How to Use a General Ledger to Find (and Stop) Fraud
To identify whether an organization is vulnerable or has been a victim of fraudulent behavior, it’s critical to spot common warning signs of internal fraud schemes. The first step is knowing where to look. Your company’s General Ledger (GL) is a good place to start. It’s a book that can tell stories of fraud, manipulation and betrayal. Unfortunately, few know how to read the signs. While investigators, attorneys and auditors tend to analyze the reports generated from the GL and track and monitor payment and revenue information within the GL, they often overlook a wealth of additional data that can be a signal for fraudulent activities. Properly analyzed, the GL’s contents can reveal evidence of nefarious activities, including bankruptcy fraud and theft of assets.
There are many GL accounts that can be used to hide fraudulent activities by manipulating balances in creative ways. Scenarios include misappropriating customer payments to non-company accounts, setting up ghost employees for expense reimbursements, or creating bogus merchandise returns and depositing the money to a personal bank account.
A forensic auditor electronically analyzes the transactions in a GL to identify trends and patterns of fraud. What type of unusual transactions can be identified? Here are a few examples:
- Identifying a reclassification from an expense account to an asset account – this often indicates an attempt to fraudulently increase net earnings
- Wire payments booked to unusual or not often used expense accounts – these may be money siphoned out of the company and hidden in an expense account created for this reason
- Clearing account with large transactions offset by both asset and expense items – this may identify an account being used to hide unreconciled payable entries
Let me describe a real-world example from an investigation I performed for a large manufacturing company. This company was put into bankruptcy by its parent and the parent company then informed the company’s largest creditor that there were no assets to repay their debt of $10M. We reviewed the GL to determine what happened to the bankrupt company’s assets. What happened to the $20M in manufacturing assets that existed a year before when the loan was made?
We traced the series of recorded transactions that reduced the value of the assets the year prior to bankruptcy. The assets were not actually sold or depreciated as one might expect. Instead, sophisticated data mining identified a series of journal entries that went back and forth to multiple accounts before landing in the equity account, making the company appear insolvent. The entries in effect reduced assets by $20M and reduced equity by $20M. The assets actually did exist! Through interviews, we learned that the parent moved these assets to another subsidiary and closed down the company’s operations. The parent then made these journal entries to make the company appear to lack assets and be insolvent so it wouldn’t have to pay $10M to its largest creditor.
Many bankruptcies are either intentional to avoid paying creditors or are caused as a result of nefarious activity.
Another real-world example involves a Ponzi scheme that went on for decades before being uncovered, financially harming thousands of investors. Trustmie Company started in the early 90’s and sold medical-related investments. Trustmie executives would use the ‘rob Peter to pay Paul’ method of conducting business. Legitimate investments were made, however the marketed returns on investments were so over-stated that in order to continue with its reputation of high returns, Trustmie needed to use funds from new investors to pay the old ones and then took a big fee for performing the transactions. The perpetrators of the fraud became too greedy – after not being caught for so many years, they figured they were invincible and found more creative and lucrative ways to use Trustmie to personally benefit themselves.
Being too greedy is one of the major downfalls of a fraudster for getting caught. The perpetrators funneled too much money out of Trustmie and like many Ponzi schemes, this one finally collapsed as the company could no longer cover the old investors’ accounts with new investors’ money. During the same time period Trustmie was put into bankruptcy, the Securities and Exchange Commission raised concerns and a Trustee was appointed. Our firm was hired by the Trustee to perform an investigation. We couldn’t wait to get our hands on the GL and use all sorts of data analytic techniques to see what inventive ways money was removed from the company to benefit the executives!
Here are a few examples of how we analyzed data and what we found:
- We electronically stripped out all of the vendor payments over a 5-year period and identified the corresponding expense or asset account for these costs. We identified millions of dollars paid for supposed ‘donations’ to entities that were actually related to the executives. We also uncovered hundreds of thousands of dollars to entities hired to help Trustmie in developing new, creative and illegal ways to funnel money out of the company.
- We identified all of the vendor names, addresses and vendor numbers of the executives and cross-matched them with the GL entries, to identify any payments to them and the corresponding expense accounts. We discovered millions of dollars in payments for personal expense reimbursements, including credit card reimbursements for yacht-related expenses, personal homes and trips.
- We cross-matched the investment advisors’ names, addresses and contact information between each other. We then cross-matched these groups of related entities to the general ledger payment detail and found significant excessive payments. This resulted in identifying a number of groups of advisors that were aware of the scheme, who pushed investors to invest in the scheme and then profited significantly from duping the investors. They were in collusion with management.
How did these frauds happen? These cases have two common internal control weaknesses: a lack of controls around management override and collusion among senior management.
Here are some red flags that may tip you off about nefarious behavior at a company you may be involved with; whether you’re an employee, senior management, outside consultant or outside attorney:
- Lack of written policies and procedures around operations and accounting: this allows senior management to be creative in the way they conduct business and account for operations without any pushback from others on how things are supposed to be handled. Schemes and shenanigans can take place without being questioned whether they are in line with written policies and procedures if none exist. In the first example above, the daughter of the CEO, also an executive, was responsible for the handling of investor funds. In order to perpetuate the fraud effectively she handled investor using her own ‘judgement’. This resulted in payments being inconsistently applied amongst investors. However, since there wasn’t a written policy in place, there was nothing that dictated otherwise.
- Accounting and operations do not interact together: in other words the staff in each department have little or no contact between one another, so accounting doesn’t have a clear understanding of what the organization’s operations consist of. This may be done intentionally. If accounting did understand operations, they may see more clearly questionable transactions. This allows senior management to perform shady activities, yet minimizing the chances of staff challenging transactions or blowing the whistle. In the second example above, the accounting department was oblivious to the forced bankruptcy and removal of assets by the parent. They were given misinformation about the closing of the subsidiary, and it was only after the investigation that they were able to see the big picture and put the pieces of the fraud together.
- The owner or CEO treats the company like it’s his or her personal entity: This happens often when a company was just a “Mom and Pop Shop”, followed by significant growth and either an IPO or financing arrangement. The CEO will hire family members in positions beyond their abilities and make operation decisions for their own personal benefit rather than for the benefit of investors, loan holders, customers or employees. This type of mindset does not delineate between what is fraudulent versus legitimate as the owner/CEO will rationalize the nefarious activity to be his/her sense of entitlement. In the first example, the CEO hired family members that did not have the experience or education to operate a company. Their only strength was working together as a family to siphon as much money out of the company as possible without getting caught for several years.
Bringing It All Together
The GL consists of many critical elements that can help you prevent and identify fraud. Looking out for the types of red flags discussed above and enlisting a consultant to help analyze the GL can help you in your responsibilities to detect fraud and other suspicious activity. Bridgepoint Consulting leverages forensic data analytics, a proven methodology that assists in identifying the highest risks of fraud, abuse and waste. We can help you learn how to use the GL in the fight against fraud. Contact us today to schedule your consultation for a fraud risk assessment. Learn more about our Forensics & Fraud services here.
Meet the Author:
Margie Reinhart is a certified CPA, CFF and CFE with over 20 years of experience providing risk management, compliance, internal audit and forensic accounting services to C-level executives in government agencies, law firms and Fortune 500 organizations. As Director in Bridgepoint Consulting’s Dallas office, she helps clients navigate the complexities of financial fraud and forensic investigations in the firm’s Turnaround & Dispute Resolution practice area. Margie’s specialties include: forensic analysis, litigation consulting, risk management, SOX and internal audit. She can be reached at Mreinhart@bridgepointconsulting.com or at 972-824-9167.
You may also like: