Means, Motive, Opportunity: It’s Always the Ones You Trust
Any closely held business that operates without adequate segregation of duties is exposed to the risk of embezzlement. This is hardly a revelation. In fact, it’s Bookkeeping 101. Yet, time and again, this vulnerability is exploited to devastating effect. There is an odd, overarching irony to it all.
by Jonathan S. Ziss, JD Dec 20, 2019, 13:18 PM
Insightful lessons can be learned by reviewing professional liability issues. With this in mind, Arthur J. Gallagher & Co. provides this column for your review. For more information about liability issues, contact Bob Connolly at robert_connolly@ajg.com.
Any closely held business that operates without adequate segregation of duties is exposed to the risk of embezzlement. This is hardly a revelation. In fact, it’s Bookkeeping 101. Yet, time and again, this vulnerability is exploited to devastating effect. There is an odd, overarching irony to it all.
Here’s how the performance usually plays out. In a smaller office – and by “smaller” I mean up to $50 million in revenue – one often finds a limited internal accounting staff, perhaps one bookkeeper/controller who is supervised, if at all, by a single manager. The bookkeeper is trusted implicitly, having worked at the company from a tender age. The bookkeeper’s work ethic is exemplary, as is the attendance record. The bookkeeper has all the answers, or knows where they can be found, because the books and records are carefully and securely kept in the bookkeeper’s office space.
This employee is always first to get the mail, seldom takes vacations, and is a model employee (if maybe somewhat withdrawn). The bookkeeper is also a textbook embezzler.
The irony is that a high level of trust and confidence invites self-interest and deceit. Where there is an opportunity for theft, theft is most likely to occur. Where effective internal controls are needed most, they are found least.
Consider the following real-life examples, which have been modified to preserve anonymity.
Case No. 1 – In Medical Office A, the office manager, now in her 40s, joined the practice out of high school as an assistant. She worked extraordinarily hard, and helped steady the practice as it grew from one location to several. She was so competent that her bosses, the physicians, left her all but completely alone. In fact, they never felt the need to sit down with her for performance and compensation reviews. She paid their bills and balanced their checkbooks. She produced internal financial statements. She liaised with the payroll system. She liaised with the outside CPA for tax compliance. She also increased her own salary year after year until she was one of the most highly compensated employees of the practice, “earning” a hefty six figures.
Case No. 2 – At another medical practice, Medical Office B, the office manager was delighted to work with a controller who efficiently managed both payables and receivables, and who also balanced the checkbook. In fact, the controller saved her manager time and effort by pairing invoices with checks to be signed. The fact that the checks did not have a payee written in made sense to the manager, because if she rejected a given invoice there would be no check stock wasted. The controller then dutifully took the signed checks and filled in the names of the payees, including, on several hundred occasions, her own name or that of her son. Tasked with sending the monthly bank statements to the outside CPA, the controller removed those pages of the statements that contained check images. The CPA did not notice (or was unconcerned) that he received five of 11 pages of a given month’s bank statement since he was providing compilation and review services. Eventually the controller had the practice switch banks, and in the process signed up for limited monthly statements without check images.
Case No. 3 – A family-owned building material manufacturer hired its bookkeeper right out of high school, and she soon came to handle all accounting functions. She was trusted like family. At the direction of the owners, to safeguard the confidentiality of company financial information, all bank statements would be delivered to her unopened. She remained their custodian, keeping them under lock and key. The bookkeeper prepared internal financial statements for the outside CPA, who provided review services. Starting at around age 60, she began to write checks to herself and to pay off her personal credit cards with company funds. She masked her embezzlement by creating phony payees on the ledgers. She also removed from the bank statements the pages bearing check images.
Here’s how the performance usually plays out. In a smaller office – and by “smaller” I mean up to $50 million in revenue – one often finds a limited internal accounting staff, perhaps one bookkeeper/controller who is supervised, if at all, by a single manager. The bookkeeper is trusted implicitly, having worked at the company from a tender age. The bookkeeper’s work ethic is exemplary, as is the attendance record. The bookkeeper has all the answers, or knows where they can be found, because the books and records are carefully and securely kept in the bookkeeper’s office space.
This employee is always first to get the mail, seldom takes vacations, and is a model employee (if maybe somewhat withdrawn). The bookkeeper is also a textbook embezzler.
The irony is that a high level of trust and confidence invites self-interest and deceit. Where there is an opportunity for theft, theft is most likely to occur. Where effective internal controls are needed most, they are found least.
Consider the following real-life examples, which have been modified to preserve anonymity.
Case No. 1 – In Medical Office A, the office manager, now in her 40s, joined the practice out of high school as an assistant. She worked extraordinarily hard, and helped steady the practice as it grew from one location to several. She was so competent that her bosses, the physicians, left her all but completely alone. In fact, they never felt the need to sit down with her for performance and compensation reviews. She paid their bills and balanced their checkbooks. She produced internal financial statements. She liaised with the payroll system. She liaised with the outside CPA for tax compliance. She also increased her own salary year after year until she was one of the most highly compensated employees of the practice, “earning” a hefty six figures.
Case No. 2 – At another medical practice, Medical Office B, the office manager was delighted to work with a controller who efficiently managed both payables and receivables, and who also balanced the checkbook. In fact, the controller saved her manager time and effort by pairing invoices with checks to be signed. The fact that the checks did not have a payee written in made sense to the manager, because if she rejected a given invoice there would be no check stock wasted. The controller then dutifully took the signed checks and filled in the names of the payees, including, on several hundred occasions, her own name or that of her son. Tasked with sending the monthly bank statements to the outside CPA, the controller removed those pages of the statements that contained check images. The CPA did not notice (or was unconcerned) that he received five of 11 pages of a given month’s bank statement since he was providing compilation and review services. Eventually the controller had the practice switch banks, and in the process signed up for limited monthly statements without check images.
Case No. 3 – A family-owned building material manufacturer hired its bookkeeper right out of high school, and she soon came to handle all accounting functions. She was trusted like family. At the direction of the owners, to safeguard the confidentiality of company financial information, all bank statements would be delivered to her unopened. She remained their custodian, keeping them under lock and key. The bookkeeper prepared internal financial statements for the outside CPA, who provided review services. Starting at around age 60, she began to write checks to herself and to pay off her personal credit cards with company funds. She masked her embezzlement by creating phony payees on the ledgers. She also removed from the bank statements the pages bearing check images.
Lesson to be Learned
All practitioners are familiar with the classic list of behavioral red flags associated with occupational fraudsters. It includes living beyond one’s means; dire financial difficulties; cozy relationships with vendors or customers; chronic complaints about management; a lack of horizontal relationships with coworkers; excessive control issues; and so forth. The validity of these warning signs is well established. To detect them, to become aware of them, one must have a sustained opportunity to observe the employee and to understand these anomalies as establishing a pattern. The limitation, of course, is that behaviors can be masked and relationships and perceptions can be manipulated.
Not so, the checkbook. Not so, the payroll registers.
Regardless of the scope of an engagement, practitioners can do themselves and their clients a profound service by elevating fraud to a topic of explicit conversation with all clients. In doing so, you will not be taking on a legal duty to detect fraud, but all the same you may very well cause its detection, or arrange for its prevention, the good old-fashioned way: through attentive management and effective internal controls. Let your client know that bank statements must be periodically reviewed by ownership, likewise payroll. Then, invest in your future by dropping your client a note, an e-mail, or a form letter that you create as a service to all clients addressing small-business fraud. You can even use this communication to reiterate that you have not been hired to detect or to prevent fraud, but that you are passing along this pearl of wisdom as a courtesy.
Don’t let the irony of trust and confidence claim your clients as victims.
Jonathan S. Ziss, JD, is a partner with Goldberg Segalla in Philadelphia. He can be reached at jziss@goldbergsegalla.com.
Not so, the checkbook. Not so, the payroll registers.
Regardless of the scope of an engagement, practitioners can do themselves and their clients a profound service by elevating fraud to a topic of explicit conversation with all clients. In doing so, you will not be taking on a legal duty to detect fraud, but all the same you may very well cause its detection, or arrange for its prevention, the good old-fashioned way: through attentive management and effective internal controls. Let your client know that bank statements must be periodically reviewed by ownership, likewise payroll. Then, invest in your future by dropping your client a note, an e-mail, or a form letter that you create as a service to all clients addressing small-business fraud. You can even use this communication to reiterate that you have not been hired to detect or to prevent fraud, but that you are passing along this pearl of wisdom as a courtesy.
Don’t let the irony of trust and confidence claim your clients as victims.
Jonathan S. Ziss, JD, is a partner with Goldberg Segalla in Philadelphia. He can be reached at jziss@goldbergsegalla.com.
