Risk Management

Cell Phone Fraud: Who’s Watching IT?

Cell phone procurement fraudsters have typically worked in information technology departments.
Jesse Daves and Celyna FrostMarch 4, 2016

According to the Federal Communications Commission, upwards of 40% of theft in major U.S. cities involves personal cell phones. But less talked about is the hidden threat of cell phone theft that takes place in the workplace.

Jesse Daves

Jesse Daves

Cell phone procurement fraud has been on the rise in recent months. Unlike street theft, which is usually a crime of opportunity, these schemes involve the systematic purchase of cell phones that are then resold off-the-books by employees for personal gain.

As described by the Association of Certified Fraud Examiners (ACFE), the “fraud triangle” is a model for explaining the primary factors that cause someone to commit occupational fraud:

1. Perceived financial need.

2. Perceived opportunity.

3. Rationalization.

Certainly, mobile phone theft at the office fits that mold. The booming stolen phone aftermarket presents a tempting opportunity for financial gain. New iPhone 6s have been sold in the aftermarket for more than $1,000 per phone in the United States and more than $3,000 per phone in China — a significant profit margin when you consider that the phones are company-bought.

Celyna Frost

Celyna Frost

These schemes have caused millions of dollars in losses and countless hours of frustration for executives that have been forced to deal with them. The internal fraudsters typically have had roles within the information technology (IT) department. Their roles provide them with the opportunity to authorize and, later, get approval for the purchases either through collusion or by manipulating the charges provided by the cell phone providers to defraud internal approvers.

Detecting Procurement Fraud

Because of the potential financial repercussions, companies must put due diligence measures in place and watch out for red flags that may indicate fraudulent procurement. Two indicators that should prompt further investigation are  limited oversight and lack of transparency.

In terms of limited oversight, corporate executives should look out for situations in which one employee is responsible for both reviewing the detailed cell phone bill and obtaining approval from each department or business unit. Another risky situation: one or two employees are responsible for ordering and receiving all devices.

Similarly, if only one or two employees in the company have access the detailed cell phone bill online or full access privileges to order phones through the cell phone provider’s portal, those employees are in a position to change the order process for their personal gain.

In terms of lack of transparency, without the proper internal controls and reporting mechanisms in place, fraudsters can obscure their actions and exploit misplaced trust to exclude outside interference. A common red flag pops up when the accounts payable department only receives a summary of the cell phone bill.

Alarms should also go off when IT resists sharing access and control to the cell phone provider’s billing website. Common explanations given for increased cell phone charges include “international data charges” or “roaming fees” that are not substantiated with details from the cell phone provider.

Suspicious Activity

Finance chiefs should be on the lookout for anomalies or changes in the level of activity and the number of issues reported. For example, IT may report an unusual number of suspended or “frozen” lines; initiate multiple, recurring shipments to unknown parties; or receive a high volume of packages.

Further, numerous complaints from management and different business units questioning the cell phone charges incurred may indicate that the reported charges are fraudulent.

To mitigate the risk of cell phone procurement fraud, companies can implement internal controls to protect themselves. First, they should make sure there’s a proper segregation of duties by preventing the same employee from both ordering and receiving equipment. Also, such employees shouldn’t be allowed to approve the invoice for payment or allocate costs to different business units.

Second, the organization should maintain proper documentation for approvals by requiring each business unit to analyze its cell phone charges, including review of the complete original cell phone bill.

Last, companies should perform periodic audits to ensure all phone lines incurring charges are for valid employees. This kind of audit can also identify cost savings, as companies often continue to pay for unused phone lines after employees have left the company.

In that way, mitigating the risk of cell phone procurement fraud can also be a cost-saver, too.

Jesse Daves is a director of forensic accounting and fraud Investigation and Celyna Frost is a global forensics manager at BDO USA.