control, and governance
DECEIVING DUO DEFRAUDS FORTUNE 500 COMPANY
CBS21 News reports that a Maryland executive and a Pennsylvania IT consultant were sentenced to prison for conspiring to defraud a global Fortune 500 company out of US $1.5 million. The executive, who was responsible for reviewing and approving all project invoices, retained the consultant to provide IT services for relocating the company’s data centers. According to the U.S. Attorney’s Office, the IT consultant submitted false invoices for consulting services and equipment that were never provided. After the executive signed and validated the false invoices, the company paid them and the two men shared the proceeds.
Several red flags — including the executive’s lifestyle changes — should have raised suspicion of fraud. Also, payments to the contractor’s shell companies were made to mail drops, and generic services were indicated on the invoices (e.g., senior engineer). The controls around contracting and payments were weak, and it does not appear that anyone was providing independent oversight.
In this case, the data center relocation was not subject to standard procedures and business practices, which posed a high risk for fraud. However, management and internal auditing must always assess the risk for fraud and pay attention to red flags.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.