When times are tough, the temptation for employees to dupe the system and steal cash or assets increases. The economy is a key driver in fraud activity, and over the last several years, organizations of all sizes have been victimized.

So is the fraud environment improving now that there’s news of an uptick in the economy? Not yet, says Jason Buhlinger, a supervisor in financial advisory services at Brown Smith Wallace LLC, St. Louis, Mo.

“While there may be signs of the economy getting a little better, people still feel uncertain — and as long as that feeling is in the back of their minds, there is motivation and a rationalization to steal,” Buhlinger says.

Companies are running leaner, which means there is less management oversight at some firms, and others have eliminated internal audit personnel. One person may be doing the job of two or more employees, so the work force is spread thin. And that may mean that no one is watching should an employee decide to commit fraud.

“Imposing internal controls becomes harder to accomplish with less staff,” Buhlinger says.

Now is not the time to let your guard down as a business owner.

“The longer the economy trickles along, we’ll continue to see people who are looking for easy ways to get cash,” Buhlinger says.

Smart Business spoke with Buhlinger about the types of fraud being committed and how to establish strong internal controls to protect your business.

What specific economic factors drive individuals to commit fraud?

The recession began in December 2007, and at one point, the Dow Jones Industrial Average was down as much as 50 percent. People had to become more frugal. Those who planned on retiring early had to re-examine that goal as they watched their investment savings dwindle. And home prices dropped significantly in some areas of the country.

All of a sudden, the asset values that many people counted on were gone and they had to figure out a way to supplement that. This is where the fraud triangle comes into play — opportunity, rationalization and pressure. All three of these stress points have increased in the past several years, and this continues to be the case.

As long as people feel a sense of economic uncertainty, that can evolve into rationalization and pressure to find more money somehow. When the opportunity to commit fraud presents itself, rather than taking the higher moral road, as they might in better times, they justify the act and take that opportunity. Your organization can’t realistically eliminate all rationalizations and pressures, but it can manage the opportunity side of the triangle.

What types of fraud are most common today?

Asset misappropriation remains the most common type of fraud. That includes, but isn’t limited to, cash theft, payroll schemes and inventory theft, to name a few. A worker might file false expense reports and pocket the cash, or take product from a warehouse and sell it for a profit.

Stealing from cash registers $20 at a time can go unnoticed if proper controls aren’t in place. Asset misappropriation tends to involve smaller amounts of money, but those dollars add up over time.

What are the components of an effective fraud awareness program?

Organizations need to take a proactive approach to prevent fraud. Owners need to be involved in the financial aspect of the business rather than passing that role off entirely to a manager. For example, we recently handled a fraud case in which a CFO had complete financial control of the company and could take whatever he wanted. If their company had implemented the critical concept of segregation of duties, it would have been more difficult for him to pull off fraud.

Segregation of duties is critical to prevent fraud, and this can be a challenge in small businesses. That’s why owner involvement is critical at every level of a business, from reviewing financial statements to checking in at the cash registers. It also helps if organizations provide a way for employees to anonymously report fraud through a tip line or even a simple suggestion box.

By keeping fraud at the forefront of your business, you will discourage those who are teetering on the edge of committing fraud. And with internal controls in place, you will be more likely to catch fraud early before it causes significant damage to the business.

How can a business be proactive about creating a culture of honesty?

It’s important to create a fraud prevention program and talk about it regularly with employees. Hold quarterly meetings to discuss fraud and internal controls. Let everyone know your organization has a zero tolerance policy. By making employees aware that fraud is on the radar and no one is going to get away with it, you decrease the rationalization and opportunity for fraud to occur.

Begin a fraud prevention program to learn what areas of your business are susceptible to fraud. A risk assessment will help you zero in on entry points for fraud so you can watch those areas carefully.

A certified fraud examiner (CFE) can help you get that fraud policy on paper, and it’s a good idea to incorporate it into your employee handbook. Secure a commitment in writing from every employee that they understand the policy and the ramifications if fraud is committed.


Jason Buhlinger, CFE, AVA, is a supervisor in financial advisory services at Brown Smith Wallace, St. Louis, Mo. Reach him at  (314) 983-1310 or jbuhlinger@bswllc.com.

Insights Accounting is brought to you by Brown Smith Wallace LLC

Published in St. Louis

Savvy business owners know the value of internal controls and the critical importance of reviewing those controls on a regular basis. Effective internal control systems must be adapted to changes in business practices and the global economy. So how do today’s top businesses keep up?

Smart Business spoke with industry expert Ernie Rossi on the prevention and detection of internal fraud. For almost 20 years, Rossi has educated clients on maintaining effective internal controls. As an audit partner at Sensiba San Filippo LLP, Rossi teaches clients best practices for establishing internal controls and keeping them in step with the times.

What kinds of businesses need to protect against fraud?

No company is 100 percent immune to fraud. However, certain types of companies are at greater risk. Small companies tend to have limited resources, meaning they have employees who perform multiple duties. This is a problem because small businesses cannot easily separate what a good internal control structure would call ‘conflicting tasks.’ Properly separating tasks forces perpetrators of fraud to conspire in order to steal, and collusion is more difficult than acting alone.

Larger businesses may be more capable of separating tasks, simply due to having more staff, but over time, they can experience increasing risk of fraud if they become lax in pinpointing loopholes in their systems. Given time, people find weaknesses in the system, and can exploit these.

One common denominator among companies is that few believe they are susceptible to internal fraud. But statistics in this area are clear — most often, fraud is perpetrated by a long-term employee or friend. It is best to have well designed and implemented internal controls that reduce, as much as possible, the opportunities to commit fraud in the first place.

Under what conditions does internal fraud occur?

Internal fraud can be compared to a ‘perfect storm’ in which a motivated perpetrator meets poorly designed or poorly implemented internal controls and little or no monitoring of those controls. It is generally a rationalization on the employee’s part that they are entitled to the fraud. For example, the perpetrator might say, ‘The owner makes way too much money,’ or, ‘I work really hard, and the business doesn’t properly reward me for my efforts.’

You can distinguish between businesses that have poorly designed internal controls and those whose controls are poorly monitored. Internal controls may be in place, but sometimes the business’s culture evolves to a point where controls are allowed to be ignored. One common example: An increasingly busy workplace where checks are signed without thorough review of supporting invoices.

How can companies prevent internal fraud?

Companies that are led by a management team who sets the ‘tone at the top,’ by modeling the greatest degree of integrity, may be at less risk for internal fraud.  Business owners who play fast and loose with tax laws and company assets can expect employees to feel comfortable doing the same. While some business owners recognize the risk of fraud, they are often unsure about the steps required to prevent it. Companies should start small. The first step is to leverage a third party to review the business and uncover potential problems through an assessment of internal controls. This will help identify the areas of biggest risk — the low-hanging fruit.

The second step is to implement controls, such as separation of duties of employees, to shore up vulnerabilities uncovered in the assessment. Next, periodic reviews by internal managers and external assessors will help to keep controls from slipping out of practice.

It’s also important to educate employees about the purpose of the controls. Increased awareness, along with the knowledge that internal controls are a priority, will serve as a strong deterrent. Communicate that internal controls will ultimately protect employees if and when a fraud is committed by allowing them to quickly be eliminated from suspicion.

Financial audits can be helpful, but audits alone cannot replace internal controls or a thorough risk assessment. Audits only test a sample out of thousands of transactions, which are selected at random. So, the audit may catch an error, but it is no guarantee that the error is going to be a result of the fraud.

What qualifies an individual or a firm to assess risk?

Consider hiring a CPA with audit experience. They need not specialize in fraud, but they should be someone with lengthy experience in public accounting. Generally, CPAs with significant public accounting experience are well suited to evaluate controls that currently exist and assist in developing additional or more effective controls.

Basic assessments can be conducted over a few days or weeks, depending on the size of the business and amount of time needed to document the business’s day-to-day practices. The assessment does not need to be done all at once. The business owner should meet with the selected professionals, perform a general assessment, and then design a plan over time to develop and implement a comprehensive internal control system. After controls are implemented, periodic maintenance should be performed. Over time, even good controls will become less effective. Eventually people find their way around the controls, especially if they know they are not monitored regularly.

How does a service provider help clients protect themselves against fraud?

Any service provider should talk with clients about controls frequently, and not just during an annual audit or financial statement preparation. In every meeting, they should listen for key phrases or changes to the business. For example, the phrase, ‘We’re having cash flow problems,’ may indicate a control issue.

In order to truly reduce the likelihood of fraud, education and communication should be top priorities on both sides of the table.

Ernie Rossi is an audit partner at Sensiba San Filippo LLP, a regional CPA firm based in the San Francisco Bay area. He may be reached at (925) 271-8700 or erossi@ssfllp.com.

Insights Accounting is brought to you by Sensiba San Filippo

Published in Northern California