Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​The CFO Check Scam

A routine internal audit uncovers a $1 million fraud carried out by the company’s former chief financial officer.

Comments Views

​Assigned to what appeared to be a routine audit, internal auditors Juan Morales and Jim Burton were sent to the Ottawa office of Smith Construction Inc. (SCI), an engineering and construction subsidiary whose parent company, U.S. Constructors Inc. (USCI), was headquartered in New Jersey. SCI made most of its profits from manufacturing boilers and associated products for electric power generation plants and oil and gas refineries.

Generating approximately $200 million in annual sales, SCI was in good standing with USCI. However, it began to struggle when senior management at USCI started implementing highly aggressive sales targets. Once sales numbers could not keep up with anticipated goals, SCI began to spiral toward disaster.

SCI was faced with significant charges against earnings based on poor business decisions that led to several cutbacks and layoffs at the Canadian operations. Employees responsible for managing the vendor master file — a list of all the company's suppliers — were laid off as a cost-cutting measure and the accounting department was reduced from seven to four people. The aggressive layoffs inevitably led to a potential lack of segregation of duties. A task or process previously performed and reviewed by several people became the responsibility of one individual. In many cases, the responsibility fell to the company's chief financial officer (CFO), Paul Fournier.

After a few more significant charges against earnings, senior management terminated Fournier and the business unit CEO. Per company policy, every time a high-level employee left the company, internal auditors were assigned to check the critical general ledger accounts, including cash. Burton's position was his first audit job after working in the accounting field for just under one year. Du​e to his lack of experience, Morales, his supervisor, assigned him to look over the company's liability accounts, which included accounts payable and accruals, as it was considered the most routine part of internal auditing.

Reviewing the details of the company's liabilities requires a simple, step-by-step process that even an inexperienced auditor could perform. By following each step of standard internal audit procedures, Burton was able to uncover an enormous fluctuation in liabilities. He noticed that around $30,000 was being made payable every month to a law firm in Boston. He mentioned this to Morales and the two decided to look into it further. An engineering and construction company making regular payments in significant amounts to a law firm outside of the country was suspicious.

Lessons Learned

  • Segregation of duties is crucial for every company and is the easiest way to prevent fraud from occurring. Even when faced with major cutbacks, it is important to make sure duties within the accounting department are performed and reviewed by different personnel. This internal control separates key processes to make fraud more difficult to attempt.
  • Companies should always keep an updated vendor master file. The process of updating it should go through several employees to ensure accuracy and prevent fraudulent payments to fictitious vendors. Employees responsible for issuing payments should never be able to modify the vendor master file.
  • Employing internal audit after a high-level employee leaves the company is a good practice and should be the case for all companies. A post-departure audit review helps companies catch fraud that may have otherwise gone completely undetected and prevent new hires from getting involved in the actions of the previous employee in their position.
  • A strong and trusted audit program with clearly documented procedures can help even a rookie auditor discover fraud. Though this will not guarantee that a fraud will be detected, even if procedures are followed with due care, internal auditors can be a deterrent for employees looking to commit fraud.

They discovered that the law firm specialized in international trade issues related to the North American Free Trade Agreement (NAFTA), but it had been several years since the company required legal expertise related to NAFTA issues. This fact prompted them to look into the situation even further. Morales contacted the law firm and asked to speak to the accounting manager, who revealed that SCI had not been an active client for four years and there was no record of the company in their accounts receivables records. Burton also found a check made out for $12,000 to the law firm that had not been cashed for two months, which created more suspicion.

Because the review had occurred before any sort of electronic records existed, Burton and Morales had to retrieve physical canceled checks from boxes in the record storage area of the basement to see who had endorsed them. They found most checks were signed "for deposit only" and written by hand instead of stamped with the company's name. After hours of going through boxes, they found a check endorsed with Fournier's signature. When they pulled the vendor master file, they realized that check payments to the law firm were being sent to an address in Canada, not the U.S.

After the layoffs, Fournier became the only one in charge of the vendor master file and was able to change data with no other type of review. This allowed Fournier to manipulate the information on the vendor master file on his own, without co-workers noticing. He changed the firm's address to one in Canada so he would be able to cash the checks on his own behalf. He copied and pasted data from legitimate invoices from the law firm, presented them for payment, noted them in the accounting records, and filed them.

Realizing this case could require third-party expertise, Morales and Burton called the CAE and controller at USCI to recommend a forensic investigation. The forensic investigators recreated all of the accounting books to reveal what they should look like and exactly how much was missing. Ultimately, this effort revealed a total of $1.1 million in checks from the U.S. cashed in Canada over three years. Morales and Burton remained on site assisting with procedures such as cash reconciliation and overhead analysis.

Based on recommendations from USCI's general counsel and outside counsel, Fournier was issued a Form 1099 that recorded the $1.1 million he had stolen from the Canadian subsidiary and notified the U.S. Internal Revenue Service of his compensation received through the fraud. Fournier was eventually convicted of the fraud and sentenced to a U.S. federal prison for 18 months.

John Ney
Jessica Smith
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Authors



John NeyJohn Ney<p>John Ney, CPA, is senior manager of compliance at L3Technologies in Rockwall, Texas.​</p>



Jessica SmithJessica Smith<p>Jessica Smith is an accounting major at Nichols College in Dudley, Mass.​</p>


Comment on this article

comments powered by Disqus
  • AuditBoard_Pandemic_May 2020_Premium 1_
  • Galvanize_May 2020_Premium 2
  • IIA CERT-Online Proctering_May 2020_Premium 3