28 Aug Employee Theft and Fraud: How Did That Happen?!?
That’s a question no company wants to ask. To avoid having to ask that question, most businesses—small, large and in-between—have policies, procedures and internal controls designed to deter and detect employee fraud. Your company, no doubt, has policies and procedures to make sure your employees properly record income and expenses, don’t keep a double set of books, don’t skim, properly record inventory and otherwise promote and protect the interests of the company. You watch your inventory to make sure it doesn’t mysteriously walk out the back door; you have expense account procedures; you make sure your vendors don’t bribe employees to order more than necessary. You probably have other controls as well, because you know you need them.
You may have also seen the statistics that most business fraud (up to 60%) is perpetrated by long-time senior executives, and that total business fraud losses in this Country are estimated in the hundreds of billions of dollars, that’s right, billions per year! Indeed, if you run a small company, you may already know that average losses in companies like yours are approximately $200,000 per incident.
You know—just about every businessperson knows—there’s a big problem out there. No one wants to have to ask how and why that embezzlement or fraud happened, right? So why do hundreds of billions of dollars walk out the door of American businesses—in the pockets of crooked employees and executives—every year?
Permit me to offer three observations that might help you avoid having to ask that dreaded question:
1. FRAUD OCCURS IN THE PRESENCE OF CONTROLS–NOT IN THEIR ABSENCE
Don’t fall into the trap of thinking that just because you have lots of good controls, policies and procedures you don’t have to worry anymore about employee fraud. You do. Combating employee fraud, like publishing an Employee Handbook, is not something you can check off a “To-Do List” and forget about. And remember the statistic from above: don’t focus your controls only on low-level employee pilfering; senior executives cause much more damage.
An employee or executive with larceny in his/her heart will view controls as an obstacle to be overcome. Because of that, your fraud controls must be dynamic. They must be tested, reviewed and updated on a regular basis, preferably by someone other than the person who came up with them and is charged with implementing them. Use a fresh set of eyes. Every periodic review must ask questions like: Are exceptions to the controls being allowed? How many? What kind of exceptions? Is there a pattern as to who is making the exceptions and who is benefiting from the exceptions? Are some supervisors being given some extra latitude because they are trustworthy, strong managers and the controls only slow them down? Are some managers acquiring more authority such that there is less review by others of what they are doing? Remember, there’s nothing wrong with exceptions to policies because rigidity can defeat the whole purpose of what you’re trying to accomplish. But also remember, exceptions beget exceptions, and beget more exceptions and that’s why consistent, periodic and objective review is necessary. The questions you need to ask about your controls will vary from business to business, so don’t evaluate your business controls on a template designed for some other organization. And don’t just ask the managers these questions; ask the lower level employees whom the managers supervise.
A recent case illustrates how controls can fail. A long-time CFO of a small consumer products company in California managed to acquire more and more authority beyond her original duties. Because the company was a wholly-owned subsidiary of another Ohio-based company, the CFO was the senior-most administrative employee on site and reported to her distant supervisors in Ohio. (Geographic dispersion of operations can also stress your controls.) The CFO was a strong manager and, given the distance separating her from her supervisors, slowly accumulated more authority, expanding her reach to Human Resources, and inventory control. Because it was just “easier” for her remote bosses, she also increased her single check-signing authority from $5000 to $50,000 over the course of several years. Given her control of the books, the inventory, and her check writing authority, she was able over the course of six or seven years to drain almost $1,500,000 from the company. During that time, a new bookkeeping system was implemented, but there was no review of the existing internal controls to make sure they were effective for that new system. That gap between the old controls and the new bookkeeping system helped the CFO further exploit her position and get away with her embezzlement for so long. She wasn’t caught until other employees accidentally stumbled onto suspicious company checks the CFO was writing to cover her personal credit cards bills.
Once exposed, of course, the CFO was fired, sued for the losses and eventually prosecuted and imprisoned. Ultimately, a judgment was secured against her and some of her personal assets were liened or sold, but the company will never be made whole. Indeed, in most of these cases, it is rare to recover much, if anything, from the fraudster employee/executive other than the satisfaction of seeing them criminally prosecuted. The CFO was a classic case of a strong manager accumulating more and more authority horizontally across the corporate structure. Her strength as a manager helped senior management accept her explanations for why certain things just weren’t quite right, especially related to inventory discrepancies that should have set off alarms. After all, she was a long-time member of the team and everyone trusted her.
2. TONE AT THE TOP CAN HELP COMBAT FRAUD THROUGHOUT THE COMPANY
OK, so you promise not to be too lax or too rigid in implementing and maintaining fraud controls. That’s fine, but there are still traps to avoid. Sometimes, companies get rigid in another way and defeat the benefit of fraud controls by becoming paranoid and suspicious. That’s the opposite of what a company should do. Don’t suspect everyone, but do make sure that everyone, from the president to the lowest paid clerk, follows the policies and procedures that are in place. “Tone at the Top” is an overused phrase, but when employees see their bosses and supervisors rigorously following the same procedures they have to follow, there’s more “buy in” to the company’s program. Employees, all of us, have a well-developed sense of right/wrong and fairness, and if they see a supervisor, or even the president, not following company policies, or too frequently benefiting from exceptions to the rules, they see little need to follow them either.
Here’s an example of how the wrong “tone at the top” can hurt a company. This company distributed building supplies throughout the country. Over the years, the company president created a bad “tone” and set the stage for a vendor to exploit lax inventory controls and grossly overcharge the company for supplies and services it never received. The vendor and president were long-time friends and the vendor had a history of receiving “favors” from the president, including being allowed to short cut certain procedures required of other vendors. When the scam was finally discovered by a new junior manager (after the president left the company) many employees told investigators that they had long suspected something wasn’t right, but “that’s the way it was always done” between the vendor and the president and frankly, they didn’t want to question something they understood the president condoned. The vendor got away with close to a million dollars over the years and efforts to recover some of that money continue.
The California CFO discussed above provides an example of how a company could have benefited from a hotline. The CFO’s scam could have been discovered 5-6 months before it was given the growing suspicions of some of the office staff who reported directly to the CFO. They kept their mouths shut, however, because they feared retaliation from the CFO if they expressed any doubts either to her directly or contacted her bosses. An anonymous hotline could have avoided that delay. It wasn’t until the office staff found the suspicious checks and had a “smoking gun” that they got up the nerve to call the bosses in Ohio. By then scores of thousands more dollars were lost.
3. ASSUME NOTHING! YOU MUST PREVENT AND DETECT FRAUD
Don’t assume your controls will prevent all employee fraud. Trying to prevent every fraud is a “fool’s errand” anyway because it won’t work, and will lead you into the rigidity and paranoia traps. Actually, many of the prevention techniques mentioned above (training, tone at the top, review and updating of policies) are all important in helping to detect ongoing fraud. Whistleblower hotlines are easy to implement and very cost effective. Another common sense, but sometimes forgotten measure (witness the California CFO) is to insure that managers, at whatever level, do not accumulate extra (and usually unnecessary) authority either vertically or horizontally in the corporate structure. Employing one person in two or three job functions may save some money in the short run but lose it in the long run.
Our reliance on computers has added new challenges and opportunities for businesses to consider. All company personnel must be told that their computers are company property and are subject to review and monitoring. (Make sure you get the advice of counsel on this issue because there are some privacy concerns that still need to be considered.) Privacy issues aside, however, the fact that computers now contain virtually all of a company’s financial and inventory transactions and records, makes it easier to spot trends and patterns that can help detect fraud in ways that manual analysis of paper records might have missed. Whether such a review/analysis is done by someone sitting at a terminal and reviewing the records, or by some dedicated review program on another computer, red flags can be more easily discovered and investigated in today’s environment.
Unfortunately, now that laptops and tablets are common in the business place, one of the 20th Century’s tried-and-true employee fraud detection techniques has been undermined. There was a time when many companies (certainly banks) made all employees take a vacation of at least one week’s duration. Many frauds were detected when another (honest) employee was doing the fraudster’s job. Today, however, many companies expect their employees and executives to take their laptops with them on vacation so they can remain “connected”. Consider again our CFO friend in California. She took her vacations (with the boyfriend she was spending a lot of the embezzled funds on) but she never really left the office because she always had her laptop and controlled everything remotely. That gave her the control and access she needed to maintain her scheme. Whether it’s practical to require employees and executives to really take a vacation and leave their laptops behind is a risk/benefit decision each company must make for itself.
There are certainly other ways to detect and prevent fraud and I’m sure you can come up with some beyond what is discussed here. And that’s the whole point of this little article. You have to think about employee/executive fraud in terms that fit your company’s situation. Trade associations are a useful resource with industry-specific ideas. Being conscious of the problem and continually working on it is half the battle.
It’s worth some effort and creative thinking to help you avoid having to ask the question: “How did that happen and why didn’t I discover it sooner?”
Currents is intended to be educational only. It is designed to provide our clients and friends with the discussion of current topics and legal authorities as applied to those topics. Currents is not intended to constitute legal advice or provide any opinion about the application of such legal authorities to a particular circumstance, set of facts or situation. In addition, that you have received transmission of Currents does not create any relationship of attorney and client between Clark & Trevithick, PLC and you.
Clark & Trevithick, PLC is a full service law firm representing clients throughout California and western states for more than three decades. Our practice includes specialization in federal and state taxation law and tax reporting compliance, as well as estate planning for owners of closely-held businesses and other high net worth individuals. We also counsel on the sale of closely-held businesses. We develop methods for transferring wealth to surviving spouses and descendants by the most efficient and tax-advantaged methods available. Our practice profile also includes corporate, real estate, litigation, creditors’ rights and remedies and employment law matters.
CIRCULAR 230 DISCLOSURE
TO COMPLY WITH INTERNAL REVENUE SERVICE REQUIREMENTS, PLEASE BE ADVISED THAT ANY TAX ADVICE CONTAINED IN THIS EDITION OF CURRENTS IS NOT INTENDED OR WRITTEN TO BE USED, AND CANNOT BE USED, BY THE RECIPIENT TO AVOID ANY FEDERAL TAX PENALTY THAT MAY BE IMPOSED UPON THE RECIPIENT, OR TO PROMOTE, MARKET OR RECOMMEND TO ANY OTHER PERSON OR ENTITY, ANY REFERENCED ENTITY, INVESTMENT PLAN OR ARRANGEMENT. FOR MORE INFORMATION, PLEASE GO TO WWW.CLARKTREV.COM.