Seven sure-fire ways to catch a (corporate) thief
by Lisa A. Myers, CPA, CFE, MAFF, FCPA, CGMA
Kevin and Nicole both worked for the same small company. Their friendship grew over one devious bond: they both resented their boss’s wealth. After indulging their envy of his luxury cars and multi-million-dollar vacation home in Aspen, they decided the boss was rich enough. With Nicole working in payroll, they colluded to change their pay rates.
As a Certified Fraud Examiner (CFE), a credential awarded by the Association of Certified Fraud Examiners (ACFE), I’ve seen all too many instances of theft committed by trusted employees. And in virtually all cases, some simple accounting safeguards could have prevented what ended up being significant losses.
According to an ACFE survey that looked at cases between January 2010 and December 2011, organizations around the world lose an estimated five percent of annual revenues to fraud. The ACFE’s 2016 report found that the higher a perpetrator is in the organization, the bigger the losses. Additionally, most employee theft and fraud happen in closely-held corporations, because vigilant auditors are often already stationed in publicly traded companies.
Here are seven key takeaways to keep your company safe from fraud:
- Have strong oversight from an in-house controller or CFO. Look at internal controls. If you are in a closely held corporation, have an outside organization view internal controls. Ask for certain reports monthly or quarterly. Regular audits should be done, along with a forensic audit.
In the case of Kevin and Nicole, their company should have had a master file so auditors could compare actual personnel files against it for select employees. Most systems are automated, such as Peachtree or Quickbooks, and require a newly-generated report when a pay rate changes. Auditors discovered the scam had occurred over two years and netted the two around $50,000.
- Never leave an employee totally isolated, or 100 percent in control of payroll records and bank accounts. Separate responsibilities.
In one payroll scam, a woman who had been with the company for 18 years and worked on her own started giving herself double pay for vacations. After another employee saw a questionable check and became suspicious, auditors found that over 36 months the woman had stolen $150,000.
- At a minimum, check peak performance indicators in your industry and have reports and financial statements sent. A dealership, for example, may track monthly sales, monthly gross profits, and days in inventory, and scrutinize anything abnormal.
In the payroll scam example above, the seasonal nature of the company contributed to the woman’s ability to mask the money she was stealing. Payroll fluctuations were expected, so no one immediately asked, “What’s going on with the budget?”
- To avoid accounts payable fraud, periodically download check registers and capture vendor names, check numbers, and invoice amounts.
At one local company, a person in charge of accounts payable mistakenly cut two checks to a vendor. When she realized the error, she asked the company to send back the double payment. She then realized that no one had caught the overpayment, so she got her own P.O. box and a bank account under a name similar to her company’s, began issuing double payments on purpose and cashing the returned checks.
If the manager on the payables was downloading the check register, probably in Excel, or generating a report, with the vendor name, invoice number, and check amount, this scam would have come to light sooner.
- Look for red flags, such as someone living way above their means.
If you start hearing about lifestyles that seem tough to afford on a person’s salary, it’s worth doing some digging. The 18-year employee giving herself double-pay for vacations always drove a new luxury car, purchased a new RV and a new boat, and took 3 to 4 weeks of vacation a year.
- Let your employees know about the controls being implemented – if they know you’re looking, they are less likely to steal.
In one case, union employees inflated their overtime, saying they worked 12-plus hours a day, and padding their meal allotments, at $25 each, for years. Each stole $150,000.
Perhaps these employees and the others cited above would have thought twice had publicized, active fraud control measures been in place.
- Use the recommendations of an outside forensic firm as a report card. Every quarter, track progress on implementing changes. After that review, do one every three or four years, or more often if the team, the software or the processes are new.
In all these examples, a fresh pair of eyes helped see what was going on and how to fix it.
The median duration of most fraud is 18 months, so act quickly to find any bad apples in your company.
Lisa A. Myers, CPA, CFE, MAFF, FCPA, CGMA, is a principal at Boyer & Ritter, LLC and a member of the firm’s Forensic, Valuation and Litigation Support Services groups. She can be reached at 717-761-7210 or firstname.lastname@example.org | Check out our Fraud Prevention and Forensic Accounting service