Credit Cards Online Information

JENNIFER, THE ASSISTANT Jennifer treasurer at ABC Corp. in New Orleans, opened an e-mail from a former colleague who no longer worked for the organization. The e-mail read: "Hi Jennifer, there should be a refund of $716 on my old corporate Visa card from the IP Conference. I paid for, but did not attend, the conference and did not turn in the charge to ABC for reimbursement. Can you have Visa issue a refund check to me? Thanks very much for your help."

The e-mail was from Larry, a former ABC executive who had been Jennifer's boss at one time. The message seemed innocuous enough. Larry had legitimately charged a business conference to his corporate credit card, but he had canceled his registration because he left the company. Therefore, he was due a refund.

It would have been very easy for Jennifer to trust her former boss and get him the refund. Instead, because something didn't seem quite right, she chose to check on whether ABC had already reimbursed Larry for the conference.

To make this determination, Jennifer accessed Larry's corporate credit card records online and retrieved his expense reports from the accounts payable file room. The expense reports confirmed that Larry had not expensed the conference fee, but when Jennifer looked at his credit card statement, she saw a couple of odd items.

First, the most recent statement indicated that the former ABC executive had made four payments to his credit card in one month. Second, the statement was two pages long, and Jennifer knew that Larry rarely traveled for business. She scanned the charges and noted that most of them were from local vendors. In addition, none of the items looked like business charges. The charges included dinners at local restaurants, department and grocery store charges, and airline tickets for Larry and his wife that Jennifer knew were for their recent vacation.

Out of curiosity, Jennifer queried the company's checks online to see if any of the payments made on Larry's Visa account matched the dollar amounts of checks written by ABC. Sure enough, she found that all four payments made to Larry's credit card that month equaled amounts on checks that the company had written to Visa. Jennifer increased the scope of her search and observed that every payment posted to Larry's corporate credit card over the previous 12 months was from a check written by the company. She also noticed that of the $88,000 in charges on Larry's card over that time frame, none was for business expenses.

Jennifer printed copies of all of the checks and noted that, although Visa was listed as the payee on all of them, Larry's corporate credit card account number was handwritten on each check. Jennifer approached the director of internal auditing as well as Larry's former manager and requested an investigation into the matter.

While working for ABC, Larry was in charge of making sure that the organization paid delinquent balances on the corporate credit cards of people who had left the company. ABC had an arrangement with the credit card company that it would guarantee payment for certain employees if those employees did not pay the balances on their accounts. Once a month, Larry would provide accounts payable with a list of delinquent accounts on guaranteed cards, and accounts payable would cut the check to the credit card company.

However, on the bottom of every check request in Larry's last year of employment, he had written, "Please deliver the check to me." Typically, accounts payable would mail the check directly to the credit card company, but because accounts payable knew that Larry maintained a relationship with the credit card company, they adhered to his request and delivered the checks to him. When Larry received a check, he would write his own account number on the check, and the bank would apply the payment to Larry's credit card.

Larry did not need to make sure that the delinquent credit card owners listed on his spreadsheet paid their balances, because he had fabricated the delinquency list that he provided to accounts payable. In many cases, the employees with the so-called delinquent balances had left the organization long before, and they had paid their balances in full before departing.

So, where were the control breakdowns? First, Larry had sole authority over the credit card function. He managed the corporate credit cards, reviewed the delinquent accounts, had access to the employee statements, and dealt with the bank's account managers. No one reviewed his work. As soon as accounts payable walked the checks down to his office, he had all he needed to perpetrate the fraud.

The second breakdown was that the accounts payable clerk walked the checks over to Larry. Although not necessarily right, it is understandable that accounts payable would not have the time to audit Larry's delinquency list. After all, accounts payable was processing more than 1,000 checks per week with a staff of six. However, it was unacceptable for the clerk to deliver the check directly to Larry. The check should have gone from accounts payable to the vendor. The vendor invoice--or delinquency data in this case--should have contained all of the pertinent information to allow accounts payable to appropriately route the check.

# posted by Medical Information : 6:08 AM