FE: Chapter 5Check Tampering & Fraudulent Disbursement Schemes
Learning Objectives
- After studying the material, you should be able to:
- Define check tampering and differentiate it from other fraudulent–disbursement schemes.
- List & explain the five principal categories of check tampering (forged maker, forged endorsement, altered payee, concealed-check, authorized maker).
- Identify the techniques fraudsters use to obtain blank checks and signatures.
- Describe methods for preventing & detecting each scheme, including electronic-payment variants.
- Explain how check tampering is hidden in the accounting records and through bank-statement manipulation.
- Recognize the unique challenges posed by authorized makers and by electronic payments.
- Perform (or design) proactive computer–audit tests to uncover red flags.
Key Definitions & Concepts
- Check tampering – employee converts org. funds by either:
- Fraudulently preparing a check drawn on the organization’s account for personal benefit.
- Intercepting a legitimate outgoing check & converting it.
- Forgery – signing another’s name or materially altering a genuine instrument with fraudulent intent.
- Maker – person who signs a check.
- Fraudulent disbursement – any scheme that removes money from the organization after it has been recorded on the books.
- Forced reconciliation – intentionally manipulating the bank-rec so book & bank appear to balance.
- Electronic payment – ACH, wire, online bill-pay, etc.; subject to the same asset-misappropriation risks.
ACFE 2011 Global Fraud Survey Data
- Among fraudulent disbursements, check tampering accounted for 26% of cases.
- Median loss from check-tampering schemes: $143,000 – highest among disbursement frauds.
The Five Categories of Check Tampering
- Forged Maker Schemes
- Blank or counterfeit checks + faked maker signature.
- Typical offenders: A/P clerks, bookkeepers, office managers (access to check stock).
- Forged Endorsement Schemes
- Intercept signed check → forge payee’s endorsement → cash.
- Key step: interception (mailroom, A/P, returned-mail, rerouted address).
- Altered Payee Schemes
- Change payee line after check is signed: add letters, overwrite, erase, or manipulate A/P master file.
- Concealed-Check Schemes
- Slip a fraudulent check into a stack of legitimate checks; inattentive signer signs it.
- Authorized Maker Schemes
- Fraudster already has signatory authority; simply writes & signs checks to self or accomplice.
Forged Maker Schemes – Detailed Points
- Obtaining blank checks:
- Direct access via duties.
- Steal from unsecured storage, obtain keys/combination, bribe accomplice, pick voided checks, counterfeit stock.
- Producing signatures:
- Free-hand imitation.
- Photocopied/transparency transfer.
- Automatic mechanisms (signature stamps, computer-generated signatures).
- Preferred payees: self, shell company, accomplice, vendor, “cash”.
- Safeguards:
- Blank stock locked; sealed boxes with security tape.
- Watermarked / security-thread paper; rotate printers & stock.
- Dual control over check signer passwords & stamps.
- Daily beginning-of-day check-number reconciliation.
Forged Endorsement Schemes – Detailed Points
- Interception methods:
- Mailroom theft; janitorial staff; A/P clerk retains check after signature; theft of returned mail.
- Reroute address in vendor/customer master file.
- Conversion:
- Simple cashing (no ID) or dual endorsement (forge payee then sign own name); may need fake ID.
- Prevent/Detect:
- Segregate preparation, signing, delivery.
- Investigate vendor complaints & duplicate-payment flags.
- Random vendor confirmations; address-change logs; review backs of cancelled checks.
- Chart mailing dates vs. employee work records; CCTV in mailroom.
Altered Payee Schemes – Detailed Points
- Techniques:
- Insert new payee name (white-out, overwrite).
- Tack on letters/words (e.g., “ABC Co.” → “A.B. Collins”).
- Erasable ink or pencil when preparing checks.
- Leave payee blank; signer obliviously signs blank check.
- Change payee in A/P system before print run, then restore.
- Controls:
- Never return signed checks to preparer.
- Only permanent ink; carbon-copy checks; mandatory payee line fill.
- Independent reconciliation that matches payee, amount, support.
Concealed-Check Schemes – Detailed Points
- Fraudster compiles stack of real checks, hides personal check inside, fans stack so only signature lines visible.
- Exploits rushed or inattentive signers.
- Prevention: zero-tolerance review of every payee; limit batch size; require voucher package with each check; rotate signatories.
Authorized Maker Schemes – Detailed Points
- Difficult because fraudster is the control.
- Methods:
- Override controls through influence/intimidation.
- Write checks to personal expenses, family, or shell vendors.
- Abuse weak segregation (signing, reconciling, blank-check access in same hands).
- Controls:
- Dual signatures over X threshold (e.g., $5,000).
- Separate signing from check stock & reconciliation.
- Spot-check payees vs. vendor master; verify business purpose.
- Up-to-date vendor list & scrutiny of unfamiliar names.
Concealment Techniques (All Schemes)
- Omit check from disbursement journal; force reconciliation.
- Code to legitimate vendor/expense; overstate other checks to “absorb” amount.
- Destroy or withhold cancelled checks; doctor bank statement (white-out, photocopy).
- Realter the check after statement returns (replace fraudster’s name with real payee).
- Reissue replacement checks so vendors don’t complain.
- Bogus support – create fake invoices/POs/receiving reports.
- Reliance on lack of independent monthly bank reconciliation.
Electronic-Payment Tampering
- Employees abuse ACH, wires, online bill-pay.
- Access gained via:
- Legitimate credentials (insider).
- Credential theft, social engineering, unattended workstation.
- Concealment easier (no physical evidence).
- Internal controls:
- Segregate template maintenance, payment entry, approval, release.
- Daily reconciliation; dedicated accounts for electronic vs. paper.
- Strict user-ID management; mandatory log-off; password rotation.
- Bank security tools: ACH blocks/filters, Positive Pay for ACH, dual approval, transaction limits, multi-factor authentication (tokens, smart cards, voice print).
Proactive Computer-Audit Tests (Highlights)
- List & review voided checks by issuer.
- Summarize bank-rec reconciling items; scrutinize unusual entries.
- Duplicate payment searches: same vendor/invoice/amount, or split across vendors.
- Extract manual checks, checks to cash, no-PO purchases; rank by issuer.
- Identify gaps & out-of-sequence check numbers.
- Compare A/P sub-ledger vs. vendor A/R statements.
- User-access matches: users who can both issue payments and post to G/L.
- Payroll outliers: zero net, unusual amounts.
Case Study 1 – Melissa Robinson (Charitable Org.)
- Role: Executive secretary; one of two authorized signers; handled all cash collections.
- Weaknesses exploited:
- No annual audit (despite charter).
- Two-signature rule ignored (she forged second signatory).
- Manual checkbook (refused to computerize).
- Board’s over-reliance & lack of oversight; allowed her to move office to home.
- Scheme mechanics:
- Write checks to self/cash; record ledger as hotel, supplies, etc.
- Used erasers & correction fluid to alter ledger after checks cleared.
- Stole large amounts of undocumented cash collections.
- Outcome: $60,800 proven loss (likely higher); indicted & ordered restitution.
- Lessons:
- Mandatory audits must be enforced.
- Two-signature control needs independent signers.
- Never allow preparer to maintain sole custody of books & bank records.
Case Study 2 – Ernie Phillips (Receiver’s Office)
- Role: Controller brought in to restore controls at escrow servicer.
- Scheme:
- Forged boss’s signature (hand & stolen signature stamp).
- Inserted personal checks in regular batches; hid in end-of-statement sequence.
- Intercepted bank statements; persuaded bank to redirect statements to him; altered copies.
- Detection: Operations manager found un-cashed check; confrontation led to confession.
- Loss: $109,000; professional downfall, legal action, eventual death.
- Control failures:
- Signature stamp unsecured.
- Bank allowed statement address change without authorization.
- Reconciliations not performed by independent person.
Ethical, Philosophical & Practical Implications
- Trust without verification invites exploitation; even “model” employees may offend.
- Segregation of duties is a moral as well as procedural safeguard—protects both organization and honest employees.
- Board/management ethical responsibility: enforce controls even in charitable or high-trust environments.
- Fraud often escalates from need (financial pressure) + opportunity (control gap) + rationalization (“I’ll pay it back”).
Connections to Foundational Principles
- Mirrors Fraud Triangle: pressure, opportunity, rationalization.
- Reinforces importance of COSO control activities (segregation, authorization, independent review).
- Ties to earlier chapters on skimming & cash larceny—difference lies in stage of cash flow (pre- or post-recording).
Real-World Relevance
- Despite rise of electronic payments, paper checks remain common; vulnerabilities persist.
- Small & mid-sized entities especially at risk due to limited staff & over-reliance on “trusted” individuals.
- Banks provide tech tools, but internal governance must dictate their deployment.
Review Focus (Potential Exam Prompts)
- Distinguish forged maker vs. forged endorsement.
- Explain why authorized maker schemes evade traditional controls.
- Describe how altered-payee frauds are executed & detected.
- List specific bank-level services that mitigate electronic-payment fraud.
- Draft an audit program incorporating at least three proactive data-analysis tests.
Practical Control Checklist
- [ ] Blank check stock locked; access log maintained.
- [ ] Dual signature requirement over $X.
- [ ] Signature stamp/password under dual control.
- [ ] Separate personnel for prepare / sign / mail / reconcile.
- [ ] Daily bank-rec with payee verification.
- [ ] Vendor master address changes logged & reviewed.
- [ ] ACH blocks/filters; Positive Pay for checks & ACH.
- [ ] CCTV or physical supervision of mailroom.
- [ ] Mandatory vacations & job rotation for A/P & treasury staff.
- [ ] Incident-response plan for vendor or bank complaint.
Mnemonic Aids
- F-F-A-C-A = Five schemes: Forged maker, Forged endorsement, Altered payee, Concealed check, Authorized maker.
- SIPOD controls for checks: Segregate duties, Independent bank-rec, Physical security (check stock), Oversight of payees, Dual approval.
Quick Numerical Reference (wrap-up)
- 26% of disbursement frauds = check tampering.
- Median loss $143,000; Melissa Robinson proved loss $60,800; Ernie Phillips $109,000.
- Fraudster often caught within 1−2 years, but cases cited lasted up to 5 years.