. If the representative diverts the funds and provides the customer with false statements, the fraud will continue until a mistake occurs or a customer attempts to collect the funds and the perpetrator cannot provide the funds.
- Responsibility for explaining the unfavorable variations or discrepancies – The theft of funds should create an unfavorable variance, such as a decrease in the gross profit. If the local manager is responsible for explaining the variance, he or she could divert the funds and provide false explanations.
Understanding the conversion cycle is important in recognition of the ease in which the skimming scheme occurs. Revenue skimming typically happens with the theft of currency, because no skills are required to convert the funds to personal benefit. However, customer checks can be negotiated through the following:
- An accomplice at a bank who is willing to negotiate the check
- Establishing a false bank account with a look – alike name
- Negotiating the check at a dishonest money service bureau
From an audit theory perspective, this scheme is generally not detectable by traditional sampling and audit procedures, because the transaction is not recorded. Therefore, auditors must understand that not all fraud schemes are detectable by traditional tests of controls. Fraud analytics may be useful in detecting the probability of skimming, but investigative procedures will be required to track the theft.
Fraud analytics should focus on the concealment strategy being employed by the perpetrator. With the concealment strategy in mind, the auditor’s analysis should focus on the composition of daily deposits, specifically, currency, customer checks, credit cards, or wire transfers. The auditor is searching for a change in the composition of the daily deposits correlated to an event or person. The nature of the change is the red flag, and the response will be dictated by the nature of the change. Skimming also results in a reduction of gross profit. In many skimming schemes, the change in gross profit is negligible at the organizational level. The best chance of identifying the change in gross profit is to perform a “disaggregated analysis by product line“.
In one fraud case, a company was comprised of 15 operating locations. The gross profit on an organizational level did not indicate a negative change. However, at one of the smaller operating units, the gross profit decreased by 15 percent. Further analysis indicated that the major product line had a minor change in gross profit, which could be explained by many different lines. However, in the minor product lines, the negative change in the gross profit was 100 percent. Where was the skimming scheme taking place? From a concealment point, substantiating or refuting the representations for the changes caused by theft point is the best approach for auditors in answering this question. When the auditor refutes the employee’s explanations, the perpetrator of the crime might confess.
Cash Receipts Embezzlement After Initial Recording of Sales
Once the sales transaction is recorded, the perpetrator must conceal the theft of cash receipts through another recorded transaction. The altering transaction can be a credit, void, return, dormant credit, or journal entry. The key is to link the altering transaction to the theft of the cash receipt. The red flag of the theft is the altering transaction. The pattern or frequency of the altering transaction is the anomaly in the cycle. The pattern may be associated with a person or an account. The frequency is the number of occurrences that exceeds the norm for the sales activity.
The theft of cash receipts can be concealed with collusion. For example: Assume the individual receiving the funds diverts the payments. In collusion with a customer service representative, dormant or aged customer credits are identified and applied to the customer’s account in which the funds were embezzled.
Cash Receipts Embezzlement from Non-revenue Sources
It is very common for cash receipts to be received directly by internal employees. For example, risk management receives cash receipts for insurance claims, human resources receives cash receipts for health insurance payments, credit and collections receive cash receipts for bad debt customers, and purchasing receives volume discount payments. Each one of these functions is well suited to divert the cash receipt and conceal the theft. In the search for fraud opportunity, the handling of non revenue cash receipts is a prime area for review.
The audit approach follows:
- Identify the departments that are receiving cash receipts directly.
- Identify the source of the funds and request the source to provide a listing of payments.
- Trace the payments into the accounting records. If there are missing payments, you most likely have uncovered a fraud.
Currency Substitution Schemes
The perpetrator of currency substitution schemes diverts the incoming currency and conceals the theft by holding back customer checks and depositing the checks at a later time.
- The concealment strategy is intended to provide the illusion of daily deposits being made at a constant level. In addition, false coupons, vouchers, or providing other false documentation as evidence of the funds hide the theft of currency.
- The red flag is when currency as a percentage of the daily deposits decreases throughout the theft period until the daily deposits are comprised solely of checks or credit cards.
Embezzlement Concealed with a Lapping
“Lapping” is a concealment strategy to conceal the theft of a customer’s payment. The theft starts with the embezzlement of a payment associated with a customer’s accounts receivable balance. In the traditional scheme, the perpetrator has access to both incoming funds and the accounts receivable records. The theft of one customer check is concealed by applying another customer check to first customer’s account. Once started, the fraud scheme typically continues until the perpetrator is caught. It is easy to see how this becomes a variation of the well – known pyramid scheme. This scheme is most likely to occur in small businesses in which there is not an adequate separation of duties.
Note: The scheme occurs in larger companies if someone in cash management operates in collusion within someone else with the capability to issue credits or cause transfers of credits.
Lapping in Non-accounts Receivable
The fraud concept is important and can be applied to other operating areas. The fundamental theory is that the theft of funds is being concealed with funds from another source. The next examples illustrate how the lapping theory can be used to conceal a fraud scheme:
In a loan fraud scheme involving notes of short duration, the loan officer embezzled the funds by establishing a fictitious customer. At the end of the note period, the loan officer rolled the note for a new 60 – day period. The new loan was for the original loan amount plus interest. In this variation, the loan officer was lapping with the bank’s funds, not with a customer’s payment.
Data Mining for Lapping
Identifying the scheme is a relatively easy, with data mining, using the following 3 steps:
Step-1. Compare the customer remittance number from one month to the next month.
Step-2. Compute a net change between the numbers.
Step-3. Then look for an illogical change in customer remittance numbers.
Assume that the January customer remittance number was 10500 and the February customer remittance number was 4567. Since customer check numbers typically increase, the negative net change would be a red flag.
Remember, RED FLAGS DO NOTE EQUAL FRAUD!; they just mean that the transaction fits the fraud profile. Other red flags of lapping are:
- Transfers of credits between unrelated customers
- Delayed posting of customer payments
- Missing customer remittance advices
- Undocumented credit adjustments
- Customer inquiries regarding unapplied payments