Trust, But Verify

by Phillip Schmidt
Hienold-Banwart, Ltd

Protect your business from occupational fraud.

Sooner or later, we all come to the acknowledgement that we live in an imperfect world. Watch the evening news for 15 minutes, and that realization immediately resurfaces. For instance, what comes to your mind when you read the following names: Enron, Bernie Madoff, City of Dixon? If you’re like me, you get an uncomfortable feeling in your stomach as you think about the massive fraud schemes that have hurt employees, investors and surrounding communities.

The risk of occupational fraud is a reality of which all business owners should be acutely aware. As defined in a report issued by the Association of Certified Fraud Examiners (ACFE), occupational fraud is “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.” Studies have shown that small businesses are particularly vulnerable to fraud.

Consider these findings from the ACFE’s 2012 Report to the Nations:

  • Survey participants estimated a typical organization loses five percent of revenues to fraud each year. 
  • The median loss caused by occupational fraud cases in the study was $140,000. 
  • The median period of time these fraud cases lasted before being detected was 18 months. 
  • The smallest organizations in this study suffered the largest median losses. 
  • Most occupational fraudsters (approximately 87 percent) are first-time offenders with clean employment histories.

How would you rank your level of awareness for potential occupational fraud in your organization? What are some steps you can take to prevent or detect fraud?

Answering these questions involves understanding the psychology of a fraudster. The “fraud triangle,” a concept developed by sociologist and criminologist Donald Cressey, aims to explain why “good, ordinary people” commit fraud. This model defines three elements that must be present at the same time for occupational fraud to occur: pressure, opportunity and rationalization. Let’s look at each of these elements individually and address what you can do to protect your organization.

Pressure. The first tenet of the fraud triangle represents an incentive or perceived need that motivates the person to commit fraud. Examples of common “pressures” that lead to fraud include varied addictions (drug, gambling, spending), excessive debt and the desired lifestyles.

Unfortunately, there are few ways an organization can prevent these pressures from occurring, but you can be aware of changes in the behaviors and habits of your employees and coworkers. The ACFE’s 2012 Report to the Nations found that in 81 percent of the fraud cases studied, the fraudster displayed behavioral red flags often associated with fraudulent conduct. The most common warning signs observed were: living beyond one’s means (36%), financial difficulties (27%), unusually close association with vendors or customers (19%) and excessive control issues (18%).

Opportunity. The second tenet of the fraud triangle, opportunity, is created when the fraudster identifies a weakness in internal controls and believes he or she won’t get caught. The individual may start embezzling small amounts of money. If this goes on undetected, the theft usually continues to grow larger.

Organizations have some control over this element through the implementation of a sound internal control system. Internal controls are essentially the checks and balances within an organization that are designed, among other things, to prevent and detect fraud, errors and misstatements in financial reporting. Although an optimal system of internal control cannot provide absolute safeguards against fraud, it can be an effective apparatus to reduce the risk of fraud.

“Segregation of duties” is a common, fundamental control which involves separating accounting and financial reporting responsibilities among multiple individuals so that no one person has overlapping accounting functions. For example, let’s say an accounts receivable specialist at a small manufacturing company is responsible for reconciling and managing the customer receivables listing. These duties are appropriate and compatible with the position. However, suppose this individual is also responsible for opening the mail, handling cash receipts and maintaining the general ledger. This scenario reflects a lack of proper segregation of duties, which, absent other internal controls, could provide an opportunity to embezzle customer payments and conceal fraud through inappropriate journal entries and manipulation of customer accounts.

You may be thinking “segregating duties sounds nice, but impractical for our limited office size.” It’s true that while segregating accounting duties is preferred, it may not be practical or possible for a small organization with limited office personnel. So what can you do? The ACFE’s 2012 Report to the Nations states: “Managers and owners of small businesses should focus their anti-fraud efforts on the most cost-effective control mechanisms, such as hotlines, employee education and setting a proper ethical tone within the organization.” In addition, increased management oversight and review can be an effective control.

Rationalization. The third tenet of the fraud triangle deals with that amazing ability of the human mind to make excuses and believe they are legitimate. An occupational fraudster doesn’t necessarily view himself or herself as a bad person, but instead as an ordinary person in unfavorable circumstances. The individual feels justified in his or her actions for any number of reasons—e.g. the organization can afford it, I will pay it back before anyone notices, I’m underpaid, I need to do this for my family, etc. Generally, as the employee continues to steal, it becomes easier to justify, and sometimes rationalization is no longer needed. Some criminals have even been known to convince themselves their actions are benefiting society.

I’m optimistic that I’ll never encounter occupational fraud, and I hope you never do either. However, prudence demands that business owners have a high “fraud IQ” and make every effort to implement an appropriate internal control environment. Often times the perpetrator is someone you’d never suspect. This isn’t to say we can’t trust our employees. If anything, it’s a reminder of those famous words from Ronald Reagan, “Trust, but verify.” iBi