By: Michael McCartney, President, DIGITS LLC & Thomas Devereaux, CPA, CFE, Tronconi Segarra and Associates, CPA

What do you do when you suspect one of your employees may be violating the biggest trust given them within your organization - embezzling money.   It is a problem that faces every organization, public or private.  With the economic crisis at a feverish pitch, desperate times can lead to desperate measures by even the most ethical and law abiding employees.  Computer Forensics can add a critical tool in fighting fraud.

According to the Report to the Nation 2010 by the Association of Certified Fraud Examiners[1], Occupational fraud losses are estimated to be at 5% of annual revenues.  When applied to the World Gross Product, that translates to approximately $2.9 Trillion per year.  In addition, the median loss to occupational fraud was $160,000 with about one quarter of those surveyed losing over $1 million.  Most troubling is the fact that most occupational fraud continues for years before they are detected.  On average, the fraud lasted 18 months from the time it began until it was detected by the victim organization.

A twenty-year employee who works in the finance department of XYZ Corp is responsible for processing all vendor payments.  Over the last couple of years, the company has seen a slight loss in net income even though sales have steadily increased year over year.  This employee has not taken a vacation in over 3 years and is going through a very bitter divorce.  A routine external audit does not specifically identify any potential wrong doing.

Through a random computer forensic examination of the employee's computer, critical electronic evidence is discovered that reveals the scheme.  Numerous deleted and windows temporary files are recovered showing thousands of phony invoices being prepared in the name of existing vendors as well as a ghost vendor established by the employee.  These fake invoices were paid by XYZ Corp even though there were no supporting documents to substantiate the invoices.  The investigation also determined that these checks were being cashed at a different bank than those used by the existing vendors.  The forensic examination also shows that the employee is accessing his ghost vendor bank account over the internet from his corporate laptop.  After presenting this forensic evidence to the auditors and with the assistance of outside investigators, the scheme unravels and the employee confesses to the fraud. 

The case highlights the power of using computer forensics in conjunction with internal and/or external audit committees to completely examine the records of potential fraud.