Fraud examiners should always look for a "straight line" from the initiator of a cash disbursement transaction to the accounts payable function to the check distribution process. An irregular practice is indicated when a "U-turn" rather than a "straight line" occurs, i.e., when a transaction goes from its initiator to the accounts payable function and then back to the transaction initiator without passing through the normal check distribution process. The compromise occurs when the initiator of a cash disbursement transaction (an employee with transaction input responsibilities) convinces an employee in the accounts payable function to return the check to him or her rather than sending it through a normal distribution system, such as the mail or electronics fund transfer. When the initiator receives the returned check, he or she now has both input and output responsibilities. He or she can then easily cash the check for his or her own use. The author summarizes five cases he examined in the last few years that involved the subtle compromise of internal controls in the accounts payable system. The cases involved at least one of the following security lapses: lack of segregation of duties, employees with too many duties, the use of Post-it Notes to ask accounts payable employees to return the checks to the initiator after issuance, and corrupt transactions between employees and outside vendors. Recommendations for addressing some of these problems are to review computer access controls; ensure that compromises of the accounts payable systems are documented on exception records; ensure that transactions that involve one-time payments out of normal practice are documented in an exception report; closely monitor all cash disbursements transactions initiated by anyone working in the accounts payable function; and examine similar vendor contracts in which the transaction analyses or analytical review procedures suggest high, increasing, or unusual volumes with specific vendors.