In March 2009, Bernard Madoff pleaded guilty to charges including fraud for operating a Ponzi scheme for at least a decade in which he bilked thousands of investors out of as much as $65 billion. In January 2009, the CEO and Chairman of Satyam Computer Services admitted to faking financial results, including overstating cash balances by more than $1 billion. In December 2008, the vice president of merchandising and operations for San Jose-based Fry’s Electronics was arrested on charges that he defrauded the retailer of $65 million in a vendor kickback scheme that allegedly began in 2005.
Due to their size and scope, these cases were broadly reported and are relatively well known. The fact is, however, that financial fraud is not limited by size, geography or industry. Fraud takes many different forms and often goes undetected for long periods of time. Fraud schemes can be as simple as removing cash from a cash box or submitting false receipts for expense reimbursements to as complicated as a sophisticated Ponzi scheme.
The Association of Certified Fraud Examiners (ACFE) classifies fraud into three broad categories: corruption (including extortion, bribes and conflicts of interest), asset misappropriation (including theft, skimming, payroll fraud and check tampering) and fraudulent financial statements (intended to make a company appear healthier than it is).
Corruption includes situations where an individual uses his or her position in an organization to inappropriately or illegally gain economic self-benefit. In the Fry’s Electronics case, the vice president of merchandising and operations allegedly charged vendors commissions of as much as 31% in exchange for agreeing to buy merchandise at inflated prices. He then allegedly funneled the commission money to a “straw” company he created to fund personal gambling debts.
Asset misappropriation represents situations where a person steals or misuses a company’s resources and is, by far, the most common type of financial fraud. A recent study by the ACFE found that asset misappropriation was involved in approximately 90% of fraud cases. While some cases may result in very large amounts of damages, often the amounts involved can be relatively small. Although a “small” fraud can amass to large losses over time if not discovered in time. In April 2009, a former Lubbock, Texas Independent School District Program Coordinator was sentenced for misappropriating federal “No Child Left Behind” funds, admitting that she stole approximately $13,000 by creating false receipts and invoices.
Committing fraud through the creation of fraudulent financial statements is often a complex scheme and one in which the ability to cover one’s tracks becomes more and more difficult over time. In the Satyam case, the CEO stated in his resignation letter that the “gap between actual operating profit and the one reflected in the books of accounts continued to grow over the years”. While in his letter he suggests that the fraud was not undertaken for personal enrichment, often other reasons to commit such fraud are present, including the need to demonstrate meeting outside expectations for sales and profits.
In the current economic environment many companies have cut pay, laid off personnel and devoted fewer resources across the organization, including to those areas related to internal controls. While the risk of fraud is always present, those changes can create an environment that is more susceptible to fraud. With that in mind, what steps can an organization take to lessen the risk of fraud? Here are some suggestions:
• Hotline. The ACFE study found that tips were the most common detection method of fraud. Of the tips provided, more than half of those came from employees of the organization in which the fraud occurred. While public companies are mandated by the Sarbanes-Oxley Act of 2002 to establish anonymous reporting methods, no such requirement exists for private companies. Providing an avenue for the anonymous reporting of fraud through a third-party, with no fear of retaliation, is an effective control in the detection of fraud. In addition, hotlines available to those outside the company can lead to discovery of corruption.
• Segregation of duties/mandatory vacation. In small organizations, resources dedicated to internal control are often limited. For example, a single employee might be responsible for issuing purchase orders, processing accounts payable, issuing checks and preparing bank reconciliations. It would be relatively easy for a person in this position to commit fraud without knowledge of top management. Taking steps such as implementing a management review process, requiring mandatory time off or splitting up duties with other personnel will help address this fraud potential.
• Surprise audits/reviews. Don’t fall into a routine. Individuals understanding that an audit or a review can occur at any time, with no advance warning, is an effective deterrent. Review supplier lists. Audit cash disbursements. Audit headcount and payroll. Periodically perform a few simple reviews and audits and the risk of fraud decreases.
• Management review of internal controls. Take the time to perform a review of internal controls. Identify areas of weakness and take steps to address these gaps.
• Employee training. Take efforts to train employees about workplace fraud, the damage that it can have on the health of the organization and the impact it could have on their own jobs. Make sure they understand what it is and what to do if they discover or suspect fraud has occurred.
• Background checks. As part of the employment process, consider using credit checks in addition to reference and background checks. While the vast majority of employees are honest and hardworking, those with serious personal financial issues might be more susceptible to committing fraud.
• Tone from the top. It all starts at the top. Employees will respond to the behavior and guidance of top management. If management ignores controls, it’s more likely that employees won’t take controls seriously. Lead by example and the control environment will be much more effective.
No single magic bullet exists for preventing fraud. One can put in every fraud prevention technique imaginable and there is no guarantee that fraud won’t occur. However, with a commitment by top management to fraud prevention and ethical behavior, a robust and well designed internal control environment, and a commitment by employees to fraud prevention, the risk of fraud in such an organization is greatly reduced.
Please call us if you wish to further discuss your fraud prevention program.
Thank you for the advice. I’ve found your first point to be most effective.
Wow
I found your blog on Ask looking for something totally unrelated, now I’m going to have to go back and read the old posts! So long spare time this morning, but this was a spectacular find 