We recently received a phone call from a financial controller for a relatively small company. He was looking for a forensic accountant and informed us that they had discovered what appeared to be a pattern of embezzlement by the former financial controller and his wife. The controller had called a local police detective who had begun an investigation and involved the county attorney. Once the county attorney became involved, he could see this investigation was beyond the expertise of the detective and recommended the company engage a forensic accountant to document and analyze the alleged fraud.
After some investigation, we found that the former controller and his wife had received payments beyond what was authorized. Besides excessive pay, they had incurred a significant amount of credit card charges that were unrelated to the business (ranging from boating trips and personal travel to sporting goods and home improvement). The losses amounted to more than $150,000, which was material to this company. While it is hopeful that criminal charges may lead to some return of the money through restitution, it is unlikely there will be a full recovery.
Attorneys and accountants may be asked for fraud prevention advice to help a company avoid the type of situation just described. Or, we may be asked to advise the client on the detection and remediation of a fraud that is believed to have already occurred. Clearly, the most cost-effective way to limit fraud losses is to prevent fraud from occurring in the first place.
Henry David Thoreau wrote, “There are a thousand hacking at the branches of evil to one who is striking at the root.” The root of the problem in fraud can be seen in the fraud triangle. For fraud to occur, three conditions are present: (1) an incentive or pressure, (2) rationalization, and (3) opportunity. While we can do certain things to minimize the personal pressures felt by employees, there is very little we can do to influence employee rationalization. However, what companies can do is minimize the opportunities for fraud, theft and other improper acts through implementing effective internal controls and monitoring.
In the example above, the controller was not only an authorized signer on the bank account but also controlled the checks, reconciled the bank accounts, accounted for the company’s transactions and maintained the financial records. His wife reviewed the credit card charges and expense reimbursements and maintained such files. In addition, there was little oversight by the majority owner or other employees who had little desire to understand the finances. It is quite clear that the opportunity for fraud was fully present and unrestricted, much like the fox guarding the chicken coop. Obviously there are size and cost limitations on implementing internal controls in small companies, but small changes at this company may have substantially reduced the losses sustained by minimizing the opportunity for fraud and theft.
In the 2014 Report to the Nations on Occupational Fraud and Abuse, published by the Association of Certified Fraud Examiners (ACFE), a fraud prevention checklist was provided. The report and checklist can be found on the ACFE website (http://www.acfe.com/rttn/docs/2014-report-to-nations.pdf). The checklist is designed to help organizations test the effectiveness of their fraud prevention measures. One of the more useful recommendations is the implementation of effective internal controls or anti-fraud controls. Effectively implemented and maintained internal controls are integral to a fraud prevention program within a company. A few of the ideas from the checklist, in summary form, are:
- Proper segregation of duties. An employee should not prepare checks, sign checks and reconcile the bank accounts, as occurred in the example above.
- Authorization and monitoring by owners.
- Physical safeguards including safeguarding of checks.
- Job rotations.
- Mandatory vacations.
If you are concerned about your client’s internal controls—or whether any are in place—consider recommending that your client consult with a CPA who has experience in fraud detection and prevention and implement effective controls. In addition, company owners should routinely monitor the activities of employees and owners as well as assess the effectiveness of their fraud prevention measures. As Ben Franklin said, “An ounce of prevention is worth a pound of cure.”