Thieves Within: Preventing Fraud in Small & Medium-Sized Organizations

© AGH Employer Solutions 2015

THIEVES WITHIN PREVENTING FRAUD IN SMALL AND MEDIUM-SIZED ORGANIZATIONS

Cindy McSwain Vice President, Outsourcing Services

mailto:[email protected]

http://www.linkedin.com/in/cindymcswain

http://twitter.com/AGHCindy


Introduction:

Fraud & Embezzlement 01

Table of Contents

Fraud & Embezzlement -

Management Review 02 "Controlling" Fraud Risk

in Your Organization 03

Segregation of Duties Can

Mitigate Fraud Risk

04 Most Common Employee Theft -

Cash is King

05 8 Red Flags of

Fraud & Embezzlement

06


Introduction

Why it’s important and what

I’ve seen


© AGH Employer Solutions 2015 4

Did You Know

In my 20+ years as an accountant and

consultant, I have seen organizations

affected by fraud over and over.

In its Report to the Nations on Occupational Fraud and

Abuse, the Association of Certified Fraud Examiners

(ACFE) reported the following:

The typical organization lost 5% of its annual revenue to

fraud.

The median loss due to fraud was $145,000.

Frauds lasted a median of 18 months before being

detected.

Small organizations are disproportionately victimized by

occupational fraud due to lack of anti-fraud controls

compared to their larger counterparts.

Introduction: Fraud & Embezzlement

section 01

5% of annual revenue is typically lost to fraud.

http://www.acfe.com/rttn-summary.aspx

http://www.acfe.com/rttn-summary.aspx

http://www.acfe.com/



What I’ve Seen

The stats previously mentioned do not surprise me. I've seen

very simple fraud schemes as well as well-designed, complex

and intricate schemes:

Theft of cash on hand or cash receipts (from simply taking

it directly out of the cash register to complicated kiting

schemes)

Theft of inventory or supplies

Fraudulent or inappropriate disbursements (fake

employees, fake vendors, paying for personal expenses)

Misreported financial statements (higher bottom line

meant a bigger bonus)

Corruption (bribery, insider trading, money laundering and

more)

In small and medium enterprises, fraud and embezzlement

often involves a trusted employee (worse yet, a trusted

personal friend of the owner) – males and females alike.

It can involve inventory or supplies, but often involves cold,

hard, cash. Often, the perpetrator actually thinks he or she is

deserving or “owed” what was taken.


In small and medium enterprises, fraud and

embezzlement often involves a trusted employee.

section 01



Fraud increases when the three factors within

the "fraud triangle*" intersect:

1. Pressure / Motivation / Incentive -- Employees and their

families experiencing layoffs or salary cuts face financial

pressure; managers may feel pressure to show positive

financial results.

2. Opportunity -- Fraud opportunity can increase when layoffs

leave fewer employees responsible for internal controls.

3. Rationalization -- Rationalization may occur if fewer

employees working more hours feel poorly compensated or

resentful and justified in committing fraud.


Opportunity

section 01

*ACFE and Donald R. Cressey, Other People’s Money


Pay Attention

Owners and key management should pay attention to the

actions of their employees.

The ACFE's report noted the most common behavioral red flags displayed by fraud

perpetrators were:

Living beyond their means,

Exhibiting control issues (unwillingness to share duties), or

Experiencing financial difficulties


section 01


Review, Monitor and Evaluate Internal Controls

To reduce your risk of loss from fraud, it's important that

internal controls be periodically reviewed, monitored and

evaluated by management. Given the current, higher level of

fraud risk, every organization has a compelling need to study

the adequacy and effectiveness of its internal controls. Future

slides will include brief overviews of some factors for you to

consider in that process. You may already be implementing

some or all of these precautions, and some of you may be

going far beyond them – I hope you are. If not, this

information can serve as “food for thought” in an area critical

to every organization’s financial health.

General recommendations include:

Annual management review

Internal controls


section 01


Management Review

Why it’s management’s

problem.



Why Fraud Happens

The Association of Certified Fraud

Examiners (ACFE) Report to the Nation

identified lack of management

review and lack of internal controls as the

most often-cited factors that allowed fraud

to occur. While no silver bullet can prevent

fraud altogether, each of the preventive

steps outlined in this section may help

reduce an organization’s risk.

Fraud & Embezzlement – Management Review

section 02







Annual Management Review

Owners and key management, including the chief financial officer,

should review and discuss internal controls annually, including but

not limited to the following items:

Assets most susceptible to fraud, theft or loss

Areas where controls may be weaker because the number of personnel involved

does not allow the desirable separation of duties

Changes in the staff structure that may have altered the effectiveness of historical

controls

Methods for raising employees’ awareness of ethics and fraud

A way for employees to communicate instances of possible fraud or misconduct


section 02


Management’s Responsibility

Management is responsible for

designing and implementing systems

and procedures to prevent and detect

of fraud and, along with the owners

and/or board of directors, for ensuring

a culture and environment that

promotes honesty and ethical

behavior.

For not-for-profit organizations, a

portion of this responsibility rests with

the board of directors. Many

professionals serve on not-for-profit

boards in support of their

communities.

If you participate in a not-for-profit

board, ask yourself, “When is the last

time my board reviewed the

organization's internal controls?”

Unfortunately, fraud happens within

the walls of not-for-profit

organizations, too.


section 02


“Controlling” the Risk

What you can do as a

business manager and/or

owner



Internal Controls

The term "internal controls" refers to

actions designed to minimize the potential

of material misstatement, fraud or other

financial misconduct or error.

They typically fall into these two broad categories:

Management approach

Financial policies and processes

Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization

section 03

The ethical tone of an

organization is set at the top.


Management Approach

The ethical tone of an organization is

set at the top. Fraud risk is lowered by

creating a culture in which

expectations are clear, workplace

misconduct is not tolerated, and

ethical behavior is the norm. To create

such a culture, management may

want to consider actions such as:

1. Creating, disseminating and training

on an organizational “code of

conduct”

2. Incorporating ethical standards in

performance evaluations

3. Encouraging two-way

communication about ethical issues

through:

Discussion of ethics in leadership

presentations and employee

communications

Implementation of a confidential

employee communication channel

that allows employees to

anonymously report workplace

misconduct or offer suggestions


This last suggestion – an employee

hotline – is one of the most effective

anti-fraud tools an organization can

adopt.

The ACFE reports that fraud is more

likely to be detected by tips than any

other means, including audits or

controls. Our company utilizes

OurWorkplace for our internal

communication and reporting tool as

well as for many of our clients.

section 03

http://www.ourworkplace.com/


Effective Fraud Hotlines

The ACFE’s studies show that

employees are by far the most

important source of fraud tips; nearly

50% of fraud tips come from inside an

organization.

However, it is important to encourage

reporting from a broader audience,

including customers, vendors and

owners/shareholders who may

suspect fraud.

Any hotline is only as effective as its

implementation, though. To get the

most value from a fraud hotline,

consider these factors:

24/7 availability: Studies show

nearly 40% of calls occur on nights

or weekends – not during regular

work hours. If an employees tries

once with no answer, the employer

may lose the change to learn of

fraud.

Anonymity: Despite whistle-blower

laws, many employees may be

reluctant to report suspicious

activity for fear of retaliation. Those

reporting must be assured of

confidentiality, since fraud can

occur at any level.


Third-party operation: The hotline

should be managed by someone

outside the organization trained to

appropriately screen, inquire,

document and share the relevant

information with the organization.

section 03

50% of fraud tips come

from inside an

organization.


Financial Policies & Processes

To properly segregate

duties, a business needs

to split financial

responsibilities among

three different employees:

Someone to authorize transactions,

Someone to record transactions

and

Someone to keep custody of the

related assets


If sufficient staff is not available, an accountant or third party can provide

some, but not all, checks and balances. Additionally, other compensating

control methods can be implemented, such as after-the-fact transaction

reviews by managers.

section 03


Best Practices

Mitigate fraud risk with the

right responsibilities and

procedures



Segregation of Controls

Segregation of controls generally fall into six broad areas:

Segregation of responsibilities and access to information

Appropriate authorization of transactions and activities

Documentation and reporting

Checks and balances

Physical safeguards over assets

Job rotations and mandatory vacations


section 04



1. Segregation of Responsibilities and

Access to Information

Avoid placing too much trust and

responsibility in any one person. For

example, an organization should

separate responsibility for check-

writing from bank-statement review

and reconciliation. Similarly, the

person who receives cash should not

be the same person who handles

bank deposits.

2. Appropriate Authorization of

Transactions and Activities

Consider using authorizations as a

check and balance on expenses and

payments. For example, progressively

higher levels of approval could be

required as an expense’s dollar

amount increases past set limits.


3. Documentation and Reporting

Maintain invoices, bank statements,

inventory records, and other

documents that tie into and serve as

back-up for the organization’s

financial records. Expect and review

monthly financials in a timely manner

for unusual or unexpected results.

section 04



4. Checks and Balances

Financial statement audits by an

external independent auditor are the

most common way to verify that an

organization’s financial statements

materially represent the current

financial status. However, internal

audits may be conducted by staff

removed from the financial

transactions being audited, or periodic

“surprise audits” can be conducted to

evaluate controls within various parts

of the organization.

5. Physical Safeguards Over Assets

Physical security over assets such as

cash drawers, inventory and supplies

reduces the ability for employees to

help themselves.


6. Job Rotations and Mandatory

Vacations

Having someone else take over a co-

worker's responsibilities, if only for a

week of vacation, may be just enough

deterrent to avoid fraud. It is also a

good means of uncovering unusual

activity which may be an indicator of

fraud.

section 04


Policies to Consider Implementing

Consider implementing the

following policies to improve

the segregation of duties

without impairing efficiency:


Mail and Cash Receipts

Mail should be opened by an employee not responsible for accounting records. This

person should prepare a listing in triplicate of all cash receipts. Copies of the cash

receipt listing should be:

Distributed to the accounting department for posting

Distributed to the controller for comparison to the authenticated deposit slip

returned from the bank, and

Retained by the preparer

Check Endorsements

Restrictively endorse the checks "for deposit only in account XXXXXXXX.”

Daily Deposits

Cash receipts should be deposited, intact, daily. Holding receipts for a weekly deposit

exposes the company to loss.

section 04


Policies to Consider Implementing

Consider implementing the

following policies to improve

the segregation of duties

without impairing efficiency:


Bank Statements

Bank statements, canceled checks and appropriate advices should be initially

received and opened by a responsible person other than employees maintaining cash

records. Such items should be reviewed before they are forwarded to the employee(s)

responsible for the bank account reconciliations. Unusual items noted during the

review should be investigated promptly.

Signed Checks

Signed checks should not be returned to the employee(s) responsible for the

accounts payable processing and/or cash disbursing functions. Checks should be

prepared for mailing and mailed by an employee independent of the above-

mentioned functions.

Accounting Journal Entries

Journal entries should be approved by an employee other than the preparer of the

entry.

section 04


But What About Small Businesses?

Often, in small businesses, there just

aren’t enough personnel available to

properly segregate duties. In these cases,

the supervision and periodic review

procedures currently in place help mitigate

the lack of proper segregation of duties

and should be continued. Evaluate use of

the following procedures which could

be performed by closely held business

owners to further compensate for known

weaknesses attributable to an inadequate

segregation of duties:


Receive all bank statements unopened and review their contents.

Have bank statements reconciled immediately.

Review bank reconciliations carefully.

Review monthly aging of accounts receivable and payable.

Review and approve all write-offs of accounts receivable and credit

memorandums.

Review supporting documentation for all disbursements in excess of

predetermined amounts.

Sign all checks for amounts in excess of predetermined amounts and control

access to signature plates.

Approve and monitor changes to payroll.

Review monthly financial statements and question variances.

Have a questioning attitude. Don’t accept answers that don’t make sense;

investigate or question further.

section 04


Cash is King

How to manage cash-related

fraud



Overview

One particular type of asset deserves special

attention as the most common fraud target.

The Association of Certified Fraud

Examiners (ACFE) reports that 90% of all fraud

involves asset misappropriation. Within that

category, 85% involved the theft or misuse of cash,

including paper and electronic forms as well as

actual currency and coins. It is the number one

asset at risk in any business (as opposed to non-

cash assets such as inventory or equipment).

Most Common Employee Theft – Cash is King

section 05




Cash Management

The most common ways middle-market businesses are

victimized is through check-tampering, expense

reimbursement, cash larceny, payroll and skimming receipts.

As laser printers and blank check stocks have become easily

available, almost anyone can alter or counterfeit checks – and

due to changes in the Uniform Commercial Code (UCC) in the

1990s, banks may not be liable when check fraud occurs.

Under the UCC standards of “ordinary care,” banks are

considered less liable if the customer does not take necessary

precautions to prevent the fraud.

What steps can you take, if they are not already employed, to

protect your company against check fraud losses?


section 05


Cash Management

1. Positive Pay

Consider using “positive pay” and ACH (automated clearing

house) “filter” services provided by your bank. A number of

fraud prevention tools are now available through many banks.

2. Blank Check Stock

Keep blank check stocks, returned checks, and check copies

locked up. If you utilize pre-numbered check stock, make sure

you have a method for accounting for all check numbers.

3. Check Stock Security Features

Evaluate use of a check stock with security features such as

watermarks, backgrounds with multiple patterns or colors,

special ink that can be read under ultraviolet light and use of

“void” marks (which display the word “void” when the check is

photocopied).


A number of fraud prevention tools are now

available through many banks.

section 05


Cash Management

4. Bank Account Reconciliations

Reconcile the bank statement promptly. Bank statements,

canceled checks and appropriate advices should be initially

received and opened by a responsible person other than

employees maintaining cash records. Such items should be

reviewed before they are forwarded to the employee(s)

responsible for the bank account reconciliations. Unusual

items noted during the review should be investigated

promptly.

5. Direct Deposit

Evaluate the value of encouraging direct deposit for payroll.

This greatly reduces the number of company checks floating

around.

6. Talk to Your Bank

You may want to consider meeting with your bank to discuss

steps you can take to help prevent check fraud. Bank

representatives will be able to explain the services they offer,

and additional tips for preventing fraud. Your due diligence

may help strengthen your ability to document “necessary

precautions.”


Consider meeting with your bank to discuss

steps you can take to help prevent check fraud.

section 05


The Red Flags of Fraud

Identify certain instances of

potential fraud



The Fraud Triangle Revisited

Fraud increases when the three factors within

the "fraud triangle" intersect:

1. Pressure / Motivation / Incentive -- Employees and their

families experiencing layoffs or salary cuts face financial

pressure; managers may feel pressure to show positive

financial results.

2. Opportunity -- Fraud opportunity can increase when layoffs

leave fewer employees responsible for internal controls.

3. Rationalization -- Rationalization may occur if fewer

employees working more hours feel poorly compensated or

resentful and justified in committing fraud.

8 Red Flags of Fraud & Embezzlement

Opportunity

section 06


What are Red Flags to Watch For?

In general, owners and key management

should pay attention to the actions of their

employees. Although "red flags" do not

automatically indicate fraud has occurred,

follow-up is critical.

Here are some examples of red flags that

merit further review:


section 06


The Red Flags

Red Flag #1 -- Inability to Reconcile Accounts on a Regular

Basis

Significant balance sheet accounts should be reconciled on a

regular basis (monthly or quarterly). This includes, but isn't

limited to, cash, accounts receivable, inventory and accounts

payable. Your level of concern should increase if you hear

continuous excuses from an employee repeatedly “too busy”

to get it done.

Red Flag #2 - Unexplained Variances

An employee trying to cover up fraudulent activity may

attempt to bury it in various general ledger accounts. All

variances should be explainable. Be on the lookout for

account reconciliations with unexplained line items or the

label of "other."

Red Flag #3 - Large Number of "Adjustments"

Don't be afraid to periodically look at the general ledger detail

for significant accounts. Inquire about large quantities of or

significant dollar amounts of "adjustments." Crafty fraudsters

are good at lying to create a complex and confusing trail.

Red Flag #4 - Unusual Discrepancies Between Actual and

Budgeted Results

Budgets are a great tool for any organization. They serve as a

measuring stick for how the organization is performing. Any

variances between actual results and the budget should be

logically explained (for example, a major budget overrun in

supplies expense).


section 06


The Red Flags

Red Flag #5 - Disbursements to Unknown or Unapproved

Vendors or Employees

Periodically review your vendor and employee list. One way to

get cash out of the organization and into the hands of a

fraudster is by paying fake vendors or employees. I've even

seen fraudsters add an outside friend or family member to

the vendor or employee list. The checks are electronically

signed and out the door without anyone knowing they weren't

legitimate.

Red Flag #6 - Gaps in Receipt or Check Numbers

It is important to require pre-numbered cash receipt forms

and to use numerically sequenced checks. It is also important

to account for every number. Missing receipts or checks could

mean an employee just pocketed the cash received for

writing checks outside of the system.

Red Flag #7 - Receipts not Matching Deposits / Always

Reporting "Cash Short"

Each deposit should be verified to match the amount

received to the amount deposited and to the amount

recorded in the general ledger. One employee should never

perform all three of these steps. Additionally, be cautious if

you are consistently seeing cash shortages.

Red Flag #8 - Significant Changes in Employee Behavior

Patterns

One phrase I commonly hear is: “The first place to look for

possible fraud is in the parking lot." What does that mean? Is

an employee obviously living beyond his or her means? Is

someone suddenly driving a shiny new Corvette that typically

could not be afforded on his or her salary?


section 06


Be on the Lookout

Pay attention to the action of employees –

especially actions that don't make sense.

Additionally, be aware of employees that may

be experiencing personal financial difficulties.


Do your employees' spending habits make sense in relation to

their pay scale?

Do you have an employee who always makes an excuse for not

being able to take vacation time?

Do you have an employee who refuses to let anyone help with his

or her work?

Do you have an employee who is always making excuses?

These are just a few of the red flags to look for. My best advice is to

pay attention to what is going on.

section 06


Contact us To contact Cindy or AGH Employer Solutions:

Twitter:

@AGHCindy

LinkedIn:

Cindy McSwain

Twitter:

@AGHLC

LinkedIn:

AGH Employer Solutions

SlideShare:

AGHLC

If you want to

contact Cindy:

www.aghemployersolutions.com

316.267.7231

[email protected]

YouTube:

AGHLC



http://www.linkedin.com/in/cindymcswain

http://www.twitter.com/aghlc

https://www.linkedin.com/company/agh-employer-solutions

http://www.slideshare.net/AGHLC

http://www.aghemployersolutions.com/

mailto:[email protected]

https://www.youtube.com/channel/UC-oCBKKEp53ZVlW-1HCIjAQ


About the author:

Cindy McSwain leads AGH’s outsourcing

services group. Her team provides

payroll, accounting, funds disbursement,

controller, and other financial

outsourcing services to numerous clients

throughout the U.S. Prior to directing the

outsourcing group, McSwain served

AGH’s audit clients for 10 years, working

with a wide range of middle-market,

closely held and family-owned clients.

Her current clients cross many industry

sectors, including manufacturing,

distribution, restaurants, retailers,

medical and not-for-profit. She has

participated in numerous SEC filings,

public registrations and has experience

in mergers and acquisitions. McSwain is

a certified public accountant and a

member of both the American Institute

of Certified Public Accountants and the

Kansas Society of Certified Public

Accountants.