Embezzler's Guide to the Computer by Brandt Allen University of Virginia Computerized embezzlement may be the best game in town. It doesn't really matter whether the target organization is profit-oriented, governmental, or a not-for profit group. It does help the potential embezzler, however, if he is in a position of responsibility and is a "trusted" employee. He needs a basic knowledge of accounting, record-keeping, and financial statements, but he doesn't have to be a computer expert. Computer technology tends to confound auditors and managers themselves so much that they are rarely in a position to detect or prevent the embezzlement. Embezzlement is far less risky than ordinary theft, and far more rewarding. An added attraction for the embezzler is the fact that even if he should get caught, he probably wouldn't even have to go to jail. In a large percentage of cases, embezzlers aren't prosecuted because a concept dating back to English common law makes embezzlement a crime against an entity and not an individual. Embezzlers shouldn't count on being caught though. The prognosis for successful computer-based crime is good. Virtually all of the traditional peculation opportunities of the past may be run through the computer, and a host of exciting new schemes is possible as well. The best embezzlement schemes have to be well executed to work, but the ideas are simple. For any employee who really wants to practice this lucrative game, the best place to start is probably with a disbursements fraud. Historically, this kind of crime has accounted for more embezzlement losses than all others. The approach is really quite simple: an organization is forced into paying for goods and services that it did not receive, and payment for them is made to a bogus company. Anyone who wants to successfully accomplish this kind of fraud can do so by carefully studying his company's procedures for account-keeping, purchasing, and receiving. Vouchers and invoices have to be falsified, but for an employee in accounting or data processing, sometimes it is as simple as punching a few cards and entering them as if they were legitimate into a batch of transactions. Second-generation computer systems make this job more difficult because computer files of open purchase orders and merchandise receipts would not correspond to the various duplicate files maintained elsewhere, but this kind of danger can be minimized by stealing from inventory accounts with high activity and high value from which a certain amount of loss is "expected" by companies. If any one account isn't "hit" too hard, a company will probably tolerate the loss before it triggers a thorough investigation. Managerial style is often the key as to who gets robbed and who doesn't. Potential embezzlers should stay away from "detail men" and pick on the accounts managed by people who do not or cannot pore over financial statements, analyze the operating variances, and scrutinize the purchases, prices, terms, and inventory levels. Since all embezzlement efforts are conducted through accounting systems with a number of tests and controls, a little homework in studying the company's computer operations and controls can allay any of the dangers they might hold. Inventories themselves can be a source of revenue to the embezzler, and it is often easier to convert goods to cash than it is fraudulent checks. Computerized inventories lend themselves to penetration for two basic reasons: they account for a large amount of material, and the controls on access systems are usually lax. One outstanding example of the possibilities of inventory theft via computer is the railroad company which lost 200 boxcars when an employee altered input data in the company's rolling stock to reflect that the cars were either scrapped or wrecked, when they were actually shipped to another company's yards. Still another fruitful area for the embezzler is the manipulation of shipments, sales, and billing procedures. A company can be confused into shipping a product to a customer without sending a bill, or shipping something and billing it at the wrong price. Improper credits or adjustments on returned or damaged merchandise can be granted. Sales commissions, allowances, and discounts on merchandise can be manipulated. The computer makes it easy to alter shipping documents because in many computerized order-entry systems the sales record is maintained on file and is normally not updated until the order is shipped. Sales order records can be altered after the shipment has been made, but before the billing processes are started. Payroll processing functions in large organizations offer a ready source of funds to embezzlers who understand how they operate; and employees in data processing, payroll, and programming are in ideal positions to make their schemes work. They can alter input data to pad the payroll with extra hours for themselves and others, but this is often a risky business. Simpler, and more lucrative are the schemes of creating fictitious personnel or increasing by small amounts the money withheld from employees' checks for income taxes and other purposes. Funds can often be embezzled from money destined for the payment of pensions, employment benefits, and annuities by keeping a dead beneficiary on file, and having his address changed to the embezzler's own. Any of the schemes described could be perpetrated without the aid of the computer, but the computer actually makes them a lot easier to enforce successfully. The computer accepts all input as the truth. Access to computer records is often easier than to manual records, and an embezzler's visibility when committing the crime is a lot less. And, if a foul-up should happen to occur, people are always ready to make the computer the scape-goat. *This article is condensed from one of the same title which appeared in Harvard Business Review, Jul-Aug 1975.