For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

CPE for Government Auditors

Misappropriation of Cash: Larceny & Skimming

More in the series on getting to know the fraud tree better.  To get a better sense of where we are on the fraud tree and which branch we are talking about in this newsletter,  please see the entire fraud tree at


  • Differentiate between skimming schemes
  • Differentiate between schemes to misappropriate cash

“I was a guy sitting in a courtroom making $100 million a year, and I think a juror sitting there just would have to say, “All that money? He must have done something wrong.’ I think … it’s as simple as that,” 
On 60 Minutes: Dennis Kozlawski, CEO of Tyco,
who was convicted of misappropriating more than $400m

Of the three main branches of the fraud tree (corruption, asset misappropriation, and fraudulent statements), asset misappropriation has the largest number of categories or sub-branches.   Please notice that assets include not only cash (my favorite asset!) but also inventory and equipment, which will be covered in a later chapter. Let’s begin with the beautiful green stuff.

Cash can be taken from an organization at one of three moments:
1.    When the cash is received,
2.    When cash is hanging around ‘on hand,’ and
3.    When the cash is disbursed.

You will often hear about the theft of cash using two terms: larceny and skimming. The difference is in the timing: larceny is the theft of cash that the organization has already accounted for, and skimming is the stealing of money before the organization has the opportunity to account for it.

A third way to take cash is through fraudulent disbursements. Because of the multitude of ways to take money in this manner, we will cover fraudulent disbursements in a later chapter.


When someone commits cash larceny, the fraudster steals cash from an organization after it has been recorded on the organization’s books and records.

Of Cash on Hand 

Larceny of cash occurs at cash registers or other cash collection points, the mailroom, or from deposits in transit.

One of my clients, a large hospital, instructs its medical clinic clerks to take their cash proceeds to the bank each day before they go home. So, nearly a dozen clerks board a downtown bus with a bag of cash and take it to the bank!  What an opportunity for larceny!

Cash larceny is detectable if the accounting records are properly maintained and analyzed and will become apparent during cash register or bank account reconciliations.

From the Deposit 

I found several juicy examples of seemingly harmless government clerks quietly taking thousands…

Courthouse accounting clerk steals $12,000 a week
Marie Morey, a 38-year-old single mother of two worked in the probation department of a Massachusetts court.  She employed a host of complex accounting maneuvers to pocket some $12,000 a week for three years and left amid sharp questioning from suspicious auditors.

Morey, the only person in the department authorized to change entries in the court’s accounting system, used her position to manipulate the records and bank deposits to cover her tracks.

Morey is also accused of pilfering courthouse fees paid in cash and then submitting falsified money orders to mask the theft.  It is believed that she pocketed cash and substituted money orders to make it look like the proper amount of money was deposited. 1

Mayor’s assistant colludes with payroll clerk to steal $370,000

Dorothy Triplett, a payroll clerk in Washington Park Village, Illinois, was sentenced to 18 months in prison for stealing over $143,000 and colluding with the mayor’s assistant to steal $370,000.  Triplet had access to the village’s financial information. Court documents show that money was transferred to various accounts under Triplett’s name several times a month, and sometimes up to three times a day. The transfers ranged from $200 to $5,825.98.  2

Have you heard about the administrators of Bell, California  who fraudulently collected excessive taxes from citizens and then awarded themselves huge bonuses and raises? Here is an excerpt from a report by the State of California Controller 3:


The City of Bell is located in Los Angeles County, California. The population was 36,664 in the 2000 census. At 2.5 square miles, it is 13th among the 25 geographically smallest cities in the United States with a population of at least 25,000.

City residents voted to become a charter city in a special municipal election on November 29, 2005. Fewer than 400 residents, representing approximately 1.1% of the city’s total population, turned out for the special election. The charter provided more autonomy to city management and exempted the city from needing to follow state contracting procedures or complying with a state law that limits council members’ salaries.

News media reports in July 2010 revealed that some City of Bell administrators and council members were receiving disproportionately high salaries.

Many Bell citizens became outraged and called for the suspension of the salaries of these officials, and later, the resignation of several council and staff members. On July 23, 2010, some administrative officers resigned their positions with the city, while the mayor and the city council continued to govern the city until September 21, 2010, when the mayor and three of four Bell City Council members were indicted on felony charges.

On July 24, 2010, the Bell City Council hired Pedro Carrillo, a partner of Urban & Associates, Inc., as the Interim CAO. The newly-appointed interim CAO requested that the SCO audit the City of Bell. In response to this request, the SCO agreed to perform a series of audits including one to review the expenditures of state and federal funding the city received.

For accountability and transparency, it should be noted that the issues identified in this audit report also exist in payments made to the interim CAO’s firm, Urban & Associates, Inc. From August 25, 2008, to June 28, 2010, the city made payments totaling $222,000 to Urban & Associates, Inc. based on approval by the former CAO. Despite making repeated requests, neither city staff nor the interim CAO could provide the SCO auditors with a valid contract to identify the scope of services to be performed by Urban & Associates, Inc. and conditions and terms of payment. We reviewed Bell City Council minutes and city resolutions and found no evidence suggesting that the Bell City Council had approved a contract for Urban & Associates, Inc.


Under the former CAO, the City of Bell management ignored and circumvented internal controls and the Bell City Council failed to exercise proper oversight governing the city’s procurement activities. For the period of July 1, 2008, through August 31, 2010, the City of Bell reported total state and federal expenditures (excluding Fund 04–Gas Tax Fund) for contracts and purchases in the amount of $2,356,018. Of this amount, we reviewed $1,944,085 (82.52%) and determined that $710,459 was questionable. The questioned amount represents 36.54% of the total amount reviewed. We question the payments because they were made without a valid contract or outside the scope of the contract. In addition, none of the goods or services was procured through competitive bids.

In previously issued SCO reports, we found evidence suggesting that the former CAO may have used public funds for personal gain. The fact that the former CAO was able to select vendors without proper approval and without competitive bid raises serious questions about possible conflicts of interest, favoritism, and other improprieties.


In a skimming fraud, cash is stolen from an organization before it is recorded on the organization’s books and records. So skimming must take place as the cash is received before the accounting system captures it.

Skimming is an off the books type of fraud, as it is never recorded. Obviously, skimming is more difficult to detect than larceny because there is no direct audit trail. Employees who deal directly with customers and handle customer payments often have an opportunity to skim.

The skimming section of the fraud tree has three categories:

1.    Skimming from sales
2.    Skimming from receivables
3.    Skimming from refunds

Skimming from Sales 

Cash businesses are more prone to skimming than businesses paid by check, credit card, or electronic transfers. But businesses receiving checks can be affected by skimming as well; checks that are stolen can be deposited in false company accounts that have a similar name but belong to the thief, not the company.

Under skimming from sales, the tree is further divided into:

1.    Skimming from unrecorded sales: the fraudster puts cash into their pocket and does not properly ring up the sale.
2.    Skimming by understating sales: the customer pays full price, and then the fraudster enters a discounted sale in the accounting records.

Unrecorded Sales

In this scenario, a sale never makes it into the books at all, as opposed to an understated sale, where the sale is recorded, just not at full price.

One summer when I was in college I worked in an art gallery in Houston.  My mother was one of a handful of salesmen, and I helped with inventory, data entry, filing, and accounts payable. The owners of the gallery were siblings, although the sister owned the majority interest and reminded her brother of this frequently!  He was, as you can imagine, a disgruntled partner.

Many pieces of art, mostly lithographs, oils, and prints, were let on ‘consignment’ to designers who would show them to their clients but keep them for as long as they needed. Some pieces of art never came back as some designers disappeared or moved without returning the art.  And some of the art got damaged during framing or transport.  The brother had a half-baked system for tracking this inventory. Of course, he benefited from this poor excuse of a system; he pocketed cash sales while his sister wasn’t looking.

One of our customers was a gentleman who worked for Chili’s, which was growing fast and building restaurants throughout the southwest.  This man’s job was to find art and other weird appropriate artifacts to populate the walls of the restaurants. He purchased in cash hundreds of southwestern prints from the gallery.  The brother pocketed the cash, and that was the last anyone said about it.  I was only 19, but that didn’t look kosher!

One day, I got bored and needed to get up from my desk, so I took it upon myself to straighten out the inventory, put new plastic sleeves and backing on some pieces, and alphabetically organize the art.  I wanted a record of what they had, once and for all! The brother didn’t like that!  He found me something else to do in the framing department until my tenure was over.

Not the lunch lady in the hair net!
Even sweet old lunch ladies can be tempted to skim.  The former bookkeeper of the Concord School District in New Hampshire stole between $300 and $400 from the lunch program every day for seven years. By the time she was indicted she’d stolen $418,876!  That is a lot of milk!

During the bookkeeper’s nine years with the school lunch program, she was responsible for counting the roughly $5,000 students spent each day in the district’s cafeterias. She was the only district employee who handled deposit slips.   4

A little vending machine money can go a long way!
During his four years as manager of a recreation center in Michigan, Scott Muir kept the profits from the two vending machines at the center.  He initially forwarded the profits to the city treasurer’s office a few times, but then stopped because no one was double-checking his work.  He embezzled $40,000 before he was caught.  5

$300,000 from utility payments
A former cashier with Colorado Springs Utilities pleaded guilty to stealing more than $300,000 over a nearly four-year period.  Donna Inzer, 69, took money from utility payments and then altered the daily balances so the thefts wouldn’t be detected when deposits were made.   6

And taking money from children… Shame, shame, shame!
William Snyder, 48, and Kevin Beaver, 43, formed REMAX Classic in 2005 and collected donations for the Children’s Miracle Network. They continued to collect donations from 2006 to 2009 but didn’t give the money to the charity. When the theft was discovered in late 2009, they gave $52,000 to the charity. The men were accused of stealing from charity, people with disabilities, a bank, a school and the tobacco tax fund. Beaver pleaded guilty to theft and was sentenced to five years of probation.7

Bogus charity
That case reminds me of an ex-brother-in-law who set up gum and candy machines in gas stations and mechanic’s garages that had a big sign at the top saying that the money was going to a bogus charity that sounded very much like a true, well known charity – the title of the charity was just off by one word!  And my ex-brother-in-law, who had a problem with cocaine, collected and pocketed the money and had the audacity to brag about it at a Passover dinner!  Amazing.  Drugs do indeed make you crazy.

3-10-2A-2 Understated Sales

While most skimming is done via unrecorded sales, it can also be done via under-recorded sales. A skimmer sells 10 widgets at $100 each, but records 8 at $100 each and pockets the $200. Or he could record 10 sold, but at $80 each, and achieve the same result.

Scale manipulation
A scale house operator figured out how to manipulate scales at a paper mill and share the proceeds with truck drivers. Aaron Freeman, an employee of Temple-Inland in Rome, Georgia manipulated the scale house computer system to produce two weight readings when a single truck passed through the paper mill’s scale: a reading for the weight of the timber actually delivered, and a second reading for a phantom load.  Freeman then recruited drivers to take credit for the phantom loads, and the drivers shared their $4.8 million in payments with Freeman.  8

Skimming from Receivables 

Skimming doesn’t only happen in face-to-face sales situations. It can also occur in the mailroom.  If the fraudster is creative, he can figure out a way to deposit checks intended to cover receivables.

One $27,000 check triggers 14th arrest
Lisa Michelle Darden stole a Georgia Department of Revenue check while working in the state-processing center, which handles tax refunds, returns, and payments.

Investigators said they found that she had a lengthy criminal record and should never have been working there in the first place.  Investigative TV reporter, Jodie Fleisher, found that she had been arrested more than a dozen times in the past 15 years.  The Department did not conduct a background check as she was brought in by a temp agency. 9

Under receivables skimming, you will find two categories on the tree: write-off schemes and lapping.

Write-off Schemes

VanDyke Walker, an accounts receivable specialist for the Hartsfield-Jackson International Airport in Atlanta, embezzled at least $235,000 of city revenue over a six-year period. Walker was responsible for receiving $40 to $50 payments for badges, fingerprinting, and vehicle permits collected by the security division from employees who need access to the airport. The findings came after an internal audit started in March 2009 found “numerous irregularities.”  Walker threw away his copy of reconciliation reports and rewrote them in order to facilitate the scheme. 10

Lapping Schemes

Lapping is a complicated ongoing fraud usually perpetrated by an employee who has custody of cash and check payments plus responsibility for accounts receivable recordkeeping. The fraudster receives a payment to a legitimate customer’s account receivable and pockets it for himself. To cover this up, the fraudster replaces the stolen amount at a later date using receipts from another customer. This is repeated over and over and over again.

Former Hospital Secretary Indicted in Connection with Allegedly Stealing Over $200,000 in Check-Lapping Scheme 11

A former administrative assistant at Beverly Hospital has been indicted in connection with stealing hundreds of thousands of dollars from Sodexo, Inc., a hospital vendor, in a scheme where she took cash from the hospital’s cafeteria and other sources and fraudulently changed accounting system entries to cover her theft, Attorney General Martha Coakley’s office announced today.

Diane Thistle, age 63, of Beverly, was indicted by an Essex County Grand Jury on charges of Larceny over $250 and Making False Entries in Corporate Books.

In April 2010, the Attorney General’s Office began an investigation into Thistle’s alleged activities after the matter had been referred by Beverly Hospital and one of the hospital’s vendors, Sodexo, Inc. Thistle was an administrative assistant at Beverly Hospital for over 14 years, and one of her duties was to oversee the processing of checks and cash generated by the food services division. She was supposed to collect cash that came in from the cafeteria and checks that came in from catering jobs. In the spring of 2009, the hospital decided to stop using Sodexo to manage its food services and the two parties began the process of settling their account. Sodexo’s records showed that invoices to the hospital totaling hundreds of thousands of dollars remained open. The hospital’s records, however, showed that those invoices had been paid in full. After this discovery, Sodexo immediately initiated an audit of the account.

Authorities allege that Thistle stole money from the account using a “check-lapping” scheme. Investigators discovered that Thistle allegedly stole cash that came to her from the cafeteria revenue and then replaced the stolen cash with older checks that the hospital intended as payment for catering. When the amounts did not perfectly match, Thistle would insert her own personal checks into the deposit to balance the amounts. When the hospital paid Sodexo, Thistle received the check and arranged for its deposit into the vendor’s food services bank account. Thistle would then access Sodexo’s cafeteria records and fraudulently change the entry for that day’s cash intake. She allegedly entered a new amount that equaled the catering invoice. Thistle would then pocket some or all of the cafeteria cash, but deposit the hospital’s catering check as if it were the cafeteria cash.

As a result, Beverly Hospital’s records would show it had paid its catering bill, while Sodexo’s records would falsely show that the deposit was for cafeteria revenue. At some later point, Thistle would pay the open catering invoice with an older catering check from the hospital, and use her own personal checks to balance the amounts if necessary.  Authorities allege that between 2005 and 2009, Thistle stole over $200,000 from Sodexo and used those funds for her own personal use.

An Essex County Grand Jury returned indictments against Thistle yesterday.  She is scheduled to be arraigned in Essex Superior Court in Salem on July 22, 2010.

The case is being prosecuted by Assistant Attorneys General Marc Jones and David Waterfall, both of Attorney General Coakley’s Corruption and Fraud Division, and was investigated by financial investigators Davin Lee and Jessie Dean and members of the Massachusetts State Police.  Beverly Hospital and Sodexo, Inc. cooperated fully with the Attorney General’s investigation.


Unfortunately, I haven’t found a true-life example of skimming from funds.  But when the register is open to give a customer a refund, the fraudster can alter the records and take a little cash.  Where there is a will, there is a way! If you have a story, please share it with me at

Peter Schworm and John Ellement. ”Clerk held in sophisticated $2m theft.” The Boston Globe.  December 4, 2009.2 KSDK. “Former Washington Park payroll clerk sentenced to prison for theft from village.” Web. March 20, 2009.3 John Chiang. State of California. Office of the Controller. City of Bell Audit Report: State and Federal Expenditures: July 1, 2008 through August 31, 2010. Report. Press Release. November 2010.

4 Meg Heckman. “Lunch money embezzlement to end in deal.” Concord Monitor. September 16, 2008.

5 Francesca Chilargi. “Former city manager take plea deal in skimming scheme.” The News Herald [Southgate, MI]. August 27, 2009.

6 Associated Press. “Former Springs utilities cashier admits embezzlement.” Web. May 8, 2008.

7 Donna J. Miller. “Men accused of stealing from charity, people with disabilities, a bank, a school and the tobacco tax fund: Court Watch.” Web. December 14, 2010.

8 Georgia State. Department of Justice. Final Three Defendants Sentenced to Federal Prison for “Phantom” Timber Scheme. Web. February 2011.

9 Jodie Fleisher. “Woman Accused Of Stealing $27K Check.” [Atlanta]. Web. January 20, 2010.

10 “Airport worker accused of theft. Report says man stole $235,000 of city funds over six years.” Atlanta Journal Constitution. A11. September 3, 2009.

11 Commonwealth of Massachusetts. Attorney General’s Office. Former Hospital Secretary Indicted in Connection with Allegedly Stealing Over $200,000 in Check-Lapping Scheme. Coakley, Martha. Press release. Salem: Commonwealth of Massachusetts. July 1, 2010.

Registering for this Webinar - How it works
  1. When you’re ready to register, select the “Register Now” button (at the top-right or bottom-left of this page).
  2. You’ll be taken directly to the secure website of our webinar-distribution partner:  CPA Crossings
  3. Fill out the “Register Online” section of the CPA Crossings page (near the bottom) and then select “Add to Cart”
  4. (Note:  If you want to register multiple attendees on the same purchase, just re-select the webinar and do a separate “Add to Cart” for each, as required.)
  5. After checking out, look for your notification and registration info via email – and mark your calendar to attend the webinar!
Stay Up-To-Date

Sign up here to have the lastest from delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

* indicates required

Stay Up-To-Date

Sign up here to have the latest from delivered right to your inbox.

Just provide your name and email information below, and as an introductory “Thank You”, you’ll be able to view and download a free copy of our Audit Objectives whitepaper.

[newsletters_subscribe list="20"]



Lost your password?