This week in the UK, Joyce De-Laurey was found guilty of stealing £4.4M from Goldman Sachs.
It transpires that the former secretary accumulated her “nest egg”, over a period of 14 months, by forging the signatures of two senior members of Sachs on cheques and wire transfers.
The money was used to finance a lavish lifestyle enabling her to purchase, amongst others, a villa in Cyprus for £750K, £56K of Cartier “goodies” and £20K of items from Harrods.
I have had many years international experience running internal audit departments, and investigating frauds (see resume); and am constantly surprised as to how lax some companies’ cheque authorisation procedures are.
It seems an opportune moment to remind those in business of some of the basic controls that should be in place, in order to minimise the risk of fraudulent payments (note this list is not exhaustive):
- There should be a hierarchy of cheque signatories. The larger the amount, the more senior the level required to sign.
- Cheques over a certain predetermined limit should have at least two signatures.
- Cheques should never be drawn without a cheque requisition being signed by a responsible official, who does not sign the cheque.
- Cheque requisitions should be supported by documentary evidence, eg invoice/purchase order.
- Transaction summaries of cheque payments should be routinely reviewed by internal audit.
- Transactions over and above a predefined norm should be checked by internal audit.
- An up to date cheque signatory list should be maintained, showing limit/authorities etc.
- The bank should be encouraged to proactively query suspicious transactions.
- Bank reconciliations should be performed regularly, and be up to date.
- All directors’/senior managers’ personal accounts should be thoroughly reviewed by internal audit on a regular basis.
- Finally, and this really ought to have rung alarm bells at Goldman Sachs, where an employee starts to display ostentatious signs of new found wealth; identify the source of this wealth.
As you can see, the above points are not rocket science. However, I would bet good money that many companies, not just the hapless Goldman Sachs, may not have all of these procedures in place.