Fraud in the Workplace
By Christine Devin, CPA
Have you ever said these words: “I trust her; she would never steal from the company,” or “he is so honest, he would never do that.”
A small-business owner I recently spoke with said those same words. The owner was busy with the daily operations of her cash-lucrative business. The business had less than 10 employees, including a few service employees and a bookkeeper. The business owner had outstanding relationships with all of the employees. She even referred to them as family. Business was booming. What could possibly go wrong?
The owner confidently handed over her financial information for annual review and preparation of the company’s tax return to a hired professional. She was sure that her hard work looked impressive on paper. After all, she worked countless hours to make it all happen. Little did she know that the words she spoke earlier would haunt her. She could not have been more wrong.
During the annual review of the financial statements, some disbursements were flagged as unusual or suspect. The professional contacted the owner to investigate these payments. After further review, it was discovered that the bookkeeper was writing checks for personal expenses out of the company’s checking account by forging the owner’s signature. This was devastating news.
Fraud in the workplace is a serious topic and should be considered in any size business. What is fraud? Who is likely to commit fraud and what can be done to prevent or detect fraud? These are all great questions that this small-business owner wished she had addressed long before she ever hired her first employee.
What is fraud? Fraud is a broad term often used to describe when someone intentionally cheats another out of money or property for personal gain and then conceals it. In a business environment, fraud can occur by theft, misappropriation of assets, or financial-statement fraud. Some common fraud schemes are check forging (theft of cash), skimming (accounts receivable), dummy vendors (accounts payable), ghost employees (payroll), and falsifying records (financial statement). Whatever the scheme, are you prepared in your business to eliminate the possibility of fraud?
Who is likely to commit fraud? Most employees are honest when hired. However, you may on occasion hire a person that intentionally wants to get the job just to steal from you.
The ‘fraud triangle,’ originated by American sociologist Donald Cressey, created the framework to describe the reasoning by an employee to commit fraud. The fraud triangle describes the three stages an individual goes through when contemplating fraud. These are personal pressure or financial need, opportunity, and their ability to rationalize the crime. Per Cressey, once all these stages are met, even your most honest and trusted employee can commit fraud.
In the example above, the bookkeeper had a need (a drug addiction which was later revealed in court), the means (her direct access to the checks and the ability to reconcile), and rationalization of the crime (she thought she deserved more of the profit). All stages of the fraud triangle are important and should be considered in your risk assessment.
Of the three stages, we are going to focus on the second stage, opportunity. If there is no opportunity, the employee cannot commit fraud regardless of what they think, how they feel, or what they are going through personally.
When seeking to eliminate the opportunity for fraud, one of the best places to start is the transaction cycle. Take the time to walk through each transaction process, from start to finish. During the walkthrough, identify key points in the process where review, approval, or dual controls should be present to eliminate sole control over the function.
Consider this example: an accounts-payable clerk sets up new vendors, vouchers invoices, and processes checks for the company each week. The same clerk also reconciles the activity at the end of the month and posts all necessary reconciling journal entries. She even offers to mail the checks, as it is on her way home.
In this example, there is clear lack of segregation of duties. The clerk has too much control, and ‘opportunity’ exists. If the other two stages of Cressey’s framework — a financial need and rationalization — were present, then it would be possible for fraud to occur. Taking the time to evaluate processes such as these will help greatly in eliminating the risk of fraud.
There are a number of other steps that a business can take to prevent or detect fraud. They include:
• Conducting background checks on new hires;
• Implementing dual controls over assets such as cash and inventory;
• Separating key functions such as check preparer and check signer;
• Reconciling all accounts to the general ledger each month;
• Requiring approval of all time sheets by a supervisor;
• Requiring mandatory vacation for payroll or other key personnel;
• Establishing budgets and projections to benchmark to financial results;
• Rotating duties of accounts payable and accounts receivable (this process can also achieve cross-training needs);
• Verifying new vendor information, including tax ID address and phone number;
• Conducting internal audits;
• Establishing formal policies and procedures, including code of ethics;
• Setting up an employee hotline; and
• Disciplining for violation of established policies.
If a company has fewer employees, like the owner in the first example, then direct review and monitoring will serve as mitigating controls to prevent and detect fraud. Luckily, the owner had a detection control in place (she had someone else look at her records). However, even with the help of a third party, there is no guarantee that fraud will be detected, if it exists. So what else could have been done?
The owner could have had the bank statements mailed directly to her home address for review before handing off to the bookkeeper. Just opening the statement sends a clear message. In our original example, it was later discovered that the bookkeeper forged checks for more than a year. A simple review of the monthly bank statement by the owner would have uncovered the fraud much sooner, just by noticing the signature on the check images were not her own.
The time it would take to perform these steps would be far less than the time the owner spent investigating the records and pursuing the prosecution of the employee.
In the end, it takes time to review processes and procedures, identify key controls, and implement safeguards where needed. I can assure you, it is time well-spent. If you don’t have the time or resources to conduct a review of your business processes, you can call a professional to assist you.
This small-business owner changed the way she conducts business so this never happens again. Will you?
Christine Devin, CPA is a senior associate with the Holyoke-based public accounting firm Meyers Brothers Kalicka, P.C.; (413) 322-3480; firstname.lastname@example.org