Tonight’s episode – The team probes the death of a woman whose dot.com company crashed.

Sitting around the table, reviewing a table covered in financial documents relating to potential insider trading (short selling) of the victim company’s stock

Investigator Danny Pino (Scotty Valens) says, “can’t we call some forensic accountants to read this stuff?’  The other investigator Thom Barry (Will Jeffries) replies (moaning), “these are worse than those poems last year.”

Great stuff – for us forensic accountants.  Job security.

Here’s a link to the show’s website:  http://www.cbs.com/primetime/cold_case/recaps/

Access – allowing those authorized to have access, anytime, anywhere, and even more importantly, keeping those who are not authorized from accessing it.  The safeguards (both systemic system controls and manual-based policies and procedures) will dictate how strong the system will be, but how these controls, policies and procedures are maintained on an ongoing basis is potentially even more important.  Systems change, personnel change, and non-compliance to any safeguard could result in best case scenario, unauthorized access to your systems and data, and worst case scenario, the compromise and theft of key valuable proprietary information.

Security – how secure is your data, the systems, and the uninterrupted continuity of both?  How are the systems and data secured both physically and electronically?  As with access, the system and manual controls implemented will dictate how strong security is over your information, but ongoing compliance (and assurance that compliance continues) are also critical.

Some issues I have yet to overcome to allow me to support the “Cloud” movement – 1) what happens if a dispute develops between the contracting business using cloud services, and the cloud provider?    Under the old in-house configuration, the business simply withheld payment to the outside IT folks, and found new IT solutions while the differences were resolved / litigated.  Under cloud-based solutions, the cloud provider could simply turn off access to their cloud-based systems (and data), holding all the leverage towards resolving the dispute.  Relationship good – switched on, and relationship goes sour – switched off (no one has access to anything).

2) Today’s denial of service attacks on websites in response to the US Government’s abrupt shutting down and taking over www.megaupload’s website identify two genuine risks to access and security of your on-line systems and information. First, what if your business relied heavily on moving files back and forth between locations, sites, countries… using www.megaupload’s site.  The government’s decision to abruptly shut-down the company’s website service and business directly impacted your access to the files stored, or in transition, let alone having you find another solution to continue running your business.  Could the government do something similar to any web-based giant many businesses rely upon, sites like Google?  Who knows?  The fact is, abruptly today, with no notice for planning, the government shut the site and business down, ending all communications with it, resulting in holding all the leverage in resolving any issues the government had with the organization or its practices.  All the while, the megaupload’s business will remain closed, and any business or individual who used it will be left out, looking in from the outside.  It is similar to when the FDIC abruptly takes control over a financial institution – an abrupt closing, with no notice, leaving banking customers looking in through the doors wondering how and when they will ever gain access again to their funds.  One major difference history has shown is the banks tend to re-opened shortly after take-over, and the denial of access to funds is short lived.  When and if websites and internet-based solutions that are shut down will ever be open for access again is anyone’s guess.

3) Notwithstanding the government’s take-over, individuals and organizations with ill-will can also interfere with access and security to your systems and information.  Today’s denial of servcie attacks caused shut-downs of systems, preventing any access until the attacks were addressed.  How could a denial of access attack to your cloud provider’s system impact your access, your employee’s access, your customers’ and vendors’ access?  How much business would be lost if access to your systems and data was lost for even one business day?  The scenarios are not hard to imagine.  One cloud provider seeking more business could orchestrate a denial of access attack on a competitor’s cloud system, with the goal of luring the competitor’s customers over to their systems.  This type of “competitive” activity has always existed.  Why would anyone believe it wouldn’t within the electronic world?

Perhaps I am less open-minded to expanding into “cloud” solutions based on my experiences in forensic and litigation matters, where loyalties, contracts, duties, services, systems and data have been routinely violated regardless of the safeguards, controls, laws, regulations and consequences that existed.  In the end, today’s attacks continue to show me just how vulnerable businesses and individuals alike are, if they are heavily vested and reliant on solutions outside of their control for accessing and utilizing their systems and information.

Here’s an article relating to today’s attacks:

Go to cnn.com

First, how much investments could a firm manage or maintain to not miss $10.4 million dollars?  I am left wondering how this amount was not missed for over three years, and how controls that I would expect implemented by any investment firm did not prevent or detect this level of theft for such a long period.  Cases like this one makes me wonder just how many of these thefts are occurring today but have yet to be discovered, much like when I wrote something similar a year ago when this particular case was on-going and yet to be discovered.  Is also makes me wonder how many individuals who gamble regularly support their hobby or addiction with stolen funds.

Former company official admits embezzling $10.4M from northern NJ investment firm

NEWARK, N.J. — Federal prosecutors say a New Jersey man has admitted embezzling more than $10.4 million from the investment management firm where he served as chief financial officer.

Newmark’s lawyer, Michael B. Himmel, said his client has a “significant” gambling problem.

Thirty-nine-year-old David Newmark of Montville surrendered to authorities Wednesday and pleaded guilty to wire fraud and tax evasion charges. He faces up to 25 years in prison when he’s sentenced April 24 and also will have to make full restitution. Newmark stole the money from Short Hills-based Columbus Hill Capital Management. Prosecutors say he created a phony account to collect fraudulent deposits between February 2008 and March 2011 and diverted the funds to bank accounts he controlled.  Newmark’s lawyer, Michael B. Himmel, said his client has a “significant” gambling problem.

Click to read the article at therepublic.com

Another pattern I have been tracking is that no contexts seem to be immune.  Individuals with access and opportunity seem to be stealing everywhere possible.  I’m not saying everyone is stealing, because that is certainly not the case.  But I am saying a significant risk exists for theft or embezzlement within every business, entity, government agency, program, club, group, and every other type of organization that maintains funds, regardless of the nature, size and context of each potential victim organization.

I truly believe employee behavior is a leading indicator, often detected long before evidence of the actual diversion of funds has materialized.  Living beyond ones means seems to come up in many of the cases.  Know your employees, and for anyone who is a member of any social club, sports program or any other member organization, know who handles your finances and what controls are in place to safeguard your funds.

Below is a small sampling of Google Alerts received today alone:

Woman jailed for embezzling youth soccer funds (over $200,000)

http://www.vancouversun.com/business/Woman+jailed+embezzling+youth+soccer+funds/6006470/story.html

A local judge accused of embezzling court funds and other misdeeds could be removed from the bench

http://www.wxyz.com/dpp/news/a-local-judge-accused-of-embezzling-court-funds-and-other-misdeeds-must-answer-for-her-actions

Sentencing for Ira town clerk who admitted embezzling

http://www.wcax.com/story/16536416/sentencing-for-vt-clerk-who-admitted-embezzling

Former Tenderloin Housing Clinic Employee Sentenced For Embezzlement

http://sfappeal.com/news/2012/01/former-tenderloin-housing-clinic-employee-sentenced-for-embezzlement.php

A Kent County minister accused of embezzlement is due in court today.

http://www.wwmt.com/news/embezzlement-1400637-accused-minister.html
Former Shelby Schools superintendent charged with embezzlement

http://www.ludingtondailynews.com/news/63161-former-shelby-schools-superintendent-charged-with-embezzlement

A simple Google News search using key words “embezzlement ” and “medical” led me to many recent articles relating to individuals who crossed the line and were caught stealing from their practices.  The bookkeeper for one practice embezzled over $2 million, a practice manager embezzled nearly a half million, and several others whose thefts reached large six-figure amounts.

Last night’s “treasure” find – http://www.stealfromdoc.com/.

Although I am online most every night, as I have been my entire career, I had never landed on this site.  The site is sponsored and maintained by a practicing physician, Dr. Don Elton, who was victimized through an employee embezzlement.   Per Dr. Elton’s site: “I am a Pulmonary and Critical Care physician practicing in South Carolina. Like most physicians, I have been a victim of employee theft. None of us received any training in accounting or prevention and detection of employee embezzlement in school so I sought to write a concise book to fill in the knowledge gaps most physicians have in this very important area.”

Dr. Elton’s site is dedicated to articles, stories and information relating to fraud and embezzlement directed to the medical community.  In my experience, medical enviroments continue to be the number one victimized organization when it comes to employees stealing, and more resources like this site are needed to help change that statistic.

Beyond a physician, financial crime victim and blogger, Dr. Elton is also a published author.  Dr. Elton’s book, “How to Steal from a Medical Practice“,  targets assisting fellow practitioners, helping them minimize their risk of becoming a victim to employee theft and embezzlement.

If you are a medical provider who owns, manages or otherwise are responsible for the financial aspects of your practice, regardless of size, specialty or modality, you should bookmark Dr. Elton’s blog, track back regularly, and order a copy of his book.  He provides great advice, doctor to doctor, to minimize your chances of becoming a victim at the hands of one of your employees.

http://www.stealfromdoc.com/

Recently I worked an event at our church where I brought personal things from home to help during the event.  One of the items was a professional apron, one of the good kinds I’d purchased at a chef supply center.  I wear my apron all the time, keeping my clothes clean while also also acting as a wipe rag (for everything).  As planned, I wore my apron, and when finished, kept it with my things (separate from the church’s things) to bring home.  My high-quality utensils were there as well.

Towards the end of the event other volunteers were a bit more eager than I expected with their cleaning, and my personal things were taken from the table.  Once cleaned, they became mixed and ultimately secured away with the church’s things.  Doors locked, I’d have to wait to get my things back.

Although I wasn’t able to access my things to bring them home that day, I also knew nothing should happen to them since they were secured at a church, the one place I thought where nothing would happen to my things.

Well… I still don’t understand why I was surprised to find that when I returned to the church for my personal items, they  were gone.  Why did I think that items of high quality, clearly things the church would likely not spend the funds on, being safeguarded at a church for me, would be any different from being stored anywhere else?  Nothing is sacred anymore, and I should have expected my items to have disappeared (and they did).

I am sure someone working at the church soon after our event came across my items, immediately recognized the items did not belong to the church, and also recognized the items were high quality, things they would benefit from having.  It is likely someone I know, who I will be working with at some future church event, standing side by side with a church going thief hypocrite, making me wonder each and every time.

Just another sad sign of our declining society.

Believe it or not, although at my age I have had much opportunity, I had never watched the Christmas classic “It’s a Wonderful Life” staring Jimmy Stewart until the other night.

Much to my surprise the movie centered around Stewart working at a bank, and $8,000 of missing money.  Customer Potter actually stole the funds, resulting in the loss.  Turning to Potter out of desperation to obtain a loan to make the funds whole, Potter in turn never mentions he stole the funds, and rather calls the prosecutor and authorities to have Stewart arrested for embezzling the funds from the bank.

I won’t share more of the details, as I don’t want to spoil it for anyone who has not seen the movie.  It is a “must see” film.

I just found it interesting that when I took a moment away from the daily fraud grind, and sat down to finally watch this classic, that it involved embezzlement.

Here’s a link to a trailer for the movie via Youtube:

Although banks may have changed their business strategy, and reversed their plans to charge monthly fees for use of a debit card, coupled with at least one posted response citing Mastercard and Visa setting low to no liability limits due to fraudulent activity on a debit card account, my position on debit cards remains unchanged.

Loose them!

You have to experience debit card fraud for yourself personally, or in my case three times, to appreciate that while you may not have ultimate liability for the illegal activity and unlawful withdrawals from your account, you will still be out of your funds and at the mercy of the financial institution to put them back.

If during the time funds were inappropriately taken and the time the bank puts your funds back into your account other bills such as your mortgage and credit cards were due, you may not be able to pay those bills timely, which could have a negative impact on your credit score and history.

In one actual case with a client, the unlawful withdrawal from the company account occurred in February.  They are still waiting for the bank to put their funds back, some nine months later.  They have, however, been told by the bank that they won;t be responsible for the fraudulent activity – lot’s of help that has been without use of their funds for so ling.

It there any reason why you can’t abandon your debit card, return to a traditional credit card, and pay the balance off each month?

Here’s the link to an article:

http://abcnews.go.com/Business/bank-america-drops-plan-debit-card-fee/story?id=14857970

That occurred in February 2011, and he is still waiting for the bank to return his funds.

More and more banks are shifting away from taking the hit from fraudulent activity, moving towards sharing the fraud loss with the customer.  Some banks now refer to fraud as a “shared responsibility” between their financial institution and their customer.  That makes sense, as account holders should have measures in place to minimize their losses from fraud.   However, fraud can still occur even with the best of controls.

In the latest update on debit cards,  Bank of America and other banks recently announced they will begin charging bank debit card users a monthly service fee.  According to news reports, Bank of America plans on charging $5.00 per month for the privilege of using a bank debit card, while other banks are planning on charging lower amounts. (here’s the URL to a good article – http://www.nytimes.com/2011/09/30/business/banks-to-make-customers-pay-debit-card-fee.html).

Bank debit cards are readily targeted and sought by fraudsters as they provide direct access to victims’ funds.  If successful with your account, you, the victimized debit card holder, will be at the mercy of your bank to replenish your funds into your account.

My position on bank debit cards has remained unchanged.  Save yourself the aggravation and now any monthly fees.  Loose your debit card, and return to a classic credit card along with a stand-alone ATM card.

And as always, remain vigilant in monitoring your bank and credit card statements and activity regularly.

In this latest case capturing headlines due to the victim organization being the San Francisco Giants, much can be learned from what little has been publicized about the breaking case thus far.

One particularly interesting detail is that the embezzlement was not known by the organization, nor was it detected by any of the internal controls one would think would be implemented within such an organization.  Rather, as is common in so many cases, the suspect did something outside of their employment that triggered the discovery.  One can more than speculate that had it not been for the suspect triggering her own scheme, the organization may have never learned of her theft (also very common).

In this case a letter written by the suspect supporting a loan application, sent by the potential lender to the employer (Giants) to be validated, is reported to be responsible for identifying the thefts.  For the San Francisco Giants, the drastic change in the lending industry in response to past lending fraud, requiring validation and corroboration of applicant-provided information, may have saved the organization from an even larger loss.

Where were the internal controls?

Who authorizes, processes, reviews, reconciles and records the payroll at this and every organization?  Fraudulent payroll schemes are common and should be easily prevented and/or detected before reaching such large amounts as with this case involving over $1.5 million.  At a minimum, the payroll details of those who have access to payroll should be scrutinized regularly to ensure such a scheme could not occur for long, a recommendation I have been making for twenty-plus years.  This individual is reported to have had an annual salary of $80,000.

Here’s a link to one of the several articles:

http://abclocal.go.com/kgo/story?section=news/iteam&id=8336001