It takes years for an owner to build a business, but only a few weeks for an unscrupulous employee to destroy all of that hard work by committing multiple acts of fraud. Approximately 75 percent of employees have stolen from their companies at least once over the course of their careers, according to the International Foundation for Protection Officers, and about half of those offenders will steal again.
The risk is greatest in small to mid-size companies with limited staff, where one person is solely responsible for processing financial transactions and signing checks.
“Executives are asking for trouble if they don’t background check prospective employees or segregate financial transactions because the accumulated losses from internal fraud are capable of bringing a small company to its knees,” says Charlie Ott, a vice president and regional manager for security at California Bank & Trust, a wholly-owned subsidiary of Zions Bancorporation.
Smart Business spoke with Ott about the growing risk of employee fraud and the most effective ways to prevent it.
What are some common types of internal fraud?
Trusted employees, with access to the company’s bookkeeping system and bank accounts, can siphon off funds by setting up phony vendors in the accounts payable module and paying erroneous invoices. Or, they may surreptitiously switch account numbers in the online bill pay system and use company funds to pay personal credit cards, mortgages and car payments. Some use software to replicate blank check stock or insert their name into the payee line. Other times, they submit phony receipts on expense reports or deposit company checks into their personal accounts.
Fraudsters spend every day looking for opportunities and honing their craft, and they’re bound to succeed unless you are vigilant and take a few preventative measures.
Which preventative measures are most effective?
Internal fraud starts with people. So even if you hire referrals from trusted employees or family friends, it’s critical to conduct several interviews, a background investigation and reference checks before extending an offer. Repeat offenders often target small businesses due to their lax vetting practices, and background checks aren’t that expensive when you consider what’s at stake.
Once you have established strong hiring practices, consider opportunity. Based on your business and accounting practices, where do opportunities exist for an employee to defraud your business? What controls are in place to deter employees from defrauding your business? You can mitigate opportunity by making it difficult for fraudsters to conceal their deeds, which is done by apportioning accounting and banking duties among several employees and conducting random checks on financial and banking activity. As an example, have one person open the mail and enter invoices into the system, another approve the payments, and a third person sign the checks, make deposits and reconcile the monthly bank statement. Finally, safeguard the company’s legal filings and resolutions so fraudsters can’t access sensitive company information and use it to open up a phony bank account. Typically, fraudsters test the waters by stealing a small amount of money to see if anyone notices, then they increase the frequency and volume of their illicit activities. Also, they typically act alone; rarely do they act in concert with someone else, as that raises the risk of getting caught.
Is there a way to minimize the risk of check fraud and counterfeiting?
Keep cancelled checks and blank check stock under lock and key, and only release small batches of checks as necessary. Take advantage of your bank’s fraud prevention programs like positive pay and reverse positive pay, which are specifically designed to spot and stop payment on counterfeit, altered or forged checks. Even if your company is small and writes very few checks, you can still look for altered, forged and counterfeit checks or account anomalies by using online banking to view activity and photos of cancelled checks. Finally, don’t let the bank statement sit on your desk; nip fraud in the bud by reviewing your statement the minute it arrives.
What can executives do to avert technology breaches and phishing?
Every company should have virus protection software and a firewall installed on its network, and executives should ask their banker about programs like Trusteer that are specifically designed to spot fraudulent or suspicious electronic banking activity. Keep hackers from gaining access to accounts by using a standalone computer to process banking transactions, utilizing dual authentication and having two people approve transfers of funds between accounts. Educate employees on the risk of phishing and fraudsters’ tactics so they aren’t duped into providing passwords or login information. Never allow multiple users to use the same password or logon name. Keep passwords under lock and key, changing them from time to time, especially when an employee leaves or takes on different responsibilities.
How can executives help prevent fraud?
Don’t be so consumed with growing your business that you overlook the need to establish rigorous accounting policies and procedures or communicate a zero-tolerance policy for deviations. Inspect what you expect by ensuring accounting procedures are followed and seek professional advice by commissioning an outside audit annually. Spot irregularities by reviewing accounting and banking activity at least once a week and ask questions so employees know you’re paying attention. Ask about a sudden increase in invoice activity, the addition of a new vendor or a large change in account balances. Spend time with employees and have lunch in the cafeteria occasionally because you might be surprised at what you learn by just hanging around.
While it may be impossible to eliminate internal fraud, you’ll be able to minimize it as long as you’re vigilant and take a few precautions.
Charlie Ott is a vice president and regional manager for security at California Bank & Trust, a wholly-owned subsidiary of Zions Bancorporation. Reach him at (510) 808-1644 or email@example.com.
Insights Banking & Finance is brought to you by California Bank & Trust
In today’s economy, companies should be doing everything they can to prevent or eliminate temptation on behalf of their employees. Many employees are truly struggling financially and putting food on the table is a basic need for all of them. Where will the money come from? Many will look to the most ready source of cash: their employer.
“Knowing what might provoke an employee, even an otherwise lawful, ‘good’ person, to blur the line between legal and illegal activity is the key to fighting fraud effectively,” says Jim Stempak, a principal with Crowe Horwath LLP.
Smart Business spoke to Stempak about how businesses leaders can effectively limit any perceived or real opportunity for employees to commit fraud within their organization.
What drives employees to commit fraud?
Famed criminologist Donald R. Cressey first identified three elements — opportunity (including general knowledge and technical skill), pressure and rationalization — as the ‘fraud triangle’ to explain why people committed fraud. Cressey’s classic fraud triangle helps to explain many, but not all, situations.
Fraud is more likely to occur when someone has an incentive (pressure, like medical bills) to commit fraud, weak controls provide the opportunity for a person to do so, and the person is able to rationalize the fraudulent behavior.
Today’s fraudster is more independent-minded and armed with more information and access to corporate assets than was the perpetrator of Cressey’s era.
More technology, matrix organizations, performance-based pay and a corporate culture that celebrates wealth and fame have led to greater autonomy and authority to effect change across the organization. These differences support the need to expand the fraud triangle to a five-sided fraud pentagon, where an employee’s competence, or power to perform, and arrogance, or lack of conscience, are factored into the conditions generally present when fraud occurs.
How can a business address these driving factors?
With the changes to organizations listed above and employees’ increasing responsibilities in their respective roles, competence and arrogance are at an all-time high. Pressure is being generated both inside and outside the company at an ever-increasing rate. But of the five elements of fraud, the company has the greatest influence and control over opportunity. In fact, the company is almost entirely in control of the opportunity side of the triangle.
Opportunity for fraud to take place is marked on one end by controls — physical, logical, automated, manual, visual, etc. — and on the other end by management review, monitoring and reporting. Somewhere in the middle is separation of duties, reconciliations, internal audits, external audits, and all other means of checking the numbers on a regular, periodic and sometimes on a surprise basis. All of these control measures fall within the purview and responsibility of the company.
What common mistakes do businesses make when attempting to prevent fraud?
So let’s say all of the controls above are in place. The company contributes further to opportunity when the controls are not effectively implemented, executed and monitored. This is where most companies fall woefully short.
Controls that were effective for the way the company operated five years ago often become ‘false’ indicators of control due to system, process, procedural and organizational changes, and diversification of responsibility.
Many companies are doing such a poor job of managing opportunity that they unknowingly cause or contribute to many otherwise good people ‘going bad’ on the job. You need look no further than the Association of Certified Fraud Examiners (ACFE) 2010 Report to the Nation to see that this issue is supported by data from more than 1,800 actual cases of fraud. In the 2010 report, ACFE reported that ‘lack of controls, absence of management review, and override of existing controls were the three most commonly cited factors that allowed fraud schemes to succeed.’
What steps should companies take to limit the ‘opportunity’ for fraud to take place?
Companies should start with an enterprise-wide risk assessment.
Start with a control review. While the company may have wonderful controls in place, it may not be controlling its biggest, most common, or most obvious risks, or those unique to its business and/or industry.
In performing a risk assessment, there is a need for a common language or nomenclature, a process to identify and rate the risks, and the ability to determine mitigation strategies for the company’s chosen level of risk (risk profile). Management will want to invest the time necessary for thorough discussion of the risks and the rating, because this will drive the mitigation effort and investment.
With the risk assessment complete, compare the current controls in place to the risks that require mitigation and see where you stand. Obvious gaps will show up, which will require modification and/or redesign of your control environment, including new and specific control techniques.
Last, for companies of all sizes above 25 employees, implement a process by which employees, vendors and customers can access and report suspicious activity via a tip line. It may sound overly simple, but ACFE reports that occupational frauds are detected by tips more than any other means, including management review, internal audit and review of documentation. The tip line, and the awareness of its existence and use, is the primary way to limit the perception of opportunity in companies big and small.
Jim Stempak is a principal with Crowe Horwath LLP in the Dallas office. Reach him at firstname.lastname@example.org or (214) 777-5203.
Insights Accounting is brought to you by Crowe Horwath LLP