Here we go again!
Gary Stephens worked in the IT dept at Baylor Hospital in Dallas. This is a huge medical complex.
No doubt the budget runs to the hundreds of millions each year. Click for the story, it is a good one.
Gary created a fake company, submitted fake invoices, got the checks printed, picked them up and had his 59 yr old mother deposit them. So far so good. Take a relatively small amount over time, less than material in each billing, and perhaps you will not be noticed.
So how did he get caught? You gotta love it. Seems a Dallas County Commissioner bought a Bentley Continental GT trading in his Aston Martin (hey this is Dallas). Seems there were problems with the title, and Gary had traded or sold the Bentley to the dealership. Whoops, someone got to checking and gee what is an IT employee at Baylor doing with a Bentley.
A classic problem in any movie dealing with theft, is that some foolish crook wants to spend the money now. This of course is always a mistake and leads to suspicions. Had Gary and Mom quietly left for another country, preferably one without an extradition agreement, this might have worked. Although these days that is not enough money to live forever somewhere else.....
But would your audit program or internal controls have detected that invoice among the thousands that Baylor receives? Clearly Internal Controls were at fault as one person was able to submit, get approval, and a signature on the check, and picked up the check, all violations of a proper IC procedure.
The point is that inside crime is always perpetrated by someone who knows the system. The fact that all the work is on the computer will make discovering such stunts more difficult in the future.