DynamicAccounting.net

We talked last week about Tom Girardi, his pop star-wannabe wife, and skinny dipping into the law firm’s trust fund to pay expenses. This ultimately led to the collapse of Girardi Keese. But while all that was going on, it is alleged that the CFO of Girardi Keese, Christopher Kamon, was running his own side fraud at the law firm.

Kamon was creative enough to use a variety of frauds at Girardi Keese. It is alleged that Kamon created and paid false vendors (co-conspirators) and received millions in kickbacks from them. He is believed to have paid legitimate vendors with Girardi funds to perform renovations to his personal residence, purchase expensive sports cars, and travel the world. Finally, Kamon appears to have misused at least one company credit card for personal items.

Kamon would also transfer money from the firm trust fund to operating accounts at Girardi’s request as part of a separate scheme. Consequently, Kamon’s stolen money came from both firm and client funds.

And then there was the “escort” as she’s referred to in the indictment. There’s often a salacious side to frauds like this. Meet Nicole Rokita:

“According to Rokita, she met Ramon around 2017 through an online dating website, seekingarrangements.com, which connects affluent, older men with younger women.”

Rokita wanted a sugar daddy and she found one in Kamon. He bought her clothes, jewelry, an even a Tesla. He took her on trips around the world and paid her an allowance of $20k a month. He even managed to get her added to the firm’s health insurance. Kamon directed Rokita to form a company and Girardi Keese paid that company with the payments coded as “legal marketing”. Girardi Keese paid Rokita as much as $360k for her “work”.

Rokita is important to this story because she gives us a possible glimpse into why Kamon did it. We talked last week that Tom Girardi was the only partner. He controlled the firm. When Rokita and Kamon were together, Kamon put everything on his corporate American Express card. “According to Rokita, when asked how KAMON could charge extensive personal expenses on GK’s AMEX, KAMON claimed that because he could not be a partner at GK, but did so much work for the firm, Girardi allowed him to use the GK AMEX on personal expenses.”

Aha! We have a motive! It is the classic case of feeling underappreciated and therefore under-compensated. It’s the feeling that “If I’m not going to be paid what I’m worth, I’ll take what I’m worth!”. Kamon knew he couldn’t be a partner so figured out how to compensate himself like a partner. Ultimately Kamon is accused of taking as much as $10 million via his multiple schemes.

We’ve talked about tone at the top before. We’ve talked about fraud at the top before. It’s the most expensive type of fraud by a large margin. I’m not sure how corrupt you have to be to have fraud within a fraud in what appears to be an otherwise legitimate and successful firm.

Tom Girardi was a pillar of California law. Girardi won the case that inspired the movie “Erin Brokovich”. His firm, Girardi Keese, dealt primarily in toxic torts. These included cases like tainted water, plane crashes, cancer from hormone therapies, etc. Toxic torts can be big, complicated, and hard to win. If Girardi Keese won, their clients could get a huge payout, and the firm would get as much as 40% of the total. Tom Girardi was the only partner.

However, these are contingency cases. Girardi Keese might put out a large amount of money in expenses for experts, testing, etc., and wait years for a win. If they lost, they would get nothing and be stuck with the expenses.

Tom Girardi was a law celebrity. He was picked by California Governor Gavin Newsom to be part of a panel tasked with filling state judgeships. He had a trophy wife, a wannabe pop singer named Erika Jayne. The two of them appeared on Bravo’s Real Housewives of Beverly Hills. There were a pair of ex-wives as well. By all accounts, Girardi was also rich. He had a Pasadena estate, exotic cars, you know, the works. At one point, divorce filings revealed his income to be around $263,000 a month.

It’s easy to pick on the trophy wife, so we’ll do that for a minute. Erika Jane was by her own admission expensive. She waited tables in the bar of a restaurant that Giardi co-owned and that’s where she met Tom. In her memoir, Pretty Mess, Erika wrote, “There was nothing more I could buy”. So she decided to be a pop star, with some success. She even had a song and video named ‘XXpen$ive’. Just a note, these aren’t work friendly. You’re on your own if you click those links. It’s also apparently expensive to try to become a pop star. But just as Erika decided to hang up her risque videos, Real Houswives came calling and she had to keep up.

In addition to an expensive wife, Tom Girardi had also been borrowing money. Large contingency cases can take time and cost a lot. As his finances deteriorated, Girardi borrowed from firms that would fund lawsuits, at interest rates as high as 20%. That’s not exactly mafia rates, but it is credit card level. Girardi is also accused of pledging the same collateral to multiple lenders. Finally, there are allegations that loan funds were going to Erika Jayne’s career.

Somewhere along the way, it all went wrong. It’s clear that money is missing, as much as $100 million. It’s also clear that as much as $10 million was stolen in a separate but related fraud we will cover next week. (This story keeps on giving.) Tom may have overspent on his trophy wife and his lifestyle during a period when he was not winning enough cases. It could be as simple as that, too much going out and not enough coming in. Still, it seems clear that Girardi did one of the few things that will bring scorn, even from other lawyers, he moved money from his trust account to his operating account. When he did that, he stole funds set aside to pay plaintiffs.

The first public hiccup came in 2014 when about two dozen women filed suit alleging their payout from a cancer lawsuit did not match up. Girardi borrowed money and settled the lawsuit. The debt suits kept piling up and they were publicity nightmares. Orphaned Indonesian children in a settlement with Boeing over an airplane crash didn’t get their money. There was a worker with burns over 50% of his body from a pipeline explosion. He didn’t get his money. Girardi’s second wife even showed back up wondering why her $10k a month payments had stopped.

Ultimately, Girardi was forced to admit he was broke. The money was gone. Effectively Girardi Reese had morphed into a Ponzi scheme. Once money left the trust account, old cases were paid with new money and borrowed money. There is no way to fix that cycle without putting money back in.

My wife used to be a title agent. The firm she worked for handled the cash and conducted real estate closings. They also had a trust account that worked the same way. It doesn’t take many pending house sales in the $200k-400k range to carry a couple of million dollars in a trust account, and that’s for a small firm. Girardi was big. The trust account had to have been a tempting target, but stealing from Indonesian children orphaned in a plane crash is next-level bad.

Where were the accountants in this you ask? Why didn’t Girardi Reese’s CFO raise the red flag or publicly quit in protest when money moved from the trust account to an operating account? Tune in next week to find out.

Sometimes, if something illegal becomes popular enough, it becomes legal. Alcohol was illegal during prohibition. One could argue its prevalence led to making it legal again. Uber (paid ridesharing without a taxi license) was also illegal until it became so popular that cities eventually had to make it legal. Marijuana seems to be headed that way. Maybe that’s what Greensill was going for here, but they never got there.

Greensill Capital was a leader in supply chain finance. They would factor accounts receivable, paying the company at a discount and collecting the full amount from the customer. Greensill then repackaged these receivables into notes, some of which were insured by credit insurers. Then it would sell the notes, often to Credit Suisse. Factoring receivables is extremely common in certain industries. There’s nothing special or illegal here, yet.

At some point, Greensill’s lending took a left turn. One of Greensill’s clients, Bluestone, digs up metallurgical coal which is used to make steel. Bluestone wanted to get paid faster so it reached an agreement with Greensill for up to $785 million in receivables financing. (A separate smaller agreement brought the total to $850 million.)

If Bluestone had $15 million in new receivables, Greensill would buy it for say $14.9 million and eventually collect the $15 million from the customer. Greensill did some of that, but it also created a new form called Future Receivables or prospective receivables. In traditional factoring, you can only buy receivables that exist. Greensill was looking to lend on receivables that didn’t yet exist, sometimes from customers that weren’t yet customers. As Matt Levine described it:

“Greensill basically gave Bluestone a payday loan for a job Bluestone hadn’t yet applied for. “

This started as lending ahead of receivables, something like “How much do you think Customer A will buy next quarter? $10 million, we’ll lend on that now.” This is lending against an estimated future receivable for an actual customer. It then moved into lending on non-receivables from non-customers. Essentially Greensill would say, “Is Company X a customer? No? Well if they were a customer, how much would they spend? $20 million, great, we’ll loan $20 million based on that.” The not-yet-a-customer was called an Account Debtor.

If you take out a loan, someone expects it to be paid back. With factoring, the customer pays back a loan by paying their bill. The receivable is collateral, a claim against future cash. But if you make up a receivable for someone who isn’t a customer, there’s no cash to pay the loan. It’s just an unsecured loan. As a result, Bluestone had to keep rolling over these loans and paying interest.

At some point, Greensill needed to pay on those Credit Suisse notes and went to Bluestone for more cash. Bluestone argued that this was really long-term financing and they had a reasonable expectation that they could continue to roll over their loans without paying additional cash. Bluestone had no idea Greeensill was selling notes.

The fraud here really goes against Credit Suisse. They thought they were buying short-term loans secured by receivables from a large, operating, entity. In reality, Greensill sold them long-term unsecured loans with no plan for payback except hope for future payment. Hope is not a strategy.

Bluestone isn’t off the hook here either. They allege that both they and Greensill knew that this was long-term financing, yet Bluestone carried it on its books as short-term receivables. After the mess came out, Grant Thorton was hired to get to the bottom of it. Again, Matt Levine makes this real:

I do not envy Grant Thornton. Their job right now is pretty much going around to companies, presenting them with invoices, and getting laughed out of the room: “That’s not our invoice, we’ve never even heard of Liberty Commodities or Greensill, get outta here.” And then they go back to Greensill with their findings and get laughed out of the room again: “Of course it’s not their invoice, they were just a potential customer, how could you be so naive?” And then Grant Thornton has to tentatively ask, “Well, okay, but then who is going to pay this invoice?” And then there is a long awkward silence.

Credit Suisse could be on the hook for as much as $10 billion.

There are messy side stories here including conflicts of interest between Greensill and steel companies, Greensill’s connections to the British government, and the fact that the majority owner of Bluestone is Jim Justice. At the time of this story, Justice was the governor of West Virginia. But frauds are often messy. We’re all for new financial products and creative financing options, but not if they are deceptive.

We’re back to a fraud at the top, but again with a couple of twists.

Swisher Hygiene was a sanitation company. They sold cleaning supplies and chemicals for restaurants and other businesses. Essentially a lot of kitchen and bathroom cleaning. In 2010 the company went public on the Toronto Stock Exchange via a reverse takeover.

Almost immediately, Swisher’s CFO Michael Kipp engaged in a scheme to smooth earnings. Commonly called Cookie Jar Accounting or Cookie Jar Reserves, this scheme seeks to manipulate earnings to meet a specific target like net income or EPS. It is often used to smooth earnings and consistently meet earning requirements. In a typical scheme companies pad reserves in good years and deplete them in down years to present a smoother earnings line.

The problem with Cookie Jar Accounting is there can be a fine line between a legitimate adjustment of reserves and fraud. Reserves typically require some form of judgment which is why they are ripe for manipulation. It is not uncommon to see companies fined by the SEC for violations related to reserves without those violations resulting in fraud charges.

Assisting Kipp was Joanne Viard, a CPA and the Director of External Reporting. Kipp was also in line for an $88k bonus if the company hit earnings targets. So far, this sounds like straightforward financial statement fraud. The financial statements are alleged to have been manipulated by as much as $96 million over several years.

The first unusual piece here is how they got caught. Swisher’s Controller pushed back on a suspicious request. From the Justice Department’s report:

“The accounting fraud scheme began to unravel when Swisher’s then Controller pushed back on making a fraudulent entry during the year-end close. The Controller wrote in an email, “I’ll run it by BDO [Swisher’s auditors] so we’re on the same page,” to which Defendant Kipp responded, “You’ll run it by me since I’m the chief accounting officer. I’m out of patience with this.” Later, Kipp fired the Controller for his persistent refusal to book the fraudulent entry. Swisher’s Audit Committee learned of the Controller’s allegations and promptly commissioned an independent internal investigation.”

Pushback like this that leads to identifying fraud is pretty unusual.

The second unusual piece is that I was doing some ERP consulting there at the time the fraud was identified. We were pretty deep in the weeds so it wasn’t clear at first what was going on. Imagine the largest conference room in your organization stuffed with accountants and auditors all billing at the highest hourly rate you’ve ever seen. They are there before you arrive in the morning and still there when you leave at night. Fraud is expensive, and the clean-up after fraud is expensive as well.

I saw some pretty messy parts at Swisher around bank reconciliation and some fixed asset policies, but we were focused on fixing processes, not reserve accounting.

Ultimately Kipp and Viard pled guilty and the US assets of Swisher Hygiene were sold to competitor Ecolab.

Per the Association of Certified Fraud Examiner’s annual report, having an option for whistle-blowing, a hotline, website, something is the number one way fraud is ultimately caught. We saw this with the $8 million fraud at ING and All the Queen’s horses. It was ultimately a big piece of Enron’s unraveling as well. At Swisher, we had fraud at the top and collusion. That’s enough clout to bypass a lot of controls, but someone still took their fiduciary responsibility seriously and did their job.

That is always the hard part about fraud at the top. If you see it, expect to lose your job, either because your report it, or because the fraud ultimately brings down the company. There is a pretty good argument that if you think you see fraud at the top, go get another job.

Part of a control environment in any operation with easily moved goods is loss prevention. Amazon warehouses are full of things people want and Amazon has loss prevention roles in the company. From August 2020 to March 2022 Kayricka Wortham was an Operations Manager at an Amazon warehouse in Smyrna, Georgia. In her position, Wortham could approve new vendors and approve vendor payments.

Demetrius Hines was a Loss Prevention Multi-Site Lead at Amazon. He also worked at the Smyrna warehouse and at other company sites. In his position, Hines was:

“responsible for preventing loss, monitoring security risks, and protecting people, products, and information at Amazon.”

Wortham led this scheme and would provide fraudulent vendor setup information to her subordinates and then approve the vendor setup. She and others, including Hines, submitted fake invoices to for payment by Amazon in amounts exceeding $10 million. They received payments totaling $9.4 million.

Hines was a roadblock and Wortham overcame this roadblock by recruiting him into the scheme. The typical wisdom is that collusion is really hard to find and stop. This is a great example of why. A key control, Hines, was coopted into the scheme. But they were still caught.

There were also red flags, primarily people living beyond their means.. Wortham was driving a $200k+ Lamborghini Urus and Hines had multiple cars, a $70k Rolex and diamond jewelry. Also an ops manager might have setup info about the occasional vendor, but it seems like this was a large number of vendors.

There are a couple of interesting pieces in here. First, $10 million is a lot to steal in 18 months. Kevin Lee Co stole $4.8 million over 7 years from Holt. Nathan Mueller stole $8 million in 4 years. $10 million in 18 months is a lot.

Second there is no information across multiple articles on how the fraudsters were caught, just boilerplate language about the Secret Service being involved. I’m speculating that a $10 million expense increase over 18 months triggered a deeper look and ultimately a criminal investigation.

How do you catch fraud like this? Collusion was involved to override preventive controls so it gets harder and we many need to fall back on detective controls and analytics. For example, budget analysis, trend analysis, Benford analysis on invoice/payment amounts, and anomaly detection could all be part of the process.

Public and Private firms aren’t the only organizations with control problems. Government has problems too. The Transportation and Security Organization’s last audit was 2016 and there were issues. The issues identified were pretty common and a lot of businesses have them too.

KPMG performed a financial statement audit and an audit of select general IT controls (GITC). What did they find?

• A number of items related to control of assets including assets not listed, missing asset IDs, etc.
• Ineffective controls over the AR estimates.
• Control issues related to HR & Payroll, especially around various approvals.
• Journal entry approval problems with the year end suspense clearing.
• Strong passwords were not consistently enforced.
• Access Certification was not performed annually as required.
• System access was not timely removed for terminated and/or separated personnel.

This is pretty typical stuff. Access Certification in particular is often done via Excel and email and it’s a miserable process. Fixing this with a certification tool is actually pretty easy. System access not removed in a timely manner is another very common problem. Access Certification serves as a backstop for this, but a good identity governance application solves this in a preventative way.

We’re back to fraud at the top this week, but this one is a little different, also $18 million is a lot of money. Norman D’Souza was the CFO of crib and baby furniture company Munire’ Furniture. Munire’s was facing a difficult economic period and they needed to borrow money. The company’s financials weren’t conducive to a borrowing a large amount so D’Souza just made up some numbers inflating sales and accounts receivable. This led to a $17 million bank loan.

This is straightforward bank fraud and I’ll note that bank fraud carries a sentence of up to 30 years in federal prison. Oops.

Around the same time, Munire’ approached the municipality of Gas City, Indiana about a $1 million loan to help build a factory there. D’Souza doubled down here and provided fraudulent financial statements for that loan.

The $18 million in loans wasn’t enough and Munire’ ultimately filed for bankruptcy and defaulted on the loans. At the time of bankruptcy the bank loan had an outstanding balance of $16.99 million.

What’s different here is that there is no indication that D’Souza benefited personally from this fraud, beyond continuing to get a paycheck. Not all frauds are complex. This one is pretty straightforward, lie to the bank, don’t pay back their money.

The lesson is here that loan fraud is still fraud and providing fraudulent financial statements is still fraud, even for a private companies.

We’ve previously seen ghost cattle and real horses. We’ve seen fraud at the top. We’ve seen fraudulent coders and controllers. We’ve seen fraud in the middle of organizations. So far though, much of it has come through various accounting departments and personnel. For this post, let’s look at IT fraud.

James Gladden started in IT at the Alberta Motor Association in 2008. Think of this as Alberta’s version of AAA. By 2013, James had been promoted to VP of IT. Over three and half years, from early 2013 to mid-2016, James managed to steal about Can$8 million by submitting fraudulent invoices.

As VP of IT, Gladden had approval authority for IT-related invoices. He pled guilty to fabricating or falsifying 55 invoices. Gladden used a couple of methods for his scheme. He submitted genuine invoices for work done for the benefit of his personal company, Sprockit Apps Inc. In other cases, Gladden fabricated invoices. One example was a $500k invoice paid to a company called Datavox. The payment was allegedly for phone hardware. In fact, Datavox did no work for AMA.

None of the articles I could find explained why he did it, beyond simple greed. But we do know he bought a lot of stuff. Those purchases included luxury watches, two Porsches, a BMW, a Maserati, a 2014 Yamaha boat, a home in southwest Edmonton, and a $500k home in Scottsdale, Ariz.

We also know how he was caught. Gladden was allowed to spend some time working from home in August 2015 because of a leg injury. He was slow to recover and he remained out of the office for months, regularly failing to show up for meetings. In 2016 he was asked to go on disability and refused. He was later forced onto disability and his replacement found the fraudulent invoices. This is similar to what we saw with the Queen of Horses where an extended vacation surfaced her fraud.

AMA has said that they’ve improved their controls after this. Certainly, better capital budgeting controls would have helped. Improved vendor and invoice management would have helped prevent this as well. An audit should have surfaced a false invoice like the Datavox one. Finally, we come back to a fraudster again visibly living beyond their means.

If you stole $4.8 million, how much would you spend playing the freemium mobile phone game, Game of War? For Kevin Lee Co, that answer was $1 million.

From 2008 to 2015, Kevin was the controller for Holt, the northern California dealer for Caterpillar heavy equipment. Kevin managed the accounting department and oversaw the company’s commercial credit accounts. Co abused that authority to conduct hundreds of unauthorized credit card transactions on the company’s account, to manipulate and falsify records regarding the credit account, and to mislead the bank that held the credit account when it made inquiries to Co about suspicious transactions.

This fraud has always been short on details. The focus is always on how the money was spent. For this post, I managed to dig up the plea bargain with more detail.

In short, this was pretty common corporate card fraud on a grand scale. Kevin was responsible for managing Holt’s purchasing card (p-card) program. He would issue cards, review statements, approve invoices, and was also a cardholder. Kevin hid his transactions by coding them inappropriately throughout the ledger.

Holt’s bank, Bank of the West, identified suspicious activity on at least three occasions. Each time the bank called Kevin Co and was reassured that the charges were appropriate.

Like our last fraud, Kevin’s got more sophisticated over time. At first, he simply bought personal items on his p-card and hid the expense. Over time he enlisted a co-conspirator, identified as co-conspirator A, a luxury auto dealer, to use his p-card and the p-cards of two former employees to purchase luxury cars and to buy equipment for the co-conspirator.

A second co-conspirator, who was not an employee, was also given a p-card and permitted to spend almost $50k. I’m speculating here, but it wouldn’t surprise me if this was a card for a love interest. Given the modest amount versus the total, it seems like it could be a “get yourself something nice” arrangement.

Finally, Kevin Lee Co engaged in money laundering. Co-conspirator A would charge the card and then write checks back to Kevin for about half of the money.

This story got wild when it was revealed what the money was spent on. The list includes luxury cars, season tickets to the Sacramento Kings and San Francisco 49ers, plastic surgery, and a golf membership at an exclusive club.

And then there is Game of War. A mobile phone-based, free-to-play game with in-game purchase options. Co reportedly spent $1 million dollars on those in-game options in the Kate Upton-promoted game.

Company credit card fraud is depressingly common. P-cards typically have additional controls and in this case, it appears they were triggered at least 3 times, but when the fraudster is in charge, those controls can only do so much.

I’ve personally seen 3 cases of corporate card fraud after the fact. In each case, it was depressingly similar, a controller who coded the cards and entered transactions into the accounting system. The problem with this type of fraud is that it can run for years. A $200k corporate card fraud is a small one. Getting to a million or two is very doable. Still, almost $5 million over 7 years is a long fraud.

Obviously, segregation of duties would have addressed this, as would an independent reconciliation of card charges, along with better p-card limits and purchase limitations. I also want to make the case that CEO, CFO, and controller jobs are NOT transactional jobs. No one hires a controller for their ability to key payables transactions. They can advise on transactions, help ensure that coding is correct, etc., but not key transactions. They definitely shouldn’t key transactions regularly.

But it didn’t stop there. While out on bail and awaiting sentencing, Co started a company selling generators, solar panels, and windows. During the pandemic, he fraudulently applied for and received Paycheck Protection Program loans from two banks totaling more than $500k. Co was required to disclose on the applications that he had pled guilty to wire fraud and money laundering but conveniently left that out. Co was sentenced to 10 years for the initial fraud. Committing a second fraud while on bail will not help him.

This one is a little older but it’s one of my favorites because we have so much detail and we have it in the fraudster’s voice. I’ve actually covered it before, but it’s worth another look. The core source here is Journal of Accountancy’s Lessons from an $8 million fraud.

Nathan J. Mueller worked for a Minnesota insurance company, ReliaStar, that was taken over by global insurer ING. Mueller played a lead role in the transition to a new ERP system and along the way he and a co-worker were given payment approval authority up to $250,000. Mueller didn’t even know he had that authority until two years later.

Red flags were present early in that users often logged in as each other to get something done when a co-worker was out. With a pregnant wife and a salary that wasn’t quite covering the bills, Mueller logged in as a co-worker and requested a check made out to Universal for $1,100. He then logged in with his credentials and approved it. Universal was an insurance company they paid regularly. The word Universal was also part of the name of his credit card. [This is not in the article, but suspect this was the AT&T Universal Card.] The check cleared and his credit card account went down by $1,100.

There was a control point here. It was a different user’s job to receive the checks and mail them out. Mueller was a backup for this process so he waited to request a check until he know the primary person would be out. Occasionally, he gave the primary the day off to make it easier. The organization had a segregation of duties control point here, but it wasn’t functioning as designed.

After his start, Mueller paid off his Universal card and then kept transferring balances from other cards and debt to that card. After stealing $88,000 he was out of debt. Right before this though, there was a chance to catch him. He’d send a $4,500 payment without a payment voucher and without an account number. The check was returned to his work and the AP department, instead of investigating, forwarded it to Mueller. It was a close call and the fraud could have been stopped there.

It took a few months for Mueller to get past the scare and from there he got smarter. Like the term “Universal”, Ace was part of a company name that regularly received payments so Mueller opened a shadow “Ace”, Ace Business Consulting. He would request and approve payments as before, but now he could just deposit the checks. He did this to the tune of $8 million over 4 years.

Mueller needed to cover his tracks. He primarily used two schemes, hiding amounts in accounts with a lot of ledger activity and manipulating foreign currency accounts. He started by simply hiding the payments in high volume accounts.

For every credit (to the bank) there has to be a debit, and my debits needed to be hidden somewhere. Our payments were usually for insurance claims, commission expenses, various refunds, or an administrative expense. In 2003 and 2004, I hid all the debits in ledger accounts that had a lot of reconciliation activity, making sure that my debit helped the account reconcile to zero.

As Mueller’s scheme evolved, he would intentionally weaken the Canadian dollar when calculating the exchange rate for their Canadian subsidiary. Effectively this hid his theft as exchange rate losses. Mueller was the only person to manage the exchange rate calculation for 7 years.

He also had to hide his theft from his wife. He had significantly upgraded his lifestyle so he needed an explanation. Mueller decided that he was a successful gambler. He would take junkets to Vegas and return with his own stolen money. His wife remained suspicious and eventually, they divorced.

What got him caught was that Mueller’s ex-wife became friendly with one of Mueller’s co-workers. His wife said that she didn’t believe the gambling stories. That set off the alarm bells that led to the discovery of Mueller’s scheme.

We know why Mueller did it, financial pressure that morphed into greed. The core issue here is Mueller’s ability to bypass segregation of duties controls. The ability to log in and request payments as a coworker was the key to this scheme. Without that, it might have been possible to redirect a few payments or sneak through a fake Universal invoice, but not to the tune of $8 million.

With that access, he managed to avoid the preventative control of a user creating and approving their own invoices. That access made it possible to bypass the control of check mailing being done by a different user.

Interestingly, no detective controls caught the fraud either. No large, unexplained budget differences that someone investigated. There was no follow-up on the returned check. There was no application of statistical tools or forensic analysis.

Finally, Mueller’s lifestyle of expensive cars, watches, and trips didn’t raise red flags within the company until the very end. Of the $8 million, he paid back $860,000, mostly in seized property. In prison, he paid $75 a month as part of a prison repayment plan. As with other frauds we’ve seen. The money was gone.

Mueller’s scheme started out as simple payment fraud. He just cut an extra check to Universal and simply hid it in a complex account. That got him as far as $88k. From there Mueller had to evolve. He set up Ace Business Consulting. He hid the fraud in exchange rate losses and created a gambling backstory. Each adjustment added complexity. Still, once someone decided to look, the fraud was easy to find.