How are your internal controls over the issuance of company credit cards? Does it rest with a single company employee or are there approvals required by someone higher up in the organization. We're reminded to consider these questions after learning of a scheme within the Drug Enforcement Agency (DEA) where an employee had too much power and authority over the approval and issuance of credit cards to DEA employees and abused it.
According to a plea agreement, the DEA employee was a program manager and responsible for the approval and issuance of government credit cards to DEA employees. She admitted that while serving in that position, she submitted dozens of fake credit card applications for fictitious DEA employees, using names and identifying information of individuals who did not work at the DEA. Through this scheme, she obtained at least 32 fraudulent credit cards which she then used to withdraw more than $113 thousand from ATMs. What was she thinking? The chances of getting caught is likely to be 100%. The common denominator of these credit card bills, the phony employees and the approval thereof points right back to the DEA employee.
The (former) employee will now serve two years in prison and must repay the $113 thousand. (Something tells us there was a lot more money involved than just what the Government happened to catch). You can read more about the case here.
This was not a very sophisticated fraud scheme but if the DEA had instituted even the most rudimentary internal controls, it should never have happened. How about verifying the application to a current listing of employees? How about verifying that the employee needed the card? How about a supervisor approving his/her subordinate's need for a card. Nothing fancy, just some common sense controls.