FE: Chapter 5Check Tampering & Fraudulent Disbursement Schemes

Learning Objectives

  • After studying the material, you should be able to:
    • Define check tampering and differentiate it from other fraudulent–disbursement schemes.
    • List & explain the five principal categories of check tampering (forged maker, forged endorsement, altered payee, concealed-check, authorized maker).
    • Identify the techniques fraudsters use to obtain blank checks and signatures.
    • Describe methods for preventing & detecting each scheme, including electronic-payment variants.
    • Explain how check tampering is hidden in the accounting records and through bank-statement manipulation.
    • Recognize the unique challenges posed by authorized makers and by electronic payments.
    • Perform (or design) proactive computer–audit tests to uncover red flags.

Key Definitions & Concepts

  • Check tampering – employee converts org. funds by either:
    1. Fraudulently preparing a check drawn on the organization’s account for personal benefit.
    2. Intercepting a legitimate outgoing check & converting it.
  • Forgery – signing another’s name or materially altering a genuine instrument with fraudulent intent.
  • Maker – person who signs a check.
  • Fraudulent disbursement – any scheme that removes money from the organization after it has been recorded on the books.
  • Forced reconciliation – intentionally manipulating the bank-rec so book & bank appear to balance.
  • Electronic payment – ACH, wire, online bill-pay, etc.; subject to the same asset-misappropriation risks.

ACFE 2011 Global Fraud Survey Data

  • Among fraudulent disbursements, check tampering accounted for 26%26\% of cases.
  • Median loss from check-tampering schemes: $143,000\$143{,}000highest among disbursement frauds.

The Five Categories of Check Tampering

  1. Forged Maker Schemes
    • Blank or counterfeit checks + faked maker signature.
    • Typical offenders: A/P clerks, bookkeepers, office managers (access to check stock).
  2. Forged Endorsement Schemes
    • Intercept signed check → forge payee’s endorsement → cash.
    • Key step: interception (mailroom, A/P, returned-mail, rerouted address).
  3. Altered Payee Schemes
    • Change payee line after check is signed: add letters, overwrite, erase, or manipulate A/P master file.
  4. Concealed-Check Schemes
    • Slip a fraudulent check into a stack of legitimate checks; inattentive signer signs it.
  5. Authorized Maker Schemes
    • Fraudster already has signatory authority; simply writes & signs checks to self or accomplice.

Forged Maker Schemes – Detailed Points

  • Obtaining blank checks:
    • Direct access via duties.
    • Steal from unsecured storage, obtain keys/combination, bribe accomplice, pick voided checks, counterfeit stock.
  • Producing signatures:
    • Free-hand imitation.
    • Photocopied/transparency transfer.
    • Automatic mechanisms (signature stamps, computer-generated signatures).
  • Preferred payees: self, shell company, accomplice, vendor, “cash”.
  • Safeguards:
    • Blank stock locked; sealed boxes with security tape.
    • Watermarked / security-thread paper; rotate printers & stock.
    • Dual control over check signer passwords & stamps.
    • Daily beginning-of-day check-number reconciliation.

Forged Endorsement Schemes – Detailed Points

  • Interception methods:
    • Mailroom theft; janitorial staff; A/P clerk retains check after signature; theft of returned mail.
    • Reroute address in vendor/customer master file.
  • Conversion:
    • Simple cashing (no ID) or dual endorsement (forge payee then sign own name); may need fake ID.
  • Prevent/Detect:
    • Segregate preparation, signing, delivery.
    • Investigate vendor complaints & duplicate-payment flags.
    • Random vendor confirmations; address-change logs; review backs of cancelled checks.
    • Chart mailing dates vs. employee work records; CCTV in mailroom.

Altered Payee Schemes – Detailed Points

  • Techniques:
    1. Insert new payee name (white-out, overwrite).
    2. Tack on letters/words (e.g., “ABC Co.” → “A.B. Collins”).
    3. Erasable ink or pencil when preparing checks.
    4. Leave payee blank; signer obliviously signs blank check.
    5. Change payee in A/P system before print run, then restore.
  • Controls:
    • Never return signed checks to preparer.
    • Only permanent ink; carbon-copy checks; mandatory payee line fill.
    • Independent reconciliation that matches payee, amount, support.

Concealed-Check Schemes – Detailed Points

  • Fraudster compiles stack of real checks, hides personal check inside, fans stack so only signature lines visible.
  • Exploits rushed or inattentive signers.
  • Prevention: zero-tolerance review of every payee; limit batch size; require voucher package with each check; rotate signatories.

Authorized Maker Schemes – Detailed Points

  • Difficult because fraudster is the control.
  • Methods:
    • Override controls through influence/intimidation.
    • Write checks to personal expenses, family, or shell vendors.
    • Abuse weak segregation (signing, reconciling, blank-check access in same hands).
  • Controls:
    • Dual signatures over XX threshold (e.g., $5,000\$5{,}000).
    • Separate signing from check stock & reconciliation.
    • Spot-check payees vs. vendor master; verify business purpose.
    • Up-to-date vendor list & scrutiny of unfamiliar names.

Concealment Techniques (All Schemes)

  • Omit check from disbursement journal; force reconciliation.
  • Code to legitimate vendor/expense; overstate other checks to “absorb” amount.
  • Destroy or withhold cancelled checks; doctor bank statement (white-out, photocopy).
  • Realter the check after statement returns (replace fraudster’s name with real payee).
  • Reissue replacement checks so vendors don’t complain.
  • Bogus support – create fake invoices/POs/receiving reports.
  • Reliance on lack of independent monthly bank reconciliation.

Electronic-Payment Tampering

  • Employees abuse ACH, wires, online bill-pay.
  • Access gained via:
    • Legitimate credentials (insider).
    • Credential theft, social engineering, unattended workstation.
  • Concealment easier (no physical evidence).
  • Internal controls:
    • Segregate template maintenance, payment entry, approval, release.
    • Daily reconciliation; dedicated accounts for electronic vs. paper.
    • Strict user-ID management; mandatory log-off; password rotation.
    • Bank security tools: ACH blocks/filters, Positive Pay for ACH, dual approval, transaction limits, multi-factor authentication (tokens, smart cards, voice print).

Proactive Computer-Audit Tests (Highlights)

  • List & review voided checks by issuer.
  • Summarize bank-rec reconciling items; scrutinize unusual entries.
  • Duplicate payment searches: same vendor/invoice/amount, or split across vendors.
  • Extract manual checks, checks to cash, no-PO purchases; rank by issuer.
  • Identify gaps & out-of-sequence check numbers.
  • Compare A/P sub-ledger vs. vendor A/R statements.
  • User-access matches: users who can both issue payments and post to G/L.
  • Payroll outliers: zero net, unusual amounts.

Case Study 1 – Melissa Robinson (Charitable Org.)

  • Role: Executive secretary; one of two authorized signers; handled all cash collections.
  • Weaknesses exploited:
    • No annual audit (despite charter).
    • Two-signature rule ignored (she forged second signatory).
    • Manual checkbook (refused to computerize).
    • Board’s over-reliance & lack of oversight; allowed her to move office to home.
  • Scheme mechanics:
    • Write checks to self/cash; record ledger as hotel, supplies, etc.
    • Used erasers & correction fluid to alter ledger after checks cleared.
    • Stole large amounts of undocumented cash collections.
  • Outcome: $60,800\$60{,}800 proven loss (likely higher); indicted & ordered restitution.
  • Lessons:
    • Mandatory audits must be enforced.
    • Two-signature control needs independent signers.
    • Never allow preparer to maintain sole custody of books & bank records.

Case Study 2 – Ernie Phillips (Receiver’s Office)

  • Role: Controller brought in to restore controls at escrow servicer.
  • Scheme:
    • Forged boss’s signature (hand & stolen signature stamp).
    • Inserted personal checks in regular batches; hid in end-of-statement sequence.
    • Intercepted bank statements; persuaded bank to redirect statements to him; altered copies.
  • Detection: Operations manager found un-cashed check; confrontation led to confession.
  • Loss: $109,000\$109{,}000; professional downfall, legal action, eventual death.
  • Control failures:
    • Signature stamp unsecured.
    • Bank allowed statement address change without authorization.
    • Reconciliations not performed by independent person.

Ethical, Philosophical & Practical Implications

  • Trust without verification invites exploitation; even “model” employees may offend.
  • Segregation of duties is a moral as well as procedural safeguard—protects both organization and honest employees.
  • Board/management ethical responsibility: enforce controls even in charitable or high-trust environments.
  • Fraud often escalates from need (financial pressure) + opportunity (control gap) + rationalization (“I’ll pay it back”).

Connections to Foundational Principles

  • Mirrors Fraud Triangle: pressure, opportunity, rationalization.
  • Reinforces importance of COSO control activities (segregation, authorization, independent review).
  • Ties to earlier chapters on skimming & cash larceny—difference lies in stage of cash flow (pre- or post-recording).

Real-World Relevance

  • Despite rise of electronic payments, paper checks remain common; vulnerabilities persist.
  • Small & mid-sized entities especially at risk due to limited staff & over-reliance on “trusted” individuals.
  • Banks provide tech tools, but internal governance must dictate their deployment.

Review Focus (Potential Exam Prompts)

  • Distinguish forged maker vs. forged endorsement.
  • Explain why authorized maker schemes evade traditional controls.
  • Describe how altered-payee frauds are executed & detected.
  • List specific bank-level services that mitigate electronic-payment fraud.
  • Draft an audit program incorporating at least three proactive data-analysis tests.

Practical Control Checklist

  • [ ] Blank check stock locked; access log maintained.
  • [ ] Dual signature requirement over $X\$X.
  • [ ] Signature stamp/password under dual control.
  • [ ] Separate personnel for prepare / sign / mail / reconcile.
  • [ ] Daily bank-rec with payee verification.
  • [ ] Vendor master address changes logged & reviewed.
  • [ ] ACH blocks/filters; Positive Pay for checks & ACH.
  • [ ] CCTV or physical supervision of mailroom.
  • [ ] Mandatory vacations & job rotation for A/P & treasury staff.
  • [ ] Incident-response plan for vendor or bank complaint.

Mnemonic Aids

  • F-F-A-C-A = Five schemes: Forged maker, Forged endorsement, Altered payee, Concealed check, Authorized maker.
  • SIPOD controls for checks: Segregate duties, Independent bank-rec, Physical security (check stock), Oversight of payees, Dual approval.

Quick Numerical Reference (wrap-up)

  • 26%26\% of disbursement frauds = check tampering.
  • Median loss $143,000\$143{,}000; Melissa Robinson proved loss $60,800\$60{,}800; Ernie Phillips $109,000\$109{,}000.
  • Fraudster often caught within 121-2 years, but cases cited lasted up to 55 years.