I decided the way to prove what was happening was with detailed audit reports, which the system was capable of generating but had been taken off the customizable menus. I modified the code so that the reports printed to disk and ran silently. They included serial numbers and the date, time, and name of the person logged into the computers when data was entered and transferred.
I told my boss about the rig. He went to see the president of the client's company and explained our plan. The clerk had told him that getting such detailed reports was impossible -- that the system could not do it. The president was skeptical at first, but my boss showed him a sample audit report taken from his own system, and his view changed.
I returned the next Friday after hours, collected the week's data from the disks, printed out the audit reports, and turned them in to the president. The next Monday we got the call.
That morning the president and office manager had greeted the clerk when she came into the building, ushered her into his office, and presented her with the audit reports. She looked them over, got up, and without another word collected her things and left the building.
The scam worked by "losing" items in the accounting system, while those same items moved off the back dock into the hands of customers who also made legitimate purchases. The packing lists sent to the dock went into the hands of the customer, with serial numbers, but the electronic copy was erased by the clerk and the data rolled back to a place where it seemed those items were never sold.
They had the locks changed. Then they called the company where she had worked before and told the HR director what had happened. "Why weren't we warned?" they asked. Off the record, they were told, there had been an accounting problem and money had gone missing. They felt they couldn't prove anything, so no criminal charges had been filed against her.
As it turned out, the clerk had not thoroughly erased all the data. I was able to produce a custom report showing which customers had received which serial numbers. The client was surprised and pleased.
A month later we got a follow-up call from the president of the company: We were getting paid for all the hours we'd spent investigating what ultimately was their personnel problem -- previously they had only agreed to half the hours billed. The clerk was in police custody, and the culprit customers had agreed to return the stolen items or pay for them at above market rates to avoid criminal prosecution. One of them had denied everything, but a warrant had been obtained, and the search turned up stolen items. The police had found other stolen items and that investigation was still going on.
I still hated computers. I still hated accounting. But when the two were put together I discovered that I did love helping people with computerized accounting. Although I haven't engineered another sting operation quite like this one, I haven't look back.
Do you have a tech story to share? Send it to firstname.lastname@example.org, and if we publish it, you'll receive a $50 American Express gift cheque.
This story, "CSI IT: The inventory sting," was originally published at InfoWorld.com. Read more crazy-but-true stories in the anonymous Off the Record blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.