Fraud : It Could Will Happen to You

By Steve Cleland, CPA


"This is the last person I would have expected this from. They were like family to me."

In most cases, that’s the first phrase uttered when a firm discovers employee fraud. You hear about it all the time. A long-time, well-trusted employee embezzles cash over a period of years. These stories appear on a daily basis in just about every business publication. It happens in all size companies – small, medium and large. All levels of employees are doing it (even shareholders/partners). There is no gender bias, and in the majority of cases, the perpetrator has no prior criminal record. It usually starts off in small amounts and grows with increasing fearlessness. By the time it is caught, thousands(sometimes millions) of dollars are lost. For every embezzled dollar, it will take approximately three dollars in additional collected fees to replace it. Here are some real life examples:

Case 1 -- Bookkeeper. $200,000 over three years. Authorized signature forged on checks.

Case 2 -- Controller. $700,000 over five years. Controller set up “dba” companies and was filling out check requests for client costs to these companies.

Case 3 -- Associate. $50,000 over two years. Padding expense reports using false receipts.

Case 4 -- Office Services Manager. $130,000 over three years. Erroneous vendors.

Case 5 -- Controller. $6,000,000 over ten years. The Controller used “dba” companies, had payroll schemes, submitted multiple fictitious expense reports, was paying personal credit cards and was changing the payee on several checks each month to himself.

Case 6 -- – Partner. $225,000 over four years. Firm credit card charges.

This is a serious problem that is not going away. In fact, in down times such as our current economic situation, the problem only gets worse. Many business owners think “not my employees.” It’s this sort of blind trust mixed with a lack of internal controls that can get you into trouble. Your employees could be doing it right now.

What Causes Fraud?
There are three main factors that contribute to fraud: need, opportunity and rationalization. When these three factors are present, the results are predictable.

Need – Everyone could use some extra money. Clerks, bookkeepers, assistants and even very successful salespeople all feel that they could use some extra cash to help ends meet. In normal circumstances, it is a person’s integrity that prevents them from even thinking about such a deed. A “need” is normally accelerated when outside pressures are introduced. These pressures may be high personal debt, financial losses (stock market anyone?), a change in life (new baby, divorce, illness, etc.), living beyond one’s means or gambling and/or drug problems. The more pressure, the more likely an honest and loyal employee may be tempted to fill his or her need with firm assets.

Opportunity – The most obvious opportunity is a weak internal control system. Without a strong system of internal controls, the risk of errors (intentional or unintentional) going undetected is significant. Other factors that give rise to opportunity are having too much trust in employees, having one employee perform many significant duties without proper supervision and poor morale.

Rationalization – It is critical to have integrity from the top-down. Questionable behavior from management can lead to employees justifying their actions because of this behavior. Employees may not understand the business owner’s management style and may perceive moral dilemmas. Employees may be asked to do things they believe are wrong (right or wrong). For example, a client pays the same invoice twice. The bookkeeper brings it to a partner’s attention and is told not to refund it to the client. The owner is thinking that they will simply apply this to future bills while the bookkeeper is thinking that he is “keeping” the money that is not his. This is the type of rationalization that can lead to embezzlements. In some circumstances, company internal pressures can add fuel to the fraud fire. By giving the employees unreasonable (or no) performance targets, underpaying and/or overworking employees or having a difficult management style, an employee may feel justified in looking for ways of defrauding the company with or without the need.

Prevention
Taking out any one of the three elements will significantly reduce the potential for fraud. The easiest one for you to control is the element of opportunity. A well-designed and functioning internal control system is your number one defense against errors and fraud. A strong internal control system will not eliminate fraud, but will make it harder for a scheme to start and increase the chance that it will be caught. In addition, a dose of healthy skepticism about employee honesty doesn’t hurt. In a normal environment, just knowing that your firm is serious about fraud prevention and that someone is consistently watching is often enough to deter most people. The risk is too high. But, as pressure increases the need, more risk may be taken and the process could begin.

Internal Controls
There are three components of a successful internal control system. All three must be in place and functioning for the system to function effectively. They are (1) Control Environment, (2) Control Policies and Procedures, and (3) Monitoring and Adjustment.

Control Environment – The control environment is made up of a number of factors that all sum up to the company’s emphasis on control and quality. These factors include integrity and ethical values, management philosophy and operating style, structure of the company, assignment of responsibility and authority and human resources policies and procedures. Is a strong emphasis of control and quality ingrained into the culture of your company?

Control Policies and Procedures – These are the specific policies and procedures in place to prevent or detect errors. Management should assess the risk of error/fraud throughout the company and implement proper control policies and procedures as appropriate.

The areas/events that give rise to high risk in small to medium- sized companies are as follows:

  • Cash receipts
  • Cash disbursements
  • Expense reports
  • Trust accounts
  • Merging Companies
  • Confidential information
  • Client costs
  • Company credit cards

There are several policies and procedures that can be implemented in order to mitigate these risks. Many of these are easy to implement and cost very little in time and dollars.

Monitoring and Adjustment – The system of checks and balances must be monitored closely. If no one is watching, even with the strongest control environment and the best policies and procedures in place, eventually someone will figure it out and you could be hundreds of thousands of dollars in the hole before anyone detects that something is wrong. An internal control system is a live system and must be evaluated for its effectiveness and modified on an annual basis. New schemes are created every year. You must keep up to date on the latest schemes and plan to prevent them.

Warning Signs
Fraud schemes are uncovered in various ways including internal control systems, an employee tip or somebody accidentally stumbling upon it. In general, the signs are there, but someone must be paying close attention and needs to follow-up with any possible loose ends. These warning signs are normally different depending upon the type of fraud, but in general, the following are strong signs of possible fraud and should be investigated until resolution:

  • Bank reconciliations not being done on a timely basis or at all.
  • Extremely late financial reports.
  • Consistent errors in financial reporting.
  • An employee that will not take vacation.
  • An employee living beyond their means.
  • Totally hands-off management style.

Fraud is very prevalent in businesses today. If anything, small businesses can be easier targets than other businesses because of the usually “thin” administrative structure and the “trust” element. Don’t fool yourself by having a “not us” mentality. Do something now to minimize your risk before it is too late. Ensure that you have healthy skepticism, you are conscious of your employees’ situation(s), you provide help when needed, you have a strong control environment, effective policies and procedures are in place and these policies and procedures are monitored and adapted on a timely basis. You can never eliminate the risk that someone will defraud the company, but by performing the above tasks, you should be able to sleep better at night knowing that you are doing something to prevent your firm from being one of the statistics.