By Guest Blogger, David E. Goss, CPA, CFF, CGMA, CIA, CFE
In the 1979 psychological horror film, When a Stranger Calls, a babysitter receives a telephone call from a man who creepily asks if she has checked on the children. The calls become more frequent and threatening, so the babysitter calls the police. Soon the babysitter receives a call back from the police informing her that the threatening calls were coming from inside the house.
Like the baby sitter in this classic thriller, the business world focuses on external attacks, such as hackers. Certainly hacking is increasing, and it is affecting more of us through system attacks and data theft. But, lurking in the shadows, traditional in-house fraud remains a rampant and often undetected problem.
Embezzlement, or stealing from employers, is still a common threat in the business environment. In recent years, when economic conditions compelled companies to scale back their spending, resulting in fewer employees and weakened internal controls, embezzlement and the resulting losses have grown. Marquet International, a security consulting firm, did a 2013 report in which it recorded its highest rate of employee theft in its six-year history.
Employee theft can vary greatly, from a few hundred dollars to millions, but the actual costs are usually considerably higher than what was taken. Expenses tied to investigation and professional fees can be significant, depending on the complexity of the case. Then there are the indirect costs such as loss of business, loss of productivity, distraction of management from their regular duties, and loss of banking relationships. All of these add to the total cost of fraud.
If you think embezzlement is a “big businesses” problem, think again: it thrives all around. A recent example reported in Indiana County, Pa., helps paint the picture of the impact of an embezzlement on a single business. The Westmoreland Times reported that a former top executive of an Indiana County gas drilling company was convicted Jan. 23, 2015, for stealing $9.2 million from his own company over an eight-year period. The former COO, Larry D. Winckler, of Falcon Drilling earned $260,000 a year as well as a $1.2 million bonus when the company was sold in 2011. Winckler worked with the company’s controller and an outside vendor to funnel money out of the company from 2004 through 2012. He wrote bogus checks for tens of thousands of dollars, which he disguised as fake purchases for parts and drill bits. The stolen funds were used to support his gambling addiction and to buy luxury items and real estate. This fraudster was sentenced to serve eight years in federal prison.
To help shine light on potential embezzlers hiding in the shadows, your business must implement certain safeguards. The most common have three key components: prevention, detection, and mitigation.
Prevention: All fraud cannot be prevented. It’s impossible. However, you should adopt policies and procedures aimed at deterrence. Perform a risk assessment identifying the types of fraud that threaten to cause the most harm. In doing so, consider the following:
Proper segregation of duties. Checks and balances among employees help ensure that no single employee has control over too many parts of a financial transaction.
- Reconcile banking activity monthly with appropriate management oversight and review.
- Protect checks against fraudulent use. Include proper security over blank check stock, require dual signatures on checks, and prohibit writing checks as “Payable to cash.”
- Protect cash collected. Ensure proper and prompt recording and timely deposits.
- Avoid related-party transactions through written conflict of interest and ethics policies and procedures.
- Limit use of company credit cards. Review the details of transactions and use account limits with credit card companies and vendors.
Detection: At a minimum, fraud detection requires vigilance. Specific steps are usually a matter of judgment based on the factors particular to the type of business and the types of assets of the company. Here are a few to consider:
Perform detailed and recurring analysis of accounting transactions for unusual activity or changes in account balances.
- Use whistleblower hotlines to allow for employee tips and complaints.
- Rotate duties of employees periodically.
- Perform surprise reviews or internal audits.
- Require periodic vacations of employees.
Mitigation: No amount of prevention or detection can guarantee that fraud will never happen. However, your business may be able to limit the potential depth and scope of damage associated with an employee fraud before one occurs. Consider the following:
Protect your business. Have adequate insurance protection covering fraud and the costs of investigating potential fraud issues.
- Don’t wait! Timely follow-up of suspicious or unusual transactions or issues involving fraud is critical to ensure a small fraud doesn’t grow into something larger.
- Get professional help. Consult with licensed forensic accountants, auditors, computer forensic professionals, and legal counsel when fraud is detected or suspected.
- Stay vigilant. Regularly review your business’s fraud prevention policies and procedures.
Traditional employee fraud is increasing at staggering rates, but many employers fail to recognize that their business could become the next victim. Protect your business through prevention, detection, and mitigation safeguards, because when a “call comes from within,” it can cost your business untold resources.
Get more tips from PICPA’s brochure "Secure from Within".
David E. Goss CPA/CFF, CIA, CFE, is President of North American Forensic Accounting and has more than 39 years of experience in auditing and accounting. He has performed fraud and forensic investigations for small, medium and large companies throughout North America, Canada and Australia. Dave’s experience includes cases involving blackmail, embezzlement and elder fraud.