In combating fraud in the workplace, internal controls are the best defense. With strong policies and procedures in place, a business can reduce the risk of loss significantly by preventing schemes or detecting them in their early stages. Since perpetrators typically accelerate the frequency or dollar amount of individual fraudulent transactions, the dollar amount of losses, if not caught early, can quickly mount.
According to the Association of Certified Fraud Examiners’ 2018 global fraud study entitled “Report to the Nations,” the presence of anti-fraud internal controls significantly reduces the duration of fraud, which in turn reduces the amount of loss. In the study, specific anti-fraud controls reduced the fraud duration on average by 46 percent.
Understanding the Behavior
During the last economic downturn, when learning about my work as a fraud investigator, many people said, “You must be really busy right now,” implying that employees only steal during difficult economic times because of financial pressures. The truth is that workplace embezzlements and fraud occur in good times and bad. The one thing that does happen during economic downturns, however, is that employers tend to scrutinize expenses, financial results, or other anomalies with greater frequency, which means more theft scenarios are uncovered in bad times.
This leads to the question as to what makes employees steal from their employers. While financial pressure can be a root cause, there is a more powerful attribute: entitlement. This can come about from not getting a promotion, not getting a big enough raise or bonus, working excessive overtime, or not feeling appreciated by a boss. It can be a true grievance or a grievance believed by the employee only. Usually, this will result in a negative attitude and feeling of unfairness by the employee.
Another fact about fraudulent behavior is that after initiating one fraud or embezzlement transaction, the perpetrators often becomes addicted, not stopping until they are eventually caught. That is why recognizing red flags early on is so important. The previously mentioned “Report to the Nations” reported that 85 percent of fraud perpetrators displayed at least one behavioral red flag. Typically, policyholders do not recognize them. Here are the more common ones:
• Attitude of entitlement.
• Living beyond their means (usually includes expensive automobiles).
• Financial pressure.
• Divorce or other family problems.
• Gambling, drug, or other addictions.
Internal Controls
Insurance policy sections dealing with embezzlements typically have language that requires the policyholder to have “customary business controls,” or “customary internal accounting controls.” This language is vital because without some level of controls, businesses have elevated workplace fraud to a very high risk level and have left the door wide open for fraud and theft scenarios to occur.
You might ask, “If businesses typically have some level of internal controls, then why does so much fraud occur?” Answers to this question could include management override of existing controls; collusion among several employees; a lack of proper oversight or review; not paying attention to anomalies in the accounting data; and red flags not being recognized.
If there are two key internal accounting controls that a sizeable business should have but are often overlooked, the first would be that the accounts payable staff who enter invoices into the payable system for payments should be restricted from entering new vendors into the payable system or making changes to existing vendors information, such as changing the address. Second, when a check is generated, it should not be returned to the person who initiated the payment request.
In addition to these two accounting controls, there are many other processes that can reduce the risk of fraud for little, if any, costs to the policyholder. (Premium discounts are possibly an option that could incentivize policyholders to adopt them.) Some of these are:
• Maintenance of an anonymous telephone hotline. Studies show that it is very important that the hotline be anonymous, because otherwise employees will not use them. Using an outside company to monitor such calls helps reassure that the hotline is truly anonymous. A good practice is that the telephone number be posted on the company website in addition to the employee directory. Publicly traded companies in the U.S. are required to have a fraud hotline.
• Drug testing new hires.
• A zero-tolerance policy (and such policy is enforced) relative to employee theft. The policy should be stated in the employee manual.
• A background check for personal bankruptcy on new hires who will have access to cash or inventory; will process accounts payable; will have involvment with company credit cards; or those who prepare bank reconciliations.
• An accounts payable policy that requires a vendor to have a street address (no P.O. boxes only).
• An accounts payable policy that requires verification of a vendor’s change of address. Such a change must be received in hard copy only—no telephone calls, emails, or faxes.
• Security cameras at loading and receiving docks (this cost is likely more than minimal).
• Security cages for small, high-dollar parts or inventory with restricted access.
Additionally, high-risk areas needing specific anti-fraud controls are:
• Businesses activities that accept cash.
• Fleet maintenance departments, due to theft of high-dollar parts.
• Businesses with heavy procurement activities, such as grocery and other retail, which are susceptible to bribes and kickbacks to buyers.
Finally, it is recommended that carriers conduct live seminars or provide video or booklets to policyholders regarding workplace red flags and key internal controls in an effort to prevent or discover a fraud scenario in its early stages. Alternatively, a carrier could provide a hotline for questions or concerns with a representative or consultant providing guidance to assist in identifying if the issue could be embezzlement or fraud.
After a fraud discovery, many victims say, “Something didn’t seem right, but we just didn’t know what to do.” Now you do.