
No SOX controls? Cisco didn't notice
I thought most of my ex employers purchasing systems were archaic but I'm pretty sure most of them would have noticed if a few million quid worth of kit was ordered or not returned.
A former Verizon network engineer is beginning a four-year jail term after being sentenced for scamming Cisco and Verizon out of millions of dollars worth of kit and fencing it through the reseller community. For nearly a decade, Michael Baxter, 62, used his position at Verizon to order processors, cards, and other networking …
I assume you mean the 404 section components. In which case probably not. Auditing is usually hived out to the likes of PW, who generally give the judgery to recent graduates, who are probably as bored as the people who feed them the mountains of paperwork. Loads of room for "entrepreneurs" to get their oar in.
tits-up, aye?
This will teach a lot of companies to match purchases and RMA activity and assets to ROLES and PERSONS, and conduct inbound/outbound audits far more frequently. Cross reference EVERYthing right down to the PO, site, counterpart part or assembly, and people involved. If any one memnber is in on a scam, others involved might be sussed out, too.
I would guess a major telco like Verizon would have a Molybdenum Tier Service Contract with Cisco that does advance shipment of replacements. We're a small engineering lab for a major corp and can buy contracts from HP and IBM which would let us "own, but not have to buy" a fully stocked spares pool onsite for our servers if we wanted to. But I can't see even the biggest of a vendor's customers having a service agreement that let them keep, or at least not account for, defective parts. The only explanation would be that Verizon buys such a massive volume of equipment from Cisco that the tracking and returning costs outweigh what is spent...but when you're talking things like $10K switch cards, I can't see Cisco not caring whether they are actually replacing failed kit or not. So, I really wonder what the loophole was; it had to be something like this guy being able to sign an affidavit saying that the equipment wasn't serviceable, and Cisco would accept that.
More importantly, I don't know anything about this guy and his state of mind, but this goes to show you that people will look to find the holes in any process and exploit them for their own gain. I've always been an honest person, but I can see how people get tempted. Especially so, if this guy's girlfriend was the type who needed to be placated with rounds of cosmetic surgery on top of all the other stuff! [1]
I've been in a lot of similar situations, where I've found myself in charge of a process with massive potential for abuse. And I admit, you do think to yourself, "Wow, I could take thousands worth of equipment and service using this loophole, and no one would never know." This case does provide people like me with some vindication...that some auditor, some forensic accountant, somewhere, will eventually find these things out and start digging. Nice guys may finish last, but at least I won't be going to jail like this guy. :-) You may think you're smart, but up against someone whose sole job is to make the books balance, you're playing with fire.
And it's too bad that people like this often cause massive walls of paperwork and bureaucracy to be erected around the process for buying equipment.
[1] Why, oh why, does the IT community constantly reinforce the "Married IT people only have mail order brides and trophy wives" stereotype?? Seriously, some of us are normals with normal family lives.
First off, it is well known that Cisco is the purveyor of some seriously over priced shit; so, while the retail price may be in the stratosphere, the cost to make the good may not be.
For an item with excessive markup, it may not be cost feasible to process a return.
But, then again, one can now begin to understand where some of that "cheap" Cisco kit comes from.
I must ask, did this seller give a "5 finger" discount???
the bigger the heist the less the time served, although in recent years with the likes of Madoff and such that has been less true, but usually million dollar fraudy type cases for companies have led to little porridge for the perps.
It reminds me of a supposed scam that went down at British Airways a number of years back, a few supervisors decided to get together and sell off an APU to another airline, they had the credentials to "hide" it and move it about the place, so it would "never" be found and bobs yer uncle a few hundred grand each to go round nice and tidy..
That was until the buyer had to get the darn thing serviced and overhauled and some barcode scanning later this thing shows back up at BA engineering, apparently the serial still said it was registered to BA so it was sent there... and another airline was claiming it was theirs.... oops,. investigation and some digging later and the parties were fired and a couple got a few months in the clink... didn't have to pay back the (already spent) money though... BA just quietly changed their procedure a bit and washed the egg of their face...
that's the story anyway...
This is like the guy that steals a million dollars and gets a year in jail. I know a lot of people who would tolerate a year in jail for a million dollars tax free. Hell unscrupulous lawyers have done this and been released after six months for time served.
This guy got off real easy IMO.
I've seen exactly the same scam run in several different companies over the years - the details vary but you would be surprised how easy it is to find the holes in the accounting and procurement structures when you know where to look. And if you do find them and report them to the bosses - they are never interested. So long as the bosses are getting their bonuses why should they care?