So this long-term Seattle Public Utilities employee stole a million by depositing checks intended for the city into his personal account. Read closely to count how controls failed–the city allowed the employee to issue invoices and accept payments directly, developers/property owners didn’t realize their checks were going to a “City of Sea” account set up by the employee in a bank whose own controls seem to have been lax. One thing fraud investigators should look for is spoofing nomenclature, bogus accounts and phantom vendors indicating that individuals may be redirecting organizational resources to themselves.