The Best of Creative Computing Volume 1 (published 1976)
Embezzler's Guide to the Computer (computerized embezzlement)
Embezzler's Guide to the Computer
by Brandt Allen
University of Virginia
Computerized embezzlement may be the best game in town. It doesn't really matter
whether the target organization is profit-oriented, governmental, or a not-for
profit group. It does help the potential embezzler, however, if he is in a
position of responsibility and is a "trusted" employee. He needs a basic
knowledge of accounting, record-keeping, and financial statements, but he
doesn't have to be a computer expert. Computer technology tends to confound
auditors and managers themselves so much that they are rarely in a position to
detect or prevent the embezzlement. Embezzlement is far less risky than ordinary
theft, and far more rewarding. An added attraction for the embezzler is the fact
that even if he should get caught, he probably wouldn't even have to go to jail.
In a large percentage of cases, embezzlers aren't prosecuted because a concept
dating back to English common law makes embezzlement a crime against an entity
and not an
individual.
Embezzlers shouldn't count on being caught though. The prognosis for successful
computer-based crime is good. Virtually all of the traditional peculation
opportunities of the past may be run through the computer, and a host of
exciting new schemes is possible as well. The best embezzlement schemes have to
be well executed to work, but the ideas are simple.
For any employee who really wants to practice this lucrative game, the best
place to start is probably with a disbursements fraud. Historically, this kind
of crime has accounted for more embezzlement losses than all others. The
approach is really quite simple: an organization is forced into paying for goods
and services that it did not receive, and payment for them is made to a bogus
company. Anyone who wants to successfully accomplish this kind of fraud can do
so by carefully studying his company's procedures for account-keeping,
purchasing, and receiving. Vouchers and invoices have to be falsified, but for
an employee in accounting or data processing, sometimes it is as simple as
punching a few cards and entering them as if they were legitimate into a batch
of transactions. Second-generation computer systems make this job more difficult
because computer files of open purchase orders and merchandise receipts would
not correspond to the various duplicate files maintained elsewhere, but this
kind of danger can be minimized by stealing from inventory accounts with high
activity and high value from which a certain amount of loss is "expected" by
companies. If any one account isn't "hit" too hard, a company will probably
tolerate the loss before it triggers a thorough investigation. Managerial style
is often the key as to who gets robbed and who doesn't. Potential embezzlers
should stay away from "detail men" and pick on the accounts managed by people
who do not or cannot pore over financial statements, analyze the operating
variances, and scrutinize the purchases, prices, terms, and inventory levels.
Since all embezzlement efforts are conducted through accounting systems with a
number of tests and controls, a little homework in studying the company's
computer operations and controls can allay any
of the dangers they might hold.
Inventories themselves can be a source of revenue to the embezzler, and it is
often easier to convert goods to cash than it is fraudulent checks. Computerized
inventories lend themselves to penetration for two basic reasons: they account
for a large amount of material, and the controls on access systems are usually
lax. One outstanding example of the possibilities of inventory theft via
computer is the railroad company which lost 200 boxcars when an employee altered
input data in the company's rolling stock to reflect that the cars were either
scrapped or wrecked, when they were actually shipped to another company's yards.
Still another fruitful area for the embezzler is the manipulation of shipments,
sales, and billing procedures. A company can be confused into shipping a product
to a customer without sending a bill, or shipping something and billing it at
the wrong price. Improper credits or adjustments on returned or damaged
merchandise can be granted. Sales commissions, allowances, and discounts on
merchandise can be manipulated. The computer makes it easy to alter shipping
documents because in many computerized order-entry systems the sales record is
maintained on file and is normally not updated until the order is shipped. Sales
order records can be altered after the shipment has been made, but before the
billing processes are started.
Payroll processing functions in large organizations offer a ready source of
funds to embezzlers who understand how they operate; and employees in data
processing, payroll, and programming are in ideal positions to make their
schemes work. They can alter input data to pad the payroll with extra hours for
themselves and others, but this is often a risky business. Simpler, and more
lucrative are the schemes of creating fictitious personnel or increasing by
small amounts the money withheld from employees' checks for income taxes and
other purposes. Funds can often be embezzled from money destined for the payment
of pensions, employment benefits, and annuities by keeping a dead beneficiary on
file, and having his address changed to the embezzler's own.
Any of the schemes described could be perpetrated without the aid of the
computer, but the computer actually
makes them a lot easier to enforce successfully. The computer accepts all input
as the truth. Access to computer records is often easier than to manual records,
and an embezzler's visibility when committing the crime is a lot less. And, if a
foul-up should happen to occur, people are always ready to make the computer the
scape-goat.
*This article is condensed from one of the same title which
appeared in Harvard Business Review, Jul-Aug 1975.
