Slashdot Mirror
Procurement Fraud in the IT Sector
TopShelf writes "IT staff usually enjoy unrivaled access to the deepest details of an organization's structure, and all too often, some submit to the urge to use that knowledge for nefarious purposes. Baseline Magazine explores how how Tech Insiders Cheat Their Employers, with examples of executives creating their own vendors to which fat contracts are awarded. Perhaps the most galling case involves a director in the New York City Chief Medical Examiner's office who is accused of scamming FEMA in the wake of the September 11, 2001 terrorist attacks."
For six years I would take a pad of post-it notes from the supply cabinet. After I had enough stock, I opened a wholesale company and sold them all back at a discount rate. Then I did the same with toner cartridges, pens, erasers, etc. Eventually I worked up to filing cabinets.
I'm trying to figure out how to do it with the company cars, but that one's a little tough.
Slashdot Burying Stories About Slashdot Media Owned
Sony ha
As opposed to creating whole outsourcing companies to manage contractors during an outsourcing push. Or an executive personally subcontracting a building project at a bid below the rest of the local builders. Or the usual everyday case of standardizing on vendors that appear heavily in the executive's personal stock portfolio.
[
Right off the top - there are always some people who are going to screw you, no matter how you treat them.
But for most employees, instilling loyalty and pride in the company is the best disincentive to theft. It's also the best way to increase productivity.
How does a company do that? Pay employees what they're worth, don't overwork people, be ethical in your business operations. Basically, it's the golden rule. Treat your employees the way you want them to treat your company. Your employees will take care of the rest, and the money will roll in.
It's too bad that most companies are only in business to line the pockets of the top execs this quarter, and damn the next financial period; we'll figure that out later.
Web 2.0 == Giant Blogspam Circle Jerk
Any employee with purchasing power can defraud the company. The more purchasing authority that person has, the greater the damage he can inflict. The only way to get around this is to make sure you're hiring the type of people who won't do this sort of thing because of a strong sense of ethics. Obviously, this isn't 100% foolproof, but there is always risk in business. The idea is to mitigate that risk as much as possible.
Singling out IT managers as potential sources of fraud is disingenuous. ALL managers have the potential for fraud, because they have the access and the authority to commit the crime.
Obviously it's the "strategic decision makers" that pull this kind of crap.
Just my 2c
It sounds like the companies that are being so defrauded must have terrible control measures. For instance, in my company (a logistics/shipping co) we need to have several pieces of documentation before any job is done, or any invoice raised. The measures are stricter when it involves money going out of the company in any way. There are varying levels of control depending on the value concerned.
At least 4 people see a cheque before it is signed and sent out, two signatures are needed on the cheque and one from someone like a manager on the form requesting it. If I want a printer cartridge, I have to fill out a form, get my line manager to authorise it, and then give that to the secetary - who also checks everything, then when she places her order it has to be signed off by her boss. Etc etc.
Control measures are fundamental to reducing exposure to fraud or theft IMHO. Trust me, I'm an accountant.
I am aware of a fairly large suburban school district that was taken to the cleaners by their IT manager without them knowing it at the time. Few people outside IT in such a place really understand the cost of the IT equipment they're buying. So the manager decided to order a whole bunch of "spares" to fill a closet. Somehow this closet was bottomless as stuff kept officially going in it but it never filled up.
He got caught as soon as he did only because he was a complete dumbass about it -- students knew there was a "forbidden room" and were suspicious of its contents, and he listed some Cisco kit and some printers on eBay with an address that obviously traced back to the school. When someone brought in a printout of the eBay auctions it was all over.
From the first fraud mentioned in the article:
"invoices were often hand-delivered to Motschenbacher who, in turn, would hand-deliver the Buca payment to EDP"
If your business processes are so pathetically broken that the same person processes invoices and writes the checks, your problem has nothing to do with IT having too much access to the company's nervous system.
I would've gotten away with it too if it weren't for those meddling kids!
There's finally an article that can improve my bottom line.
I'm not a Troll, it's reverse psychology.
I work for a metadata management company providing search capabilities for various information assets. You would be amazed at how long it takes for a simple implementation of our systems within larger corporations. We are talking of timeframes ranging anywhere from 3 months to 3 years. Many of these deals end up in the hundreds of thousands of dollars, and it is obvious to us that the reason it takes so long is because companies need to keep a very close eye on these types of things to avoid issues such as the ones seen in this article. Corporate corruption is a huge hindrance to business today. However, from a business standpoint, has anyone considered how much money is lost by the company in just coming to a decision when it comes to choosing a vendor (or a product)? Sure, John over in the R&D department could be skimming a few thousand off of a large deal - which I agree is quite a disgusting business practice in general - but how many thousands are lost in time spent coming to an overall decision? How many meetings must we sit through to be involved in the never ending/looping discussion over semantics? How many proposals are shot down after months (or years) of researching, traveling, and testing out different solutions?
...and to my knowledge they still don't know it ever happened.
I left there about 5 years ago, but one of my close friends who remained there worked in finance and a year after I left she uncovered a scam run by the CIO, one of his underlings, and a vendor on the outside. It was pretty simple and had apparently been going on for some time even before I left. Basically, it was just a matter of phony invoices coming in from the vendor, for equipment that was not needed nor delivered. The CIO and his underling signed off on the invoices and they were paid, and presumably some of the money that went to the vendor found its way back to the CIO and his underling. My friend quietly followed the paper trail and was able to determine that the scheme netted somewhere in the mid six figures, over just how long a period I don't remember.
I would like to mention that the CIO's underling was an empire-building, micromanaging bitch that was hated by everyone who was under her, which unfortunately included me. She would cover her own ass and happily throw anyone else under the bus she could to solidify her own position. I ended up having to report to her for a period when my boss left the company, until a replacement was found. Having to deal directly with her was a major reason why I left the company.
The above paragraph is just to give you a feel for the fervor with which I pleaded with my friend to assemble all the evidence of wrongdoing and present it to the CFO. She surrepetitiously made copies of everything and kept the folder around, but never did blow the whistle. I suppose she figured it might come in handy as a bargaining chip someday if they ever tried to pin anything on her. It's a real shame, because nothing would have pleased me more than for my friend to have taken that bitch down. Oh, well.
~Philly
That reminds me of the recent case where a guy was caught trying to pass a counterfeit billion dollar bill. Most criminals avoid detection by trying to fly under the radar with a scam so low level it is undetected. This guy was caught because the attack was so ridiculously visible - which reminds me I blogged on this and forgot to actually publish the post, must do that.
These frauds are all pretty standard ones that any good auditor should be able to spot. Placing orders with a cutout company is an old ruse. What is suprising is the way that an exec of a public company would put it all on the line for what was actually chickenfeed compared to his salary and $900K stock options. I did that rant on my blog already though
The only part of this that is Internet specific is the attempt to shut down the whistle blowers with court orders in the fourth case. Again it happend in Enrons home base of Texas.
The blogosphere recently uncovered a series of frauds committed by Duke Cunningham and a number of other congressmen. The mainstream media has yet to tell the public anything close to the whole tale which is still being investigated but has already cased the dismissal of Porter-Goss as head of the CIA, the uncovering of a prostitutes and poker game held by lobbyists at the Watergate hotel and a peculiar series of limosine contracts. The bloggers are also currently getting their teeth into what appears to be a bipartisan scam where a legislator buys land up cheap, gets an earmark appropriation passed to build on or close to it that massively increases the value of the land and then sells dear.
In the UK the magazine Private Eye has traditionally been the whistle blower. The US has never had a true equivalent. Private Eye has dramatically reduced the amount of graft in UK public life by bringing to light many schemes that would otherwise have continued for decades.
Perhaps the Internet can be the Private Eye for the US.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
If it's fair for management to rip their company off, why shouldn't the IT grunts?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I didn't find this in the article, but let's see. New Orleans was built below sea level, and the problem was just a matter of time. The US government has decided to take my money to pay for the problems in New Orleans? That sounds like a scam in and of itself.
Check out this opinion
The basic point is that the US government is buying votes with your money, including subsidizing insurance in flood planes with your money. Gee, that encourages it, but the worst part is that people aren't bothering to buy flood insurance, as they know the FEMA will bail them out!
So a scammer scammed a scammer? Big deal.
Ed Barbar, President and General Manager, Furnit USA