CBS21 News reports that a Maryland executive and a Pennsylvania IT consultant were sentenced to prison for conspiring to defraud a global Fortune 500 company out of US $1.5 million. The executive, who was responsible for reviewing and approving all project invoices, retained the consultant to provide IT services for relocating the company’s data centers. According to the U.S. Attorney’s Office, the IT consultant submitted false invoices for consulting services and equipment that were never provided. After the executive signed and validated the false invoices, the company paid them and the two men shared the proceeds.

Lessons Learned

  • Poor control over contracting. The executive established a noncompetitive contract with the IT consultant, and it can be assumed that the consulting firm’s ability to perform the work — as well as its prior experience — was not validated.
  • Poor control over payment of invoices. Payments were made on invoices without proof of receipt of goods (e.g., a bill of lading or equipment serial numbers) or proof that services were provided (e.g., time sheets with hours worked).
  • Separation of duties. The contracting official also was responsible for certifying the invoices.

Several red flags — including the executive’s lifestyle changes — should have raised suspicion of fraud. Also, payments to the contractor’s shell companies were made to mail drops, and generic services were indicated on the invoices (e.g., senior engineer). The controls around contracting and payments were weak, and it does not appear that anyone was providing independent oversight.

In this case, the data center relocation was not subject to standard procedures and business practices, which posed a high risk for fraud. However, management and internal auditing must always assess the risk for fraud and pay attention to red flags.


Share This Article:    


Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.





To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>


Subscribe_June 2014