According to the article, Nanthan Mueller overused his position at company and caused a $8 million fraud. He worked as a manager and had power to request and approve the check. In addition, he knew everyone else’s password to the system, so he requested a check by using his colleague’s system and approved by himself. By doing that, he first paid off his credit card for several times by getting checks from “Universal” account, which stores transactions with an insurance company. Later he opened a bank account under the name of “Ace Business Consulting” and started getting checks from “Ace” account like other routine transactions.
I think there are still many Muellers out there, and it is significant to keep the financial information system under controls. First of all, FIS should have authentication controls that can restrict the access of authenticated users and limit the information and capabilities for each user. Moreover, the FIS needs more development within the system that can detect unmatched transactions automatically and avoid fake check requirements. In addition, physical safeguard is important. The same employee should not have the authentication to both request or approve the check and print the check.
http://www.journalofaccountancy.com/issues/2014/aug/fraud-20149862.html
That’s an interesting fraud case. It seems that they made a significant mistake in allowing the accounting manager to have access to the passwords of other employees. That seems like a very basic control that could have easily prevented the whole fraud from occurring. Allowing him to have the passwords stops them from creating a true separation of duties.