The ex-CFO of Enron, oh humbly, asks:
"If the internal and external auditors and lawyers sign off on it, does that make it okay?"
History has shown us that, "that all depends." However, maybe things have changed?
[via HBR]
The ex-CFO of Enron, oh humbly, asks:
"If the internal and external auditors and lawyers sign off on it, does that make it okay?"
History has shown us that, "that all depends." However, maybe things have changed?
[via HBR]
Last week, I took the day off from work and headed down the 101 to sit in on former Crazy Eddie CFO and self-proclaimed criminal Sam E. Antar speaking to Stanford MBA students on, what else, fraud and the criminal mind. Sam is a friend of both JDA and Going Concern and it was excellent to see him recount the Crazy Eddie story to an auditorium of future MBAs.
Ironically, he showed up wearing an SEC baseball cap, which is akin to JDA owning a Federal Reserve hoodie (I do) and didn’t waste a second getting to the point of his visit.
“I’m gonna be the guy that fucks you guys up,” he told the room before beginning the presentation, “I’m a racist and a scum bag but I hate everyone equally.”
I could literally see the audience squirm in response. I already knew Sam was a tad offensive and was counting on getting an extra dose of it; there was no squirming in the media corner.
“Political correctness helps the criminal, not you,” he explained, “It limits your behavior, not the criminal’s.”
Right.
Sam went into auditor standards like the fraud triangle though insisted there is no such thing as rationalization. “Criminals know right from wrong. We don’t plan on failure.”
We even got to see a vintage Crazy Eddie ad spot as Sam’s presentation was spliced with images from the 2006 Court TV episode of Masterminds detailing the Crazy Eddie fraud. That’s for the sections that Sam doesn’t tell you; the details are plentiful in his spiel though don’t let that catch you off guard, he insists he is still just as dangerous as he was before he was caught.
You can get the Crazy Eddie backstory from Sam’s Web site (if you aren’t fortunate enough to be able to play hooky and see him spook Stanford MBA students in person) here, here, and here. If you get the chance, I highly recommend checking him out live (leave your valuables in the car).
And then there’s the video of Sam and Eddie meeting up decades after their fraud was discovered — and Sam gave up his family (and, consequently, himself) — that I recommend you not miss.
So long as there are unqualified auditors being piled into audits they aren’t trained to perform, there will be guys like Sam E. Antar figuring out a way to distract, deter, and delude them, no matter what it takes. For Crazy Eddie, it didn’t take much. What’s to say things have changed?
Sam Antar Photograph by Buck Ennis for Crain’s New York Business and Investment News.
Yesterday I sat in a session at the ACFE Fraud Conference and Exhibit entitled “Effectively Using Social Networks and Social Media in Fraud Examinations” with a few hundred [?] fraudbusters and I got the impression that few people in the room were social media savvy (in the stalk-y sense, anyway). I came to this conclusion after watching most of the hands in the room go up when asked “who thinks social media is a waste of time?” and saw nearly same amount of hands raised when asked “do you have some sort of social network presence?”
Cynthia Hetherington, President of Hetherington Group, described herself as “[A] librarian, a technologist and licensed private investigator. So, I’m a nerd, I’m a geek and I’m a dick,” was the speaker for this particular session and a lot of her talk introduced the crowd to the idea of stalking people on the Internet. She knew her crowd well, as a joke about Laverne & Shirley’s apartment got plenty of laughs, while a quip about Snooki got crickets. This reinforced my suspicion that the idea that of curating information about financial crooks using Facebook and Twitter was new to many in the room.
Now, the majority of people listening may have known it was possible to find partially-nude pics on someone’s Facebook profile or Twitter account (which she demonstrated in one non-Anthony Weiner example) but maybe they hadn’t considered that they could learn a lot of other useful information about someone they were investigating.
In short, Ms. Herrington explained to the biz casual crowd that you can find out a lot of information about a person just by poking around their social media accounts. Whether it’s Facebook, Twitter, or LinkedIn, you can learn someone’s likes, dislikes, their political leanings, where they’ve lived, who their friends are, etc. and use that information to build a profile, analyze behavior or in some cases, find out where someone maybe hiding.
What does all this mean? Opportunity my friends. If you fancy yourself social media and Internet savvy, you probably have a leg up on many of the vets in the fraud and forensics business when it comes to poking around the Web and finding information on people of interest to you. Sure you may not have their years of investigative expertise, extensive contacts or an aging wardrobe but you may have successfully Web-stalked ex-significant others, crushes and completely random people to learn things that they’ve volunteered into cyberspace. And here you thought your creepy behavior was completely worthless.
In the spirit of O.J. Simpson, Tracy Coenen explains today, that if Sue Sachdeva stole $31 million and spent most of it on some high-end threads and then sold the crap she didn’t want, it would’ve been a snap.
We’re not talking Enron type stuff here, just making off with cash:
All it takes are three steps to make this fraud nearly undetectable in a company in which the other members of the executive team aren’t paying attention. (And don’t worry, dear readers, that I may be giving away any secrets to committing fraud and covering it up. Any serious fraudster already knows these three things.)
1. Keep the fraud off the balance sheet.
2. Keep all transactions below the scope of testing by the auditors.
3. Don’t commit fraud during the last month of the fiscal year and the first month of the following fiscal year.
Can it really be this simple?
Here’s the quick and dirty:
Point 1 – Tracy notes that 80% of audit procedures focus on the balance sheet so if Suze was slamming all the bogus transactions amongst 4 or 5 income statement expense lines, no one would get wise to it.
Point 2 – If she did it, Suze probably knew what GT’s scope was (it’s supposed to be super-secret). She could plan the amount of her transactions to fall under this scope every time.
Point 3 – Auditors probably spent most of their time looking at bank statements for the last month of the fiscal year and the first month of the subsequent fiscal year. The rest of them don’t get much attention.
So there you have it. Throw in the incestuous management team, auditors that may be trying to get on each other and you’ve got a slam dunk.
UPDATE 7:38 pm: We got to wondering if Tracy’s statement “Any serious fraudster already knows these three things” were true, so we asked one. Crazy Eddie CFO, Sam Antar indulged us:
[Tracy] is correct. The fraudster always has the initiative because they are judgment oriented in their approach to crime, while auditors are process oriented in their approach to audits. In other words, fraudsters know how to think out of the box to solve problems and achieve their goals, while auditors rely too much on process and procedure to accomplish their missions. In the criminal’s world, judgment is more powerful than process.
We’ll leave it there (that’s right CNN).
Koss Corp.: Commit the fraud and cover it up [Fraud Files Blog]