Slashdot Mirror
Procurement Fraud in the IT Sector
TopShelf writes "IT staff usually enjoy unrivaled access to the deepest details of an organization's structure, and all too often, some submit to the urge to use that knowledge for nefarious purposes. Baseline Magazine explores how how Tech Insiders Cheat Their Employers, with examples of executives creating their own vendors to which fat contracts are awarded. Perhaps the most galling case involves a director in the New York City Chief Medical Examiner's office who is accused of scamming FEMA in the wake of the September 11, 2001 terrorist attacks."
Did he buy lapdances like the Katrina victims?
For six years I would take a pad of post-it notes from the supply cabinet. After I had enough stock, I opened a wholesale company and sold them all back at a discount rate. Then I did the same with toner cartridges, pens, erasers, etc. Eventually I worked up to filing cabinets.
I'm trying to figure out how to do it with the company cars, but that one's a little tough.
Maybe I shouldn't have named my fake vendor company Enron...
[ http://www.dvigroup.net/self ]
Slashdot Burying Stories About Slashdot Media Owned
Sony ha
Simon Travaglia's BOFH's been using those tricks for years.
As opposed to creating whole outsourcing companies to manage contractors during an outsourcing push. Or an executive personally subcontracting a building project at a bid below the rest of the local builders. Or the usual everyday case of standardizing on vendors that appear heavily in the executive's personal stock portfolio.
[
Right off the top - there are always some people who are going to screw you, no matter how you treat them.
But for most employees, instilling loyalty and pride in the company is the best disincentive to theft. It's also the best way to increase productivity.
How does a company do that? Pay employees what they're worth, don't overwork people, be ethical in your business operations. Basically, it's the golden rule. Treat your employees the way you want them to treat your company. Your employees will take care of the rest, and the money will roll in.
It's too bad that most companies are only in business to line the pockets of the top execs this quarter, and damn the next financial period; we'll figure that out later.
Web 2.0 == Giant Blogspam Circle Jerk
Any employee with purchasing power can defraud the company. The more purchasing authority that person has, the greater the damage he can inflict. The only way to get around this is to make sure you're hiring the type of people who won't do this sort of thing because of a strong sense of ethics. Obviously, this isn't 100% foolproof, but there is always risk in business. The idea is to mitigate that risk as much as possible.
Singling out IT managers as potential sources of fraud is disingenuous. ALL managers have the potential for fraud, because they have the access and the authority to commit the crime.
Suppose one buys equipment on the company dime and then sells it on eBay and pockets the profit... no problem there, right?
[ http://www.dvigroup.net/self ]
I know of a midsized company that wanted to be bought by another company, so it shipped products to its customers which the customers never ordered. Invoiced them too. That way it could report more revenue, nevermind that the customers were very rightfully pissed off.
Obviously it's the "strategic decision makers" that pull this kind of crap.
Just my 2c
It sounds like the companies that are being so defrauded must have terrible control measures. For instance, in my company (a logistics/shipping co) we need to have several pieces of documentation before any job is done, or any invoice raised. The measures are stricter when it involves money going out of the company in any way. There are varying levels of control depending on the value concerned.
At least 4 people see a cheque before it is signed and sent out, two signatures are needed on the cheque and one from someone like a manager on the form requesting it. If I want a printer cartridge, I have to fill out a form, get my line manager to authorise it, and then give that to the secetary - who also checks everything, then when she places her order it has to be signed off by her boss. Etc etc.
Control measures are fundamental to reducing exposure to fraud or theft IMHO. Trust me, I'm an accountant.
I am aware of a fairly large suburban school district that was taken to the cleaners by their IT manager without them knowing it at the time. Few people outside IT in such a place really understand the cost of the IT equipment they're buying. So the manager decided to order a whole bunch of "spares" to fill a closet. Somehow this closet was bottomless as stuff kept officially going in it but it never filled up.
He got caught as soon as he did only because he was a complete dumbass about it -- students knew there was a "forbidden room" and were suspicious of its contents, and he listed some Cisco kit and some printers on eBay with an address that obviously traced back to the school. When someone brought in a printout of the eBay auctions it was all over.
No. You still stole something and you can get arrested. Unautorhized taking of property is theft.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
among others, this was the big "gotcha" that got the U of U folks wondering about their so-called cold fusion scientists. turns out they would only work with the cold fusion institute mandated by salivating legislators if the institute bought a particular model of power supply... which was only marketed in the US by the son of one of the chief researchers.
and the funny thing is, they were voltage-limited supplies, they would all have to be rewired into current-limiting units on receipt by the father.
at that point, everybody's eyes were opened in all corners.
it's a classic scam, buy it from yourself at market-high prices. it's so old, even green kids from journalism school know to look for that trick.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Oh, heck. It's easier than that.
I am familiar with a business that gets all its IT services through a one-man contracting operation. It's in the contract that this guy will provide them with all their hardware, at a 5% markup over his cost. So instead of just telling them what to buy and letting them call up Insight or whomever, he buys it for them, tacks on 5%, and gives them the bill.
The value-add is pretty near nil, but the cost add really lines the guy's pocket.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Wow. How audacious is it to hold your first "shadow company" meeting in the board room of the company you're ripping off.
Talk about hubris!
I might know what I'm talkin' about, but then again, this is Slashdot...
How many of you are posting from work?? Come on, we all know who we are.
Here will be an old abusing of God's patience and the king's English.
From the first fraud mentioned in the article:
"invoices were often hand-delivered to Motschenbacher who, in turn, would hand-deliver the Buca payment to EDP"
If your business processes are so pathetically broken that the same person processes invoices and writes the checks, your problem has nothing to do with IT having too much access to the company's nervous system.
I would've gotten away with it too if it weren't for those meddling kids!
In the example given, there was some interaction with working for and selling to the government, which I could see as illegal, but in all other cases with private organizations, I would say that things are fine. Does anyone have any details on the legality of this action?
--Chag
There's finally an article that can improve my bottom line.
"IT staff usually enjoy unrivaled access to the deepest details of an organization's structure, and all too often, some submit to the urge to use that knowledge for nefarious purposes.
m t m
At least we can count on the police to put a stop to this.
http://catless.ncl.ac.uk/Risks/21.58.html#subj5
[According to the third Detroit Free Press story, a cop who stalked a woman
using his access to police databases was "suspended for a day without pay."
That'll teach 'em! --Declan] [FROM POLITECH]
> Date: Sat, 04 Aug 2001 02:08:36
> From: "Ed Walker"
> Subject: Michigan cops abusing database
> www.governing.com/news had a link to a freep article that may be of
> interest to politechnicals. The first two links are the story, and the
> third is an account of a truly creepy cop stalking someone he met while on
> duty.
> Michigan Newspaper: Police Abuse Database Police throughout Michigan,
> entrusted with the personal and confidential information in a state law
> enforcement database, have used it to stalk women, threaten motorists and
> settle scores. Over the past five years, more than 90 Michigan police
> officers, dispatchers, federal agents and security guards have abused the
> Law Enforcement Information Network, according to a Detroit Free Press
> examination of LEIN records and police reports. More: Detroit Free Press
> http://www.freep.com/news/mich/lein31_20010731.ht
> http://www.freep.com/news/mich/lein1_20010801.htm
> http://www.freep.com/news/mich/amber31_20010731.h
While this is a new 'high techy' way of scamming money, it's just another example of the old adage: "Abuse of power comes as no surprise" - Jenny Holzer (American, born 1950)
"...Abuse of Power Comes as No Surprise is one of Holzer's Truisms first published in l977. [...] Holzer's Truisms, first published in l977 include such politically charged statements as ABUSE OF POWER COMES AS NO SURPRISE, EVERYONE'S WORK IS EQUALLY IMPORTANT and MOST PEOPLE ARE NOT FIT TO RULE THEMSELVES."
All ideals that are apt today as back in the 70s.
fak3r.com
that scam others in wake of a national tragedy. Those people that claimed they died in 9/11, the people that scammed 1.5 billion from the hurricane. Hell, the politicians that claimed they needed hurricane money in Utah.
The phrase "more better" is acceptable English. suck it grammar Nazis
In the previous place I worked, the IT guys loved getting extra parts from Best Buy and Frys who gives an extra "rebate receipt" and charged the company the full amount and pocketed the rebate.
When I confronted them (I managed them), they mentioned the sales guys did the same with Frequent Flier miles from the airlines and after a brief effort with the CFO to stop both practices (I agree they have parallels) we decided to just let them.
http://www.google.com/search?q=microsoft+fraud+emp loyee+&sourceid=mozilla-search&start=0&start=0&ie= utf-8&oe=utf-8&client=firefox&rls=org.mozilla:en-G B:official
:D
Says it all really
From the Canadian case:
'should anyone such as the HP account rep question Champag[n]e too closely about his dealings, he would tell them "that the work was confidential and in the interest of national security," '
Secrecy corrupts. If someone says "national security" too often they are covering up something foul.
The converse is the New York case:
"an unnamed employee in the medical examiner's office alerted the Department of Investigation's Zander"
Keep an open channel for whistleblowers. You'll never get this kind of tip if employees know you'll wreck the career of anyone who points out a problem. If that's your policy, employees will figure it out *real* fast.
Did anyone else, by the way, find the article summary misleading? Nothing in the article involved a sophisticated rewiring of the IT infrastructure: they were just classic self-dealing and kickback schemes.
I work for a metadata management company providing search capabilities for various information assets. You would be amazed at how long it takes for a simple implementation of our systems within larger corporations. We are talking of timeframes ranging anywhere from 3 months to 3 years. Many of these deals end up in the hundreds of thousands of dollars, and it is obvious to us that the reason it takes so long is because companies need to keep a very close eye on these types of things to avoid issues such as the ones seen in this article. Corporate corruption is a huge hindrance to business today. However, from a business standpoint, has anyone considered how much money is lost by the company in just coming to a decision when it comes to choosing a vendor (or a product)? Sure, John over in the R&D department could be skimming a few thousand off of a large deal - which I agree is quite a disgusting business practice in general - but how many thousands are lost in time spent coming to an overall decision? How many meetings must we sit through to be involved in the never ending/looping discussion over semantics? How many proposals are shot down after months (or years) of researching, traveling, and testing out different solutions?
...and to my knowledge they still don't know it ever happened.
I left there about 5 years ago, but one of my close friends who remained there worked in finance and a year after I left she uncovered a scam run by the CIO, one of his underlings, and a vendor on the outside. It was pretty simple and had apparently been going on for some time even before I left. Basically, it was just a matter of phony invoices coming in from the vendor, for equipment that was not needed nor delivered. The CIO and his underling signed off on the invoices and they were paid, and presumably some of the money that went to the vendor found its way back to the CIO and his underling. My friend quietly followed the paper trail and was able to determine that the scheme netted somewhere in the mid six figures, over just how long a period I don't remember.
I would like to mention that the CIO's underling was an empire-building, micromanaging bitch that was hated by everyone who was under her, which unfortunately included me. She would cover her own ass and happily throw anyone else under the bus she could to solidify her own position. I ended up having to report to her for a period when my boss left the company, until a replacement was found. Having to deal directly with her was a major reason why I left the company.
The above paragraph is just to give you a feel for the fervor with which I pleaded with my friend to assemble all the evidence of wrongdoing and present it to the CFO. She surrepetitiously made copies of everything and kept the folder around, but never did blow the whistle. I suppose she figured it might come in handy as a bargaining chip someday if they ever tried to pin anything on her. It's a real shame, because nothing would have pleased me more than for my friend to have taken that bitch down. Oh, well.
~Philly
...a friend and I worked at a .com way back when. We knew that we had a couple of high end graphics cards sitting in the basement that were never going to get used by the company, but would add some new life to our boxes. Since no one but myself went down to the basement much, my friend and I decided that we would go down there on Friday afternoon, grab them, and then leave for the day... no one would ever know.
So of COURSE as we are on the elevator going down, the CEO gets on with us, and asks where we are going... we say checking on something in the basement, and he decides that he's going to come down, too. In my head, I think we can just scrap the plan and hold off until next week. My friend decided we were going to go through with this.
So we get to the basement, and the CEO starts looking through some boxes. While he's doing that, my friend grabbed the cards, threw them in my bag, and we walked out... the CEO never had a clue. It was awesome.
I'll start defrauding my employer as soon as I figure out how to charge them for open source software...
org.slashdot.post.SignatureNotFoundException: ewg
That sounds like the same scam as the office worker who places an order with Quill, then refuses to share the cookies that come in with the order...
Us newbies need some help with our first fraud!
Note that it wasn't the protection of the law, but political pressure that forced ERCOT to drop the lawsuits. If it hadn't happened in the wake of the California energy "crisis", there's every indication that nobody outside the situation would have cared. It's cases like this that make me cringe when politicians tell us that they need ISPs to hold login information indefinitely. When I "think of the children", I worry about the mess that current "if you're not with us, you're with the [terrorists|pedophiles]" mentality will leave for them to clean up.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
The whole article seems geared toward justifying spending money to root out "fraud." 6% of revenue is lost through fraud? Come on, that fails the smell test. My favorite part of TFA: 900,000 is the average amount stolen by the owners of the business. Hello? The owners stole from themselves?
Ibid.
A long time ago in a job far away I had a IT Manager who would buy all sorts of stuff from Computer Associates every time they took him out to a fancy dinner and a ball game.
The obscure we see eventually. The completely obvious, it seems, takes longer. - Edward R. Murrow
If it's fair for management to rip their company off, why shouldn't the IT grunts?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I applaud your entrepreneurial spirit, but what you should have done was set up your own office supply company to sell the supplies back to your own company. Hell, you wouldn't even need to sneak into the supply closet, just send them a monthly invoice.
For non-expendable items that require a capital investment, I suggest setting up a leasing company. That's what I did with our company's Machine That Goes DING!!(tm).
It's not offtopic, dumbass. It's orthogonal.
I had purchasing power at a tech job, and tens of thousands of dollars worth of equipment passed through my office on a monthly basis. I ended up getting *fired* on the suspicion of stealing a $90 ZIP drive, because I made the mistake of auditing our stock and realizing that it had been stolen. Had I said nothing I would've been fine. Lesson? Honesty is for suckers. To think...I could've had a cluster of SGI workstations (it was 1999, give me a break).
This is one of the most important jobs in IT. Wolves (salesmen) will constantly attack an IT budget with $30,000 servers that only cost $3000. If IT rests even a month they will find that management will have wasted their budgets losing a hole to wolves on the golf course. I've personally seen over 25 times companies I've worked for throw over a million dollars down the hole in less than a month. Once I was out of a job when the wolve told management that their new PCs did not need admin while I was on vacation. That lie lasted about 2 weeks (during install), and then the wolves refused to answer the companies calls. The company spent over a million the next year trying to get their IT department up and running again. A decade later they are still struggling to try to get back where they were 10 years ago.
... I didn't see one reference anywhere to Counterstrike servers...
.. uh .. work. *grin*
Okay back to
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Recently employees at HP and the Department of Defence bilked millions in taxpayer money by somehow buying millions in HP computers, but the computers were never actually ordered or delivered from HP. Its pretty bad when both the vendor (HP) and people working at some high level department like a National Defense office can be in a scam like this.
Is it a problem, yes. Will is change, no! As long as there are ways to rip people off, there will be people around to rip people off.
Its just easier when government offices go through computers like underwear, changing entire systems on an almost yearly basis because they need something as simple as more RAM, a software upgrade, or they flip flop between wanting to support Linux or Windows. Rather then making existing systems work (i.e. paying someone to upgrade the RAM or install software or an OS, or better yet, actually getting their IT staff to do work), governments just think it is easier to buy a whole bunch of new computers with whatever hardware/software comes pre-installed on them. Who cares, its taxpayer money, governments don't have to be accountable for spending it. When you think about it, any IT worker at a government office is a fraud. They are high school drop outs getting paid $80K/year in a unionized job to tell their boss they need to upgrade all their departments 1000 computers because some new application requires 512mb of RAM opposed to the the 256mb installed.
How can you tell I hate Civil Servants. Who is the servant? The taxpayers are!
Fraud is seen as a political liability, reflecting badly on the purchaser's superiors, so criminal investigations are not encouraged and are sometimes blocked. If there isn't any adverse publicity from the fraud, the individual(s) get a slap on the wrist, a temporary demotion at worst. A few public servants at the bottom of the hierarchy may be sacrificed to the criminal justice system, but the ones doing real damage are rarlely touched.
I didn't find this in the article, but let's see. New Orleans was built below sea level, and the problem was just a matter of time. The US government has decided to take my money to pay for the problems in New Orleans? That sounds like a scam in and of itself.
Check out this opinion
The basic point is that the US government is buying votes with your money, including subsidizing insurance in flood planes with your money. Gee, that encourages it, but the worst part is that people aren't bothering to buy flood insurance, as they know the FEMA will bail them out!
So a scammer scammed a scammer? Big deal.
Ed Barbar, President and General Manager, Furnit USA
And may the gods help him if the equipment was procured via the Federal ERATE program.
Waste, Fraud, Abuse = time in PMITA prison
CEO: "Judge, these men beat me severely with IBM model M keyboards!"
Judge: "What possessed you to to this?"
Laid off workers: "Sir, he defrauded our company of 3 million dollars."
Judge: "Oh, in that case... The workers loose their life savings to compensate the victim! And to victim... How does 5 years in Club Fed sound with only 6 months served? Oh and the wife says hey... See at golf next Sunday!"
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Like the 19 CIA agents who went to Italy to kidnap a radical Islamic cleric. They stayed in luxury hotels and ran up huge tabs (ok, maybe small tabs, but $100,000 is huge to me). As if they were all motherfucking James Bond or something. I think it is the tip of the iceberg when it comes to "black" operations and "classified" stuff done in the name of "national security". I'm not going to link an article, do a search for CIA +luxury hotels +Italy and come to your own conclusions. Why do CIA agents need to spend time in luxury hotels to case the kidnapping of an Islamic cleric? I could maybe see it if they were kidnapping a rich businessman/industrialist or even a movie/rock/rap star, but a cleric? The dude wasn't spending time in luxury hotels. CIA, bling bling, get the hookers and Courvoisier (yes, I know it is French) got the money and the guns and the cars, gonna kidnap the bad muthafuckers and get medieval on their asses! C. muthafuckin' I.A. In the house!
Or maybe they were doing the right thing. Yeah, that's the ticket.
I am familiar with a business that gets all its IT services through a one-man contracting operation. It's in the contract that this guy will provide them with all their hardware, at a 5% markup over his cost. So instead of just telling them what to buy and letting them call up Insight or whomever, he buys it for them, tacks on 5%, and gives them the bill.
If someone said in a project I was to buy them hardware, I'd charge a fee too. Otherwise, they can go spend their own time buying the hardware.
Or if I called Tiger direct and asked them to buy hard ware from AMD and then got all mad when they raised the price they paid AMD, wouldn't you think that would be silly?
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Audit can only be done after the fact, but is a necessary evil. The idea of "Walk softly, but carry a big stick" isn't a bad one to apply here.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Some payment for his expertise in product selection is of course reasonable. But that's not how this is structured.
All this guy is doing is adding an unnecessary layer to the transaction and driving up the end-user's cost. I have other reasons to think that he's milking this particular cash cow that I won't go into here. Suffice it to say that he has found several ways to profit by his customer's continued ignorance, and he acts to keep them in the dark rather than educate them. (The customer probably should work to get a clue themselves, but that's yet another story.)
It may be legitimate capitalism, but I wouldn't feel right about doing it.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
I'm turning myself up for using company resources for personal benefict.
Maybe they'll be lenient - the paper was already printed on one side.
So now all of a sudden my way of life is labelled "fraud"... bloody hippies...
I Like Pie...
Or a high-ranking position in the Executive Branch.
I once had the opportunity to attend a technology resellers workshop (think barcode scanners, RF terminals, etc.) and sat in on a consulting lecture where the theme, printed big & bold on a banner, was basically "Customer Ignorance = Profit Opportunity". I felt like a sheep in wolf's clothing, having snuck into the wolf den. I can't say I was surprised at the message, but the frank and open manner in which the resellers talked about exploiting customer ignorance was astounding.
Stop by my site where I write about ERP systems & more
From the article itself:
Often, in exchange for letting the vendor shortchange his own company or organization, the employee gets kickbacks. Often, too, fraudsters establish shell or shadow vendors--dummy companies with puppet or fictional CEOs--and use these to bilk the home team.
The only way put a to stop that would be to pay serious amounts of money instead of mere salaries. Oh okay, so that doesn't go well
with the bottom line well gee I suppose then that "problem" is here to stay. The main Errorthink in that article when looked at
from the crimethinker's perspective: Employees don't own their company and the company is not their home team.
I'm sorry but yes you can actually buy serfs. They'll hate you plenty and they'll drag their feet but you own them because you can
starve their kids but after a certain point you have to hire people with brains and if you think you don't have to pay them top
dollar and can treat those people like serfs... you will just have to suffer the pain and agony that brings your organization.
One golden rule: Treat your house servants fairly and courteously or they will spit into your coffee, scrub the toilet with your tooth
brush and pee into the boullion. Same thing goes for your personal cook and doctor. Don't upset your butler or other close personal
staff too much or too often or they will quit.
I have been in different companies and someone has to have access as an administrator to install everything. Then again, a lot of management doesn't know what is going on at the IT department and just approves everything 1999 style.
I just changed a few fields in the database I was installing and now my domain name is registered until 2099.
Custom electronics and digital signage for your business: www.evcircuits.com
Vista:XPSP2::ME:98SE
Does this dude have a Dodge Viper and act like a wannabe pornstar?
On the contrary, in the majority businesses I deal with the same people "process invoices" and "write the cheques". They work in "Accounts Payable". These people don't normally "sign" the cheques, however, and someone else may have generated a purchase order to start the process. When a single person is able to control the purchasing process from start to finish - Product Selection, Vendor Selection, Purchase Order, Accounts Payable, Signing Authority - that's when serious abuse can occur. Most business owners have enough sense to avoid this situation.
The patents in the past from future tech story is from Voyager, not TNG ("Future's End", season 3).
Microsoft have been doing this for years!
There is absolutely nothing wrong with what he's doing. I can tell you right now that the customer doesn't WANT to be educated, because, frankly, it's not worth their time and effort. They already have someone reliable who takes care of their systems, why should they waste their time learning it? They have more important things to do, like what they were hired for in the first place.
Actually, they have expressed to me that they do want to be educated, but that's not in their contract with him. When that contract expires, he's gone.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
I have personally seen a company charge full price for a used item and claim it was new. That was the least of their deeds. Lets call them CrapIT.
They were the outsourced IT managment and staff for CompanyA. CrapIT had CompanyA buy all the hardware and software from themselves. Since CrapIT made all the IT decisions, with little or no oversight (more on that later), they could charge whatever they wanted for hardware and software. They also charged for hourly overtime when their staff "stayed late" or "worked" on the weekends. They were really playing online games using CompanyA's network.
I found all this out when CrapIT was fired for not running proper backups of the critical application servers. One of the servers died and CompanyA lost about two days work (valued around $20mil). CompanyA brought hired me and a bunch of other folks to run IT after that.
The real joke was the oversight, or lack thereof, by CompanyA. I found out CrapIT was giving out free laptops, plasma TVs, and home PCs to some of the execs at CompanyA. The CEO told the management team after we had been there a year that he wished he had never fired CrapIT because we cost more, but provided worse service. So the CEO bought his wife, the CFO, a new MB S500, announced the best financial quarter in company history, and started to fire the IT staff.
I know I learned a lot of new skills while I was there and I made some good contacts. I even got a WAY better job after they fired me. I am still bitter that I went through so much trouble and annoyance to do it.
The lesson I learned from that job was that fraud and kickbacks are all over because there are rotten people that work on both sides. The good people sometimes do something about it and sometimes they don't.
Ummm, Jon, aren't you supposed to be dead...? - Otter(3800)