Preventing and Detecting Fraud in your Business – Segregation of Duties in Small Businesses
We all want to trust people. We especially want to trust the people that work for us and with us. This would be great if everyone was trustworthy or stayed trustworthy throughout their careers. However, some people, even employees with a high moral compass, given the right circumstances, will stray way off their compass and steal from their employers. The statistics show employees stealing from their companies, also called occupational fraud, is very likely the costliest and most common form of financial crime in the world. According to the Association of Certified Fraud Examiners (ACFE) Occupational Fraud 2022: A Report to the Nations, companies who reported internal fraud across the world lost more than $3.6 billion dollars due to occupational fraud. Certified Fraud Examiners estimate more than $4.7 trillion dollars lost to fraud globally, reported and unreported.
What do businesses do to protect themselves while still being required to entrust their employees with the company’s financial assets? Business owners tend to focus on the customer side and the strategic plans of their businesses. They hire employees to run the day-to-day operations of their business so they can focus on other important areas. Most of the time, the employees they hire do a tremendous job and the owners do not have to worry about those employees stealing from them. However, there are also a lot of employees who end up stealing from the business.
What causes employees to steal has been studied for many decades. Donald Cressey developed the Fraud Triangle theory in 1953 and modified it many times, most recently in 1970. The Fraud Triangle consists of three “elements” that need to be present for employees to commit fraud. They are opportunity, pressure, and rationalization. Opportunity exists because some employees have access to the company’s financial assets. In some businesses with poor or absent internal controls, employees who should not have access to financial assets do. Pressure is caused by various “life” factors, including excessive personal bills, addiction, company financial expectations, and lifestyle status. Rationalization is the one thing which will turn a high moral compass employee into an employee who will steal. This element has to do with an employee feeling underappreciated, disrespected or having perceived low compensation. An employee might feel the company is making so much money they will never miss it if they take it. And another example of rationalization is the employee feeling like they have to do something because of a personal financial debt where they don’t want to lose their house, vehicle, or spouse. They tell themselves this is the only solution to their problems.
While writing this article, I came across a study prepared by Wolfe and Hermonson in 2004 that argued there should be a fourth element and thus there should be a Fraud Diamond, not a triangle. They believed potential perpetrators of fraud must have the skills and ability to actually commit fraud. They called this fourth element Capability. Wolfe and Hermonson identified important observable traits related to individuals’ capacity to commit fraud. Those traits included having an authoritative position or function within the organization; intelligence to exploit the accounting and internal control systems; ego and confidence; and capability to effectively deal with stress. I haven’t heard many people using the Fraud Diamond terminology, but it is something you should pay attention to because not everybody who has the opportunity, pressure, and rationalization to commit fraud do so.
Employees who are determined to steal will. Unless there are good internal controls in place and the business owner has implemented processes to prevent and/or detect fraud, companies could lose a lot of money before fraud is even detected. I will explain how to better prevent and detect fraud. There are some simple things to do which do not cost a lot of money and there are some other things which might cost a lot of money and not be feasible for the smaller businesses. One good note is there are simple and inexpensive ways to deter and prevent fraud. Let’s get into the information which will hopefully deter your employees from participating in fraudulent activities and stealing your hard-earned money.
The first thing all business owners should implement are internal controls around their financial assets. Some of the more common internal controls are segregation of duties, a fraud hotline, training of employees, reviewing monthly bank reconciliations, setting up permissions to limit access to company financial data, review new customer setup and all outgoing payments, keep blank checks locked or eliminate use of checks altogether, perform a physical count of inventory or fixed assets, and require all financial employees take a vacation during the year. We will discuss some real-life examples in this article and will follow this article up with more ways to prevent and detect occupational fraud.
Segregation of duties is important so no one person is responsible for multiple duties which could perpetuate fraud. It is recommended to have three people on your financial team; one to approve transactions, one to make the payments, and one to record and reconcile. The first person should be the business owner. Hiring two additional financial employees such as a bookkeeper and controller could be very difficult for small businesses to afford. Collusion is when two or more employees engage in fraud. This is even more difficult to detect, but there are some things you can do to prevent and detect collusion.
A good example of lack of separation of duties is when a business has the same employee collects cash, records cash, deposits cash, and then performs the bank reconciliation. This could allow the employee to steal cash by not depositing cash and then covering up their theft with their other tasks. I once investigated an individual who was the Treasurer of a school support organization (SSO) who had poor internal controls. The SSO was from a small community and all board members knew each other. The Treasurer had full control over the SSO’s finances. The individual received cash from concession stand sales and other fundraising activities. The Treasurer would also deposit the cash and prepare the bank reconciliations. A new Board member started questioning the bank accounts and a forensic examination was conducted. It turned out the Treasurer had stolen over $20,000 over the last five years by skimming cash and never reporting the fundraising sales. The Treasurer was prosecuted locally and received a three-year prison sentence.
Another example which causes huge losses for businesses is when an employee is responsible for setting up new vendors, receiving vendor invoices, and paying vendors. Fictitious vendors could be set up by the employee and then paid for fictitious services. Unless the business owner knows his business and reviews all payments, this type of fraud could continue for a long time and cost the business a lot of money. A CFO from a Fortune 500 company was allowed to collude with their brother in another state to set up several offshore businesses and facilitate payments to those companies who did not perform any legitimate work for the business. The CFO was asked to conduct more business with foreign companies to receive government tax breaks. The CFO took this opportunity to have his brother working in another state create fraudulent foreign companies and submit invoices to the company. The CFO would pay these invoices and then inform his company how well they were doing securing new business with international companies. The CFO would deflect any questions regarding what these companies did and how he was able to generate so much additional business. After a year of paying over $1.2 million to the fraudulent offshore businesses, the company hired a new Controller who unraveled the fraud within months after not being able to get answers from the CFO. The CFO was fired, and multiple charges were filed with a government agency, including mail and wire fraud.
Another example which magnifies the need for segregation of duties is having the same employee set up new employees in the system, be responsible for approving timecards, and then processing payroll. Fictitious employees could be setup and paid through fraudulent paychecks. A way to minimize the potential for payroll fraud is to use an outside payroll service, but this could be cost prohibitive for some small businesses. A small business had the same bookkeeper for over twenty years and was entrusted with a lot of responsibilities. The owner was getting older and was not engaged in the business as much as they used to be. The bookkeeper was being paid a reasonable salary, but they felt they should be paid more, and they felt undervalued. At some point, the bookkeeper started creating fictitious employees and paying them monthly commissions. The bookkeeper was able to create three fraudulent employees and within a twelve-month period steal over $100,000 in commissions. The fraud was found out when the bank called the business owner regarding excessive payments being made into the same account. The owner hired a forensic accountant, the fraud was found, and the bookkeeper was prosecuted. The bookkeeper is awaiting sentencing for embezzlement and wire fraud. The bookkeeper was a close friend of the owner and was invited to many family activities with the owner and their spouse.
A common form of occupational fraud which has been limited in recent years with ACH and online bill pay is using checks to fraudulently pay yourself. My first forensic examination had to do with a bookkeeper in a car dealership who was writing checks to themselves for amounts between $500 and $7,500. The Bookkeeper was able to do this because the owner had entrusted the bookkeeper with full accounting responsibilities. The Bookkeeper has possession of the check stock, wrote the checks, signed the checks with a signature stamp, and reconciled the bank statements. When the forensic examination was completed, it was found the bookkeeper had stolen $990,000 over seven years. While conducting the examination, we went through all cancelled checks and made a record of the checks missing. Upon receipt of the missing cancelled checks from the bank, all the checks had been written to the bookkeeper. The bookkeeper was not charged due to the business owner not pressing charges.
These were just a few examples of how a lack of separation of duties can negatively affect your business. As a business owner, it is recommended you should review monthly bank reconciliations, review all payments, limit employee accessibility to financial data, perform a physical inventory once a year, keep blank checks locked up or eliminate the use of checks altogether, and require financial employees to take vacation during the year. We will discuss all this and more in future articles.
If you have any questions or suspect fraud in your business, please reach out to Joel Freund, at HHM Certified Public Accountants, 901-683-4234.